(python) fatal error upgrading `cryptography`; calling get_dependency_hash fails #10631

albertferras-vrf · 2024-09-18T14:29:27Z

Is there an existing issue for this?

I have searched the existing issues

Package ecosystem

pip

Package manager version

pip-compile

Language version

python 3.11

Manifest location and content before the Dependabot update

/requirements.in
/requirements.txt

dependabot.yml content

version: 2
updates:
- package-ecosystem: pip
  directory: "/"
  schedule:
    interval: daily
    time: "03:00"
  open-pull-requests-limit: 10
  # https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates#insecure-external-code-execution
  insecure-external-code-execution: allow

Updated dependency

cryptography

What you expected to see, versus what you actually saw

New dependabot PR proposing upgrade of cryptography package. However, dependabot job fails

Native package manager behavior

Manually modifying requirements.in and setting cryptography~=43.0.0, then
pip-compile --generate-hashes --output-file=requirements.txt requirements.in
updates the requirements.txt correctly.

Images of the diff or a link to the PR, issue, or logs

I have executed the dependabot job in debug mode, which shows the actual error

Run github/dependabot-action@main
  env:
    DEPENDABOT_DISABLE_CLEANUP: 1
    DEPENDABOT_ENABLE_CONNECTIVITY_CHECK: 0
    GITHUB_TOKEN: ***
    GITHUB_DEPENDABOT_JOB_TOKEN: ***
    GITHUB_DEPENDABOT_CRED_TOKEN: ***
🤖 ~ starting update ~
Fetching job details
Pulling updater images
  Pulling image ghcr.io/dependabot/dependabot-updater-pip:924fd238e64398866957b64ce54d617a4c97dca0...
  Pulled image ghcr.io/dependabot/dependabot-updater-pip:924fd238e64398866957b64ce54d617a4c97dca0
  Pulling image ghcr.io/github/dependabot-update-job-proxy/dependabot-update-job-proxy:v2.0.20240823173836@sha256:78046d2567eb436b8f74df05337f0e67691786ec564d35acf4045cb2f5a72ae4...
  Pulled image ghcr.io/github/dependabot-update-job-proxy/dependabot-update-job-proxy:v2.0.20240823173836@sha256:78046d2567eb436b8f74df05337f0e67691786ec564d35acf4045cb2f5a72ae4
Starting update process
Created proxy container: 8d83d51afa72c8378735906f2a23e859d64066190c55cf8a58b0ffadff9fcf59
Created container: 939545ccdf41dc5613b92c15df879ae6014a7315e93d2c70a646e6020f02e828
  proxy | 2024/09/18 13:28:19 proxy starting, commit: 4b205854d854b9a07b006f95f5298bd47cab74af
2024/09/18 13:28:19 Listening (:1080)
updater | Updating certificates in /etc/ssl/certs...
updater | rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
updater | 1 added, 0 removed; done.
updater | Running hooks in /etc/ca-certificates/update.d...
updater | done.
updater | 2024/09/18 13:28:23 INFO <job_887052198> Starting job processing
2024/09/18 13:28:23 INFO <job_887052198> Job definition: {"job":{"allowed-updates":[{"dependency-type":"direct","update-type":"all"}],"commit-message-options":{"prefix":null,"prefix-development":null,"include-scope":null},"credentials-metadata":[{"type":"git_source","host":"github.com"}],"debug":null,"dependencies":null,"dependency-groups":[],"dependency-group-to-refresh":null,"existing-pull-requests":[],"existing-group-pull-requests":[],"experiments":{"record-ecosystem-versions":true,"record-update-job-unknown-error":true,"proxy-cached":true,"move-job-token":true,"dependency-change-validation":true,"nuget-dependency-solver":true,"add-deprecation-warn-to-pr-message":true},"ignore-conditions":[],"lockfile-only":false,"max-updater-run-time":2700,"package-manager":"pip","proxy-log-response-body-on-auth-failure":true,"requirements-update-strategy":null,"reject-external-code":false,"security-advisories":[],"security-updates-only":false,"source":{"provider":"github","repo":"myorg/mypackage","bra
  proxy | 2024/09/18 13:28:23 [002] GET https://github.com:443/myorg/mypackage/info/refs?service=git-upload-pack
  proxy | 2024/09/18 13:28:23 [002] * authenticating git server request (host: github.com)
  proxy | 2024/09/18 13:28:24 [002] 200 https://github.com:443/myorg/mypackage/info/refs?service=git-upload-pack
  proxy | 2024/09/18 13:28:24 [004] POST https://github.com:443/myorg/mypackage/git-upload-pack
2024/09/18 13:28:24 [004] * authenticating git server request (host: github.com)
  proxy | 2024/09/18 13:28:24 [004] 200 https://github.com:443/myorg/mypackage/git-upload-pack
  proxy | 2024/09/18 13:28:24 [006] POST https://github.com:443/myorg/mypackage/git-upload-pack
2024/09/18 13:28:24 [006] * authenticating git server request (host: github.com)
  proxy | 2024/09/18 13:28:24 [006] 200 https://github.com:443/myorg/mypackage/git-upload-pack
updater | 2024/09/18 13:28:24 INFO <job_887052198> Dependabot is using Python version '3.12'.
  proxy | 2024/09/18 13:28:24 [008] POST /update_jobs/887052198/record_ecosystem_versions
  proxy | 2024/09/18 13:28:24 [008] 204 /update_jobs/887052198/record_ecosystem_versions
updater | 2024/09/18 13:28:24 INFO <job_887052198> Base commit SHA: 8f231eb75f33039c80b8ce21e9bc2af75a0041cd
updater | 2024/09/18 13:28:24 INFO <job_887052198> Finished job processing
updater | 2024/09/18 13:28:27 INFO <job_887052198> Starting job processing
  proxy | 2024/09/18 13:28:30 [011] POST /update_jobs/887052198/update_dependency_list
  proxy | 2024/09/18 13:28:30 [011] 204 /update_jobs/887052198/update_dependency_list
  proxy | 2024/09/18 13:28:30 [013] POST /update_jobs/887052198/increment_metric
  proxy | 2024/09/18 13:28:30 [013] 204 /update_jobs/887052198/increment_metric
updater | 2024/09/18 13:28:30 INFO <job_887052198> Starting update job for myorg/mypackage
2024/09/18 13:28:30 INFO <job_887052198> Checking all dependencies for version updates...
updater | 2024/09/18 13:28:30 INFO <job_887052198> Checking if cryptography 42.0.8 needs updating
  proxy | 2024/09/18 13:28:30 [015] GET https://pypi.org:443/simple/cryptography/
  proxy | 2024/09/18 13:28:30 [015] 200 https://pypi.org:443/simple/cryptography/
updater | 2024/09/18 13:28:31 INFO <job_887052198> Filtered out 48 yanked versions
updater | 2024/09/18 13:28:31 INFO <job_887052198> Latest version is 43.0.1
  proxy | 2024/09/18 13:28:32 [019] GET https://pypi.org:443/simple/cryptography/
  proxy | 2024/09/18 13:28:32 [019] 200 https://pypi.org:443/simple/cryptography/
  proxy | 2024/09/18 13:28:32 [021] GET https://files.pythonhosted.org:443/packages/ac/7e/ebda4dd4ae098a0990753efbb4b50954f1d03003846b943ea85070782da7/cryptography-43.0.1-cp39-abi3-manylinux_2_28_x86_64.whl.metadata
  proxy | 2024/09/18 13:28:32 [021] 200 https://files.pythonhosted.org:443/packages/ac/7e/ebda4dd4ae098a0990753efbb4b50954f1d03003846b943ea85070782da7/cryptography-43.0.1-cp39-abi3-manylinux_2_28_x86_64.whl.metadata
  proxy | 2024/09/18 13:28:32 [023] GET https://pypi.org:443/simple/cffi/
  proxy | 2024/09/18 13:28:32 [023] 200 https://pypi.org:443/simple/cffi/
  proxy | 2024/09/18 13:28:32 [025] GET https://files.pythonhosted.org:443/packages/b2/d5/da47df7004cb17e4955df6a43d14b3b4ae77737dff8bf7f8f333196717bf/cffi-1.17.1-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata
  proxy | 2024/09/18 13:28:32 [025] 200 https://files.pythonhosted.org:443/packages/b2/d5/da47df7004cb17e4955df6a43d14b3b4ae77737dff8bf7f8f333196717bf/cffi-1.17.1-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata
  proxy | 2024/09/18 13:28:32 [027] GET https://pypi.org:443/simple/pycparser/
  proxy | 2024/09/18 13:28:32 [027] 200 https://pypi.org:443/simple/pycparser/
  proxy | 2024/09/18 13:28:32 [029] GET https://files.pythonhosted.org:443/packages/13/a3/a812df4e2dd5696d1f351d58b8fe16a405b234ad2886a0dab9183fb78109/pycparser-2.22-py3-none-any.whl.metadata
  proxy | 2024/09/18 13:28:32 [029] 200 https://files.pythonhosted.org:443/packages/13/a3/a812df4e2dd5696d1f351d58b8fe16a405b234ad2886a0dab9183fb78109/pycparser-2.22-py3-none-any.whl.metadata
  proxy | 2024/09/18 13:28:33 [031] GET https://files.pythonhosted.org:443/packages/ac/7e/ebda4dd4ae098a0990753efbb4b50954f1d03003846b943ea85070782da7/cryptography-43.0.1-cp39-abi3-manylinux_2_28_x86_64.whl
  proxy | 2024/09/18 13:28:33 [031] 200 https://files.pythonhosted.org:443/packages/ac/7e/ebda4dd4ae098a0990753efbb4b50954f1d03003846b943ea85070782da7/cryptography-43.0.1-cp39-abi3-manylinux_2_28_x86_64.whl
  proxy | 2024/09/18 13:28:33 [033] GET https://files.pythonhosted.org:443/packages/b2/d5/da47df7004cb17e4955df6a43d14b3b4ae77737dff8bf7f8f333196717bf/cffi-1.17.1-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
  proxy | 2024/09/18 13:28:33 [033] 200 https://files.pythonhosted.org:443/packages/b2/d5/da47df7004cb17e4955df6a43d14b3b4ae77737dff8bf7f8f333196717bf/cffi-1.17.1-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
  proxy | 2024/09/18 13:28:33 [035] GET https://files.pythonhosted.org:443/packages/13/a3/a812df4e2dd5696d1f351d58b8fe16a405b234ad2886a0dab9183fb78109/pycparser-2.22-py3-none-any.whl
  proxy | 2024/09/18 13:28:33 [035] 200 https://files.pythonhosted.org:443/packages/13/a3/a812df4e2dd5696d1f351d58b8fe16a405b234ad2886a0dab9183fb78109/pycparser-2.22-py3-none-any.whl
updater | 2024/09/18 13:28:34 INFO <job_887052198> Requirements to unlock own
2024/09/18 13:28:34 INFO <job_887052198> Requirements update strategy bump_versions
updater | 2024/09/18 13:28:34 INFO <job_887052198> Updating cryptography from 42.0.8 to 43.0.1
  proxy | 2024/09/18 13:28:35 [037] GET https://pypi.org:443/simple/cryptography/
  proxy | 2024/09/18 13:28:35 [037] 304 https://pypi.org:443/simple/cryptography/
  proxy | 2024/09/18 13:28:35 [039] GET https://pypi.org:443/simple/cffi/
  proxy | 2024/09/18 13:28:35 [039] 304 https://pypi.org:443/simple/cffi/
  proxy | 2024/09/18 13:28:35 [041] GET https://pypi.org:443/simple/pycparser/
  proxy | 2024/09/18 13:28:35 [041] 304 https://pypi.org:443/simple/pycparser/
  proxy | 2024/09/18 13:28:35 [043] GET https://pypi.org:443/simple/cryptography/
  proxy | 2024/09/18 13:28:35 [043] 304 https://pypi.org:443/simple/cryptography/
  proxy | 2024/09/18 13:28:36 [045] GET https://pypi.org:443/pypi/cryptography/json
  proxy | 2024/09/18 13:28:36 [045] 200 https://pypi.org:443/pypi/cryptography/json
  proxy | 2024/09/18 13:28:37 [047] GET https://pypi.org:443/pypi/cryptography/json
  proxy | 2024/09/18 13:28:37 [047] 200 https://pypi.org:443/pypi/cryptography/json
  proxy | 2024/09/18 13:28:38 [049] POST /update_jobs/887052198/record_update_job_unknown_error
  proxy | 2024/09/18 13:28:38 [049] 204 /update_jobs/887052198/record_update_job_unknown_error
  proxy | 2024/09/18 13:28:38 [051] POST /update_jobs/887052198/record_update_job_error
  proxy | 2024/09/18 13:28:38 [051] 204 /update_jobs/887052198/record_update_job_error
  proxy | 2024/09/18 13:28:39 [053] POST /update_jobs/887052198/increment_metric
  proxy | 2024/09/18 13:28:39 [053] 204 /update_jobs/887052198/increment_metric
  proxy | 2024/09/18 13:28:39 [055] POST /update_jobs/887052198/record_update_job_unknown_error
  proxy | 2024/09/18 13:28:39 [055] 204 /update_jobs/887052198/record_update_job_unknown_error
updater | 2024/09/18 13:28:39 ERROR <job_887052198> Error processing cryptography (Dependabot::SharedHelpers::HelperSubprocessFailed)
2024/09/18 13:28:39 ERROR <job_887052198> Traceback (most recent call last):
  File "/opt/python/run.py", line 18, in <module>
    print(hasher.get_dependency_hash(*args["args"]))
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/python/lib/hasher.py", line 11, in get_dependency_hash
    hashes = hashin.get_package_hashes(
             ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/.pyenv/versions/3.12.5/lib/python3.12/site-packages/hashin.py", line 650, in get_package_hashes
    data = get_package_data(package, index_url, verbose)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/.pyenv/versions/3.12.5/lib/python3.12/site-packages/hashin.py", line 578, in get_package_data
    content = json.loads(_download(url))
                         ^^^^^^^^^^^^^^
  File "/usr/local/.pyenv/versions/3.12.5/lib/python3.12/site-packages/hashin.py", line 57, in _download
    r = urlopen(url)
        ^^^^^^^^^^^^
  File "/usr/local/.pyenv/versions/3.12.5/lib/python3.12/urllib/request.py", line 215, in urlopen
    return opener.open(url, data, timeout)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/.pyenv/versions/3.12.5/lib/python3.12/urllib/request.py", line 499, in open
    req = Request(fullurl, data)
          ^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/.pyenv/versions/3.12.5/lib/python3.12/urllib/request.py", line 318, in __init__
    self.full_url = url
    ^^^^^^^^^^^^^
  File "/usr/local/.pyenv/versions/3.12.5/lib/python3.12/urllib/request.py", line 344, in full_url
    self._parse()
  File "/usr/local/.pyenv/versions/3.12.5/lib/python3.12/urllib/request.py", line 373, in _parse
    raise ValueError("unknown url type: %r" % self.full_url)
ValueError: unknown url type: '/pypi/cryptography/json'
updater | 2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/common/lib/dependabot/shared_helpers.rb:198:in `rescue in run_helper_subprocess'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/common/lib/dependabot/shared_helpers.rb:187:in `run_helper_subprocess'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/call_validation.rb:167:in `bind_call'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/call_validation.rb:167:in `validate_call_skip_block_type'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/call_validation.rb:109:in `block in create_validator_slow_skip_block_type'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/python/lib/dependabot/python/file_updater/pip_compile_file_updater.rb:404:in `block in package_hashes_for'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/python/lib/dependabot/python/file_updater/pip_compile_file_updater.rb:398:in `each'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/python/lib/dependabot/python/file_updater/pip_compile_file_updater.rb:398:in `package_hashes_for'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/python/lib/dependabot/python/file_updater/pip_compile_file_updater.rb:352:in `block in update_hashes_if_required'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/python/lib/dependabot/python/file_updater/pip_compile_file_updater.rb:349:in `each'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/python/lib/dependabot/python/file_updater/pip_compile_file_updater.rb:349:in `update_hashes_if_required'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/python/lib/dependabot/python/file_updater/pip_compile_file_updater.rb:296:in `post_process_compiled_file'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/python/lib/dependabot/python/file_updater/pip_compile_file_updater.rb:88:in `block (2 levels) in compile_new_requirement_files'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/python/lib/dependabot/python/file_updater/pip_compile_file_updater.rb:82:in `each'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/python/lib/dependabot/python/file_updater/pip_compile_file_updater.rb:82:in `filter_map'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/python/lib/dependabot/python/file_updater/pip_compile_file_updater.rb:82:in `block in compile_new_requirement_files'
updater | 2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/common/lib/dependabot/shared_helpers.rb:81:in `block in in_a_temporary_directory'
updater | 2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/common/lib/dependabot/shared_helpers.rb:81:in `chdir'
updater | 2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/common/lib/dependabot/shared_helpers.rb:81:in `in_a_temporary_directory'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/call_validation.rb:270:in `bind_call'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/call_validation.rb:270:in `validate_call'
updater | 2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/call_validation.rb:191:in `block in create_validator_slow'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/python/lib/dependabot/python/file_updater/pip_compile_file_updater.rb:71:in `compile_new_requirement_files'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/python/lib/dependabot/python/file_updater/pip_compile_file_updater.rb:57:in `fetch_updated_dependency_files'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/python/lib/dependabot/python/file_updater/pip_compile_file_updater.rb:46:in `updated_dependency_files'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/python/lib/dependabot/python/file_updater.rb:122:in `updated_pip_compile_based_files'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/call_validation.rb:270:in `bind_call'
updater | 2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/call_validation.rb:270:in `validate_call'
updater | 2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/_methods.rb:277:in `block in _on_method_added'
updater | 2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/python/lib/dependabot/python/file_updater.rb:41:in `updated_dependency_files'
updater | 2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/call_validation.rb:270:in `bind_call'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/call_validation.rb:270:in `validate_call'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/_methods.rb:277:in `block in _on_method_added'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/lib/dependabot/dependency_change_builder.rb:143:in `generate_dependency_files'
updater | 2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/call_validation.rb:270:in `bind_call'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/call_validation.rb:270:in `validate_call'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/_methods.rb:277:in `block in _on_method_added'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/lib/dependabot/dependency_change_builder.rb:72:in `run'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/call_validation.rb:270:in `bind_call'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/call_validation.rb:270:in `validate_call'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/_methods.rb:277:in `block in _on_method_added'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/lib/dependabot/dependency_change_builder.rb:44:in `create_from'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/call_validation.rb:270:in `bind_call'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/call_validation.rb:270:in `validate_call'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/_methods.rb:277:in `block in _on_method_added'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/update_all_versions.rb:166:in `check_and_create_pull_request'
updater | 2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/call_validation.rb:270:in `bind_call'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/call_validation.rb:270:in `validate_call'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/_methods.rb:277:in `block in _on_method_added'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/update_all_versions.rb:94:in `check_and_create_pr_with_error_handling'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/call_validation.rb:270:in `bind_call'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/call_validation.rb:270:in `validate_call'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/_methods.rb:277:in `block in _on_method_added'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/update_all_versions.rb:59:in `block in perform'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/update_all_versions.rb:59:in `each'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/update_all_versions.rb:59:in `perform'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/call_validation.rb:270:in `bind_call'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/call_validation.rb:270:in `validate_call'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/_methods.rb:277:in `block in _on_method_added'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/group_update_all_versions.rb:137:in `block in run_ungrouped_dependency_updates'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/group_update_all_versions.rb:122:in `each'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/group_update_all_versions.rb:122:in `run_ungrouped_dependency_updates'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/call_validation.rb:270:in `bind_call'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/call_validation.rb:270:in `validate_call'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/_methods.rb:277:in `block in _on_method_added'
updater | 2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/group_update_all_versions.rb:65:in `perform'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/call_validation.rb:270:in `bind_call'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/call_validation.rb:270:in `validate_call'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/_methods.rb:277:in `block in _on_method_added'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:45:in `run'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/lib/dependabot/update_files_command.rb:44:in `block in perform_job'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/opentelemetry-api-1.2.3/lib/opentelemetry/trace/tracer.rb:37:in `block in in_span'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/opentelemetry-api-1.2.3/lib/opentelemetry/trace.rb:70:in `block in with_span'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/opentelemetry-api-1.2.3/lib/opentelemetry/context.rb:87:in `with_value'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/opentelemetry-api-1.2.3/lib/opentelemetry/trace.rb:70:in `with_span'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/opentelemetry-api-1.2.3/lib/opentelemetry/trace/tracer.rb:37:in `in_span'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/lib/dependabot/update_files_command.rb:18:in `perform_job'
2024/09/18 13:28:39 ERROR <job_887052198> /home/dependabot/dependabot-updater/lib/dependabot/base_command.rb:37:in `run'
2024/09/18 13:28:39 ERROR <job_887052198> bin/update_files.rb:46:in `<main>'
  proxy | 2024/09/18 13:28:39 [057] PATCH /update_jobs/887052198/mark_as_processed
  proxy | 2024/09/18 13:28:39 [057] 204 /update_jobs/887052198/mark_as_processed
updater | 2024/09/18 13:28:39 INFO <job_887052198> Finished job processing
updater | 2024/09/18 13:28:39 INFO Results:
Dependabot encountered '1' error(s) during execution, please check the logs for more details.
+-------------------------------+
| Dependencies failed to update |
+---------------+---------------+
| cryptography  | unknown_error |
+---------------+---------------+
Failure running container 939545ccdf41dc5613b92c15df879ae6014a7315e93d2c70a646e6020f02e828
Cleaned up container 939545ccdf41dc5613b92c15df879ae6014a7315e93d2c70a646e6020f02e828
  proxy | 2024/09/18 13:28:39 1/27 calls cached (3%)
2024/09/18 13:28:39 Posting metrics to remote API endpoint
Error: Dependabot encountered an error performing the update

Error: The updater encountered one or more errors.

For more information see: https://github.com/myorg/mypackage/network/updates/887052198 (write access to the repository is required to view the log)
🤖 ~ finished: error reported to Dependabot ~

Smallest manifest that reproduces the issue

requirements.in

cryptography==42.0.8

requirements.txt

#
# This file is autogenerated by pip-compile with Python 3.12
# by the following command:
#
#    pip-compile --generate-hashes --output-file=requirements.txt requirements.in
#
cffi==1.17.1 \
    --hash=sha256:045d61c734659cc045141be4bae381a41d89b741f795af1dd018bfb532fd0df8 \
    --hash=sha256:0984a4925a435b1da406122d4d7968dd861c1385afe3b45ba82b750f229811e2 \
    --hash=sha256:0e2b1fac190ae3ebfe37b979cc1ce69c81f4e4fe5746bb401dca63a9062cdaf1 \
    --hash=sha256:0f048dcf80db46f0098ccac01132761580d28e28bc0f78ae0d58048063317e15 \
    --hash=sha256:1257bdabf294dceb59f5e70c64a3e2f462c30c7ad68092d01bbbfb1c16b1ba36 \
    --hash=sha256:1c39c6016c32bc48dd54561950ebd6836e1670f2ae46128f67cf49e789c52824 \
    --hash=sha256:1d599671f396c4723d016dbddb72fe8e0397082b0a77a4fab8028923bec050e8 \
    --hash=sha256:28b16024becceed8c6dfbc75629e27788d8a3f9030691a1dbf9821a128b22c36 \
    --hash=sha256:2bb1a08b8008b281856e5971307cc386a8e9c5b625ac297e853d36da6efe9c17 \
    --hash=sha256:30c5e0cb5ae493c04c8b42916e52ca38079f1b235c2f8ae5f4527b963c401caf \
    --hash=sha256:31000ec67d4221a71bd3f67df918b1f88f676f1c3b535a7eb473255fdc0b83fc \
    --hash=sha256:386c8bf53c502fff58903061338ce4f4950cbdcb23e2902d86c0f722b786bbe3 \
    --hash=sha256:3edc8d958eb099c634dace3c7e16560ae474aa3803a5df240542b305d14e14ed \
    --hash=sha256:45398b671ac6d70e67da8e4224a065cec6a93541bb7aebe1b198a61b58c7b702 \
    --hash=sha256:46bf43160c1a35f7ec506d254e5c890f3c03648a4dbac12d624e4490a7046cd1 \
    --hash=sha256:4ceb10419a9adf4460ea14cfd6bc43d08701f0835e979bf821052f1805850fe8 \
    --hash=sha256:51392eae71afec0d0c8fb1a53b204dbb3bcabcb3c9b807eedf3e1e6ccf2de903 \
    --hash=sha256:5da5719280082ac6bd9aa7becb3938dc9f9cbd57fac7d2871717b1feb0902ab6 \
    --hash=sha256:610faea79c43e44c71e1ec53a554553fa22321b65fae24889706c0a84d4ad86d \
    --hash=sha256:636062ea65bd0195bc012fea9321aca499c0504409f413dc88af450b57ffd03b \
    --hash=sha256:6883e737d7d9e4899a8a695e00ec36bd4e5e4f18fabe0aca0efe0a4b44cdb13e \
    --hash=sha256:6b8b4a92e1c65048ff98cfe1f735ef8f1ceb72e3d5f0c25fdb12087a23da22be \
    --hash=sha256:6f17be4345073b0a7b8ea599688f692ac3ef23ce28e5df79c04de519dbc4912c \
    --hash=sha256:706510fe141c86a69c8ddc029c7910003a17353970cff3b904ff0686a5927683 \
    --hash=sha256:72e72408cad3d5419375fc87d289076ee319835bdfa2caad331e377589aebba9 \
    --hash=sha256:733e99bc2df47476e3848417c5a4540522f234dfd4ef3ab7fafdf555b082ec0c \
    --hash=sha256:7596d6620d3fa590f677e9ee430df2958d2d6d6de2feeae5b20e82c00b76fbf8 \
    --hash=sha256:78122be759c3f8a014ce010908ae03364d00a1f81ab5c7f4a7a5120607ea56e1 \
    --hash=sha256:805b4371bf7197c329fcb3ead37e710d1bca9da5d583f5073b799d5c5bd1eee4 \
    --hash=sha256:85a950a4ac9c359340d5963966e3e0a94a676bd6245a4b55bc43949eee26a655 \
    --hash=sha256:8f2cdc858323644ab277e9bb925ad72ae0e67f69e804f4898c070998d50b1a67 \
    --hash=sha256:9755e4345d1ec879e3849e62222a18c7174d65a6a92d5b346b1863912168b595 \
    --hash=sha256:98e3969bcff97cae1b2def8ba499ea3d6f31ddfdb7635374834cf89a1a08ecf0 \
    --hash=sha256:a08d7e755f8ed21095a310a693525137cfe756ce62d066e53f502a83dc550f65 \
    --hash=sha256:a1ed2dd2972641495a3ec98445e09766f077aee98a1c896dcb4ad0d303628e41 \
    --hash=sha256:a24ed04c8ffd54b0729c07cee15a81d964e6fee0e3d4d342a27b020d22959dc6 \
    --hash=sha256:a45e3c6913c5b87b3ff120dcdc03f6131fa0065027d0ed7ee6190736a74cd401 \
    --hash=sha256:a9b15d491f3ad5d692e11f6b71f7857e7835eb677955c00cc0aefcd0669adaf6 \
    --hash=sha256:ad9413ccdeda48c5afdae7e4fa2192157e991ff761e7ab8fdd8926f40b160cc3 \
    --hash=sha256:b2ab587605f4ba0bf81dc0cb08a41bd1c0a5906bd59243d56bad7668a6fc6c16 \
    --hash=sha256:b62ce867176a75d03a665bad002af8e6d54644fad99a3c70905c543130e39d93 \
    --hash=sha256:c03e868a0b3bc35839ba98e74211ed2b05d2119be4e8a0f224fba9384f1fe02e \
    --hash=sha256:c59d6e989d07460165cc5ad3c61f9fd8f1b4796eacbd81cee78957842b834af4 \
    --hash=sha256:c7eac2ef9b63c79431bc4b25f1cd649d7f061a28808cbc6c47b534bd789ef964 \
    --hash=sha256:c9c3d058ebabb74db66e431095118094d06abf53284d9c81f27300d0e0d8bc7c \
    --hash=sha256:ca74b8dbe6e8e8263c0ffd60277de77dcee6c837a3d0881d8c1ead7268c9e576 \
    --hash=sha256:caaf0640ef5f5517f49bc275eca1406b0ffa6aa184892812030f04c2abf589a0 \
    --hash=sha256:cdf5ce3acdfd1661132f2a9c19cac174758dc2352bfe37d98aa7512c6b7178b3 \
    --hash=sha256:d016c76bdd850f3c626af19b0542c9677ba156e4ee4fccfdd7848803533ef662 \
    --hash=sha256:d01b12eeeb4427d3110de311e1774046ad344f5b1a7403101878976ecd7a10f3 \
    --hash=sha256:d63afe322132c194cf832bfec0dc69a99fb9bb6bbd550f161a49e9e855cc78ff \
    --hash=sha256:da95af8214998d77a98cc14e3a3bd00aa191526343078b530ceb0bd710fb48a5 \
    --hash=sha256:dd398dbc6773384a17fe0d3e7eeb8d1a21c2200473ee6806bb5e6a8e62bb73dd \
    --hash=sha256:de2ea4b5833625383e464549fec1bc395c1bdeeb5f25c4a3a82b5a8c756ec22f \
    --hash=sha256:de55b766c7aa2e2a3092c51e0483d700341182f08e67c63630d5b6f200bb28e5 \
    --hash=sha256:df8b1c11f177bc2313ec4b2d46baec87a5f3e71fc8b45dab2ee7cae86d9aba14 \
    --hash=sha256:e03eab0a8677fa80d646b5ddece1cbeaf556c313dcfac435ba11f107ba117b5d \
    --hash=sha256:e221cf152cff04059d011ee126477f0d9588303eb57e88923578ace7baad17f9 \
    --hash=sha256:e31ae45bc2e29f6b2abd0de1cc3b9d5205aa847cafaecb8af1476a609a2f6eb7 \
    --hash=sha256:edae79245293e15384b51f88b00613ba9f7198016a5948b5dddf4917d4d26382 \
    --hash=sha256:f1e22e8c4419538cb197e4dd60acc919d7696e5ef98ee4da4e01d3f8cfa4cc5a \
    --hash=sha256:f3a2b4222ce6b60e2e8b337bb9596923045681d71e5a082783484d845390938e \
    --hash=sha256:f6a16c31041f09ead72d69f583767292f750d24913dadacf5756b966aacb3f1a \
    --hash=sha256:f75c7ab1f9e4aca5414ed4d8e5c0e303a34f4421f8a0d47a4d019ceff0ab6af4 \
    --hash=sha256:f79fc4fc25f1c8698ff97788206bb3c2598949bfe0fef03d299eb1b5356ada99 \
    --hash=sha256:f7f5baafcc48261359e14bcd6d9bff6d4b28d9103847c9e136694cb0501aef87 \
    --hash=sha256:fc48c783f9c87e60831201f2cce7f3b2e4846bf4d8728eabe54d60700b318a0b
    # via cryptography
cryptography==42.0.8 \
    --hash=sha256:013629ae70b40af70c9a7a5db40abe5d9054e6f4380e50ce769947b73bf3caad \
    --hash=sha256:2346b911eb349ab547076f47f2e035fc8ff2c02380a7cbbf8d87114fa0f1c583 \
    --hash=sha256:2f66d9cd9147ee495a8374a45ca445819f8929a3efcd2e3df6428e46c3cbb10b \
    --hash=sha256:2f88d197e66c65be5e42cd72e5c18afbfae3f741742070e3019ac8f4ac57262c \
    --hash=sha256:31f721658a29331f895a5a54e7e82075554ccfb8b163a18719d342f5ffe5ecb1 \
    --hash=sha256:343728aac38decfdeecf55ecab3264b015be68fc2816ca800db649607aeee648 \
    --hash=sha256:5226d5d21ab681f432a9c1cf8b658c0cb02533eece706b155e5fbd8a0cdd3949 \
    --hash=sha256:57080dee41209e556a9a4ce60d229244f7a66ef52750f813bfbe18959770cfba \
    --hash=sha256:5a94eccb2a81a309806027e1670a358b99b8fe8bfe9f8d329f27d72c094dde8c \
    --hash=sha256:6b7c4f03ce01afd3b76cf69a5455caa9cfa3de8c8f493e0d3ab7d20611c8dae9 \
    --hash=sha256:7016f837e15b0a1c119d27ecd89b3515f01f90a8615ed5e9427e30d9cdbfed3d \
    --hash=sha256:81884c4d096c272f00aeb1f11cf62ccd39763581645b0812e99a91505fa48e0c \
    --hash=sha256:81d8a521705787afe7a18d5bfb47ea9d9cc068206270aad0b96a725022e18d2e \
    --hash=sha256:8d09d05439ce7baa8e9e95b07ec5b6c886f548deb7e0f69ef25f64b3bce842f2 \
    --hash=sha256:961e61cefdcb06e0c6d7e3a1b22ebe8b996eb2bf50614e89384be54c48c6b63d \
    --hash=sha256:9c0c1716c8447ee7dbf08d6db2e5c41c688544c61074b54fc4564196f55c25a7 \
    --hash=sha256:a0608251135d0e03111152e41f0cc2392d1e74e35703960d4190b2e0f4ca9c70 \
    --hash=sha256:a0c5b2b0585b6af82d7e385f55a8bc568abff8923af147ee3c07bd8b42cda8b2 \
    --hash=sha256:ad803773e9df0b92e0a817d22fd8a3675493f690b96130a5e24f1b8fabbea9c7 \
    --hash=sha256:b297f90c5723d04bcc8265fc2a0f86d4ea2e0f7ab4b6994459548d3a6b992a14 \
    --hash=sha256:ba4f0a211697362e89ad822e667d8d340b4d8d55fae72cdd619389fb5912eefe \
    --hash=sha256:c4783183f7cb757b73b2ae9aed6599b96338eb957233c58ca8f49a49cc32fd5e \
    --hash=sha256:c9bb2ae11bfbab395bdd072985abde58ea9860ed84e59dbc0463a5d0159f5b71 \
    --hash=sha256:cafb92b2bc622cd1aa6a1dce4b93307792633f4c5fe1f46c6b97cf67073ec961 \
    --hash=sha256:d45b940883a03e19e944456a558b67a41160e367a719833c53de6911cabba2b7 \
    --hash=sha256:dc0fdf6787f37b1c6b08e6dfc892d9d068b5bdb671198c72072828b80bd5fe4c \
    --hash=sha256:dea567d1b0e8bc5764b9443858b673b734100c2871dc93163f58c46a97a83d28 \
    --hash=sha256:dec9b018df185f08483f294cae6ccac29e7a6e0678996587363dc352dc65c842 \
    --hash=sha256:e3ec3672626e1b9e55afd0df6d774ff0e953452886e06e0f1eb7eb0c832e8902 \
    --hash=sha256:e599b53fd95357d92304510fb7bda8523ed1f79ca98dce2f43c115950aa78801 \
    --hash=sha256:fa76fbb7596cc5839320000cdd5d0955313696d9511debab7ee7278fc8b5c84a \
    --hash=sha256:fff12c88a672ab9c9c1cf7b0c80e3ad9e2ebd9d828d955c126be4fd3e5578c9e
    # via -r requirements.in
pycparser==2.22 \
    --hash=sha256:491c8be9c040f5390f5bf44a5b07752bd07f56edf992381b05c701439eec10f6 \
    --hash=sha256:c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc
    # via cffi

The text was updated successfully, but these errors were encountered:

albertferras-vrf · 2024-09-18T14:40:52Z

Might be related to this closed issue? #7907

cc @jurre

miketheman · 2024-10-02T14:38:16Z

I was further debugging this, after having seen it fail pretty regularly (example: https://github.com/pypi/warehouse/actions/runs/11141094843/job/30961268872#step:3:16681 )

The error appears when using the hashin library is passed an invalid/incomplete URL, from this function

dependabot-core/python/helpers/lib/hasher.py

Lines 8 to 23 in a8fd490

    
           def get_dependency_hash(dependency_name, dependency_version, algorithm, 
        
                                   index_url=hashin.DEFAULT_INDEX_URL): 
        
               try: 
        
                   hashes = hashin.get_package_hashes( 
        
                       dependency_name, 
        
                       version=dependency_version, 
        
                       algorithm=algorithm, 
        
                       index_url=index_url 
        
                   ) 
        
                   return json.dumps({"result": hashes["hashes"]}) 
        
               except hashin.PackageNotFoundError as e: 
        
                   return json.dumps({ 
        
                       "error": repr(e), 
        
                       "error_class:": e.__class__.__name__, 
        
                       "trace:": ''.join(traceback.format_stack()) 
        
                   })

Example:

get_dependency_hash("cryptography", "", "sha256", "/pypi/zope-interface/json"))

produces the same error. (replace cryptography with anything, same error)

I also thing it's related to the recently-merged #7907 - I'm guessing something is malformed the value input to this function - it works fine without it, since it'll default to pypi.org

What's confusing is that this error is not happening for all other dependencies, so it's entirely possible that something upstream of this request is parsing something incorrectly, potentially a complex requirements.in / requirements.txt file?
It's failing pretty consistently here: https://github.com/pypi/warehouse/actions/workflows/dependabot/dependabot-updates?query=is%3Afailure
And the repo has a bunch of requirements files that can be used to test things out.

albertferras-vrf added the T: bug 🐞 Something isn't working label Sep 18, 2024

github-actions bot added L: dotnet:nuget NuGet packages via nuget or dotnet L: python L: ruby:bundler RubyGems via bundler labels Sep 18, 2024

brettfo removed the L: dotnet:nuget NuGet packages via nuget or dotnet label Sep 25, 2024

rebkwok mentioned this issue Oct 8, 2024

Upgrade pymssql opensafely-core/sqlrunner#299

Merged

rebkwok mentioned this issue Oct 23, 2024

Replace dependabot with update-dependencies-action opensafely-core/sqlrunner#305

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

(python) fatal error upgrading `cryptography`; calling get_dependency_hash fails #10631

(python) fatal error upgrading `cryptography`; calling get_dependency_hash fails #10631

albertferras-vrf commented Sep 18, 2024

albertferras-vrf commented Sep 18, 2024

miketheman commented Oct 2, 2024 •

edited

Loading

(python) fatal error upgrading cryptography; calling get_dependency_hash fails #10631

(python) fatal error upgrading cryptography; calling get_dependency_hash fails #10631

Comments

albertferras-vrf commented Sep 18, 2024

Is there an existing issue for this?

Package ecosystem

Package manager version

Language version

Manifest location and content before the Dependabot update

dependabot.yml content

Updated dependency

What you expected to see, versus what you actually saw

Native package manager behavior

Images of the diff or a link to the PR, issue, or logs

Smallest manifest that reproduces the issue

albertferras-vrf commented Sep 18, 2024

miketheman commented Oct 2, 2024 • edited Loading

(python) fatal error upgrading `cryptography`; calling get_dependency_hash fails #10631

(python) fatal error upgrading `cryptography`; calling get_dependency_hash fails #10631

miketheman commented Oct 2, 2024 •

edited

Loading