dependabot-python 0.161.0 → 0.162.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/python/file_parser/poetry_files_parser.rb +26 -16
  3. data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb +10 -1
  4. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: faab0455fa73aa94319a31d4c93c10c788f0eddcfe4a3e702e758e004b015f1b
4
- data.tar.gz: c2f2ad51b1cc5a365512216dc45db628e95ad8ead4d3cdc0c9884a3beccaf7a8
3
+ metadata.gz: da6c3e736ee8f02776fedf5695346709bac95b3097c10d2dde5bc5a6d905f676
4
+ data.tar.gz: 87f853c530208503b2d323c521ec91dbc634ed3595b714332052d4cd1083530e
5
5
  SHA512:
6
- metadata.gz: 8b42f40ea6357727b6d3944eaef512f1db2917f9c0a1f6ee2dd95dd709cdfae0d141b7c9cfe35639c4b9f8c8e119f803df30d9a09677f8803014fd44ef22e4e7
7
- data.tar.gz: a31092cbcfeb2a7738e03a06a8c41570be349d2f9a3813e24988fb3dde766aacdef0242b4dab5ea5250504f01bf87da72771e49a043514d037d19ec21d5ca817
6
+ metadata.gz: 800369a7807ec5847859c5b0632cd406d63f99b3e107b93d2b6a4cdb493b73272277e2cdef59d5ddc937482f84f1eceae4c24a816e8783cc3598489f6415d4af
7
+ data.tar.gz: 1c101bf1009882f6500c46c42ba2de3587fa0271a76d321881a4d36330c5875904af742a4b3426a8b6e0fc70f8e41f594eced1618547063c93ef0a6fba248912
data/lib/dependabot/python/file_parser/poetry_files_parser.rb CHANGED
@@ -43,28 +43,38 @@ module Dependabot
43
43
 
44
44
  deps_hash.each do |name, req|
45
45
  next if normalise(name) == "python"
46
- next if req.is_a?(Hash) && UNSUPPORTED_DEPENDENCY_TYPES.any? { |t| req.key?(t) }
47
-
48
- check_requirements(req)
49
-
50
- dependencies <<
51
- Dependency.new(
52
- name: normalise(name),
53
- version: version_from_lockfile(name),
54
- requirements: [{
55
- requirement: req.is_a?(String) ? req : req["version"],
56
- file: pyproject.name,
57
- source: nil,
58
- groups: [type]
59
- }],
60
- package_manager: "pip"
61
- )
46
+
47
+ requirements = parse_requirements_from(req, type)
48
+ next if requirements.empty?
49
+
50
+ dependencies << Dependency.new(
51
+ name: normalise(name),
52
+ version: version_from_lockfile(name),
53
+ requirements: requirements,
54
+ package_manager: "pip"
55
+ )
62
56
  end
63
57
  end
64
58
 
65
59
  dependencies
66
60
  end
67
61
 
62
+ # @param req can be an Array, Hash or String that represents the constraints for a dependency
63
+ def parse_requirements_from(req, type)
64
+ [req].flatten.compact.map do |requirement|
65
+ next if requirement.is_a?(Hash) && (UNSUPPORTED_DEPENDENCY_TYPES & requirement.keys).any?
66
+
67
+ check_requirements(requirement)
68
+
69
+ {
70
+ requirement: requirement.is_a?(String) ? requirement : requirement["version"],
71
+ file: pyproject.name,
72
+ source: nil,
73
+ groups: [type]
74
+ }
75
+ end.compact
76
+ end
77
+
68
78
  # Create a DependencySet where each element has no requirement. Any
69
79
  # requirements will be added when combining the DependencySet with
70
80
  # other DependencySets.
data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb CHANGED
@@ -22,6 +22,7 @@ module Dependabot
22
22
  require_relative "setup_file_sanitizer"
23
23
 
24
24
  UNSAFE_PACKAGES = %w(setuptools distribute pip).freeze
25
+ INCOMPATIBLE_VERSIONS_REGEX = /There are incompatible versions in the resolved dependencies:.*\z/m.freeze
25
26
  WARNINGS = /\s*# WARNING:.*\Z/m.freeze
26
27
  UNSAFE_NOTE =
27
28
  /\s*# The following packages are considered to be unsafe.*\Z/m.freeze
@@ -154,12 +155,20 @@ module Dependabot
154
155
 
155
156
  return stdout if process.success?
156
157
 
158
+ handle_pip_errors(stdout, command, time_taken, process.to_s)
159
+ end
160
+
161
+ def handle_pip_errors(stdout, command, time_taken, exit_value)
162
+ if stdout.match?(INCOMPATIBLE_VERSIONS_REGEX)
163
+ raise DependencyFileNotResolvable, stdout.match(INCOMPATIBLE_VERSIONS_REGEX)
164
+ end
165
+
157
166
  raise SharedHelpers::HelperSubprocessFailed.new(
158
167
  message: stdout,
159
168
  error_context: {
160
169
  command: command,
161
170
  time_taken: time_taken,
162
- process_exit_value: process.to_s
171
+ process_exit_value: exit_value
163
172
  }
164
173
  )
165
174
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.161.0
4
+ version: 0.162.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-09-01 00:00:00.000000000 Z
11
+ date: 2021-09-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.161.0
19
+ version: 0.162.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.161.0
26
+ version: 0.162.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement