Stop coercing Pipfile source URL's to have trailing slashes #7783
Conversation
d69e04d to
edd027f
Compare
|
@jeffwidman That makes sense to me and my take is that if the source URL were in the Pipfile or lockfile in a format that wasn't workable for the user, they wouldn't be able to resolve any packages from that index and so I think an issue would already have been raised. That being said, we can add additional validations/coercing/error reporting if determined its currently lacking in this area. |
👍 Yeah that was my thought too... this method only pulls sources from the In fact the opposite would be worse! If the native package manager (in this case |
injects. And typically our first debugging step is tell someone "Did you try running the package manager without edd027f to
0be5778
Compare
I had to stare at this code golf for a little bit to realize that it's enforcing that every source URL in a `Pipfile` has one-and-only-one trailing slash. I started to tweak it a little to make it more readable, but I decided instead that this is business we really shouldn't be in... Dependabot is the tool that runs the package manager, not the package manager itself. So if a package manager doesn't like a URL that lacks a trailing slash, it should be the one handling the coercing or raising the error, and then we transparently forward that to the user. There are some use cases where we need to handle URL normalization for deduping purposes within Dependabot internals, but I poked around a bit and as far as I can tell they don't apply here. So let's trust the user / package managers to do the right thing (which may mean giving us a clear error).
0be5778 to
1ffc528
Compare
I had to stare at this code golf for a little bit to realize that it's enforcing that every source URL has one-and-only-one trailing slash.
I started to tweak it a little to make it more readable, but I decided instead that this is business we really shouldn't be in... Dependabot is the tool that runs the package manager, not the package manager itself.
So if a package manager doesn't like a URL that lacks a trailing slash, it should be the one handling the coercing or raising the error, and then we transparently forward that to the user.
There are some use cases where we need to handle URL normalization for deduping purposes within Dependabot internals, but I poked around a bit and as far as I can tell they don't apply here.
So let's trust the user / package managers to do the right thing (which may mean giving us a clear error).