dependabot-python 0.215.0 → 0.216.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bb146c09fb17142425be804da23abdf95e938a9c8e70c8b95697ebdbc55f89c3
-  data.tar.gz: d0b61ca9973b582448c78edecb798b500806b6eb5805f7236ae87703255ad953
+  metadata.gz: 62df822653f41408461f72892b9886776c124a195af5569c6af9e3bdf044e93d
+  data.tar.gz: 8cba64f792d1be98900fe5136d549230d5156d487d07150e0356a147402c5ca3
 SHA512:
-  metadata.gz: e023894b96f723c3cf3d812a959b35f9a1d9de5b33981c2090af0b0ba259376e83f5dc728cd3e06c5f3aceb39c6ce1181e6ed8eb10d8d1d0a9e0e216698a24fa
-  data.tar.gz: bfeafe03ba027242f9a1327f1aee036768ea693cffb08e485062879829109f956dcd8b77b7a24c3bde2eb289b50d9b57717216a199e107df221c8a391de8ecea
+  metadata.gz: d8c60892487b523ca5879fd08f188dfabcd4d9c4ca17b3317accb3558a22a7731f53129616494230cf62138503e7aece5e9b304fe53bbd525e484197fe74f110
+  data.tar.gz: d7cfe8feb5f919ec01521377366c3716954f898361cc666a1df6384afc3389b9e6db9a92dd4c91cd25fa2e043cbd1aa5a71745d7c030a9627f7c434fcfee5731

data/helpers/build

@@ -18,8 +18,8 @@ cp -r \
   "$install_dir"
 
 cd "$install_dir"
-PYENV_VERSION=3.11.0 pyenv exec pip --disable-pip-version-check install --use-pep517 -r "requirements.txt"
-PYENV_VERSION=3.10.8 pyenv exec pip --disable-pip-version-check install --use-pep517 -r "requirements.txt"
-PYENV_VERSION=3.9.15 pyenv exec pip --disable-pip-version-check install --use-pep517 -r "requirements.txt"
-PYENV_VERSION=3.8.15 pyenv exec pip --disable-pip-version-check install --use-pep517 -r "requirements.txt"
-PYENV_VERSION=3.7.15 pyenv exec pip --disable-pip-version-check install --use-pep517 -r "requirements.txt"
+PYENV_VERSION=3.11.3 pyenv exec pip --disable-pip-version-check install --use-pep517 -r "requirements.txt"
+PYENV_VERSION=3.10.11 pyenv exec pip --disable-pip-version-check install --use-pep517 -r "requirements.txt"
+PYENV_VERSION=3.9.16 pyenv exec pip --disable-pip-version-check install --use-pep517 -r "requirements.txt"
+PYENV_VERSION=3.8.16 pyenv exec pip --disable-pip-version-check install --use-pep517 -r "requirements.txt"
+PYENV_VERSION=3.7.16 pyenv exec pip --disable-pip-version-check install --use-pep517 -r "requirements.txt"

data/helpers/build_for_version

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+set -e
+
+if [ -z "$DEPENDABOT_NATIVE_HELPERS_PATH" ]; then
+  echo "Unable to build, DEPENDABOT_NATIVE_HELPERS_PATH is not set"
+  exit 1
+fi
+
+install_dir="$DEPENDABOT_NATIVE_HELPERS_PATH/python"
+mkdir -p "$install_dir"
+
+helpers_dir="$(dirname "${BASH_SOURCE[0]}")"
+cp -r \
+  "$helpers_dir/lib" \
+  "$helpers_dir/run.py" \
+  "$helpers_dir/requirements.txt" \
+  "$install_dir"
+
+cd "$install_dir"
+PYENV_VERSION=$1 pyenv exec pip --disable-pip-version-check install --use-pep517 -r "requirements.txt"

data/helpers/requirements.txt

@@ -1,11 +1,10 @@
-pip>=21.3.1,<22.4.0  # Range maintains py36 support TODO: Review python 3.6 support in April 2023 (eol ubuntu 18.04)
-pip-tools>=6.4.0,<6.11.1  # Range maintains py36 support TODO: Review python 3.6 support in April 2023 (eol ubuntu 18.04)
-flake8==5.0.4
+pip>=21.3.1,<23.1.0  # Range maintains py36 support TODO: Review python 3.6 support in April 2023 (eol ubuntu 18.04)
+pip-tools>=6.4.0,<=6.12.3  # Range maintains py36 support TODO: Review python 3.6 support in April 2023 (eol ubuntu 18.04)
 hashin==0.17.0
 pipenv==2022.4.8
 pipfile==0.0.2
-poetry>=1.1.15,<1.3.0
+poetry>=1.1.15,<1.4.0
 wheel==0.37.1
 
 # Some dependencies will only install if Cython is present
-Cython==0.29.32
+Cython==0.29.34

data/lib/dependabot/python/file_parser/pyproject_files_parser.rb

@@ -48,22 +48,13 @@ module Dependabot
 
           POETRY_DEPENDENCY_TYPES.each do |type|
             deps_hash = parsed_pyproject.dig("tool", "poetry", type) || {}
-
-            deps_hash.each do |name, req|
-              next if normalise(name) == "python"
-
-              requirements = parse_requirements_from(req, type)
-              next if requirements.empty?
-
-              dependencies << Dependency.new(
-                name: normalise(name),
-                version: version_from_lockfile(name),
-                requirements: requirements,
-                package_manager: "pip"
-              )
-            end
+            dependencies += parse_poetry_dependencies(type, deps_hash)
           end
 
+          groups = parsed_pyproject.dig("tool", "poetry", "group") || {}
+          groups.each do |group, group_spec|
+            dependencies += parse_poetry_dependencies(group, group_spec["dependencies"])
+          end
           dependencies
         end
 
@@ -101,6 +92,25 @@ module Dependabot
           dependencies
         end
 
+        def parse_poetry_dependencies(type, deps_hash)
+          dependencies = Dependabot::FileParsers::Base::DependencySet.new
+
+          deps_hash.each do |name, req|
+            next if normalise(name) == "python"
+
+            requirements = parse_requirements_from(req, type)
+            next if requirements.empty?
+
+            dependencies << Dependency.new(
+              name: normalise(name),
+              version: version_from_lockfile(name),
+              requirements: requirements,
+              package_manager: "pip"
+            )
+          end
+          dependencies
+        end
+
         def normalised_name(name, extras)
           NameNormaliser.normalise_including_extras(name, extras)
         end
@@ -108,7 +118,7 @@ module Dependabot
         # @param req can be an Array, Hash or String that represents the constraints for a dependency
         def parse_requirements_from(req, type)
           [req].flatten.compact.filter_map do |requirement|
-            next if requirement.is_a?(Hash) && (UNSUPPORTED_DEPENDENCY_TYPES & requirement.keys).any?
+            next if requirement.is_a?(Hash) && UNSUPPORTED_DEPENDENCY_TYPES.intersect?(requirement.keys)
 
             check_requirements(requirement)
 

data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb

@@ -7,7 +7,7 @@ require "dependabot/python/file_fetcher"
 require "dependabot/python/file_parser/python_requirement_parser"
 require "dependabot/python/file_updater"
 require "dependabot/shared_helpers"
-require "dependabot/python/helpers"
+require "dependabot/python/language_version_manager"
 require "dependabot/python/native_helpers"
 require "dependabot/python/python_versions"
 require "dependabot/python/name_normaliser"
@@ -26,6 +26,7 @@ module Dependabot
         INCOMPATIBLE_VERSIONS_REGEX = /There are incompatible versions in the resolved dependencies:.*\z/m
         WARNINGS = /\s*# WARNING:.*\Z/m
         UNSAFE_NOTE = /\s*# The following packages are considered to be unsafe.*\Z/m
+        RESOLVER_REGEX = /(?<=--resolver=)(\w+)/
 
         attr_reader :dependencies, :dependency_files, :credentials
 
@@ -66,7 +67,7 @@ module Dependabot
         def compile_new_requirement_files
           SharedHelpers.in_a_temporary_directory do
             write_updated_dependency_files
-            Helpers.install_required_python(python_version)
+            language_version_manager.install_required_python
 
             filenames_to_compile.each do |filename|
               # Shell out to pip-compile, generate a new set of requirements.
@@ -176,7 +177,7 @@ module Dependabot
 
         def run_pip_compile_command(command, allow_unsafe_shell_command: false, fingerprint:)
           run_command(
-            "pyenv local #{Helpers.python_major_minor(python_version)}",
+            "pyenv local #{language_version_manager.python_major_minor}",
             fingerprint: "pyenv local <python_major_minor>"
           )
 
@@ -210,7 +211,7 @@ module Dependabot
           end
 
           # Overwrite the .python-version with updated content
-          File.write(".python-version", Helpers.python_major_minor(python_version))
+          File.write(".python-version", language_version_manager.python_major_minor)
 
           setup_files.each do |file|
             path = file.name
@@ -441,6 +442,10 @@ module Dependabot
 
           options << "--strip-extras" if requirements_file.content.include?("--strip-extras")
 
+          if (resolver = RESOLVER_REGEX.match(requirements_file.content))
+            options << "--resolver=#{resolver}"
+          end
+
           options
         end
 
@@ -517,9 +522,9 @@ module Dependabot
           while (remaining_filenames = filenames - ordered_filenames).any?
             ordered_filenames +=
               remaining_filenames.
-              select do |fn|
+              reject do |fn|
                 unupdated_reqs = requirement_map[fn] - ordered_filenames
-                (unupdated_reqs & filenames).empty?
+                unupdated_reqs.intersect?(filenames)
               end
           end
 
@@ -545,41 +550,6 @@ module Dependabot
             end
         end
 
-        def python_version
-          @python_version ||=
-            user_specified_python_version ||
-            python_version_matching_imputed_requirements ||
-            PythonVersions::PRE_INSTALLED_PYTHON_VERSIONS.first
-        end
-
-        def user_specified_python_version
-          return unless python_requirement_parser.user_specified_requirements.any?
-
-          user_specified_requirements =
-            python_requirement_parser.user_specified_requirements.
-            map { |r| Python::Requirement.requirements_array(r) }
-          python_version_matching(user_specified_requirements)
-        end
-
-        def python_version_matching_imputed_requirements
-          compiled_file_python_requirement_markers =
-            python_requirement_parser.imputed_requirements.map do |r|
-              Dependabot::Python::Requirement.new(r)
-            end
-          python_version_matching(compiled_file_python_requirement_markers)
-        end
-
-        def python_version_matching(requirements)
-          PythonVersions::SUPPORTED_VERSIONS_TO_ITERATE.find do |version_string|
-            version = Python::Version.new(version_string)
-            requirements.all? do |req|
-              next req.any? { |r| r.satisfied_by?(version) } if req.is_a?(Array)
-
-              req.satisfied_by?(version)
-            end
-          end
-        end
-
         def python_requirement_parser
           @python_requirement_parser ||=
             FileParser::PythonRequirementParser.new(
@@ -587,8 +557,11 @@ module Dependabot
             )
         end
 
-        def pre_installed_python?(version)
-          PythonVersions::PRE_INSTALLED_PYTHON_VERSIONS.include?(version)
+        def language_version_manager
+          @language_version_manager ||=
+            LanguageVersionManager.new(
+              python_requirement_parser: python_requirement_parser
+            )
         end
 
         def setup_files

data/lib/dependabot/python/file_updater/pipfile_file_updater.rb

@@ -6,6 +6,7 @@ require "dependabot/dependency"
 require "dependabot/python/requirement_parser"
 require "dependabot/python/file_parser/python_requirement_parser"
 require "dependabot/python/file_updater"
+require "dependabot/python/language_version_manager"
 require "dependabot/shared_helpers"
 require "dependabot/python/native_helpers"
 require "dependabot/python/name_normaliser"
@@ -146,7 +147,7 @@ module Dependabot
         def update_python_requirement(pipfile_content)
           PipfilePreparer.
             new(pipfile_content: pipfile_content).
-            update_python_requirement(Helpers.python_major_minor(python_version))
+            update_python_requirement(language_version_manager.python_major_minor)
         end
 
         # rubocop:disable Metrics/PerceivedComplexity
@@ -198,10 +199,6 @@ module Dependabot
                 write_temporary_dependency_files(prepared_pipfile_content)
                 install_required_python
 
-                # Initialize a git repo to appease pip-tools
-                command = SharedHelpers.escape_command("git init")
-                IO.popen(command, err: %i(child out)) if setup_files.any?
-
                 run_pipenv_command(
                   "pyenv exec pipenv lock"
                 )
@@ -271,7 +268,7 @@ module Dependabot
         end
 
         def run_pipenv_command(command, env: pipenv_env_variables)
-          run_command("pyenv local #{Helpers.python_major_minor(python_version)}")
+          run_command("pyenv local #{language_version_manager.python_major_minor}")
           run_command(command, env: env)
         end
 
@@ -283,7 +280,7 @@ module Dependabot
           end
 
           # Overwrite the .python-version with updated content
-          File.write(".python-version", Helpers.python_major_minor(python_version))
+          File.write(".python-version", language_version_manager.python_major_minor)
 
           setup_files.each do |file|
             path = file.name
@@ -309,7 +306,7 @@ module Dependabot
             nil
           end
 
-          Helpers.install_required_python(python_version)
+          language_version_manager.install_required_python
         end
 
         def sanitized_setup_file_content(file)
@@ -322,57 +319,6 @@ module Dependabot
             sanitized_content
         end
 
-        def python_version
-          @python_version ||= python_version_from_supported_versions
-        end
-
-        def python_version_from_supported_versions
-          requirement_string =
-            if @using_python_two then "2.7.*"
-            elsif user_specified_python_requirement
-              parts = user_specified_python_requirement.split(".")
-              parts.fill("*", (parts.length)..2).join(".")
-            else
-              PythonVersions::PRE_INSTALLED_PYTHON_VERSIONS.first
-            end
-
-          # Ideally, the requirement is satisfied by a Python version we support
-          requirement =
-            Python::Requirement.requirements_array(requirement_string).first
-          version =
-            PythonVersions::SUPPORTED_VERSIONS_TO_ITERATE.
-            find { |v| requirement.satisfied_by?(Python::Version.new(v)) }
-          return version if version
-
-          # If not, and changing the patch version would fix things, we do that
-          # as the patch version is unlikely to affect resolution
-          requirement =
-            Python::Requirement.new(requirement_string.gsub(/\.\d+$/, ".*"))
-          version =
-            PythonVersions::SUPPORTED_VERSIONS_TO_ITERATE.
-            find { |v| requirement.satisfied_by?(Python::Version.new(v)) }
-          return version if version
-
-          # Otherwise we have to raise, giving details of the Python versions
-          # that Dependabot supports
-          msg = "Dependabot detected the following Python requirement " \
-                "for your project: '#{requirement_string}'.\n\nCurrently, the " \
-                "following Python versions are supported in Dependabot: " \
-                "#{PythonVersions::SUPPORTED_VERSIONS.join(', ')}."
-          raise DependencyFileNotResolvable, msg
-        end
-
-        def user_specified_python_requirement
-          python_requirement_parser.user_specified_requirements.first
-        end
-
-        def python_requirement_parser
-          @python_requirement_parser ||=
-            FileParser::PythonRequirementParser.new(
-              dependency_files: dependency_files
-            )
-        end
-
         def setup_cfg(file)
           dependency_files.find do |f|
             f.name == file.name.sub(/\.py$/, ".cfg")
@@ -400,6 +346,20 @@ module Dependabot
           NameNormaliser.normalise(name)
         end
 
+        def python_requirement_parser
+          @python_requirement_parser ||=
+            FileParser::PythonRequirementParser.new(
+              dependency_files: dependency_files
+            )
+        end
+
+        def language_version_manager
+          @language_version_manager ||=
+            LanguageVersionManager.new(
+              python_requirement_parser: python_requirement_parser
+            )
+        end
+
         def parsed_lockfile
           @parsed_lockfile ||= JSON.parse(lockfile.content)
         end

data/lib/dependabot/python/file_updater/pipfile_preparer.rb

@@ -21,7 +21,7 @@ module Dependabot
           pipfile_object = TomlRB.parse(pipfile_content)
 
           pipfile_object["source"] =
-            pipfile_sources.reject { |h| h["url"].include?("${") } +
+            pipfile_sources.filter_map { |h| sub_auth_url(h, credentials) } +
             config_variable_sources(credentials)
 
           TomlRB.dump(pipfile_object)
@@ -114,6 +114,22 @@ module Dependabot
             map { |h| h.dup.merge("url" => h["url"].gsub(%r{/*$}, "") + "/") }
         end
 
+        def sub_auth_url(source, credentials)
+          if source["url"].include?("${")
+            base_url = source["url"].sub(/\${.*}@/, "")
+
+            source_cred = credentials.
+                          select { |cred| cred["type"] == "python_index" }.
+                          find { |c| c["index-url"].sub(/\${.*}@/, "") == base_url }
+
+            return nil if source_cred.nil?
+
+            source["url"] = AuthedUrlBuilder.authed_url(credential: source_cred)
+          end
+
+          source
+        end
+
         def config_variable_sources(credentials)
           @config_variable_sources ||=
             credentials.

data/lib/dependabot/python/file_updater/poetry_file_updater.rb

@@ -4,7 +4,7 @@ require "toml-rb"
 require "open3"
 require "dependabot/dependency"
 require "dependabot/shared_helpers"
-require "dependabot/python/helpers"
+require "dependabot/python/language_version_manager"
 require "dependabot/python/version"
 require "dependabot/python/requirement"
 require "dependabot/python/python_versions"
@@ -75,10 +75,17 @@ module Dependabot
                 find { |r| r[:file] == pyproject.name }.
                 fetch(:requirement)
 
-              updated_content =
-                content.gsub(declaration_regex(dep)) do |line|
-                  line.gsub(old_req, updated_requirement)
-                end
+              declaration_regex = declaration_regex(dep)
+              updated_content = if content.match?(declaration_regex)
+                                  content.gsub(declaration_regex(dep)) do |match|
+                                    match.gsub(old_req, updated_requirement)
+                                  end
+                                else
+                                  content.gsub(table_declaration_regex(dep)) do |match|
+                                    match.gsub(/(\s*version\s*=\s*["'])#{Regexp.escape(old_req)}/,
+                                               '\1' + updated_requirement)
+                                  end
+                                end
 
               raise "Content did not change!" if content == updated_content
 
@@ -135,7 +142,7 @@ module Dependabot
         def update_python_requirement(pyproject_content)
           PyprojectPreparer.
             new(pyproject_content: pyproject_content).
-            update_python_requirement(Helpers.python_major_minor(python_version))
+            update_python_requirement(language_version_manager.python_major_minor)
         end
 
         def lock_declaration_to_new_version!(poetry_object, dep)
@@ -178,10 +185,10 @@ module Dependabot
               write_temporary_dependency_files(pyproject_content)
               add_auth_env_vars
 
-              Helpers.install_required_python(python_version)
+              language_version_manager.install_required_python
 
               # use system git instead of the pure Python dulwich
-              unless python_version&.start_with?("3.6")
+              unless language_version_manager.python_version&.start_with?("3.6")
                 run_poetry_command("pyenv exec poetry config experimental.system-git-client true")
               end
 
@@ -232,7 +239,7 @@ module Dependabot
           end
 
           # Overwrite the .python-version with updated content
-          File.write(".python-version", Helpers.python_major_minor(python_version)) if python_version
+          File.write(".python-version", language_version_manager.python_major_minor)
 
           # Overwrite the pyproject with updated content
           File.write("pyproject.toml", pyproject_content)
@@ -244,29 +251,6 @@ module Dependabot
             add_auth_env_vars(credentials)
         end
 
-        def python_version
-          requirements = python_requirement_parser.user_specified_requirements
-          requirements = requirements.
-                         map { |r| Python::Requirement.requirements_array(r) }
-
-          PythonVersions::SUPPORTED_VERSIONS_TO_ITERATE.find do |version|
-            requirements.all? do |reqs|
-              reqs.any? { |r| r.satisfied_by?(Python::Version.new(version)) }
-            end
-          end
-        end
-
-        def python_requirement_parser
-          @python_requirement_parser ||=
-            FileParser::PythonRequirementParser.new(
-              dependency_files: dependency_files
-            )
-        end
-
-        def pre_installed_python?(version)
-          PythonVersions::PRE_INSTALLED_PYTHON_VERSIONS.include?(version)
-        end
-
         def pyproject_hash_for(pyproject_content)
           SharedHelpers.in_a_temporary_directory do |dir|
             SharedHelpers.with_git_configured(credentials: credentials) do
@@ -282,8 +266,15 @@ module Dependabot
         end
 
         def declaration_regex(dep)
-          escaped_name = Regexp.escape(dep.name).gsub("\\-", "[-_.]")
-          /(?:^\s*|["'])#{escaped_name}["']?\s*=.*$/i
+          /(?:^\s*|["'])#{escape(dep)}["']?\s*=.*$/i
+        end
+
+        def table_declaration_regex(dep)
+          /tool\.poetry\.[^\n]+\.#{escape(dep)}\]\n.*?\s*version\s* =.*?\n/m
+        end
+
+        def escape(dep)
+          Regexp.escape(dep.name).gsub("\\-", "[-_.]")
         end
 
         def file_changed?(file)
@@ -307,6 +298,20 @@ module Dependabot
           NameNormaliser.normalise(name)
         end
 
+        def python_requirement_parser
+          @python_requirement_parser ||=
+            FileParser::PythonRequirementParser.new(
+              dependency_files: dependency_files
+            )
+        end
+
+        def language_version_manager
+          @language_version_manager ||=
+            LanguageVersionManager.new(
+              python_requirement_parser: python_requirement_parser
+            )
+        end
+
         def pyproject
           @pyproject ||=
             dependency_files.find { |f| f.name == "pyproject.toml" }

data/lib/dependabot/python/language_version_manager.rb

@@ -0,0 +1,115 @@
+# frozen_string_literal: true
+
+require "dependabot/logger"
+require "dependabot/python/version"
+
+module Dependabot
+  module Python
+    class LanguageVersionManager
+      def initialize(python_requirement_parser:)
+        @python_requirement_parser = python_requirement_parser
+      end
+
+      def install_required_python
+        # The leading space is important in the version check
+        return if SharedHelpers.run_shell_command("pyenv versions").include?(" #{python_major_minor}.")
+
+        if File.exist?("/usr/local/.pyenv/#{python_major_minor}.tar.gz")
+          SharedHelpers.run_shell_command(
+            "tar xzf /usr/local/.pyenv/#{python_major_minor}.tar.gz -C /usr/local/.pyenv/"
+          )
+          return if SharedHelpers.run_shell_command("pyenv versions").
+                    include?(" #{python_major_minor}.")
+        end
+
+        Dependabot.logger.info("Installing required Python #{python_version}.")
+        start = Time.now
+        SharedHelpers.run_shell_command("pyenv install -s #{python_version}")
+        SharedHelpers.run_shell_command("pyenv exec pip install --upgrade pip")
+        SharedHelpers.run_shell_command("pyenv exec pip install -r" \
+                                        "#{NativeHelpers.python_requirements_path}")
+        time_taken = Time.now - start
+        Dependabot.logger.info("Installing Python #{python_version} took #{time_taken}s.")
+      end
+
+      def python_major_minor
+        @python ||= Python::Version.new(python_version)
+        "#{@python.segments[0]}.#{@python.segments[1]}"
+      end
+
+      def python_version
+        @python_version ||= python_version_from_supported_versions
+      end
+
+      def python_requirement_string
+        if user_specified_python_version
+          if user_specified_python_version.start_with?(/\d/)
+            parts = user_specified_python_version.split(".")
+            parts.fill("*", (parts.length)..2).join(".")
+          else
+            user_specified_python_version
+          end
+        elsif python_version_matching_imputed_requirements
+          python_version_matching_imputed_requirements
+        else
+          PythonVersions::PRE_INSTALLED_PYTHON_VERSIONS.first
+        end
+      end
+
+      def python_version_from_supported_versions
+        requirement_string = python_requirement_string
+
+        # Ideally, the requirement is satisfied by a Python version we support
+        requirement =
+          Python::Requirement.requirements_array(requirement_string).first
+        version =
+          PythonVersions::SUPPORTED_VERSIONS_TO_ITERATE.
+          find { |v| requirement.satisfied_by?(Python::Version.new(v)) }
+        return version if version
+
+        # If not, and we're dealing with a simple version string
+        # and changing the patch version would fix things, we do that
+        # as the patch version is unlikely to affect resolution
+        if requirement_string.start_with?(/\d/)
+          requirement =
+            Python::Requirement.new(requirement_string.gsub(/\.\d+$/, ".*"))
+          version =
+            PythonVersions::SUPPORTED_VERSIONS_TO_ITERATE.
+            find { |v| requirement.satisfied_by?(Python::Version.new(v)) }
+          return version if version
+        end
+
+        # Otherwise we have to raise, giving details of the Python versions
+        # that Dependabot supports
+        msg = "Dependabot detected the following Python requirement " \
+              "for your project: '#{requirement_string}'.\n\nCurrently, the " \
+              "following Python versions are supported in Dependabot: " \
+              "#{PythonVersions::SUPPORTED_VERSIONS.join(', ')}."
+        raise DependencyFileNotResolvable, msg
+      end
+
+      def user_specified_python_version
+        @python_requirement_parser.user_specified_requirements.first
+      end
+
+      def python_version_matching_imputed_requirements
+        compiled_file_python_requirement_markers =
+          @python_requirement_parser.imputed_requirements.map do |r|
+            Dependabot::Python::Requirement.new(r)
+          end
+        python_version_matching(compiled_file_python_requirement_markers)
+      end
+
+      def python_version_matching(requirements)
+        PythonVersions::SUPPORTED_VERSIONS_TO_ITERATE.find do |version_string|
+          version = Python::Version.new(version_string)
+          requirements.all? do |req|
+            next req.any? { |r| r.satisfied_by?(version) } if req.is_a?(Array)
+
+            req.satisfied_by?(version)
+          end
+        end
+      end
+    end
+  end
+end