dependabot-python 0.117.11 → 0.118.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/helpers/lib/parser.py +7 -17
- data/helpers/requirements.txt +5 -5
- data/lib/dependabot/python/requirement_parser.rb +16 -0
- metadata +8 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b5e0617fae821ec632fc7f1eddde32962a1df52ddd266d946033e42efb6b2031
|
|
4
|
+
data.tar.gz: ce74737754731d32562993a145e63eaf7513b59b8c58d2ff11f18861f8a36a01
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: '02250941200ab1de97012b7be8410788c2df2891862a3316d89cc1b3050fd22dc52671ddb742542d015467fabead012c8e2137e48a36e4a3dabe600b9491fd8d'
|
|
7
|
+
data.tar.gz: fab0d25f84992900a32cd5ddb3fc7aceb9578efe1ee1295e9b66772c93bee9b74467c215d9dbd302d02fb9722170e4b7e679b6b1c34afb471d63ef144037873f
|
data/helpers/lib/parser.py
CHANGED
|
@@ -8,26 +8,16 @@ import re
|
|
|
8
8
|
|
|
9
9
|
import setuptools
|
|
10
10
|
import pip._internal.req.req_file
|
|
11
|
-
from pip._internal.
|
|
11
|
+
from pip._internal.network.session import PipSession
|
|
12
12
|
from pip._internal.models.format_control import FormatControl
|
|
13
|
-
from pip._internal.req.constructors import
|
|
14
|
-
|
|
15
|
-
|
|
13
|
+
from pip._internal.req.constructors import (
|
|
14
|
+
install_req_from_line,
|
|
15
|
+
install_req_from_parsed_requirement,
|
|
16
|
+
)
|
|
16
17
|
|
|
17
18
|
def parse_requirements(directory):
|
|
18
19
|
# Parse the requirements.txt
|
|
19
20
|
requirement_packages = []
|
|
20
|
-
parser_options = optparse.Values(
|
|
21
|
-
{
|
|
22
|
-
"skip_requirements_regex": JINJA_DELIMITER_IGNORE_REGEX,
|
|
23
|
-
# pip._internal assumes parse_requirements will be called from
|
|
24
|
-
# CLI, which sets default values. When passing parser options,
|
|
25
|
-
# need to explicitly set those defaults.
|
|
26
|
-
"isolated_mode": False,
|
|
27
|
-
"format_control": FormatControl(),
|
|
28
|
-
}
|
|
29
|
-
)
|
|
30
|
-
|
|
31
21
|
requirement_files = glob.glob(os.path.join(directory, '*.txt')) \
|
|
32
22
|
+ glob.glob(os.path.join(directory, '**', '*.txt'))
|
|
33
23
|
|
|
@@ -42,10 +32,10 @@ def parse_requirements(directory):
|
|
|
42
32
|
try:
|
|
43
33
|
requirements = pip._internal.req.req_file.parse_requirements(
|
|
44
34
|
reqs_file,
|
|
45
|
-
options=parser_options,
|
|
46
35
|
session=PipSession()
|
|
47
36
|
)
|
|
48
|
-
for
|
|
37
|
+
for parsed_req in requirements:
|
|
38
|
+
install_req = install_req_from_parsed_requirement(parsed_req)
|
|
49
39
|
if install_req.original_link:
|
|
50
40
|
continue
|
|
51
41
|
|
data/helpers/requirements.txt
CHANGED
|
@@ -1,9 +1,9 @@
|
|
|
1
|
-
pip==
|
|
2
|
-
pip-tools==
|
|
3
|
-
hashin==0.
|
|
1
|
+
pip==20.1.1
|
|
2
|
+
pip-tools==5.2.1
|
|
3
|
+
hashin==0.15.0
|
|
4
4
|
pipenv==2018.11.26
|
|
5
5
|
pipfile==0.0.2
|
|
6
|
-
poetry==1.0.
|
|
6
|
+
poetry==1.0.9
|
|
7
7
|
|
|
8
8
|
# Some dependencies will only install if Cython is present
|
|
9
|
-
Cython==0.29.
