Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: bump python plugin version to include multiple fixes #1628

Merged
merged 1 commit into from
Feb 10, 2021
Merged

fix: bump python plugin version to include multiple fixes #1628

merged 1 commit into from
Feb 10, 2021

Conversation

dtrunley-snyk
Copy link
Contributor

@dtrunley-snyk dtrunley-snyk commented Feb 10, 2021
edited

  • Ready for review
  • Follows CONTRIBUTING rules
  • Reviewed by Snyk internal team

What does this PR do?

Bumps the python plugin to include the following fixes:

  • Stop parser from trying to look up packages not propagated to the lockfile (wheel, distributed, pip, setuptools)
  • Stop parser from failing when failing to locate dependency in lockfile and instead log a warning. This could be because of python requirements allowing it in the manifest but not actually installing it and adding a lockfile entry or because of how Poetry treats the use of underscores and hyphens when installing packages
  • Reversed PR that introduced swapping underscores in manifest for hyphens in lockfile. This was due to a misunderstanding of how Poetry worked and is remediated by the above.

What are the relevant tickets?

LOKI-174
LOKI-175
LOKI-187

@dtrunley-snyk dtrunley-snyk requested review from a team as code owners February 10, 2021 14:30
anthogez
anthogez approved these changes Feb 10, 2021
View reviewed changes
Copy link
Member

@anthogez anthogez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you add the github notes as commit message body? Thanks 🙏

@dtrunley-snyk dtrunley-snyk force-pushed the fix/bump-python-plugin-version branch 6 times, most recently from f735204 to 10f0a3a Compare February 10, 2021 17:01
@dtrunley-snyk
fix: bump python plugin version to include multiple fixes for Poetry
eaaf348 
Bumps the python plugin to include the following fixes:
- Stop parser from trying to look up packages not propagated to the lockfile (wheel, distributed, pip, setuptools)
- Stop parser from failing when unable to locate dependency in lockfile and to instead log a warning. This could be because of python requirements allowing it in the manifest but not actually installing it and adding a lockfile entry or because of how Poetry treats the use of underscores and hyphens when installing packages
- Reversed PR that introduced swapping underscores in manifest for hyphens in lockfile. This was due to a misunderstanding of how Poetry worked and is remediated by the above.
@github-actions
Copy link
Contributor

github-actions bot commented Feb 10, 2021
edited by dtrunley-snyk

Expected release notes (by @dtrunley-snyk)

fixes:
bump python plugin version to include multiple fixes for Poetry (eaaf348)

  • I hereby acknowledge these release notes are 🥙 AWESOME 🥙

@dtrunley-snyk dtrunley-snyk merged commit 157663f into master Feb 10, 2021
@dtrunley-snyk dtrunley-snyk deleted the fix/bump-python-plugin-version branch February 10, 2021 21:03
This was referenced Apr 26, 2021
Open
Open
Open
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@anthogez anthogez anthogez approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@dtrunley-snyk @anthogez