dependabot-python 0.117.10 → 0.118.3

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ff0b995c20ea7f669f01c970443cd4f9abd15302a29ef16d2b256e6ea2d963cf
4
- data.tar.gz: 9047700c6f5ca3388458a1b315f0bf10ee3422a10e00d919eeec577435746df0
3
+ metadata.gz: '096e75f3e4a994ff56563035d72d9f6ab530e401a44ed9b2dbc6311ecb32b387'
4
+ data.tar.gz: 38e01b056f81def3feab7bab3cdd9288186aa933e77b5397324d235a8f93dde1
5
5
  SHA512:
6
- metadata.gz: 4297db3887115e681b5d7665dbec297c01f567c35c0a9abb40fe4790b6d5eb77a2a6bcbe4ce8ab81507365a3dbf87ff5a1ab8f63870b4ea2184c7777fd78a521
7
- data.tar.gz: e8a7a7c0ff5fb9b0fba30ccca654b81936d6d6ee371ac79727103eba0b9fd52c52c4bcc21f34d464b6e09fce4f196b82f9b8895aa95938bc33a3fb86e2fe786c
6
+ metadata.gz: 4a72b36509ad0b9b12540306e0bbcf9c0876df144d3e44874603ac3e6b63ef34fefc2ee17d3f172c3f342891ad4f1b264543bb625636c80c9ddb516a8a6726af
7
+ data.tar.gz: 82b18a2a994a76df0b223a1cf6a73ce6f11dc0512059760a24d4150603e93ece2d63d1dacdb7e2dfc74416a14f0ddbb43ef920700ffd804846864be9400c1ff4
@@ -16,5 +16,5 @@ cp -r \
16
16
  "$install_dir"
17
17
 
18
18
  cd "$install_dir"
19
- PYENV_VERSION=2.7.17 pyenv exec pip install -r "requirements.txt"
20
- PYENV_VERSION=3.8.2 pyenv exec pip install -r "requirements.txt"
19
+ PYENV_VERSION=2.7.18 pyenv exec pip install -r "requirements.txt"
20
+ PYENV_VERSION=3.8.3 pyenv exec pip install -r "requirements.txt"
@@ -8,26 +8,16 @@ import re
8
8
 
9
9
  import setuptools
10
10
  import pip._internal.req.req_file
11
- from pip._internal.download import PipSession
11
+ from pip._internal.network.session import PipSession
12
12
  from pip._internal.models.format_control import FormatControl
13
- from pip._internal.req.constructors import install_req_from_line
14
-
15
- JINJA_DELIMITER_IGNORE_REGEX = r"({{(.*?)}})|({%[-]?(.*?)%})|({#(.*?)#})"
13
+ from pip._internal.req.constructors import (
14
+ install_req_from_line,
15
+ install_req_from_parsed_requirement,
16
+ )
16
17
 
17
18
  def parse_requirements(directory):
18
19
  # Parse the requirements.txt
19
20
  requirement_packages = []
20
- parser_options = optparse.Values(
21
- {
22
- "skip_requirements_regex": JINJA_DELIMITER_IGNORE_REGEX,
23
- # pip._internal assumes parse_requirements will be called from
24
- # CLI, which sets default values. When passing parser options,
25
- # need to explicitly set those defaults.
26
- "isolated_mode": False,
27
- "format_control": FormatControl(),
28
- }
29
- )
30
-
31
21
  requirement_files = glob.glob(os.path.join(directory, '*.txt')) \
32
22
  + glob.glob(os.path.join(directory, '**', '*.txt'))
33
23
 
@@ -42,10 +32,10 @@ def parse_requirements(directory):
42
32
  try:
43
33
  requirements = pip._internal.req.req_file.parse_requirements(
44
34
  reqs_file,
45
- options=parser_options,
46
35
  session=PipSession()
47
36
  )
48
- for install_req in requirements:
37
+ for parsed_req in requirements:
38
+ install_req = install_req_from_parsed_requirement(parsed_req)
49
39
  if install_req.original_link:
50
40
  continue
51
41
 
@@ -1,9 +1,9 @@
1
- pip==19.3.1
2
- pip-tools==4.5.1
3
- hashin==0.14.6
1
+ pip==20.1.1
2
+ pip-tools==5.2.1
3
+ hashin==0.15.0
4
4
  pipenv==2018.11.26
5
5
  pipfile==0.0.2
6
- poetry==1.0.5
6
+ poetry==1.0.9
7
7
 
8
8
  # Some dependencies will only install if Cython is present
9
- Cython==0.29.19
9
+ Cython==0.29.20
@@ -174,9 +174,9 @@ module Dependabot
174
174
 
175
175
  raise relevant_error unless error_suggests_bad_python_version?(msg)
176
176
  raise relevant_error if user_specified_python_version
177
- raise relevant_error if python_version == "2.7.17"
177
+ raise relevant_error if python_version == "2.7.18"
178
178
 
179
- @python_version = "2.7.17"
179
+ @python_version = "2.7.18"
180
180
  retry
181
181
  ensure
182
182
  @python_version = nil
@@ -280,7 +280,7 @@ module Dependabot
280
280
  run_command("pyenv local #{python_version}")
281
281
  run_command("pyenv exec pipenv --rm")
282
282
 
283
- @python_version = "2.7.17"
283
+ @python_version = "2.7.18"
284
284
  retry
285
285
  ensure
286
286
  @python_version = nil
@@ -4,17 +4,17 @@ module Dependabot
4
4
  module Python
5
5
  module PythonVersions
6
6
  PRE_INSTALLED_PYTHON_VERSIONS = %w(
7
- 3.8.2 2.7.17
7
+ 3.8.3 2.7.18
8
8
  ).freeze
9
9
 
10
10
  # Due to an OpenSSL issue we can only install the following versions in
11
11
  # the Dependabot container.
12
12
  SUPPORTED_VERSIONS = %w(
13
- 3.8.2 3.8.1 3.8.0
13
+ 3.8.3 3.8.2 3.8.1 3.8.0
14
14
  3.7.7 3.7.6 3.7.5 3.7.4 3.7.3 3.7.2 3.7.1 3.7.0
15
15
  3.6.9 3.6.8 3.6.7 3.6.6 3.6.5 3.6.4 3.6.3 3.6.2 3.6.1 3.6.0
16
16
  3.5.7 3.5.6 3.5.5 3.5.4 3.5.3
17
- 2.7.17 2.7.16 2.7.15 2.7.14 2.7.13
17
+ 2.7.18 2.7.17 2.7.16 2.7.15 2.7.14 2.7.13
18
18
  ).freeze
19
19
 
20
20
  # This list gets iterated through to find a valid version, so we have
@@ -13,11 +13,25 @@ module Dependabot
13
13
  HASH = /--hash=(?<algorithm>.*?):(?<hash>.*?)(?=\s|$)/.freeze
14
14
  REQUIREMENTS = /#{REQUIREMENT}(\s*,\s*\\?\s*#{REQUIREMENT})*/.freeze
15
15
  HASHES = /#{HASH}(\s*\\?\s*#{HASH})*/.freeze
16
+ MARKER_OP = /\s*(#{COMPARISON}|(\s*in)|(\s*not\s*in))/.freeze
17
+ PYTHON_STR_C =
18
+ %r{[a-zA-Z0-9\s\(\)\.\{\}\-_\*#:;/\?\[\]!~`@\$%\^&=\+\|<>]}.freeze
19
+ PYTHON_STR = /('(#{PYTHON_STR_C}|")*'|"(#{PYTHON_STR_C}|')*")/.freeze
20
+ ENV_VAR =
21
+ /python_version|python_full_version|os_name|sys_platform|
22
+ platform_release|platform_system|platform_version|platform_machine|
23
+ platform_python_implementation|implementation_name|
24
+ implementation_version/.freeze
25
+ MARKER_VAR = /\s*(#{ENV_VAR}|#{PYTHON_STR})/.freeze
26
+ MARKER_EXPR_ONE = /#{MARKER_VAR}#{MARKER_OP}#{MARKER_VAR}/.freeze
27
+ MARKER_EXPR =
28
+ /(#{MARKER_EXPR_ONE}|\(\s*|\s*\)|\s+and\s+|\s+or\s+)+/.freeze
16
29
 
17
30
  INSTALL_REQ_WITH_REQUIREMENT =
18
31
  /\s*\\?\s*(?<name>#{NAME})
19
32
  \s*\\?\s*(\[\s*(?<extras>#{EXTRA}(\s*,\s*#{EXTRA})*)\s*\])?
20
33
  \s*\\?\s*\(?(?<requirements>#{REQUIREMENTS})\)?
34
+ \s*\\?\s*(;\s*(?<markers>#{MARKER_EXPR}))?
21
35
  \s*\\?\s*(?<hashes>#{HASHES})?
22
36
  \s*#*\s*(?<comment>.+)?
23
37
  /x.freeze
@@ -25,6 +39,7 @@ module Dependabot
25
39
  INSTALL_REQ_WITHOUT_REQUIREMENT =
26
40
  /^\s*\\?\s*(?<name>#{NAME})
27
41
  \s*\\?\s*(\[\s*(?<extras>#{EXTRA}(\s*,\s*#{EXTRA})*)\s*\])?
42
+ \s*\\?\s*(;\s*(?<markers>#{MARKER_EXPR}))?
28
43
  \s*\\?\s*(?<hashes>#{HASHES})?
29
44
  \s*#*\s*(?<comment>.+)?$
30
45
  /x.freeze
@@ -33,6 +48,7 @@ module Dependabot
33
48
  /^\s*\\?\s*(?<name>#{NAME})
34
49
  \s*\\?\s*(\[\s*(?<extras>#{EXTRA}(\s*,\s*#{EXTRA})*)\s*\])?
35
50
  \s*\\?\s*\(?(?<requirements>#{REQUIREMENTS})?\)?
51
+ \s*\\?\s*(;\s*(?<markers>#{MARKER_EXPR}))?
36
52
  \s*\\?\s*(?<hashes>#{HASHES})?
37
53
  \s*(\#+\s*(?<comment>.*))?$
38
54
  /x.freeze
@@ -195,6 +195,7 @@ module Dependabot
195
195
  dependency_files: dependency_files,
196
196
  credentials: credentials,
197
197
  ignored_versions: ignored_versions,
198
+ raise_on_ignored: @raise_on_ignored,
198
199
  security_advisories: security_advisories
199
200
  )
200
201
  end
@@ -262,6 +263,7 @@ module Dependabot
262
263
  dependency_files: dependency_files,
263
264
  credentials: credentials,
264
265
  ignored_versions: ignored_versions,
266
+ raise_on_ignored: @raise_on_ignored,
265
267
  security_advisories: security_advisories
266
268
  )
267
269
  end
@@ -17,11 +17,13 @@ module Dependabot
17
17
  require_relative "index_finder"
18
18
 
19
19
  def initialize(dependency:, dependency_files:, credentials:,
20
- ignored_versions:, security_advisories:)
20
+ ignored_versions:, raise_on_ignored: false,
21
+ security_advisories:)
21
22
  @dependency = dependency
22
23
  @dependency_files = dependency_files
23
24
  @credentials = credentials
24
25
  @ignored_versions = ignored_versions
26
+ @raise_on_ignored = raise_on_ignored
25
27
  @security_advisories = security_advisories
26
28
  end
27
29
 
@@ -69,8 +71,8 @@ module Dependabot
69
71
  versions = filter_yanked_versions(versions)
70
72
  versions = filter_unsupported_versions(versions, python_version)
71
73
  versions = filter_prerelease_versions(versions)
72
- versions = filter_ignored_versions(versions)
73
74
  versions = filter_vulnerable_versions(versions)
75
+ versions = filter_ignored_versions(versions)
74
76
  versions = filter_lower_versions(versions)
75
77
  versions.min
76
78
  end
@@ -97,8 +99,13 @@ module Dependabot
97
99
  end
98
100
 
99
101
  def filter_ignored_versions(versions_array)
100
- versions_array.
101
- reject { |v| ignore_reqs.any? { |r| r.satisfied_by?(v) } }
102
+ filtered = versions_array.
103
+ reject { |v| ignore_reqs.any? { |r| r.satisfied_by?(v) } }
104
+ if @raise_on_ignored && filtered.empty? && versions_array.any?
105
+ raise Dependabot::AllVersionsIgnored
106
+ end
107
+
108
+ filtered
102
109
  end
103
110
 
104
111
  def filter_vulnerable_versions(versions_array)
@@ -229,9 +229,9 @@ module Dependabot
229
229
  relevant_error = choose_relevant_error(original_err, e)
230
230
  raise relevant_error unless error_suggests_bad_python_version?(msg)
231
231
  raise relevant_error if user_specified_python_version
232
- raise relevant_error if python_version == "2.7.17"
232
+ raise relevant_error if python_version == "2.7.18"
233
233
 
234
- @python_version = "2.7.17"
234
+ @python_version = "2.7.18"
235
235
  retry
236
236
  ensure
237
237
  @python_version = nil
@@ -9,11 +9,13 @@ module Dependabot
9
9
  class UpdateChecker
10
10
  class PipVersionResolver
11
11
  def initialize(dependency:, dependency_files:, credentials:,
12
- ignored_versions:, security_advisories:)
12
+ ignored_versions:, raise_on_ignored: false,
13
+ security_advisories:)
13
14
  @dependency = dependency
14
15
  @dependency_files = dependency_files
15
16
  @credentials = credentials
16
17
  @ignored_versions = ignored_versions
18
+ @raise_on_ignored = raise_on_ignored
17
19
  @security_advisories = security_advisories
18
20
  end
19
21
 
@@ -42,6 +44,7 @@ module Dependabot
42
44
  dependency_files: dependency_files,
43
45
  credentials: credentials,
44
46
  ignored_versions: ignored_versions,
47
+ raise_on_ignored: @raise_on_ignored,
45
48
  security_advisories: security_advisories
46
49
  )
47
50
  end
@@ -458,7 +458,7 @@ module Dependabot
458
458
  run_command("pyenv local #{python_version}")
459
459
  run_command("pyenv exec pipenv --rm")
460
460
 
461
- @python_version = "2.7.17"
461
+ @python_version = "2.7.18"
462
462
  retry
463
463
  ensure
464
464
  @python_version = nil
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.117.10
4
+ version: 0.118.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-05-21 00:00:00.000000000 Z
11
+ date: 2020-06-18 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.117.10
19
+ version: 0.118.3
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.117.10
26
+ version: 0.118.3
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -114,28 +114,28 @@ dependencies:
114
114
  requirements:
115
115
  - - "~>"
116
116
  - !ruby/object:Gem::Version
117
- version: 0.83.0
117
+ version: 0.85.0
118
118
  type: :development
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - "~>"
123
123
  - !ruby/object:Gem::Version
124
- version: 0.83.0
124
+ version: 0.85.0
125
125
  - !ruby/object:Gem::Dependency
126
126
  name: vcr
127
127
  requirement: !ruby/object:Gem::Requirement
128
128
  requirements:
129
129
  - - '='
130
130
  - !ruby/object:Gem::Version
131
- version: '5.0'
131
+ version: 6.0.0
132
132
  type: :development
133
133
  prerelease: false
134
134
  version_requirements: !ruby/object:Gem::Requirement
135
135
  requirements:
136
136
  - - '='
137
137
  - !ruby/object:Gem::Version
138
- version: '5.0'
138
+ version: 6.0.0
139
139
  - !ruby/object:Gem::Dependency
140
140
  name: webmock
141
141
  requirement: !ruby/object:Gem::Requirement