dependabot-core 0.78.0 → 0.79.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/helpers/npm/lib/updater.js +11 -5
- data/helpers/npm/package.json +2 -2
- data/helpers/npm/yarn.lock +26 -28
- data/helpers/yarn/lib/replace-lockfile-declaration.js +15 -3
- data/helpers/yarn/lib/updater.js +17 -5
- data/helpers/yarn/package.json +2 -2
- data/helpers/yarn/yarn.lock +24 -31
- data/lib/dependabot/file_fetchers.rb +0 -2
- data/lib/dependabot/file_parsers.rb +0 -2
- data/lib/dependabot/file_updaters.rb +0 -2
- data/lib/dependabot/metadata_finders.rb +0 -2
- data/lib/dependabot/update_checkers.rb +0 -2
- data/lib/dependabot/utils.rb +0 -4
- data/lib/dependabot/version.rb +1 -1
- metadata +3 -34
- data/helpers/python/lib/__init__.py +0 -0
- data/helpers/python/lib/hasher.py +0 -23
- data/helpers/python/lib/parser.py +0 -130
- data/helpers/python/requirements.txt +0 -9
- data/helpers/python/run.py +0 -18
- data/lib/dependabot/file_fetchers/python/pip.rb +0 -305
- data/lib/dependabot/file_parsers/python/pip.rb +0 -223
- data/lib/dependabot/file_parsers/python/pip/pipfile_files_parser.rb +0 -154
- data/lib/dependabot/file_parsers/python/pip/poetry_files_parser.rb +0 -141
- data/lib/dependabot/file_parsers/python/pip/setup_file_parser.rb +0 -164
- data/lib/dependabot/file_updaters/python/pip.rb +0 -147
- data/lib/dependabot/file_updaters/python/pip/pip_compile_file_updater.rb +0 -363
- data/lib/dependabot/file_updaters/python/pip/pipfile_file_updater.rb +0 -397
- data/lib/dependabot/file_updaters/python/pip/pipfile_preparer.rb +0 -125
- data/lib/dependabot/file_updaters/python/pip/poetry_file_updater.rb +0 -289
- data/lib/dependabot/file_updaters/python/pip/pyproject_preparer.rb +0 -105
- data/lib/dependabot/file_updaters/python/pip/requirement_file_updater.rb +0 -166
- data/lib/dependabot/file_updaters/python/pip/requirement_replacer.rb +0 -95
- data/lib/dependabot/file_updaters/python/pip/setup_file_sanitizer.rb +0 -91
- data/lib/dependabot/file_updaters/ruby/.DS_Store +0 -0
- data/lib/dependabot/metadata_finders/python/pip.rb +0 -120
- data/lib/dependabot/update_checkers/python/pip.rb +0 -227
- data/lib/dependabot/update_checkers/python/pip/latest_version_finder.rb +0 -252
- data/lib/dependabot/update_checkers/python/pip/pip_compile_version_resolver.rb +0 -380
- data/lib/dependabot/update_checkers/python/pip/pipfile_version_resolver.rb +0 -559
- data/lib/dependabot/update_checkers/python/pip/poetry_version_resolver.rb +0 -300
- data/lib/dependabot/update_checkers/python/pip/requirements_updater.rb +0 -367
- data/lib/dependabot/utils/python/requirement.rb +0 -130
- data/lib/dependabot/utils/python/version.rb +0 -88
- data/lib/python_requirement_parser.rb +0 -33
- data/lib/python_versions.rb +0 -21
@@ -1,130 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "dependabot/utils/python/version"
|
4
|
-
|
5
|
-
module Dependabot
|
6
|
-
module Utils
|
7
|
-
module Python
|
8
|
-
class Requirement < Gem::Requirement
|
9
|
-
OR_SEPARATOR = /(?<=[a-zA-Z0-9*])\s*\|+/.freeze
|
10
|
-
|
11
|
-
# Add equality and arbitrary-equality matchers
|
12
|
-
OPS["=="] = ->(v, r) { v == r }
|
13
|
-
OPS["==="] = ->(v, r) { v.to_s == r.to_s }
|
14
|
-
|
15
|
-
quoted = OPS.keys.sort_by(&:length).reverse.
