dependabot-python 0.232.0 → 0.233.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/requirements.txt +1 -1
  3. data/lib/dependabot/python/language_version_manager.rb +2 -4
  4. data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb +12 -29
  5. data/lib/dependabot/python/version.rb +1 -1
  6. metadata +19 -19
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b5886958214d4e4d879641f0f831893f7ddcc95043922f72f8f9b61b247e9756
4
- data.tar.gz: 75e05d9010ce6e96864e008ce5b2cf5fc8a8f766cbca793e0bf1ff4b750df3c3
3
+ metadata.gz: 9e72b2862796bd2e8571fb863bbc10dced7f321a69e3374bac180022c732a9e3
4
+ data.tar.gz: fa2d9a1cbcba154b17b90b218a8c8ef8fdcdcb71e03ca2f223043c85a5dcf45a
5
5
  SHA512:
6
- metadata.gz: 05c42c61ef6b79ff28db63104ef0051385e5c7f7dc5650d8117fdff35468560526b3baa872a07c271365887f527650341768842e54cb0edcb608f990c34ac7b5
7
- data.tar.gz: 74f7155af34a6cd03f4259fab9707b26cf3cf20077e6a818e7c3fcb7206e812facfe8ce5d03c77be6dde553a37256ff208f7c582ddca41a5dce8b0b0aedd7892
6
+ metadata.gz: bbbc6def54658c3cd8ac101bef98977ec60d2e4bee7822dfdd8a8936cd2dc5df7bdff75cc22854bfce5d74a4aa1b67b45c0db79139fa4fffb25d73b30027db18
7
+ data.tar.gz: 9e48e19319380482db63e371d87acd2b03d2c0884aecf847f244dd8ee2f2c67610d6b60201a1085bbfc0f3a08a2431214fb8f539b2e4ac1d4ef02b6e20abd367
data/helpers/requirements.txt CHANGED
@@ -2,7 +2,7 @@ pip==23.2.1
2
2
  pip-tools==7.3.0
3
3
  flake8==6.1.0
4
4
  hashin==0.17.0
5
- pipenv==2022.4.8
5
+ pipenv==2023.8.28
6
6
  pipfile==0.0.2
7
7
  poetry==1.6.1
8
8
 
data/lib/dependabot/python/language_version_manager.rb CHANGED
@@ -62,10 +62,8 @@ module Dependabot
62
62
  return version if version
63
63
 
64
64
  # Otherwise we have to raise
65
- msg = "Dependabot detected the following Python requirement for your project: '#{python_requirement_string}'." \
66
- "\n\nCurrently, the following Python versions are supported in Dependabot: " \
67
- "#{PRE_INSTALLED_PYTHON_VERSIONS.map { |x| x.gsub(/\.\d+$/, '.*') }.join(', ')}."
68
- raise DependencyFileNotResolvable, msg
65
+ supported_versions = PRE_INSTALLED_PYTHON_VERSIONS.map { |x| x.gsub(/\.\d+$/, ".*") }.join(", ")
66
+ raise ToolVersionNotSupported.new("Python", python_requirement_string, supported_versions)
69
67
  end
70
68
 
71
69
  def user_specified_python_version
data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb CHANGED
@@ -29,20 +29,13 @@ module Dependabot
29
29
  # just raise if the latest version can't be resolved. Knowing that is
30
30
  # still better than nothing, though.
31
31
  class PipenvVersionResolver
32
- # rubocop:disable Layout/LineLength
33
- GIT_DEPENDENCY_UNREACHABLE_REGEX = /git clone -q (?<url>[^\s]+).* /
34
- GIT_REFERENCE_NOT_FOUND_REGEX = %r{git checkout -q (?<tag>[^\n"]+)\n?[^\n]*/(?<name>.*?)(\\n'\]|$)}m
35
- PIPENV_INSTALLATION_ERROR = "pipenv.patched.notpip._internal.exceptions.InstallationError: Command errored out" \
36
- " with exit status 1: python setup.py egg_info"
37
- TRACEBACK = "Traceback (most recent call last):"
32
+ GIT_DEPENDENCY_UNREACHABLE_REGEX = /git clone --filter=blob:none (?<url>[^\s]+).*/
33
+ GIT_REFERENCE_NOT_FOUND_REGEX = /git checkout -q (?<tag>[^\s]+).*/
34
+ PIPENV_INSTALLATION_ERROR = "python setup.py egg_info exited with 1"
38
35
  PIPENV_INSTALLATION_ERROR_REGEX =
39
- /#{Regexp.quote(TRACEBACK)}[\s\S]*^\s+import\s(?<name>.+)[\s\S]*^#{Regexp.quote(PIPENV_INSTALLATION_ERROR)}/
36
+ /[\s\S]*Collecting\s(?<name>.+)\s\(from\s-r.+\)[\s\S]*#{Regexp.quote(PIPENV_INSTALLATION_ERROR)}/
40
37
 
41
- UNSUPPORTED_DEPS = %w(pyobjc).freeze
42
- UNSUPPORTED_DEP_REGEX =
43
- /Could not find a version that satisfies the requirement.*(?:#{UNSUPPORTED_DEPS.join('|')})/
44
38
  PIPENV_RANGE_WARNING = /Warning:\sPython\s[<>].* was not found/
45
- # rubocop:enable Layout/LineLength
46
39
 
47
40
  DEPENDENCY_TYPES = %w(packages dev-packages).freeze
48
41
 
@@ -136,17 +129,6 @@ module Dependabot
136
129
  raise DependencyFileNotResolvable, msg
137
130
  end
138
131
 
139
- if error.message.match?(UNSUPPORTED_DEP_REGEX)
140
- msg = "Dependabot detected a dependency that can't be built on " \
141
- "linux. Currently, all Dependabot builds happen on linux " \
142
- "boxes, so there is no way for Dependabot to resolve your " \
143
- "dependency files.\n\n" \
144
- "Unless you think Dependabot has made a mistake (please " \
145
- "tag us if so) you may wish to disable Dependabot on this " \
146
- "repo."
147
- raise DependencyFileNotResolvable, msg
148
- end
149
-
150
132
  if error.message.match?(PIPENV_RANGE_WARNING)
151
133
  msg = "Pipenv does not support specifying Python ranges " \
152
134
  "(see https://github.com/pypa/pipenv/issues/1050 for more " \
@@ -183,18 +165,19 @@ module Dependabot
183
165
  return if error.message.match?(/#{Regexp.quote(dependency.name)}/i)
184
166
  end
185
167
 
168
+ if error.message.match?(GIT_REFERENCE_NOT_FOUND_REGEX)
169
+ tag = error.message.match(GIT_REFERENCE_NOT_FOUND_REGEX).named_captures.fetch("tag")
170
+ # Unfortunately the error message doesn't include the package name.
171
+ # TODO: Talk with pipenv maintainers about exposing the package name, it used to be part of the error output
172
+ raise GitDependencyReferenceNotFound, "(unknown package at #{tag})"
173
+ end
174
+
186
175
  if error.message.match?(GIT_DEPENDENCY_UNREACHABLE_REGEX)
187
176
  url = error.message.match(GIT_DEPENDENCY_UNREACHABLE_REGEX)
188
177
  .named_captures.fetch("url")
189
178
  raise GitDependenciesNotReachable, url
190
179
  end
191
180
 
192
- if error.message.match?(GIT_REFERENCE_NOT_FOUND_REGEX)
193
- name = error.message.match(GIT_REFERENCE_NOT_FOUND_REGEX)
194
- .named_captures.fetch("name")
195
- raise GitDependencyReferenceNotFound, name
196
- end
197
-
198
181
  raise unless error.message.include?("could not be resolved")
199
182
  end
200
183
  # rubocop:enable Metrics/CyclomaticComplexity
@@ -258,7 +241,7 @@ module Dependabot
258
241
  next false if l.start_with?("CRITICAL:")
259
242
  next false if l.start_with?("ERROR:")
260
243
  next false if l.start_with?("packaging.specifiers")
261
- next false if l.start_with?("pipenv.patched.notpip._internal")
244
+ next false if l.start_with?("pipenv.patched.pip._internal")
262
245
  next false if l.include?("Max retries exceeded")
263
246
 
264
247
  true
data/lib/dependabot/python/version.rb CHANGED
@@ -29,7 +29,7 @@ module Dependabot
29
29
 
30
30
  def initialize(version)
31
31
  @version_string = version.to_s
32
- version, @local_version = version.split("+")
32
+ version, @local_version = @version_string.split("+")
33
33
  version ||= ""
34
34
  version = version.gsub(/^v/, "")
35
35
  if version.include?("!")
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.232.0
4
+ version: 0.233.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-09-14 00:00:00.000000000 Z
11
+ date: 2023-10-06 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.232.0
19
+ version: 0.233.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.232.0
26
+ version: 0.233.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -52,20 +52,6 @@ dependencies:
52
52
  - - "~>"
53
53
  - !ruby/object:Gem::Version
54
54
  version: '2.0'
55
- - !ruby/object:Gem::Dependency
56
- name: parallel_tests
57
- requirement: !ruby/object:Gem::Requirement
58
- requirements:
59
- - - "~>"
60
- - !ruby/object:Gem::Version
61
- version: 4.2.0
62
- type: :development
63
- prerelease: false
64
- version_requirements: !ruby/object:Gem::Requirement
65
- requirements:
66
- - - "~>"
67
- - !ruby/object:Gem::Version
68
- version: 4.2.0
69
55
  - !ruby/object:Gem::Dependency
70
56
  name: rake
71
57
  requirement: !ruby/object:Gem::Requirement
@@ -164,6 +150,20 @@ dependencies:
164
150
  - - "~>"
165
151
  - !ruby/object:Gem::Version
166
152
  version: 0.2.16
153
+ - !ruby/object:Gem::Dependency
154
+ name: turbo_tests
155
+ requirement: !ruby/object:Gem::Requirement
156
+ requirements:
157
+ - - "~>"
158
+ - !ruby/object:Gem::Version
159
+ version: 2.2.0
160
+ type: :development
161
+ prerelease: false
162
+ version_requirements: !ruby/object:Gem::Requirement
163
+ requirements:
164
+ - - "~>"
165
+ - !ruby/object:Gem::Version
166
+ version: 2.2.0
167
167
  - !ruby/object:Gem::Dependency
168
168
  name: vcr
169
169
  requirement: !ruby/object:Gem::Requirement
@@ -245,7 +245,7 @@ licenses:
245
245
  - Nonstandard
246
246
  metadata:
247
247
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
248
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.232.0
248
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.233.0
249
249
  post_install_message:
250
250
  rdoc_options: []
251
251
  require_paths: