From c4f64a047def6d5338f4d3185c164f905b01007c Mon Sep 17 00:00:00 2001 From: mo khan Date: Mon, 30 Aug 2021 14:08:51 -0600 Subject: [PATCH 1/8] test: add test to reproduce multiple version defect --- .../dependabot/python/file_parser_spec.rb | 8 + .../poetry/multiple_requirements/poetry.lock | 154 ++++++++++++++++++ .../multiple_requirements/pyproject.toml | 14 ++ 3 files changed, 176 insertions(+) create mode 100644 python/spec/fixtures/projects/poetry/multiple_requirements/poetry.lock create mode 100644 python/spec/fixtures/projects/poetry/multiple_requirements/pyproject.toml diff --git a/python/spec/dependabot/python/file_parser_spec.rb b/python/spec/dependabot/python/file_parser_spec.rb index 4dd6c32653..8f9e799ee3 100644 --- a/python/spec/dependabot/python/file_parser_spec.rb +++ b/python/spec/dependabot/python/file_parser_spec.rb @@ -1315,5 +1315,13 @@ expect { dependencies }.to raise_error(Dependabot::UnexpectedExternalCode) end end + + context "with multiple requirements" do + let(:files) { project_dependency_files('poetry/multiple_requirements') } + + it "returns the dependencies with multiple requirements" do + expect(dependencies).not_to be_empty + end + end end end diff --git a/python/spec/fixtures/projects/poetry/multiple_requirements/poetry.lock b/python/spec/fixtures/projects/poetry/multiple_requirements/poetry.lock new file mode 100644 index 0000000000..1f942718bb --- /dev/null +++ b/python/spec/fixtures/projects/poetry/multiple_requirements/poetry.lock @@ -0,0 +1,154 @@ +[[package]] +name = "numpy" +version = "1.19.5" +description = "NumPy is the fundamental package for array computing with Python." +category = "main" +optional = false +python-versions = ">=3.6" + +[[package]] +name = "numpy" +version = "1.21.1" +description = "NumPy is the fundamental package for array computing with Python." +category = "main" +optional = false +python-versions = ">=3.7" + +[[package]] +name = "scipy" +version = "1.5.4" +description = "SciPy: Scientific Library for Python" +category = "main" +optional = false +python-versions = ">=3.6" + +[package.dependencies] +numpy = ">=1.14.5" + +[[package]] +name = "scipy" +version = "1.6.1" +description = "SciPy: Scientific Library for Python" +category = "main" +optional = false +python-versions = ">=3.7" + +[package.dependencies] +numpy = ">=1.16.5" + +[metadata] +lock-version = "1.1" +python-versions = "*" +content-hash = "f7f91415d672aa5f9b74f90bf3817fad39116404d3bc8107646bd50a19567624" + +[metadata.files] +numpy = [ + {file = "numpy-1.19.5-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:cc6bd4fd593cb261332568485e20a0712883cf631f6f5e8e86a52caa8b2b50ff"}, + {file = "numpy-1.19.5-cp36-cp36m-manylinux1_i686.whl", hash = "sha256:aeb9ed923be74e659984e321f609b9ba54a48354bfd168d21a2b072ed1e833ea"}, + {file = "numpy-1.19.5-cp36-cp36m-manylinux1_x86_64.whl", hash = "sha256:8b5e972b43c8fc27d56550b4120fe6257fdc15f9301914380b27f74856299fea"}, + {file = "numpy-1.19.5-cp36-cp36m-manylinux2010_i686.whl", hash = "sha256:43d4c81d5ffdff6bae58d66a3cd7f54a7acd9a0e7b18d97abb255defc09e3140"}, + {file = "numpy-1.19.5-cp36-cp36m-manylinux2010_x86_64.whl", hash = "sha256:a4646724fba402aa7504cd48b4b50e783296b5e10a524c7a6da62e4a8ac9698d"}, + {file = "numpy-1.19.5-cp36-cp36m-manylinux2014_aarch64.whl", hash = "sha256:2e55195bc1c6b705bfd8ad6f288b38b11b1af32f3c8289d6c50d47f950c12e76"}, + {file = "numpy-1.19.5-cp36-cp36m-win32.whl", hash = "sha256:39b70c19ec771805081578cc936bbe95336798b7edf4732ed102e7a43ec5c07a"}, + {file = "numpy-1.19.5-cp36-cp36m-win_amd64.whl", hash = "sha256:dbd18bcf4889b720ba13a27ec2f2aac1981bd41203b3a3b27ba7a33f88ae4827"}, + {file = "numpy-1.19.5-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:603aa0706be710eea8884af807b1b3bc9fb2e49b9f4da439e76000f3b3c6ff0f"}, + {file = "numpy-1.19.5-cp37-cp37m-manylinux1_i686.whl", hash = "sha256:cae865b1cae1ec2663d8ea56ef6ff185bad091a5e33ebbadd98de2cfa3fa668f"}, + {file = "numpy-1.19.5-cp37-cp37m-manylinux1_x86_64.whl", hash = "sha256:36674959eed6957e61f11c912f71e78857a8d0604171dfd9ce9ad5cbf41c511c"}, + {file = "numpy-1.19.5-cp37-cp37m-manylinux2010_i686.whl", hash = "sha256:06fab248a088e439402141ea04f0fffb203723148f6ee791e9c75b3e9e82f080"}, + {file = "numpy-1.19.5-cp37-cp37m-manylinux2010_x86_64.whl", hash = "sha256:6149a185cece5ee78d1d196938b2a8f9d09f5a5ebfbba66969302a778d5ddd1d"}, + {file = "numpy-1.19.5-cp37-cp37m-manylinux2014_aarch64.whl", hash = "sha256:50a4a0ad0111cc1b71fa32dedd05fa239f7fb5a43a40663269bb5dc7877cfd28"}, + {file = "numpy-1.19.5-cp37-cp37m-win32.whl", hash = "sha256:d051ec1c64b85ecc69531e1137bb9751c6830772ee5c1c426dbcfe98ef5788d7"}, + {file = "numpy-1.19.5-cp37-cp37m-win_amd64.whl", hash = "sha256:a12ff4c8ddfee61f90a1633a4c4afd3f7bcb32b11c52026c92a12e1325922d0d"}, + {file = "numpy-1.19.5-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:cf2402002d3d9f91c8b01e66fbb436a4ed01c6498fffed0e4c7566da1d40ee1e"}, + {file = "numpy-1.19.5-cp38-cp38-manylinux1_i686.whl", hash = "sha256:1ded4fce9cfaaf24e7a0ab51b7a87be9038ea1ace7f34b841fe3b6894c721d1c"}, + {file = "numpy-1.19.5-cp38-cp38-manylinux1_x86_64.whl", hash = "sha256:012426a41bc9ab63bb158635aecccc7610e3eff5d31d1eb43bc099debc979d94"}, + {file = "numpy-1.19.5-cp38-cp38-manylinux2010_i686.whl", hash = "sha256:759e4095edc3c1b3ac031f34d9459fa781777a93ccc633a472a5468587a190ff"}, + {file = "numpy-1.19.5-cp38-cp38-manylinux2010_x86_64.whl", hash = "sha256:a9d17f2be3b427fbb2bce61e596cf555d6f8a56c222bd2ca148baeeb5e5c783c"}, + {file = "numpy-1.19.5-cp38-cp38-manylinux2014_aarch64.whl", hash = "sha256:99abf4f353c3d1a0c7a5f27699482c987cf663b1eac20db59b8c7b061eabd7fc"}, + {file = "numpy-1.19.5-cp38-cp38-win32.whl", hash = "sha256:384ec0463d1c2671170901994aeb6dce126de0a95ccc3976c43b0038a37329c2"}, + {file = "numpy-1.19.5-cp38-cp38-win_amd64.whl", hash = "sha256:811daee36a58dc79cf3d8bdd4a490e4277d0e4b7d103a001a4e73ddb48e7e6aa"}, + {file = "numpy-1.19.5-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:c843b3f50d1ab7361ca4f0b3639bf691569493a56808a0b0c54a051d260b7dbd"}, + {file = "numpy-1.19.5-cp39-cp39-manylinux1_i686.whl", hash = "sha256:d6631f2e867676b13026e2846180e2c13c1e11289d67da08d71cacb2cd93d4aa"}, + {file = "numpy-1.19.5-cp39-cp39-manylinux1_x86_64.whl", hash = "sha256:7fb43004bce0ca31d8f13a6eb5e943fa73371381e53f7074ed21a4cb786c32f8"}, + {file = "numpy-1.19.5-cp39-cp39-manylinux2010_i686.whl", hash = "sha256:2ea52bd92ab9f768cc64a4c3ef8f4b2580a17af0a5436f6126b08efbd1838371"}, + {file = "numpy-1.19.5-cp39-cp39-manylinux2010_x86_64.whl", hash = "sha256:400580cbd3cff6ffa6293df2278c75aef2d58d8d93d3c5614cd67981dae68ceb"}, + {file = "numpy-1.19.5-cp39-cp39-manylinux2014_aarch64.whl", hash = "sha256:df609c82f18c5b9f6cb97271f03315ff0dbe481a2a02e56aeb1b1a985ce38e60"}, + {file = "numpy-1.19.5-cp39-cp39-win32.whl", hash = "sha256:ab83f24d5c52d60dbc8cd0528759532736b56db58adaa7b5f1f76ad551416a1e"}, + {file = "numpy-1.19.5-cp39-cp39-win_amd64.whl", hash = "sha256:0eef32ca3132a48e43f6a0f5a82cb508f22ce5a3d6f67a8329c81c8e226d3f6e"}, + {file = "numpy-1.19.5-pp36-pypy36_pp73-manylinux2010_x86_64.whl", hash = "sha256:a0d53e51a6cb6f0d9082decb7a4cb6dfb33055308c4c44f53103c073f649af73"}, + {file = "numpy-1.19.5.zip", hash = "sha256:a76f502430dd98d7546e1ea2250a7360c065a5fdea52b2dffe8ae7180909b6f4"}, + {file = "numpy-1.21.1-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:38e8648f9449a549a7dfe8d8755a5979b45b3538520d1e735637ef28e8c2dc50"}, + {file = "numpy-1.21.1-cp37-cp37m-manylinux_2_12_i686.manylinux2010_i686.whl", hash = "sha256:fd7d7409fa643a91d0a05c7554dd68aa9c9bb16e186f6ccfe40d6e003156e33a"}, + {file = "numpy-1.21.1-cp37-cp37m-manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:a75b4498b1e93d8b700282dc8e655b8bd559c0904b3910b144646dbbbc03e062"}, + {file = "numpy-1.21.1-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1412aa0aec3e00bc23fbb8664d76552b4efde98fb71f60737c83efbac24112f1"}, + {file = "numpy-1.21.1-cp37-cp37m-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:e46ceaff65609b5399163de5893d8f2a82d3c77d5e56d976c8b5fb01faa6b671"}, + {file = "numpy-1.21.1-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:c6a2324085dd52f96498419ba95b5777e40b6bcbc20088fddb9e8cbb58885e8e"}, + {file = "numpy-1.21.1-cp37-cp37m-win32.whl", hash = "sha256:73101b2a1fef16602696d133db402a7e7586654682244344b8329cdcbbb82172"}, + {file = "numpy-1.21.1-cp37-cp37m-win_amd64.whl", hash = "sha256:7a708a79c9a9d26904d1cca8d383bf869edf6f8e7650d85dbc77b041e8c5a0f8"}, + {file = "numpy-1.21.1-cp38-cp38-macosx_10_9_universal2.whl", hash = "sha256:95b995d0c413f5d0428b3f880e8fe1660ff9396dcd1f9eedbc311f37b5652e16"}, + {file = "numpy-1.21.1-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:635e6bd31c9fb3d475c8f44a089569070d10a9ef18ed13738b03049280281267"}, + {file = "numpy-1.21.1-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:4a3d5fb89bfe21be2ef47c0614b9c9c707b7362386c9a3ff1feae63e0267ccb6"}, + {file = "numpy-1.21.1-cp38-cp38-manylinux_2_12_i686.manylinux2010_i686.whl", hash = "sha256:8a326af80e86d0e9ce92bcc1e65c8ff88297de4fa14ee936cb2293d414c9ec63"}, + {file = "numpy-1.21.1-cp38-cp38-manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:791492091744b0fe390a6ce85cc1bf5149968ac7d5f0477288f78c89b385d9af"}, + {file = "numpy-1.21.1-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:0318c465786c1f63ac05d7c4dbcecd4d2d7e13f0959b01b534ea1e92202235c5"}, + {file = "numpy-1.21.1-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:9a513bd9c1551894ee3d31369f9b07460ef223694098cf27d399513415855b68"}, + {file = "numpy-1.21.1-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:91c6f5fc58df1e0a3cc0c3a717bb3308ff850abdaa6d2d802573ee2b11f674a8"}, + {file = "numpy-1.21.1-cp38-cp38-win32.whl", hash = "sha256:978010b68e17150db8765355d1ccdd450f9fc916824e8c4e35ee620590e234cd"}, + {file = "numpy-1.21.1-cp38-cp38-win_amd64.whl", hash = "sha256:9749a40a5b22333467f02fe11edc98f022133ee1bfa8ab99bda5e5437b831214"}, + {file = "numpy-1.21.1-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:d7a4aeac3b94af92a9373d6e77b37691b86411f9745190d2c351f410ab3a791f"}, + {file = "numpy-1.21.1-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:d9e7912a56108aba9b31df688a4c4f5cb0d9d3787386b87d504762b6754fbb1b"}, + {file = "numpy-1.21.1-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:25b40b98ebdd272bc3020935427a4530b7d60dfbe1ab9381a39147834e985eac"}, + {file = "numpy-1.21.1-cp39-cp39-manylinux_2_12_i686.manylinux2010_i686.whl", hash = "sha256:8a92c5aea763d14ba9d6475803fc7904bda7decc2a0a68153f587ad82941fec1"}, + {file = "numpy-1.21.1-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:05a0f648eb28bae4bcb204e6fd14603de2908de982e761a2fc78efe0f19e96e1"}, + {file = "numpy-1.21.1-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:f01f28075a92eede918b965e86e8f0ba7b7797a95aa8d35e1cc8821f5fc3ad6a"}, + {file = "numpy-1.21.1-cp39-cp39-win32.whl", hash = "sha256:88c0b89ad1cc24a5efbb99ff9ab5db0f9a86e9cc50240177a571fbe9c2860ac2"}, + {file = "numpy-1.21.1-cp39-cp39-win_amd64.whl", hash = "sha256:01721eefe70544d548425a07c80be8377096a54118070b8a62476866d5208e33"}, + {file = "numpy-1.21.1-pp37-pypy37_pp73-manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:2d4d1de6e6fb3d28781c73fbde702ac97f03d79e4ffd6598b880b2d95d62ead4"}, + {file = "numpy-1.21.1.zip", hash = "sha256:dff4af63638afcc57a3dfb9e4b26d434a7a602d225b42d746ea7fe2edf1342fd"}, +] +scipy = [ + {file = "scipy-1.5.4-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:4f12d13ffbc16e988fa40809cbbd7a8b45bc05ff6ea0ba8e3e41f6f4db3a9e47"}, + {file = "scipy-1.5.4-cp36-cp36m-manylinux1_i686.whl", hash = "sha256:a254b98dbcc744c723a838c03b74a8a34c0558c9ac5c86d5561703362231107d"}, + {file = "scipy-1.5.4-cp36-cp36m-manylinux1_x86_64.whl", hash = "sha256:368c0f69f93186309e1b4beb8e26d51dd6f5010b79264c0f1e9ca00cd92ea8c9"}, + {file = "scipy-1.5.4-cp36-cp36m-manylinux2014_aarch64.whl", hash = "sha256:4598cf03136067000855d6b44d7a1f4f46994164bcd450fb2c3d481afc25dd06"}, + {file = "scipy-1.5.4-cp36-cp36m-win32.whl", hash = "sha256:e98d49a5717369d8241d6cf33ecb0ca72deee392414118198a8e5b4c35c56340"}, + {file = "scipy-1.5.4-cp36-cp36m-win_amd64.whl", hash = "sha256:65923bc3809524e46fb7eb4d6346552cbb6a1ffc41be748535aa502a2e3d3389"}, + {file = "scipy-1.5.4-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:9ad4fcddcbf5dc67619379782e6aeef41218a79e17979aaed01ed099876c0e62"}, + {file = "scipy-1.5.4-cp37-cp37m-manylinux1_i686.whl", hash = "sha256:f87b39f4d69cf7d7529d7b1098cb712033b17ea7714aed831b95628f483fd012"}, + {file = "scipy-1.5.4-cp37-cp37m-manylinux1_x86_64.whl", hash = "sha256:25b241034215247481f53355e05f9e25462682b13bd9191359075682adcd9554"}, + {file = "scipy-1.5.4-cp37-cp37m-manylinux2014_aarch64.whl", hash = "sha256:fa789583fc94a7689b45834453fec095245c7e69c58561dc159b5d5277057e4c"}, + {file = "scipy-1.5.4-cp37-cp37m-win32.whl", hash = "sha256:d6d25c41a009e3c6b7e757338948d0076ee1dd1770d1c09ec131f11946883c54"}, + {file = "scipy-1.5.4-cp37-cp37m-win_amd64.whl", hash = "sha256:2c872de0c69ed20fb1a9b9cf6f77298b04a26f0b8720a5457be08be254366c6e"}, + {file = "scipy-1.5.4-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:e360cb2299028d0b0d0f65a5c5e51fc16a335f1603aa2357c25766c8dab56938"}, + {file = "scipy-1.5.4-cp38-cp38-manylinux1_i686.whl", hash = "sha256:3397c129b479846d7eaa18f999369a24322d008fac0782e7828fa567358c36ce"}, + {file = "scipy-1.5.4-cp38-cp38-manylinux1_x86_64.whl", hash = "sha256:168c45c0c32e23f613db7c9e4e780bc61982d71dcd406ead746c7c7c2f2004ce"}, + {file = "scipy-1.5.4-cp38-cp38-manylinux2014_aarch64.whl", hash = "sha256:213bc59191da2f479984ad4ec39406bf949a99aba70e9237b916ce7547b6ef42"}, + {file = "scipy-1.5.4-cp38-cp38-win32.whl", hash = "sha256:634568a3018bc16a83cda28d4f7aed0d803dd5618facb36e977e53b2df868443"}, + {file = "scipy-1.5.4-cp38-cp38-win_amd64.whl", hash = "sha256:b03c4338d6d3d299e8ca494194c0ae4f611548da59e3c038813f1a43976cb437"}, + {file = "scipy-1.5.4-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:3d5db5d815370c28d938cf9b0809dade4acf7aba57eaf7ef733bfedc9b2474c4"}, + {file = "scipy-1.5.4-cp39-cp39-manylinux1_i686.whl", hash = "sha256:6b0ceb23560f46dd236a8ad4378fc40bad1783e997604ba845e131d6c680963e"}, + {file = "scipy-1.5.4-cp39-cp39-manylinux1_x86_64.whl", hash = "sha256:ed572470af2438b526ea574ff8f05e7f39b44ac37f712105e57fc4d53a6fb660"}, + {file = "scipy-1.5.4-cp39-cp39-manylinux2014_aarch64.whl", hash = "sha256:8c8d6ca19c8497344b810b0b0344f8375af5f6bb9c98bd42e33f747417ab3f57"}, + {file = "scipy-1.5.4-cp39-cp39-win32.whl", hash = "sha256:d84cadd7d7998433334c99fa55bcba0d8b4aeff0edb123b2a1dfcface538e474"}, + {file = "scipy-1.5.4-cp39-cp39-win_amd64.whl", hash = "sha256:cc1f78ebc982cd0602c9a7615d878396bec94908db67d4ecddca864d049112f2"}, + {file = "scipy-1.5.4.tar.gz", hash = "sha256:4a453d5e5689de62e5d38edf40af3f17560bfd63c9c5bd228c18c1f99afa155b"}, + {file = "scipy-1.6.1-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:a15a1f3fc0abff33e792d6049161b7795909b40b97c6cc2934ed54384017ab76"}, + {file = "scipy-1.6.1-cp37-cp37m-manylinux1_i686.whl", hash = "sha256:e79570979ccdc3d165456dd62041d9556fb9733b86b4b6d818af7a0afc15f092"}, + {file = "scipy-1.6.1-cp37-cp37m-manylinux1_x86_64.whl", hash = "sha256:a423533c55fec61456dedee7b6ee7dce0bb6bfa395424ea374d25afa262be261"}, + {file = "scipy-1.6.1-cp37-cp37m-manylinux2014_aarch64.whl", hash = "sha256:33d6b7df40d197bdd3049d64e8e680227151673465e5d85723b3b8f6b15a6ced"}, + {file = "scipy-1.6.1-cp37-cp37m-win32.whl", hash = "sha256:6725e3fbb47da428794f243864f2297462e9ee448297c93ed1dcbc44335feb78"}, + {file = "scipy-1.6.1-cp37-cp37m-win_amd64.whl", hash = "sha256:5fa9c6530b1661f1370bcd332a1e62ca7881785cc0f80c0d559b636567fab63c"}, + {file = "scipy-1.6.1-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:bd50daf727f7c195e26f27467c85ce653d41df4358a25b32434a50d8870fc519"}, + {file = "scipy-1.6.1-cp38-cp38-manylinux1_i686.whl", hash = "sha256:f46dd15335e8a320b0fb4685f58b7471702234cba8bb3442b69a3e1dc329c345"}, + {file = "scipy-1.6.1-cp38-cp38-manylinux1_x86_64.whl", hash = "sha256:0e5b0ccf63155d90da576edd2768b66fb276446c371b73841e3503be1d63fb5d"}, + {file = "scipy-1.6.1-cp38-cp38-manylinux2014_aarch64.whl", hash = "sha256:2481efbb3740977e3c831edfd0bd9867be26387cacf24eb5e366a6a374d3d00d"}, + {file = "scipy-1.6.1-cp38-cp38-win32.whl", hash = "sha256:68cb4c424112cd4be886b4d979c5497fba190714085f46b8ae67a5e4416c32b4"}, + {file = "scipy-1.6.1-cp38-cp38-win_amd64.whl", hash = "sha256:5f331eeed0297232d2e6eea51b54e8278ed8bb10b099f69c44e2558c090d06bf"}, + {file = "scipy-1.6.1-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:0c8a51d33556bf70367452d4d601d1742c0e806cd0194785914daf19775f0e67"}, + {file = "scipy-1.6.1-cp39-cp39-manylinux1_i686.whl", hash = "sha256:83bf7c16245c15bc58ee76c5418e46ea1811edcc2e2b03041b804e46084ab627"}, + {file = "scipy-1.6.1-cp39-cp39-manylinux1_x86_64.whl", hash = "sha256:794e768cc5f779736593046c9714e0f3a5940bc6dcc1dba885ad64cbfb28e9f0"}, + {file = "scipy-1.6.1-cp39-cp39-manylinux2014_aarch64.whl", hash = "sha256:5da5471aed911fe7e52b86bf9ea32fb55ae93e2f0fac66c32e58897cfb02fa07"}, + {file = "scipy-1.6.1-cp39-cp39-win32.whl", hash = "sha256:8e403a337749ed40af60e537cc4d4c03febddcc56cd26e774c9b1b600a70d3e4"}, + {file = "scipy-1.6.1-cp39-cp39-win_amd64.whl", hash = "sha256:a5193a098ae9f29af283dcf0041f762601faf2e595c0db1da929875b7570353f"}, + {file = "scipy-1.6.1.tar.gz", hash = "sha256:c4fceb864890b6168e79b0e714c585dbe2fd4222768ee90bc1aa0f8218691b11"}, +] diff --git a/python/spec/fixtures/projects/poetry/multiple_requirements/pyproject.toml b/python/spec/fixtures/projects/poetry/multiple_requirements/pyproject.toml new file mode 100644 index 0000000000..33bf0ee866 --- /dev/null +++ b/python/spec/fixtures/projects/poetry/multiple_requirements/pyproject.toml @@ -0,0 +1,14 @@ +[tool.poetry] +name = "example" +version = "0.1.0" +description = "" +authors = [] + +[tool.poetry.dependencies] +numpy = [ + { version = "^1.19", python = "^3.6,<3.7" }, + { version = "^1.20", python = "^3.7" }] +scipy = [ + { version = "^1.5", python = "^3.6,<3.7" }, + { version = "^1.6.0", python = "^3.7" } +] From ea1c9de94c71a74816e1c224a8734ce0087871ba Mon Sep 17 00:00:00 2001 From: mo khan Date: Mon, 30 Aug 2021 14:13:49 -0600 Subject: [PATCH 2/8] test: ensure parser does not raise an error --- python/spec/dependabot/python/file_parser_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/spec/dependabot/python/file_parser_spec.rb b/python/spec/dependabot/python/file_parser_spec.rb index 8f9e799ee3..f306f537d0 100644 --- a/python/spec/dependabot/python/file_parser_spec.rb +++ b/python/spec/dependabot/python/file_parser_spec.rb @@ -1320,7 +1320,7 @@ let(:files) { project_dependency_files('poetry/multiple_requirements') } it "returns the dependencies with multiple requirements" do - expect(dependencies).not_to be_empty + expect { dependencies }.not_to raise_error end end end From 0ab9fd409bd5a81e2148cb4e99baca7cf722bef5 Mon Sep 17 00:00:00 2001 From: mo khan Date: Mon, 30 Aug 2021 14:31:03 -0600 Subject: [PATCH 3/8] fix: loop through each poetry requirement --- .../python/file_parser/poetry_files_parser.rb | 36 ++++++++++--------- 1 file changed, 20 insertions(+), 16 deletions(-) diff --git a/python/lib/dependabot/python/file_parser/poetry_files_parser.rb b/python/lib/dependabot/python/file_parser/poetry_files_parser.rb index ab85ef7e48..c8e63c2c78 100644 --- a/python/lib/dependabot/python/file_parser/poetry_files_parser.rb +++ b/python/lib/dependabot/python/file_parser/poetry_files_parser.rb @@ -43,22 +43,26 @@ def pyproject_dependencies deps_hash.each do |name, req| next if normalise(name) == "python" - next if req.is_a?(Hash) && UNSUPPORTED_DEPENDENCY_TYPES.any? { |t| req.key?(t) } - - check_requirements(req) - - dependencies << - Dependency.new( - name: normalise(name), - version: version_from_lockfile(name), - requirements: [{ - requirement: req.is_a?(String) ? req : req["version"], - file: pyproject.name, - source: nil, - groups: [type] - }], - package_manager: "pip" - ) + + requirements = Array(req).compact.map do |detected_requirement| + next if detected_requirement.is_a?(Hash) && UNSUPPORTED_DEPENDENCY_TYPES.any? { |t| detected_requirement.key?(t) } + + check_requirements(detected_requirement) + { + requirement: detected_requirement.is_a?(String) ? detected_requirement : detected_requirement["version"], + file: pyproject.name, + source: nil, + groups: [type] + } + end + next if requirements.empty? + + dependencies << Dependency.new( + name: normalise(name), + version: version_from_lockfile(name), + requirements: requirements, + package_manager: "pip" + ) end end From 0043c93ae015c753674dbae3cbe80249ba7f603f Mon Sep 17 00:00:00 2001 From: mo khan Date: Mon, 30 Aug 2021 14:35:28 -0600 Subject: [PATCH 4/8] test: assert the expected packages are parsed --- python/spec/dependabot/python/file_parser_spec.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/python/spec/dependabot/python/file_parser_spec.rb b/python/spec/dependabot/python/file_parser_spec.rb index f306f537d0..89c0913567 100644 --- a/python/spec/dependabot/python/file_parser_spec.rb +++ b/python/spec/dependabot/python/file_parser_spec.rb @@ -1317,10 +1317,11 @@ end context "with multiple requirements" do - let(:files) { project_dependency_files('poetry/multiple_requirements') } + let(:files) { project_dependency_files("poetry/multiple_requirements") } it "returns the dependencies with multiple requirements" do expect { dependencies }.not_to raise_error + expect(dependencies.map(&:name)).to contain_exactly("numpy", "scipy") end end end From 5dd5c832ca44a6b3ca2d9ac084520021fda49640 Mon Sep 17 00:00:00 2001 From: mo khan Date: Mon, 30 Aug 2021 14:47:35 -0600 Subject: [PATCH 5/8] refactor: extract method to parse requirement --- .../python/file_parser/poetry_files_parser.rb | 29 ++++++++++--------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/python/lib/dependabot/python/file_parser/poetry_files_parser.rb b/python/lib/dependabot/python/file_parser/poetry_files_parser.rb index c8e63c2c78..f7dbc9c24c 100644 --- a/python/lib/dependabot/python/file_parser/poetry_files_parser.rb +++ b/python/lib/dependabot/python/file_parser/poetry_files_parser.rb @@ -44,23 +44,10 @@ def pyproject_dependencies deps_hash.each do |name, req| next if normalise(name) == "python" - requirements = Array(req).compact.map do |detected_requirement| - next if detected_requirement.is_a?(Hash) && UNSUPPORTED_DEPENDENCY_TYPES.any? { |t| detected_requirement.key?(t) } - - check_requirements(detected_requirement) - { - requirement: detected_requirement.is_a?(String) ? detected_requirement : detected_requirement["version"], - file: pyproject.name, - source: nil, - groups: [type] - } - end - next if requirements.empty? - dependencies << Dependency.new( name: normalise(name), version: version_from_lockfile(name), - requirements: requirements, + requirements: parse_requirements_from(req, type), package_manager: "pip" ) end @@ -69,6 +56,20 @@ def pyproject_dependencies dependencies end + def parse_requirements_from(req, type) + Array(req).compact.map do |requirement| + next if requirement.is_a?(Hash) && (UNSUPPORTED_DEPENDENCY_TYPES & requirement.keys).any? + check_requirements(requirement) + + { + requirement: requirement.is_a?(String) ? requirement : requirement["version"], + file: pyproject.name, + source: nil, + groups: [type] + } + end.compact + end + # Create a DependencySet where each element has no requirement. Any # requirements will be added when combining the DependencySet with # other DependencySets. From 3e38e1a7bd1230c3a9769129fddd50b5a2c4b2a1 Mon Sep 17 00:00:00 2001 From: mo khan Date: Mon, 30 Aug 2021 14:54:01 -0600 Subject: [PATCH 6/8] fix: use array literal to prevent converting a Hash to an array of tuples --- .../lib/dependabot/python/file_parser/poetry_files_parser.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/python/lib/dependabot/python/file_parser/poetry_files_parser.rb b/python/lib/dependabot/python/file_parser/poetry_files_parser.rb index f7dbc9c24c..0cc6fc65de 100644 --- a/python/lib/dependabot/python/file_parser/poetry_files_parser.rb +++ b/python/lib/dependabot/python/file_parser/poetry_files_parser.rb @@ -56,8 +56,9 @@ def pyproject_dependencies dependencies end + # @param req can be an Array, Hash or String that represents the constraints for a dependency def parse_requirements_from(req, type) - Array(req).compact.map do |requirement| + [req].flatten.compact.map do |requirement| next if requirement.is_a?(Hash) && (UNSUPPORTED_DEPENDENCY_TYPES & requirement.keys).any? check_requirements(requirement) From d6e740e4d09c3a64db9acb29dd764c0418027bb8 Mon Sep 17 00:00:00 2001 From: mo khan Date: Mon, 30 Aug 2021 14:55:52 -0600 Subject: [PATCH 7/8] style: fix linter errors --- python/lib/dependabot/python/file_parser/poetry_files_parser.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/python/lib/dependabot/python/file_parser/poetry_files_parser.rb b/python/lib/dependabot/python/file_parser/poetry_files_parser.rb index 0cc6fc65de..ab824d84cf 100644 --- a/python/lib/dependabot/python/file_parser/poetry_files_parser.rb +++ b/python/lib/dependabot/python/file_parser/poetry_files_parser.rb @@ -60,6 +60,7 @@ def pyproject_dependencies def parse_requirements_from(req, type) [req].flatten.compact.map do |requirement| next if requirement.is_a?(Hash) && (UNSUPPORTED_DEPENDENCY_TYPES & requirement.keys).any? + check_requirements(requirement) { From 69e9e865d15476ce43054e4e977ef1a6c15a7370 Mon Sep 17 00:00:00 2001 From: mo khan Date: Wed, 1 Sep 2021 16:34:29 -0600 Subject: [PATCH 8/8] fix: exclude dependencies that do not have at least one supported requirement --- .../lib/dependabot/python/file_parser/poetry_files_parser.rb | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/python/lib/dependabot/python/file_parser/poetry_files_parser.rb b/python/lib/dependabot/python/file_parser/poetry_files_parser.rb index ab824d84cf..abdaca8dad 100644 --- a/python/lib/dependabot/python/file_parser/poetry_files_parser.rb +++ b/python/lib/dependabot/python/file_parser/poetry_files_parser.rb @@ -44,10 +44,13 @@ def pyproject_dependencies deps_hash.each do |name, req| next if normalise(name) == "python" + requirements = parse_requirements_from(req, type) + next if requirements.empty? + dependencies << Dependency.new( name: normalise(name), version: version_from_lockfile(name), - requirements: parse_requirements_from(req, type), + requirements: requirements, package_manager: "pip" ) end