dependabot-conda 0.330.0 → 0.332.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8575063b9703256c28cf5dafaa89a2cdee5a7f1159bb6a65d906ad34120e937c
|
|
4
|
+
data.tar.gz: fce31ba90bf623fa8fb5a4c2703cca3cc9a2a7905972996c40b37ea02c6b72be
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 60528c5bbb89b2213a1f3592b8327bc2c380cb12f1a1bc66a3a892d623fbdaa1d3d0afce0c007e3059e753416ba00fcd41e90a9f7fd643b3414150022b4cdf73
|
|
7
|
+
data.tar.gz: fe960766d75131ae9f67e0d082a9efe31ac11b53e4c00b0f483fadc56535add79b535f9ec6646e71946856371cefdce83aa5f77ef9fab7771c00e193f1d2a4b9
|
|
@@ -8,6 +8,7 @@ require "dependabot/file_parsers/base"
|
|
|
8
8
|
require "dependabot/conda/python_package_classifier"
|
|
9
9
|
require "dependabot/conda/requirement"
|
|
10
10
|
require "dependabot/conda/version"
|
|
11
|
+
require "dependabot/conda/package_manager"
|
|
11
12
|
|
|
12
13
|
module Dependabot
|
|
13
14
|
module Conda
|
|
@@ -25,8 +26,28 @@ module Dependabot
|
|
|
25
26
|
dependencies.uniq
|
|
26
27
|
end
|
|
27
28
|
|
|
29
|
+
sig { returns(Ecosystem) }
|
|
30
|
+
def ecosystem
|
|
31
|
+
@ecosystem ||= T.let(
|
|
32
|
+
Ecosystem.new(
|
|
33
|
+
name: ECOSYSTEM,
|
|
34
|
+
package_manager: package_manager,
|
|
35
|
+
language: nil
|
|
36
|
+
),
|
|
37
|
+
T.nilable(Ecosystem)
|
|
38
|
+
)
|
|
39
|
+
end
|
|
40
|
+
|
|
28
41
|
private
|
|
29
42
|
|
|
43
|
+
sig { returns(Ecosystem::VersionManager) }
|
|
44
|
+
def package_manager
|
|
45
|
+
@package_manager ||= T.let(
|
|
46
|
+
CondaPackageManager.new,
|
|
47
|
+
T.nilable(Ecosystem::VersionManager)
|
|
48
|
+
)
|
|
49
|
+
end
|
|
50
|
+
|
|
30
51
|
sig { returns(T::Array[Dependabot::DependencyFile]) }
|
|
31
52
|
def environment_files
|
|
32
53
|
dependency_files.select { |f| f.name.match?(/^environment\.ya?ml$/i) }
|
|
@@ -16,7 +16,6 @@ module Dependabot
|
|
|
16
16
|
extend T::Sig
|
|
17
17
|
|
|
18
18
|
NAME = "conda"
|
|
19
|
-
VERSION = "latest"
|
|
20
19
|
|
|
21
20
|
SUPPORTED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
|
|
22
21
|
DEPRECATED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
|
|
@@ -25,7 +24,7 @@ module Dependabot
|
|
|
25
24
|
def initialize
|
|
26
25
|
super(
|
|
27
26
|
name: NAME,
|
|
28
|
-
version:
|
|
27
|
+
version: nil,
|
|
29
28
|
deprecated_versions: DEPRECATED_VERSIONS,
|
|
30
29
|
supported_versions: SUPPORTED_VERSIONS
|
|
31
30
|
)
|
|
@@ -54,7 +54,7 @@ module Dependabot
|
|
|
54
54
|
credentials: credentials,
|
|
55
55
|
ignored_versions: ignored_versions,
|
|
56
56
|
raise_on_ignored: @raise_on_ignored,
|
|
57
|
-
security_advisories:
|
|
57
|
+
security_advisories: python_compatible_security_advisories,
|
|
58
58
|
cooldown_options: @cooldown_options
|
|
59
59
|
),
|
|
60
60
|
T.nilable(Dependabot::Python::UpdateChecker::LatestVersionFinder)
|
|
@@ -81,6 +81,28 @@ module Dependabot
|
|
|
81
81
|
end
|
|
82
82
|
end
|
|
83
83
|
|
|
84
|
+
sig { returns(T::Array[Dependabot::SecurityAdvisory]) }
|
|
85
|
+
def python_compatible_security_advisories
|
|
86
|
+
security_advisories.map do |advisory|
|
|
87
|
+
# Convert Conda requirements to Python requirements for pip compatibility
|
|
88
|
+
python_vulnerable_versions = advisory.vulnerable_versions.flat_map do |conda_req|
|
|
89
|
+
Dependabot::Python::Requirement.requirements_array(conda_req.to_s)
|
|
90
|
+
end
|
|
91
|
+
|
|
92
|
+
python_safe_versions = advisory.safe_versions.flat_map do |conda_req|
|
|
93
|
+
Dependabot::Python::Requirement.requirements_array(conda_req.to_s)
|
|
94
|
+
end
|
|
95
|
+
|
|
96
|
+
# Normalize security advisories to use 'pip' package manager for Python delegation
|
|
97
|
+
Dependabot::SecurityAdvisory.new(
|
|
98
|
+
dependency_name: advisory.dependency_name,
|
|
99
|
+
package_manager: "pip", # Use pip for PyPI compatibility
|
|
100
|
+
vulnerable_versions: python_vulnerable_versions,
|
|
101
|
+
safe_versions: python_safe_versions
|
|
102
|
+
)
|
|
103
|
+
end
|
|
104
|
+
end
|
|
105
|
+
|
|
84
106
|
sig { params(conda_requirement: T.nilable(String)).returns(T.nilable(String)) }
|
|
85
107
|
def convert_conda_requirement_to_pip(conda_requirement)
|
|
86
108
|
RequirementTranslator.conda_to_pip(conda_requirement)
|
|
@@ -25,6 +25,7 @@ module Dependabot
|
|
|
25
25
|
requirements_update_strategy: T.nilable(Dependabot::RequirementsUpdateStrategy),
|
|
26
26
|
dependency_group: T.nilable(Dependabot::DependencyGroup),
|
|
27
27
|
update_cooldown: T.nilable(Dependabot::Package::ReleaseCooldownOptions),
|
|
28
|
+
exclude_paths: T.nilable(T::Array[String]),
|
|
28
29
|
options: T::Hash[Symbol, T.untyped]
|
|
29
30
|
)
|
|
30
31
|
.void
|
|
@@ -33,7 +34,7 @@ module Dependabot
|
|
|
33
34
|
repo_contents_path: nil, ignored_versions: [],
|
|
34
35
|
raise_on_ignored: false, security_advisories: [],
|
|
35
36
|
requirements_update_strategy: nil, dependency_group: nil,
|
|
36
|
-
update_cooldown: nil, options: {})
|
|
37
|
+
update_cooldown: nil, exclude_paths: [], options: {})
|
|
37
38
|
super
|
|
38
39
|
@latest_version = T.let(nil, T.nilable(T.any(String, Dependabot::Version)))
|
|
39
40
|
@lowest_resolvable_security_fix_version = T.let(nil, T.nilable(Dependabot::Version))
|
|
@@ -134,19 +135,26 @@ module Dependabot
|
|
|
134
135
|
def fetch_lowest_resolvable_security_fix_version
|
|
135
136
|
# Delegate to latest_version_finder for security fix resolution
|
|
136
137
|
# This leverages Python ecosystem's security advisory infrastructure
|
|
137
|
-
latest_version_finder.lowest_security_fix_version
|
|
138
|
+
fix_version = latest_version_finder.lowest_security_fix_version
|
|
139
|
+
|
|
140
|
+
# If no security fix version is found, fall back to latest_resolvable_version
|
|
141
|
+
if fix_version.nil?
|
|
142
|
+
fallback = latest_resolvable_version
|
|
143
|
+
return fallback.is_a?(String) ? Dependabot::Conda::Version.new(fallback) : fallback
|
|
144
|
+
end
|
|
145
|
+
|
|
146
|
+
fix_version
|
|
138
147
|
end
|
|
139
148
|
|
|
140
149
|
sig { override.returns(T::Boolean) }
|
|
141
150
|
def latest_version_resolvable_with_full_unlock?
|
|
142
|
-
#
|
|
151
|
+
# No lock file support for Conda
|
|
143
152
|
false
|
|
144
153
|
end
|
|
145
154
|
|
|
146
155
|
sig { override.returns(T::Array[Dependabot::Dependency]) }
|
|
147
156
|
def updated_dependencies_after_full_unlock
|
|
148
|
-
|
|
149
|
-
[]
|
|
157
|
+
raise NotImplementedError
|
|
150
158
|
end
|
|
151
159
|
|
|
152
160
|
sig { params(requirement_string: String, new_version: String).returns(String) }
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-conda
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.332.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,28 +15,28 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.332.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.332.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: dependabot-python
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
29
29
|
requirements:
|
|
30
30
|
- - '='
|
|
31
31
|
- !ruby/object:Gem::Version
|
|
32
|
-
version: 0.
|
|
32
|
+
version: 0.332.0
|
|
33
33
|
type: :runtime
|
|
34
34
|
prerelease: false
|
|
35
35
|
version_requirements: !ruby/object:Gem::Requirement
|
|
36
36
|
requirements:
|
|
37
37
|
- - '='
|
|
38
38
|
- !ruby/object:Gem::Version
|
|
39
|
-
version: 0.
|
|
39
|
+
version: 0.332.0
|
|
40
40
|
- !ruby/object:Gem::Dependency
|
|
41
41
|
name: debug
|
|
42
42
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -273,7 +273,7 @@ licenses:
|
|
|
273
273
|
- MIT
|
|
274
274
|
metadata:
|
|
275
275
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
276
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
276
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.332.0
|
|
277
277
|
rdoc_options: []
|
|
278
278
|
require_paths:
|
|
279
279
|
- lib
|