pip_requirements fails to update hashes on dependencies with extras #16869
Labels
manager:pip_requirements
pip requirements.txt
priority-3-medium
Default priority, "should be done" but isn't prioritised ahead of others
type:bug
Bug fix of existing functionality
How are you running Renovate?
Self-hosted
If you're self-hosting Renovate, tell us what version of Renovate you run.
32.135.0
Please select which platform you are using if self-hosting.
GitLab self-hosted
If you're self-hosting Renovate, tell us what version of the platform you run.
GitLab CE 15.1.3
Was this something which used to work for you, and then stopped?
I never saw this working
Describe the bug
Given a requirements.txt file with (a.o.) the following entries,
pip_requirements
successfully updates the hashes for all dependencies except forboto3-stubs
. It does create a MR with the updated version, but fails to update the hashes as well.I dug into the source code a bit. Just from reading, I think the error is in line 31 of lib/modules/manager/pip_requirements/artifacts.ts: The test for the presence of hashes expects that the dependency name is directly followed by
==
. However, line 112 of lib/modules/manager/pip_requirements/extract.ts stores only the package name (here:boto3-stubs
) without any extras (here:[iam]
) in the dependency name. Therefore, the test evaluates tofalse
even though there are hashes.Minimal repro is available at chludwig-haufe/renovate-pip-requirements-extras-repro. Therein, renovate created two PRs: chludwig-haufe/renovate-pip-requirements-extras-repro#1 updates the hashes as well, chludwig-haufe/renovate-pip-requirements-extras-repro#2 only updates the version number, not the hashes.
Relevant debug logs
Logs
Have you created a minimal reproduction repository?
I have linked to a minimal reproduction repository in the bug description
The text was updated successfully, but these errors were encountered: