dependabot-python 0.110.14 → 0.110.15

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ce7ac9110e4d9fad6510995f9938ccfac0ac5ce62bb7b56b6bd5be4ba3b5dc2a
-  data.tar.gz: f0205fc6e19195f880333699486db230111912b3c79dfbde3fd02eb82b91df61
+  metadata.gz: 969f78c93199f4f7e88eae9764b88b6a3a76a0860c001c4fdb015205b39cf389
+  data.tar.gz: 9ba61eb87fd7b02cc18e448805b669cac0918f9e7e7485f3db214d4065aebb1f
 SHA512:
-  metadata.gz: a51dbc2c9bf9baec3d0e7b0081a90d3022e5f5a55a80e4489407a73fdaab0518e4ab15fc5bda18a95bc1b73e68c6d255b8214ccff06481506a312b56a2874f1e
-  data.tar.gz: a37f6ba59bd5009201c3b4242c7a1f6244bcc35429c9764a291b6f392538c1d508e62bbb89ccc1ba74fe47c1ffa5eaa835c1325d086255fdf505a1ccd484babd
+  metadata.gz: 0c62bbd0a1226594028680de60f154da19915133c2d2c97f090df9422d6dde4db493bcafbf5c1c69a036c018d86760c9fa79d1c9f05e946083e687f6d8b706b9
+  data.tar.gz: b39902d947dea6a3bd912cda1faf76dee526cb68c8bf1d62d7a6a0989b892c4c01949015737a5653495f2bf918b29f9e188ec9eeeffc20a2dae883e684719ddb

data/lib/dependabot/python/file_parser/python_requirement_parser.rb

@@ -17,12 +17,12 @@ module Dependabot
           @dependency_files = dependency_files
         end
 
-        # TODO: Parse setup.py and setup.cfg to get python requirement
         def user_specified_requirement
           pipfile_python_requirement ||
             pyproject_python_requirement ||
             python_version_file_version ||
-            runtime_file_python_version
+            runtime_file_python_version ||
+            setup_file_requirement
         end
 
         # TODO: Add better Python version detection using dependency versions
@@ -88,18 +88,12 @@ module Dependabot
           file_version
         end
 
-        def pipenv_python_requirement
-          pipfile_lock_python_version || pipfile_python_requirement
-        end
-
-        def pipfile_lock_python_version
-          return unless pipfile_lock
+        def setup_file_requirement
+          return unless setup_file
 
-          JSON.parse(pipfile_lock.content).dig(
-            "_meta",
-            "host-environment-markers",
-            "python_full_version"
-          )
+          setup_file.content.
+            match(/python_requires\s*=\s*['"](?<req>[^'"]+)['"]/)&.
+            named_captures&.fetch("req")&.strip
         end
 
         def pyenv_versions
@@ -140,12 +134,8 @@ module Dependabot
           dependency_files.find { |f| f.name == "pyproject.toml" }
         end
 
-        def setup_files
-          dependency_files.select { |f| f.name.end_with?("setup.py") }
-        end
-
-        def setup_cfg_files
-          dependency_files.select { |f| f.name.end_with?("setup.cfg") }
+        def setup_file
+          dependency_files.find { |f| f.name == "setup.py" }
         end
 
         def python_version_file

data/lib/dependabot/python/update_checker.rb

@@ -16,6 +16,7 @@ module Dependabot
       require_relative "update_checker/poetry_version_resolver"
       require_relative "update_checker/pipenv_version_resolver"
       require_relative "update_checker/pip_compile_version_resolver"
+      require_relative "update_checker/pip_version_resolver"
       require_relative "update_checker/requirements_updater"
       require_relative "update_checker/latest_version_finder"
 
@@ -45,10 +46,7 @@ module Dependabot
               requirement: unlocked_requirement_string
             )
           when :requirements
-            # pip doesn't (yet) do any dependency resolution, so if we don't
-            # have a Pipfile or a pip-compile file, we just return the latest
-            # version.
-            latest_version
+            pip_version_resolver.latest_resolvable_version
           else raise "Unexpected resolver type #{resolver_type}"
           end
       end
@@ -69,7 +67,7 @@ module Dependabot
               requirement: current_requirement_string
             )
           when :requirements
-            latest_pip_version_with_no_unlock
+            pip_version_resolver.latest_resolvable_version_with_no_unlock
           else raise "Unexpected resolver type #{resolver_type}"
           end
       end
@@ -121,7 +119,10 @@ module Dependabot
       def fetch_lowest_resolvable_security_fix_version
         fix_version = latest_version_finder.lowest_security_fix_version
         return latest_resolvable_version if fix_version.nil?
-        return fix_version if resolver_type == :requirements
+
+        if resolver_type == :requirements
+          return pip_version_resolver.lowest_resolvable_security_fix_version
+        end
 
         resolver =
           case resolver_type
@@ -186,6 +187,16 @@ module Dependabot
         @poetry_version_resolver ||= PoetryVersionResolver.new(resolver_args)
       end
 
+      def pip_version_resolver
+        @pip_version_resolver ||= PipVersionResolver.new(
+          dependency: dependency,
+          dependency_files: dependency_files,
+          credentials: credentials,
+          ignored_versions: ignored_versions,
+          security_advisories: security_advisories
+        )
+      end
+
       def resolver_args
         {
           dependency: dependency,
@@ -243,10 +254,6 @@ module Dependabot
         latest_version_finder.latest_version
       end
 
-      def latest_pip_version_with_no_unlock
-        latest_version_finder.latest_version_with_no_unlock
-      end
-
       def latest_version_finder
         @latest_version_finder ||= LatestVersionFinder.new(
           dependency: dependency,

data/lib/dependabot/python/update_checker/pip_version_resolver.rb

@@ -0,0 +1,89 @@
+# frozen_string_literal: true
+
+require "dependabot/python/update_checker"
+require "dependabot/python/update_checker/latest_version_finder"
+require "dependabot/python/file_parser/python_requirement_parser"
+
+module Dependabot
+  module Python
+    class UpdateChecker
+      class PipVersionResolver
+        def initialize(dependency:, dependency_files:, credentials:,
+                       ignored_versions:, security_advisories:)
+          @dependency          = dependency
+          @dependency_files    = dependency_files
+          @credentials         = credentials
+          @ignored_versions    = ignored_versions
+          @security_advisories = security_advisories
+        end
+
+        def latest_resolvable_version
+          latest_version_finder.latest_version(python_version: python_version)
+        end
+
+        def latest_resolvable_version_with_no_unlock
+          latest_version_finder.
+            latest_version_with_no_unlock(python_version: python_version)
+        end
+
+        def lowest_resolvable_security_fix_version
+          latest_version_finder.
+            lowest_security_fix_version(python_version: python_version)
+        end
+
+        private
+
+        attr_reader :dependency, :dependency_files, :credentials,
+                    :ignored_versions, :security_advisories
+
+        def latest_version_finder
+          @latest_version_finder ||= LatestVersionFinder.new(
+            dependency: dependency,
+            dependency_files: dependency_files,
+            credentials: credentials,
+            ignored_versions: ignored_versions,
+            security_advisories: security_advisories
+          )
+        end
+
+        def python_version
+          @python_version ||=
+            user_specified_python_version ||
+            python_version_matching_imputed_requirements ||
+            PythonVersions::PRE_INSTALLED_PYTHON_VERSIONS.first
+        end
+
+        def user_specified_python_version
+          return unless python_requirement_parser.user_specified_requirement
+
+          user_specified_requirement =
+            Dependabot::Python::Requirement.new(
+              python_requirement_parser.user_specified_requirement
+            )
+          python_version_matching([user_specified_requirement])
+        end
+
+        def python_version_matching_imputed_requirements
+          compiled_file_python_requirement_markers =
+            python_requirement_parser.imputed_requirements.map do |r|
+              Dependabot::Python::Requirement.new(r)
+            end
+          python_version_matching(compiled_file_python_requirement_markers)
+        end
+
+        def python_version_matching(requirements)
+          PythonVersions::SUPPORTED_VERSIONS_TO_ITERATE.find do |version_string|
+            version = Python::Version.new(version_string)
+            requirements.all? { |req| req.satisfied_by?(version) }
+          end
+        end
+
+        def python_requirement_parser
+          @python_requirement_parser ||=
+            FileParser::PythonRequirementParser.
+            new(dependency_files: dependency_files)
+        end
+      end
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-python
 version: !ruby/object:Gem::Version
-  version: 0.110.14
+  version: 0.110.15
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-07-02 00:00:00.000000000 Z
+date: 2019-07-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.110.14
+        version: 0.110.15
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.110.14
+        version: 0.110.15
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
@@ -176,6 +176,7 @@ files:
 - lib/dependabot/python/update_checker/index_finder.rb
 - lib/dependabot/python/update_checker/latest_version_finder.rb
 - lib/dependabot/python/update_checker/pip_compile_version_resolver.rb
+- lib/dependabot/python/update_checker/pip_version_resolver.rb
 - lib/dependabot/python/update_checker/pipenv_version_resolver.rb
 - lib/dependabot/python/update_checker/poetry_version_resolver.rb
 - lib/dependabot/python/update_checker/requirements_updater.rb