dependabot-python 0.117.11 → 0.118.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/lib/parser.py +7 -17
- data/helpers/requirements.txt +5 -5
- data/lib/dependabot/python/requirement_parser.rb +16 -0
- metadata +8 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b5e0617fae821ec632fc7f1eddde32962a1df52ddd266d946033e42efb6b2031
|
|
4
|
+
data.tar.gz: ce74737754731d32562993a145e63eaf7513b59b8c58d2ff11f18861f8a36a01
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: '02250941200ab1de97012b7be8410788c2df2891862a3316d89cc1b3050fd22dc52671ddb742542d015467fabead012c8e2137e48a36e4a3dabe600b9491fd8d'
|
|
7
|
+
data.tar.gz: fab0d25f84992900a32cd5ddb3fc7aceb9578efe1ee1295e9b66772c93bee9b74467c215d9dbd302d02fb9722170e4b7e679b6b1c34afb471d63ef144037873f
|
data/helpers/lib/parser.py
CHANGED
|
@@ -8,26 +8,16 @@ import re
|
|
|
8
8
|
|
|
9
9
|
import setuptools
|
|
10
10
|
import pip._internal.req.req_file
|
|
11
|
-
from pip._internal.
|
|
11
|
+
from pip._internal.network.session import PipSession
|
|
12
12
|
from pip._internal.models.format_control import FormatControl
|
|
13
|
-
from pip._internal.req.constructors import
|
|
14
|
-
|
|
15
|
-
|
|
13
|
+
from pip._internal.req.constructors import (
|
|
14
|
+
install_req_from_line,
|
|
15
|
+
install_req_from_parsed_requirement,
|
|
16
|
+
)
|
|
16
17
|
|
|
17
18
|
def parse_requirements(directory):
|
|
18
19
|
# Parse the requirements.txt
|
|
19
20
|
requirement_packages = []
|
|
20
|
-
parser_options = optparse.Values(
|
|
21
|
-
{
|
|
22
|
-
"skip_requirements_regex": JINJA_DELIMITER_IGNORE_REGEX,
|
|
23
|
-
# pip._internal assumes parse_requirements will be called from
|
|
24
|
-
# CLI, which sets default values. When passing parser options,
|
|
25
|
-
# need to explicitly set those defaults.
|
|
26
|
-
"isolated_mode": False,
|
|
27
|
-
"format_control": FormatControl(),
|
|
28
|
-
}
|
|
29
|
-
)
|
|
30
|
-
|
|
31
21
|
requirement_files = glob.glob(os.path.join(directory, '*.txt')) \
|
|
32
22
|
+ glob.glob(os.path.join(directory, '**', '*.txt'))
|
|
33
23
|
|
|
@@ -42,10 +32,10 @@ def parse_requirements(directory):
|
|
|
42
32
|
try:
|
|
43
33
|
requirements = pip._internal.req.req_file.parse_requirements(
|
|
44
34
|
reqs_file,
|
|
45
|
-
options=parser_options,
|
|
46
35
|
session=PipSession()
|
|
47
36
|
)
|
|
48
|
-
for
|
|
37
|
+
for parsed_req in requirements:
|
|
38
|
+
install_req = install_req_from_parsed_requirement(parsed_req)
|
|
49
39
|
if install_req.original_link:
|
|
50
40
|
continue
|
|
51
41
|
|
data/helpers/requirements.txt
CHANGED
|
@@ -1,9 +1,9 @@
|
|
|
1
|
-
pip==
|
|
2
|
-
pip-tools==
|
|
3
|
-
hashin==0.
|
|
1
|
+
pip==20.1.1
|
|
2
|
+
pip-tools==5.2.1
|
|
3
|
+
hashin==0.15.0
|
|
4
4
|
pipenv==2018.11.26
|
|
5
5
|
pipfile==0.0.2
|
|
6
|
-
poetry==1.0.
|
|
6
|
+
poetry==1.0.9
|
|
7
7
|
|
|
8
8
|
# Some dependencies will only install if Cython is present
|
|
9
|
-
Cython==0.29.
