Skip to content

fix(dependency_groups): collect InvalidRequirement instead of leaking it#1302

Open
r266-tech wants to merge 1 commit into
pypa:mainfrom
r266-tech:fix-depgroups-invalidrequirement-collect
Open

fix(dependency_groups): collect InvalidRequirement instead of leaking it#1302
r266-tech wants to merge 1 commit into
pypa:mainfrom
r266-tech:fix-depgroups-invalidrequirement-collect

Conversation

@r266-tech

Copy link
Copy Markdown
Contributor

Follow-up to #1248. In DependencyGroupResolver._parse_group, the string-item branch builds Requirement(item) and lets InvalidRequirement propagate raw — the only branch in that loop that doesn't route through the error collector.

A single malformed PEP 508 requirement string therefore:

  1. drops sibling errors already collected for that group — the raw raise short-circuits the loop, so the post-loop if errors.errors: return () is never reached and any error collected earlier in the same loop (an invalid object {}, a non-string include-group, an unknown item type) is lost; and
  2. escapes the documented aggregated [dependency-groups] data for <group> was malformed ExceptionGroup as a bare InvalidRequirement.

#1248 collected the adjacent include-group TypeError in the same loop but left this branch raw. The fix wraps the parse in errors.collect(InvalidRequirement) — the collector's own documented in-loop helper (InvalidRequirement subclasses ValueError, so it's collectible) — so all malformed-group diagnostics are uniform and complete.

lookup() / resolve() document the aggregated-ExceptionGroup contract (not :raises InvalidRequirement), so this aligns the string branch with the port's actual contract rather than changing it. The regression test asserts a bad requirement string is now reported together with a co-occurring sibling error instead of dropping it.

In DependencyGroupResolver._parse_group, the str-item branch built
Requirement(item) and let InvalidRequirement propagate raw -- the only
branch in that loop that does not route through the error collector. A
single malformed PEP 508 string therefore (a) escaped the documented
aggregated '[dependency-groups] data for <group> was malformed'
ExceptionGroup as a bare InvalidRequirement, and (b) short-circuited the
loop, dropping every sibling error already collected for that group.

Wrap the requirement parse in errors.collect(InvalidRequirement) (the
collector's documented in-loop helper) so malformed-data diagnostics are
uniform and complete. Add a regression test asserting a bad requirement
string is reported together with a co-occurring sibling error.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant