dependabot-conda 0.331.0 → 0.332.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8575063b9703256c28cf5dafaa89a2cdee5a7f1159bb6a65d906ad34120e937c
|
|
4
|
+
data.tar.gz: fce31ba90bf623fa8fb5a4c2703cca3cc9a2a7905972996c40b37ea02c6b72be
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 60528c5bbb89b2213a1f3592b8327bc2c380cb12f1a1bc66a3a892d623fbdaa1d3d0afce0c007e3059e753416ba00fcd41e90a9f7fd643b3414150022b4cdf73
|
|
7
|
+
data.tar.gz: fe960766d75131ae9f67e0d082a9efe31ac11b53e4c00b0f483fadc56535add79b535f9ec6646e71946856371cefdce83aa5f77ef9fab7771c00e193f1d2a4b9
|
|
@@ -54,7 +54,7 @@ module Dependabot
|
|
|
54
54
|
credentials: credentials,
|
|
55
55
|
ignored_versions: ignored_versions,
|
|
56
56
|
raise_on_ignored: @raise_on_ignored,
|
|
57
|
-
security_advisories:
|
|
57
|
+
security_advisories: python_compatible_security_advisories,
|
|
58
58
|
cooldown_options: @cooldown_options
|
|
59
59
|
),
|
|
60
60
|
T.nilable(Dependabot::Python::UpdateChecker::LatestVersionFinder)
|
|
@@ -81,6 +81,28 @@ module Dependabot
|
|
|
81
81
|
end
|
|
82
82
|
end
|
|
83
83
|
|
|
84
|
+
sig { returns(T::Array[Dependabot::SecurityAdvisory]) }
|
|
85
|
+
def python_compatible_security_advisories
|
|
86
|
+
security_advisories.map do |advisory|
|
|
87
|
+
# Convert Conda requirements to Python requirements for pip compatibility
|
|
88
|
+
python_vulnerable_versions = advisory.vulnerable_versions.flat_map do |conda_req|
|
|
89
|
+
Dependabot::Python::Requirement.requirements_array(conda_req.to_s)
|
|
90
|
+
end
|
|
91
|
+
|
|
92
|
+
python_safe_versions = advisory.safe_versions.flat_map do |conda_req|
|
|
93
|
+
Dependabot::Python::Requirement.requirements_array(conda_req.to_s)
|
|
94
|
+
end
|
|
95
|
+
|
|
96
|
+
# Normalize security advisories to use 'pip' package manager for Python delegation
|
|
97
|
+
Dependabot::SecurityAdvisory.new(
|
|
98
|
+
dependency_name: advisory.dependency_name,
|
|
99
|
+
package_manager: "pip", # Use pip for PyPI compatibility
|
|
100
|
+
vulnerable_versions: python_vulnerable_versions,
|
|
101
|
+
safe_versions: python_safe_versions
|
|
102
|
+
)
|
|
103
|
+
end
|
|
104
|
+
end
|
|
105
|
+
|
|
84
106
|
sig { params(conda_requirement: T.nilable(String)).returns(T.nilable(String)) }
|
|
85
107
|
def convert_conda_requirement_to_pip(conda_requirement)
|
|
86
108
|
RequirementTranslator.conda_to_pip(conda_requirement)
|
|
@@ -135,19 +135,26 @@ module Dependabot
|
|
|
135
135
|
def fetch_lowest_resolvable_security_fix_version
|
|
136
136
|
# Delegate to latest_version_finder for security fix resolution
|
|
137
137
|
# This leverages Python ecosystem's security advisory infrastructure
|
|
138
|
-
latest_version_finder.lowest_security_fix_version
|
|
138
|
+
fix_version = latest_version_finder.lowest_security_fix_version
|
|
139
|
+
|
|
140
|
+
# If no security fix version is found, fall back to latest_resolvable_version
|
|
141
|
+
if fix_version.nil?
|
|
142
|
+
fallback = latest_resolvable_version
|
|
143
|
+
return fallback.is_a?(String) ? Dependabot::Conda::Version.new(fallback) : fallback
|
|
144
|
+
end
|
|
145
|
+
|
|
146
|
+
fix_version
|
|
139
147
|
end
|
|
140
148
|
|
|
141
149
|
sig { override.returns(T::Boolean) }
|
|
142
150
|
def latest_version_resolvable_with_full_unlock?
|
|
143
|
-
#
|
|
151
|
+
# No lock file support for Conda
|
|
144
152
|
false
|
|
145
153
|
end
|
|
146
154
|
|
|
147
155
|
sig { override.returns(T::Array[Dependabot::Dependency]) }
|
|
148
156
|
def updated_dependencies_after_full_unlock
|
|
149
|
-
|
|
150
|
-
[]
|
|
157
|
+
raise NotImplementedError
|
|
151
158
|
end
|
|
152
159
|
|
|
153
160
|
sig { params(requirement_string: String, new_version: String).returns(String) }
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-conda
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.332.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,28 +15,28 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.332.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.332.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: dependabot-python
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
29
29
|
requirements:
|
|
30
30
|
- - '='
|
|
31
31
|
- !ruby/object:Gem::Version
|
|
32
|
-
version: 0.
|
|
32
|
+
version: 0.332.0
|
|
33
33
|
type: :runtime
|
|
34
34
|
prerelease: false
|
|
35
35
|
version_requirements: !ruby/object:Gem::Requirement
|
|
36
36
|
requirements:
|
|
37
37
|
- - '='
|
|
38
38
|
- !ruby/object:Gem::Version
|
|
39
|
-
version: 0.
|
|
39
|
+
version: 0.332.0
|
|
40
40
|
- !ruby/object:Gem::Dependency
|
|
41
41
|
name: debug
|
|
42
42
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -273,7 +273,7 @@ licenses:
|
|
|
273
273
|
- MIT
|
|
274
274
|
metadata:
|
|
275
275
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
276
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
276
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.332.0
|
|
277
277
|
rdoc_options: []
|
|
278
278
|
require_paths:
|
|
279
279
|
- lib
|