dependabot-python 0.113.18 → 0.113.19

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5cb19fab17da08da817ebfde9fe43dea5804cfc45c2812c6a33730d967f9445e
-  data.tar.gz: 32cd2c4adae3db1b8317e6c1a580149ae9d207d2a04af58358a395946d468d08
+  metadata.gz: 20aabcdb4cc6f3a3a8cedf4f8052753e625c742f1a727f5d7ab6038791efb859
+  data.tar.gz: aaaa168d2f3f40969118516207838eb916a8d0eb9a44b7ef10c655ff2b8a7ce4
 SHA512:
-  metadata.gz: d09ef18ba5f37aecc1c2cce88209f880da6f4d733e8abae565925ddbde9541f93434932ed8a7c6833b0fe2d5d727f19f86a32a9246afa9029950e127b06e6fac
-  data.tar.gz: a20864f2af760b78b1e486d7a1039fdd82303d1ea9a3eca1446f52528594d7210e47aad799d783a1f9834ad6a54f68f12eef9d338b0b08b3891fdbdae08eb371
+  metadata.gz: b4a7f0858879ec3d2af31d6d694ca3744c6b876355b184b583ee04d531572899fa73fa845df0f76d82bbd6e9498d0df095d3e83b2f92b72856eaae30d6d34261
+  data.tar.gz: 7a38cb19435f398f5ce2fa0d11b7750d6a66f78be2689a0920686721e516c8baa7dd3b77883b2a9915f955894e6c8d16ecafee943b00d0123bef92fd6975313d

data/helpers/build

@@ -16,5 +16,5 @@ cp -r \
   "$install_dir"
 
 cd "$install_dir"
-PYENV_VERSION=2.7.16 pyenv exec pip install -r "requirements.txt"
-PYENV_VERSION=3.7.4  pyenv exec pip install -r "requirements.txt"
+PYENV_VERSION=2.7.17 pyenv exec pip install -r "requirements.txt"
+PYENV_VERSION=3.7.5  pyenv exec pip install -r "requirements.txt"

data/helpers/install-dir/python/lib/hasher.py

@@ -0,0 +1,23 @@
+import hashin
+import json
+import pipfile
+from poetry.poetry import Poetry
+
+def get_dependency_hash(dependency_name, dependency_version, algorithm):
+    hashes = hashin.get_package_hashes(
+        dependency_name,
+        version=dependency_version,
+        algorithm=algorithm
+    )
+
+    return json.dumps({ "result": hashes["hashes"] })
+
+def get_pipfile_hash(directory):
+    p = pipfile.load(directory + '/Pipfile')
+
+    return json.dumps({ "result": p.hash })
+
+def get_pyproject_hash(directory):
+    p = Poetry.create(directory)
+
+    return json.dumps({ "result": p.locker._get_content_hash() })

data/helpers/install-dir/python/lib/parser.py

@@ -0,0 +1,131 @@
+from itertools import chain
+import glob
+import io
+import json
+import os.path
+import re
+
+import setuptools
+import pip._internal.req.req_file
+from pip._internal.download import PipSession
+from pip._internal.req.constructors import install_req_from_line
+
+def parse_requirements(directory):
+    # Parse the requirements.txt
+    requirement_packages = []
+
+    requirement_files = glob.glob(os.path.join(directory, '*.txt')) \
+                        + glob.glob(os.path.join(directory, '**', '*.txt'))
+
+    pip_compile_files = glob.glob(os.path.join(directory, '*.in')) \
+                        + glob.glob(os.path.join(directory, '**', '*.in'))
+
+    def version_from_install_req(install_req):
+        if install_req.is_pinned:
+            return next(iter(install_req.specifier)).version
+
+    for reqs_file in requirement_files + pip_compile_files:
+        try:
+            requirements = pip._internal.req.req_file.parse_requirements(
+                reqs_file,
+                session=PipSession()
+            )
+            for install_req in requirements:
+                if install_req.original_link:
+                    continue
+
+                pattern = r"-[cr] (.*) \(line \d+\)"
+                abs_path = re.search(pattern, install_req.comes_from).group(1)
+                rel_path = os.path.relpath(abs_path, directory)
+
+                requirement_packages.append({
+                    "name": install_req.req.name,
+                    "version": version_from_install_req(install_req),
+                    "markers": str(install_req.markers) or None,
+                    "file": rel_path,
+                    "requirement": str(install_req.specifier) or None
+                })
+        except Exception as e:
+            print(json.dumps({ "error": repr(e) }))
+            exit(1)
+
+    return json.dumps({ "result": requirement_packages })
+
+def parse_setup(directory):
+    # Parse the setup.py
+    setup_packages = []
+    if os.path.isfile(directory + '/setup.py'):
+        def version_from_install_req(install_req):
+            if install_req.is_pinned:
+                return next(iter(install_req.specifier)).version
+
+        def parse_requirement(req, req_type):
+            install_req = install_req_from_line(req)
+            if install_req.original_link:
+                return
+
+            setup_packages.append({
+                "name": install_req.req.name,
+                "version": version_from_install_req(install_req),
+                "markers": str(install_req.markers) or None,
+                "file": "setup.py",
+                "requirement": str(install_req.specifier) or None,
+                "requirement_type": req_type
+            })
+
+        def setup(*args, **kwargs):
+            for arg in ['setup_requires', 'install_requires', 'tests_require']:
+                if not kwargs.get(arg):
+                    continue
+                for req in kwargs.get(arg):
+                    parse_requirement(req, arg)
+            extras_require_dict = kwargs.get('extras_require', {})
+            for key in extras_require_dict:
+                for req in extras_require_dict[key]:
+                    parse_requirement(req, 'extras_require:{}'.format(key))
+        setuptools.setup = setup
+
+        def noop(*args, **kwargs):
+            pass
+
+        def fake_parse(*args, **kwargs):
+            return []
+
+        global fake_open
+        def fake_open(*args, **kwargs):
+            content = ("VERSION = ('0', '0', '1+dependabot')\n"
+                       "__version__ = '0.0.1+dependabot'\n"
+                       "__author__ = 'someone'\n"
+                       "__title__ = 'something'\n"
+                       "__description__ = 'something'\n"
+                       "__author_email__ = 'something'\n"
+                       "__license__ = 'something'\n"
+                       "__url__ = 'something'\n")
+            return io.StringIO(content)
+
+        content = open(directory + '/setup.py', 'r').read()
+
+        # Remove `print`, `open`, `log` and import statements
+        content = re.sub(r"print\s*\(", "noop(", content)
+        content = re.sub(r"log\s*(\.\w+)*\(", "noop(", content)
+        content = re.sub(r"\b(\w+\.)*(open|file)\s*\(", "fake_open(", content)
+        content = content.replace("parse_requirements(", "fake_parse(")
+        version_re = re.compile(r"^.*import.*__version__.*$", re.MULTILINE)
+        content = re.sub(version_re, "", content)
+
+        # Set variables likely to be imported
+        __version__ = '0.0.1+dependabot'
+        __author__ = 'someone'
+        __title__ = 'something'
+        __description__ = 'something'
+        __author_email__ = 'something'
+        __license__ = 'something'
+        __url__ = 'something'
+
+        # Run as main (since setup.py is a script)
+        __name__ = '__main__'
+
+        # Exec the setup.py
+        exec(content) in globals(), locals()
+
+    return json.dumps({ "result": setup_packages })

data/helpers/install-dir/python/requirements.txt

@@ -0,0 +1,9 @@
+pip==19.3.1
+pip-tools==4.2.0
+hashin==0.14.6
+pipenv==2018.11.26
+pipfile==0.0.2
+poetry==0.12.17
+
+# Some dependencies will only install if Cython is present
+Cython==0.29.13

data/helpers/install-dir/python/run.py

@@ -0,0 +1,18 @@
+import sys
+import json
+
+from lib import parser, hasher
+
+if __name__ == "__main__":
+    args = json.loads(sys.stdin.read())
+
+    if args["function"] == "parse_requirements":
+        print(parser.parse_requirements(args["args"][0]))
+    if args["function"] == "parse_setup":
+        print(parser.parse_setup(args["args"][0]))
+    elif args["function"] == "get_dependency_hash":
+        print(hasher.get_dependency_hash(*args["args"]))
+    elif args["function"] == "get_pipfile_hash":
+        print(hasher.get_pipfile_hash(*args["args"]))
+    elif args["function"] == "get_pyproject_hash":
+        print(hasher.get_pyproject_hash(*args["args"]))

data/helpers/requirements.txt

@@ -6,4 +6,4 @@ pipfile==0.0.2
 poetry==0.12.17
 
 # Some dependencies will only install if Cython is present
-Cython==0.29.13
+Cython==0.29.14

data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb

@@ -178,9 +178,9 @@ module Dependabot
 
           raise relevant_error unless error_suggests_bad_python_version?(msg)
           raise relevant_error if user_specified_python_version
-          raise relevant_error if python_version == "2.7.16"
+          raise relevant_error if python_version == "2.7.17"
 
-          @python_version = "2.7.16"
+          @python_version = "2.7.17"
           retry
         ensure
           @python_version = nil

data/lib/dependabot/python/file_updater/pipfile_file_updater.rb

@@ -281,7 +281,7 @@ module Dependabot
           run_command("pyenv local #{python_version}")
           run_command("pyenv exec pipenv --rm")
 
-          @python_version = "2.7.16"
+          @python_version = "2.7.17"
           retry
         ensure
           @python_version = nil

data/lib/dependabot/python/python_versions.rb

@@ -4,17 +4,17 @@ module Dependabot
   module Python
     module PythonVersions
       PRE_INSTALLED_PYTHON_VERSIONS = %w(
-        3.7.4 2.7.16
+        3.7.5 2.7.17
       ).freeze
 
       # Due to an OpenSSL issue we can only install the following versions in
       # the Dependabot container.
       SUPPORTED_VERSIONS = %w(
         3.8-dev
-        3.7.4 3.7.3 3.7.2 3.7.1 3.7.0
+        3.7.5 3.7.4 3.7.3 3.7.2 3.7.1 3.7.0
         3.6.9 3.6.8 3.6.7 3.6.6 3.6.5 3.6.4 3.6.3 3.6.2 3.6.1 3.6.0
         3.5.7 3.5.6 3.5.5 3.5.4 3.5.3
-        2.7.16 2.7.15 2.7.14 2.7.13
+        2.7.17 2.7.16 2.7.15 2.7.14 2.7.13
       ).freeze
 
       # This list gets iterated through to find a valid version, so we have

data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb

@@ -234,9 +234,9 @@ module Dependabot
           relevant_error = choose_relevant_error(original_err, e)
           raise relevant_error unless error_suggests_bad_python_version?(msg)
           raise relevant_error if user_specified_python_version
-          raise relevant_error if python_version == "2.7.16"
+          raise relevant_error if python_version == "2.7.17"
 
-          @python_version = "2.7.16"
+          @python_version = "2.7.17"
           retry
         ensure
           @python_version = nil

data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb

@@ -458,7 +458,7 @@ module Dependabot
           run_command("pyenv local #{python_version}")
           run_command("pyenv exec pipenv --rm")
 
-          @python_version = "2.7.16"
+          @python_version = "2.7.17"
           retry
         ensure
           @python_version = nil

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-python
 version: !ruby/object:Gem::Version
-  version: 0.113.18
+  version: 0.113.19
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-10-30 00:00:00.000000000 Z
+date: 2019-11-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.113.18
+        version: 0.113.19
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.113.18
+        version: 0.113.19
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
@@ -158,6 +158,11 @@ extensions: []
 extra_rdoc_files: []
 files:
 - helpers/build
+- helpers/install-dir/python/lib/__init__.py
+- helpers/install-dir/python/lib/hasher.py
+- helpers/install-dir/python/lib/parser.py
+- helpers/install-dir/python/requirements.txt
+- helpers/install-dir/python/run.py
 - helpers/lib/__init__.py
 - helpers/lib/hasher.py
 - helpers/lib/parser.py