dependabot-python 0.161.0 → 0.163.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/build +2 -2
  3. data/helpers/requirements.txt +2 -2
  4. data/lib/dependabot/python/file_parser/poetry_files_parser.rb +26 -16
  5. data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb +10 -1
  6. data/lib/dependabot/python/python_versions.rb +3 -3
  7. data/lib/dependabot/python/update_checker/poetry_version_resolver.rb +1 -0
  8. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: faab0455fa73aa94319a31d4c93c10c788f0eddcfe4a3e702e758e004b015f1b
4
- data.tar.gz: c2f2ad51b1cc5a365512216dc45db628e95ad8ead4d3cdc0c9884a3beccaf7a8
3
+ metadata.gz: 4ca2301a63085559040048f4b87095a14f827d892e35a4ef87f9ac9e93d3e171
4
+ data.tar.gz: 96d54efd2348152784d09df38034de6a31d32e4f51d7429eed75d6ffd2a6ad29
5
5
  SHA512:
6
- metadata.gz: 8b42f40ea6357727b6d3944eaef512f1db2917f9c0a1f6ee2dd95dd709cdfae0d141b7c9cfe35639c4b9f8c8e119f803df30d9a09677f8803014fd44ef22e4e7
7
- data.tar.gz: a31092cbcfeb2a7738e03a06a8c41570be349d2f9a3813e24988fb3dde766aacdef0242b4dab5ea5250504f01bf87da72771e49a043514d037d19ec21d5ca817
6
+ metadata.gz: 9eb41951468fd6fc20af2ea55d0964bf5495b73ef889a119b8748c96a015867546dc5c4a6d471d0035632bb443aeba161f74e7d6cc0f4d2babc4df8adcc5385f
7
+ data.tar.gz: 82920f19768839f1c92d8639df55903bb0d8de0b0b12af1f620c34262fcfb8f8878d1ef22d2b3f0684f2db64431e5a318b1291b6f54b87033ab2c73c89faba76
data/helpers/build CHANGED
@@ -16,9 +16,9 @@ cp -r \
16
16
  "$install_dir"
17
17
 
18
18
  cd "$install_dir"
19
- PYENV_VERSION=3.9.6 pyenv exec pip install -r "requirements.txt"
19
+ PYENV_VERSION=3.9.7 pyenv exec pip install -r "requirements.txt"
20
20
 
21
21
  # Workaround of https://github.com/python-poetry/poetry/issues/3010
22
22
  # By default poetry config file is stored under ~/.config/pypoetry
23
23
  # and is not bound to any specific Python version
24
- PYENV_VERSION=3.9.6 pyenv exec poetry config experimental.new-installer false
24
+ PYENV_VERSION=3.9.7 pyenv exec poetry config experimental.new-installer false
data/helpers/requirements.txt CHANGED
@@ -1,10 +1,10 @@
1
1
  pip==21.1.3
2
- pip-tools==6.2.0
2
+ pip-tools==6.3.0
3
3
  flake8==3.9.2
4
4
  hashin==0.15.0
5
5
  pipenv==2021.5.29
6
6
  pipfile==0.0.2
7
- poetry==1.1.7
7
+ poetry==1.1.11
8
8
  wheel==0.36.2
9
9
 
10
10
  # Some dependencies will only install if Cython is present
data/lib/dependabot/python/file_parser/poetry_files_parser.rb CHANGED
@@ -43,28 +43,38 @@ module Dependabot
43
43
 
44
44
  deps_hash.each do |name, req|
45
45
  next if normalise(name) == "python"
46
- next if req.is_a?(Hash) && UNSUPPORTED_DEPENDENCY_TYPES.any? { |t| req.key?(t) }
47
-
48
- check_requirements(req)
49
-
50
- dependencies <<
51
- Dependency.new(
52
- name: normalise(name),
53
- version: version_from_lockfile(name),
54
- requirements: [{
55
- requirement: req.is_a?(String) ? req : req["version"],
56
- file: pyproject.name,
57
- source: nil,
58
- groups: [type]
59
- }],
60
- package_manager: "pip"
61
- )
46
+
47
+ requirements = parse_requirements_from(req, type)
48
+ next if requirements.empty?
49
+
50
+ dependencies << Dependency.new(
51
+ name: normalise(name),
52
+ version: version_from_lockfile(name),
53
+ requirements: requirements,
54
+ package_manager: "pip"
55
+ )
62
56
  end
63
57
  end
64
58
 
65
59
  dependencies
66
60
  end
67
61
 
62
+ # @param req can be an Array, Hash or String that represents the constraints for a dependency
63
+ def parse_requirements_from(req, type)
64
+ [req].flatten.compact.map do |requirement|
65
+ next if requirement.is_a?(Hash) && (UNSUPPORTED_DEPENDENCY_TYPES & requirement.keys).any?
66
+
67
+ check_requirements(requirement)
68
+
69
+ {
70
+ requirement: requirement.is_a?(String) ? requirement : requirement["version"],
71
+ file: pyproject.name,
72
+ source: nil,
73
+ groups: [type]
74
+ }
75
+ end.compact
76
+ end
77
+
68
78
  # Create a DependencySet where each element has no requirement. Any
69
79
  # requirements will be added when combining the DependencySet with
70
80
  # other DependencySets.
data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb CHANGED
@@ -22,6 +22,7 @@ module Dependabot
22
22
  require_relative "setup_file_sanitizer"
23
23
 
24
24
  UNSAFE_PACKAGES = %w(setuptools distribute pip).freeze
25
+ INCOMPATIBLE_VERSIONS_REGEX = /There are incompatible versions in the resolved dependencies:.*\z/m.freeze
25
26
  WARNINGS = /\s*# WARNING:.*\Z/m.freeze
26
27
  UNSAFE_NOTE =
27
28
  /\s*# The following packages are considered to be unsafe.*\Z/m.freeze
@@ -154,12 +155,20 @@ module Dependabot
154
155
 
155
156
  return stdout if process.success?
156
157
 
158
+ handle_pip_errors(stdout, command, time_taken, process.to_s)
159
+ end
160
+
161
+ def handle_pip_errors(stdout, command, time_taken, exit_value)
162
+ if stdout.match?(INCOMPATIBLE_VERSIONS_REGEX)
163
+ raise DependencyFileNotResolvable, stdout.match(INCOMPATIBLE_VERSIONS_REGEX)
164
+ end
165
+
157
166
  raise SharedHelpers::HelperSubprocessFailed.new(
158
167
  message: stdout,
159
168
  error_context: {
160
169
  command: command,
161
170
  time_taken: time_taken,
162
- process_exit_value: process.to_s
171
+ process_exit_value: exit_value
163
172
  }
164
173
  )
165
174
  end
data/lib/dependabot/python/python_versions.rb CHANGED
@@ -4,14 +4,14 @@ module Dependabot
4
4
  module Python
5
5
  module PythonVersions
6
6
  PRE_INSTALLED_PYTHON_VERSIONS = %w(
7
- 3.9.6
7
+ 3.9.7
8
8
  ).freeze
9
9
 
10
10
  # Due to an OpenSSL issue we can only install the following versions in
11
11
  # the Dependabot container.
12
12
  SUPPORTED_VERSIONS = %w(
13
- 3.9.6 3.9.5 3.9.4 3.9.3 3.9.2 3.9.1 3.9.0
14
- 3.8.11 3.8.10 3.8.9 3.8.8 3.8.7 3.8.6 3.8.5 3.8.4 3.8.3 3.8.2 3.8.1 3.8.0
13
+ 3.9.7 3.9.6 3.9.5 3.9.4 3.9.2 3.9.1 3.9.0
14
+ 3.8.12 3.8.11 3.8.10 3.8.9 3.8.8 3.8.7 3.8.6 3.8.5 3.8.4 3.8.3 3.8.2 3.8.1 3.8.0
15
15
  3.7.11 3.7.10 3.7.9 3.7.8 3.7.7 3.7.6 3.7.5 3.7.4 3.7.3 3.7.2 3.7.1 3.7.0
16
16
  3.6.14 3.6.13 3.6.12 3.6.11 3.6.10 3.6.9 3.6.8 3.6.7 3.6.6 3.6.5 3.6.4 3.6.3
17
17
  3.6.2 3.6.1 3.6.0 3.5.10 3.5.8 3.5.7 3.5.6 3.5.5 3.5.4 3.5.3
data/lib/dependabot/python/update_checker/poetry_version_resolver.rb CHANGED
@@ -31,6 +31,7 @@ module Dependabot
31
31
  '\['git',
32
32
  \s+'clone',
33
33
  \s+'--recurse-submodules',
34
+ \s+'(--)?',
34
35
  \s+'(?<url>.+?)'.*
35
36
  \s+exit\s+status\s+128
36
37
  /mx.freeze
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.161.0
4
+ version: 0.163.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-09-01 00:00:00.000000000 Z
11
+ date: 2021-10-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.161.0
19
+ version: 0.163.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.161.0
26
+ version: 0.163.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement