dependabot-python 0.292.0 → 0.293.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/python/file_parser.rb +1 -1
  3. data/lib/dependabot/python/file_updater/requirement_replacer.rb +15 -0
  4. data/lib/dependabot/python/update_checker/poetry_version_resolver.rb +12 -0
  5. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 10f8d7444174c21b94daa610e812d6385ed7f5f9362eedc5266cfd8cc2f88fa9
4
- data.tar.gz: 668ab2dd7a6c7442427db7b69f7335746efc40cb7d236babd6d5955c6a5b0c91
3
+ metadata.gz: b25ebaf8e9c7ec713cdc0ed55d0447bc0550e6889f1b948626514eb956da21fe
4
+ data.tar.gz: 5fa5ef854bd4291ace811e78ce5e48dd33fa34a6dbccc3df13ca993fd67def1c
5
5
  SHA512:
6
- metadata.gz: 0a09d7f8450b58a90062c21c25898d7f7768a8da79965ac20b4074fdaee39cb503096580cff83e367936dfac847790eb4c02901e1765f3233ae2e42d30468ae8
7
- data.tar.gz: 92306e8facd79714d19c4d23fff9b786a1f3ab2ebca6c96478b29316266a904d3e614e34c92797a9ee9f3561c03b525c6567d4f4ffbacbb38c0e3ac6ee580873
6
+ metadata.gz: a06decf5a991d84e80b454307fdb269927619e24f295a5c759b5403e7cc036d6f143a87d6b0718fb3bcfb9460d625fc3a13acf8aa8bf2c7054205afb25ca1436
7
+ data.tar.gz: cd14d822f9f00215a89f0baa2cbcff208e88d04c5c72d6dc18759e6caf974b0f1112625bc37305ebc029c188bc26616d836ad5dc1ca739f8dc7dee4e640679ff
data/lib/dependabot/python/file_parser.rb CHANGED
@@ -338,7 +338,7 @@ module Dependabot
338
338
  end
339
339
 
340
340
  def evaluate_condition(condition, python_version)
341
- operator, version = condition.match(/([<>=!]=?)\s*"?([\d.]+)"?/).captures
341
+ operator, version = condition.match(/([<>=!]=?)\s*"?([\d.]+)"?/)&.captures
342
342
 
343
343
  case operator
344
344
  when "<"
data/lib/dependabot/python/file_updater/requirement_replacer.rb CHANGED
@@ -14,6 +14,8 @@ module Dependabot
14
14
  class RequirementReplacer
15
15
  PACKAGE_NOT_FOUND_ERROR = "PackageNotFoundError"
16
16
 
17
+ CERTIFICATE_VERIFY_FAILED = /CERTIFICATE_VERIFY_FAILED/
18
+
17
19
  def initialize(content:, dependency_name:, old_requirement:,
18
20
  new_requirement:, new_hash_version: nil, index_urls: nil)
19
21
  @content = content
@@ -153,6 +155,8 @@ module Dependabot
153
155
  args: args
154
156
  )
155
157
  rescue SharedHelpers::HelperSubprocessFailed => e
158
+ requirement_error_handler(e)
159
+
156
160
  raise unless e.message.include?("PackageNotFoundError")
157
161
 
158
162
  next
@@ -193,6 +197,17 @@ module Dependabot
193
197
  req1&.split(",")&.map { |r| r.gsub(/\s/, "") }&.sort ==
194
198
  req2&.split(",")&.map { |r| r.gsub(/\s/, "") }&.sort
195
199
  end
200
+
201
+ public
202
+
203
+ def requirement_error_handler(error)
204
+ Dependabot.logger.warn(error.message)
205
+
206
+ return unless error.message.match?(CERTIFICATE_VERIFY_FAILED)
207
+
208
+ msg = "Error resolving dependency."
209
+ raise DependencyFileNotResolvable, msg
210
+ end
196
211
  end
197
212
  end
198
213
  end
data/lib/dependabot/python/update_checker/poetry_version_resolver.rb CHANGED
@@ -369,6 +369,12 @@ module Dependabot
369
369
  server504: /504 Server Error/
370
370
  }.freeze, T::Hash[T.nilable(String), Regexp])
371
371
 
372
+ # invalid configuration in pyproject.toml
373
+ POETRY_VIRTUAL_ENV_CONFIG = %r{pypoetry/virtualenvs(.|\n)*list index out of range}
374
+
375
+ # error related to local project as dependency in pyproject.toml
376
+ ERR_LOCAL_PROJECT_PATH = /Path (?<path>.*) for (?<dep>.*) does not exist/
377
+
372
378
  sig do
373
379
  params(
374
380
  dependencies: Dependabot::Dependency,
@@ -418,6 +424,12 @@ module Dependabot
418
424
 
419
425
  raise DependencyFileNotResolvable, error.message if error.message.match(PYTHON_RANGE_NOT_SATISFIED)
420
426
 
427
+ if error.message.match(POETRY_VIRTUAL_ENV_CONFIG) || error.message.match(ERR_LOCAL_PROJECT_PATH)
428
+ msg = "Error while resolving pyproject.toml file"
429
+
430
+ raise DependencyFileNotResolvable, msg
431
+ end
432
+
421
433
  SERVER_ERROR_CODES.each do |(_error_codes, error_regex)|
422
434
  next unless error.message.match?(error_regex)
423
435
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.292.0
4
+ version: 0.293.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2025-01-09 00:00:00.000000000 Z
11
+ date: 2025-01-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.292.0
19
+ version: 0.293.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.292.0
26
+ version: 0.293.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -290,7 +290,7 @@ licenses:
290
290
  - MIT
291
291
  metadata:
292
292
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
293
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.292.0
293
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.293.0
294
294
  post_install_message:
295
295
  rdoc_options: []
296
296
  require_paths: