Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix handling of prerelease-only resolutions #477

Merged
merged 8 commits into from
Jan 20, 2023
Merged

Fix handling of prerelease-only resolutions #477

merged 8 commits into from
Jan 20, 2023

Conversation

woodruffw
Copy link
Member

@woodruffw woodruffw commented Jan 11, 2023
edited
Loading

WIP; just for visibility into where I've inserted debug statements.

Fixes #472.

Signed-off-by: William Woodruff [email protected]

@woodruffw woodruffw added the component:dep-sources Dependency sources label Jan 11, 2023
@woodruffw woodruffw self-assigned this Jan 11, 2023
@woodruffw woodruffw mentioned this pull request Jan 20, 2023
Closed
@woodruffw
pypi_provider: simplify, fix handling
14acff9 
We need `all([any(...) ...])` because of the nested iterators here:
we check whether each requirement's specifier allows this candidate,
and all specifiers need to allow it.
@woodruffw
test: add prerelease resolution test
dcad819
@woodruffw
CHANGELOG: record changes
498f030
@woodruffw woodruffw changed the title pip_audit: begin debugging prerelease selection Fix handling of prerelease-only resolutions Jan 20, 2023
@woodruffw woodruffw marked this pull request as ready for review January 20, 2023 03:17
@woodruffw woodruffw requested a review from di January 20, 2023 03:17
@woodruffw
Copy link
Member Author

Thanks again for reporting this @redbmk!

I can confirm that these changes appear to fix the bug for me:

$ pip-audit -r <(echo 'sqlalchemy2-stubs') --format=json
No known vulnerabilities found
{"dependencies": [{"name": "sqlalchemy2-stubs", "version": "0.0.2a32", "vulns": []}, {"name": "typing-extensions", "version": "4.4.0", "vulns": []}], "fixes": []}

Would you mind also giving them a spin and letting me know if they work for you as well?

@woodruffw woodruffw merged commit 8ca615d into main Jan 20, 2023
@woodruffw woodruffw deleted the ww/prerelease-debugging branch January 20, 2023 15:51
@redbmk
Copy link
Contributor

redbmk commented Jan 20, 2023

This is perfect - works like a charm! Thanks for fixing this so fast!

@woodruffw
Copy link
Member Author

This is perfect - works like a charm! Thanks for fixing this so fast!

No problem, thanks again for helping us debug! I'll get a patch release made to ship this out as well.

@woodruffw woodruffw mentioned this pull request Jan 20, 2023
Merged
@redbmk
Copy link
Contributor

redbmk commented Jan 20, 2023

Awesome, thanks! Was just going to ask what your typical release cadence was - I'll keep an eye out for the release

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@di di di approved these changes

@tetsuo-cpp tetsuo-cpp Awaiting requested review from tetsuo-cpp

Assignees

@woodruffw woodruffw

Labels
component:dep-sources Dependency sources
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Does not work with prerelease-only dependencies that have no specific version
3 participants
@woodruffw @redbmk @di