dependabot-python 0.117.6 → 0.117.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/build +2 -2
  3. data/helpers/requirements.txt +1 -1
  4. data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb +2 -2
  5. data/lib/dependabot/python/file_updater/pipfile_file_updater.rb +1 -1
  6. data/lib/dependabot/python/python_versions.rb +3 -3
  7. data/lib/dependabot/python/update_checker.rb +2 -0
  8. data/lib/dependabot/python/update_checker/latest_version_finder.rb +11 -4
  9. data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb +2 -2
  10. data/lib/dependabot/python/update_checker/pip_version_resolver.rb +4 -1
  11. data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb +1 -1
  12. metadata +6 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e4543db0d29638c4f82ef120178b6d776223372d8e47e08def68b7bea6374bb7
4
- data.tar.gz: 13361e58c9c436a12f937180e9073d33965341a369123d932305f78cc6306faf
3
+ metadata.gz: 66f587f9f2bad38df796b27f339d8ab7dfc0d98925762745b447ea863ff824e0
4
+ data.tar.gz: 8a96f54b1a137d59b95851a3eb1175cdbe23063017ac1fbd2c740d2748d25317
5
5
  SHA512:
6
- metadata.gz: 1aa4968172aaf067147d767f874df6df9cac9a39b753040d550c3a1b2decfa17ccc885242bd73898129b3bced0d97a1c5fc1c372ceca41c0fa42ca69e75f2099
7
- data.tar.gz: 22673c3e13735dc892f5bbb0dc910049149ce09da3b5fc8dd02a84ea82d5f79055a7a94a0d57a24c274e97fb8066b8bf085be124ca53f1ab09862873afe549eb
6
+ metadata.gz: 27837da107b38259b08cafd3f1c4219680c2fd371c026df55ab3eaf805876b27e09c4dd5a7e8b0bbc57a1513512045529c1f6d2fe1839986412be49c7371c68d
7
+ data.tar.gz: b047c8281910a138e7cb3869f100547518e014b84dd95b4c7e2765249dbdbd43e3a9e23de6d13e87f835dc5aa5e811f8a857a4d12040c6682ec6ed219297c9d1
data/helpers/build CHANGED
@@ -16,5 +16,5 @@ cp -r \
16
16
  "$install_dir"
17
17
 
18
18
  cd "$install_dir"
19
- PYENV_VERSION=2.7.17 pyenv exec pip install -r "requirements.txt"
20
- PYENV_VERSION=3.8.2 pyenv exec pip install -r "requirements.txt"
19
+ PYENV_VERSION=2.7.18 pyenv exec pip install -r "requirements.txt"
20
+ PYENV_VERSION=3.8.3 pyenv exec pip install -r "requirements.txt"
data/helpers/requirements.txt CHANGED
@@ -6,4 +6,4 @@ pipfile==0.0.2
6
6
  poetry==1.0.5
7
7
 
8
8
  # Some dependencies will only install if Cython is present
9
- Cython==0.29.16
9
+ Cython==0.29.19
data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb CHANGED
@@ -174,9 +174,9 @@ module Dependabot
174
174
 
175
175
  raise relevant_error unless error_suggests_bad_python_version?(msg)
176
176
  raise relevant_error if user_specified_python_version
177
- raise relevant_error if python_version == "2.7.17"
177
+ raise relevant_error if python_version == "2.7.18"
178
178
 
179
- @python_version = "2.7.17"
179
+ @python_version = "2.7.18"
180
180
  retry
181
181
  ensure
182
182
  @python_version = nil
data/lib/dependabot/python/file_updater/pipfile_file_updater.rb CHANGED
@@ -280,7 +280,7 @@ module Dependabot
280
280
  run_command("pyenv local #{python_version}")
281
281
  run_command("pyenv exec pipenv --rm")
282
282
 
283
- @python_version = "2.7.17"
283
+ @python_version = "2.7.18"
284
284
  retry
285
285
  ensure
286
286
  @python_version = nil
data/lib/dependabot/python/python_versions.rb CHANGED
@@ -4,17 +4,17 @@ module Dependabot
4
4
  module Python
5
5
  module PythonVersions
6
6
  PRE_INSTALLED_PYTHON_VERSIONS = %w(
7
- 3.8.2 2.7.17
7
+ 3.8.3 2.7.18
8
8
  ).freeze
9
9
 
10
10
  # Due to an OpenSSL issue we can only install the following versions in
11
11
  # the Dependabot container.
12
12
  SUPPORTED_VERSIONS = %w(
13
- 3.8.2 3.8.1 3.8.0
13
+ 3.8.3 3.8.2 3.8.1 3.8.0
14
14
  3.7.7 3.7.6 3.7.5 3.7.4 3.7.3 3.7.2 3.7.1 3.7.0
15
15
  3.6.9 3.6.8 3.6.7 3.6.6 3.6.5 3.6.4 3.6.3 3.6.2 3.6.1 3.6.0
16
16
  3.5.7 3.5.6 3.5.5 3.5.4 3.5.3
17
- 2.7.17 2.7.16 2.7.15 2.7.14 2.7.13
17
+ 2.7.18 2.7.17 2.7.16 2.7.15 2.7.14 2.7.13
18
18
  ).freeze
19
19
 
20
20
  # This list gets iterated through to find a valid version, so we have
data/lib/dependabot/python/update_checker.rb CHANGED
@@ -195,6 +195,7 @@ module Dependabot
195
195
  dependency_files: dependency_files,
196
196
  credentials: credentials,
197
197
  ignored_versions: ignored_versions,
198
+ raise_on_ignored: @raise_on_ignored,
198
199
  security_advisories: security_advisories
199
200
  )
200
201
  end
@@ -262,6 +263,7 @@ module Dependabot
262
263
  dependency_files: dependency_files,
263
264
  credentials: credentials,
264
265
  ignored_versions: ignored_versions,
266
+ raise_on_ignored: @raise_on_ignored,
265
267
  security_advisories: security_advisories
266
268
  )
267
269
  end
data/lib/dependabot/python/update_checker/latest_version_finder.rb CHANGED
@@ -17,11 +17,13 @@ module Dependabot
17
17
  require_relative "index_finder"
18
18
 
19
19
  def initialize(dependency:, dependency_files:, credentials:,
20
- ignored_versions:, security_advisories:)
20
+ ignored_versions:, raise_on_ignored: false,
21
+ security_advisories:)
21
22
  @dependency = dependency
22
23
  @dependency_files = dependency_files
23
24
  @credentials = credentials
24
25
  @ignored_versions = ignored_versions
26
+ @raise_on_ignored = raise_on_ignored
25
27
  @security_advisories = security_advisories
26
28
  end
27
29
 
@@ -69,8 +71,8 @@ module Dependabot
69
71
  versions = filter_yanked_versions(versions)
70
72
  versions = filter_unsupported_versions(versions, python_version)
71
73
  versions = filter_prerelease_versions(versions)
72
- versions = filter_ignored_versions(versions)
73
74
  versions = filter_vulnerable_versions(versions)
75
+ versions = filter_ignored_versions(versions)
74
76
  versions = filter_lower_versions(versions)
75
77
  versions.min
76
78
  end
@@ -97,8 +99,13 @@ module Dependabot
97
99
  end
98
100
 
99
101
  def filter_ignored_versions(versions_array)
100
- versions_array.
101
- reject { |v| ignore_reqs.any? { |r| r.satisfied_by?(v) } }
102
+ filtered = versions_array.
103
+ reject { |v| ignore_reqs.any? { |r| r.satisfied_by?(v) } }
104
+ if @raise_on_ignored && filtered.empty? && versions_array.any?
105
+ raise Dependabot::AllVersionsIgnored
106
+ end
107
+
108
+ filtered
102
109
  end
103
110
 
104
111
  def filter_vulnerable_versions(versions_array)
data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb CHANGED
@@ -229,9 +229,9 @@ module Dependabot
229
229
  relevant_error = choose_relevant_error(original_err, e)
230
230
  raise relevant_error unless error_suggests_bad_python_version?(msg)
231
231
  raise relevant_error if user_specified_python_version
232
- raise relevant_error if python_version == "2.7.17"
232
+ raise relevant_error if python_version == "2.7.18"
233
233
 
234
- @python_version = "2.7.17"
234
+ @python_version = "2.7.18"
235
235
  retry
236
236
  ensure
237
237
  @python_version = nil
data/lib/dependabot/python/update_checker/pip_version_resolver.rb CHANGED
@@ -9,11 +9,13 @@ module Dependabot
9
9
  class UpdateChecker
10
10
  class PipVersionResolver
11
11
  def initialize(dependency:, dependency_files:, credentials:,
12
- ignored_versions:, security_advisories:)
12
+ ignored_versions:, raise_on_ignored: false,
13
+ security_advisories:)
13
14
  @dependency = dependency
14
15
  @dependency_files = dependency_files
15
16
  @credentials = credentials
16
17
  @ignored_versions = ignored_versions
18
+ @raise_on_ignored = raise_on_ignored
17
19
  @security_advisories = security_advisories
18
20
  end
19
21
 
@@ -42,6 +44,7 @@ module Dependabot
42
44
  dependency_files: dependency_files,
43
45
  credentials: credentials,
44
46
  ignored_versions: ignored_versions,
47
+ raise_on_ignored: @raise_on_ignored,
45
48
  security_advisories: security_advisories
46
49
  )
47
50
  end
data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb CHANGED
@@ -458,7 +458,7 @@ module Dependabot
458
458
  run_command("pyenv local #{python_version}")
459
459
  run_command("pyenv exec pipenv --rm")
460
460
 
461
- @python_version = "2.7.17"
461
+ @python_version = "2.7.18"
462
462
  retry
463
463
  ensure
464
464
  @python_version = nil
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.117.6
4
+ version: 0.117.11
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-04-09 00:00:00.000000000 Z
11
+ date: 2020-05-28 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.117.6
19
+ version: 0.117.11
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.117.6
26
+ version: 0.117.11
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -114,14 +114,14 @@ dependencies:
114
114
  requirements:
115
115
  - - "~>"
116
116
  - !ruby/object:Gem::Version
117
- version: 0.80.1
117
+ version: 0.83.0
118
118
  type: :development
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - "~>"
123
123
  - !ruby/object:Gem::Version
124
- version: 0.80.1
124
+ version: 0.83.0
125
125
  - !ruby/object:Gem::Dependency
126
126
  name: vcr
127
127
  requirement: !ruby/object:Gem::Requirement