|
16
|
-
map { |k| Regexp.quote(k) }.join("|")
|
17
|
-
version_pattern = Utils::Python::Version::VERSION_PATTERN
|
18
|
-
|
19
|
-
PATTERN_RAW = "\\s*(#{quoted})?\\s*(#{version_pattern})\\s*"
|
20
|
-
PATTERN = /\A#{PATTERN_RAW}\z/.freeze
|
21
|
-
|
22
|
-
def self.parse(obj)
|
23
|
-
if obj.is_a?(Gem::Version)
|
24
|
-
return ["=", Utils::Python::Version.new(obj.to_s)]
|
25
|
-
end
|
26
|
-
|
27
|
-
unless (matches = PATTERN.match(obj.to_s))
|
28
|
-
msg = "Illformed requirement [#{obj.inspect}]"
|
29
|
-
raise BadRequirementError, msg
|
30
|
-
end
|
31
|
-
|
32
|
-
return DefaultRequirement if matches[1] == ">=" && matches[2] == "0"
|
33
|
-
|
34
|
-
[matches[1] || "=", Utils::Python::Version.new(matches[2])]
|
35
|
-
end
|
36
|
-
|
37
|
-
# Returns an array of requirements. At least one requirement from the
|
38
|
-
# returned array must be satisfied for a version to be valid.
|
39
|
-
#
|
40
|
-
# NOTE: Or requirements are only valid for Poetry.
|
41
|
-
def self.requirements_array(requirement_string)
|
42
|
-
return [new(nil)] if requirement_string.nil?
|
43
|
-
|
44
|
-
requirement_string.strip.split(OR_SEPARATOR).map do |req_string|
|
45
|
-
new(req_string.strip)
|
46
|
-
end
|
47
|
-
end
|
48
|
-
|
49
|
-
def initialize(*requirements)
|
50
|
-
requirements = requirements.flatten.flat_map do |req_string|
|
51
|
-
next if req_string.nil?
|
52
|
-
|
53
|
-
req_string.split(",").map do |r|
|
54
|
-
convert_python_constraint_to_ruby_constraint(r)
|
55
|
-
end
|
56
|
-
end
|
57
|
-
|
58
|
-
super(requirements)
|
59
|
-
end
|
60
|
-
|
61
|
-
def satisfied_by?(version)
|
62
|
-
version = Utils::Python::Version.new(version.to_s)
|
63
|
-
super
|
64
|
-
end
|
65
|
-
|
66
|
-
def exact?
|
67
|
-
return false unless @requirements.size == 1
|
68
|
-
|
69
|
-
%w(= == ===).include?(@requirements[0][0])
|
70
|
-
end
|
71
|
-
|
72
|
-
private
|
73
|
-
|
74
|
-
def convert_python_constraint_to_ruby_constraint(req_string)
|
75
|
-
return nil if req_string.nil?
|
76
|
-
return nil if req_string == "*"
|
77
|
-
|
78
|
-
req_string = req_string.gsub("~=", "~>")
|
79
|
-
req_string = req_string.gsub(/(?<=\d)[<=>].*/, "")
|
80
|
-
|
81
|
-
if req_string.match?(/~[^>]/) then convert_tilde_req(req_string)
|
82
|
-
elsif req_string.start_with?("^") then convert_caret_req(req_string)
|
83
|
-
elsif req_string.include?(".*") then convert_wildcard(req_string)
|
84
|
-
else req_string
|
85
|
-
end
|
86
|
-
end
|
87
|
-
|
88
|
-
# Poetry uses ~ requirements.
|
89
|
-
# https://github.com/sdispater/poetry#tilde-requirements
|
90
|
-
def convert_tilde_req(req_string)
|
91
|
-
version = req_string.gsub(/^~\>?/, "")
|
92
|
-
parts = version.split(".")
|
93
|
-
parts << "0" if parts.count < 3
|
94
|
-
"~> #{parts.join('.')}"
|
95
|
-
end
|
96
|
-
|
97
|
-
# Poetry uses ^ requirements
|
98
|
-
# https://github.com/sdispater/poetry#caret-requirement
|
99
|
-
def convert_caret_req(req_string)
|
100
|
-
version = req_string.gsub(/^\^/, "")
|
101
|
-
parts = version.split(".")
|
102
|
-
parts = parts.fill(0, parts.length...3)
|
103
|
-
first_non_zero = parts.find { |d| d != "0" }
|
104
|
-
first_non_zero_index =
|
105
|
-
first_non_zero ? parts.index(first_non_zero) : parts.count - 1
|
106
|
-
upper_bound = parts.map.with_index do |part, i|
|
107
|
-
if i < first_non_zero_index then part
|
108
|
-
elsif i == first_non_zero_index then (part.to_i + 1).to_s
|
109
|
-
elsif i > first_non_zero_index && i == 2 then "0.a"
|
110
|
-
else 0
|
111
|
-
end
|
112
|
-
end.join(".")
|
113
|
-
|
114
|
-
[">= #{version}", "< #{upper_bound}"]
|
115
|
-
end
|
116
|
-
|
117
|
-
def convert_wildcard(req_string)
|
118
|
-
# Note: This isn't perfect. It replaces the "!= 1.0.*" case with
|
119
|
-
# "!= 1.0.0". There's no way to model this correctly in Ruby :'(
|
120
|
-
req_string.
|
121
|
-
split(".").
|
122
|
-
first(req_string.split(".").index("*") + 1).
|
123
|
-
join(".").
|
124
|
-
tr("*", "0").
|
125
|
-
gsub(/^(?<!!)=*/, "~>")
|
126
|
-
end
|
127
|
-
end
|
128
|
-
end
|
129
|
-
end
|
130
|
-
end
|
@@ -1,88 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
# Python versions can include a local version identifier, which Ruby can't
|
4
|
-
# parser. This class augments Gem::Version with local version identifier info.
|
5
|
-
# See https://www.python.org/dev/peps/pep-0440 for details.
|
6
|
-
|
7
|
-
module Dependabot
|
8
|
-
module Utils
|
9
|
-
module Python
|
10
|
-
class Version < Gem::Version
|
11
|
-
attr_reader :local_version
|
12
|
-
|
13
|
-
VERSION_PATTERN = '[0-9]+[0-9a-zA-Z]*(?>\.[0-9a-zA-Z]+)*' \
|
14
|
-
'(-[0-9A-Za-z-]+(\.[0-9a-zA-Z-]+)*)?' \
|
15
|
-
'(\+[0-9a-zA-Z]+(\.[0-9a-zA-Z]+)*)?'
|
16
|
-
ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/.freeze
|
17
|
-
|
18
|
-
def self.correct?(version)
|
19
|
-
return false if version.nil?
|
20
|
-
|
21
|
-
version.to_s.match?(ANCHORED_VERSION_PATTERN)
|
22
|
-
end
|
23
|
-
|
24
|
-
def initialize(version)
|
25
|
-
@version_string = version.to_s
|
26
|
-
version, @local_version = version.split("+")
|
27
|
-
version ||= ""
|
28
|
-
version = normalise_prerelease(version)
|
29
|
-
if @local_version
|
30
|
-
@local_version = normalise_prerelease(@local_version)
|
31
|
-
end
|
32
|
-
super
|
33
|
-
end
|
34
|
-
|
35
|
-
def to_s
|
36
|
-
@version_string
|
37
|
-
end
|
38
|
-
|
39
|
-
def inspect # :nodoc:
|
40
|
-
"#<#{self.class} #{@version_string}>"
|
41
|
-
end
|
42
|
-
|
43
|
-
def <=>(other)
|
44
|
-
version_comparison = super(other)
|
45
|
-
return version_comparison unless version_comparison.zero?
|
46
|
-
|
47
|
-
unless other.is_a?(Utils::Python::Version)
|
48
|
-
return local_version.nil? ? 0 : 1
|
49
|
-
end
|
50
|
-
|
51
|
-
# Local version comparison works differently in Python: `1.0.beta`
|
52
|
-
# compares as greater than `1.0`. To accommodate, we make the
|
53
|
-
# strings the same length before comparing.
|
54
|
-
lhsegments = local_version.to_s.split(".").map(&:downcase)
|
55
|
-
rhsegments = other.local_version.to_s.split(".").map(&:downcase)
|
56
|
-
limit = [lhsegments.count, rhsegments.count].min
|
57
|
-
|
58
|
-
lhs = ["1", *lhsegments.first(limit)].join(".")
|
59
|
-
rhs = ["1", *rhsegments.first(limit)].join(".")
|
60
|
-
|
61
|
-
local_comparison = Gem::Version.new(lhs) <=> Gem::Version.new(rhs)
|
62
|
-
|
63
|
-
return local_comparison unless local_comparison.zero?
|
64
|
-
|
65
|
-
lhsegments.count <=> rhsegments.count
|
66
|
-
end
|
67
|
-
|
68
|
-
private
|
69
|
-
|
70
|
-
def normalise_prerelease(version)
|
71
|
-
# Python has reserved words for release states, which are treated
|
72
|
-
# as equal (e.g., preview, pre and rc).
|
73
|
-
# Further, Python treats dashes as a separator between version
|
74
|
-
# parts and treats the alphabetical characters in strings as the
|
75
|
-
# start of a new version part (so 1.1a2 == 1.1.alpha.2).
|
76
|
-
version.
|
77
|
-
gsub("alpha", "a").
|
78
|
-
gsub("beta", "b").
|
79
|
-
gsub("preview", "rc").
|
80
|
-
gsub("pre", "rc").
|
81
|
-
gsub(/([\d.\-_])c([\d.\-_])?/, '\1rc\2').
|
82
|
-
tr("-", ".").
|
83
|
-
gsub(/(\d)([a-z])/i, '\1.\2')
|
84
|
-
end
|
85
|
-
end
|
86
|
-
end
|
87
|
-
end
|
88
|
-
end
|
@@ -1,33 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
class PythonRequirementParser
|
4
|
-
NAME = /[a-zA-Z0-9\-_\.]+/.freeze
|
5
|
-
EXTRA = /[a-zA-Z0-9\-_\.]+/.freeze
|
6
|
-
COMPARISON = /===|==|>=|<=|<|>|~=|!=/.freeze
|
7
|
-
VERSION = /[0-9]+[a-zA-Z0-9\-_\.*]*(\+[0-9a-zA-Z]+(\.[0-9a-zA-Z]+)*)?/.freeze
|
8
|
-
REQUIREMENT =
|
9
|
-
/(?<comparison>#{COMPARISON})\s*\\?\s*(?<version>#{VERSION})/.freeze
|
10
|
-
HASH = /--hash=(?<algorithm>.*?):(?<hash>.*?)(?=\s|$)/.freeze
|
11
|
-
REQUIREMENTS = /#{REQUIREMENT}(\s*,\s*\\?\s*#{REQUIREMENT})*/.freeze
|
12
|
-
HASHES = /#{HASH}(\s*\\?\s*#{HASH})*/.freeze
|
13
|
-
|
14
|
-
INSTALL_REQ_WITH_REQUIREMENT =
|
15
|
-
/\s*\\?\s*(?<name>#{NAME})
|
16
|
-
\s*\\?\s*(\[\s*(?<extras>#{EXTRA}(\s*,\s*#{EXTRA})*)\s*\])?
|
17
|
-
\s*\\?\s*(?<requirements>#{REQUIREMENTS})
|
18
|
-
\s*\\?\s*(?<hashes>#{HASHES})?
|
19
|
-
\s*#*\s*(?<comment>.+)?
|
20
|
-
/x.freeze
|
21
|
-
|
22
|
-
INSTALL_REQ_WITHOUT_REQUIREMENT =
|
23
|
-
/^\s*\\?\s*(?<name>#{NAME})
|
24
|
-
\s*\\?\s*(\[\s*(?<extras>#{EXTRA}(\s*,\s*#{EXTRA})*)\s*\])?
|
25
|
-
\s*\\?\s*(?<hashes>#{HASHES})?
|
26
|
-
\s*#*\s*(?<comment>.+)?$
|
27
|
-
/x.freeze
|
28
|
-
|
29
|
-
NAME_WITH_EXTRAS =
|
30
|
-
/\s*\\?\s*(?<name>#{NAME})
|
31
|
-
(\s*\\?\s*\[\s*(?<extras>#{EXTRA}(\s*,\s*#{EXTRA})*)\s*\])?
|
32
|
-
/x.freeze
|
33
|
-
end
|
data/lib/python_versions.rb
DELETED
@@ -1,21 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
module PythonVersions
|
4
|
-
# Poetry doesn't handle Python versions, so we have to do so manually
|
5
|
-
# (checking from a list of versions Poetry supports).
|
6
|
-
# This list gets iterated through to find a valid version, so we have
|
7
|
-
# the two pre-installed versions listed first.
|
8
|
-
PYTHON_VERSIONS = %w(
|
9
|
-
3.6.7 2.7.15
|
10
|
-
3.7.1 3.7.0
|
11
|
-
3.6.7 3.6.6 3.6.5 3.6.4 3.6.3 3.6.2 3.6.1 3.6.0
|
12
|
-
3.5.6 3.5.5 3.5.4 3.5.3 3.5.2 3.5.1 3.5.0
|
13
|
-
3.4.9 3.4.8 3.4.7 3.4.6 3.4.5 3.4.4 3.4.3 3.4.2 3.4.1 3.4.0
|
14
|
-
2.7.15 2.7.14 2.7.13 2.7.12 2.7.11 2.7.10 2.7.9 2.7.8 2.7.7 2.7.6 2.7.5
|
15
|
-
2.7.4 2.7.3 2.7.2 2.7.1 2.7
|
16
|
-
).freeze
|
17
|
-
|
18
|
-
PRE_INSTALLED_PYTHON_VERSIONS = %w(
|
19
|
-
3.6.7 2.7.15
|
20
|
-
).freeze
|
21
|
-
end
|