Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Standardize Package Details Fetching and Integrate Python Details Fetcher #11630

Draft
wants to merge 14 commits into
base: main
Choose a base branch
from
Draft

Standardize Package Details Fetching and Integrate Python Details Fetcher #11630

wants to merge 14 commits into from
+184 −78

Conversation

kbukum1
Copy link
Contributor

@kbukum1 kbukum1 commented Feb 19, 2025

What are you trying to accomplish?

This PR introduces a generic package details finder to standardize the way Dependabot fetches package metadata across different ecosystems. It integrates the Python package details fetcher into this generalized structure to improve maintainability and extensibility.

  • Implements a generic package details finder to unify package metadata retrieval.
  • Updates the Python package details fetcher to use this new structure.
  • Uses Python JSON API ({url}/pypi) to fetch metadata, including release dates, when available.
  • Falls back to HTML-based details fetching if the JSON API is unavailable or fails.

Anything you want to highlight for special attention from reviewers?

  • Ensures that the JSON API is prioritized while keeping the HTML fallback mechanism functional.
  • Validates that the existing Python package registry handling logic remains intact after refactoring.
  • Reviewers should confirm that the metadata retrieval logic remains consistent across different registry URLs, including private registries.

How will you know you've accomplished your goal?

  • The new generic package details finder correctly integrates with the Python ecosystem.
  • The system retrieves package metadata, including release dates, using the JSON API when possible.
  • If the JSON API is unavailable, the HTML fallback mechanism still provides accurate metadata.
  • All tests pass, and additional test cases confirm that both JSON-based and HTML-based metadata fetching work correctly.

Checklist

  • I have run the complete test suite to ensure all tests and linters pass.
  • I have thoroughly tested my code changes to ensure they work as expected, including adding additional tests for new functionality.
  • I have written clear and descriptive commit messages.
  • I have provided a detailed description of the changes in the pull request, including the problem it addresses, how it fixes the problem, and any relevant details about the implementation.
  • I have ensured that the code is well-documented and easy to understand.

github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 19, 2025
View reviewed changes
@kbukum1 kbukum1 force-pushed the kamil/standardize_package_details_fetching branch from 57d5e34 to 1af2e14 Compare February 20, 2025 18:10
@kbukum1 kbukum1 force-pushed the kamil/standardize_package_details_fetching branch from 28d081f to 3917c68 Compare February 21, 2025 00:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
L: python
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@kbukum1