search

pyupio / pyup

A tool to update your project's dependencies on GitHub. Runs on pyup.io, comes with a command line interface.
https://pyup.io
MIT License
454 stars 67 forks source link

get_hashes is bogus #407

Open cblegare opened 3 years ago

cblegare commented 3 years ago

Hello there!

I'm trying out the bot before even considering the service. I have a requirements.txt file with hashes.

I get the following error

Update cryptography to 3.4.7:   0%|                                                                                                                                                                                                                   | 0/15 [00:00<?, ?it/s]
Traceback (most recent call last):
  File "/home/chabou1/git/gitlab.com/exfo/products/tandm/basecamp/cloud/admin/.venv/bin/pyup", line 8, in <module>
    sys.exit(main())

...

  File "/home/me/project/.venv/lib/python3.8/site-packages/pyup/requirements.py", line 473, in get_hashes
    return data["hashes"]
KeyError: 'hashes'

And I most likely found a bug in https://github.com/pyupio/pyup/blob/master/pyup/requirements.py#L462-L473

Also, this function looks like is mocked in test, not tested itself. I might have missed something...

cblegare commented 3 years ago

PR started last year: #392

cblegare commented 3 years ago

I there are no issue about this, only a PR, so I reopen