RubyGems - dependabot-python - Versions diffs - 0.196.4 → 0.199.0 - Mend

dependabot-python 0.196.4 → 0.199.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

checksums.yaml +4 -4
data/helpers/lib/parser.py +1 -1
data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb +10 -27
metadata +4 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1bc79e828f60a77c98c0db059795430716f086cbaa9f675511568e0cd27e6a4c
-  data.tar.gz: cc4a2fd2e89587e63dc65e1f621f933cda71ca89cbe71d52d2c88886fb00dc3d
+  metadata.gz: fa2efdb728ace10c8f93f21234b1b43cf9e911816f38027da3dbc1db112da69f
+  data.tar.gz: 8b50a54ab4f43fc40ec8967b522505f65791c4b645ac3e3fd9d039ca26ebc7b0
 SHA512:
-  metadata.gz: 8941fea7946bf352c2437d5a1b8f43223640741f2aec8c4013ccb2102312930a2d6eeedff52709133540a129705ffdf7a3473a38c07dc0ec16493b7f8cebc78d
-  data.tar.gz: a6f22b171b9809cc088d5062f5da3f1a2640db1dffe1fc04643f6580cfae2386208962c76705a6e3603a9d851fd3224edf58cb965d71ef6c36c7f1621868a093
+  metadata.gz: 7672806dbc6115cd90f8e831d07da9bb4c626b15abc4df427e7d318ddfa2031a36e978fad9933c5300977b762f6e508f5a7241fa077e1cfb0bbe2860f5703aea
+  data.tar.gz: 1519ff9d9bbc684aaee4ae681598896a094206cf2700c901f2c50a2a60f9b45636c263d2b0ad999e91c41e91cb61488873e05b2efa8803d328b3f26db01fd318

data/helpers/lib/parser.py CHANGED Viewed

@@ -37,7 +37,7 @@ def parse_requirements(directory):
             )
             for parsed_req in requirements:
                 install_req = install_req_from_parsed_requirement(parsed_req)
-                if install_req.original_link:
+                if install_req.req is None:
                     continue
                 pattern = r"-[cr] (.*) \(line \d+\)"

data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb CHANGED Viewed

@@ -32,6 +32,8 @@ module Dependabot
           "pip._internal.exceptions.InstallationSubprocessError: Command errored out with exit status 1:"
         # See https://packaging.python.org/en/latest/tutorials/packaging-projects/#configuring-metadata
         PYTHON_PACKAGE_NAME_REGEX = /[A-Za-z0-9_\-]+/.freeze
+        RESOLUTION_IMPOSSIBLE_ERROR = "ResolutionImpossible"
+        ERROR_REGEX = /(?<=ERROR\:\W).*$/.freeze
         attr_reader :dependency, :dependency_files, :credentials
@@ -76,16 +78,13 @@ module Dependabot
                   # Shell out to pip-compile.
                   # This is slow, as pip-compile needs to do installs.
                   run_pip_compile_command(
-                    "pyenv exec pip-compile --allow-unsafe -v "\
-                     "#{pip_compile_options(filename)} -P #{dependency.name} "\
-                     "#{filename}"
+                    "pyenv exec pip-compile -v #{pip_compile_options(filename)} -P #{dependency.name} #{filename}"
                   )
                   # Run pip-compile a second time, without an update argument,
                   # to ensure it handles markers correctly
                   write_original_manifest_files unless dependency.top_level?
                   run_pip_compile_command(
-                    "pyenv exec pip-compile --allow-unsafe "\
-                     "#{pip_compile_options(filename)} #{filename}"
+                    "pyenv exec pip-compile #{pip_compile_options(filename)} #{filename}"
                   )
                 end
@@ -114,7 +113,7 @@ module Dependabot
         # rubocop:disable Metrics/AbcSize
         # rubocop:disable Metrics/PerceivedComplexity
         def handle_pip_compile_errors(error)
-          if error.message.include?("Could not find a version")
+          if error.message.include?(RESOLUTION_IMPOSSIBLE_ERROR)
             check_original_requirements_resolvable
             # If the original requirements are resolvable but we get an
             # incompatibility error after unlocking then it's likely to be
@@ -138,7 +137,7 @@ module Dependabot
             return
           end
-          if error.message.include?("Could not find a version ") &&
+          if error.message.include?(RESOLUTION_IMPOSSIBLE_ERROR) &&
              !error.message.match?(/#{Regexp.quote(dependency.name)}/i)
             # Sometimes pip-tools gets confused and can't work around
             # sub-dependency incompatibilities. Ignore those cases.
@@ -179,7 +178,7 @@ module Dependabot
               filenames_to_compile.each do |filename|
                 run_pip_compile_command(
-                  "pyenv exec pip-compile #{pip_compile_options(filename)} --allow-unsafe #{filename}"
+                  "pyenv exec pip-compile #{pip_compile_options(filename)} #{filename}"
                 )
               end
@@ -188,7 +187,7 @@ module Dependabot
               # Pick the error message that includes resolvability errors, this might be the cause from
               # handle_pip_compile_errors (it's unclear if we should always pick the cause here)
               error_message = [e.message, e.cause&.message].compact.find do |msg|
-                ["UnsupportedConstraint", "Could not find a version"].any? { |err| msg.include?(err) }
+                msg.include?(RESOLUTION_IMPOSSIBLE_ERROR)
               end
               cleaned_message = clean_error_message(error_message || "")
@@ -220,6 +219,7 @@ module Dependabot
         def pip_compile_options(filename)
           options = @build_isolation ? ["--build-isolation"] : ["--no-build-isolation"]
           options += pip_compile_index_options
+          options += ["--resolver backtracking", "--allow-unsafe"]
           if (requirements_file = compiled_file_for_filename(filename))
             options << "--output-file=#{requirements_file.name}"
@@ -353,25 +353,8 @@ module Dependabot
           NameNormaliser.normalise(name)
         end
-        VERBOSE_ERROR_OUTPUT_LINES = [
-          "Traceback",
-          "Using indexes:",
-          "Current constraints:",
-          "Finding the best candidates:",
-          "Finding secondary dependencies:",
-          "\n",
-          "  "
-        ].freeze
         def clean_error_message(message)
-          msg_lines = message.lines
-          msg = msg_lines.
-                take_while { |l| !l.start_with?("During handling of") }.
-                drop_while { |l| l.start_with?(*VERBOSE_ERROR_OUTPUT_LINES) }.
-                join.strip
-          # Redact any URLs, as they may include credentials
-          msg.gsub(/http.*?(?=\s)/, "<redacted>")
+          message.scan(ERROR_REGEX).last
         end
         def filenames_to_compile

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-python
 version: !ruby/object:Gem::Version
-  version: 0.196.4
+  version: 0.199.0
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-07-14 00:00:00.000000000 Z
+date: 2022-07-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.196.4
+        version: 0.199.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.196.4
+        version: 0.199.0
 - !ruby/object:Gem::Dependency
   name: debase
   requirement: !ruby/object:Gem::Requirement