dependabot-python 0.232.0 → 0.233.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/requirements.txt +1 -1
  3. data/lib/dependabot/python/language_version_manager.rb +2 -4
  4. data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb +12 -29
  5. data/lib/dependabot/python/version.rb +1 -1
  6. metadata +19 -19
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b5886958214d4e4d879641f0f831893f7ddcc95043922f72f8f9b61b247e9756
4
- data.tar.gz: 75e05d9010ce6e96864e008ce5b2cf5fc8a8f766cbca793e0bf1ff4b750df3c3
3
+ metadata.gz: 9e72b2862796bd2e8571fb863bbc10dced7f321a69e3374bac180022c732a9e3
4
+ data.tar.gz: fa2d9a1cbcba154b17b90b218a8c8ef8fdcdcb71e03ca2f223043c85a5dcf45a
5
5
  SHA512:
6
- metadata.gz: 05c42c61ef6b79ff28db63104ef0051385e5c7f7dc5650d8117fdff35468560526b3baa872a07c271365887f527650341768842e54cb0edcb608f990c34ac7b5
7
- data.tar.gz: 74f7155af34a6cd03f4259fab9707b26cf3cf20077e6a818e7c3fcb7206e812facfe8ce5d03c77be6dde553a37256ff208f7c582ddca41a5dce8b0b0aedd7892
6
+ metadata.gz: bbbc6def54658c3cd8ac101bef98977ec60d2e4bee7822dfdd8a8936cd2dc5df7bdff75cc22854bfce5d74a4aa1b67b45c0db79139fa4fffb25d73b30027db18
7
+ data.tar.gz: 9e48e19319380482db63e371d87acd2b03d2c0884aecf847f244dd8ee2f2c67610d6b60201a1085bbfc0f3a08a2431214fb8f539b2e4ac1d4ef02b6e20abd367
data/helpers/requirements.txt CHANGED
@@ -2,7 +2,7 @@ pip==23.2.1
2
2
  pip-tools==7.3.0
3
3
  flake8==6.1.0
4
4
  hashin==0.17.0
5
- pipenv==2022.4.8
5
+ pipenv==2023.8.28
6
6
  pipfile==0.0.2
7
7
  poetry==1.6.1
8
8
 
data/lib/dependabot/python/language_version_manager.rb CHANGED
@@ -62,10 +62,8 @@ module Dependabot
62
62
  return version if version
63
63
 
64
64
  # Otherwise we have to raise
65
- msg = "Dependabot detected the following Python requirement for your project: '#{python_requirement_string}'." \
66
- "\n\nCurrently, the following Python versions are supported in Dependabot: " \
67
- "#{PRE_INSTALLED_PYTHON_VERSIONS.map { |x| x.gsub(/\.\d+$/, '.*') }.join(', ')}."
68
- raise DependencyFileNotResolvable, msg
65
+ supported_versions = PRE_INSTALLED_PYTHON_VERSIONS.map { |x| x.gsub(/\.\d+$/, ".*") }.join(", ")
66
+ raise ToolVersionNotSupported.new("Python", python_requirement_string, supported_versions)
69
67
  end
70
68
 
71
69
  def user_specified_python_version
data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb CHANGED
@@ -29,20 +29,13 @@ module Dependabot
29
29
  # just raise if the latest version can't be resolved. Knowing that is
30
30
  # still better than nothing, though.
31
31
  class PipenvVersionResolver
32
- # rubocop:disable Layout/LineLength
33
- GIT_DEPENDENCY_UNREACHABLE_REGEX = /git clone -q (?<url>[^\s]+).* /
34
- GIT_REFERENCE_NOT_FOUND_REGEX = %r{git checkout -q (?<tag>[^\n"]+)\n?[^\n]*/(?<name>.*?)(\\n'\]|$)}m
35
- PIPENV_INSTALLATION_ERROR = "pipenv.patched.notpip._internal.exceptions.InstallationError: Command errored out" \
36
- " with exit status 1: python setup.py egg_info"
37
- TRACEBACK = "Traceback (most recent call last):"
32
+ GIT_DEPENDENCY_UNREACHABLE_REGEX = /git clone --filter=blob:none (?<url>[^\s]+).*/
33
+ GIT_REFERENCE_NOT_FOUND_REGEX = /git checkout -q (?<tag>[^\s]+).*/
34
+ PIPENV_INSTALLATION_ERROR = "python setup.py egg_info exited with 1"
38
35
  PIPENV_INSTALLATION_ERROR_REGEX =
39
- /#{Regexp.quote(TRACEBACK)}[\s\S]*^\s+import\s(?<name>.+)[\s\S]*^#{Regexp.quote(PIPENV_INSTALLATION_ERROR)}/
36
+ /[\s\S]*Collecting\s(?<name>.+)\s\(from\s-r.+\)[\s\S]*#{Regexp.quote(PIPENV_INSTALLATION_ERROR)}/
40
37
 
41
- UNSUPPORTED_DEPS = %w(pyobjc).freeze
42
- UNSUPPORTED_DEP_REGEX =
43
- /Could not find a version that satisfies the requirement.*(?:#{UNSUPPORTED_DEPS.join('|')})/
44
38
  PIPENV_RANGE_WARNING = /Warning:\sPython\s[<>].* was not found/
45
- # rubocop:enable Layout/LineLength
46
39
 
47
40
  DEPENDENCY_TYPES = %w(packages dev-packages).freeze
48
41
 
@@ -136,17 +129,6 @@ module Dependabot
136
129
  raise DependencyFileNotResolvable, msg
137
130
  end
138
131
 
139
- if error.message.match?(UNSUPPORTED_DEP_REGEX)
140
- msg = "Dependabot detected a dependency that can't be built on " \
141
- "linux. Currently, all Dependabot builds happen on linux " \
142
- "boxes, so there is no way for Dependabot to resolve your " \
143
- "dependency files.\n\n" \
144
- "Unless you think Dependabot has made a mistake (please " \
145
- "tag us if so) you may wish to disable Dependabot on this " \
146
- "repo."
147
- raise DependencyFileNotResolvable, msg
148
- end
149
-
150
132
  if error.message.match?(PIPENV_RANGE_WARNING)
151
133
  msg = "Pipenv does not support specifying Python ranges " \
152
134
  "(see https://github.com/pypa/pipenv/issues/1050 for more " \
@@ -183,18 +165,19 @@ module Dependabot
183
165
  return if error.message.match?(/#{Regexp.quote(dependency.name)}/i)
184
166
  end
185
167
 
168
+ if error.message.match?(GIT_REFERENCE_NOT_FOUND_REGEX)
169
+ tag = error.message.match(GIT_REFERENCE_NOT_FOUND_REGEX).named_captures.fetch("tag")
170
+ # Unfortunately the error message doesn't include the package name.
171
+ # TODO: Talk with pipenv maintainers about exposing the package name, it used to be part of the error output
172
+ raise GitDependencyReferenceNotFound, "(unknown package at #{tag})"
173
+ end
174
+
186
175
  if error.message.match?(GIT_DEPENDENCY_UNREACHABLE_REGEX)
187
176
  url = error.message.match(GIT_DEPENDENCY_UNREACHABLE_REGEX)
188
177
  .named_captures.fetch("url")
189
178
  raise GitDependenciesNotReachable, url
190
179
  end
191
180
 
192
- if error.message.match?(GIT_REFERENCE_NOT_FOUND_REGEX)
193
- name = error.message.match(GIT_REFERENCE_NOT_FOUND_REGEX)
194
- .named_captures.fetch("name")
195
- raise GitDependencyReferenceNotFound, name
196
- end
197
-
198
181
  raise unless error.message.include?("could not be resolved")
199
182
  end
200
183
  # rubocop:enable Metrics/CyclomaticComplexity
@@ -258,7 +241,7 @@ module Dependabot
258
241
  next false if l.start_with?("CRITICAL:")
259
242
  next false if l.start_with?("ERROR:")
260
243
  next false if l.start_with?("packaging.specifiers")
261
- next false if l.start_with?("pipenv.patched.notpip._internal")
244
+ next false if l.start_with?("pipenv.patched.pip._internal")
262
245
  next false if l.include?("Max retries exceeded")
263
246
 
264
247
  true
data/lib/dependabot/python/version.rb CHANGED
@@ -29,7 +29,7 @@ module Dependabot
29
29
 
30
30
  def initialize(version)
31
31
  @version_string = version.to_s
32
- version, @local_version = version.split("+")
32
+ version, @local_version = @version_string.split("+")
33
33
  version ||= ""
34
34
  version = version.gsub(/^v/, "")
35
35
  if version.include?("!")
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.232.0
4
+ version: 0.233.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-09-14 00:00:00.000000000 Z
11
+ date: 2023-10-06 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.232.0
19
+ version: 0.233.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.232.0
26
+ version: 0.233.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -52,20 +52,6 @@ dependencies:
52
52
  - - "~>"
53
53
  - !ruby/object:Gem::Version
54
54
  version: '2.0'
55
- - !ruby/object:Gem::Dependency
56
- name: parallel_tests
57
- requirement: !ruby/object:Gem::Requirement
58
- requirements:
59
- - - "~>"
60
- - !ruby/object:Gem::Version
61
- version: 4.2.0
62
- type: :development
63
- prerelease: false
64
- version_requirements: !ruby/object:Gem::Requirement
65
- requirements:
66
- - - "~>"
67
- - !ruby/object:Gem::Version
68
- version: 4.2.0
69
55
  - !ruby/object:Gem::Dependency
70
56
  name: rake
71
57
  requirement: !ruby/object:Gem::Requirement
@@ -164,6 +150,20 @@ dependencies:
164
150
  - - "~>"
165
151
  - !ruby/object:Gem::Version
166
152
  version: 0.2.16
153
+ - !ruby/object:Gem::Dependency
154
+ name: turbo_tests
155
+ requirement: !ruby/object:Gem::Requirement
156
+ requirements:
157
+ - - "~>"
158
+ - !ruby/object:Gem::Version
159
+ version: 2.2.0
160
+ type: :development
161
+ prerelease: false
162
+ version_requirements: !ruby/object:Gem::Requirement
163
+ requirements:
164
+ - - "~>"
165
+ - !ruby/object:Gem::Version
166
+ version: 2.2.0
167
167
  - !ruby/object:Gem::Dependency
168
168
  name: vcr
169
169
  requirement: !ruby/object:Gem::Requirement
@@ -245,7 +245,7 @@ licenses:
245
245
  - Nonstandard
246
246
  metadata:
247
247
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
248
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.232.0
248
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.233.0
249
249
  post_install_message:
250
250
  rdoc_options: []
251
251
  require_paths: