dependabot-python 0.296.3 → 0.297.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/requirements.txt +0 -2
  3. data/lib/dependabot/python/file_parser/python_requirement_parser.rb +6 -0
  4. data/lib/dependabot/python/file_updater/pipfile_preparer.rb +2 -0
  5. data/lib/dependabot/python/language.rb +0 -2
  6. data/lib/dependabot/python/language_version_manager.rb +5 -6
  7. data/lib/dependabot/python/update_checker/poetry_version_resolver.rb +15 -0
  8. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 30df3a9523aa998ae6a3456b8e42c86dee464293e7ecc2d860c3b8edee2a169f
4
- data.tar.gz: 3ecf100ac4b853ec962475193ab09435976626e702da4776d6492b8207671234
3
+ metadata.gz: e54b9c94aaae7bb3492dfccb0543557bf933690b2188145507767ad1b744a883
4
+ data.tar.gz: 2e4b7f1f43c891382340aa61a742da9ff21dc6c0a5fe77f983f07bd40fd74e76
5
5
  SHA512:
6
- metadata.gz: 9e53ce08944626d4f823a73fc2eb3cfcec6b137cfec6b2900f5d59ba6bdaa130bfd3563b6ebefee8e9931619695375fdc96cf40ad5dc3d67afe86bd29c81c19b
7
- data.tar.gz: 893a7ab9d2456360e5ad8bdba9bed697d0a3e9d3fb61df285f2264068f105e20ea84630cec365f8cd82cf98e0cd639efc2cbebd08380629bd59768ba1ab1ee1f
6
+ metadata.gz: '03977c4b28c748e339de86459a4b5caaa3e5582b4398bcaccc5b929470cb9d32cd6a6cfc1be7ed7d997ecb34c0413da6beb57fe017185dc21d64b906f72a52e8'
7
+ data.tar.gz: 6e6e3f1b2dc114b9599294bb756a467a19293d8b280a63bd290c1435da0f4e59aa1bfb3a1d2fde2f4302747fda3aede88790a7db2e9135f72d6fb67b3c0a213b
data/helpers/requirements.txt CHANGED
@@ -1,8 +1,6 @@
1
1
  pip==24.0
2
2
  pip-tools==7.4.1
3
3
  flake8==7.1.0
4
- # TODO: Drop the conditions and use the latest version once we drop support for Python 3.8.
5
- hashin==1.0.2; python_version < '3.9'
6
4
  hashin==1.0.3; python_version >= '3.9'
7
5
  pipenv==2024.0.2
8
6
  plette==2.1.0
data/lib/dependabot/python/file_parser/python_requirement_parser.rb CHANGED
@@ -60,6 +60,12 @@ module Dependabot
60
60
  return unless pyproject
61
61
 
62
62
  pyproject_object = TomlRB.parse(pyproject.content)
63
+
64
+ # Check for PEP621 requires-python
65
+ pep621_python = pyproject_object.dig("project", "requires-python")
66
+ return pep621_python if pep621_python
67
+
68
+ # Fallback to Poetry configuration
63
69
  poetry_object = pyproject_object.dig("tool", "poetry")
64
70
 
65
71
  poetry_object&.dig("dependencies", "python") ||
data/lib/dependabot/python/file_updater/pipfile_preparer.rb CHANGED
@@ -49,6 +49,8 @@ module Dependabot
49
49
  pipfile_object = TomlRB.parse(pipfile_content)
50
50
  parsed_object = TomlRB.parse(parsed_file)
51
51
 
52
+ raise DependencyFileNotResolvable, "Unable to resolve pipfile." unless parsed_object["source"]
53
+
52
54
  # we parse the verify_ssl value from manifest if it exists
53
55
  verify_ssl = parsed_object["source"].map { |x| x["verify_ssl"] }.first
54
56
 
data/lib/dependabot/python/language.rb CHANGED
@@ -52,7 +52,6 @@ module Dependabot
52
52
  def deprecated?
53
53
  return false unless detected_version
54
54
  return false if unsupported?
55
- return false unless Dependabot::Experiments.enabled?(:python_3_8_deprecation_warning)
56
55
 
