Class: Dependabot::UpdateCheckers::Python::Pip::PipfileVersionResolver

Inherits:

Object

Object
Dependabot::UpdateCheckers::Python::Pip::PipfileVersionResolver

show all

Defined in:: lib/dependabot/update_checkers/python/pip/pipfile_version_resolver.rb

Overview

This class does version resolution for Pipfiles. Its current approach is somewhat crude:

Unlock the dependency we’re checking in the Pipfile
Freeze all of the other dependencies in the Pipfile
Run ‘pipenv lock` and see what the result is

Unfortunately, Pipenv doesn’t resolve how we’d expect - it appears to just raise if the latest version can’t be resolved. Knowing that is still better than nothing, though.

Constant Summary collapse

VERSION_REGEX =

/[0-9]+(?:\.[A-Za-z0-9\-_]+)*/.freeze

GIT_DEPENDENCY_UNREACHABLE_REGEX =

/Command "git clone -q (?<url>[^\s]+).*" failed/.freeze

GIT_REFERENCE_NOT_FOUND_REGEX =

%r{"git checkout -q (?<tag>[^"]+)" .*/(?<name>.*?)(\\n'\]|$)}.
freeze

UNSUPPORTED_DEPS =

%w(pyobjc).freeze

UNSUPPORTED_DEP_REGEX =

/"python setup\.py egg_info".*(?:#{UNSUPPORTED_DEPS.join("|")})/.
freeze

Instance Attribute Summary collapse

#credentials ⇒ Object readonly

Returns the value of attribute credentials.
#dependency ⇒ Object readonly

Returns the value of attribute dependency.
#dependency_files ⇒ Object readonly

Returns the value of attribute dependency_files.

Instance Method Summary collapse

#initialize(dependency:, dependency_files:, credentials:, unlock_requirement:, latest_allowable_version:) ⇒ PipfileVersionResolver constructor

A new instance of PipfileVersionResolver.
#latest_resolvable_version ⇒ Object

Constructor Details

#initialize(dependency:, dependency_files:, credentials:, unlock_requirement:, latest_allowable_version:) ⇒ `PipfileVersionResolver`

Returns a new instance of PipfileVersionResolver.

# File 'lib/dependabot/update_checkers/python/pip/pipfile_version_resolver.rb', line 42

def initialize(dependency:, dependency_files:, credentials:,
               unlock_requirement:, latest_allowable_version:)
  @dependency               = dependency
  @dependency_files         = dependency_files
  @credentials              = credentials
  @latest_allowable_version = latest_allowable_version
  @unlock_requirement       = unlock_requirement

  check_private_sources_are_reachable
end

Instance Attribute Details

#credentials ⇒ `Object` (readonly)

Returns the value of attribute credentials.



40
41
42

# File 'lib/dependabot/update_checkers/python/pip/pipfile_version_resolver.rb', line 40

def credentials
  @credentials
end

#dependency ⇒ `Object` (readonly)

Returns the value of attribute dependency.



40
41
42

# File 'lib/dependabot/update_checkers/python/pip/pipfile_version_resolver.rb', line 40

def dependency
  @dependency
end

#dependency_files ⇒ `Object` (readonly)

Returns the value of attribute dependency_files.



40
41
42

# File 'lib/dependabot/update_checkers/python/pip/pipfile_version_resolver.rb', line 40

def dependency_files
  @dependency_files
end

Instance Method Details

#latest_resolvable_version ⇒ `Object`

# File 'lib/dependabot/update_checkers/python/pip/pipfile_version_resolver.rb', line 53

def latest_resolvable_version
  return @latest_resolvable_version if @resolution_already_attempted

  @resolution_already_attempted = true
  @latest_resolvable_version ||= fetch_latest_resolvable_version
end