search

dependabot / dependabot-core

🤖 Dependabot's core logic for creating update PRs.
https://docs.github.com/en/code-security/dependabot
MIT License
4.65k stars 1.01k forks source link

Support for Poetry 1.5 Source Priority #7440

Open DanielRejniak opened 1 year ago

DanielRejniak commented 1 year ago

Is there an existing issue for this?

Feature description

We currently updated to poetry to version 1.5 that introduced source priority. This has caused unexpected errors in our dependabot build. After further investigation of the dependabot-core codebase we think that there is no support for the latest poetry changes. ie (priorities) or the format produced by poetry is incompatible thus causing issue.

This is especialy important since the deprication messages outline the following 

Warning: In a future version of Poetry, PyPI will be disabled automatically if at least one custom source is configured with another priority than 'explicit'. In order to avoid a breaking change and make your pyproject.toml forward compatible, add PyPI explicitly via 'poetry source add pypi'. By the way, this has the advantage that you can set the priority of PyPI as with any other source.

Addiitonlay suggesting to avoid using the secondary property and move over to the priority based sources.

Warning: Found deprecated priority 'secondary' for source ‘foo’ in pyproject.toml. Consider changing the priority to one of the non-deprecated values: 'default', 'primary', 'supplemental', 'explicit'.

I have raised an bug but I believe this could be escalated to a feature request : https://github.com/dependabot/dependabot-core/issues/7431

donbowman commented 1 year ago 
[[tool.poetry.source]]
url = "https://git.agilicus.com/api/v4/projects/328/packages/pypi/simple"
name = "common"
priority="primary"

[[tool.poetry.source]]
name = "PyPI"
priority = "primary"

this causes dependabot to break.

--------Check platform/messages gunicorn 20.1.0
/bot/vendor/ruby/3.1.0/gems/dependabot-python-0.232.0/lib/dependabot/python/helpers.rb:23:in `run_poetry_command': The Poetry configuration is invalid: (Dependabot::SharedHelpers::HelperSubprocessFailed)
  - [source.0] Additional properties are not allowed ('priority' was unexpected)
  - [source.1] Additional properties are not allowed ('priority' was unexpected)
  - [source.1] 'url' is a required property
Rogalek commented 3 months ago

is anything happening here?