dependabot-core 0.78.0 → 0.79.0

data/lib/dependabot/update_checkers.rb

@@ -1,7 +1,6 @@
 # frozen_string_literal: true
 
 require "dependabot/update_checkers/ruby/bundler"
-require "dependabot/update_checkers/python/pip"
 require "dependabot/update_checkers/java_script/npm_and_yarn"
 require "dependabot/update_checkers/java/maven"
 require "dependabot/update_checkers/java/gradle"
@@ -20,7 +19,6 @@ module Dependabot
       "npm_and_yarn" => UpdateCheckers::JavaScript::NpmAndYarn,
       "maven" => UpdateCheckers::Java::Maven,
       "gradle" => UpdateCheckers::Java::Gradle,
-      "pip" => UpdateCheckers::Python::Pip,
       "composer" => UpdateCheckers::Php::Composer,
       "hex" => UpdateCheckers::Elixir::Hex,
       "cargo" => UpdateCheckers::Rust::Cargo,

data/lib/dependabot/utils.rb

@@ -5,7 +5,6 @@ require "dependabot/utils/elixir/version"
 require "dependabot/utils/java/version"
 require "dependabot/utils/java_script/version"
 require "dependabot/utils/php/version"
-require "dependabot/utils/python/version"
 require "dependabot/utils/rust/version"
 require "dependabot/utils/go/version"
 require "dependabot/utils/elm/version"
@@ -15,7 +14,6 @@ require "dependabot/utils/elixir/requirement"
 require "dependabot/utils/java/requirement"
 require "dependabot/utils/java_script/requirement"
 require "dependabot/utils/php/requirement"
-require "dependabot/utils/python/requirement"
 require "dependabot/utils/ruby/requirement"
 require "dependabot/utils/rust/requirement"
 require "dependabot/utils/go/requirement"
@@ -33,7 +31,6 @@ module Dependabot
       "maven" => Utils::Java::Version,
       "gradle" => Utils::Java::Version,
       "npm_and_yarn" => Utils::JavaScript::Version,
-      "pip" => Utils::Python::Version,
       "composer" => Utils::Php::Version,
       "hex" => Utils::Elixir::Version,
       "cargo" => Utils::Rust::Version,
@@ -61,7 +58,6 @@ module Dependabot
       "maven" => Utils::Java::Requirement,
       "gradle" => Utils::Java::Requirement,
       "npm_and_yarn" => Utils::JavaScript::Requirement,
-      "pip" => Utils::Python::Requirement,
       "composer" => Utils::Php::Requirement,
       "hex" => Utils::Elixir::Requirement,
       "cargo" => Utils::Rust::Requirement,

data/lib/dependabot/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.78.0"
+  VERSION = "0.79.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-core
 version: !ruby/object:Gem::Version
-  version: 0.78.0
+  version: 0.79.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-12-07 00:00:00.000000000 Z
+date: 2018-12-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-ecr
@@ -340,11 +340,6 @@ files:
 - helpers/php/src/Hasher.php
 - helpers/php/src/UpdateChecker.php
 - helpers/php/src/Updater.php
-- helpers/python/lib/__init__.py
-- helpers/python/lib/hasher.py
-- helpers/python/lib/parser.py
-- helpers/python/requirements.txt
-- helpers/python/run.py
 - helpers/test/run.rb
 - helpers/utils/git-credential-store-immutable
 - helpers/yarn/.eslintrc
@@ -393,7 +388,6 @@ files:
 - lib/dependabot/file_fetchers/java_script/npm_and_yarn.rb
 - lib/dependabot/file_fetchers/java_script/npm_and_yarn/path_dependency_builder.rb
 - lib/dependabot/file_fetchers/php/composer.rb
-- lib/dependabot/file_fetchers/python/pip.rb
 - lib/dependabot/file_fetchers/ruby/bundler.rb
 - lib/dependabot/file_fetchers/ruby/bundler/child_gemfile_finder.rb
 - lib/dependabot/file_fetchers/ruby/bundler/path_gemspec_finder.rb
@@ -420,10 +414,6 @@ files:
 - lib/dependabot/file_parsers/java/maven/repositories_finder.rb
 - lib/dependabot/file_parsers/java_script/npm_and_yarn.rb
 - lib/dependabot/file_parsers/php/composer.rb
-- lib/dependabot/file_parsers/python/pip.rb
-- lib/dependabot/file_parsers/python/pip/pipfile_files_parser.rb
-- lib/dependabot/file_parsers/python/pip/poetry_files_parser.rb
-- lib/dependabot/file_parsers/python/pip/setup_file_parser.rb
 - lib/dependabot/file_parsers/ruby/bundler.rb
 - lib/dependabot/file_parsers/ruby/bundler/file_preparer.rb
 - lib/dependabot/file_parsers/ruby/bundler/gemfile_checker.rb
@@ -464,16 +454,6 @@ files:
 - lib/dependabot/file_updaters/php/composer.rb
 - lib/dependabot/file_updaters/php/composer/lockfile_updater.rb
 - lib/dependabot/file_updaters/php/composer/manifest_updater.rb
-- lib/dependabot/file_updaters/python/pip.rb
-- lib/dependabot/file_updaters/python/pip/pip_compile_file_updater.rb
-- lib/dependabot/file_updaters/python/pip/pipfile_file_updater.rb
-- lib/dependabot/file_updaters/python/pip/pipfile_preparer.rb
-- lib/dependabot/file_updaters/python/pip/poetry_file_updater.rb
-- lib/dependabot/file_updaters/python/pip/pyproject_preparer.rb
-- lib/dependabot/file_updaters/python/pip/requirement_file_updater.rb
-- lib/dependabot/file_updaters/python/pip/requirement_replacer.rb
-- lib/dependabot/file_updaters/python/pip/setup_file_sanitizer.rb
-- lib/dependabot/file_updaters/ruby/.DS_Store
 - lib/dependabot/file_updaters/ruby/bundler.rb
 - lib/dependabot/file_updaters/ruby/bundler/gemfile_updater.rb
 - lib/dependabot/file_updaters/ruby/bundler/gemspec_dependency_name_finder.rb
@@ -501,7 +481,6 @@ files:
 - lib/dependabot/metadata_finders/java/maven.rb
 - lib/dependabot/metadata_finders/java_script/npm_and_yarn.rb
 - lib/dependabot/metadata_finders/php/composer.rb
-- lib/dependabot/metadata_finders/python/pip.rb
 - lib/dependabot/metadata_finders/ruby/bundler.rb
 - lib/dependabot/metadata_finders/rust/cargo.rb
 - lib/dependabot/pull_request_creator.rb
@@ -555,12 +534,6 @@ files:
 - lib/dependabot/update_checkers/php/composer.rb
 - lib/dependabot/update_checkers/php/composer/requirements_updater.rb
 - lib/dependabot/update_checkers/php/composer/version_resolver.rb
-- lib/dependabot/update_checkers/python/pip.rb
-- lib/dependabot/update_checkers/python/pip/latest_version_finder.rb
-- lib/dependabot/update_checkers/python/pip/pip_compile_version_resolver.rb
-- lib/dependabot/update_checkers/python/pip/pipfile_version_resolver.rb
-- lib/dependabot/update_checkers/python/pip/poetry_version_resolver.rb
-- lib/dependabot/update_checkers/python/pip/requirements_updater.rb
 - lib/dependabot/update_checkers/ruby/bundler.rb
 - lib/dependabot/update_checkers/ruby/bundler/file_preparer.rb
 - lib/dependabot/update_checkers/ruby/bundler/force_updater.rb
@@ -590,14 +563,10 @@ files:
 - lib/dependabot/utils/java_script/version.rb
 - lib/dependabot/utils/php/requirement.rb
 - lib/dependabot/utils/php/version.rb
-- lib/dependabot/utils/python/requirement.rb
-- lib/dependabot/utils/python/version.rb
 - lib/dependabot/utils/ruby/requirement.rb
 - lib/dependabot/utils/rust/requirement.rb
 - lib/dependabot/utils/rust/version.rb
 - lib/dependabot/version.rb
-- lib/python_requirement_parser.rb
-- lib/python_versions.rb
 homepage: https://github.com/dependabot/dependabot-core
 licenses:
 - Nonstandard
@@ -618,7 +587,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: 2.7.3
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.7.8
+rubygems_version: 2.7.7
 signing_key: 
 specification_version: 4
 summary: Automated dependency management

data/helpers/python/lib/hasher.py

@@ -1,23 +0,0 @@
-import hashin
-import json
-import pipfile
-from poetry.poetry import Poetry
-
-def get_dependency_hash(dependency_name, dependency_version, algorithm):
-    hashes = hashin.get_package_hashes(
-        dependency_name,
-        version=dependency_version,
-        algorithm=algorithm
-    )
-
-    return json.dumps({ "result": hashes["hashes"] })
-
-def get_pipfile_hash(directory):
-    p = pipfile.load(directory + '/Pipfile')
-
-    return json.dumps({ "result": p.hash })
-
-def get_pyproject_hash(directory):
-    p = Poetry.create(directory)
-
-    return json.dumps({ "result": p.locker._get_content_hash() })

data/helpers/python/lib/parser.py

@@ -1,130 +0,0 @@
-from itertools import chain
-import glob
-import io
-import json
-import os.path
-import re
-
-import setuptools
-import pip._internal.req.req_file
-from pip._internal.download import PipSession
-from pip._internal.req.constructors import install_req_from_line
-
-def parse_requirements(directory):
-    # Parse the requirements.txt
-    requirement_packages = []
-
-    requirement_files = glob.glob(os.path.join(directory, '*.txt')) \
-                        + glob.glob(os.path.join(directory, '**', '*.txt'))
-
-    pip_compile_files = glob.glob(os.path.join(directory, '*.in')) \
-                        + glob.glob(os.path.join(directory, '**', '*.in'))
-
-    for reqs_file in requirement_files + pip_compile_files:
-        try:
-            requirements = pip._internal.req.req_file.parse_requirements(
-                reqs_file,
-                session=PipSession()
-            )
-            for install_req in requirements:
-                if install_req.original_link:
-                    continue
-                if install_req.is_pinned:
-                    version = next(iter(install_req.specifier)).version
-                else:
-                    version = None
-
-                pattern = r"-[cr] (.*) \(line \d+\)"
-                abs_path = re.search(pattern, install_req.comes_from).group(1)
-                rel_path = os.path.relpath(abs_path, directory)
-
-                requirement_packages.append({
-                    "name": install_req.req.name,
-                    "version": version,
-                    "markers": str(install_req.markers) or None,
-                    "file": rel_path,
-                    "requirement": str(install_req.specifier) or None
-                })
-        except Exception as e:
-            print(json.dumps({ "error": repr(e) }))
-            exit(1)
-
-    return json.dumps({ "result": requirement_packages })
-
-def parse_setup(directory):
-    # Parse the setup.py
-    setup_packages = []
-    if os.path.isfile(directory + '/setup.py'):
-        def parse_requirement(req, req_type):
-            install_req = install_req_from_line(req)
-            if install_req.original_link:
-                return
-            if install_req.is_pinned:
-                version = next(iter(install_req.specifier)).version
-            else:
-                version = None
-            setup_packages.append({
-                "name": install_req.req.name,
-                "version": version,
-                "markers": str(install_req.markers) or None,
-                "file": "setup.py",
-                "requirement": str(install_req.specifier) or None,
-                "requirement_type": req_type
-            })
-
-        def setup(*args, **kwargs):
-            for arg in ['setup_requires', 'install_requires', 'tests_require']:
-                if not kwargs.get(arg):
-                    continue
-                for req in kwargs.get(arg):
-                    parse_requirement(req, arg)
-            extras_require_dict = kwargs.get('extras_require', {})
-            for key in extras_require_dict:
-                for req in extras_require_dict[key]:
-                    parse_requirement(req, 'extras_require:{}'.format(key))
-        setuptools.setup = setup
-
-        def noop(*args, **kwargs):
-            pass
-
-        def fake_parse(*args, **kwargs):
-            return []
-
-        global fake_open
-        def fake_open(*args, **kwargs):
-            content = ("VERSION = ('0', '0', '1+dependabot')\n"
-                       "__version__ = '0.0.1+dependabot'\n"
-                       "__author__ = 'someone'\n"
-                       "__title__ = 'something'\n"
-                       "__description__ = 'something'\n"
-                       "__author_email__ = 'something'\n"
-                       "__license__ = 'something'\n"
-                       "__url__ = 'something'\n")
-            return io.StringIO(content)
-
-        content = open(directory + '/setup.py', 'r').read()
-
-        # Remove `print`, `open`, `log` and import statements
-        content = re.sub(r"print\s*\(", "noop(", content)
-        content = re.sub(r"log\s*(\.\w+)*\(", "noop(", content)
-        content = re.sub(r"\b(\w+\.)*(open|file)\s*\(", "fake_open(", content)
-        content = content.replace("parse_requirements(", "fake_parse(")
-        version_re = re.compile(r"^.*import.*__version__.*$", re.MULTILINE)
-        content = re.sub(version_re, "", content)
-
-        # Set variables likely to be imported
-        __version__ = '0.0.1+dependabot'
-        __author__ = 'someone'
-        __title__ = 'something'
-        __description__ = 'something'
-        __author_email__ = 'something'
-        __license__ = 'something'
-        __url__ = 'something'
-
-        # Run as main (since setup.py is a script)
-        __name__ = '__main__'
-
-        # Exec the setup.py
-        exec(content) in globals(), locals()
-
-    return json.dumps({ "result": setup_packages })

data/helpers/python/requirements.txt

@@ -1,9 +0,0 @@
-pip==18.1
-pip-tools==3.1.0
-hashin==0.14.0
-pipenv==2018.11.26
-pipfile==0.0.2
-poetry==0.12.10
-
-# Some dependencies will only install if Cython is present
-Cython==0.29.1

data/helpers/python/run.py

@@ -1,18 +0,0 @@
-import sys
-import json
-
-from lib import parser, hasher
-
-if __name__ == "__main__":
-    args = json.loads(sys.stdin.read())
-
-    if args["function"] == "parse_requirements":
-        print(parser.parse_requirements(args["args"][0]))
-    if args["function"] == "parse_setup":
-        print(parser.parse_setup(args["args"][0]))
-    elif args["function"] == "get_dependency_hash":
-        print(hasher.get_dependency_hash(*args["args"]))
-    elif args["function"] == "get_pipfile_hash":
-        print(hasher.get_pipfile_hash(*args["args"]))
-    elif args["function"] == "get_pyproject_hash":
-        print(hasher.get_pyproject_hash(*args["args"]))

data/lib/dependabot/file_fetchers/python/pip.rb

@@ -1,305 +0,0 @@
-# frozen_string_literal: true
-
-require "toml-rb"
-
-require "dependabot/file_fetchers/base"
-require "dependabot/file_parsers/python/pip"
-require "dependabot/errors"
-
-module Dependabot
-  module FileFetchers
-    module Python
-      class Pip < Dependabot::FileFetchers::Base
-        CHILD_REQUIREMENT_REGEX = /^-r\s?(?<path>.*\.txt)/.freeze
-        CONSTRAINT_REGEX = /^-c\s?(?<path>\..*)/.freeze
-
-        def self.required_files_in?(filenames)
-          return true if filenames.any? { |name| name.end_with?(".txt", ".in") }
-
-          # If there is a directory of requirements return true
-          return true if filenames.include?("requirements")
-
-          # If this repo is using a Pipfile return true
-          return true if filenames.include?("Pipfile")
-
-          # If this repo is using Poetry return true
-          return true if filenames.include?("pyproject.toml")
-
-          filenames.include?("setup.py")
-        end
-
-        def self.required_files_message
-          "Repo must contain a requirements.txt, setup.py, pyproject.toml, "\
-          "or a Pipfile."
-        end
-
-        private
-
-        def fetch_files
-          fetched_files = []
-
-          fetched_files += pipenv_files
-          fetched_files += pyproject_files
-
-          fetched_files += requirements_in_files
-          fetched_files += requirement_files if requirements_txt_files.any?
-
-          fetched_files << setup_file if setup_file
-          fetched_files << setup_cfg if setup_cfg
-          fetched_files += path_setup_files
-          fetched_files << pip_conf if pip_conf
-          fetched_files << python_version if python_version
-
-          check_required_files_present
-          fetched_files.uniq
-        end
-
-        def pipenv_files
-          [pipfile, pipfile_lock].compact
-        end
-
-        def pyproject_files
-          [pyproject, pyproject_lock, poetry_lock].compact
-        end
-
-        def requirement_files
-          [
-            *requirements_txt_files,
-            *child_requirement_files,
-            *constraints_files
-          ]
-        end
-
-        def check_required_files_present
-          if requirements_txt_files.any? || setup_file || pipfile || pyproject
-            return
-          end
-
-          path = Pathname.new(File.join(directory, "requirements.txt")).
-                 cleanpath.to_path
-          raise Dependabot::DependencyFileNotFound, path
-        end
-
-        def setup_file
-          @setup_file ||= fetch_file_if_present("setup.py")
-        end
-
-        def setup_cfg
-          @setup_cfg ||= fetch_file_if_present("setup.cfg")
-        end
-
-        def pip_conf
-          @pip_conf ||= fetch_file_if_present("pip.conf")&.
-                        tap { |f| f.support_file = true }
-        end
-
-        def python_version
-          @python_version ||= fetch_file_if_present(".python-version")&.
-                              tap { |f| f.support_file = true }
-        end
-
-        def pipfile
-          @pipfile ||= fetch_file_if_present("Pipfile")
-        end
-
-        def pipfile_lock
-          @pipfile_lock ||= fetch_file_if_present("Pipfile.lock")
-        end
-
-        def pyproject
-          @pyproject ||= fetch_file_if_present("pyproject.toml")
-        end
-
-        def pyproject_lock
-          @pyproject_lock ||= fetch_file_if_present("pyproject.lock")
-        end
-
-        def poetry_lock
-          @poetry_lock ||= fetch_file_if_present("poetry.lock")
-        end
-
-        def requirements_txt_files
-          req_txt_and_in_files.select { |f| f.name.end_with?(".txt") }
-        end
-
-        def requirements_in_files
-          req_txt_and_in_files.select { |f| f.name.end_with?(".in") }
-        end
-
-        def parsed_pipfile
-          raise "No Pipfile" unless pipfile
-
-          @parsed_pipfile ||= TomlRB.parse(pipfile.content)
-        rescue TomlRB::ParseError
-          raise Dependabot::DependencyFileNotParseable, pipfile.path
-        end
-
-        def req_txt_and_in_files
-          return @req_txt_and_in_files if @req_txt_and_in_files
-
-          @req_txt_and_in_files = []
-
-          repo_contents.
-            select { |f| f.type == "file" }.
-            select { |f| f.name.end_with?(".txt", ".in") }.
-            map { |f| fetch_file_from_host(f.name) }.
-            select { |f| requirements_file?(f) }.
-            each { |f| @req_txt_and_in_files << f }
-
-          repo_contents.
-            select { |f| f.type == "dir" }.
-            each { |f| @req_txt_and_in_files += req_files_for_dir(f) }
-
-          @req_txt_and_in_files
-        end
-
-        def req_files_for_dir(requirements_dir)
-          dir = directory.gsub(%r{(^/|/$)}, "")
-          relative_reqs_dir =
-            requirements_dir.path.gsub(%r{^/?#{Regexp.escape(dir)}/?}, "")
-
-          repo_contents(dir: relative_reqs_dir).
-            select { |f| f.type == "file" }.
-            select { |f| f.name.end_with?(".txt", ".in") }.
-            map { |f| fetch_file_from_host("#{relative_reqs_dir}/#{f.name}") }.
-            select { |f| requirements_file?(f) }
-        end
-
-        def child_requirement_files
-          @child_requirement_files ||=
-            begin
-              fetched_files = requirements_txt_files.dup
-              requirements_txt_files.flat_map do |requirement_file|
-                child_files = fetch_child_requirement_files(
-                  file: requirement_file,
-                  previously_fetched_files: fetched_files
-                )
-
-                fetched_files += child_files
-                child_files
-              end
-            end
-        end
-
-        def fetch_child_requirement_files(file:, previously_fetched_files:)
-          paths = file.content.scan(CHILD_REQUIREMENT_REGEX).flatten
-          current_dir = File.dirname(file.name)
-
-          paths.flat_map do |path|
-            path = File.join(current_dir, path) unless current_dir == "."
-            path = Pathname.new(path).cleanpath.to_path
-
-            next if previously_fetched_files.map(&:name).include?(path)
-            next if file.name == path
-
-            fetched_file = fetch_file_from_host(path)
-            grandchild_requirement_files = fetch_child_requirement_files(
-              file: fetched_file,
-              previously_fetched_files: previously_fetched_files + [file]
-            )
-            [fetched_file, *grandchild_requirement_files]
-          end.compact
-        end
-
-        def constraints_files
-          all_requirement_files = requirements_txt_files +
-                                  child_requirement_files
-
-          constraints_paths = all_requirement_files.map do |req_file|
-            req_file.content.scan(CONSTRAINT_REGEX).flatten
-          end.flatten.uniq
-
-          constraints_paths.map { |path| fetch_file_from_host(path) }
-        end
-
-        def path_setup_files
-          path_setup_files = []
-          unfetchable_files = []
-
-          path_setup_file_paths.each do |path|
-            path = Pathname.new(File.join(path, "setup.py")).cleanpath.to_path
-            next if path == "setup.py" && setup_file
-
-            begin
-              path_setup_files << fetch_file_from_host(path).
-                                  tap { |f| f.support_file = true }
-            rescue Dependabot::DependencyFileNotFound
-              unfetchable_files << path
-            end
-
-            begin
-              cfg_path = path.gsub(/\.py$/, ".cfg")
-              path_setup_files << fetch_file_from_host(cfg_path).
-                                  tap { |f| f.support_file = true }
-            rescue Dependabot::DependencyFileNotFound
-              # Ignore lack of a setup.cfg
-              nil
-            end
-          end
-
-          if unfetchable_files.any?
-            raise Dependabot::PathDependenciesNotReachable, unfetchable_files
-          end
-
-          path_setup_files
-        end
-
-        def requirements_file?(file)
-          return true if file.name.match?(/requirements/x)
-
-          content = file.content.
-                    gsub(CONSTRAINT_REGEX, "").
-                    gsub(CHILD_REQUIREMENT_REGEX, "")
-
-          tmp_file = DependencyFile.new(name: file.name, content: content)
-          Dependabot::FileParsers::Python::Pip.
-            new(dependency_files: [tmp_file], source: source).
-            parse.any?
-        rescue Dependabot::DependencyFileNotEvaluatable
-          false
-        end
-
-        def path_setup_file_paths
-          requirement_txt_path_setup_file_paths + pipfile_path_setup_file_paths
-        end
-
-        def requirement_txt_path_setup_file_paths
-          (requirements_txt_files + child_requirement_files).map do |req_file|
-            uneditable_reqs =
-              req_file.content.
-              scan(/^['"]?(?<path>\..*?)(?=\[|#|'|"|$)/).
-              flatten.
-              map(&:strip).
-              reject { |p| p.include?("://") }
-
-            editable_reqs =
-              req_file.content.
-              scan(/^(?:-e)\s+['"]?(?<path>.*?)(?=\[|#|'|"|$)/).
-              flatten.
-              map(&:strip).
-              reject { |p| p.include?("://") }
-
-            uneditable_reqs + editable_reqs
-          end.flatten.uniq
-        end
-
-        def pipfile_path_setup_file_paths
-          return [] unless pipfile
-
-          paths = []
-          %w(packages dev-packages).each do |dep_type|
-            next unless parsed_pipfile[dep_type]
-
-            parsed_pipfile[dep_type].each do |_, req|
-              next unless req.is_a?(Hash) && req["path"]
-
-              paths << req["path"]
-            end
-          end
-
-          paths
-        end
-      end
-    end
-  end
-end