dependabot-python 0.196.4 → 0.199.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/lib/parser.py +1 -1
  3. data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb +10 -27
  4. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1bc79e828f60a77c98c0db059795430716f086cbaa9f675511568e0cd27e6a4c
4
- data.tar.gz: cc4a2fd2e89587e63dc65e1f621f933cda71ca89cbe71d52d2c88886fb00dc3d
3
+ metadata.gz: fa2efdb728ace10c8f93f21234b1b43cf9e911816f38027da3dbc1db112da69f
4
+ data.tar.gz: 8b50a54ab4f43fc40ec8967b522505f65791c4b645ac3e3fd9d039ca26ebc7b0
5
5
  SHA512:
6
- metadata.gz: 8941fea7946bf352c2437d5a1b8f43223640741f2aec8c4013ccb2102312930a2d6eeedff52709133540a129705ffdf7a3473a38c07dc0ec16493b7f8cebc78d
7
- data.tar.gz: a6f22b171b9809cc088d5062f5da3f1a2640db1dffe1fc04643f6580cfae2386208962c76705a6e3603a9d851fd3224edf58cb965d71ef6c36c7f1621868a093
6
+ metadata.gz: 7672806dbc6115cd90f8e831d07da9bb4c626b15abc4df427e7d318ddfa2031a36e978fad9933c5300977b762f6e508f5a7241fa077e1cfb0bbe2860f5703aea
7
+ data.tar.gz: 1519ff9d9bbc684aaee4ae681598896a094206cf2700c901f2c50a2a60f9b45636c263d2b0ad999e91c41e91cb61488873e05b2efa8803d328b3f26db01fd318
data/helpers/lib/parser.py CHANGED
@@ -37,7 +37,7 @@ def parse_requirements(directory):
37
37
  )
38
38
  for parsed_req in requirements:
39
39
  install_req = install_req_from_parsed_requirement(parsed_req)
40
- if install_req.original_link:
40
+ if install_req.req is None:
41
41
  continue
42
42
 
43
43
  pattern = r"-[cr] (.*) \(line \d+\)"
data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb CHANGED
@@ -32,6 +32,8 @@ module Dependabot
32
32
  "pip._internal.exceptions.InstallationSubprocessError: Command errored out with exit status 1:"
33
33
  # See https://packaging.python.org/en/latest/tutorials/packaging-projects/#configuring-metadata
34
34
  PYTHON_PACKAGE_NAME_REGEX = /[A-Za-z0-9_\-]+/.freeze
35
+ RESOLUTION_IMPOSSIBLE_ERROR = "ResolutionImpossible"
36
+ ERROR_REGEX = /(?<=ERROR\:\W).*$/.freeze
35
37
 
36
38
  attr_reader :dependency, :dependency_files, :credentials
37
39
 
@@ -76,16 +78,13 @@ module Dependabot
76
78
  # Shell out to pip-compile.
77
79
  # This is slow, as pip-compile needs to do installs.
78
80
  run_pip_compile_command(
79
- "pyenv exec pip-compile --allow-unsafe -v "\
80
- "#{pip_compile_options(filename)} -P #{dependency.name} "\
81
- "#{filename}"
81
+ "pyenv exec pip-compile -v #{pip_compile_options(filename)} -P #{dependency.name} #{filename}"
82
82
  )
83
83
  # Run pip-compile a second time, without an update argument,
84
84
  # to ensure it handles markers correctly
85
85
  write_original_manifest_files unless dependency.top_level?
86
86
  run_pip_compile_command(
87
- "pyenv exec pip-compile --allow-unsafe "\
88
- "#{pip_compile_options(filename)} #{filename}"
87
+ "pyenv exec pip-compile #{pip_compile_options(filename)} #{filename}"
89
88
  )
90
89
  end
91
90
 
@@ -114,7 +113,7 @@ module Dependabot
114
113
  # rubocop:disable Metrics/AbcSize
115
114
  # rubocop:disable Metrics/PerceivedComplexity
116
115
  def handle_pip_compile_errors(error)
117
- if error.message.include?("Could not find a version")
116
+ if error.message.include?(RESOLUTION_IMPOSSIBLE_ERROR)
118
117
  check_original_requirements_resolvable
119
118
  # If the original requirements are resolvable but we get an
120
119
  # incompatibility error after unlocking then it's likely to be
@@ -138,7 +137,7 @@ module Dependabot
138
137
  return
139
138
  end
140
139
 
141
- if error.message.include?("Could not find a version ") &&
140
+ if error.message.include?(RESOLUTION_IMPOSSIBLE_ERROR) &&
142
141
  !error.message.match?(/#{Regexp.quote(dependency.name)}/i)
143
142
  # Sometimes pip-tools gets confused and can't work around
144
143
  # sub-dependency incompatibilities. Ignore those cases.
@@ -179,7 +178,7 @@ module Dependabot
179
178
 
180
179
  filenames_to_compile.each do |filename|
181
180
  run_pip_compile_command(
182
- "pyenv exec pip-compile #{pip_compile_options(filename)} --allow-unsafe #{filename}"
181
+ "pyenv exec pip-compile #{pip_compile_options(filename)} #{filename}"
183
182
  )
184
183
  end
185
184
 
@@ -188,7 +187,7 @@ module Dependabot
188
187
  # Pick the error message that includes resolvability errors, this might be the cause from
189
188
  # handle_pip_compile_errors (it's unclear if we should always pick the cause here)
190
189
  error_message = [e.message, e.cause&.message].compact.find do |msg|
191
- ["UnsupportedConstraint", "Could not find a version"].any? { |err| msg.include?(err) }
190
+ msg.include?(RESOLUTION_IMPOSSIBLE_ERROR)
192
191
  end
193
192
 
194
193
  cleaned_message = clean_error_message(error_message || "")
@@ -220,6 +219,7 @@ module Dependabot
220
219
  def pip_compile_options(filename)
221
220
  options = @build_isolation ? ["--build-isolation"] : ["--no-build-isolation"]
222
221
  options += pip_compile_index_options
222
+ options += ["--resolver backtracking", "--allow-unsafe"]
223
223
 
224
224
  if (requirements_file = compiled_file_for_filename(filename))
225
225
  options << "--output-file=#{requirements_file.name}"
@@ -353,25 +353,8 @@ module Dependabot
353
353
  NameNormaliser.normalise(name)
354
354
  end
355
355
 
356
- VERBOSE_ERROR_OUTPUT_LINES = [
357
- "Traceback",
358
- "Using indexes:",
359
- "Current constraints:",
360
- "Finding the best candidates:",
361
- "Finding secondary dependencies:",
362
- "\n",
363
- " "
364
- ].freeze
365
-
366
356
  def clean_error_message(message)
367
- msg_lines = message.lines
368
- msg = msg_lines.
369
- take_while { |l| !l.start_with?("During handling of") }.
370
- drop_while { |l| l.start_with?(*VERBOSE_ERROR_OUTPUT_LINES) }.
371
- join.strip
372
-
373
- # Redact any URLs, as they may include credentials
374
- msg.gsub(/http.*?(?=\s)/, "<redacted>")
357
+ message.scan(ERROR_REGEX).last
375
358
  end
376
359
 
377
360
  def filenames_to_compile
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.196.4
4
+ version: 0.199.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-07-14 00:00:00.000000000 Z
11
+ date: 2022-07-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.196.4
19
+ version: 0.199.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.196.4
26
+ version: 0.199.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debase
29
29
  requirement: !ruby/object:Gem::Requirement