dependabot-python 0.196.4 → 0.197.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 942b633bb536e1db742099aa6198a1c571779afd43178cc89de793de61c368f1
|
|
4
|
+
data.tar.gz: f76a1116d377f0f664bbac363669e135057a13ab3e17c9754647ce7914ecf981
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6fdac7a0ef17c8888b28f041c29bf7caf6036e3065ff37a5b9ffbc255d16e5b59ea84919200317116696dad382477c177abc9f4e010997b02945a48070699154
|
|
7
|
+
data.tar.gz: a1efbee21bd62eef7fbc4c426f9e782df083f032df9c8a6c125a176e82e63046bc9891283fb205f96345d84e876f2ce6ca39e1eb73d3d7af6efc86d8feab0607
|
|
@@ -32,6 +32,8 @@ module Dependabot
|
|
|
32
32
|
"pip._internal.exceptions.InstallationSubprocessError: Command errored out with exit status 1:"
|
|
33
33
|
# See https://packaging.python.org/en/latest/tutorials/packaging-projects/#configuring-metadata
|
|
34
34
|
PYTHON_PACKAGE_NAME_REGEX = /[A-Za-z0-9_\-]+/.freeze
|
|
35
|
+
RESOLUTION_IMPOSSIBLE_ERROR = "ResolutionImpossible"
|
|
36
|
+
ERROR_REGEX = /(?<=ERROR\:\W).*$/.freeze
|
|
35
37
|
|
|
36
38
|
attr_reader :dependency, :dependency_files, :credentials
|
|
37
39
|
|
|
@@ -76,16 +78,13 @@ module Dependabot
|
|
|
76
78
|
# Shell out to pip-compile.
|
|
77
79
|
# This is slow, as pip-compile needs to do installs.
|
|
78
80
|
run_pip_compile_command(
|
|
79
|
-
"pyenv exec pip-compile
|
|
80
|
-
"#{pip_compile_options(filename)} -P #{dependency.name} "\
|
|
81
|
-
"#{filename}"
|
|
81
|
+
"pyenv exec pip-compile -v #{pip_compile_options(filename)} -P #{dependency.name} #{filename}"
|
|
82
82
|
)
|
|
83
83
|
# Run pip-compile a second time, without an update argument,
|
|
84
84
|
# to ensure it handles markers correctly
|
|
85
85
|
write_original_manifest_files unless dependency.top_level?
|
|
86
86
|
run_pip_compile_command(
|
|
87
|
-
"pyenv exec pip-compile
|
|
88
|
-
"#{pip_compile_options(filename)} #{filename}"
|
|
87
|
+
"pyenv exec pip-compile #{pip_compile_options(filename)} #{filename}"
|
|
89
88
|
)
|
|
90
89
|
end
|
|
91
90
|
|
|
@@ -114,7 +113,7 @@ module Dependabot
|
|
|
114
113
|
# rubocop:disable Metrics/AbcSize
|
|
115
114
|
# rubocop:disable Metrics/PerceivedComplexity
|
|
116
115
|
def handle_pip_compile_errors(error)
|
|
117
|
-
if error.message.include?(
|
|
116
|
+
if error.message.include?(RESOLUTION_IMPOSSIBLE_ERROR)
|
|
118
117
|
check_original_requirements_resolvable
|
|
119
118
|
# If the original requirements are resolvable but we get an
|
|
120
119
|
# incompatibility error after unlocking then it's likely to be
|
|
@@ -138,7 +137,7 @@ module Dependabot
|
|
|
138
137
|
return
|
|
139
138
|
end
|
|
140
139
|
|
|
141
|
-
if error.message.include?(
|
|
140
|
+
if error.message.include?(RESOLUTION_IMPOSSIBLE_ERROR) &&
|
|
142
141
|
!error.message.match?(/#{Regexp.quote(dependency.name)}/i)
|
|
143
142
|
# Sometimes pip-tools gets confused and can't work around
|
|
144
143
|
# sub-dependency incompatibilities. Ignore those cases.
|
|
@@ -179,7 +178,7 @@ module Dependabot
|
|
|
179
178
|
|
|
180
179
|
filenames_to_compile.each do |filename|
|
|
181
180
|
run_pip_compile_command(
|
|
182
|
-
"pyenv exec pip-compile #{pip_compile_options(filename)}
|
|
181
|
+
"pyenv exec pip-compile #{pip_compile_options(filename)} #{filename}"
|
|
183
182
|
)
|
|
184
183
|
end
|
|
185
184
|
|
|
@@ -188,7 +187,7 @@ module Dependabot
|
|
|
188
187
|
# Pick the error message that includes resolvability errors, this might be the cause from
|
|
189
188
|
# handle_pip_compile_errors (it's unclear if we should always pick the cause here)
|
|
190
189
|
error_message = [e.message, e.cause&.message].compact.find do |msg|
|
|
191
|
-
|
|
190
|
+
msg.include?(RESOLUTION_IMPOSSIBLE_ERROR)
|
|
192
191
|
end
|
|
193
192
|
|
|
194
193
|
cleaned_message = clean_error_message(error_message || "")
|
|
@@ -220,6 +219,7 @@ module Dependabot
|
|
|
220
219
|
def pip_compile_options(filename)
|
|
221
220
|
options = @build_isolation ? ["--build-isolation"] : ["--no-build-isolation"]
|
|
222
221
|
options += pip_compile_index_options
|
|
222
|
+
options += ["--resolver backtracking", "--allow-unsafe"]
|
|
223
223
|
|
|
224
224
|
if (requirements_file = compiled_file_for_filename(filename))
|
|
225
225
|
options << "--output-file=#{requirements_file.name}"
|
|
@@ -353,25 +353,8 @@ module Dependabot
|
|
|
353
353
|
NameNormaliser.normalise(name)
|
|
354
354
|
end
|
|
355
355
|
|
|
356
|
-
VERBOSE_ERROR_OUTPUT_LINES = [
|
|
357
|
-
"Traceback",
|
|
358
|
-
"Using indexes:",
|
|
359
|
-
"Current constraints:",
|
|
360
|
-
"Finding the best candidates:",
|
|
361
|
-
"Finding secondary dependencies:",
|
|
362
|
-
"\n",
|
|
363
|
-
" "
|
|
364
|
-
].freeze
|
|
365
|
-
|
|
366
356
|
def clean_error_message(message)
|
|
367
|
-
|
|
368
|
-
msg = msg_lines.
|
|
369
|
-
take_while { |l| !l.start_with?("During handling of") }.
|
|
370
|
-
drop_while { |l| l.start_with?(*VERBOSE_ERROR_OUTPUT_LINES) }.
|
|
371
|
-
join.strip
|
|
372
|
-
|
|
373
|
-
# Redact any URLs, as they may include credentials
|
|
374
|
-
msg.gsub(/http.*?(?=\s)/, "<redacted>")
|
|
357
|
+
message.scan(ERROR_REGEX).last
|
|
375
358
|
end
|
|
376
359
|
|
|
377
360
|
def filenames_to_compile
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-python
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.197.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-07-
|
|
11
|
+
date: 2022-07-15 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.197.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.197.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debase
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|