dependabot-python 0.117.10 → 0.117.11
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/build +2 -2
- data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb +2 -2
- data/lib/dependabot/python/file_updater/pipfile_file_updater.rb +1 -1
- data/lib/dependabot/python/python_versions.rb +3 -3
- data/lib/dependabot/python/update_checker.rb +2 -0
- data/lib/dependabot/python/update_checker/latest_version_finder.rb +11 -4
- data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb +2 -2
- data/lib/dependabot/python/update_checker/pip_version_resolver.rb +4 -1
- data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 66f587f9f2bad38df796b27f339d8ab7dfc0d98925762745b447ea863ff824e0
|
|
4
|
+
data.tar.gz: 8a96f54b1a137d59b95851a3eb1175cdbe23063017ac1fbd2c740d2748d25317
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 27837da107b38259b08cafd3f1c4219680c2fd371c026df55ab3eaf805876b27e09c4dd5a7e8b0bbc57a1513512045529c1f6d2fe1839986412be49c7371c68d
|
|
7
|
+
data.tar.gz: b047c8281910a138e7cb3869f100547518e014b84dd95b4c7e2765249dbdbd43e3a9e23de6d13e87f835dc5aa5e811f8a857a4d12040c6682ec6ed219297c9d1
|
data/helpers/build
CHANGED
|
@@ -16,5 +16,5 @@ cp -r \
|
|
|
16
16
|
"$install_dir"
|
|
17
17
|
|
|
18
18
|
cd "$install_dir"
|
|
19
|
-
PYENV_VERSION=2.7.
|
|
20
|
-
PYENV_VERSION=3.8.
|
|
19
|
+
PYENV_VERSION=2.7.18 pyenv exec pip install -r "requirements.txt"
|
|
20
|
+
PYENV_VERSION=3.8.3 pyenv exec pip install -r "requirements.txt"
|
|
@@ -174,9 +174,9 @@ module Dependabot
|
|
|
174
174
|
|
|
175
175
|
raise relevant_error unless error_suggests_bad_python_version?(msg)
|
|
176
176
|
raise relevant_error if user_specified_python_version
|
|
177
|
-
raise relevant_error if python_version == "2.7.
|
|
177
|
+
raise relevant_error if python_version == "2.7.18"
|
|
178
178
|
|
|
179
|
-
@python_version = "2.7.
|
|
179
|
+
@python_version = "2.7.18"
|
|
180
180
|
retry
|
|
181
181
|
ensure
|
|
182
182
|
@python_version = nil
|
|
@@ -4,17 +4,17 @@ module Dependabot
|
|
|
4
4
|
module Python
|
|
5
5
|
module PythonVersions
|
|
6
6
|
PRE_INSTALLED_PYTHON_VERSIONS = %w(
|
|
7
|
-
3.8.
|
|
7
|
+
3.8.3 2.7.18
|
|
8
8
|
).freeze
|
|
9
9
|
|
|
10
10
|
# Due to an OpenSSL issue we can only install the following versions in
|
|
11
11
|
# the Dependabot container.
|
|
12
12
|
SUPPORTED_VERSIONS = %w(
|
|
13
|
-
3.8.2 3.8.1 3.8.0
|
|
13
|
+
3.8.3 3.8.2 3.8.1 3.8.0
|
|
14
14
|
3.7.7 3.7.6 3.7.5 3.7.4 3.7.3 3.7.2 3.7.1 3.7.0
|
|
15
15
|
3.6.9 3.6.8 3.6.7 3.6.6 3.6.5 3.6.4 3.6.3 3.6.2 3.6.1 3.6.0
|
|
16
16
|
3.5.7 3.5.6 3.5.5 3.5.4 3.5.3
|
|
17
|
-
2.7.17 2.7.16 2.7.15 2.7.14 2.7.13
|
|
17
|
+
2.7.18 2.7.17 2.7.16 2.7.15 2.7.14 2.7.13
|
|
18
18
|
).freeze
|
|
19
19
|
|
|
20
20
|
# This list gets iterated through to find a valid version, so we have
|
|
@@ -195,6 +195,7 @@ module Dependabot
|
|
|
195
195
|
dependency_files: dependency_files,
|
|
196
196
|
credentials: credentials,
|
|
197
197
|
ignored_versions: ignored_versions,
|
|
198
|
+
raise_on_ignored: @raise_on_ignored,
|
|
198
199
|
security_advisories: security_advisories
|
|
199
200
|
)
|
|
200
201
|
end
|
|
@@ -262,6 +263,7 @@ module Dependabot
|
|
|
262
263
|
dependency_files: dependency_files,
|
|
263
264
|
credentials: credentials,
|
|
264
265
|
ignored_versions: ignored_versions,
|
|
266
|
+
raise_on_ignored: @raise_on_ignored,
|
|
265
267
|
security_advisories: security_advisories
|
|
266
268
|
)
|
|
267
269
|
end
|
|
@@ -17,11 +17,13 @@ module Dependabot
|
|
|
17
17
|
require_relative "index_finder"
|
|
18
18
|
|
|
19
19
|
def initialize(dependency:, dependency_files:, credentials:,
|
|
20
|
-
ignored_versions:,
|
|
20
|
+
ignored_versions:, raise_on_ignored: false,
|
|
21
|
+
security_advisories:)
|
|
21
22
|
@dependency = dependency
|
|
22
23
|
@dependency_files = dependency_files
|
|
23
24
|
@credentials = credentials
|
|
24
25
|
@ignored_versions = ignored_versions
|
|
26
|
+
@raise_on_ignored = raise_on_ignored
|
|
25
27
|
@security_advisories = security_advisories
|
|
26
28
|
end
|
|
27
29
|
|
|
@@ -69,8 +71,8 @@ module Dependabot
|
|
|
69
71
|
versions = filter_yanked_versions(versions)
|
|
70
72
|
versions = filter_unsupported_versions(versions, python_version)
|
|
71
73
|
versions = filter_prerelease_versions(versions)
|
|
72
|
-
versions = filter_ignored_versions(versions)
|
|
73
74
|
versions = filter_vulnerable_versions(versions)
|
|
75
|
+
versions = filter_ignored_versions(versions)
|
|
74
76
|
versions = filter_lower_versions(versions)
|
|
75
77
|
versions.min
|
|
76
78
|
end
|
|
@@ -97,8 +99,13 @@ module Dependabot
|
|
|
97
99
|
end
|
|
98
100
|
|
|
99
101
|
def filter_ignored_versions(versions_array)
|
|
100
|
-
versions_array.
|
|
101
|
-
|
|
102
|
+
filtered = versions_array.
|
|
103
|
+
reject { |v| ignore_reqs.any? { |r| r.satisfied_by?(v) } }
|
|
104
|
+
if @raise_on_ignored && filtered.empty? && versions_array.any?
|
|
105
|
+
raise Dependabot::AllVersionsIgnored
|
|
106
|
+
end
|
|
107
|
+
|
|
108
|
+
filtered
|
|
102
109
|
end
|
|
103
110
|
|
|
104
111
|
def filter_vulnerable_versions(versions_array)
|
|
@@ -229,9 +229,9 @@ module Dependabot
|
|
|
229
229
|
relevant_error = choose_relevant_error(original_err, e)
|
|
230
230
|
raise relevant_error unless error_suggests_bad_python_version?(msg)
|
|
231
231
|
raise relevant_error if user_specified_python_version
|
|
232
|
-
raise relevant_error if python_version == "2.7.
|
|
232
|
+
raise relevant_error if python_version == "2.7.18"
|
|
233
233
|
|
|
234
|
-
@python_version = "2.7.
|
|
234
|
+
@python_version = "2.7.18"
|
|
235
235
|
retry
|
|
236
236
|
ensure
|
|
237
237
|
@python_version = nil
|
|
@@ -9,11 +9,13 @@ module Dependabot
|
|
|
9
9
|
class UpdateChecker
|
|
10
10
|
class PipVersionResolver
|
|
11
11
|
def initialize(dependency:, dependency_files:, credentials:,
|
|
12
|
-
ignored_versions:,
|
|
12
|
+
ignored_versions:, raise_on_ignored: false,
|
|
13
|
+
security_advisories:)
|
|
13
14
|
@dependency = dependency
|
|
14
15
|
@dependency_files = dependency_files
|
|
15
16
|
@credentials = credentials
|
|
16
17
|
@ignored_versions = ignored_versions
|
|
18
|
+
@raise_on_ignored = raise_on_ignored
|
|
17
19
|
@security_advisories = security_advisories
|
|
18
20
|
end
|
|
19
21
|
|
|
@@ -42,6 +44,7 @@ module Dependabot
|
|
|
42
44
|
dependency_files: dependency_files,
|
|
43
45
|
credentials: credentials,
|
|
44
46
|
ignored_versions: ignored_versions,
|
|
47
|
+
raise_on_ignored: @raise_on_ignored,
|
|
45
48
|
security_advisories: security_advisories
|
|
46
49
|
)
|
|
47
50
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-python
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.117.
|
|
4
|
+
version: 0.117.11
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-05-
|
|
11
|
+
date: 2020-05-28 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.117.
|
|
19
|
+
version: 0.117.11
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.117.
|
|
26
|
+
version: 0.117.11
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|