dependabot-python 0.278.0 → 0.279.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d31820f304270fd0a149ba358921e75fb606d2fcf37833ba4c2a7bf47cfd5d99
-  data.tar.gz: 26d8c68db0019f86443e3c3fb6f7abf25a5c0cc7518396908ddc7501bdba1a32
+  metadata.gz: a5bf717c8f68ca481074e67a3358e97f609347162e8ebdefb1b961af9b3d401b
+  data.tar.gz: b1565b6a609f5c0ed0aab1254cea234cd807c86bae05fcda662ebf2b13fbe480
 SHA512:
-  metadata.gz: cf44f64f791a08468dbf1dacdcc9e4cd704a6d645dabfe2b29fdc66e2d21562a0f39c84beaa96f9c7259fa305a16320c31145f27b41ac06c1b248f497c736a47
-  data.tar.gz: d35a9be545f81e2763e6cbbb7ef7b0a3b57bc5787be9b80c3ab8d4795b37f01a312cd90727a0b1bf0ace0382cbc0ef9fba1f144e97d7f1dc82a15794891d8d37
+  metadata.gz: 6d0928e2b3ec818b2de96783f85e25c3afd9df6c68e9aa10a85177a62e2794bad043b0dc6b174c8e5f5e020505c3e4a33d465e663aede6c7a23080acbf5b761f
+  data.tar.gz: 59598f676aff1150e4bd6db41c3911b05c0d056267309dedc1fa3bd49bce20d7d0e3d5c8a10e8d5838db14163fbae77461e7a7a7d3f705b539daa5b5b667c4ff

data/lib/dependabot/python/update_checker/poetry_version_resolver.rb

@@ -347,6 +347,15 @@ module Dependabot
       # dependency source link not accessible
       INVALID_LINK = /No valid distribution links found for package: "(?<dep>.*)" version: "(?<ver>.*)"/
 
+      # Python version range mentioned in .toml [tool.poetry.dependencies] python = "x.x" is not satisfied by dependency
+      PYTHON_RANGE_NOT_SATISFIED = /(?<dep>.*) requires Python (?<req_ver>.*), so it will not be satisfied for Python (?<men_ver>.*)/ # rubocop:disable Layout/LineLength
+
+      # package version mentioned in .toml not found in package index
+      PACKAGE_NOT_FOUND = /Package (?<pkg>.*) ((?<req_ver>.*)) not found./
+
+      # error code 401 while accessing registry
+      ERROR_401 = /401 Client Error/
+
       sig do
         params(
           dependencies: Dependabot::Dependency,
@@ -366,6 +375,15 @@ module Dependabot
       sig { returns(T::Array[Dependabot::DependencyFile]) }
       attr_reader :dependency_files
 
+      sig do
+        params(
+          url: T.nilable(String)
+        ).returns(String)
+      end
+      def sanitize_url(url)
+        T.must(url&.match(%r{^(?:https?://)?(?:[^@\n])?([^:/\n?]+)})).to_s
+      end
+
       public
 
       sig { params(error: Exception).void }
@@ -378,6 +396,17 @@ module Dependabot
 
           raise DependencyFileNotResolvable, msg
         end
+
+        if (msg = error.message.match(PACKAGE_NOT_FOUND))
+          raise DependencyFileNotResolvable, msg
+        end
+
+        raise DependencyFileNotResolvable, error.message if error.message.match(PYTHON_RANGE_NOT_SATISFIED)
+
+        return unless error.message.match?(ERROR_401)
+
+        url = URI.extract(error.message).first.then { sanitize_url(_1) }
+        raise PrivateSourceAuthenticationFailure, url
       end
     end
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-python
 version: !ruby/object:Gem::Version
-  version: 0.278.0
+  version: 0.279.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-09-26 00:00:00.000000000 Z
+date: 2024-10-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.278.0
+        version: 0.279.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.278.0
+        version: 0.279.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -288,7 +288,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.278.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.279.0
 post_install_message: 
 rdoc_options: []
 require_paths: