dependabot-python 0.107.24 → 0.107.25

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: faed35ee41af0652992e9c0d8aecb5e51fdca74e0984a9c19ee3edd665bd308f
4
- data.tar.gz: 4910c7f45237439ca07b68a3d9510efe0f1a52ab90e74e1976120fd07eaade26
3
+ metadata.gz: a84de32948f79a0eb46f7c476d0699f48bca973350ef98a144d3d0d4fc3ba4da
4
+ data.tar.gz: 9b0b1fb0a17c600f89c468985b9dc4fbaa71cffea0d6d25b4da7a9772977ee9c
5
5
  SHA512:
6
- metadata.gz: 3fc124f843703e237947a0bd7ca7a80fb54e553ac7828b8eae564d164ef714175988a56953447a53f59d15a0f3c7ce38a157c47ba3827b73034b82891d03ad19
7
- data.tar.gz: 48fcefacf10fefd181b04a4294ee90123f3d713c3653ddaf9ac7db5e3d60d289640fafdca513521406c8995a6fb0387613fc3339c52b887d30d0f30e1df0238c
6
+ metadata.gz: 1d5bde042246a5025221ce296a8c1d8167e552fa8a85df240abbbf3e68786ccfb9c834cf69318f65676a8ebaaa5040e31e34fab470c3a8fa55e314ca5147b92b
7
+ data.tar.gz: c46a52051f3c8146a44dc5203beeb1a679de2f14e56df4c1918668f7311a4a369bb8c6f67a5a0b0bef218e6ba3119238864d539212ca2747f2de38a8a4d3ff53
@@ -6,4 +6,4 @@ pipfile==0.0.2
6
6
  poetry==0.12.16
7
7
 
8
8
  # Some dependencies will only install if Cython is present
9
- Cython==0.29.7
9
+ Cython==0.29.9
@@ -9,6 +9,8 @@ module Dependabot
9
9
  module Python
10
10
  class FileUpdater
11
11
  class RequirementFileUpdater
12
+ require_relative "requirement_replacer"
13
+
12
14
  attr_reader :dependencies, :dependency_files, :credentials
13
15
 
14
16
  def initialize(dependencies:, dependency_files:, credentials:)
@@ -50,105 +52,13 @@ module Dependabot
50
52
  def updated_requirement_or_setup_file_content(new_req, old_req)
51
53
  content = get_original_file(new_req.fetch(:file)).content
52
54
 
53
- updated_content =
54
- content.gsub(
55
- original_declaration_replacement_regex(old_req),
56
- updated_dependency_declaration_string(new_req, old_req)
57
- )
58
-
59
- raise "Expected content to change!" if content == updated_content
60
-
61
- updated_content
62
- end
63
-
64
- def original_dependency_declaration_string(requirement)
65
- regex = RequirementParser::INSTALL_REQ_WITH_REQUIREMENT
66
- matches = []
67
-
68
- get_original_file(requirement.fetch(:file)).
69
- content.scan(regex) { matches << Regexp.last_match }
70
- dec = matches.
71
- select { |m| normalise(m[:name]) == dependency.name }.
72
- find do |m|
73
- # The FileParser can mess up a requirement's spacing so we
74
- # sanitize both requirements before comparing
75
- f_req = m[:requirements]&.gsub(/\s/, "")&.split(",")&.sort
76
- p_req = requirement.fetch(:requirement)&.
77
- gsub(/\s/, "")&.split(",")&.sort
78
- f_req == p_req
79
- end
80
-
81
- raise "Declaration not found for #{dependency.name}!" unless dec
82
-
83
- dec.to_s.strip
84
- end
85
-
86
- def updated_dependency_declaration_string(new_req, old_req)
87
- updated_string =
88
- original_dependency_declaration_string(old_req).sub(
89
- RequirementParser::REQUIREMENTS,
90
- new_req.fetch(:requirement)
91
- )
92
- return updated_string unless requirement_includes_hashes?(old_req)
93
-
94
- updated_string.sub(
95
- RequirementParser::HASHES,
96
- package_hashes_for(
97
- name: dependency.name,
98
- version: dependency.version,
99
- algorithm: hash_algorithm(old_req)
100
- ).join(hash_separator(old_req))
101
- )
102
- end
103
-
104
- def original_declaration_replacement_regex(requirement)
105
- original_string =
106
- original_dependency_declaration_string(requirement)
107
- /(?<![\-\w])#{Regexp.escape(original_string)}(?![\-\w])/
108
- end
109
-
110
- def requirement_includes_hashes?(requirement)
111
- original_dependency_declaration_string(requirement).
112
- match?(RequirementParser::HASHES)
113
- end
114
-
115
- def hash_algorithm(requirement)
116
- return unless requirement_includes_hashes?(requirement)
117
-
118
- original_dependency_declaration_string(requirement).
119
- match(RequirementParser::HASHES).
120
- named_captures.fetch("algorithm")
121
- end
122
-
123
- def hash_separator(requirement)
124
- return unless requirement_includes_hashes?(requirement)
125
-
126
- hash_regex = RequirementParser::HASH
127
- current_separator =
128
- original_dependency_declaration_string(requirement).
129
- match(/#{hash_regex}((?<separator>\s*\\?\s*?)#{hash_regex})*/).
130
- named_captures.fetch("separator")
131
-
132
- default_separator =
133
- original_dependency_declaration_string(requirement).
134
- match(RequirementParser::HASH).
135
- pre_match.match(/(?<separator>\s*\\?\s*?)\z/).
136
- named_captures.fetch("separator")
137
-
138
- current_separator || default_separator
139
- end
140
-
141
- def package_hashes_for(name:, version:, algorithm:)
142
- SharedHelpers.run_helper_subprocess(
143
- command: "pyenv exec python #{NativeHelpers.python_helper_path}",
144
- function: "get_dependency_hash",
145
- args: [name, version, algorithm]
146
- ).map { |h| "--hash=#{algorithm}:#{h['hash']}" }
147
- end
148
-
149
- # See https://www.python.org/dev/peps/pep-0503/#normalized-names
150
- def normalise(name)
151
- name.downcase.gsub(/[-_.]+/, "-")
55
+ RequirementReplacer.new(
56
+ content: content,
57
+ dependency_name: dependency.name,
58
+ old_requirement: old_req.fetch(:requirement),
59
+ new_requirement: new_req.fetch(:requirement),
60
+ new_hash_version: dependency.version
61
+ ).updated_content
152
62
  end
153
63
 
154
64
  def get_original_file(filename)
@@ -3,20 +3,19 @@
3
3
  require "dependabot/python/requirement_parser"
4
4
  require "dependabot/python/file_updater"
5
5
  require "dependabot/shared_helpers"
6
+ require "dependabot/python/native_helpers"
6
7
 
7
8
  module Dependabot
8
9
  module Python
9
10
  class FileUpdater
10
11
  class RequirementReplacer
11
- attr_reader :content, :dependency_name, :old_requirement,
12
- :new_requirement
13
-
14
12
  def initialize(content:, dependency_name:, old_requirement:,
15
- new_requirement:)
16
- @content = content
17
- @dependency_name = dependency_name
18
- @old_requirement = old_requirement
19
- @new_requirement = new_requirement
13
+ new_requirement:, new_hash_version: nil)
14
+ @content = content
15
+ @dependency_name = dependency_name
16
+ @old_requirement = old_requirement
17
+ @new_requirement = new_requirement
18
+ @new_hash_version = new_hash_version
20
19
  end
21
20
 
22
21
  def updated_content
@@ -26,10 +25,7 @@ module Dependabot
26
25
  # ignore it, since it isn't actually a declaration
27
26
  next mtch if Regexp.last_match.pre_match.match?(/--.*\z/)
28
27
 
29
- updated_dependency_declaration_string(
30
- old_requirement,
31
- new_requirement
32
- )
28
+ updated_dependency_declaration_string
33
29
  end
34
30
 
35
31
  raise "Expected content to change!" if content == updated_content
@@ -39,6 +35,113 @@ module Dependabot
39
35
 
40
36
  private
41
37
 
38
+ attr_reader :content, :dependency_name, :old_requirement,
39
+ :new_requirement, :new_hash_version
40
+
41
+ def update_hashes?
42
+ !new_hash_version.nil?
43
+ end
44
+
45
+ def updated_requirement_string
46
+ new_req_string = new_requirement
47
+
48
+ if add_space_after_commas?
49
+ new_req_string = new_req_string.gsub(/,\s*/, ", ")
50
+ end
51
+
52
+ if add_space_after_operators?
53
+ new_req_string =
54
+ new_req_string.
55
+ gsub(/(#{RequirementParser::COMPARISON})\s*(?=\d)/, '\1 ')
56
+ end
57
+
58
+ new_req_string
59
+ end
60
+
61
+ def updated_dependency_declaration_string
62
+ old_req = old_requirement
63
+ updated_string =
64
+ if old_req
65
+ original_dependency_declaration_string(old_req).
66
+ sub(RequirementParser::REQUIREMENTS, updated_requirement_string)
67
+ else
68
+ original_dependency_declaration_string(old_req).
69
+ sub(RequirementParser::NAME_WITH_EXTRAS) do |nm|
70
+ nm + updated_requirement_string
71
+ end
72
+ end
73
+
74
+ unless update_hashes? && requirement_includes_hashes?(old_req)
75
+ return updated_string
76
+ end
77
+
78
+ updated_string.sub(
79
+ RequirementParser::HASHES,
80
+ package_hashes_for(
81
+ name: dependency_name,
82
+ version: new_hash_version,
83
+ algorithm: hash_algorithm(old_req)
84
+ ).join(hash_separator(old_req))
85
+ )
86
+ end
87
+
88
+ def add_space_after_commas?
89
+ original_dependency_declaration_string(old_requirement).
90
+ match(RequirementParser::REQUIREMENTS).
91
+ to_s.include?(", ")
92
+ end
93
+
94
+ def add_space_after_operators?
95
+ original_dependency_declaration_string(old_requirement).
96
+ match(RequirementParser::REQUIREMENTS).
97
+ to_s.match?(/#{RequirementParser::COMPARISON}\s+\d/)
98
+ end
99
+
100
+ def original_declaration_replacement_regex
101
+ original_string =
102
+ original_dependency_declaration_string(old_requirement)
103
+ /(?<![\-\w\.\[])#{Regexp.escape(original_string)}(?![\-\w\.])/
104
+ end
105
+
106
+ def requirement_includes_hashes?(requirement)
107
+ original_dependency_declaration_string(requirement).
108
+ match?(RequirementParser::HASHES)
109
+ end
110
+
111
+ def hash_algorithm(requirement)
112
+ return unless requirement_includes_hashes?(requirement)
113
+
114
+ original_dependency_declaration_string(requirement).
115
+ match(RequirementParser::HASHES).
116
+ named_captures.fetch("algorithm")
117
+ end
118
+
119
+ def hash_separator(requirement)
120
+ return unless requirement_includes_hashes?(requirement)
121
+
122
+ hash_regex = RequirementParser::HASH
123
+ current_separator =
124
+ original_dependency_declaration_string(requirement).
125
+ match(/#{hash_regex}((?<separator>\s*\\?\s*?)#{hash_regex})*/).
126
+ named_captures.fetch("separator")
127
+
128
+ default_separator =
129
+ original_dependency_declaration_string(requirement).
130
+ match(RequirementParser::HASH).
131
+ pre_match.match(/(?<separator>\s*\\?\s*?)\z/).
132
+ named_captures.fetch("separator")
133
+
134
+ current_separator || default_separator
135
+ end
136
+
137
+ def package_hashes_for(name:, version:, algorithm:)
138
+ SharedHelpers.run_helper_subprocess(
139
+ command: "pyenv exec python #{NativeHelpers.python_helper_path}",
140
+ function: "get_dependency_hash",
141
+ args: [name, version, algorithm]
142
+ ).map { |h| "--hash=#{algorithm}:#{h['hash']}" }
143
+ end
144
+
42
145
  def original_dependency_declaration_string(old_req)
43
146
  matches = []
44
147
 
@@ -60,24 +163,6 @@ module Dependabot
60
163
  dec.to_s.strip
61
164
  end
62
165
 
63
- def updated_dependency_declaration_string(old_req, new_req)
64
- if old_req
65
- original_dependency_declaration_string(old_req).
66
- sub(RequirementParser::REQUIREMENTS, new_req)
67
- else
68
- original_dependency_declaration_string(old_req).
69
- sub(RequirementParser::NAME_WITH_EXTRAS) do |nm|
70
- nm + new_req
71
- end
72
- end
73
- end
74
-
75
- def original_declaration_replacement_regex
76
- original_string =
77
- original_dependency_declaration_string(old_requirement)
78
- /(?<![\-\w\.\[])#{Regexp.escape(original_string)}(?![\-\w\.])/
79
- end
80
-
81
166
  # See https://www.python.org/dev/peps/pep-0503/#normalized-names
82
167
  def normalise(name)
83
168
  name.downcase.gsub(/[-_.]+/, "-")
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.107.24
4
+ version: 0.107.25
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-05-28 00:00:00.000000000 Z
11
+ date: 2019-05-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.107.24
19
+ version: 0.107.25
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.107.24
26
+ version: 0.107.25
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement