dependabot-python 0.166.0 → 0.169.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2c641524dd484051979d144da8b7a784ea79a682832c26d454b98f1ff281047a
-  data.tar.gz: 5758c66e92a3c4446a7375882034afa49eab906afe39fe6fc58e822f50a33c83
+  metadata.gz: fd3300c3e902c851404f800007215343e308501440fd0fe47cf01d10d8377157
+  data.tar.gz: e5da25f1e44e6be09e3738c235a664641f99c057cedde46a8e3535d5d770b512
 SHA512:
-  metadata.gz: cd2804262c91942bfb3558eff9bd3551df3106b5a1f9ba839b45fedfecded10c047751adfa34721310af5a3d8d9df6015d29efff346d2e43173e7465520fb153
-  data.tar.gz: 7c3498729ca0f5b2d49753b90bbfff65da6cb25b1cc23c09f150575b823333c5537ea7e2d04ff090b8ab9f301be25df965c44a2125465915fea87fc2265679cf
+  metadata.gz: cea3ee7b51609f9e4a045e7355fa4269201f3a1f4faa7aa35a420478ab5236c389147b316d3dde5620d685a2f472ccabf0bde24e4ecb93c1d56a6c76ccb09dd9
+  data.tar.gz: be9f3ba2d5c70df776b5e473d2836f52ca2353d4dc3edcad22adfd2d2b50086963049cee3a533b68598bfb22d14c86778fa11307da5404f994a78fa256d51a3c

data/helpers/requirements.txt

@@ -1,8 +1,8 @@
-pip==21.2.4
+pip==21.3.1
 pip-tools==6.4.0
 flake8==4.0.1
 hashin==0.15.0
-pipenv==2021.5.29
+pipenv==2021.11.15
 pipfile==0.0.2
 poetry==1.1.11
 wheel==0.37.0

data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb

@@ -430,6 +430,9 @@ module Dependabot
           options << "--no-header" unless requirements_file.content.include?("autogenerated by pip-c")
 
           options << "--pre" if requirements_file.content.include?("--pre")
+
+          options << "--strip-extras" if requirements_file.content.include?("--strip-extras")
+
           options
         end
 

data/lib/dependabot/python/file_updater/pyproject_preparer.rb

@@ -54,7 +54,7 @@ module Dependabot
 
               next unless (locked_version = locked_details&.fetch("version"))
 
-              next if locked_details&.dig("source", "type") == "directory"
+              next if %w(directory file url).include?(locked_details&.dig("source", "type"))
 
               if locked_details&.dig("source", "type") == "git"
                 poetry_object[key][dep_name] = {

data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb

@@ -25,7 +25,7 @@ module Dependabot
       # rubocop:disable Metrics/ClassLength
       class PipCompileVersionResolver
         GIT_DEPENDENCY_UNREACHABLE_REGEX =
-          /git clone -q (?<url>[^\s]+).* /.freeze
+          /git clone --filter=blob:none -q (?<url>[^\s]+).* /.freeze
         GIT_REFERENCE_NOT_FOUND_REGEX =
           /egg=(?<name>\S+).*.*WARNING: Did not find branch or tag \'(?<tag>[^\n"]+)\'/m.freeze
         NATIVE_COMPILATION_ERROR =

data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb

@@ -40,7 +40,9 @@ module Dependabot
         PIPENV_INSTALLATION_ERROR_REGEX =
           /#{Regexp.quote(TRACEBACK)}[\s\S]*^\s+import\s(?<name>.+)[\s\S]*^#{Regexp.quote(PIPENV_INSTALLATION_ERROR)}/.
           freeze
-        UNSUPPORTED_DEP_REGEX = /(?:pyobjc)[\s\S]*#{Regexp.quote(PIPENV_INSTALLATION_ERROR)}/.freeze
+        UNSUPPORTED_DEPS = %w(pyobjc).freeze
+        UNSUPPORTED_DEP_REGEX =
+          /Could not find a version that satisfies the requirement.*(?:#{UNSUPPORTED_DEPS.join("|")})/.freeze
         PIPENV_RANGE_WARNING = /Warning:\sPython\s[<>].* was not found/.freeze
 
         attr_reader :dependency, :dependency_files, :credentials
@@ -62,11 +64,7 @@ module Dependabot
           @resolvable ||= {}
           return @resolvable[version] if @resolvable.key?(version)
 
-          @resolvable[version] = if fetch_latest_resolvable_version_string(requirement: "==#{version}")
-                                   true
-                                 else
-                                   false
-                                 end
+          @resolvable[version] = !!fetch_latest_resolvable_version_string(requirement: "==#{version}")
         end
 
         private
@@ -155,7 +153,9 @@ module Dependabot
             raise DependencyFileNotResolvable, msg
           end
 
-          check_original_requirements_resolvable if error.message.include?("Could not find a version")
+          if error.message.include?("Could not find a version") || error.message.include?("ResolutionFailure")
+            check_original_requirements_resolvable
+          end
 
           if error.message.include?("SyntaxError: invalid syntax")
             raise DependencyFileNotResolvable,
@@ -220,7 +220,8 @@ module Dependabot
         end
 
         def handle_pipenv_errors_resolving_original_reqs(error)
-          if error.message.include?("Could not find a version")
+          if error.message.include?("Could not find a version") ||
+             error.message.include?("package versions have conflicting dependencies")
             msg = clean_error_message(error.message)
             msg.gsub!(/\s+\(from .*$/, "")
             raise if msg.empty?

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-python
 version: !ruby/object:Gem::Version
-  version: 0.166.0
+  version: 0.169.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-11-11 00:00:00.000000000 Z
+date: 2021-11-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.166.0
+        version: 0.169.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.166.0
+        version: 0.169.0
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement