fix dependabot#8414 follow peotry source constraint

lucemia · Nov 17, 2023 · 8ae784a · 8ae784a
1 parent 9773166
commit 8ae784a
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 5 deletions.
diff --git a/python/lib/dependabot/python/update_checker/index_finder.rb b/python/lib/dependabot/python/update_checker/index_finder.rb
@@ -123,14 +123,13 @@ def pyproject_index_urls
             # If source is PyPI, skip it, and let it pick the default URI
             next if source["name"].casecmp?("PyPI")
 
-            if source["default"]
+            if @dependency.all_sources.include?(source["name"])
+              urls[:main] = source["url"]
+            elsif source["default"]
               urls[:main] = source["url"]
             elsif source["priority"] != "explicit"
               # if source is not explicit, add it to extra
               urls[:extra] << source["url"]
-            elsif @dependency.all_sources.include?(source["name"])
-              # if source is explicit, and dependency has specified it as a source, add it to extra
-              urls[:extra] << source["url"]
             end
           end
           urls[:extra] = urls[:extra].uniq

diff --git a/python/spec/dependabot/python/update_checker/index_finder_spec.rb b/python/spec/dependabot/python/update_checker/index_finder_spec.rb
@@ -352,7 +352,7 @@
 
         it "gets the right index URLs" do
           expect(index_urls).to match_array(
-            ["https://pypi.org/simple/", "https://some.internal.registry.com/pypi/"]
+            ["https://some.internal.registry.com/pypi/"]
           )
         end
       end