Skip to content

Fix Pypi Dev version parsing #57

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jan 31, 2022
Merged

Fix Pypi Dev version parsing #57

merged 2 commits into from
Jan 31, 2022

Conversation

@grvillic
Copy link
Collaborator

@grvillic grvillic commented Jan 31, 2022
edited
Loading

Problem

Our PipComponentDetector is having issues resolving for dev dependency versions that do not have any number as suffix, e.g. 0.5.7.dev. This causes IPyPiClient to parse that version as if it were a release candidate 0.5.7 and consequently throws errors when adding it to dictionary, see line below:

component-detection/src/Microsoft.ComponentDetection.Detectors/pip/IPyPiClient.cs

Line 213 in 6176381

Logger.LogError($"Component {release.Key} : {JsonConvert.SerializeObject(release.Value)} could not be added to the sorted list of pip components. Error details follow:");

Steps to reproduce

  1. Create a requirements.txt file
  2. Add a dependency on nltk==3.6.2
  3. Run de detector look at the failure caused by ntlk -> joblib version parsing.

Solution

Add a new property that stores the dev label, and set the devNumber version to 0 to ensure we don't flag this package version as a "released".

@grvillic grvillic requested a review from a team as a code owner January 31, 2022 00:14
@grvillic grvillic requested a review from 8Gitbrix January 31, 2022 00:14
@grvillic grvillic enabled auto-merge (squash) January 31, 2022 00:15
@grvillic grvillic added the type:bug Bug fix of existing functionality label Jan 31, 2022
@jcfiorenzano
Copy link
Contributor

jcfiorenzano commented Jan 31, 2022

Shouldn't we add a test that validates that the components are parsed properly. The test that was modified in this PR validates the order, but in that test already existed versions with "dev" suffix so I think that we are missing a test in here where is evident the fix

@grvillic grvillic merged commit 2956bdb into main Jan 31, 2022
@grvillic grvillic deleted the grvillic/FixPypiDevVersions branch January 31, 2022 19:03
@github-actions
Copy link

github-actions bot commented Jan 31, 2022

👋 Hi! It looks like you modified some files in the Detectors folder.
You may need to bump the detector versions if any of the following scenarios apply:

  • The detector detects more or fewer components than before
  • The detector generates different parent/child graph relationships than before
  • The detector generates different devDependencies values than before

If none of the above scenarios apply, feel free to ignore this comment 🙂

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jcfiorenzano jcfiorenzano jcfiorenzano approved these changes

@8Gitbrix 8Gitbrix Awaiting requested review from 8Gitbrix 8Gitbrix is a code owner automatically assigned from microsoft/ose-component-detection-maintainers

Assignees

No one assigned

Labels

type:bug Bug fix of existing functionality

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@grvillic @jcfiorenzano