From f04a6b679128f0c6f12ea8dd9229f84fc87bbd3c Mon Sep 17 00:00:00 2001 From: Jeff Widman Date: Fri, 15 Dec 2023 16:46:55 -0800 Subject: [PATCH] Make `toml` an explicit requirement I couldn't figure out why the tests were failing for: * https://github.com/dependabot/dependabot-core/pull/7741 until I realized that `pipfile` imports `toml`: https://github.com/pypa/pipfile/blob/4706d2cbd35e0b47a05a6421fa17f93827bc454f/setup.py#L44 which then gets used over in the unrelated file `parser.py`: https://github.com/dependabot/dependabot-core/blob/89ebc55dac8630574301a10917425f80a56e4763/python/helpers/lib/parser.py#L24 So let's make the import of `toml` explicit so that we aren't relying on the side effects of importing `pipfile`. The `toml` requirement from `pipfile` isn't pinned, so I simply pinned to the latest release. Python `3.11` added a native `tomllib` library, so once we drop support for `3.10` we can drop this 3p lib entirely. --- python/helpers/lib/parser.py | 2 ++ python/helpers/requirements.txt | 2 ++ python/helpers/run.py | 2 ++ 3 files changed, 6 insertions(+) diff --git a/python/helpers/lib/parser.py b/python/helpers/lib/parser.py index 07b8fb8631..aea4d8e4b2 100644 --- a/python/helpers/lib/parser.py +++ b/python/helpers/lib/parser.py @@ -13,6 +13,8 @@ ) from packaging.requirements import InvalidRequirement, Requirement +# TODO: Replace 3p package `toml` with 3.11's new stdlib `tomllib` once we drop +# support for Python 3.10. import toml # Inspired by pips internal check: diff --git a/python/helpers/requirements.txt b/python/helpers/requirements.txt index 7672ff5012..5885c1b4f6 100644 --- a/python/helpers/requirements.txt +++ b/python/helpers/requirements.txt @@ -5,6 +5,8 @@ hashin==0.17.0 pipenv==2023.11.17 pipfile==0.0.2 poetry==1.7.1 +# TODO: Replace 3p package `toml` with 3.11's new stdlib `tomllib` once we drop support for Python 3.10. +toml==0.10.2 # Some dependencies will only install if Cython is present Cython==3.0.8 diff --git a/python/helpers/run.py b/python/helpers/run.py index f80f8ff2ec..3b2fc11adc 100644 --- a/python/helpers/run.py +++ b/python/helpers/run.py @@ -6,6 +6,8 @@ if __name__ == "__main__": args = json.loads(sys.stdin.read()) + # TODO Python 3.10 added native switch statements, so switch this if/elif + # to that once we drop support for 3.9. if args["function"] == "parse_requirements": print(parser.parse_requirements(args["args"][0])) elif args["function"] == "parse_setup":