dependabot-python 0.196.3 → 0.198.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 941d0fac4b28e5144d4688da00937ed04fbcdfb1c113116e178a51c831b92fde
|
|
4
|
+
data.tar.gz: 89bbc2f136b6e5170628f689e355b0aa4411f90d92c1e3a2815ed5a04687f1e9
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9c5b8816596b35eb024f80c57bf9d96a66c59da8635835ac04d6acf6d30559be3b5c6510cb670bbe0c2196b56988ee2e1b9d1fd6a496970cc90aff1ef471555e
|
|
7
|
+
data.tar.gz: 568c28e3ff03fb48da4ae6799200021abe050dd7d28c163833ce879da00f95a55cd813a4516b0ee4a1976d0fc156220408d2efece7771c52b177d97378512654
|
|
@@ -32,6 +32,8 @@ module Dependabot
|
|
|
32
32
|
"pip._internal.exceptions.InstallationSubprocessError: Command errored out with exit status 1:"
|
|
33
33
|
# See https://packaging.python.org/en/latest/tutorials/packaging-projects/#configuring-metadata
|
|
34
34
|
PYTHON_PACKAGE_NAME_REGEX = /[A-Za-z0-9_\-]+/.freeze
|
|
35
|
+
RESOLUTION_IMPOSSIBLE_ERROR = "ResolutionImpossible"
|
|
36
|
+
ERROR_REGEX = /(?<=ERROR\:\W).*$/.freeze
|
|
35
37
|
|
|
36
38
|
attr_reader :dependency, :dependency_files, :credentials
|
|
37
39
|
|
|
@@ -76,16 +78,13 @@ module Dependabot
|
|
|
76
78
|
# Shell out to pip-compile.
|
|
77
79
|
# This is slow, as pip-compile needs to do installs.
|
|
78
80
|
run_pip_compile_command(
|
|
79
|
-
"pyenv exec pip-compile
|
|
80
|
-
"#{pip_compile_options(filename)} -P #{dependency.name} "\
|
|
81
|
-
"#{filename}"
|
|
81
|
+
"pyenv exec pip-compile -v #{pip_compile_options(filename)} -P #{dependency.name} #{filename}"
|
|
82
82
|
)
|
|
83
83
|
# Run pip-compile a second time, without an update argument,
|
|
84
84
|
# to ensure it handles markers correctly
|
|
85
85
|
write_original_manifest_files unless dependency.top_level?
|
|
86
86
|
run_pip_compile_command(
|
|
87
|
-
"pyenv exec pip-compile
|
|
88
|
-
"#{pip_compile_options(filename)} #{filename}"
|
|
87
|
+
"pyenv exec pip-compile #{pip_compile_options(filename)} #{filename}"
|
|
89
88
|
)
|
|
90
89
|
end
|
|
91
90
|
|
|
@@ -114,7 +113,7 @@ module Dependabot
|
|
|
114
113
|
# rubocop:disable Metrics/AbcSize
|
|
115
114
|
# rubocop:disable Metrics/PerceivedComplexity
|
|
116
115
|
def handle_pip_compile_errors(error)
|
|
117
|
-
if error.message.include?(
|
|
116
|
+
if error.message.include?(RESOLUTION_IMPOSSIBLE_ERROR)
|
|
118
117
|
check_original_requirements_resolvable
|
|
119
118
|
# If the original requirements are resolvable but we get an
|
|
120
119
|
# incompatibility error after unlocking then it's likely to be
|
|
@@ -138,7 +137,7 @@ module Dependabot
|
|
|
138
137
|
return
|
|
139
138
|
end
|
|
140
139
|
|
|
141
|
-
if error.message.include?(
|
|
140
|
+
if error.message.include?(RESOLUTION_IMPOSSIBLE_ERROR) &&
|
|
142
141
|
!error.message.match?(/#{Regexp.quote(dependency.name)}/i)
|
|
143
142
|
# Sometimes pip-tools gets confused and can't work around
|
|
144
143
|
# sub-dependency incompatibilities. Ignore those cases.
|
|
@@ -179,7 +178,7 @@ module Dependabot
|
|
|
179
178
|
|
|
180
179
|
filenames_to_compile.each do |filename|
|
|
181
180
|
run_pip_compile_command(
|
|
182
|
-
"pyenv exec pip-compile #{pip_compile_options(filename)}
|
|
181
|
+
"pyenv exec pip-compile #{pip_compile_options(filename)} #{filename}"
|
|
183
182
|
)
|
|
184
183
|
end
|
|
185
184
|
|
|
@@ -188,7 +187,7 @@ module Dependabot
|
|
|
188
187
|
# Pick the error message that includes resolvability errors, this might be the cause from
|
|
189
188
|
# handle_pip_compile_errors (it's unclear if we should always pick the cause here)
|
|
190
189
|
error_message = [e.message, e.cause&.message].compact.find do |msg|
|
|
191
|
-
|
|
190
|
+
msg.include?(RESOLUTION_IMPOSSIBLE_ERROR)
|
|
192
191
|
end
|
|
193
192
|
|
|
194
193
|
cleaned_message = clean_error_message(error_message || "")
|
|
@@ -220,6 +219,7 @@ module Dependabot
|
|
|
220
219
|
def pip_compile_options(filename)
|
|
221
220
|
options = @build_isolation ? ["--build-isolation"] : ["--no-build-isolation"]
|
|
222
221
|
options += pip_compile_index_options
|
|
222
|
+
options += ["--resolver backtracking", "--allow-unsafe"]
|
|
223
223
|
|
|
224
224
|
if (requirements_file = compiled_file_for_filename(filename))
|
|
225
225
|
options << "--output-file=#{requirements_file.name}"
|
|
@@ -353,25 +353,8 @@ module Dependabot
|
|
|
353
353
|
NameNormaliser.normalise(name)
|
|
354
354
|
end
|
|
355
355
|
|
|
356
|
-
VERBOSE_ERROR_OUTPUT_LINES = [
|
|
357
|
-
"Traceback",
|
|
358
|
-
"Using indexes:",
|
|
359
|
-
"Current constraints:",
|
|
360
|
-
"Finding the best candidates:",
|
|
361
|
-
"Finding secondary dependencies:",
|
|
362
|
-
"\n",
|
|
363
|
-
" "
|
|
364
|
-
].freeze
|
|
365
|
-
|
|
366
356
|
def clean_error_message(message)
|
|
367
|
-
|
|
368
|
-
msg = msg_lines.
|
|
369
|
-
take_while { |l| !l.start_with?("During handling of") }.
|
|
370
|
-
drop_while { |l| l.start_with?(*VERBOSE_ERROR_OUTPUT_LINES) }.
|
|
371
|
-
join.strip
|
|
372
|
-
|
|
373
|
-
# Redact any URLs, as they may include credentials
|
|
374
|
-
msg.gsub(/http.*?(?=\s)/, "<redacted>")
|
|
357
|
+
message.scan(ERROR_REGEX).last
|
|
375
358
|
end
|
|
376
359
|
|
|
377
360
|
def filenames_to_compile
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-python
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.198.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-07-
|
|
11
|
+
date: 2022-07-15 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.198.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.198.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debase
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|