dependabot-python 0.275.0 → 0.276.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b0c0ebe17176ecc264d11ac2b7e4a4b569f89d9caef5d82855c804045c23c2f2
|
4
|
+
data.tar.gz: caa6f4908c81929629fa4df74457c3ef18d67533eec81b0863f0b5b5d366ea52
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 0237ca31de163f73dc570289e2f103d4d1400fd6ca65adadd2ea9e8bb648d10a25500969513236cfc9c3047339ced25f5188101b15128ce584c95991f458957b
|
7
|
+
data.tar.gz: 677869a2cda25d91e93c3cf7dd6a6174e1c471c0f4234ece66e5231ac52864c283a1c740d2d5b4b2c40589a77440c2868e47ce38969cf277059431a4731e4550
|
@@ -175,6 +175,8 @@ module Dependabot
|
|
175
175
|
def available_versions
|
176
176
|
@available_versions ||=
|
177
177
|
index_urls.flat_map do |index_url|
|
178
|
+
validate_index(index_url)
|
179
|
+
|
178
180
|
sanitized_url = index_url.gsub(%r{(?<=//).*(?=@)}, "redacted")
|
179
181
|
|
180
182
|
index_response = registry_response_for_dependency(index_url)
|
@@ -283,6 +285,15 @@ module Dependabot
|
|
283
285
|
def requirement_class
|
284
286
|
dependency.requirement_class
|
285
287
|
end
|
288
|
+
|
289
|
+
def validate_index(index_url)
|
290
|
+
sanitized_url = index_url.gsub(%r{(?<=//).*(?=@)}, "redacted")
|
291
|
+
|
292
|
+
return if index_url&.match?(URI::DEFAULT_PARSER.regexp[:ABS_URI])
|
293
|
+
|
294
|
+
raise Dependabot::DependencyFileNotResolvable,
|
295
|
+
"Invalid URL: #{sanitized_url}"
|
296
|
+
end
|
286
297
|
end
|
287
298
|
end
|
288
299
|
end
|
@@ -23,6 +23,9 @@ module Dependabot
|
|
23
23
|
class UpdateChecker
|
24
24
|
# This class does version resolution for pyproject.toml files.
|
25
25
|
class PoetryVersionResolver
|
26
|
+
extend T::Sig
|
27
|
+
extend T::Helpers
|
28
|
+
|
26
29
|
GIT_REFERENCE_NOT_FOUND_REGEX = /
|
27
30
|
(Failed to checkout
|
28
31
|
(?<tag>.+?)
|
@@ -38,16 +41,23 @@ module Dependabot
|
|
38
41
|
\s+check\syour\sgit\sconfiguration
|
39
42
|
/mx
|
40
43
|
|
44
|
+
INCOMPATIBLE_CONSTRAINTS = /Incompatible constraints in requirements of (?<dep>.+?) ((?<ver>.+?)):/
|
45
|
+
|
41
46
|
attr_reader :dependency
|
42
47
|
attr_reader :dependency_files
|
43
48
|
attr_reader :credentials
|
44
49
|
attr_reader :repo_contents_path
|
45
50
|
|
51
|
+
sig { returns(Dependabot::Python::PoetryErrorHandler) }
|
52
|
+
attr_reader :error_handler
|
53
|
+
|
46
54
|
def initialize(dependency:, dependency_files:, credentials:, repo_contents_path:)
|
47
55
|
@dependency = dependency
|
48
56
|
@dependency_files = dependency_files
|
49
57
|
@credentials = credentials
|
50
58
|
@repo_contents_path = repo_contents_path
|
59
|
+
@error_handler = PoetryErrorHandler.new(dependencies: dependency,
|
60
|
+
dependency_files: dependency_files)
|
51
61
|
end
|
52
62
|
|
53
63
|
def latest_resolvable_version(requirement: nil)
|
@@ -115,6 +125,8 @@ module Dependabot
|
|
115
125
|
|
116
126
|
# rubocop:disable Metrics/AbcSize
|
117
127
|
def handle_poetry_errors(error)
|
128
|
+
error_handler.handle_poetry_error(error)
|
129
|
+
|
118
130
|
if error.message.gsub(/\s/, "").match?(GIT_REFERENCE_NOT_FOUND_REGEX)
|
119
131
|
message = error.message.gsub(/\s/, "")
|
120
132
|
match = message.match(GIT_REFERENCE_NOT_FOUND_REGEX)
|
@@ -322,5 +334,51 @@ module Dependabot
|
|
322
334
|
end
|
323
335
|
end
|
324
336
|
end
|
337
|
+
|
338
|
+
class PoetryErrorHandler < UpdateChecker
|
339
|
+
extend T::Sig
|
340
|
+
|
341
|
+
# if a valid config value is not found in project.toml file
|
342
|
+
INVALID_CONFIGURATION = /The Poetry configuration is invalid:(?<config>.*)/
|
343
|
+
|
344
|
+
# if .toml has incorrect version specification i.e. <0.2.0app
|
345
|
+
INVALID_VERSION = /Could not parse version constraint: (?<ver>.*)/
|
346
|
+
|
347
|
+
# dependency source link not accessible
|
348
|
+
INVALID_LINK = /No valid distribution links found for package: "(?<dep>.*)" version: "(?<ver>.*)"/
|
349
|
+
|
350
|
+
sig do
|
351
|
+
params(
|
352
|
+
dependencies: Dependabot::Dependency,
|
353
|
+
dependency_files: T::Array[Dependabot::DependencyFile]
|
354
|
+
).void
|
355
|
+
end
|
356
|
+
def initialize(dependencies:, dependency_files:)
|
357
|
+
@dependencies = dependencies
|
358
|
+
@dependency_files = dependency_files
|
359
|
+
end
|
360
|
+
|
361
|
+
private
|
362
|
+
|
363
|
+
sig { returns(Dependabot::Dependency) }
|
364
|
+
attr_reader :dependencies
|
365
|
+
|
366
|
+
sig { returns(T::Array[Dependabot::DependencyFile]) }
|
367
|
+
attr_reader :dependency_files
|
368
|
+
|
369
|
+
public
|
370
|
+
|
371
|
+
sig { params(error: Exception).void }
|
372
|
+
def handle_poetry_error(error)
|
373
|
+
Dependabot.logger.warn(error.message)
|
374
|
+
|
375
|
+
if (msg = error.message.match(PoetryVersionResolver::INCOMPATIBLE_CONSTRAINTS) ||
|
376
|
+
error.message.match(INVALID_CONFIGURATION) || error.message.match(INVALID_VERSION) ||
|
377
|
+
error.message.match(INVALID_LINK))
|
378
|
+
|
379
|
+
raise DependencyFileNotResolvable, msg
|
380
|
+
end
|
381
|
+
end
|
382
|
+
end
|
325
383
|
end
|
326
384
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-python
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.276.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-09-
|
11
|
+
date: 2024-09-19 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.276.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.276.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -288,7 +288,7 @@ licenses:
|
|
288
288
|
- MIT
|
289
289
|
metadata:
|
290
290
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
291
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
291
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.276.0
|
292
292
|
post_install_message:
|
293
293
|
rdoc_options: []
|
294
294
|
require_paths:
|