dependabot-python 0.214.0 → 0.215.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/requirements.txt +1 -1
  3. data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb +33 -11
  4. data/lib/dependabot/python/file_updater/poetry_file_updater.rb +8 -4
  5. data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb +31 -7
  6. data/lib/dependabot/python/update_checker/poetry_version_resolver.rb +9 -5
  7. data/lib/dependabot/python/update_checker.rb +1 -1
  8. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 940ed0c4abf7f4d3a496321e4898ba9c123091d6539f86ef54d7ee74dadf3344
4
- data.tar.gz: 802abe558f75bc2e98f1b88e93be85fc48f8b71774a1ff37b8ea16311381f587
3
+ metadata.gz: bb146c09fb17142425be804da23abdf95e938a9c8e70c8b95697ebdbc55f89c3
4
+ data.tar.gz: d0b61ca9973b582448c78edecb798b500806b6eb5805f7236ae87703255ad953
5
5
  SHA512:
6
- metadata.gz: 523ff39717afd9636f3d2f3115d6953817ab01585e2e218233eb0439a7cc9e5ac620c4b28d429b35256530a32bff6e71a73ffdfd72587ba53c8b10b6a3070175
7
- data.tar.gz: a3d05a60ad4d1b08dfe8fed7cdac12384aa49fbb3ad130008bf4748ab710df9b20a8297c99f66e33bd672717b52be32c17434b2ed253fe4bb6556cfc87941b05
6
+ metadata.gz: e023894b96f723c3cf3d812a959b35f9a1d9de5b33981c2090af0b0ba259376e83f5dc728cd3e06c5f3aceb39c6ce1181e6ed8eb10d8d1d0a9e0e216698a24fa
7
+ data.tar.gz: bfeafe03ba027242f9a1327f1aee036768ea693cffb08e485062879829109f956dcd8b77b7a24c3bde2eb289b50d9b57717216a199e107df221c8a391de8ecea
data/helpers/requirements.txt CHANGED
@@ -1,5 +1,5 @@
1
1
  pip>=21.3.1,<22.4.0 # Range maintains py36 support TODO: Review python 3.6 support in April 2023 (eol ubuntu 18.04)
2
- pip-tools>=6.4.0,<6.10.1 # Range maintains py36 support TODO: Review python 3.6 support in April 2023 (eol ubuntu 18.04)
2
+ pip-tools>=6.4.0,<6.11.1 # Range maintains py36 support TODO: Review python 3.6 support in April 2023 (eol ubuntu 18.04)
3
3
  flake8==5.0.4
4
4
  hashin==0.17.0
5
5
  pipenv==2022.4.8
data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb CHANGED
@@ -71,15 +71,25 @@ module Dependabot
71
71
  filenames_to_compile.each do |filename|
72
72
  # Shell out to pip-compile, generate a new set of requirements.
73
73
  # This is slow, as pip-compile needs to do installs.
74
+ options = pip_compile_options(filename)
75
+ options_fingerprint = pip_compile_options_fingerprint(options)
76
+
74
77
  name_part = "pyenv exec pip-compile " \
75
- "#{pip_compile_options(filename)} -P " \
78
+ "#{options} -P " \
76
79
  "#{dependency.name}"
80
+ fingerprint_name_part = "pyenv exec pip-compile " \
81
+ "#{options_fingerprint} -P " \
82
+ "<dependency_name>"
83
+
77
84
  version_part = "#{dependency.version} #{filename}"
85
+ fingerprint_version_part = "<dependency_version> <filename>"
86
+
78
87
  # Don't escape pyenv `dep-name==version` syntax
79
88
  run_pip_compile_command(
80
89
  "#{SharedHelpers.escape_command(name_part)}==" \
81
90
  "#{SharedHelpers.escape_command(version_part)}",
82
- allow_unsafe_shell_command: true
91
+ allow_unsafe_shell_command: true,
92
+ fingerprint: "#{fingerprint_name_part}==#{fingerprint_version_part}"
83
93
  )
84
94
  end
85
95
 
@@ -137,7 +147,7 @@ module Dependabot
137
147
  ).updated_dependency_files
138
148
  end
139
149
 
140
- def run_command(cmd, env: python_env, allow_unsafe_shell_command: false)
150
+ def run_command(cmd, env: python_env, allow_unsafe_shell_command: false, fingerprint:)
141
151
  start = Time.now
142
152
  command = if allow_unsafe_shell_command
143
153
  cmd
@@ -149,10 +159,6 @@ module Dependabot
149
159
 
150
160
  return stdout if process.success?
151
161
 
152
- handle_pip_errors(stdout, command, time_taken, process.to_s)
153
- end
154
-
155
- def handle_pip_errors(stdout, command, time_taken, exit_value)
156
162
  if stdout.match?(INCOMPATIBLE_VERSIONS_REGEX)
157
163
  raise DependencyFileNotResolvable, stdout.match(INCOMPATIBLE_VERSIONS_REGEX)
158
164
  end
@@ -161,17 +167,23 @@ module Dependabot
161
167
  message: stdout,
162
168
  error_context: {
163
169
  command: command,
170
+ fingerprint: fingerprint,
164
171
  time_taken: time_taken,
165
- process_exit_value: exit_value
172
+ process_exit_value: process.to_s
166
173
  }
167
174
  )
168
175
  end
169
176
 
170
- def run_pip_compile_command(command, allow_unsafe_shell_command: false)
171
- run_command("pyenv local #{Helpers.python_major_minor(python_version)}")
177
+ def run_pip_compile_command(command, allow_unsafe_shell_command: false, fingerprint:)
178
+ run_command(
179
+ "pyenv local #{Helpers.python_major_minor(python_version)}",
180
+ fingerprint: "pyenv local <python_major_minor>"
181
+ )
182
+
172
183
  run_command(
173
184
  command,
174
- allow_unsafe_shell_command: allow_unsafe_shell_command
185
+ allow_unsafe_shell_command: allow_unsafe_shell_command,
186
+ fingerprint: fingerprint
175
187
  )
176
188
  end
177
189
 
@@ -391,6 +403,16 @@ module Dependabot
391
403
  current_separator || default_separator
392
404
  end
393
405
 
406
+ def pip_compile_options_fingerprint(options)
407
+ options.sub(
408
+ /--output-file=\S+/, "--output-file=<output_file>"
409
+ ).sub(
410
+ /--index-url=\S+/, "--index-url=<index_url>"
411
+ ).sub(
412
+ /--extra-index-url=\S+/, "--extra-index-url=<extra_index_url>"
413
+ )
414
+ end
415
+
394
416
  def pip_compile_options(filename)
395
417
  options = ["--build-isolation"]
396
418
  options += pip_compile_index_options
data/lib/dependabot/python/file_updater/poetry_file_updater.rb CHANGED
@@ -185,7 +185,7 @@ module Dependabot
185
185
  run_poetry_command("pyenv exec poetry config experimental.system-git-client true")
186
186
  end
187
187
 
188
- run_poetry_command(poetry_update_command)
188
+ run_poetry_update_command
189
189
 
190
190
  return File.read("poetry.lock") if File.exist?("poetry.lock")
191
191
 
@@ -196,11 +196,14 @@ module Dependabot
196
196
 
197
197
  # Using `--lock` avoids doing an install.
198
198
  # Using `--no-interaction` avoids asking for passwords.
199
- def poetry_update_command
200
- "pyenv exec poetry update #{dependency.name} --lock --no-interaction"
199
+ def run_poetry_update_command
200
+ run_poetry_command(
201
+ "pyenv exec poetry update #{dependency.name} --lock --no-interaction",
202
+ fingerprint: "pyenv exec poetry update <dependency_name> --lock --no-interaction"
203
+ )
201
204
  end
202
205
 
203
- def run_poetry_command(command)
206
+ def run_poetry_command(command, fingerprint: nil)
204
207
  start = Time.now
205
208
  command = SharedHelpers.escape_command(command)
206
209
  stdout, process = Open3.capture2e(command)
@@ -214,6 +217,7 @@ module Dependabot
214
217
  message: stdout,
215
218
  error_context: {
216
219
  command: command,
220
+ fingerprint: fingerprint,
217
221
  time_taken: time_taken,
218
222
  process_exit_value: process.to_s
219
223
  }
data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb CHANGED
@@ -76,8 +76,12 @@ module Dependabot
76
76
  filenames_to_compile.each do |filename|
77
77
  # Shell out to pip-compile.
78
78
  # This is slow, as pip-compile needs to do installs.
79
+ options = pip_compile_options(filename)
80
+ options_fingerprint = pip_compile_options_fingerprint(options)
81
+
79
82
  run_pip_compile_command(
80
- "pyenv exec pip-compile -v #{pip_compile_options(filename)} -P #{dependency.name} #{filename}"
83
+ "pyenv exec pip-compile -v #{options} -P #{dependency.name} #{filename}",
84
+ fingerprint: "pyenv exec pip-compile -v #{options_fingerprint} -P <dependency_name> <filename>"
81
85
  )
82
86
 
83
87
  next if dependency.top_level?
@@ -91,7 +95,8 @@ module Dependabot
91
95
  # update_not_possible.
92
96
  write_original_manifest_files
93
97
  run_pip_compile_command(
94
- "pyenv exec pip-compile #{pip_compile_options(filename)} #{filename}"
98
+ "pyenv exec pip-compile #{options} #{filename}",
99
+ fingerprint: "pyenv exec pip-compile #{options_fingerprint} <filename>"
95
100
  )
96
101
  end
97
102
 
@@ -183,8 +188,12 @@ module Dependabot
183
188
  write_temporary_dependency_files(update_requirement: false)
184
189
 
185
190
  filenames_to_compile.each do |filename|
191
+ options = pip_compile_options(filename)
192
+ options_fingerprint = pip_compile_options_fingerprint(options)
193
+
186
194
  run_pip_compile_command(
187
- "pyenv exec pip-compile #{pip_compile_options(filename)} #{filename}"
195
+ "pyenv exec pip-compile #{options} #{filename}",
196
+ fingerprint: "pyenv exec pip-compile #{options_fingerprint} <filename>"
188
197
  )
189
198
  end
190
199
 
@@ -204,7 +213,7 @@ module Dependabot
204
213
  end
205
214
  end
206
215
 
207
- def run_command(command, env: python_env)
216
+ def run_command(command, env: python_env, fingerprint:)
208
217
  start = Time.now
209
218
  command = SharedHelpers.escape_command(command)
210
219
  stdout, process = Open3.capture2e(env, command)
@@ -216,6 +225,7 @@ module Dependabot
216
225
  message: stdout,
217
226
  error_context: {
218
227
  command: command,
228
+ fingerprint: fingerprint,
219
229
  time_taken: time_taken,
220
230
  process_exit_value: process.to_s
221
231
  }
@@ -226,6 +236,16 @@ module Dependabot
226
236
  python_version >= Python::Version.new("3.7")
227
237
  end
228
238
 
239
+ def pip_compile_options_fingerprint(options)
240
+ options.sub(
241
+ /--output-file=\S+/, "--output-file=<output_file>"
242
+ ).sub(
243
+ /--index-url=\S+/, "--index-url=<index_url>"
244
+ ).sub(
245
+ /--extra-index-url=\S+/, "--extra-index-url=<extra_index_url>"
246
+ )
247
+ end
248
+
229
249
  def pip_compile_options(filename)
230
250
  options = @build_isolation ? ["--build-isolation"] : ["--no-build-isolation"]
231
251
  options += pip_compile_index_options
@@ -253,9 +273,13 @@ module Dependabot
253
273
  end
254
274
  end
255
275
 
256
- def run_pip_compile_command(command)
257
- run_command("pyenv local #{Helpers.python_major_minor(python_version)}")
258
- run_command(command)
276
+ def run_pip_compile_command(command, fingerprint:)
277
+ run_command(
278
+ "pyenv local #{Helpers.python_major_minor(python_version)}",
279
+ fingerprint: "pyenv local <python_major_minor>"
280
+ )
281
+
282
+ run_command(command, fingerprint: fingerprint)
259
283
  end
260
284
 
261
285
  def python_env
data/lib/dependabot/python/update_checker/poetry_version_resolver.rb CHANGED
@@ -100,7 +100,7 @@ module Dependabot
100
100
  end
101
101
 
102
102
  # Shell out to Poetry, which handles everything for us.
103
- run_poetry_command(poetry_update_command)
103
+ run_poetry_update_command
104
104
 
105
105
  updated_lockfile =
106
106
  if File.exist?("poetry.lock") then File.read("poetry.lock")
@@ -163,8 +163,11 @@ module Dependabot
163
163
 
164
164
  # Using `--lock` avoids doing an install.
165
165
  # Using `--no-interaction` avoids asking for passwords.
166
- def poetry_update_command
167
- "pyenv exec poetry update #{dependency.name} --lock --no-interaction"
166
+ def run_poetry_update_command
167
+ run_poetry_command(
168
+ "pyenv exec poetry update #{dependency.name} --lock --no-interaction",
169
+ fingerprint: "pyenv exec poetry update <dependency_name> --lock --no-interaction"
170
+ )
168
171
  end
169
172
 
170
173
  def check_original_requirements_resolvable
@@ -174,7 +177,7 @@ module Dependabot
174
177
  SharedHelpers.with_git_configured(credentials: credentials) do
175
178
  write_temporary_dependency_files(update_pyproject: false)
176
179
 
177
- run_poetry_command(poetry_update_command)
180
+ run_poetry_update_command
178
181
 
179
182
  @original_reqs_resolvable = true
180
183
  rescue SharedHelpers::HelperSubprocessFailed => e
@@ -331,7 +334,7 @@ module Dependabot
331
334
  poetry_lock || pyproject_lock
332
335
  end
333
336
 
334
- def run_poetry_command(command)
337
+ def run_poetry_command(command, fingerprint: nil)
335
338
  start = Time.now
336
339
  command = SharedHelpers.escape_command(command)
337
340
  stdout, process = Open3.capture2e(command)
@@ -345,6 +348,7 @@ module Dependabot
345
348
  message: stdout,
346
349
  error_context: {
347
350
  command: command,
351
+ fingerprint: fingerprint,
348
352
  time_taken: time_taken,
349
353
  process_exit_value: process.to_s
350
354
  }
data/lib/dependabot/python/update_checker.rb CHANGED
@@ -292,7 +292,7 @@ module Dependabot
292
292
 
293
293
  pypi_info = JSON.parse(index_response.body)["info"] || {}
294
294
  pypi_info["summary"] == library_details["description"]
295
- rescue Excon::Error::Timeout
295
+ rescue Excon::Error::Timeout, Excon::Error::Socket
296
296
  false
297
297
  rescue URI::InvalidURIError
298
298
  false
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.214.0
4
+ version: 0.215.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-12-01 00:00:00.000000000 Z
11
+ date: 2022-12-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.214.0
19
+ version: 0.215.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.214.0
26
+ version: 0.215.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement