dependabot-python 0.160.1 → 0.162.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 86f2e58e9bf7751e4673bfc931ad5591ad3dcb2cc4d4e5fe5b547efd1b9438d3
-  data.tar.gz: 5b3c167c04c5bbfecfe8d98e9b768822301244c51e84755627f6254a15bb2866
+  metadata.gz: f7a8a73bad94e518ab25f5b33ddaedcc5790740591e3d85892c2cef38dba0e39
+  data.tar.gz: 16bfc1bbc074f2a8c5cfa3045d4b07966de1b95eae35e3ce106c536066754202
 SHA512:
-  metadata.gz: c2dca4c0149952fa6a4048247fa5b30324dde628fca2f2de59bcae2355bb57a81bd5ef691351f2a92d9ff1695825ac09299114682dbfe21a163163eafb49eae3
-  data.tar.gz: 540917e0c6ff692670db6cdce86ef2688e436b9e3c941c30e56eebb1469e59be5559fa8910b24f21f193f57c5f10eea842f60f4b0b111108f317fbbf03877a9b
+  metadata.gz: f724ce26213eab2613293f621a47e1bcfe52d58ea704590a45a4dc95c71fea50c40bd18c1486dd5d5fe1d8e9144a549ae2885a9f0ad45d6fff313e9721a25846
+  data.tar.gz: 6ddd9107cd7c2fcb03377df4c15625db695fa93d70d7c9fe969cbbc9c22c606bab55be394773a0cc1852f3fb3107d5093a1c943b8147f9280122b60e1f1c07ed

data/helpers/build

@@ -16,9 +16,9 @@ cp -r \
   "$install_dir"
 
 cd "$install_dir"
-PYENV_VERSION=3.9.6  pyenv exec pip install -r "requirements.txt"
+PYENV_VERSION=3.9.7  pyenv exec pip install -r "requirements.txt"
 
 # Workaround of https://github.com/python-poetry/poetry/issues/3010
 # By default poetry config file is stored under ~/.config/pypoetry
 # and is not bound to any specific Python version
-PYENV_VERSION=3.9.6 pyenv exec poetry config experimental.new-installer false
+PYENV_VERSION=3.9.7 pyenv exec poetry config experimental.new-installer false

data/lib/dependabot/python/file_parser/poetry_files_parser.rb

@@ -43,28 +43,38 @@ module Dependabot
 
             deps_hash.each do |name, req|
               next if normalise(name) == "python"
-              next if req.is_a?(Hash) && UNSUPPORTED_DEPENDENCY_TYPES.any? { |t| req.key?(t) }
-
-              check_requirements(req)
-
-              dependencies <<
-                Dependency.new(
-                  name: normalise(name),
-                  version: version_from_lockfile(name),
-                  requirements: [{
-                    requirement: req.is_a?(String) ? req : req["version"],
-                    file: pyproject.name,
-                    source: nil,
-                    groups: [type]
-                  }],
-                  package_manager: "pip"
-                )
+
+              requirements = parse_requirements_from(req, type)
+              next if requirements.empty?
+
+              dependencies << Dependency.new(
+                name: normalise(name),
+                version: version_from_lockfile(name),
+                requirements: requirements,
+                package_manager: "pip"
+              )
             end
           end
 
           dependencies
         end
 
+        # @param req can be an Array, Hash or String that represents the constraints for a dependency
+        def parse_requirements_from(req, type)
+          [req].flatten.compact.map do |requirement|
+            next if requirement.is_a?(Hash) && (UNSUPPORTED_DEPENDENCY_TYPES & requirement.keys).any?
+
+            check_requirements(requirement)
+
+            {
+              requirement: requirement.is_a?(String) ? requirement : requirement["version"],
+              file: pyproject.name,
+              source: nil,
+              groups: [type]
+            }
+          end.compact
+        end
+
         # Create a DependencySet where each element has no requirement. Any
         # requirements will be added when combining the DependencySet with
         # other DependencySets.

data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb

@@ -22,6 +22,7 @@ module Dependabot
         require_relative "setup_file_sanitizer"
 
         UNSAFE_PACKAGES = %w(setuptools distribute pip).freeze
+        INCOMPATIBLE_VERSIONS_REGEX = /There are incompatible versions in the resolved dependencies:.*\z/m.freeze
         WARNINGS = /\s*# WARNING:.*\Z/m.freeze
         UNSAFE_NOTE =
           /\s*# The following packages are considered to be unsafe.*\Z/m.freeze
@@ -154,12 +155,20 @@ module Dependabot
 
           return stdout if process.success?
 
+          handle_pip_errors(stdout, command, time_taken, process.to_s)
+        end
+
+        def handle_pip_errors(stdout, command, time_taken, exit_value)
+          if stdout.match?(INCOMPATIBLE_VERSIONS_REGEX)
+            raise DependencyFileNotResolvable, stdout.match(INCOMPATIBLE_VERSIONS_REGEX)
+          end
+
           raise SharedHelpers::HelperSubprocessFailed.new(
             message: stdout,
             error_context: {
               command: command,
               time_taken: time_taken,
-              process_exit_value: process.to_s
+              process_exit_value: exit_value
             }
           )
         end

data/lib/dependabot/python/python_versions.rb

@@ -4,14 +4,14 @@ module Dependabot
   module Python
     module PythonVersions
       PRE_INSTALLED_PYTHON_VERSIONS = %w(
-        3.9.6
+        3.9.7
       ).freeze
 
       # Due to an OpenSSL issue we can only install the following versions in
       # the Dependabot container.
       SUPPORTED_VERSIONS = %w(
-        3.9.6 3.9.5 3.9.4 3.9.3 3.9.2 3.9.1 3.9.0
-        3.8.11 3.8.10 3.8.9 3.8.8 3.8.7 3.8.6 3.8.5 3.8.4 3.8.3 3.8.2 3.8.1 3.8.0
+        3.9.7 3.9.6 3.9.5 3.9.4 3.9.2 3.9.1 3.9.0
+        3.8.12 3.8.11 3.8.10 3.8.9 3.8.8 3.8.7 3.8.6 3.8.5 3.8.4 3.8.3 3.8.2 3.8.1 3.8.0
         3.7.11 3.7.10 3.7.9 3.7.8 3.7.7 3.7.6 3.7.5 3.7.4 3.7.3 3.7.2 3.7.1 3.7.0
         3.6.14 3.6.13 3.6.12 3.6.11 3.6.10 3.6.9 3.6.8 3.6.7 3.6.6 3.6.5 3.6.4 3.6.3
         3.6.2 3.6.1 3.6.0 3.5.10 3.5.8 3.5.7 3.5.6 3.5.5 3.5.4 3.5.3

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-python
 version: !ruby/object:Gem::Version
-  version: 0.160.1
+  version: 0.162.2
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-08-26 00:00:00.000000000 Z
+date: 2021-09-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.160.1
+        version: 0.162.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.160.1
+        version: 0.162.2
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement