Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Re-implement Git version parsing with regex #10117

Merged
merged 1 commit into from
Jul 2, 2021

Conversation

uranusjr
Copy link
Member

@uranusjr uranusjr commented Jul 1, 2021

After packaging drops LegacyVersion (see pypa/packaging#407), packaging.version.parse() will no longer guarantee to be able to parse Git versions, so we need to invent our own parser. Since we really only care about the major and minor segments, the logic is pretty simple.

@uranusjr
Copy link
Member Author

uranusjr commented Jul 1, 2021

I only searched the code base for LegacyVersion, LegacySpecifier, version.parse, and parse_version. There are a couple of LegacyVersion references that cannot be removed yet, but we can do them quickly enough. Hopefully I did not miss anything.

After packaging drops LegacyVersion, version.parse() will no longer
guarantee to be able to parse Git versions, so we need to invent our own
parser. Since we really only care about the major and minor segments,
the logic is pretty simple.
@uranusjr uranusjr force-pushed the prepare-for-no-legacy branch from 0449b5c to 48fc779 Compare July 1, 2021 06:44
@uranusjr uranusjr merged commit 72e38ca into pypa:main Jul 2, 2021
@uranusjr uranusjr deleted the prepare-for-no-legacy branch July 2, 2021 11:03
inmantaci added a commit to inmanta/inmanta-core that referenced this pull request Jul 26, 2021
Bumps [pip](https://github.com/pypa/pip) from 21.1.3 to 21.2.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>21.2.1 (2021-07-25)</h1>
<h2>Process</h2>
<ul>
<li>The source distribution re-installation feature removal has been delayed to 21.3.</li>
</ul>
<h1>21.2 (2021-07-24)</h1>
<h2>Process</h2>
<ul>
<li><code>pip freeze</code>, <code>pip list</code>, and <code>pip show</code> no longer normalize underscore
(<code>_</code>) in distribution names to dash (<code>-</code>). This is a side effect of the
migration to <code>importlib.metadata</code>, since the underscore-dash normalization
behavior is non-standard and specific to setuptools. This should not affect
other parts of pip (for example, when feeding the <code>pip freeze</code> result back
into <code>pip install</code>) since pip internally performs standard PEP 503
normalization independently to setuptools.</li>
</ul>
<h2>Deprecations and Removals</h2>
<ul>
<li>Git version parsing is now done with regular expression to prepare for the
pending upstream removal of non-PEP-440 version parsing logic. (<code>[#10117](pypa/pip#10117) &lt;https://github.com/pypa/pip/issues/10117&gt;</code>_)</li>
<li>Re-enable the &quot;Value for ... does not match&quot; location warnings to field a new
round of feedback for the <code>distutils</code>-<code>sysconfig</code> transition. (<code>[#10151](pypa/pip#10151) &lt;https://github.com/pypa/pip/issues/10151&gt;</code>_)</li>
<li>Remove deprecated <code>--find-links</code> option in <code>pip freeze</code> (<code>[#9069](pypa/pip#9069) &lt;https://github.com/pypa/pip/issues/9069&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>
<p>New resolver: Loosen URL comparison logic when checking for direct URL reference
equivalency. The logic includes the following notable characteristics:</p>
<ul>
<li>The authentication part of the URL is explicitly ignored.</li>
<li>Most of the fragment part, including <code>egg=</code>, is explicitly ignored. Only
<code>subdirectory=</code> and hash values (e.g. <code>sha256=</code>) are kept.</li>
<li>The query part of the URL is parsed to allow ordering differences. (<code>[#10002](pypa/pip#10002) &lt;https://github.com/pypa/pip/issues/10002&gt;</code>_)</li>
</ul>
</li>
<li>
<p>Support TOML v1.0.0 syntax in <code>pyproject.toml</code>. (<code>[#10034](pypa/pip#10034) &lt;https://github.com/pypa/pip/issues/10034&gt;</code>_)</p>
</li>
<li>
<p>Added a warning message for errors caused due to Long Paths being disabled on Windows. (<code>[#10045](pypa/pip#10045) &lt;https://github.com/pypa/pip/issues/10045&gt;</code>_)</p>
</li>
<li>
<p>Change the encoding of log file from default text encoding to UTF-8. (<code>[#10071](pypa/pip#10071) &lt;https://github.com/pypa/pip/issues/10071&gt;</code>_)</p>
</li>
<li>
<p>Log the resolved commit SHA when installing a package from a Git repository. (<code>[#10149](pypa/pip#10149) &lt;https://github.com/pypa/pip/issues/10149&gt;</code>_)</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/pip/commit/bd41229cdced10d2b7c304a1ef2d61baad3c7da0"><code>bd41229</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/765a4b40227653d22d30c85448ec343e542f41d7"><code>765a4b4</code></a> Bump for development</li>
<li><a href="https://github.com/pypa/pip/commit/3d25c5327d0887271958999ac44709728b5c4f5a"><code>3d25c53</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/27b9a9c35c96e4032af7603ca03651d8f5917681"><code>27b9a9c</code></a> Update AUTHORS.txt</li>
<li><a href="https://github.com/pypa/pip/commit/b9dbab277b7206fd9efc16cef793ab01ccfb32fb"><code>b9dbab2</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/10199">#10199</a> from uranusjr/remove-local-sdist-reinstall</li>
<li><a href="https://github.com/pypa/pip/commit/33b7f0cd9e0fff6bd532941a530d7f8b3472eb55"><code>33b7f0c</code></a> Remove deprecated sdist reinstall feature for 21.2</li>
<li><a href="https://github.com/pypa/pip/commit/a8b8d4d7fe214a0d4e78b0d98d0b97e471858fe5"><code>a8b8d4d</code></a> Document how to install provides_extras from local wheel file (<a href="https://github-redirect.dependabot.com/pypa/pip/issues/9698">#9698</a>)</li>
<li><a href="https://github.com/pypa/pip/commit/239a30737277887fed9f609ae786a0fb80591be4"><code>239a307</code></a> Error handling upon <code>uninstall</code> invalid parameter (<a href="https://github-redirect.dependabot.com/pypa/pip/issues/10171">#10171</a>)</li>
<li><a href="https://github.com/pypa/pip/commit/5e86264b5ac1c62d08f91a16a068647d8872e4e8"><code>5e86264</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/10189">#10189</a> from harupy/type-annotations-index-models</li>
<li><a href="https://github.com/pypa/pip/commit/02b1855b45eb143b524f773eafb46d77406504d3"><code>02b1855</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/10188">#10188</a> from harupy/type-annotations-req</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/21.1.3...21.2.1">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=21.1.3&new-version=21.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
aalexanderr added a commit to aalexanderr/fetchcode that referenced this pull request Aug 23, 2021
WARNING: fetchcode's vcs will not work on this commit.
This is result of separating pip's code from changes made in scope of
this repository.

This should make it easier to track potentially replicated issues from
pip when taking their vcs pkg.

It also made cleaning up easier, due to some maintenance activities done
in pip:
- dropping Python 2 & 3.5 support
  pypa/pip#9189
- modernized code after above - partially done, tracked in:
  pypa/pip#8802
- added py3.9 support
- updated vendored libraries (e.g. fixing CVE-2021-28363)
  multiple PRs

pip._internal.vcs (and related code) changes:
- Fetch resources that are missing locally:
  pypa/pip#8817
- Improve SVN version parser (Windows)
  pypa/pip#8665
- Always close stderr after subprocess completion:
  pypa/pip#9156
- Remove vcs export feature:
  pypa/pip#9713
- Remove support for git+ssh@ scheme in favour of git+ssh://
  pypa/pip#9436
- Security fix in git tags parsing (CVE-2021-3572):
  pypa/pip#9827
- Reimplement Git version parsing:
  pypa/pip#10117

In next commits, most of pip's internals will be removed from fetchcode,
leaving only vcs module with supporting code (like utils functions,
tests (which will be added & submitted with this change))

This will allow for changes such as ability to add return codes
(probably via futures) from long running downloads and other features.

Switching to having own vcs module might also be a good call due to
pip._internal.vcs close integration with pip's cli in vcs module (some
pip code has been commented out in commit mentioned below)

While generally copy-pasting code without history is bad idea, this
commit follows precedence set in this repo by:
8046215
with exception that all changes to pip's code will be submitted as separate
commits.

It has been agreed with @pombredanne & @TG1999 that history from pip
will be rebased on fetchcode by @pombredanne (thanks!). It will be done
only for the files that are of concern for fetchcode to limit noise in
git history.

I'm leaving this commit without SoB intentionally, as this is not my
work, but that of the many pip's authors:
https://github.com/pypa/pip/blob/21.2.4/AUTHORS.txt
License of pip: MIT (https://pypi.org/project/pip/)
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 25, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants