librariesio · papiro · Jan 25, 2023 · Jan 24, 2023 · Jan 25, 2023 · Jan 25, 2023
diff --git a/app/models/package_manager/base.rb b/app/models/package_manager/base.rb
@@ -235,7 +235,10 @@ def self.save_dependencies(mapped_project, sync_version: :all)
 
         deps = begin
           dependencies(name, db_version.number, mapped_project)
-        rescue StandardError
+        rescue StandardError => e
+          Rails.logger.error(
+            "Error while trying to get dependencies for #{db_platform}/#{name}@#{db_version.number}: #{e.message}"
+          )
           []
         end
 

diff --git a/app/models/package_manager/pypi.rb b/app/models/package_manager/pypi.rb
@@ -123,14 +123,14 @@ def self.known_versions(name)
         &.index_by { |v| v[:number] } || {}
     end
 
-    def self.dependencies(name, version, _mapped_project)
+    def self.dependencies(name, version, _mapped_project = nil)
       api_response = get("https://pypi.org/pypi/#{name}/#{version}/json")
       deps = api_response.dig("info", "requires_dist")
-      source_info = api_response.dig("releases", version)
+      source_info = api_response.fetch("urls", [])
       Rails.logger.warn("Pypi sdist (no deps): #{name}") unless source_info.any? { |rel| rel["packagetype"] == "bdist_wheel" }
 
       deps.map do |dep|
-        name, version = dep.split
+        name, version = dep.split(/ /, 2)
         {
           project_name: name,
           requirements: version.nil? || version == ";" ? "*" : version.gsub(/\(|\)/, ""),

diff --git a/spec/fixtures/vcr_cassettes/pypi_dependencies_requests.yml b/spec/fixtures/vcr_cassettes/pypi_dependencies_requests.yml
diff --git a/spec/models/package_manager/pypi_spec.rb b/spec/models/package_manager/pypi_spec.rb
@@ -119,4 +119,31 @@
       expect(described_class.deprecation_info('foo')).to eq({is_deprecated: true, message: "Development Status :: 7 - Inactive"})
     end
   end
+
+  describe ".dependencies" do
+    it "returns the dependencies of a particular version" do
+      VCR.use_cassette("pypi_dependencies_requests", record: :once) do
+        expect(
+          described_class.dependencies("requests", "2.28.2")
+        ).to match_array(
+               [
+                 ["charset-normalizer", "<4,>=2"],
+                 ["idna", "<4,>=2.5"],
+                 ["urllib3", "<1.27,>=1.21.1"],
+                 ["certifi", ">=2017.4.17"],
+                 ["PySocks", "!=1.5.7,>=1.5.6 ; extra == 'socks'"],
+                 ["chardet", "<6,>=3.0.2 ; extra == 'use_chardet_on_py3'"]
+               ].map do |name, requirements|
+                 {
+                   project_name: name,
+                   requirements: requirements,
+                   kind: "runtime",
+                   optional: false,
+                   platform: "Pypi"
+                 }
+               end
+             )
+      end
+    end
+  end
 end