dependabot-python 0.117.10 → 0.118.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/build +2 -2
- data/helpers/lib/parser.py +7 -17
- data/helpers/requirements.txt +5 -5
- data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb +2 -2
- data/lib/dependabot/python/file_updater/pipfile_file_updater.rb +1 -1
- data/lib/dependabot/python/python_versions.rb +3 -3
- data/lib/dependabot/python/requirement_parser.rb +16 -0
- data/lib/dependabot/python/update_checker.rb +2 -0
- data/lib/dependabot/python/update_checker/latest_version_finder.rb +11 -4
- data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb +2 -2
- data/lib/dependabot/python/update_checker/pip_version_resolver.rb +4 -1
- data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb +1 -1
- metadata +8 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: '096e75f3e4a994ff56563035d72d9f6ab530e401a44ed9b2dbc6311ecb32b387'
|
|
4
|
+
data.tar.gz: 38e01b056f81def3feab7bab3cdd9288186aa933e77b5397324d235a8f93dde1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4a72b36509ad0b9b12540306e0bbcf9c0876df144d3e44874603ac3e6b63ef34fefc2ee17d3f172c3f342891ad4f1b264543bb625636c80c9ddb516a8a6726af
|
|
7
|
+
data.tar.gz: 82b18a2a994a76df0b223a1cf6a73ce6f11dc0512059760a24d4150603e93ece2d63d1dacdb7e2dfc74416a14f0ddbb43ef920700ffd804846864be9400c1ff4
|
data/helpers/build
CHANGED
|
@@ -16,5 +16,5 @@ cp -r \
|
|
|
16
16
|
"$install_dir"
|
|
17
17
|
|
|
18
18
|
cd "$install_dir"
|
|
19
|
-
PYENV_VERSION=2.7.
|
|
20
|
-
PYENV_VERSION=3.8.
|
|
19
|
+
PYENV_VERSION=2.7.18 pyenv exec pip install -r "requirements.txt"
|
|
20
|
+
PYENV_VERSION=3.8.3 pyenv exec pip install -r "requirements.txt"
|
data/helpers/lib/parser.py
CHANGED
|
@@ -8,26 +8,16 @@ import re
|
|
|
8
8
|
|
|
9
9
|
import setuptools
|
|
10
10
|
import pip._internal.req.req_file
|
|
11
|
-
from pip._internal.
|
|
11
|
+
from pip._internal.network.session import PipSession
|
|
12
12
|
from pip._internal.models.format_control import FormatControl
|
|
13
|
-
from pip._internal.req.constructors import
|
|
14
|
-
|
|
15
|
-
|
|
13
|
+
from pip._internal.req.constructors import (
|
|
14
|
+
install_req_from_line,
|
|
15
|
+
install_req_from_parsed_requirement,
|
|
16
|
+
)
|
|
16
17
|
|
|
17
18
|
def parse_requirements(directory):
|
|
18
19
|
# Parse the requirements.txt
|
|
19
20
|
requirement_packages = []
|
|
20
|
-
parser_options = optparse.Values(
|
|
21
|
-
{
|
|
22
|
-
"skip_requirements_regex": JINJA_DELIMITER_IGNORE_REGEX,
|
|
23
|
-
# pip._internal assumes parse_requirements will be called from
|
|
24
|
-
# CLI, which sets default values. When passing parser options,
|
|
25
|
-
# need to explicitly set those defaults.
|
|
26
|
-
"isolated_mode": False,
|
|
27
|
-
"format_control": FormatControl(),
|
|
28
|
-
}
|
|
29
|
-
)
|
|
30
|
-
|
|
31
21
|
requirement_files = glob.glob(os.path.join(directory, '*.txt')) \
|
|
32
22
|
+ glob.glob(os.path.join(directory, '**', '*.txt'))
|
|
33
23
|
|
|
@@ -42,10 +32,10 @@ def parse_requirements(directory):
|
|
|
42
32
|
try:
|
|
43
33
|
requirements = pip._internal.req.req_file.parse_requirements(
|
|
44
34
|
reqs_file,
|
|
45
|
-
options=parser_options,
|
|
46
35
|
session=PipSession()
|
|
47
36
|
)
|
|
48
|
-
for
|
|
37
|
+
for parsed_req in requirements:
|
|
38
|
+
install_req = install_req_from_parsed_requirement(parsed_req)
|
|
49
39
|
if install_req.original_link:
|
|
50
40
|
continue
|
|
51
41
|
|
data/helpers/requirements.txt
CHANGED
|
@@ -1,9 +1,9 @@
|
|
|
1
|
-
pip==
|
|
2
|
-
pip-tools==
|
|
3
|
-
hashin==0.
|
|
1
|
+
pip==20.1.1
|
|
2
|
+
pip-tools==5.2.1
|
|
3
|
+
hashin==0.15.0
|
|
4
4
|
pipenv==2018.11.26
|
|
5
5
|
pipfile==0.0.2
|
|
6
|
-
poetry==1.0.
|
|
6
|
+
poetry==1.0.9
|
|
7
7
|
|
|
8
8
|
# Some dependencies will only install if Cython is present
|
|
9
|
-
Cython==0.29.
|
|
9
|
+
Cython==0.29.20
|
|
@@ -174,9 +174,9 @@ module Dependabot
|
|
|
174
174
|
|
|
175
175
|
raise relevant_error unless error_suggests_bad_python_version?(msg)
|
|
176
176
|
raise relevant_error if user_specified_python_version
|
|
177
|
-
raise relevant_error if python_version == "2.7.
|
|
177
|
+
raise relevant_error if python_version == "2.7.18"
|
|
178
178
|
|
|
179
|
-
@python_version = "2.7.
|
|
179
|
+
@python_version = "2.7.18"
|
|
180
180
|
retry
|
|
181
181
|
ensure
|
|
182
182
|
@python_version = nil
|
|
@@ -4,17 +4,17 @@ module Dependabot
|
|
|
4
4
|
module Python
|
|
5
5
|
module PythonVersions
|
|
6
6
|
PRE_INSTALLED_PYTHON_VERSIONS = %w(
|
|
7
|
-
3.8.
|
|
7
|
+
3.8.3 2.7.18
|
|
8
8
|
).freeze
|
|
9
9
|
|
|
10
10
|
# Due to an OpenSSL issue we can only install the following versions in
|
|
11
11
|
# the Dependabot container.
|
|
12
12
|
SUPPORTED_VERSIONS = %w(
|
|
13
|
-
3.8.2 3.8.1 3.8.0
|
|
13
|
+
3.8.3 3.8.2 3.8.1 3.8.0
|
|
14
14
|
3.7.7 3.7.6 3.7.5 3.7.4 3.7.3 3.7.2 3.7.1 3.7.0
|
|
15
15
|
3.6.9 3.6.8 3.6.7 3.6.6 3.6.5 3.6.4 3.6.3 3.6.2 3.6.1 3.6.0
|
|
16
16
|
3.5.7 3.5.6 3.5.5 3.5.4 3.5.3
|
|
17
|
-
2.7.17 2.7.16 2.7.15 2.7.14 2.7.13
|
|
17
|
+
2.7.18 2.7.17 2.7.16 2.7.15 2.7.14 2.7.13
|
|
18
18
|
).freeze
|
|
19
19
|
|
|
20
20
|
# This list gets iterated through to find a valid version, so we have
|
|
@@ -13,11 +13,25 @@ module Dependabot
|
|
|
13
13
|
HASH = /--hash=(?<algorithm>.*?):(?<hash>.*?)(?=\s|$)/.freeze
|
|
14
14
|
REQUIREMENTS = /#{REQUIREMENT}(\s*,\s*\\?\s*#{REQUIREMENT})*/.freeze
|
|
15
15
|
HASHES = /#{HASH}(\s*\\?\s*#{HASH})*/.freeze
|
|
16
|
+
MARKER_OP = /\s*(#{COMPARISON}|(\s*in)|(\s*not\s*in))/.freeze
|
|
17
|
+
PYTHON_STR_C =
|
|
18
|
+
%r{[a-zA-Z0-9\s\(\)\.\{\}\-_\*#:;/\?\[\]!~`@\$%\^&=\+\|<>]}.freeze
|
|
19
|
+
PYTHON_STR = /('(#{PYTHON_STR_C}|")*'|"(#{PYTHON_STR_C}|')*")/.freeze
|
|
20
|
+
ENV_VAR =
|
|
21
|
+
/python_version|python_full_version|os_name|sys_platform|
|
|
22
|
+
platform_release|platform_system|platform_version|platform_machine|
|
|
23
|
+
platform_python_implementation|implementation_name|
|
|
24
|
+
implementation_version/.freeze
|
|
25
|
+
MARKER_VAR = /\s*(#{ENV_VAR}|#{PYTHON_STR})/.freeze
|
|
26
|
+
MARKER_EXPR_ONE = /#{MARKER_VAR}#{MARKER_OP}#{MARKER_VAR}/.freeze
|
|
27
|
+
MARKER_EXPR =
|
|
28
|
+
/(#{MARKER_EXPR_ONE}|\(\s*|\s*\)|\s+and\s+|\s+or\s+)+/.freeze
|
|
16
29
|
|
|
17
30
|
INSTALL_REQ_WITH_REQUIREMENT =
|
|
18
31
|
/\s*\\?\s*(?<name>#{NAME})
|
|
19
32
|
\s*\\?\s*(\[\s*(?<extras>#{EXTRA}(\s*,\s*#{EXTRA})*)\s*\])?
|
|
20
33
|
\s*\\?\s*\(?(?<requirements>#{REQUIREMENTS})\)?
|
|
34
|
+
\s*\\?\s*(;\s*(?<markers>#{MARKER_EXPR}))?
|
|
21
35
|
\s*\\?\s*(?<hashes>#{HASHES})?
|
|
22
36
|
\s*#*\s*(?<comment>.+)?
|
|
23
37
|
/x.freeze
|
|
@@ -25,6 +39,7 @@ module Dependabot
|
|
|
25
39
|
INSTALL_REQ_WITHOUT_REQUIREMENT =
|
|
26
40
|
/^\s*\\?\s*(?<name>#{NAME})
|
|
27
41
|
\s*\\?\s*(\[\s*(?<extras>#{EXTRA}(\s*,\s*#{EXTRA})*)\s*\])?
|
|
42
|
+
\s*\\?\s*(;\s*(?<markers>#{MARKER_EXPR}))?
|
|
28
43
|
\s*\\?\s*(?<hashes>#{HASHES})?
|
|
29
44
|
\s*#*\s*(?<comment>.+)?$
|
|
30
45
|
/x.freeze
|
|
@@ -33,6 +48,7 @@ module Dependabot
|
|
|
33
48
|
/^\s*\\?\s*(?<name>#{NAME})
|
|
34
49
|
\s*\\?\s*(\[\s*(?<extras>#{EXTRA}(\s*,\s*#{EXTRA})*)\s*\])?
|
|
35
50
|
\s*\\?\s*\(?(?<requirements>#{REQUIREMENTS})?\)?
|
|
51
|
+
\s*\\?\s*(;\s*(?<markers>#{MARKER_EXPR}))?
|
|
36
52
|
\s*\\?\s*(?<hashes>#{HASHES})?
|
|
37
53
|
\s*(\#+\s*(?<comment>.*))?$
|
|
38
54
|
/x.freeze
|
|
@@ -195,6 +195,7 @@ module Dependabot
|
|
|
195
195
|
dependency_files: dependency_files,
|
|
196
196
|
credentials: credentials,
|
|
197
197
|
ignored_versions: ignored_versions,
|
|
198
|
+
raise_on_ignored: @raise_on_ignored,
|
|
198
199
|
security_advisories: security_advisories
|
|
199
200
|
)
|
|
200
201
|
end
|
|
@@ -262,6 +263,7 @@ module Dependabot
|
|
|
262
263
|
dependency_files: dependency_files,
|
|
263
264
|
credentials: credentials,
|
|
264
265
|
ignored_versions: ignored_versions,
|
|
266
|
+
raise_on_ignored: @raise_on_ignored,
|
|
265
267
|
security_advisories: security_advisories
|
|
266
268
|
)
|
|
267
269
|
end
|
|
@@ -17,11 +17,13 @@ module Dependabot
|
|
|
17
17
|
require_relative "index_finder"
|
|
18
18
|
|
|
19
19
|
def initialize(dependency:, dependency_files:, credentials:,
|
|
20
|
-
ignored_versions:,
|
|
20
|
+
ignored_versions:, raise_on_ignored: false,
|
|
21
|
+
security_advisories:)
|
|
21
22
|
@dependency = dependency
|
|
22
23
|
@dependency_files = dependency_files
|
|
23
24
|
@credentials = credentials
|
|
24
25
|
@ignored_versions = ignored_versions
|
|
26
|
+
@raise_on_ignored = raise_on_ignored
|
|
25
27
|
@security_advisories = security_advisories
|
|
26
28
|
end
|
|
27
29
|
|
|
@@ -69,8 +71,8 @@ module Dependabot
|
|
|
69
71
|
versions = filter_yanked_versions(versions)
|
|
70
72
|
versions = filter_unsupported_versions(versions, python_version)
|
|
71
73
|
versions = filter_prerelease_versions(versions)
|
|
72
|
-
versions = filter_ignored_versions(versions)
|
|
73
74
|
versions = filter_vulnerable_versions(versions)
|
|
75
|
+
versions = filter_ignored_versions(versions)
|
|
74
76
|
versions = filter_lower_versions(versions)
|
|
75
77
|
versions.min
|
|
76
78
|
end
|
|
@@ -97,8 +99,13 @@ module Dependabot
|
|
|
97
99
|
end
|
|
98
100
|
|
|
99
101
|
def filter_ignored_versions(versions_array)
|
|
100
|
-
versions_array.
|
|
101
|
-
|
|
102
|
+
filtered = versions_array.
|
|
103
|
+
reject { |v| ignore_reqs.any? { |r| r.satisfied_by?(v) } }
|
|
104
|
+
if @raise_on_ignored && filtered.empty? && versions_array.any?
|
|
105
|
+
raise Dependabot::AllVersionsIgnored
|
|
106
|
+
end
|
|
107
|
+
|
|
108
|
+
filtered
|
|
102
109
|
end
|
|
103
110
|
|
|
104
111
|
def filter_vulnerable_versions(versions_array)
|
|
@@ -229,9 +229,9 @@ module Dependabot
|
|
|
229
229
|
relevant_error = choose_relevant_error(original_err, e)
|
|
230
230
|
raise relevant_error unless error_suggests_bad_python_version?(msg)
|
|
231
231
|
raise relevant_error if user_specified_python_version
|
|
232
|
-
raise relevant_error if python_version == "2.7.
|
|
232
|
+
raise relevant_error if python_version == "2.7.18"
|
|
233
233
|
|
|
234
|
-
@python_version = "2.7.
|
|
234
|
+
@python_version = "2.7.18"
|
|
235
235
|
retry
|
|
236
236
|
ensure
|
|
237
237
|
@python_version = nil
|
|
@@ -9,11 +9,13 @@ module Dependabot
|
|
|
9
9
|
class UpdateChecker
|
|
10
10
|
class PipVersionResolver
|
|
11
11
|
def initialize(dependency:, dependency_files:, credentials:,
|
|
12
|
-
ignored_versions:,
|
|
12
|
+
ignored_versions:, raise_on_ignored: false,
|
|
13
|
+
security_advisories:)
|
|
13
14
|
@dependency = dependency
|
|
14
15
|
@dependency_files = dependency_files
|
|
15
16
|
@credentials = credentials
|
|
16
17
|
@ignored_versions = ignored_versions
|
|
18
|
+
@raise_on_ignored = raise_on_ignored
|
|
17
19
|
@security_advisories = security_advisories
|
|
18
20
|
end
|
|
19
21
|
|
|
@@ -42,6 +44,7 @@ module Dependabot
|
|
|
42
44
|
dependency_files: dependency_files,
|
|
43
45
|
credentials: credentials,
|
|
44
46
|
ignored_versions: ignored_versions,
|
|
47
|
+
raise_on_ignored: @raise_on_ignored,
|
|
45
48
|
security_advisories: security_advisories
|
|
46
49
|
)
|
|
47
50
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-python
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.118.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-06-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.118.3
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.118.3
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -114,28 +114,28 @@ dependencies:
|
|
|
114
114
|
requirements:
|
|
115
115
|
- - "~>"
|
|
116
116
|
- !ruby/object:Gem::Version
|
|
117
|
-
version: 0.
|
|
117
|
+
version: 0.85.0
|
|
118
118
|
type: :development
|
|
119
119
|
prerelease: false
|
|
120
120
|
version_requirements: !ruby/object:Gem::Requirement
|
|
121
121
|
requirements:
|
|
122
122
|
- - "~>"
|
|
123
123
|
- !ruby/object:Gem::Version
|
|
124
|
-
version: 0.
|
|
124
|
+
version: 0.85.0
|
|
125
125
|
- !ruby/object:Gem::Dependency
|
|
126
126
|
name: vcr
|
|
127
127
|
requirement: !ruby/object:Gem::Requirement
|
|
128
128
|
requirements:
|
|
129
129
|
- - '='
|
|
130
130
|
- !ruby/object:Gem::Version
|
|
131
|
-
version:
|
|
131
|
+
version: 6.0.0
|
|
132
132
|
type: :development
|
|
133
133
|
prerelease: false
|
|
134
134
|
version_requirements: !ruby/object:Gem::Requirement
|
|
135
135
|
requirements:
|
|
136
136
|
- - '='
|
|
137
137
|
- !ruby/object:Gem::Version
|
|
138
|
-
version:
|
|
138
|
+
version: 6.0.0
|
|
139
139
|
- !ruby/object:Gem::Dependency
|
|
140
140
|
name: webmock
|
|
141
141
|
requirement: !ruby/object:Gem::Requirement
|