From 8e170a4e685631bd269fd57eba80cbecfcef2c22 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 31 Aug 2022 04:14:35 +0000 Subject: [PATCH 1/5] build(deps): bump poetry from 1.1.15 to 1.2.0 in /python/helpers Bumps [poetry](https://github.com/python-poetry/poetry) from 1.1.15 to 1.2.0. - [Release notes](https://github.com/python-poetry/poetry/releases) - [Changelog](https://github.com/python-poetry/poetry/blob/master/CHANGELOG.md) - [Commits](https://github.com/python-poetry/poetry/compare/1.1.15...1.2.0) --- updated-dependencies: - dependency-name: poetry dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- python/helpers/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/helpers/requirements.txt b/python/helpers/requirements.txt index 3b15e2d4d50..fd31fe614f5 100644 --- a/python/helpers/requirements.txt +++ b/python/helpers/requirements.txt @@ -4,7 +4,7 @@ flake8==5.0.4 hashin==0.17.0 pipenv==2022.4.8 pipfile==0.0.2 -poetry==1.1.15 +poetry==1.2.0 wheel==0.37.1 # Some dependencies will only install if Cython is present From 3dee50978974b6536cc8866d85fcdadca0d379f9 Mon Sep 17 00:00:00 2001 From: Tom Christensen Date: Wed, 31 Aug 2022 15:19:19 -0600 Subject: [PATCH 2/5] Fixing the output parsing as it has changed in poetry 1.2.0 --- python/helpers/requirements.txt | 2 +- .../update_checker/poetry_version_resolver.rb | 13 ++++++++----- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/python/helpers/requirements.txt b/python/helpers/requirements.txt index fd31fe614f5..4cae666d451 100644 --- a/python/helpers/requirements.txt +++ b/python/helpers/requirements.txt @@ -4,7 +4,7 @@ flake8==5.0.4 hashin==0.17.0 pipenv==2022.4.8 pipfile==0.0.2 -poetry==1.2.0 +poetry>=1.1.15,<=1.2.0 wheel==0.37.1 # Some dependencies will only install if Cython is present diff --git a/python/lib/dependabot/python/update_checker/poetry_version_resolver.rb b/python/lib/dependabot/python/update_checker/poetry_version_resolver.rb index 613441cd56c..d682054852b 100644 --- a/python/lib/dependabot/python/update_checker/poetry_version_resolver.rb +++ b/python/lib/dependabot/python/update_checker/poetry_version_resolver.rb @@ -61,7 +61,8 @@ def resolvable?(version:) false end rescue SharedHelpers::HelperSubprocessFailed => e - raise unless e.message.include?("SolverProblemError") + raise unless e.message.include?("SolverProblemError") || + e.message.include?("version solving failed.") @resolvable[version] = false end @@ -116,21 +117,22 @@ def fetch_version_from_parsed_lockfile(updated_lockfile) end def handle_poetry_errors(error) - if error.message.gsub(/\s/, "").match?(GIT_REFERENCE_NOT_FOUND_REGEX) + if error.message.gsub(/\s/, "").match?(GIT_REFERENCE_NOT_FOUND_REGEX) || error.message.include?("verify ref exists on remote.") message = error.message.gsub(/\s/, "") name = message.match(GIT_REFERENCE_NOT_FOUND_REGEX). named_captures.fetch("name") raise GitDependencyReferenceNotFound, name end - if error.message.match?(GIT_DEPENDENCY_UNREACHABLE_REGEX) + if error.message.match?(GIT_DEPENDENCY_UNREACHABLE_REGEX) || error.message.include?("check your git configuration and permissions") url = error.message.match(GIT_DEPENDENCY_UNREACHABLE_REGEX). named_captures.fetch("url") raise GitDependenciesNotReachable, url end raise unless error.message.include?("SolverProblemError") || - error.message.include?("PackageNotFound") + error.message.include?("PackageNotFound") || + error.message.include?("version solving failed.") check_original_requirements_resolvable @@ -161,7 +163,8 @@ def check_original_requirements_resolvable @original_reqs_resolvable = true rescue SharedHelpers::HelperSubprocessFailed => e raise unless e.message.include?("SolverProblemError") || - e.message.include?("PackageNotFound") + e.message.include?("PackageNotFound") || + e.message.include?("version solving failed.") msg = clean_error_message(e.message) raise DependencyFileNotResolvable, msg From 359e25e765b4ff3ba91db1c8a24c9b625626c0e4 Mon Sep 17 00:00:00 2001 From: Tom Christensen Date: Thu, 1 Sep 2022 06:20:58 -0600 Subject: [PATCH 3/5] rubocop --- .../python/update_checker/poetry_version_resolver.rb | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/python/lib/dependabot/python/update_checker/poetry_version_resolver.rb b/python/lib/dependabot/python/update_checker/poetry_version_resolver.rb index d682054852b..f436f5a4e2d 100644 --- a/python/lib/dependabot/python/update_checker/poetry_version_resolver.rb +++ b/python/lib/dependabot/python/update_checker/poetry_version_resolver.rb @@ -117,14 +117,16 @@ def fetch_version_from_parsed_lockfile(updated_lockfile) end def handle_poetry_errors(error) - if error.message.gsub(/\s/, "").match?(GIT_REFERENCE_NOT_FOUND_REGEX) || error.message.include?("verify ref exists on remote.") + if error.message.gsub(/\s/, "").match?(GIT_REFERENCE_NOT_FOUND_REGEX) || + error.message.include?("verify ref exists on remote.") message = error.message.gsub(/\s/, "") name = message.match(GIT_REFERENCE_NOT_FOUND_REGEX). named_captures.fetch("name") raise GitDependencyReferenceNotFound, name end - if error.message.match?(GIT_DEPENDENCY_UNREACHABLE_REGEX) || error.message.include?("check your git configuration and permissions") + if error.message.match?(GIT_DEPENDENCY_UNREACHABLE_REGEX) || + error.message.include?("check your git configuration and permissions") url = error.message.match(GIT_DEPENDENCY_UNREACHABLE_REGEX). named_captures.fetch("url") raise GitDependenciesNotReachable, url From d61e76b2736ffbfa140f9c91cfb7096deb0b0732 Mon Sep 17 00:00:00 2001 From: Tom Christensen Date: Thu, 1 Sep 2022 10:33:28 -0600 Subject: [PATCH 4/5] Update regex for poetry 1.2 output --- .../update_checker/poetry_version_resolver.rb | 44 ++++++++++++------- 1 file changed, 28 insertions(+), 16 deletions(-) diff --git a/python/lib/dependabot/python/update_checker/poetry_version_resolver.rb b/python/lib/dependabot/python/update_checker/poetry_version_resolver.rb index f436f5a4e2d..007b3ba65ff 100644 --- a/python/lib/dependabot/python/update_checker/poetry_version_resolver.rb +++ b/python/lib/dependabot/python/update_checker/poetry_version_resolver.rb @@ -3,6 +3,7 @@ require "excon" require "toml-rb" require "open3" +require "uri" require "dependabot/dependency" require "dependabot/errors" require "dependabot/shared_helpers" @@ -23,18 +24,26 @@ class UpdateChecker # This class does version resolution for pyproject.toml files. class PoetryVersionResolver GIT_REFERENCE_NOT_FOUND_REGEX = / - 'git'.*pypoetry-git-(?.+?).{8}', + (?:'git'.*pypoetry-git-(?.+?).{8}', 'checkout', '(?.+?)' - /x.freeze + | + ...Failedtoclone + (?.+?).gitat'(?.+?)', + verifyrefexistsonremote) + /x.freeze # TODO: remove the first clause and | when py3.6 support is EoL GIT_DEPENDENCY_UNREACHABLE_REGEX = / - '\['git', - \s+'clone', - \s+'--recurse-submodules', - \s+'(--)?', - \s+'(?.+?)'.* - \s+exit\s+status\s+128 - /mx.freeze + (?:'\['git', + \s+'clone', + \s+'--recurse-submodules', + \s+'(--)?', + \s+'(?.+?)'.* + \s+exit\s+status\s+128 + | + \s+Failed\sto\sclone + \s+(?.+?), + \s+check\syour\sgit\sconfiguration) + /mx.freeze # TODO: remove the first clause and | when py3.6 support is EoL attr_reader :dependency, :dependency_files, :credentials @@ -61,7 +70,7 @@ def resolvable?(version:) false end rescue SharedHelpers::HelperSubprocessFailed => e - raise unless e.message.include?("SolverProblemError") || + raise unless e.message.include?("SolverProblemError") || # TODO: Remove once py3.6 is EoL e.message.include?("version solving failed.") @resolvable[version] = false @@ -117,16 +126,19 @@ def fetch_version_from_parsed_lockfile(updated_lockfile) end def handle_poetry_errors(error) - if error.message.gsub(/\s/, "").match?(GIT_REFERENCE_NOT_FOUND_REGEX) || - error.message.include?("verify ref exists on remote.") + if error.message.gsub(/\s/, "").match?(GIT_REFERENCE_NOT_FOUND_REGEX) message = error.message.gsub(/\s/, "") - name = message.match(GIT_REFERENCE_NOT_FOUND_REGEX). - named_captures.fetch("name") + match = message.match(GIT_REFERENCE_NOT_FOUND_REGEX) + name = if (url = match.named_captures.fetch("url")) + File.basename(URI.parse(url).path) + else + message.match(GIT_REFERENCE_NOT_FOUND_REGEX). + named_captures.fetch("name") + end raise GitDependencyReferenceNotFound, name end - if error.message.match?(GIT_DEPENDENCY_UNREACHABLE_REGEX) || - error.message.include?("check your git configuration and permissions") + if error.message.match?(GIT_DEPENDENCY_UNREACHABLE_REGEX) url = error.message.match(GIT_DEPENDENCY_UNREACHABLE_REGEX). named_captures.fetch("url") raise GitDependenciesNotReachable, url From e8c893a5fabd64b1b0f7f7f4dc48a25f21b4bfe1 Mon Sep 17 00:00:00 2001 From: Tom Christensen Date: Thu, 1 Sep 2022 11:04:06 -0600 Subject: [PATCH 5/5] linting! --- .../dependabot/python/update_checker/poetry_version_resolver.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/lib/dependabot/python/update_checker/poetry_version_resolver.rb b/python/lib/dependabot/python/update_checker/poetry_version_resolver.rb index 007b3ba65ff..5a973af5c79 100644 --- a/python/lib/dependabot/python/update_checker/poetry_version_resolver.rb +++ b/python/lib/dependabot/python/update_checker/poetry_version_resolver.rb @@ -24,7 +24,7 @@ class UpdateChecker # This class does version resolution for pyproject.toml files. class PoetryVersionResolver GIT_REFERENCE_NOT_FOUND_REGEX = / - (?:'git'.*pypoetry-git-(?.+?).{8}', + (?:'git'.*pypoetry-git-(?.+?).{8}', 'checkout', '(?.+?)' |