57
56
  deprecated_versions.include?(detected_version)
58
57
  end
@@ -60,7 +59,6 @@ module Dependabot
60
59
  sig { override.returns(T::Boolean) }
61
60
  def unsupported?
62
61
  return false unless detected_version
63
- return false unless Dependabot::Experiments.enabled?(:python_3_8_unsupported_error)
64
62
 
65
63
  supported_versions.all? { |supported| supported > detected_version }
66
64
  end
data/lib/dependabot/python/language_version_manager.rb CHANGED
@@ -11,12 +11,11 @@ module Dependabot
11
11
  extend T::Sig
12
12
  # This list must match the versions specified at the top of `python/Dockerfile`
13
13
  PRE_INSTALLED_PYTHON_VERSIONS = %w(
14
- 3.13.1
15
- 3.12.7
16
- 3.11.9
17
- 3.10.15
18
- 3.9.18
19
- 3.8.20
14
+ 3.13.2
15
+ 3.12.9
16
+ 3.11.11
17
+ 3.10.16
18
+ 3.9.21
20
19
  ).freeze
21
20
 
22
21
  sig { params(python_requirement_parser: T.untyped).void }
data/lib/dependabot/python/update_checker/poetry_version_resolver.rb CHANGED
@@ -382,6 +382,12 @@ module Dependabot
382
382
  time_out_inactivity: /Timed out due to inactivity/
383
383
  }.freeze, T::Hash[T.nilable(String), Regexp])
384
384
 
385
+ PACKAGE_RESOLVER_ERRORS = T.let({
386
+ package_info_error: /Unable to determine package info/,
387
+ self_dep_error: /Package '(?<path>.*)' is listed as a dependency of itself./,
388
+ incompatible_constraints: /Incompatible constraints in requirements/
389
+ }.freeze, T::Hash[T.nilable(String), Regexp])
390
+
385
391
  sig do
386
392
  params(
387
393
  dependencies: Dependabot::Dependency,
@@ -414,6 +420,7 @@ module Dependabot
414
420
 
415
421
  # rubocop:disable Metrics/AbcSize
416
422
  # rubocop:disable Metrics/PerceivedComplexity
423
+ # rubocop:disable Metrics/CyclomaticComplexity
417
424
  sig { params(error: Exception).void }
418
425
  def handle_poetry_error(error)
419
426
  Dependabot.logger.warn(error.message)
@@ -456,9 +463,17 @@ module Dependabot
456
463
  index_url = URI.extract(error.message.to_s).last .then { sanitize_url(_1) }
457
464
  raise PrivateSourceAuthenticationFailure, index_url
458
465
  end
466
+
467
+ PACKAGE_RESOLVER_ERRORS.each do |(_error_codes, error_regex)|
468
+ next unless error.message.match?(error_regex)
469
+
470
+ message = "Package solving failed while resolving manifest file"
471
+ raise DependencyFileNotResolvable, message
472
+ end
459
473
  end
460
474
  # rubocop:enable Metrics/AbcSize
461
475
  # rubocop:enable Metrics/PerceivedComplexity
476
+ # rubocop:enable Metrics/CyclomaticComplexity
462
477
  end
463
478
  end
464
479
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.296.3
4
+ version: 0.297.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2025-02-12 00:00:00.000000000 Z
11
+ date: 2025-02-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.296.3
19
+ version: 0.297.1
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.296.3
26
+ version: 0.297.1
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -290,7 +290,7 @@ licenses:
290
290
  - MIT
291
291
  metadata:
292
292
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
293
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.296.3
293
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.297.1
294
294
  post_install_message:
295
295
  rdoc_options: []
296
296
  require_paths: