-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bugfix: Fixes #3763, #3830, and #4453 #5010
Conversation
c01b90b
to
16b33ef
Compare
16b33ef
to
4bd8b06
Compare
Prevent '--install-option' and '--global-option' from leaking into the next dependencies in the 'requirements.txt' file. You should not mutate the parameters provided by the caller unless you are aware of what you're doing. # BAD! Mutating the parameter! def bad(param): param += ['a'] # OK. Binding a new object to the name. def good(param): param = param + ['a'] Fixes pypa#3763, pypa#3830, and pypa#4453. Reference: https://github.com/simnalamburt/snippets/blob/master/python/pip-4453.py
4bd8b06
to
7795408
Compare
global_options = \ | ||
global_options + self.options.get('global_options', []) | ||
install_options = \ | ||
install_options + self.options.get('install_options', []) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's not at all clear why this makes a difference (I'm assuming it's something to do with in-place modification vs creating a new list?) so at a minimum, I'd want a comment explaining what's going on here. Better still would be a code change that didn't result in the reader having a huge temptation to switch back to the +=
form 😄
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reading the conversation thread clarifies (must read things in the right order in future :-)) but I'd still like a comment in the code.
Maybe better would be
# Take a copy so we don't mutate the value supplied by the caller
global_options = list(global_options)
global_options += self.options.get('global_options', [])
as that makes the point explicit in the code as well as in the comment.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1
Having a comment would definitely be helpful here. Nice catch btw.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hello @simnalamburt! Thanks for spotting this. 😄
If I may pitch in... If we are to take a copy, I would suggest to put it in another variable.
Currently, the global_options
and install_options
first refer to the arguments of the method, then refer to a modified copy of them. It can get confusing.
I would suggest something along:
package_global_options = \
global_options + self.options.get('global_options', [])
package_install_options = \
install_options + self.options.get('install_options', [])
Of course renaming in the next usages as well would be required.
I don't know if the comment should be put in that case, but I believe it is at least much less tempting to refactor into the +=
form with different names.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If I may pitch in... If we are to take a copy, I would suggest to put it in another variable.
It seems to be the best of the ideas so far. I'll update the PR.
Hello! I am an automated bot and I have noticed that this pull request is not currently able to be merged. If you are able to either merge the |
Closing in favour of #5090. |
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Prevent
--install-option
and--global-option
from leaking into the next dependencies in therequirements.txt
file.You should not mutate the parameters provided by the caller unless you are aware of what you're doing.
Fixes #3763, #3830, and #4453.
Reference