RubyGems - dependabot-python - Versions diffs - 0.161.0 → 0.162.0 - Mend

dependabot-python 0.161.0 → 0.162.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

checksums.yaml +4 -4
data/lib/dependabot/python/file_parser/poetry_files_parser.rb +26 -16
data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb +10 -1
metadata +4 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: faab0455fa73aa94319a31d4c93c10c788f0eddcfe4a3e702e758e004b015f1b
-  data.tar.gz: c2f2ad51b1cc5a365512216dc45db628e95ad8ead4d3cdc0c9884a3beccaf7a8
+  metadata.gz: da6c3e736ee8f02776fedf5695346709bac95b3097c10d2dde5bc5a6d905f676
+  data.tar.gz: 87f853c530208503b2d323c521ec91dbc634ed3595b714332052d4cd1083530e
 SHA512:
-  metadata.gz: 8b42f40ea6357727b6d3944eaef512f1db2917f9c0a1f6ee2dd95dd709cdfae0d141b7c9cfe35639c4b9f8c8e119f803df30d9a09677f8803014fd44ef22e4e7
-  data.tar.gz: a31092cbcfeb2a7738e03a06a8c41570be349d2f9a3813e24988fb3dde766aacdef0242b4dab5ea5250504f01bf87da72771e49a043514d037d19ec21d5ca817
+  metadata.gz: 800369a7807ec5847859c5b0632cd406d63f99b3e107b93d2b6a4cdb493b73272277e2cdef59d5ddc937482f84f1eceae4c24a816e8783cc3598489f6415d4af
+  data.tar.gz: 1c101bf1009882f6500c46c42ba2de3587fa0271a76d321881a4d36330c5875904af742a4b3426a8b6e0fc70f8e41f594eced1618547063c93ef0a6fba248912

data/lib/dependabot/python/file_parser/poetry_files_parser.rb CHANGED Viewed

@@ -43,28 +43,38 @@ module Dependabot
             deps_hash.each do |name, req|
               next if normalise(name) == "python"
-              next if req.is_a?(Hash) && UNSUPPORTED_DEPENDENCY_TYPES.any? { |t| req.key?(t) }
-              check_requirements(req)
-              dependencies <<
-                Dependency.new(
-                  name: normalise(name),
-                  version: version_from_lockfile(name),
-                  requirements: [{
-                    requirement: req.is_a?(String) ? req : req["version"],
-                    file: pyproject.name,
-                    source: nil,
-                    groups: [type]
-                  }],
-                  package_manager: "pip"
-                )
+              requirements = parse_requirements_from(req, type)
+              next if requirements.empty?
+              dependencies << Dependency.new(
+                name: normalise(name),
+                version: version_from_lockfile(name),
+                requirements: requirements,
+                package_manager: "pip"
+              )
             end
           end
           dependencies
         end
+        # @param req can be an Array, Hash or String that represents the constraints for a dependency
+        def parse_requirements_from(req, type)
+          [req].flatten.compact.map do |requirement|
+            next if requirement.is_a?(Hash) && (UNSUPPORTED_DEPENDENCY_TYPES & requirement.keys).any?
+            check_requirements(requirement)
+            {
+              requirement: requirement.is_a?(String) ? requirement : requirement["version"],
+              file: pyproject.name,
+              source: nil,
+              groups: [type]
+            }
+          end.compact
+        end
         # Create a DependencySet where each element has no requirement. Any
         # requirements will be added when combining the DependencySet with
         # other DependencySets.

data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb CHANGED Viewed

@@ -22,6 +22,7 @@ module Dependabot
         require_relative "setup_file_sanitizer"
         UNSAFE_PACKAGES = %w(setuptools distribute pip).freeze
+        INCOMPATIBLE_VERSIONS_REGEX = /There are incompatible versions in the resolved dependencies:.*\z/m.freeze
         WARNINGS = /\s*# WARNING:.*\Z/m.freeze
         UNSAFE_NOTE =
           /\s*# The following packages are considered to be unsafe.*\Z/m.freeze
@@ -154,12 +155,20 @@ module Dependabot
           return stdout if process.success?
+          handle_pip_errors(stdout, command, time_taken, process.to_s)
+        end
+        def handle_pip_errors(stdout, command, time_taken, exit_value)
+          if stdout.match?(INCOMPATIBLE_VERSIONS_REGEX)
+            raise DependencyFileNotResolvable, stdout.match(INCOMPATIBLE_VERSIONS_REGEX)
+          end
           raise SharedHelpers::HelperSubprocessFailed.new(
             message: stdout,
             error_context: {
               command: command,
               time_taken: time_taken,
-              process_exit_value: process.to_s
+              process_exit_value: exit_value
             }
           )
         end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-python
 version: !ruby/object:Gem::Version
-  version: 0.161.0
+  version: 0.162.0
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-09-01 00:00:00.000000000 Z
+date: 2021-09-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.161.0
+        version: 0.162.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.161.0
+        version: 0.162.0
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement