dependabot-python 0.111.24 → 0.111.25
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/python.rb +6 -0
- data/lib/dependabot/python/file_parser.rb +1 -1
- data/lib/dependabot/python/file_parser/pipfile_files_parser.rb +1 -2
- data/lib/dependabot/python/file_parser/poetry_files_parser.rb +1 -2
- data/lib/dependabot/python/file_parser/setup_file_parser.rb +1 -2
- data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb +2 -2
- data/lib/dependabot/python/file_updater/pipfile_file_updater.rb +2 -2
- data/lib/dependabot/python/file_updater/pipfile_preparer.rb +2 -2
- data/lib/dependabot/python/file_updater/poetry_file_updater.rb +2 -2
- data/lib/dependabot/python/file_updater/pyproject_preparer.rb +2 -2
- data/lib/dependabot/python/file_updater/requirement_replacer.rb +2 -2
- data/lib/dependabot/python/update_checker.rb +2 -2
- data/lib/dependabot/python/update_checker/latest_version_finder.rb +11 -3
- data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb +2 -2
- data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb +2 -2
- data/lib/dependabot/python/update_checker/poetry_version_resolver.rb +2 -2
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d38ee5f205abe3d445efa70798b613ebc6fbdf984d1d7be097b15d69ca7e3bce
|
|
4
|
+
data.tar.gz: 5a6b7b801fc9f72b90b70b0d92324df3822874d98d8e87c15cb2ff1fc82c21b0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1d0489f5425c3d6deeddfbf254bf640d5b8fc0c175ef641adcd1644d837684e4970ba598ffa5b000b076e52ff187025322dd1b3f60ed392cd34113a5c8b896ee
|
|
7
|
+
data.tar.gz: 9a7109a141bdfb14f6e97ac06d004e11401832834cf08dc8e31509ede266bf7ca1082dcff46ecf6e009c646bd69359229135343cb34d4c8fdfdb7aa41f9de688
|
data/lib/dependabot/python.rb
CHANGED
|
@@ -25,3 +25,9 @@ Dependabot::Dependency.register_production_check(
|
|
|
25
25
|
groups.include?("dependencies")
|
|
26
26
|
end
|
|
27
27
|
)
|
|
28
|
+
|
|
29
|
+
# See https://www.python.org/dev/peps/pep-0503/#normalized-names
|
|
30
|
+
Dependabot::Dependency.register_name_normaliser(
|
|
31
|
+
"pip",
|
|
32
|
+
->(name) { name.downcase.gsub(/[-_.]+/, "-") }
|
|
33
|
+
)
|
|
@@ -183,7 +183,7 @@ module Dependabot
|
|
|
183
183
|
|
|
184
184
|
# See https://www.python.org/dev/peps/pep-0503/#normalized-names
|
|
185
185
|
def normalised_name(name)
|
|
186
|
-
|
|
186
|
+
Dependency.name_normaliser_for_package_manager("pip").call(name)
|
|
187
187
|
end
|
|
188
188
|
|
|
189
189
|
def check_required_files
|
|
@@ -133,9 +133,8 @@ module Dependabot
|
|
|
133
133
|
%w(git path).any? { |k| req.key?(k) }
|
|
134
134
|
end
|
|
135
135
|
|
|
136
|
-
# See https://www.python.org/dev/peps/pep-0503/#normalized-names
|
|
137
136
|
def normalised_name(name)
|
|
138
|
-
|
|
137
|
+
Dependency.name_normaliser_for_package_manager("pip").call(name)
|
|
139
138
|
end
|
|
140
139
|
|
|
141
140
|
def parsed_pipfile
|
|
@@ -97,9 +97,8 @@ module Dependabot
|
|
|
97
97
|
raise Dependabot::DependencyFileNotEvaluatable, e.message
|
|
98
98
|
end
|
|
99
99
|
|
|
100
|
-
# See https://www.python.org/dev/peps/pep-0503/#normalized-names
|
|
101
100
|
def normalise(name)
|
|
102
|
-
|
|
101
|
+
Dependency.name_normaliser_for_package_manager("pip").call(name)
|
|
103
102
|
end
|
|
104
103
|
|
|
105
104
|
def parsed_pyproject
|
|
@@ -163,9 +163,8 @@ module Dependabot
|
|
|
163
163
|
0
|
|
164
164
|
end
|
|
165
165
|
|
|
166
|
-
# See https://www.python.org/dev/peps/pep-0503/#normalized-names
|
|
167
166
|
def normalised_name(name)
|
|
168
|
-
|
|
167
|
+
Dependency.name_normaliser_for_package_manager("pip").call(name)
|
|
169
168
|
end
|
|
170
169
|
|
|
171
170
|
def setup_file
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
3
|
require "open3"
|
|
4
|
+
require "dependabot/dependency"
|
|
4
5
|
require "dependabot/python/requirement_parser"
|
|
5
6
|
require "dependabot/python/file_fetcher"
|
|
6
7
|
require "dependabot/python/file_parser/python_requirement_parser"
|
|
@@ -483,9 +484,8 @@ module Dependabot
|
|
|
483
484
|
matches.any? { |m| normalise(m[:name]) == dependency.name }
|
|
484
485
|
end
|
|
485
486
|
|
|
486
|
-
# See https://www.python.org/dev/peps/pep-0503/#normalized-names
|
|
487
487
|
def normalise(name)
|
|
488
|
-
|
|
488
|
+
Dependency.name_normaliser_for_package_manager("pip").call(name)
|
|
489
489
|
end
|
|
490
490
|
|
|
491
491
|
# If the files we need to update require one another then we need to
|
|
@@ -2,6 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
require "toml-rb"
|
|
4
4
|
require "open3"
|
|
5
|
+
require "dependabot/dependency"
|
|
5
6
|
require "dependabot/python/requirement_parser"
|
|
6
7
|
require "dependabot/python/file_parser/python_requirement_parser"
|
|
7
8
|
require "dependabot/python/file_updater"
|
|
@@ -419,9 +420,8 @@ module Dependabot
|
|
|
419
420
|
updated_file
|
|
420
421
|
end
|
|
421
422
|
|
|
422
|
-
# See https://www.python.org/dev/peps/pep-0503/#normalized-names
|
|
423
423
|
def normalise(name)
|
|
424
|
-
|
|
424
|
+
Dependency.name_normaliser_for_package_manager("pip").call(name)
|
|
425
425
|
end
|
|
426
426
|
|
|
427
427
|
def parsed_lockfile
|
|
@@ -2,6 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
require "toml-rb"
|
|
4
4
|
|
|
5
|
+
require "dependabot/dependency"
|
|
5
6
|
require "dependabot/python/file_parser"
|
|
6
7
|
require "dependabot/python/file_updater"
|
|
7
8
|
require "dependabot/python/authed_url_builder"
|
|
@@ -102,9 +103,8 @@ module Dependabot
|
|
|
102
103
|
@parsed_lockfile ||= JSON.parse(lockfile.content)
|
|
103
104
|
end
|
|
104
105
|
|
|
105
|
-
# See https://www.python.org/dev/peps/pep-0503/#normalized-names
|
|
106
106
|
def normalise(name)
|
|
107
|
-
|
|
107
|
+
Dependency.name_normaliser_for_package_manager("pip").call(name)
|
|
108
108
|
end
|
|
109
109
|
|
|
110
110
|
def pipfile_sources
|
|
@@ -2,6 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
require "toml-rb"
|
|
4
4
|
require "open3"
|
|
5
|
+
require "dependabot/dependency"
|
|
5
6
|
require "dependabot/shared_helpers"
|
|
6
7
|
require "dependabot/python/version"
|
|
7
8
|
require "dependabot/python/requirement"
|
|
@@ -289,9 +290,8 @@ module Dependabot
|
|
|
289
290
|
updated_file
|
|
290
291
|
end
|
|
291
292
|
|
|
292
|
-
# See https://www.python.org/dev/peps/pep-0503/#normalized-names
|
|
293
293
|
def normalise(name)
|
|
294
|
-
|
|
294
|
+
Dependency.name_normaliser_for_package_manager("pip").call(name)
|
|
295
295
|
end
|
|
296
296
|
|
|
297
297
|
def pyproject
|
|
@@ -2,6 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
require "toml-rb"
|
|
4
4
|
|
|
5
|
+
require "dependabot/dependency"
|
|
5
6
|
require "dependabot/python/file_parser"
|
|
6
7
|
require "dependabot/python/file_updater"
|
|
7
8
|
require "dependabot/python/authed_url_builder"
|
|
@@ -77,9 +78,8 @@ module Dependabot
