From a5540a3d191a1cc7e6ff3e3603ce632aa31cbb16 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Rodr=C3=ADguez?= Date: Thu, 17 Aug 2023 19:31:07 +0200 Subject: [PATCH 1/2] Fix yanked library problems not detected when lockfile is present --- .../update_checker/poetry_version_resolver.rb | 4 +- .../poetry_version_resolver_spec.rb | 69 ++++++---- .../git_dependency_bad_ref.lock | 119 ------------------ .../git_dependency_unreachable.lock | 119 ------------------ 4 files changed, 45 insertions(+), 266 deletions(-) delete mode 100644 python/spec/fixtures/pyproject_locks/git_dependency_bad_ref.lock delete mode 100644 python/spec/fixtures/pyproject_locks/git_dependency_unreachable.lock diff --git a/python/lib/dependabot/python/update_checker/poetry_version_resolver.rb b/python/lib/dependabot/python/update_checker/poetry_version_resolver.rb index 914d80b5ff..789452ec26 100644 --- a/python/lib/dependabot/python/update_checker/poetry_version_resolver.rb +++ b/python/lib/dependabot/python/update_checker/poetry_version_resolver.rb @@ -133,7 +133,7 @@ def handle_poetry_errors(error) end raise unless error.message.include?("SolverProblemError") || - error.message.include?("PackageNotFound") || + error.message.include?("not found") || error.message.include?("version solving failed.") check_original_requirements_resolvable @@ -168,7 +168,7 @@ def check_original_requirements_resolvable @original_reqs_resolvable = true rescue SharedHelpers::HelperSubprocessFailed => e raise unless e.message.include?("SolverProblemError") || - e.message.include?("PackageNotFound") || + e.message.include?("not found") || e.message.include?("version solving failed.") msg = clean_error_message(e.message) diff --git a/python/spec/dependabot/python/update_checker/poetry_version_resolver_spec.rb b/python/spec/dependabot/python/update_checker/poetry_version_resolver_spec.rb index 7686bbd362..67f28e8435 100644 --- a/python/spec/dependabot/python/update_checker/poetry_version_resolver_spec.rb +++ b/python/spec/dependabot/python/update_checker/poetry_version_resolver_spec.rb @@ -33,7 +33,7 @@ let(:pyproject_fixture_name) { "poetry_exact_requirement.toml" } let(:lockfile) do Dependabot::DependencyFile.new( - name: "pyproject.lock", + name: "poetry.lock", content: fixture("pyproject_locks", lockfile_fixture_name) ) end @@ -185,28 +185,30 @@ it { is_expected.to eq(Gem::Version.new("3.8.2")) } - context "that has a bad reference" do - let(:pyproject_fixture_name) { "git_dependency_bad_ref.toml" } - let(:lockfile_fixture_name) { "git_dependency_bad_ref.lock" } + context "that has no lockfile" do + let(:dependency_files) { [pyproject] } - it "raises a helpful error" do - expect { subject }. - to raise_error(Dependabot::GitDependencyReferenceNotFound) do |err| - expect(err.dependency).to eq("toml") - end + context "that has a bad reference, and no lockfile" do + let(:pyproject_fixture_name) { "git_dependency_bad_ref.toml" } + + it "raises a helpful error" do + expect { subject }. + to raise_error(Dependabot::GitDependencyReferenceNotFound) do |err| + expect(err.dependency).to eq("toml") + end + end end - end - context "that is unreachable" do - let(:pyproject_fixture_name) { "git_dependency_unreachable.toml" } - let(:lockfile_fixture_name) { "git_dependency_unreachable.lock" } + context "that is unreachable" do + let(:pyproject_fixture_name) { "git_dependency_unreachable.toml" } - it "raises a helpful error" do - expect { subject }. - to raise_error(Dependabot::GitDependenciesNotReachable) do |error| - expect(error.dependency_urls). - to eq(["https://github.com/greysteil/unreachable.git"]) - end + it "raises a helpful error" do + expect { subject }. + to raise_error(Dependabot::GitDependenciesNotReachable) do |error| + expect(error.dependency_urls). + to eq(["https://github.com/greysteil/unreachable.git"]) + end + end end end end @@ -260,16 +262,31 @@ end context "because of a yanked dependency" do - let(:dependency_files) { [pyproject, lockfile] } let(:pyproject_fixture_name) { "yanked_version.toml" } let(:lockfile_fixture_name) { "yanked_version.lock" } - it "raises a helpful error" do - expect { subject }. - to raise_error(Dependabot::DependencyFileNotResolvable) do |error| - expect(error.message). - to include("depends on croniter (0.3.26) which doesn't match any versions") - end + context "with a lockfile" do + let(:dependency_files) { [pyproject, lockfile] } + + it "raises a helpful error" do + expect { subject }. + to raise_error(Dependabot::DependencyFileNotResolvable) do |error| + expect(error.message). + to include("Package croniter (0.3.26) not found") + end + end + end + + context "without a lockfile" do + let(:dependency_files) { [pyproject] } + + it "raises a helpful error" do + expect { subject }. + to raise_error(Dependabot::DependencyFileNotResolvable) do |error| + expect(error.message). + to include("depends on croniter (0.3.26) which doesn't match any versions") + end + end end end end diff --git a/python/spec/fixtures/pyproject_locks/git_dependency_bad_ref.lock b/python/spec/fixtures/pyproject_locks/git_dependency_bad_ref.lock deleted file mode 100644 index 99648e3cb6..0000000000 --- a/python/spec/fixtures/pyproject_locks/git_dependency_bad_ref.lock +++ /dev/null @@ -1,119 +0,0 @@ -[[package]] -category = "main" -description = "Atomic file writes." -name = "atomicwrites" -optional = false -platform = "*" -python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" -version = "1.2.1" - -[[package]] -category = "main" -description = "Classes Without Boilerplate" -name = "attrs" -optional = false -platform = "*" -python-versions = "*" -version = "18.2.0" - -[[package]] -category = "main" -description = "Cross-platform colored terminal text." -name = "colorama" -optional = false -platform = "UNKNOWN" -python-versions = "*" -version = "0.3.9" - -[package.requirements] -platform = "win32" - -[[package]] -category = "main" -description = "More routines for operating on iterables, beyond itertools" -name = "more-itertools" -optional = false -platform = "*" -python-versions = "*" -version = "4.3.0" - -[package.dependencies] -six = ">=1.0.0,<2.0.0" - -[[package]] -category = "main" -description = "plugin and hook calling mechanisms for python" -name = "pluggy" -optional = false -platform = "unix" -python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" -version = "0.7.1" - -[[package]] -category = "main" -description = "library with cross-python path, ini-parsing, io, code, log facilities" -name = "py" -optional = false -platform = "unix" -python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" -version = "1.6.0" - -[[package]] -category = "main" -description = "pytest: simple powerful testing with Python" -name = "pytest" -optional = false -platform = "unix" -python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" -version = "3.7.4" - -[package.dependencies] -atomicwrites = ">=1.0" -attrs = ">=17.4.0" -more-itertools = ">=4.0.0" -pluggy = ">=0.7" -py = ">=1.5.0" -setuptools = "*" -six = ">=1.10.0" - -[package.dependencies.colorama] -platform = "win32" -version = "*" - -[[package]] -category = "main" -description = "Python 2 and 3 compatibility utilities" -name = "six" -optional = false -platform = "*" -python-versions = "*" -version = "1.11.0" - -[[package]] -category = "main" -description = "" -name = "toml" -optional = false -platform = "*" -python-versions = "*" -version = "0.10.0" - -[package.source] -reference = "82c4f4707c0cf383a7696a9094bc15ba418078b3" -type = "git" -url = "https://github.com/uiri/toml.git" -[metadata] -content-hash = "80da4e266d3df8763c306c1d07185f613e151e825f8f75820f8dca443057a707" -platform = "*" -python-versions = "^3.7" - -[metadata.hashes] -atomicwrites = ["0312ad34fcad8fac3704d441f7b317e50af620823353ec657a53e981f92920c0", "ec9ae8adaae229e4f8446952d204a3e4b5fdd2d099f9be3aaf556120135fb3ee"] -attrs = ["10cbf6e27dbce8c30807caf056c8eb50917e0eaafe86347671b57254006c3e69", "ca4be454458f9dec299268d472aaa5a11f67a4ff70093396e1ceae9c76cf4bbb"] -colorama = ["463f8483208e921368c9f306094eb6f725c6ca42b0f97e313cb5d5512459feda", "48eb22f4f8461b1df5734a074b57042430fb06e1d61bd1e11b078c0fe6d7a1f1"] -more-itertools = ["c187a73da93e7a8acc0001572aebc7e3c69daf7bf6881a2cea10650bd4420092", "c476b5d3a34e12d40130bc2f935028b5f636df8f372dc2c1c01dc19681b2039e", "fcbfeaea0be121980e15bc97b3817b5202ca73d0eae185b4550cbfce2a3ebb3d"] -pluggy = ["6e3836e39f4d36ae72840833db137f7b7d35105079aee6ec4a62d9f80d594dd1", "95eb8364a4708392bae89035f45341871286a333f749c3141c20573d2b3876e1"] -py = ["06a30435d058473046be836d3fc4f27167fd84c45b99704f2fb5509ef61f9af1", "50402e9d1c9005d759426988a492e0edaadb7f4e68bcddfea586bc7432d009c6"] -pytest = ["2d7c49e931316cc7d1638a3e5f54f5d7b4e5225972b3c9838f3584788d27f349", "ad0c7db7b5d4081631e0155f5c61b80ad76ce148551aaafe3a718d65a7508b18"] -six = ["70e8a77beed4562e7f14fe23a786b54f6296e34344c23bc42f07b15018ff98e9", "832dc0e10feb1aa2c68dcc57dbb658f1c7e65b9b61af69048abc87a2db00a0eb"] -toml = [] diff --git a/python/spec/fixtures/pyproject_locks/git_dependency_unreachable.lock b/python/spec/fixtures/pyproject_locks/git_dependency_unreachable.lock deleted file mode 100644 index cd753f1351..0000000000 --- a/python/spec/fixtures/pyproject_locks/git_dependency_unreachable.lock +++ /dev/null @@ -1,119 +0,0 @@ -[[package]] -category = "main" -description = "Atomic file writes." -name = "atomicwrites" -optional = false -platform = "*" -python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" -version = "1.2.1" - -[[package]] -category = "main" -description = "Classes Without Boilerplate" -name = "attrs" -optional = false -platform = "*" -python-versions = "*" -version = "18.2.0" - -[[package]] -category = "main" -description = "Cross-platform colored terminal text." -name = "colorama" -optional = false -platform = "UNKNOWN" -python-versions = "*" -version = "0.3.9" - -[package.requirements] -platform = "win32" - -[[package]] -category = "main" -description = "More routines for operating on iterables, beyond itertools" -name = "more-itertools" -optional = false -platform = "*" -python-versions = "*" -version = "4.3.0" - -[package.dependencies] -six = ">=1.0.0,<2.0.0" - -[[package]] -category = "main" -description = "plugin and hook calling mechanisms for python" -name = "pluggy" -optional = false -platform = "unix" -python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" -version = "0.7.1" - -[[package]] -category = "main" -description = "library with cross-python path, ini-parsing, io, code, log facilities" -name = "py" -optional = false -platform = "unix" -python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" -version = "1.6.0" - -[[package]] -category = "main" -description = "pytest: simple powerful testing with Python" -name = "pytest" -optional = false -platform = "unix" -python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" -version = "3.7.4" - -[package.dependencies] -atomicwrites = ">=1.0" -attrs = ">=17.4.0" -more-itertools = ">=4.0.0" -pluggy = ">=0.7" -py = ">=1.5.0" -setuptools = "*" -six = ">=1.10.0" - -[package.dependencies.colorama] -platform = "win32" -version = "*" - -[[package]] -category = "main" -description = "Python 2 and 3 compatibility utilities" -name = "six" -optional = false -platform = "*" -python-versions = "*" -version = "1.11.0" - -[[package]] -category = "main" -description = "" -name = "toml" -optional = false -platform = "*" -python-versions = "*" -version = "0.10.0" - -[package.source] -reference = "72c4f4707c0cf383a7696a9094bc15ba418078b3" -type = "git" -url = "https://github.com/greysteil/unreachable.git" -[metadata] -content-hash = "80da4e266d3df8763c306c1d07185f613e151e825f8f75820f8dca443057a707" -platform = "*" -python-versions = "^3.7" - -[metadata.hashes] -atomicwrites = ["0312ad34fcad8fac3704d441f7b317e50af620823353ec657a53e981f92920c0", "ec9ae8adaae229e4f8446952d204a3e4b5fdd2d099f9be3aaf556120135fb3ee"] -attrs = ["10cbf6e27dbce8c30807caf056c8eb50917e0eaafe86347671b57254006c3e69", "ca4be454458f9dec299268d472aaa5a11f67a4ff70093396e1ceae9c76cf4bbb"] -colorama = ["463f8483208e921368c9f306094eb6f725c6ca42b0f97e313cb5d5512459feda", "48eb22f4f8461b1df5734a074b57042430fb06e1d61bd1e11b078c0fe6d7a1f1"] -more-itertools = ["c187a73da93e7a8acc0001572aebc7e3c69daf7bf6881a2cea10650bd4420092", "c476b5d3a34e12d40130bc2f935028b5f636df8f372dc2c1c01dc19681b2039e", "fcbfeaea0be121980e15bc97b3817b5202ca73d0eae185b4550cbfce2a3ebb3d"] -pluggy = ["6e3836e39f4d36ae72840833db137f7b7d35105079aee6ec4a62d9f80d594dd1", "95eb8364a4708392bae89035f45341871286a333f749c3141c20573d2b3876e1"] -py = ["06a30435d058473046be836d3fc4f27167fd84c45b99704f2fb5509ef61f9af1", "50402e9d1c9005d759426988a492e0edaadb7f4e68bcddfea586bc7432d009c6"] -pytest = ["2d7c49e931316cc7d1638a3e5f54f5d7b4e5225972b3c9838f3584788d27f349", "ad0c7db7b5d4081631e0155f5c61b80ad76ce148551aaafe3a718d65a7508b18"] -six = ["70e8a77beed4562e7f14fe23a786b54f6296e34344c23bc42f07b15018ff98e9", "832dc0e10feb1aa2c68dcc57dbb658f1c7e65b9b61af69048abc87a2db00a0eb"] -toml = [] From b3761d0207e9ceee7146b8b601c34e1259804c3d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Rodr=C3=ADguez?= Date: Thu, 17 Aug 2023 22:39:39 +0200 Subject: [PATCH 2/2] These are no longer slow --- .../python/update_checker/poetry_version_resolver_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/spec/dependabot/python/update_checker/poetry_version_resolver_spec.rb b/python/spec/dependabot/python/update_checker/poetry_version_resolver_spec.rb index 67f28e8435..f5bb726fef 100644 --- a/python/spec/dependabot/python/update_checker/poetry_version_resolver_spec.rb +++ b/python/spec/dependabot/python/update_checker/poetry_version_resolver_spec.rb @@ -168,7 +168,7 @@ end end - context "with a dependency file that includes a git dependency", :slow do + context "with a dependency file that includes a git dependency" do let(:pyproject_fixture_name) { "git_dependency.toml" } let(:lockfile_fixture_name) { "git_dependency.lock" } let(:dependency_name) { "pytest" }