dependabot-core 0.78.0 → 0.79.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (48) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +5 -0
  3. data/helpers/npm/lib/updater.js +11 -5
  4. data/helpers/npm/package.json +2 -2
  5. data/helpers/npm/yarn.lock +26 -28
  6. data/helpers/yarn/lib/replace-lockfile-declaration.js +15 -3
  7. data/helpers/yarn/lib/updater.js +17 -5
  8. data/helpers/yarn/package.json +2 -2
  9. data/helpers/yarn/yarn.lock +24 -31
  10. data/lib/dependabot/file_fetchers.rb +0 -2
  11. data/lib/dependabot/file_parsers.rb +0 -2
  12. data/lib/dependabot/file_updaters.rb +0 -2
  13. data/lib/dependabot/metadata_finders.rb +0 -2
  14. data/lib/dependabot/update_checkers.rb +0 -2
  15. data/lib/dependabot/utils.rb +0 -4
  16. data/lib/dependabot/version.rb +1 -1
  17. metadata +3 -34
  18. data/helpers/python/lib/__init__.py +0 -0
  19. data/helpers/python/lib/hasher.py +0 -23
  20. data/helpers/python/lib/parser.py +0 -130
  21. data/helpers/python/requirements.txt +0 -9
  22. data/helpers/python/run.py +0 -18
  23. data/lib/dependabot/file_fetchers/python/pip.rb +0 -305
  24. data/lib/dependabot/file_parsers/python/pip.rb +0 -223
  25. data/lib/dependabot/file_parsers/python/pip/pipfile_files_parser.rb +0 -154
  26. data/lib/dependabot/file_parsers/python/pip/poetry_files_parser.rb +0 -141
  27. data/lib/dependabot/file_parsers/python/pip/setup_file_parser.rb +0 -164
  28. data/lib/dependabot/file_updaters/python/pip.rb +0 -147
  29. data/lib/dependabot/file_updaters/python/pip/pip_compile_file_updater.rb +0 -363
  30. data/lib/dependabot/file_updaters/python/pip/pipfile_file_updater.rb +0 -397
  31. data/lib/dependabot/file_updaters/python/pip/pipfile_preparer.rb +0 -125
  32. data/lib/dependabot/file_updaters/python/pip/poetry_file_updater.rb +0 -289
  33. data/lib/dependabot/file_updaters/python/pip/pyproject_preparer.rb +0 -105
  34. data/lib/dependabot/file_updaters/python/pip/requirement_file_updater.rb +0 -166
  35. data/lib/dependabot/file_updaters/python/pip/requirement_replacer.rb +0 -95
  36. data/lib/dependabot/file_updaters/python/pip/setup_file_sanitizer.rb +0 -91
  37. data/lib/dependabot/file_updaters/ruby/.DS_Store +0 -0
  38. data/lib/dependabot/metadata_finders/python/pip.rb +0 -120
  39. data/lib/dependabot/update_checkers/python/pip.rb +0 -227
  40. data/lib/dependabot/update_checkers/python/pip/latest_version_finder.rb +0 -252
  41. data/lib/dependabot/update_checkers/python/pip/pip_compile_version_resolver.rb +0 -380
  42. data/lib/dependabot/update_checkers/python/pip/pipfile_version_resolver.rb +0 -559
  43. data/lib/dependabot/update_checkers/python/pip/poetry_version_resolver.rb +0 -300
  44. data/lib/dependabot/update_checkers/python/pip/requirements_updater.rb +0 -367
  45. data/lib/dependabot/utils/python/requirement.rb +0 -130
  46. data/lib/dependabot/utils/python/version.rb +0 -88
  47. data/lib/python_requirement_parser.rb +0 -33
  48. data/lib/python_versions.rb +0 -21
@@ -1,130 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "dependabot/utils/python/version"
4
-
5
- module Dependabot
6
- module Utils
7
- module Python
8
- class Requirement < Gem::Requirement
9
- OR_SEPARATOR = /(?<=[a-zA-Z0-9*])\s*\|+/.freeze
10
-
11
- # Add equality and arbitrary-equality matchers
12
- OPS["=="] = ->(v, r) { v == r }
13
- OPS["==="] = ->(v, r) { v.to_s == r.to_s }
14
-
15
- quoted = OPS.keys.sort_by(&:length).reverse.
16
- map { |k| Regexp.quote(k) }.join("|")
17
- version_pattern = Utils::Python::Version::VERSION_PATTERN
18
-
19
- PATTERN_RAW = "\\s*(#{quoted})?\\s*(#{version_pattern})\\s*"
20
- PATTERN = /\A#{PATTERN_RAW}\z/.freeze
21
-
22
- def self.parse(obj)
23
- if obj.is_a?(Gem::Version)
24
- return ["=", Utils::Python::Version.new(obj.to_s)]
25
- end
26
-
27
- unless (matches = PATTERN.match(obj.to_s))
28
- msg = "Illformed requirement [#{obj.inspect}]"
29
- raise BadRequirementError, msg
30
- end
31
-
32
- return DefaultRequirement if matches[1] == ">=" && matches[2] == "0"
33
-
34
- [matches[1] || "=", Utils::Python::Version.new(matches[2])]
35
- end
36
-
37
- # Returns an array of requirements. At least one requirement from the
38
- # returned array must be satisfied for a version to be valid.
39
- #
40
- # NOTE: Or requirements are only valid for Poetry.
41
- def self.requirements_array(requirement_string)
42
- return [new(nil)] if requirement_string.nil?
43
-
44
- requirement_string.strip.split(OR_SEPARATOR).map do |req_string|
45
- new(req_string.strip)
46
- end
47
- end
48
-
49
- def initialize(*requirements)
50
- requirements = requirements.flatten.flat_map do |req_string|
51
- next if req_string.nil?
52
-
53
- req_string.split(",").map do |r|
54
- convert_python_constraint_to_ruby_constraint(r)
55
- end
56
- end
57
-
58
- super(requirements)
59
- end
60
-
61
- def satisfied_by?(version)
62
- version = Utils::Python::Version.new(version.to_s)
63
- super
64
- end
65
-
66
- def exact?
67
- return false unless @requirements.size == 1
68
-
69
- %w(= == ===).include?(@requirements[0][0])
70
- end
71
-
72
- private
73
-
74
- def convert_python_constraint_to_ruby_constraint(req_string)
75
- return nil if req_string.nil?
76
- return nil if req_string == "*"
77
-
78
- req_string = req_string.gsub("~=", "~>")
79
- req_string = req_string.gsub(/(?<=\d)[<=>].*/, "")
80
-
81
- if req_string.match?(/~[^>]/) then convert_tilde_req(req_string)
82
- elsif req_string.start_with?("^") then convert_caret_req(req_string)
83
- elsif req_string.include?(".*") then convert_wildcard(req_string)
84
- else req_string
85
- end
86
- end
87
-
88
- # Poetry uses ~ requirements.
89
- # https://github.com/sdispater/poetry#tilde-requirements
90
- def convert_tilde_req(req_string)
91
- version = req_string.gsub(/^~\>?/, "")
92
- parts = version.split(".")
93
- parts << "0" if parts.count < 3
94
- "~> #{parts.join('.')}"
95
- end
96
-
97
- # Poetry uses ^ requirements
98
- # https://github.com/sdispater/poetry#caret-requirement
99
- def convert_caret_req(req_string)
100
- version = req_string.gsub(/^\^/, "")
101
- parts = version.split(".")
102
- parts = parts.fill(0, parts.length...3)
103
- first_non_zero = parts.find { |d| d != "0" }
104
- first_non_zero_index =
105
- first_non_zero ? parts.index(first_non_zero) : parts.count - 1
106
- upper_bound = parts.map.with_index do |part, i|
107
- if i < first_non_zero_index then part
108
- elsif i == first_non_zero_index then (part.to_i + 1).to_s
109
- elsif i > first_non_zero_index && i == 2 then "0.a"
110
- else 0
111
- end
112
- end.join(".")
113
-
114
- [">= #{version}", "< #{upper_bound}"]
115
- end
116
-
117
- def convert_wildcard(req_string)
118
- # Note: This isn't perfect. It replaces the "!= 1.0.*" case with
119
- # "!= 1.0.0". There's no way to model this correctly in Ruby :'(
120
- req_string.
121
- split(".").
122
- first(req_string.split(".").index("*") + 1).
123
- join(".").
124
- tr("*", "0").
125
- gsub(/^(?<!!)=*/, "~>")
126
- end
127
- end
128
- end
129
- end
130
- end
@@ -1,88 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- # Python versions can include a local version identifier, which Ruby can't
4
- # parser. This class augments Gem::Version with local version identifier info.
5
- # See https://www.python.org/dev/peps/pep-0440 for details.
6
-
7
- module Dependabot
8
- module Utils
9
- module Python
10
- class Version < Gem::Version
11
- attr_reader :local_version
12
-
13
- VERSION_PATTERN = '[0-9]+[0-9a-zA-Z]*(?>\.[0-9a-zA-Z]+)*' \
14
- '(-[0-9A-Za-z-]+(\.[0-9a-zA-Z-]+)*)?' \
15
- '(\+[0-9a-zA-Z]+(\.[0-9a-zA-Z]+)*)?'
16
- ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/.freeze
17
-
18
- def self.correct?(version)
19
- return false if version.nil?
20
-
21
- version.to_s.match?(ANCHORED_VERSION_PATTERN)
22
- end
23
-
24
- def initialize(version)
25
- @version_string = version.to_s
26
- version, @local_version = version.split("+")
27
- version ||= ""
28
- version = normalise_prerelease(version)
29
- if @local_version
30
- @local_version = normalise_prerelease(@local_version)
31
- end
32
- super
33
- end
34
-
35
- def to_s
36
- @version_string
37
- end
38
-
39
- def inspect # :nodoc:
40
- "#<#{self.class} #{@version_string}>"
41
- end
42
-
43
- def <=>(other)
44
- version_comparison = super(other)
45
- return version_comparison unless version_comparison.zero?
46
-
47
- unless other.is_a?(Utils::Python::Version)
48
- return local_version.nil? ? 0 : 1
49
- end
50
-
51
- # Local version comparison works differently in Python: `1.0.beta`
52
- # compares as greater than `1.0`. To accommodate, we make the
53
- # strings the same length before comparing.
54
- lhsegments = local_version.to_s.split(".").map(&:downcase)
55
- rhsegments = other.local_version.to_s.split(".").map(&:downcase)
56
- limit = [lhsegments.count, rhsegments.count].min
57
-
58
- lhs = ["1", *lhsegments.first(limit)].join(".")
59
- rhs = ["1", *rhsegments.first(limit)].join(".")
60
-
61
- local_comparison = Gem::Version.new(lhs) <=> Gem::Version.new(rhs)
62
-
63
- return local_comparison unless local_comparison.zero?
64
-
65
- lhsegments.count <=> rhsegments.count
66
- end
67
-
68
- private
69
-
70
- def normalise_prerelease(version)
71
- # Python has reserved words for release states, which are treated
72
- # as equal (e.g., preview, pre and rc).
73
- # Further, Python treats dashes as a separator between version
74
- # parts and treats the alphabetical characters in strings as the
75
- # start of a new version part (so 1.1a2 == 1.1.alpha.2).
76
- version.
77
- gsub("alpha", "a").
78
- gsub("beta", "b").
79
- gsub("preview", "rc").
80
- gsub("pre", "rc").
81
- gsub(/([\d.\-_])c([\d.\-_])?/, '\1rc\2').
82
- tr("-", ".").
83
- gsub(/(\d)([a-z])/i, '\1.\2')
84
- end
85
- end
86
- end
87
- end
88
- end
@@ -1,33 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- class PythonRequirementParser
4
- NAME = /[a-zA-Z0-9\-_\.]+/.freeze
5
- EXTRA = /[a-zA-Z0-9\-_\.]+/.freeze
6
- COMPARISON = /===|==|>=|<=|<|>|~=|!=/.freeze
7
- VERSION = /[0-9]+[a-zA-Z0-9\-_\.*]*(\+[0-9a-zA-Z]+(\.[0-9a-zA-Z]+)*)?/.freeze
8
- REQUIREMENT =
9
- /(?<comparison>#{COMPARISON})\s*\\?\s*(?<version>#{VERSION})/.freeze
10
- HASH = /--hash=(?<algorithm>.*?):(?<hash>.*?)(?=\s|$)/.freeze
11
- REQUIREMENTS = /#{REQUIREMENT}(\s*,\s*\\?\s*#{REQUIREMENT})*/.freeze
12
- HASHES = /#{HASH}(\s*\\?\s*#{HASH})*/.freeze
13
-
14
- INSTALL_REQ_WITH_REQUIREMENT =
15
- /\s*\\?\s*(?<name>#{NAME})
16
- \s*\\?\s*(\[\s*(?<extras>#{EXTRA}(\s*,\s*#{EXTRA})*)\s*\])?
17
- \s*\\?\s*(?<requirements>#{REQUIREMENTS})
18
- \s*\\?\s*(?<hashes>#{HASHES})?
19
- \s*#*\s*(?<comment>.+)?
20
- /x.freeze
21
-
22
- INSTALL_REQ_WITHOUT_REQUIREMENT =
23
- /^\s*\\?\s*(?<name>#{NAME})
24
- \s*\\?\s*(\[\s*(?<extras>#{EXTRA}(\s*,\s*#{EXTRA})*)\s*\])?
25
- \s*\\?\s*(?<hashes>#{HASHES})?
26
- \s*#*\s*(?<comment>.+)?$
27
- /x.freeze
28
-
29
- NAME_WITH_EXTRAS =
30
- /\s*\\?\s*(?<name>#{NAME})
31
- (\s*\\?\s*\[\s*(?<extras>#{EXTRA}(\s*,\s*#{EXTRA})*)\s*\])?
32
- /x.freeze
33
- end
@@ -1,21 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- module PythonVersions
4
- # Poetry doesn't handle Python versions, so we have to do so manually
5
- # (checking from a list of versions Poetry supports).
6
- # This list gets iterated through to find a valid version, so we have
7
- # the two pre-installed versions listed first.
8
- PYTHON_VERSIONS = %w(
9
- 3.6.7 2.7.15
10
- 3.7.1 3.7.0
11
- 3.6.7 3.6.6 3.6.5 3.6.4 3.6.3 3.6.2 3.6.1 3.6.0
12
- 3.5.6 3.5.5 3.5.4 3.5.3 3.5.2 3.5.1 3.5.0
13
- 3.4.9 3.4.8 3.4.7 3.4.6 3.4.5 3.4.4 3.4.3 3.4.2 3.4.1 3.4.0
14
- 2.7.15 2.7.14 2.7.13 2.7.12 2.7.11 2.7.10 2.7.9 2.7.8 2.7.7 2.7.6 2.7.5
15
- 2.7.4 2.7.3 2.7.2 2.7.1 2.7
16
- ).freeze
17
-
18
- PRE_INSTALLED_PYTHON_VERSIONS = %w(
19
- 3.6.7 2.7.15
20
- ).freeze
21
- end