dependabot-core 0.78.0 → 0.79.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (48) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +5 -0
  3. data/helpers/npm/lib/updater.js +11 -5
  4. data/helpers/npm/package.json +2 -2
  5. data/helpers/npm/yarn.lock +26 -28
  6. data/helpers/yarn/lib/replace-lockfile-declaration.js +15 -3
  7. data/helpers/yarn/lib/updater.js +17 -5
  8. data/helpers/yarn/package.json +2 -2
  9. data/helpers/yarn/yarn.lock +24 -31
  10. data/lib/dependabot/file_fetchers.rb +0 -2
  11. data/lib/dependabot/file_parsers.rb +0 -2
  12. data/lib/dependabot/file_updaters.rb +0 -2
  13. data/lib/dependabot/metadata_finders.rb +0 -2
  14. data/lib/dependabot/update_checkers.rb +0 -2
  15. data/lib/dependabot/utils.rb +0 -4
  16. data/lib/dependabot/version.rb +1 -1
  17. metadata +3 -34
  18. data/helpers/python/lib/__init__.py +0 -0
  19. data/helpers/python/lib/hasher.py +0 -23
  20. data/helpers/python/lib/parser.py +0 -130
  21. data/helpers/python/requirements.txt +0 -9
  22. data/helpers/python/run.py +0 -18
  23. data/lib/dependabot/file_fetchers/python/pip.rb +0 -305
  24. data/lib/dependabot/file_parsers/python/pip.rb +0 -223
  25. data/lib/dependabot/file_parsers/python/pip/pipfile_files_parser.rb +0 -154
  26. data/lib/dependabot/file_parsers/python/pip/poetry_files_parser.rb +0 -141
  27. data/lib/dependabot/file_parsers/python/pip/setup_file_parser.rb +0 -164
  28. data/lib/dependabot/file_updaters/python/pip.rb +0 -147
  29. data/lib/dependabot/file_updaters/python/pip/pip_compile_file_updater.rb +0 -363
  30. data/lib/dependabot/file_updaters/python/pip/pipfile_file_updater.rb +0 -397
  31. data/lib/dependabot/file_updaters/python/pip/pipfile_preparer.rb +0 -125
  32. data/lib/dependabot/file_updaters/python/pip/poetry_file_updater.rb +0 -289
  33. data/lib/dependabot/file_updaters/python/pip/pyproject_preparer.rb +0 -105
  34. data/lib/dependabot/file_updaters/python/pip/requirement_file_updater.rb +0 -166
  35. data/lib/dependabot/file_updaters/python/pip/requirement_replacer.rb +0 -95
  36. data/lib/dependabot/file_updaters/python/pip/setup_file_sanitizer.rb +0 -91
  37. data/lib/dependabot/file_updaters/ruby/.DS_Store +0 -0
  38. data/lib/dependabot/metadata_finders/python/pip.rb +0 -120
  39. data/lib/dependabot/update_checkers/python/pip.rb +0 -227
  40. data/lib/dependabot/update_checkers/python/pip/latest_version_finder.rb +0 -252
  41. data/lib/dependabot/update_checkers/python/pip/pip_compile_version_resolver.rb +0 -380
  42. data/lib/dependabot/update_checkers/python/pip/pipfile_version_resolver.rb +0 -559
  43. data/lib/dependabot/update_checkers/python/pip/poetry_version_resolver.rb +0 -300
  44. data/lib/dependabot/update_checkers/python/pip/requirements_updater.rb +0 -367
  45. data/lib/dependabot/utils/python/requirement.rb +0 -130
  46. data/lib/dependabot/utils/python/version.rb +0 -88
  47. data/lib/python_requirement_parser.rb +0 -33
  48. data/lib/python_versions.rb +0 -21
data/lib/dependabot/utils/python/requirement.rb DELETED
@@ -1,130 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "dependabot/utils/python/version"
4
-
5
- module Dependabot
6
- module Utils
7
- module Python
8
- class Requirement < Gem::Requirement
9
- OR_SEPARATOR = /(?<=[a-zA-Z0-9*])\s*\|+/.freeze
10
-
11
- # Add equality and arbitrary-equality matchers
12
- OPS["=="] = ->(v, r) { v == r }
13
- OPS["==="] = ->(v, r) { v.to_s == r.to_s }
14
-
15
- quoted = OPS.keys.sort_by(&:length).reverse.
16
- map { |k| Regexp.quote(k) }.join("|")
17
- version_pattern = Utils::Python::Version::VERSION_PATTERN
18
-
19
- PATTERN_RAW = "\\s*(#{quoted})?\\s*(#{version_pattern})\\s*"
20
- PATTERN = /\A#{PATTERN_RAW}\z/.freeze
21
-
22
- def self.parse(obj)
23
- if obj.is_a?(Gem::Version)
24
- return ["=", Utils::Python::Version.new(obj.to_s)]
25
- end
26
-
27
- unless (matches = PATTERN.match(obj.to_s))
28
- msg = "Illformed requirement [#{obj.inspect}]"
29
- raise BadRequirementError, msg
30
- end
31
-
32
- return DefaultRequirement if matches[1] == ">=" && matches[2] == "0"
33
-
34
- [matches[1] || "=", Utils::Python::Version.new(matches[2])]
35
- end
36
-
37
- # Returns an array of requirements. At least one requirement from the
38
- # returned array must be satisfied for a version to be valid.
39
- #
40
- # NOTE: Or requirements are only valid for Poetry.
41
- def self.requirements_array(requirement_string)
42
- return [new(nil)] if requirement_string.nil?
43
-
44
- requirement_string.strip.split(OR_SEPARATOR).map do |req_string|
45
- new(req_string.strip)
46
- end
47
- end
48
-
49
- def initialize(*requirements)
50
- requirements = requirements.flatten.flat_map do |req_string|
51
- next if req_string.nil?
52
-
53
- req_string.split(",").map do |r|
54
- convert_python_constraint_to_ruby_constraint(r)
55
- end
56
- end
57
-
58
- super(requirements)
59
- end
60
-
61
- def satisfied_by?(version)
62
- version = Utils::Python::Version.new(version.to_s)
63
- super
64
- end
65
-
66
- def exact?
67
- return false unless @requirements.size == 1
68
-
69
- %w(= == ===).include?(@requirements[0][0])
70
- end
71
-
72
- private
73
-
74
- def convert_python_constraint_to_ruby_constraint(req_string)
75
- return nil if req_string.nil?
76
- return nil if req_string == "*"
77
-
78
- req_string = req_string.gsub("~=", "~>")
79
- req_string = req_string.gsub(/(?<=\d)[<=>].*/, "")
80
-
81
- if req_string.match?(/~[^>]/) then convert_tilde_req(req_string)
82
- elsif req_string.start_with?("^") then convert_caret_req(req_string)
83
- elsif req_string.include?(".*") then convert_wildcard(req_string)
84
- else req_string
85
- end
86
- end
87
-
88
- # Poetry uses ~ requirements.
89
- # https://github.com/sdispater/poetry#tilde-requirements
90
- def convert_tilde_req(req_string)
91
- version = req_string.gsub(/^~\>?/, "")
92
- parts = version.split(".")
93
- parts << "0" if parts.count < 3
94
- "~> #{parts.join('.')}"
95
- end
96
-
97
- # Poetry uses ^ requirements
98
- # https://github.com/sdispater/poetry#caret-requirement
99
- def convert_caret_req(req_string)
100
- version = req_string.gsub(/^\^/, "")
101
- parts = version.split(".")
102
- parts = parts.fill(0, parts.length...3)
103
- first_non_zero = parts.find { |d| d != "0" }
104
- first_non_zero_index =
105
- first_non_zero ? parts.index(first_non_zero) : parts.count - 1
106
- upper_bound = parts.map.with_index do |part, i|
107
- if i < first_non_zero_index then part
108
- elsif i == first_non_zero_index then (part.to_i + 1).to_s
109
- elsif i > first_non_zero_index && i == 2 then "0.a"
110
- else 0
111
- end
112
- end.join(".")
113
-
114
- [">= #{version}", "< #{upper_bound}"]
115
- end
116
-
117
- def convert_wildcard(req_string)
118
- # Note: This isn't perfect. It replaces the "!= 1.0.*" case with
119
- # "!= 1.0.0". There's no way to model this correctly in Ruby :'(
120
- req_string.
121
- split(".").
122
- first(req_string.split(".").index("*") + 1).
123
- join(".").
124
- tr("*", "0").
125
- gsub(/^(?<!!)=*/, "~>")
126
- end
127
- end
128
- end
129
- end
130
- end
data/lib/dependabot/utils/python/version.rb DELETED
@@ -1,88 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- # Python versions can include a local version identifier, which Ruby can't
4
- # parser. This class augments Gem::Version with local version identifier info.
5
- # See https://www.python.org/dev/peps/pep-0440 for details.
6
-
7
- module Dependabot
8
- module Utils
9
- module Python
10
- class Version < Gem::Version
11
- attr_reader :local_version
12
-
13
- VERSION_PATTERN = '[0-9]+[0-9a-zA-Z]*(?>\.[0-9a-zA-Z]+)*' \
14
- '(-[0-9A-Za-z-]+(\.[0-9a-zA-Z-]+)*)?' \
15
- '(\+[0-9a-zA-Z]+(\.[0-9a-zA-Z]+)*)?'
16
- ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/.freeze
17
-
18
- def self.correct?(version)
19
- return false if version.nil?
20
-
21
- version.to_s.match?(ANCHORED_VERSION_PATTERN)
22
- end
23
-
24
- def initialize(version)
25
- @version_string = version.to_s
26
- version, @local_version = version.split("+")
27
- version ||= ""
28
- version = normalise_prerelease(version)
29
- if @local_version
30
- @local_version = normalise_prerelease(@local_version)
31
- end
32
- super
33
- end
34
-
35
- def to_s
36
- @version_string
37
- end
38
-
39
- def inspect # :nodoc:
40
- "#<#{self.class} #{@version_string}>"
41
- end
42
-
43
- def <=>(other)
44
- version_comparison = super(other)
45
- return version_comparison unless version_comparison.zero?
46
-
47
- unless other.is_a?(Utils::Python::Version)
48
- return local_version.nil? ? 0 : 1
49
- end
50
-
51
- # Local version comparison works differently in Python: `1.0.beta`
52
- # compares as greater than `1.0`. To accommodate, we make the
53
- # strings the same length before comparing.
54
- lhsegments = local_version.to_s.split(".").map(&:downcase)
55
- rhsegments = other.local_version.to_s.split(".").map(&:downcase)
56
- limit = [lhsegments.count, rhsegments.count].min
57
-
58
- lhs = ["1", *lhsegments.first(limit)].join(".")
59
- rhs = ["1", *rhsegments.first(limit)].join(".")
60
-
61
- local_comparison = Gem::Version.new(lhs) <=> Gem::Version.new(rhs)
62
-
63
- return local_comparison unless local_comparison.zero?
64
-
65
- lhsegments.count <=> rhsegments.count
66
- end
67
-
68
- private
69
-
70
- def normalise_prerelease(version)
71
- # Python has reserved words for release states, which are treated
72
- # as equal (e.g., preview, pre and rc).
73
- # Further, Python treats dashes as a separator between version
74
- # parts and treats the alphabetical characters in strings as the
75
- # start of a new version part (so 1.1a2 == 1.1.alpha.2).
76
- version.
77
- gsub("alpha", "a").
78
- gsub("beta", "b").
79
- gsub("preview", "rc").
80
- gsub("pre", "rc").
81
- gsub(/([\d.\-_])c([\d.\-_])?/, '\1rc\2').
82
- tr("-", ".").
83
- gsub(/(\d)([a-z])/i, '\1.\2')
84
- end
85
- end
86
- end
87
- end
88
- end
data/lib/python_requirement_parser.rb DELETED
@@ -1,33 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- class PythonRequirementParser
4
- NAME = /[a-zA-Z0-9\-_\.]+/.freeze
5
- EXTRA = /[a-zA-Z0-9\-_\.]+/.freeze
6
- COMPARISON = /===|==|>=|<=|<|>|~=|!=/.freeze
7
- VERSION = /[0-9]+[a-zA-Z0-9\-_\.*]*(\+[0-9a-zA-Z]+(\.[0-9a-zA-Z]+)*)?/.freeze
8
- REQUIREMENT =
9
- /(?<comparison>#{COMPARISON})\s*\\?\s*(?<version>#{VERSION})/.freeze
10
- HASH = /--hash=(?<algorithm>.*?):(?<hash>.*?)(?=\s|$)/.freeze
11
- REQUIREMENTS = /#{REQUIREMENT}(\s*,\s*\\?\s*#{REQUIREMENT})*/.freeze
12
- HASHES = /#{HASH}(\s*\\?\s*#{HASH})*/.freeze
13
-
14
- INSTALL_REQ_WITH_REQUIREMENT =
15
- /\s*\\?\s*(?<name>#{NAME})
16
- \s*\\?\s*(\[\s*(?<extras>#{EXTRA}(\s*,\s*#{EXTRA})*)\s*\])?
17
- \s*\\?\s*(?<requirements>#{REQUIREMENTS})
18
- \s*\\?\s*(?<hashes>#{HASHES})?
19
- \s*#*\s*(?<comment>.+)?
20
- /x.freeze
21
-
22
- INSTALL_REQ_WITHOUT_REQUIREMENT =
23
- /^\s*\\?\s*(?<name>#{NAME})
24
- \s*\\?\s*(\[\s*(?<extras>#{EXTRA}(\s*,\s*#{EXTRA})*)\s*\])?
25
- \s*\\?\s*(?<hashes>#{HASHES})?
26
- \s*#*\s*(?<comment>.+)?$
27
- /x.freeze
28
-
29
- NAME_WITH_EXTRAS =
30
- /\s*\\?\s*(?<name>#{NAME})
31
- (\s*\\?\s*\[\s*(?<extras>#{EXTRA}(\s*,\s*#{EXTRA})*)\s*\])?
32
- /x.freeze
33
- end
data/lib/python_versions.rb DELETED
@@ -1,21 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- module PythonVersions
4
- # Poetry doesn't handle Python versions, so we have to do so manually
5
- # (checking from a list of versions Poetry supports).
6
- # This list gets iterated through to find a valid version, so we have
7
- # the two pre-installed versions listed first.
8
- PYTHON_VERSIONS = %w(
9
- 3.6.7 2.7.15
10
- 3.7.1 3.7.0
11
- 3.6.7 3.6.6 3.6.5 3.6.4 3.6.3 3.6.2 3.6.1 3.6.0
12
- 3.5.6 3.5.5 3.5.4 3.5.3 3.5.2 3.5.1 3.5.0
13
- 3.4.9 3.4.8 3.4.7 3.4.6 3.4.5 3.4.4 3.4.3 3.4.2 3.4.1 3.4.0
14
- 2.7.15 2.7.14 2.7.13 2.7.12 2.7.11 2.7.10 2.7.9 2.7.8 2.7.7 2.7.6 2.7.5
15
- 2.7.4 2.7.3 2.7.2 2.7.1 2.7
16
- ).freeze
17
-
18
- PRE_INSTALLED_PYTHON_VERSIONS = %w(
19
- 3.6.7 2.7.15
20
- ).freeze
21
- end