|
|
|
77
78
|
find { |d| d["name"] == normalise(dep_name) }
|
|
78
79
|
end
|
|
79
80
|
|
|
80
|
-
# See https://www.python.org/dev/peps/pep-0503/#normalized-names
|
|
81
81
|
def normalise(name)
|
|
82
|
-
|
|
82
|
+
Dependency.name_normaliser_for_package_manager("pip").call(name)
|
|
83
83
|
end
|
|
84
84
|
|
|
85
85
|
def pyproject_sources
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
+
require "dependabot/dependency"
|
|
3
4
|
require "dependabot/python/requirement_parser"
|
|
4
5
|
require "dependabot/python/file_updater"
|
|
5
6
|
require "dependabot/shared_helpers"
|
|
@@ -165,9 +166,8 @@ module Dependabot
|
|
|
165
166
|
dec.to_s.strip
|
|
166
167
|
end
|
|
167
168
|
|
|
168
|
-
# See https://www.python.org/dev/peps/pep-0503/#normalized-names
|
|
169
169
|
def normalise(name)
|
|
170
|
-
|
|
170
|
+
Dependency.name_normaliser_for_package_manager("pip").call(name)
|
|
171
171
|
end
|
|
172
172
|
|
|
173
173
|
def requirements_match(req1, req2)
|
|
@@ -3,6 +3,7 @@
|
|
|
3
3
|
require "excon"
|
|
4
4
|
require "toml-rb"
|
|
5
5
|
|
|
6
|
+
require "dependabot/dependency"
|
|
6
7
|
require "dependabot/update_checkers"
|
|
7
8
|
require "dependabot/update_checkers/base"
|
|
8
9
|
require "dependabot/shared_helpers"
|
|
@@ -286,9 +287,8 @@ module Dependabot
|
|
|
286
287
|
false
|
|
287
288
|
end
|
|
288
289
|
|
|
289
|
-
# See https://www.python.org/dev/peps/pep-0503/#normalized-names
|
|
290
290
|
def normalised_name(name)
|
|
291
|
-
|
|
291
|
+
Dependency.name_normaliser_for_package_manager("pip").call(name)
|
|
292
292
|
end
|
|
293
293
|
|
|
294
294
|
def pipfile
|
|
@@ -4,6 +4,7 @@ require "cgi"
|
|
|
4
4
|
require "excon"
|
|
5
5
|
require "nokogiri"
|
|
6
6
|
|
|
7
|
+
require "dependabot/dependency"
|
|
7
8
|
require "dependabot/python/update_checker"
|
|
8
9
|
require "dependabot/shared_helpers"
|
|
9
10
|
require "dependabot/python/authed_url_builder"
|
|
@@ -45,6 +46,7 @@ module Dependabot
|
|
|
45
46
|
|
|
46
47
|
def fetch_latest_version(python_version:)
|
|
47
48
|
versions = available_versions
|
|
49
|
+
versions = filter_yanked_versions(versions)
|
|
48
50
|
versions = filter_unsupported_versions(versions, python_version)
|
|
49
51
|
versions = filter_prerelease_versions(versions)
|
|
50
52
|
versions = filter_ignored_versions(versions)
|
|
@@ -53,6 +55,7 @@ module Dependabot
|
|
|
53
55
|
|
|
54
56
|
def fetch_latest_version_with_no_unlock(python_version:)
|
|
55
57
|
versions = available_versions
|
|
58
|
+
versions = filter_yanked_versions(versions)
|
|
56
59
|
versions = filter_unsupported_versions(versions, python_version)
|
|
57
60
|
versions = filter_prerelease_versions(versions)
|
|
58
61
|
versions = filter_ignored_versions(versions)
|
|
@@ -62,6 +65,7 @@ module Dependabot
|
|
|
62
65
|
|
|
63
66
|
def fetch_lowest_security_fix_version(python_version:)
|
|
64
67
|
versions = available_versions
|
|
68
|
+
versions = filter_yanked_versions(versions)
|
|
65
69
|
versions = filter_unsupported_versions(versions, python_version)
|
|
66
70
|
versions = filter_prerelease_versions(versions)
|
|
67
71
|
versions = filter_ignored_versions(versions)
|
|
@@ -70,6 +74,10 @@ module Dependabot
|
|
|
70
74
|
versions.min
|
|
71
75
|
end
|
|
72
76
|
|
|
77
|
+
def filter_yanked_versions(versions_array)
|
|
78
|
+
versions_array.reject { |details| details.fetch(:yanked) }
|
|
79
|
+
end
|
|
80
|
+
|
|
73
81
|
def filter_unsupported_versions(versions_array, python_version)
|
|
74
82
|
versions_array.map do |details|
|
|
75
83
|
python_requirement = details.fetch(:python_requirement)
|
|
@@ -160,7 +168,8 @@ module Dependabot
|
|
|
160
168
|
|
|
161
169
|
{
|
|
162
170
|
version: version_class.new(version),
|
|
163
|
-
python_requirement: build_python_requirement_from_link(link)
|
|
171
|
+
python_requirement: build_python_requirement_from_link(link),
|
|
172
|
+
yanked: link&.include?("data-yanked")
|
|
164
173
|
}
|
|
165
174
|
end
|
|
166
175
|
|
|
@@ -212,9 +221,8 @@ module Dependabot
|
|
|
212
221
|
ignored_versions.map { |req| requirement_class.new(req.split(",")) }
|
|
213
222
|
end
|
|
214
223
|
|
|
215
|
-
# See https://www.python.org/dev/peps/pep-0503/#normalized-names
|
|
216
224
|
def normalised_name
|
|
217
|
-
|
|
225
|
+
Dependency.name_normaliser_for_package_manager("pip").call(name)
|
|
218
226
|
end
|
|
219
227
|
|
|
220
228
|
def name_regex
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
3
|
require "open3"
|
|
4
|
+
require "dependabot/dependency"
|
|
4
5
|
require "dependabot/python/requirement_parser"
|
|
5
6
|
require "dependabot/python/file_fetcher"
|
|
6
7
|
require "dependabot/python/file_parser"
|
|
@@ -343,9 +344,8 @@ module Dependabot
|
|
|
343
344
|
).updated_content
|
|
344
345
|
end
|
|
345
346
|
|
|
346
|
-
# See https://www.python.org/dev/peps/pep-0503/#normalized-names
|
|
347
347
|
def normalise(name)
|
|
348
|
-
|
|
348
|
+
Dependency.name_normaliser_for_package_manager("pip").call(name)
|
|
349
349
|
end
|
|
350
350
|
|
|
351
351
|
def clean_error_message(message)
|
|
@@ -3,6 +3,7 @@
|
|
|
3
3
|
require "excon"
|
|
4
4
|
require "toml-rb"
|
|
5
5
|
require "open3"
|
|
6
|
+
require "dependabot/dependency"
|
|
6
7
|
require "dependabot/errors"
|
|
7
8
|
require "dependabot/shared_helpers"
|
|
8
9
|
require "dependabot/python/file_parser"
|
|
@@ -479,9 +480,8 @@ module Dependabot
|
|
|
479
480
|
}
|
|
480
481
|
end
|
|
481
482
|
|
|
482
|
-
# See https://www.python.org/dev/peps/pep-0503/#normalized-names
|
|
483
483
|
def normalise(name)
|
|
484
|
-
|
|
484
|
+
Dependency.name_normaliser_for_package_manager("pip").call(name)
|
|
485
485
|
end
|
|
486
486
|
|
|
487
487
|
def pipfile
|
|
@@ -3,6 +3,7 @@
|
|
|
3
3
|
require "excon"
|
|
4
4
|
require "toml-rb"
|
|
5
5
|
require "open3"
|
|
6
|
+
require "dependabot/dependency"
|
|
6
7
|
require "dependabot/errors"
|
|
7
8
|
require "dependabot/shared_helpers"
|
|
8
9
|
require "dependabot/python/file_parser"
|
|
@@ -324,9 +325,8 @@ module Dependabot
|
|
|
324
325
|
)
|
|
325
326
|
end
|
|
326
327
|
|
|
327
|
-
# See https://www.python.org/dev/peps/pep-0503/#normalized-names
|
|
328
328
|
def normalise(name)
|
|
329
|
-
|
|
329
|
+
Dependency.name_normaliser_for_package_manager("pip").call(name)
|
|
330
330
|
end
|
|
331
331
|
end
|
|
332
332
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-python
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.111.
|
|
4
|
+
version: 0.111.25
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-07-
|
|
11
|
+
date: 2019-07-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.111.
|
|
19
|
+
version: 0.111.25
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.111.
|
|
26
|
+
version: 0.111.25
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|