RubyGems - dependabot-python - Versions diffs - 0.275.0 → 0.276.0 - Mend

dependabot-python 0.275.0 → 0.276.0

Files changed (4) hide show

checksums.yaml +4 -4
data/lib/dependabot/python/update_checker/latest_version_finder.rb +11 -0
data/lib/dependabot/python/update_checker/poetry_version_resolver.rb +58 -0
metadata +5 -5

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '0626084dc83e808fbf8f28e59811aa2c01be03d7735e36f1c60df096d40fe25a'
-  data.tar.gz: a0d8c1d862fa9ce282e216c4a2fc7d0a68ea717cd5b13c8c19b08309254b91ff
+  metadata.gz: b0c0ebe17176ecc264d11ac2b7e4a4b569f89d9caef5d82855c804045c23c2f2
+  data.tar.gz: caa6f4908c81929629fa4df74457c3ef18d67533eec81b0863f0b5b5d366ea52
 SHA512:
-  metadata.gz: a917f63eabb8f58bffb7884bd142eb547ae9dddd14f4195ed76907f5d336a01532094716668311d6b79c87296f49177a66cecfcfa8efec2e4087f5409a071635
-  data.tar.gz: 925475e32323452a63d91a773c893db2e5e1fa72083e6c0be215c3ab8eb9cf6ccba2109946a3d9fdc9aecb36bc390284c345a93d5cd45cf0981655d443868dd8
+  metadata.gz: 0237ca31de163f73dc570289e2f103d4d1400fd6ca65adadd2ea9e8bb648d10a25500969513236cfc9c3047339ced25f5188101b15128ce584c95991f458957b
+  data.tar.gz: 677869a2cda25d91e93c3cf7dd6a6174e1c471c0f4234ece66e5231ac52864c283a1c740d2d5b4b2c40589a77440c2868e47ce38969cf277059431a4731e4550

data/lib/dependabot/python/update_checker/latest_version_finder.rb CHANGED Viewed

@@ -175,6 +175,8 @@ module Dependabot
         def available_versions
           @available_versions ||=
             index_urls.flat_map do |index_url|
+              validate_index(index_url)
               sanitized_url = index_url.gsub(%r{(?<=//).*(?=@)}, "redacted")
               index_response = registry_response_for_dependency(index_url)
@@ -283,6 +285,15 @@ module Dependabot
         def requirement_class
           dependency.requirement_class
         end
+        def validate_index(index_url)
+          sanitized_url = index_url.gsub(%r{(?<=//).*(?=@)}, "redacted")
+          return if index_url&.match?(URI::DEFAULT_PARSER.regexp[:ABS_URI])
+          raise Dependabot::DependencyFileNotResolvable,
+                "Invalid URL: #{sanitized_url}"
+        end
       end
     end
   end

data/lib/dependabot/python/update_checker/poetry_version_resolver.rb CHANGED Viewed

@@ -23,6 +23,9 @@ module Dependabot
     class UpdateChecker
       # This class does version resolution for pyproject.toml files.
       class PoetryVersionResolver
+        extend T::Sig
+        extend T::Helpers
         GIT_REFERENCE_NOT_FOUND_REGEX = /
           (Failed to checkout
           (?<tag>.+?)
@@ -38,16 +41,23 @@ module Dependabot
           \s+check\syour\sgit\sconfiguration
         /mx
+        INCOMPATIBLE_CONSTRAINTS = /Incompatible constraints in requirements of (?<dep>.+?) ((?<ver>.+?)):/
         attr_reader :dependency
         attr_reader :dependency_files
         attr_reader :credentials
         attr_reader :repo_contents_path
+        sig { returns(Dependabot::Python::PoetryErrorHandler) }
+        attr_reader :error_handler
         def initialize(dependency:, dependency_files:, credentials:, repo_contents_path:)
           @dependency               = dependency
           @dependency_files         = dependency_files
           @credentials              = credentials
           @repo_contents_path       = repo_contents_path
+          @error_handler = PoetryErrorHandler.new(dependencies: dependency,
+                                                  dependency_files: dependency_files)
         end
         def latest_resolvable_version(requirement: nil)
@@ -115,6 +125,8 @@ module Dependabot
         # rubocop:disable Metrics/AbcSize
         def handle_poetry_errors(error)
+          error_handler.handle_poetry_error(error)
           if error.message.gsub(/\s/, "").match?(GIT_REFERENCE_NOT_FOUND_REGEX)
             message = error.message.gsub(/\s/, "")
             match = message.match(GIT_REFERENCE_NOT_FOUND_REGEX)
@@ -322,5 +334,51 @@ module Dependabot
         end
       end
     end
+    class PoetryErrorHandler < UpdateChecker
+      extend T::Sig
+      # if a valid config value is not found in project.toml file
+      INVALID_CONFIGURATION = /The Poetry configuration is invalid:(?<config>.*)/
+      # if .toml has incorrect version specification i.e. <0.2.0app
+      INVALID_VERSION = /Could not parse version constraint: (?<ver>.*)/
+      # dependency source link not accessible
+      INVALID_LINK = /No valid distribution links found for package: "(?<dep>.*)" version: "(?<ver>.*)"/
+      sig do
+        params(
+          dependencies: Dependabot::Dependency,
+          dependency_files: T::Array[Dependabot::DependencyFile]
+        ).void
+      end
+      def initialize(dependencies:, dependency_files:)
+        @dependencies = dependencies
+        @dependency_files = dependency_files
+      end
+      private
+      sig { returns(Dependabot::Dependency) }
+      attr_reader :dependencies
+      sig { returns(T::Array[Dependabot::DependencyFile]) }
+      attr_reader :dependency_files
+      public
+      sig { params(error: Exception).void }
+      def handle_poetry_error(error)
+        Dependabot.logger.warn(error.message)
+        if (msg = error.message.match(PoetryVersionResolver::INCOMPATIBLE_CONSTRAINTS) ||
+            error.message.match(INVALID_CONFIGURATION) || error.message.match(INVALID_VERSION) ||
+            error.message.match(INVALID_LINK))
+          raise DependencyFileNotResolvable, msg
+        end
+      end
+    end
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-python
 version: !ruby/object:Gem::Version
-  version: 0.275.0
+  version: 0.276.0
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-09-12 00:00:00.000000000 Z
+date: 2024-09-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.275.0
+        version: 0.276.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.275.0
+        version: 0.276.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -288,7 +288,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.275.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.276.0
 post_install_message:
 rdoc_options: []
 require_paths: