Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependabot should properly handle PyPI sources that don't have a custom url field in pyproject.toml #7724

Closed
bdragon opened this issue Aug 4, 2023 · 0 comments · Fixed by #7499
Closed

Dependabot should properly handle PyPI sources that don't have a custom url field in pyproject.toml #7724

bdragon opened this issue Aug 4, 2023 · 0 comments · Fixed by #7499
Labels
Ecosystems Used by the maintainer team for internal-facing project tracking F: private-registries 💂‍♂️ Issues about using private registries with Dependabot; may be paired with an R: label. L: python:poetry Python packages via poetry python Dependabot pull requests that update Python code

Comments

@bdragon
Copy link
Contributor

bdragon commented Aug 4, 2023
edited
Loading

When reading pyproject.toml, Dependabot is expecting every tool.poetry.source entry to have a url field. As a result, if this field is omitted, Dependabot will fail while attempting to process a nil URL.

Poetry explicitly forbids the presence of the url field when the source is PyPI. Poetry will currently add PyPI as the default package source automatically if it's not specified, so it is possible to omit the entry altogether to get around the issue; however, in a future version of Poetry this will no longer be the case:

Screenshot 2023-08-04 at 11 07 26
@bdragon bdragon added L: python:poetry Python packages via poetry python Dependabot pull requests that update Python code labels Aug 4, 2023
@bdragon bdragon moved this to Untriaged in Dependabot Aug 4, 2023
@jeffwidman jeffwidman added F: private-registries 💂‍♂️ Issues about using private registries with Dependabot; may be paired with an R: label. Ecosystems Used by the maintainer team for internal-facing project tracking labels Aug 5, 2023
This was referenced Aug 21, 2023
Merged
Closed
@github-project-automation github-project-automation bot moved this from Untriaged to Done in Dependabot Aug 22, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Ecosystems Used by the maintainer team for internal-facing project tracking F: private-registries 💂‍♂️ Issues about using private registries with Dependabot; may be paired with an R: label. L: python:poetry Python packages via poetry python Dependabot pull requests that update Python code
Projects
Dependabot
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

python: Handle explicit PyPI source in pyproject.toml torarvid/dependabot-core
2 participants
@bdragon @jeffwidman