|
|
9
|
+
Cython==0.29.20
|
|
@@ -13,11 +13,25 @@ module Dependabot
|
|
|
13
13
|
HASH = /--hash=(?<algorithm>.*?):(?<hash>.*?)(?=\s|$)/.freeze
|
|
14
14
|
REQUIREMENTS = /#{REQUIREMENT}(\s*,\s*\\?\s*#{REQUIREMENT})*/.freeze
|
|
15
15
|
HASHES = /#{HASH}(\s*\\?\s*#{HASH})*/.freeze
|
|
16
|
+
MARKER_OP = /\s*(#{COMPARISON}|(\s*in)|(\s*not\s*in))/.freeze
|
|
17
|
+
PYTHON_STR_C =
|
|
18
|
+
%r{[a-zA-Z0-9\s\(\)\.\{\}\-_\*#:;/\?\[\]!~`@\$%\^&=\+\|<>]}.freeze
|
|
19
|
+
PYTHON_STR = /('(#{PYTHON_STR_C}|")*'|"(#{PYTHON_STR_C}|')*")/.freeze
|
|
20
|
+
ENV_VAR =
|
|
21
|
+
/python_version|python_full_version|os_name|sys_platform|
|
|
22
|
+
platform_release|platform_system|platform_version|platform_machine|
|
|
23
|
+
platform_python_implementation|implementation_name|
|
|
24
|
+
implementation_version/.freeze
|
|
25
|
+
MARKER_VAR = /\s*(#{ENV_VAR}|#{PYTHON_STR})/.freeze
|
|
26
|
+
MARKER_EXPR_ONE = /#{MARKER_VAR}#{MARKER_OP}#{MARKER_VAR}/.freeze
|
|
27
|
+
MARKER_EXPR =
|
|
28
|
+
/(#{MARKER_EXPR_ONE}|\(\s*|\s*\)|\s+and\s+|\s+or\s+)+/.freeze
|
|
16
29
|
|
|
17
30
|
INSTALL_REQ_WITH_REQUIREMENT =
|
|
18
31
|
/\s*\\?\s*(?<name>#{NAME})
|
|
19
32
|
\s*\\?\s*(\[\s*(?<extras>#{EXTRA}(\s*,\s*#{EXTRA})*)\s*\])?
|
|
20
33
|
\s*\\?\s*\(?(?<requirements>#{REQUIREMENTS})\)?
|
|
34
|
+
\s*\\?\s*(;\s*(?<markers>#{MARKER_EXPR}))?
|
|
21
35
|
\s*\\?\s*(?<hashes>#{HASHES})?
|
|
22
36
|
\s*#*\s*(?<comment>.+)?
|
|
23
37
|
/x.freeze
|
|
@@ -25,6 +39,7 @@ module Dependabot
|
|
|
25
39
|
INSTALL_REQ_WITHOUT_REQUIREMENT =
|
|
26
40
|
/^\s*\\?\s*(?<name>#{NAME})
|
|
27
41
|
\s*\\?\s*(\[\s*(?<extras>#{EXTRA}(\s*,\s*#{EXTRA})*)\s*\])?
|
|
42
|
+
\s*\\?\s*(;\s*(?<markers>#{MARKER_EXPR}))?
|
|
28
43
|
\s*\\?\s*(?<hashes>#{HASHES})?
|
|
29
44
|
\s*#*\s*(?<comment>.+)?$
|
|
30
45
|
/x.freeze
|
|
@@ -33,6 +48,7 @@ module Dependabot
|
|
|
33
48
|
/^\s*\\?\s*(?<name>#{NAME})
|
|
34
49
|
\s*\\?\s*(\[\s*(?<extras>#{EXTRA}(\s*,\s*#{EXTRA})*)\s*\])?
|
|
35
50
|
\s*\\?\s*\(?(?<requirements>#{REQUIREMENTS})?\)?
|
|
51
|
+
\s*\\?\s*(;\s*(?<markers>#{MARKER_EXPR}))?
|
|
36
52
|
\s*\\?\s*(?<hashes>#{HASHES})?
|
|
37
53
|
\s*(\#+\s*(?<comment>.*))?$
|
|
38
54
|
/x.freeze
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-python
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.118.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-06-19 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.118.4
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.118.4
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -114,28 +114,28 @@ dependencies:
|
|
|
114
114
|
requirements:
|
|
115
115
|
- - "~>"
|
|
116
116
|
- !ruby/object:Gem::Version
|
|
117
|
-
version: 0.
|
|
117
|
+
version: 0.85.0
|
|
118
118
|
type: :development
|
|
119
119
|
prerelease: false
|
|
120
120
|
version_requirements: !ruby/object:Gem::Requirement
|
|
121
121
|
requirements:
|
|
122
122
|
- - "~>"
|
|
123
123
|
- !ruby/object:Gem::Version
|
|
124
|
-
version: 0.
|
|
124
|
+
version: 0.85.0
|
|
125
125
|
- !ruby/object:Gem::Dependency
|
|
126
126
|
name: vcr
|
|
127
127
|
requirement: !ruby/object:Gem::Requirement
|
|
128
128
|
requirements:
|
|
129
129
|
- - '='
|
|
130
130
|
- !ruby/object:Gem::Version
|
|
131
|
-
version:
|
|
131
|
+
version: 6.0.0
|
|
132
132
|
type: :development
|
|
133
133
|
prerelease: false
|
|
134
134
|
version_requirements: !ruby/object:Gem::Requirement
|
|
135
135
|
requirements:
|
|
136
136
|
- - '='
|
|
137
137
|
- !ruby/object:Gem::Version
|
|
138
|
-
version:
|
|
138
|
+
version: 6.0.0
|
|
139
139
|
- !ruby/object:Gem::Dependency
|
|
140
140
|
name: webmock
|
|
141
141
|
requirement: !ruby/object:Gem::Requirement
|