dependabot-python 0.232.0 → 0.234.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b5886958214d4e4d879641f0f831893f7ddcc95043922f72f8f9b61b247e9756
-  data.tar.gz: 75e05d9010ce6e96864e008ce5b2cf5fc8a8f766cbca793e0bf1ff4b750df3c3
+  metadata.gz: a898b6d459367fc728deb010aed7f9adbba8064ffe506547b3076d8320024642
+  data.tar.gz: 9fc76c80711472410d5919bab2ff8cca12ab161b7dfae2d23c83fe5afe3e30a2
 SHA512:
-  metadata.gz: 05c42c61ef6b79ff28db63104ef0051385e5c7f7dc5650d8117fdff35468560526b3baa872a07c271365887f527650341768842e54cb0edcb608f990c34ac7b5
-  data.tar.gz: 74f7155af34a6cd03f4259fab9707b26cf3cf20077e6a818e7c3fcb7206e812facfe8ce5d03c77be6dde553a37256ff208f7c582ddca41a5dce8b0b0aedd7892
+  metadata.gz: 5c90405c02d5c636ee64d0ecd43b9fbe504b8f6b888d22f81806dddaca8799f590fcf7b46545d06584c3b45f68ffff58f13d0e2b0699441223419eb1e4d35bb9
+  data.tar.gz: 7d10aa0fd61a0707b00bac29c8bd12ac533a49b37cfd1bb58a0830ad73eb50ad5767771889eb78236c175dc0e9cf400522395093894f715a6a80c90c523298f1

data/helpers/lib/parser.py

@@ -99,6 +99,10 @@ def parse_requirements(directory):
                 if install_req.req is None:
                     continue
 
+                # Ignore file: requirements
+                if install_req.link is not None and install_req.link.is_file:
+                    continue
+
                 pattern = r"-[cr] (.*) \(line \d+\)"
                 abs_path = re.search(pattern, install_req.comes_from).group(1)
                 rel_path = os.path.relpath(abs_path, directory)

data/helpers/requirements.txt

@@ -2,9 +2,9 @@ pip==23.2.1
 pip-tools==7.3.0
 flake8==6.1.0
 hashin==0.17.0
-pipenv==2022.4.8
+pipenv==2023.8.28
 pipfile==0.0.2
 poetry==1.6.1
 
 # Some dependencies will only install if Cython is present
-Cython==3.0.2
+Cython==3.0.3

data/lib/dependabot/python/file_parser/pyproject_files_parser.rb

@@ -208,7 +208,7 @@ module Dependabot
 
           parsed_lockfile.fetch("package", [])
                          .find { |p| normalise(p.fetch("name")) == normalise(dep_name) }
-            &.fetch("version", nil)
+                         &.fetch("version", nil)
         end
 
         def check_requirements(req)

data/lib/dependabot/python/file_parser/python_requirement_parser.rb

@@ -90,7 +90,7 @@ module Dependabot
 
           req = setup_file.content
                           .match(/python_requires\s*=\s*['"](?<req>[^'"]+)['"]/)
-                &.named_captures&.fetch("req")&.strip
+                          &.named_captures&.fetch("req")&.strip
 
           requirement_class.new(req)
           req

data/lib/dependabot/python/language_version_manager.rb

@@ -62,10 +62,8 @@ module Dependabot
         return version if version
 
         # Otherwise we have to raise
-        msg = "Dependabot detected the following Python requirement for your project: '#{python_requirement_string}'." \
-              "\n\nCurrently, the following Python versions are supported in Dependabot: " \
-              "#{PRE_INSTALLED_PYTHON_VERSIONS.map { |x| x.gsub(/\.\d+$/, '.*') }.join(', ')}."
-        raise DependencyFileNotResolvable, msg
+        supported_versions = PRE_INSTALLED_PYTHON_VERSIONS.map { |x| x.gsub(/\.\d+$/, ".*") }.join(", ")
+        raise ToolVersionNotSupported.new("Python", python_requirement_string, supported_versions)
       end
 
       def user_specified_python_version

data/lib/dependabot/python/update_checker/latest_version_finder.rb

@@ -199,8 +199,8 @@ module Dependabot
         def build_python_requirement_from_link(link)
           req_string = Nokogiri::XML(link)
                                .at_css("a")
-                       &.attribute("data-requires-python")
-                       &.content
+                               &.attribute("data-requires-python")
+                               &.content
 
           return unless req_string
 

data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb

@@ -29,20 +29,13 @@ module Dependabot
       # just raise if the latest version can't be resolved. Knowing that is
       # still better than nothing, though.
       class PipenvVersionResolver
-        # rubocop:disable Layout/LineLength
-        GIT_DEPENDENCY_UNREACHABLE_REGEX = /git clone -q (?<url>[^\s]+).* /
-        GIT_REFERENCE_NOT_FOUND_REGEX = %r{git checkout -q (?<tag>[^\n"]+)\n?[^\n]*/(?<name>.*?)(\\n'\]|$)}m
-        PIPENV_INSTALLATION_ERROR = "pipenv.patched.notpip._internal.exceptions.InstallationError: Command errored out" \
-                                    " with exit status 1: python setup.py egg_info"
-        TRACEBACK = "Traceback (most recent call last):"
+        GIT_DEPENDENCY_UNREACHABLE_REGEX = /git clone --filter=blob:none (?<url>[^\s]+).*/
+        GIT_REFERENCE_NOT_FOUND_REGEX = /git checkout -q (?<tag>[^\s]+).*/
+        PIPENV_INSTALLATION_ERROR = "python setup.py egg_info exited with 1"
         PIPENV_INSTALLATION_ERROR_REGEX =
-          /#{Regexp.quote(TRACEBACK)}[\s\S]*^\s+import\s(?<name>.+)[\s\S]*^#{Regexp.quote(PIPENV_INSTALLATION_ERROR)}/
+          /[\s\S]*Collecting\s(?<name>.+)\s\(from\s-r.+\)[\s\S]*#{Regexp.quote(PIPENV_INSTALLATION_ERROR)}/
 
-        UNSUPPORTED_DEPS = %w(pyobjc).freeze
-        UNSUPPORTED_DEP_REGEX =
-          /Could not find a version that satisfies the requirement.*(?:#{UNSUPPORTED_DEPS.join('|')})/
         PIPENV_RANGE_WARNING = /Warning:\sPython\s[<>].* was not found/
-        # rubocop:enable Layout/LineLength
 
         DEPENDENCY_TYPES = %w(packages dev-packages).freeze
 
@@ -103,7 +96,7 @@ module Dependabot
             version =
               deps.transform_keys { |k| normalise(k) }
                   .dig(dependency.name, "version")
-              &.gsub(/^==/, "")
+                  &.gsub(/^==/, "")
 
             return version
           end
@@ -113,7 +106,7 @@ module Dependabot
             version =
               deps.transform_keys { |k| normalise(k) }
                   .dig(dependency.name, "version")
-              &.gsub(/^==/, "")
+                  &.gsub(/^==/, "")
 
             return version if version
           end
@@ -136,17 +129,6 @@ module Dependabot
             raise DependencyFileNotResolvable, msg
           end
 
-          if error.message.match?(UNSUPPORTED_DEP_REGEX)
-            msg = "Dependabot detected a dependency that can't be built on " \
-                  "linux. Currently, all Dependabot builds happen on linux " \
-                  "boxes, so there is no way for Dependabot to resolve your " \
-                  "dependency files.\n\n" \
-                  "Unless you think Dependabot has made a mistake (please " \
-                  "tag us if so) you may wish to disable Dependabot on this " \
-                  "repo."
-            raise DependencyFileNotResolvable, msg
-          end
-
           if error.message.match?(PIPENV_RANGE_WARNING)
             msg = "Pipenv does not support specifying Python ranges " \
                   "(see https://github.com/pypa/pipenv/issues/1050 for more " \
@@ -183,18 +165,19 @@ module Dependabot
             return if error.message.match?(/#{Regexp.quote(dependency.name)}/i)
           end
 
+          if error.message.match?(GIT_REFERENCE_NOT_FOUND_REGEX)
+            tag = error.message.match(GIT_REFERENCE_NOT_FOUND_REGEX).named_captures.fetch("tag")
+            # Unfortunately the error message doesn't include the package name.
+            # TODO: Talk with pipenv maintainers about exposing the package name, it used to be part of the error output
+            raise GitDependencyReferenceNotFound, "(unknown package at #{tag})"
+          end
+
           if error.message.match?(GIT_DEPENDENCY_UNREACHABLE_REGEX)
             url = error.message.match(GIT_DEPENDENCY_UNREACHABLE_REGEX)
                        .named_captures.fetch("url")
             raise GitDependenciesNotReachable, url
           end
 
-          if error.message.match?(GIT_REFERENCE_NOT_FOUND_REGEX)
-            name = error.message.match(GIT_REFERENCE_NOT_FOUND_REGEX)
-                        .named_captures.fetch("name")
-            raise GitDependencyReferenceNotFound, name
-          end
-
           raise unless error.message.include?("could not be resolved")
         end
         # rubocop:enable Metrics/CyclomaticComplexity
@@ -258,7 +241,7 @@ module Dependabot
                   next false if l.start_with?("CRITICAL:")
                   next false if l.start_with?("ERROR:")
                   next false if l.start_with?("packaging.specifiers")
-                  next false if l.start_with?("pipenv.patched.notpip._internal")
+                  next false if l.start_with?("pipenv.patched.pip._internal")
                   next false if l.include?("Max retries exceeded")
 
                   true

data/lib/dependabot/python/update_checker/poetry_version_resolver.rb

@@ -103,7 +103,7 @@ module Dependabot
           version =
             updated_lockfile.fetch("package", [])
                             .find { |d| d["name"] && normalise(d["name"]) == dependency.name }
-            &.fetch("version")
+                            &.fetch("version")
 
           return version unless version.nil? && dependency.top_level?
 

data/lib/dependabot/python/version.rb

@@ -29,7 +29,7 @@ module Dependabot
 
       def initialize(version)
         @version_string = version.to_s
-        version, @local_version = version.split("+")
+        version, @local_version = @version_string.split("+")
         version ||= ""
         version = version.gsub(/^v/, "")
         if version.include?("!")

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-python
 version: !ruby/object:Gem::Version
-  version: 0.232.0
+  version: 0.234.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-09-14 00:00:00.000000000 Z
+date: 2023-10-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.232.0
+        version: 0.234.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.232.0
+        version: 0.234.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -52,20 +52,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.0'
-- !ruby/object:Gem::Dependency
-  name: parallel_tests
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 4.2.0
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 4.2.0
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -164,6 +150,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 0.2.16
+- !ruby/object:Gem::Dependency
+  name: turbo_tests
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.2.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.2.0
 - !ruby/object:Gem::Dependency
   name: vcr
   requirement: !ruby/object:Gem::Requirement
@@ -245,7 +245,7 @@ licenses:
 - Nonstandard
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.232.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.234.0
 post_install_message: 
 rdoc_options: []
 require_paths: