dependabot-python 0.292.0 → 0.293.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/python/file_parser.rb +1 -1
  3. data/lib/dependabot/python/file_updater/requirement_replacer.rb +15 -0
  4. data/lib/dependabot/python/update_checker/poetry_version_resolver.rb +12 -0
  5. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 10f8d7444174c21b94daa610e812d6385ed7f5f9362eedc5266cfd8cc2f88fa9
4
- data.tar.gz: 668ab2dd7a6c7442427db7b69f7335746efc40cb7d236babd6d5955c6a5b0c91
3
+ metadata.gz: b25ebaf8e9c7ec713cdc0ed55d0447bc0550e6889f1b948626514eb956da21fe
4
+ data.tar.gz: 5fa5ef854bd4291ace811e78ce5e48dd33fa34a6dbccc3df13ca993fd67def1c
5
5
  SHA512:
6
- metadata.gz: 0a09d7f8450b58a90062c21c25898d7f7768a8da79965ac20b4074fdaee39cb503096580cff83e367936dfac847790eb4c02901e1765f3233ae2e42d30468ae8
7
- data.tar.gz: 92306e8facd79714d19c4d23fff9b786a1f3ab2ebca6c96478b29316266a904d3e614e34c92797a9ee9f3561c03b525c6567d4f4ffbacbb38c0e3ac6ee580873
6
+ metadata.gz: a06decf5a991d84e80b454307fdb269927619e24f295a5c759b5403e7cc036d6f143a87d6b0718fb3bcfb9460d625fc3a13acf8aa8bf2c7054205afb25ca1436
7
+ data.tar.gz: cd14d822f9f00215a89f0baa2cbcff208e88d04c5c72d6dc18759e6caf974b0f1112625bc37305ebc029c188bc26616d836ad5dc1ca739f8dc7dee4e640679ff
data/lib/dependabot/python/file_parser.rb CHANGED
@@ -338,7 +338,7 @@ module Dependabot
338
338
  end
339
339
 
340
340
  def evaluate_condition(condition, python_version)
341
- operator, version = condition.match(/([<>=!]=?)\s*"?([\d.]+)"?/).captures
341
+ operator, version = condition.match(/([<>=!]=?)\s*"?([\d.]+)"?/)&.captures
342
342
 
343
343
  case operator
344
344
  when "<"
data/lib/dependabot/python/file_updater/requirement_replacer.rb CHANGED
@@ -14,6 +14,8 @@ module Dependabot
14
14
  class RequirementReplacer
15
15
  PACKAGE_NOT_FOUND_ERROR = "PackageNotFoundError"
16
16
 
17
+ CERTIFICATE_VERIFY_FAILED = /CERTIFICATE_VERIFY_FAILED/
18
+
17
19
  def initialize(content:, dependency_name:, old_requirement:,
18
20
  new_requirement:, new_hash_version: nil, index_urls: nil)
19
21
  @content = content
@@ -153,6 +155,8 @@ module Dependabot
153
155
  args: args
154
156
  )
155
157
  rescue SharedHelpers::HelperSubprocessFailed => e
158
+ requirement_error_handler(e)
159
+
156
160
  raise unless e.message.include?("PackageNotFoundError")
157
161
 
158
162
  next
@@ -193,6 +197,17 @@ module Dependabot
193
197
  req1&.split(",")&.map { |r| r.gsub(/\s/, "") }&.sort ==
194
198
  req2&.split(",")&.map { |r| r.gsub(/\s/, "") }&.sort
195
199
  end
200
+
201
+ public
202
+
203
+ def requirement_error_handler(error)
204
+ Dependabot.logger.warn(error.message)
205
+
206
+ return unless error.message.match?(CERTIFICATE_VERIFY_FAILED)
207
+
208
+ msg = "Error resolving dependency."
209
+ raise DependencyFileNotResolvable, msg
210
+ end
196
211
  end
197
212
  end
198
213
  end
data/lib/dependabot/python/update_checker/poetry_version_resolver.rb CHANGED
@@ -369,6 +369,12 @@ module Dependabot
369
369
  server504: /504 Server Error/
370
370
  }.freeze, T::Hash[T.nilable(String), Regexp])
371
371
 
372
+ # invalid configuration in pyproject.toml
373
+ POETRY_VIRTUAL_ENV_CONFIG = %r{pypoetry/virtualenvs(.|\n)*list index out of range}
374
+
375
+ # error related to local project as dependency in pyproject.toml
376
+ ERR_LOCAL_PROJECT_PATH = /Path (?<path>.*) for (?<dep>.*) does not exist/
377
+
372
378
  sig do
373
379
  params(
374
380
  dependencies: Dependabot::Dependency,
@@ -418,6 +424,12 @@ module Dependabot
418
424
 
419
425
  raise DependencyFileNotResolvable, error.message if error.message.match(PYTHON_RANGE_NOT_SATISFIED)
420
426
 
427
+ if error.message.match(POETRY_VIRTUAL_ENV_CONFIG) || error.message.match(ERR_LOCAL_PROJECT_PATH)
428
+ msg = "Error while resolving pyproject.toml file"
429
+
430
+ raise DependencyFileNotResolvable, msg
431
+ end
432
+
421
433
  SERVER_ERROR_CODES.each do |(_error_codes, error_regex)|
422
434
  next unless error.message.match?(error_regex)
423
435
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.292.0
4
+ version: 0.293.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2025-01-09 00:00:00.000000000 Z
11
+ date: 2025-01-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.292.0
19
+ version: 0.293.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.292.0
26
+ version: 0.293.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -290,7 +290,7 @@ licenses:
290
290
  - MIT
291
291
  metadata:
292
292
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
293
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.292.0
293
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.293.0
294
294
  post_install_message:
295
295
  rdoc_options: []
296
296
  require_paths: