dependabot-python 0.161.0 → 0.163.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/build +2 -2
  3. data/helpers/requirements.txt +2 -2
  4. data/lib/dependabot/python/file_parser/poetry_files_parser.rb +26 -16
  5. data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb +10 -1
  6. data/lib/dependabot/python/python_versions.rb +3 -3
  7. data/lib/dependabot/python/update_checker/poetry_version_resolver.rb +1 -0
  8. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: faab0455fa73aa94319a31d4c93c10c788f0eddcfe4a3e702e758e004b015f1b
4
- data.tar.gz: c2f2ad51b1cc5a365512216dc45db628e95ad8ead4d3cdc0c9884a3beccaf7a8
3
+ metadata.gz: 4ca2301a63085559040048f4b87095a14f827d892e35a4ef87f9ac9e93d3e171
4
+ data.tar.gz: 96d54efd2348152784d09df38034de6a31d32e4f51d7429eed75d6ffd2a6ad29
5
5
  SHA512:
6
- metadata.gz: 8b42f40ea6357727b6d3944eaef512f1db2917f9c0a1f6ee2dd95dd709cdfae0d141b7c9cfe35639c4b9f8c8e119f803df30d9a09677f8803014fd44ef22e4e7
7
- data.tar.gz: a31092cbcfeb2a7738e03a06a8c41570be349d2f9a3813e24988fb3dde766aacdef0242b4dab5ea5250504f01bf87da72771e49a043514d037d19ec21d5ca817
6
+ metadata.gz: 9eb41951468fd6fc20af2ea55d0964bf5495b73ef889a119b8748c96a015867546dc5c4a6d471d0035632bb443aeba161f74e7d6cc0f4d2babc4df8adcc5385f
7
+ data.tar.gz: 82920f19768839f1c92d8639df55903bb0d8de0b0b12af1f620c34262fcfb8f8878d1ef22d2b3f0684f2db64431e5a318b1291b6f54b87033ab2c73c89faba76
data/helpers/build CHANGED
@@ -16,9 +16,9 @@ cp -r \
16
16
  "$install_dir"
17
17
 
18
18
  cd "$install_dir"
19
- PYENV_VERSION=3.9.6 pyenv exec pip install -r "requirements.txt"
19
+ PYENV_VERSION=3.9.7 pyenv exec pip install -r "requirements.txt"
20
20
 
21
21
  # Workaround of https://github.com/python-poetry/poetry/issues/3010
22
22
  # By default poetry config file is stored under ~/.config/pypoetry
23
23
  # and is not bound to any specific Python version
24
- PYENV_VERSION=3.9.6 pyenv exec poetry config experimental.new-installer false
24
+ PYENV_VERSION=3.9.7 pyenv exec poetry config experimental.new-installer false
data/helpers/requirements.txt CHANGED
@@ -1,10 +1,10 @@
1
1
  pip==21.1.3
2
- pip-tools==6.2.0
2
+ pip-tools==6.3.0
3
3
  flake8==3.9.2
4
4
  hashin==0.15.0
5
5
  pipenv==2021.5.29
6
6
  pipfile==0.0.2
7
- poetry==1.1.7
7
+ poetry==1.1.11
8
8
  wheel==0.36.2
9
9
 
10
10
  # Some dependencies will only install if Cython is present
data/lib/dependabot/python/file_parser/poetry_files_parser.rb CHANGED
@@ -43,28 +43,38 @@ module Dependabot
43
43
 
44
44
  deps_hash.each do |name, req|
45
45
  next if normalise(name) == "python"
46
- next if req.is_a?(Hash) && UNSUPPORTED_DEPENDENCY_TYPES.any? { |t| req.key?(t) }
47
-
48
- check_requirements(req)
49
-
50
- dependencies <<
51
- Dependency.new(
52
- name: normalise(name),
53
- version: version_from_lockfile(name),
54
- requirements: [{
55
- requirement: req.is_a?(String) ? req : req["version"],
56
- file: pyproject.name,
57
- source: nil,
58
- groups: [type]
59
- }],
60
- package_manager: "pip"
61
- )
46
+
47
+ requirements = parse_requirements_from(req, type)
48
+ next if requirements.empty?
49
+
50
+ dependencies << Dependency.new(
51
+ name: normalise(name),
52
+ version: version_from_lockfile(name),
53
+ requirements: requirements,
54
+ package_manager: "pip"
55
+ )
62
56
  end
63
57
  end
64
58
 
65
59
  dependencies
66
60
  end
67
61
 
62
+ # @param req can be an Array, Hash or String that represents the constraints for a dependency
63
+ def parse_requirements_from(req, type)
64
+ [req].flatten.compact.map do |requirement|
65
+ next if requirement.is_a?(Hash) && (UNSUPPORTED_DEPENDENCY_TYPES & requirement.keys).any?
66
+
67
+ check_requirements(requirement)
68
+
69
+ {
70
+ requirement: requirement.is_a?(String) ? requirement : requirement["version"],
71
+ file: pyproject.name,
72
+ source: nil,
73
+ groups: [type]
74
+ }
75
+ end.compact
76
+ end
77
+
68
78
  # Create a DependencySet where each element has no requirement. Any
69
79
  # requirements will be added when combining the DependencySet with
70
80
  # other DependencySets.
data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb CHANGED
@@ -22,6 +22,7 @@ module Dependabot
22
22
  require_relative "setup_file_sanitizer"
23
23
 
24
24
  UNSAFE_PACKAGES = %w(setuptools distribute pip).freeze
25
+ INCOMPATIBLE_VERSIONS_REGEX = /There are incompatible versions in the resolved dependencies:.*\z/m.freeze
25
26
  WARNINGS = /\s*# WARNING:.*\Z/m.freeze
26
27
  UNSAFE_NOTE =
27
28
  /\s*# The following packages are considered to be unsafe.*\Z/m.freeze
@@ -154,12 +155,20 @@ module Dependabot
154
155
 
155
156
  return stdout if process.success?
156
157
 
158
+ handle_pip_errors(stdout, command, time_taken, process.to_s)
159
+ end
160
+
161
+ def handle_pip_errors(stdout, command, time_taken, exit_value)
162
+ if stdout.match?(INCOMPATIBLE_VERSIONS_REGEX)
163
+ raise DependencyFileNotResolvable, stdout.match(INCOMPATIBLE_VERSIONS_REGEX)
164
+ end
165
+
157
166
  raise SharedHelpers::HelperSubprocessFailed.new(
158
167
  message: stdout,
159
168
  error_context: {
160
169
  command: command,
161
170
  time_taken: time_taken,
162
- process_exit_value: process.to_s
171
+ process_exit_value: exit_value
163
172
  }
164
173
  )
165
174
  end
data/lib/dependabot/python/python_versions.rb CHANGED
@@ -4,14 +4,14 @@ module Dependabot
4
4
  module Python
5
5
  module PythonVersions
6
6
  PRE_INSTALLED_PYTHON_VERSIONS = %w(
7
- 3.9.6
7
+ 3.9.7
8
8
  ).freeze
9
9
 
10
10
  # Due to an OpenSSL issue we can only install the following versions in
11
11
  # the Dependabot container.
12
12
  SUPPORTED_VERSIONS = %w(
13
- 3.9.6 3.9.5 3.9.4 3.9.3 3.9.2 3.9.1 3.9.0
14
- 3.8.11 3.8.10 3.8.9 3.8.8 3.8.7 3.8.6 3.8.5 3.8.4 3.8.3 3.8.2 3.8.1 3.8.0
13
+ 3.9.7 3.9.6 3.9.5 3.9.4 3.9.2 3.9.1 3.9.0
14
+ 3.8.12 3.8.11 3.8.10 3.8.9 3.8.8 3.8.7 3.8.6 3.8.5 3.8.4 3.8.3 3.8.2 3.8.1 3.8.0
15
15
  3.7.11 3.7.10 3.7.9 3.7.8 3.7.7 3.7.6 3.7.5 3.7.4 3.7.3 3.7.2 3.7.1 3.7.0
16
16
  3.6.14 3.6.13 3.6.12 3.6.11 3.6.10 3.6.9 3.6.8 3.6.7 3.6.6 3.6.5 3.6.4 3.6.3
17
17
  3.6.2 3.6.1 3.6.0 3.5.10 3.5.8 3.5.7 3.5.6 3.5.5 3.5.4 3.5.3
data/lib/dependabot/python/update_checker/poetry_version_resolver.rb CHANGED
@@ -31,6 +31,7 @@ module Dependabot
31
31
  '\['git',
32
32
  \s+'clone',
33
33
  \s+'--recurse-submodules',
34
+ \s+'(--)?',
34
35
  \s+'(?<url>.+?)'.*
35
36
  \s+exit\s+status\s+128
36
37
  /mx.freeze
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.161.0
4
+ version: 0.163.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-09-01 00:00:00.000000000 Z
11
+ date: 2021-10-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.161.0
19
+ version: 0.163.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.161.0
26
+ version: 0.163.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement