Fix pipenv upgrades when star requirement is used

dependabot · Nov 23, 2023 · 9c5561f · 9c5561f
1 parent 77bd327
commit 9c5561f
Show file tree

Hide file tree

Showing 4 changed files with 104 additions and 0 deletions.
diff --git a/python/lib/dependabot/python/pipenv_runner.rb b/python/lib/dependabot/python/pipenv_runner.rb
@@ -15,6 +15,7 @@ def initialize(dependency:, lockfile:, language_version_manager:)
       end
 
       def run_upgrade(constraint)
+        constraint = "" if constraint == "*"
         command = "pyenv exec pipenv upgrade #{dependency_name}#{constraint}"
         command << " --dev" if lockfile_section == "develop"
 

diff --git a/python/spec/dependabot/python/update_checker/pipenv_version_resolver_spec.rb b/python/spec/dependabot/python/update_checker/pipenv_version_resolver_spec.rb
@@ -77,6 +77,24 @@
       end
     end
 
+    context "with a star requirement" do
+      let(:pipfile_fixture_name) { "star" }
+      let(:lockfile_fixture_name) { "star.lock" }
+      let(:dependency_name) { "boto3" }
+      let(:dependency_version) { "1.28.50" }
+      let(:dependency_requirements) do
+        [{
+          file: "Pipfile",
+          requirement: "*",
+          groups: ["default"],
+          source: nil
+        }]
+      end
+      let(:updated_requirement) { "*" }
+
+      it { is_expected.to be >= Gem::Version.new("1.29.6") }
+    end
+
     context "without a lockfile (but with a latest version)" do
       let(:dependency_files) { [pipfile] }
       let(:dependency_version) { nil }

diff --git a/python/spec/fixtures/pipfile_files/star b/python/spec/fixtures/pipfile_files/star
@@ -0,0 +1,9 @@
+[[source]]
+url = "https://pypi.org/simple"
+verify_ssl = true
+name = "pypi"
+
+[packages]
+boto3 = "*"
+
+[dev-packages]
diff --git a/python/spec/fixtures/pipfile_files/star.lock b/python/spec/fixtures/pipfile_files/star.lock
@@ -0,0 +1,76 @@
+{
+    "_meta": {
+        "hash": {
+            "sha256": "cfb5aacb7331c912125612597b3b297fc2103296077590290adf9609764d0d46"
+        },
+        "pipfile-spec": 6,
+        "requires": {},
+        "sources": [
+            {
+                "name": "pypi",
+                "url": "https://pypi.org/simple",
+                "verify_ssl": true
+            }
+        ]
+    },
+    "default": {
+        "boto3": {
+            "hashes": [
+                "sha256:33062ab3801029ab7b2cb35b6bf4768715d13c5f9ea7d5dce22ace6219c1dc7a",
+                "sha256:cda98a2952cccb1db4208c53a1bba6585620fffa0ca05244827ca65884856d1f"
+            ],
+            "index": "pypi",
+            "markers": "python_version >= '3.7'",
+            "version": "==1.28.50"
+        },
+        "botocore": {
+            "hashes": [
+                "sha256:b8f35d65f2b45af50c36fc25cc1844d6bd61d38d2148b2ef133b8f10e198555d",
+                "sha256:ce58e688222df73ec5691f934be1a2122a52c9d11d3037b586b3fff16ed6d25f"
+            ],
+            "markers": "python_version >= '3.7'",
+            "version": "==1.31.85"
+        },
+        "jmespath": {
+            "hashes": [
+                "sha256:02e2e4cc71b5bcab88332eebf907519190dd9e6e82107fa7f83b1003a6252980",
+                "sha256:90261b206d6defd58fdd5e85f478bf633a2901798906be2ad389150c5c60edbe"
+            ],
+            "markers": "python_version >= '3.7'",
+            "version": "==1.0.1"
+        },
+        "python-dateutil": {
+            "hashes": [
+                "sha256:0123cacc1627ae19ddf3c27a5de5bd67ee4586fbdd6440d9748f8abb483d3e86",
+                "sha256:961d03dc3453ebbc59dbdea9e4e11c5651520a876d0f4db161e8674aae935da9"
+            ],
+            "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'",
+            "version": "==2.8.2"
+        },
+        "s3transfer": {
+            "hashes": [
+                "sha256:b014be3a8a2aab98cfe1abc7229cc5a9a0cf05eb9c1f2b86b230fd8df3f78084",
+                "sha256:cab66d3380cca3e70939ef2255d01cd8aece6a4907a9528740f668c4b0611861"
+            ],
+            "markers": "python_version >= '3.7'",
+            "version": "==0.6.2"
+        },
+        "six": {
+            "hashes": [
+                "sha256:1e61c37477a1626458e36f7b1d82aa5c9b094fa4802892072e49de9c60c4c926",
+                "sha256:8abb2f1d86890a2dfb989f9a77cfcfd3e47c2a354b01111771326f8aa26e0254"
+            ],
+            "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'",
+            "version": "==1.16.0"
+        },
+        "urllib3": {
+            "hashes": [
+                "sha256:c97dfde1f7bd43a71c8d2a58e369e9b2bf692d1334ea9f9cae55add7d0dd0f84",
+                "sha256:fdb6d215c776278489906c2f8916e6e7d4f5a9b602ccbcfdf7f016fc8da0596e"
+            ],
+            "markers": "python_version >= '3.10'",
+            "version": "==2.0.7"
+        }
+    },
+    "develop": {}
+}