|
|
9
|
+
Cython==0.29.20
|
|
@@ -13,11 +13,25 @@ module Dependabot
|
|
|
13
13
|
HASH = /--hash=(?<algorithm>.*?):(?<hash>.*?)(?=\s|$)/.freeze
|
|
14
14
|
REQUIREMENTS = /#{REQUIREMENT}(\s*,\s*\\?\s*#{REQUIREMENT})*/.freeze
|
|
15
15
|
HASHES = /#{HASH}(\s*\\?\s*#{HASH})*/.freeze
|
|
16
|
+
MARKER_OP = /\s*(#{COMPARISON}|(\s*in)|(\s*not\s*in))/.freeze
|
|
17
|
+
PYTHON_STR_C =
|
|
18
|
+
%r{[a-zA-Z0-9\s\(\)\.\{\}\-_\*#:;/\?\[\]!~`@\$%\^&=\+\|<>]}.freeze
|
|
19
|
+
PYTHON_STR = /('(#{PYTHON_STR_C}|")*'|"(#{PYTHON_STR_C}|')*")/.freeze
|
|
20
|
+
ENV_VAR =
|
|
21
|
+
/python_version|python_full_version|os_name|sys_platform|
|
|
22
|
+
platform_release|platform_system|platform_version|platform_machine|
|
|
23
|
+
platform_python_implementation|implementation_name|
|
|
24
|
+
implementation_version/.freeze
|
|
25
|
+
MARKER_VAR = /\s*(#{ENV_VAR}|#{PYTHON_STR})/.freeze
|
|
26
|
+
MARKER_EXPR_ONE = /#{MARKER_VAR}#{MARKER_OP}#{MARKER_VAR}/.freeze
|
|
27
|
+
MARKER_EXPR =
|
|
28
|
+
/(#{MARKER_EXPR_ONE}|\(\s*|\s*\)|\s+and\s+|\s+or\s+)+/.freeze
|
|
16
29
|
|
|
17
30
|
INSTALL_REQ_WITH_REQUIREMENT =
|
|
18
31
|
/\s*\\?\s*(?<name>#{NAME})
|
|
19
32
|
\s*\\?\s*(\[\s*(?<extras>#{EXTRA}(\s*,\s*#{EXTRA})*)\s*\])?
|
|
20
33
|
\s*\\?\s*\(?(?<requirements>#{REQUIREMENTS})\)?
|
|
34
|
+
\s*\\?\s*(;\s*(?<markers>#{MARKER_EXPR}))?
|
|
21
35
|
\s*\\?\s*(?<hashes>#{HASHES})?
|
|
22
36
|
\s*#*\s*(?<comment>.+)?
|
|
23
37
|
/x.freeze
|
|
@@ -25,6 +39,7 @@ module Dependabot
|
|
|
25
39
|
INSTALL_REQ_WITHOUT_REQUIREMENT =
|
|
26
40
|
/^\s*\\?\s*(?<name>#{NAME})
|
|
27
41
|
\s*\\?\s*(\[\s*(?<extras>#{EXTRA}(\s*,\s*#{EXTRA})*)\s*\])?
|
|
42
|
+
\s*\\?\s*(;\s*(?<markers>#{MARKER_EXPR}))?
|
|
28
43
|
\s*\\?\s*(?<hashes>#{HASHES})?
|
|
29
44
|
\s*#*\s*(?<comment>.+)?$
|
|
30
45
|
/x.freeze
|
|
@@ -33,6 +48,7 @@ module Dependabot
|
|
|
33
48
|
/^\s*\\?\s*(?<name>#{NAME})
|
|
34
49
|
\s*\\?\s*(\[\s*(?<extras>#{EXTRA}(\s*,\s*#{EXTRA})*)\s*\])?
|
|
35
50
|
\s*\\?\s*\(?(?<requirements>#{REQUIREMENTS})?\)?
|
|
51
|
+
\s*\\?\s*(;\s*(?<markers>#{MARKER_EXPR}))?
|
|
36
52
|
\s*\\?\s*(?<hashes>#{HASHES})?
|
|
37
53
|
\s*(\#+\s*(?<comment>.*))?$
|
|
38
54
|
/x.freeze
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-python
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.118.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-06-19 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.118.4
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.118.4
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -114,28 +114,28 @@ dependencies:
|
|
|
114
114
|
requirements:
|
|
115
115
|
- - "~>"
|
|
116
116
|
- !ruby/object:Gem::Version
|
|
117
|
-
version: 0.
|
|
117
|
+
version: 0.85.0
|
|
118
118
|
type: :development
|
|
119
119
|
prerelease: false
|
|
120
120
|
version_requirements: !ruby/object:Gem::Requirement
|
|
121
121
|
requirements:
|
|
122
122
|
- - "~>"
|
|
123
123
|
- !ruby/object:Gem::Version
|
|
124
|
-
version: 0.
|
|
124
|
+
version: 0.85.0
|
|
125
125
|
- !ruby/object:Gem::Dependency
|
|
126
126
|
name: vcr
|
|
127
127
|
requirement: !ruby/object:Gem::Requirement
|
|
128
128
|
requirements:
|
|
129
129
|
- - '='
|
|
130
130
|
- !ruby/object:Gem::Version
|
|
131
|
-
version:
|
|
131
|
+
version: 6.0.0
|
|
132
132
|
type: :development
|
|
133
133
|
prerelease: false
|
|
134
134
|
version_requirements: !ruby/object:Gem::Requirement
|
|
135
135
|
requirements:
|
|
136
136
|
- - '='
|
|
137
137
|
- !ruby/object:Gem::Version
|
|
138
|
-
version:
|
|
138
|
+
version: 6.0.0
|
|
139
139
|
- !ruby/object:Gem::Dependency
|
|
140
140
|
name: webmock
|
|
141
141
|
requirement: !ruby/object:Gem::Requirement
|