dependabot-python 0.117.6 → 0.117.11

Sign up to get free protection for your applications and to get access to all the features.
Files changed (12) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/build +2 -2
  3. data/helpers/requirements.txt +1 -1
  4. data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb +2 -2
  5. data/lib/dependabot/python/file_updater/pipfile_file_updater.rb +1 -1
  6. data/lib/dependabot/python/python_versions.rb +3 -3
  7. data/lib/dependabot/python/update_checker.rb +2 -0
  8. data/lib/dependabot/python/update_checker/latest_version_finder.rb +11 -4
  9. data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb +2 -2
  10. data/lib/dependabot/python/update_checker/pip_version_resolver.rb +4 -1
  11. data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb +1 -1
  12. metadata +6 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e4543db0d29638c4f82ef120178b6d776223372d8e47e08def68b7bea6374bb7
4
- data.tar.gz: 13361e58c9c436a12f937180e9073d33965341a369123d932305f78cc6306faf
3
+ metadata.gz: 66f587f9f2bad38df796b27f339d8ab7dfc0d98925762745b447ea863ff824e0
4
+ data.tar.gz: 8a96f54b1a137d59b95851a3eb1175cdbe23063017ac1fbd2c740d2748d25317
5
5
  SHA512:
6
- metadata.gz: 1aa4968172aaf067147d767f874df6df9cac9a39b753040d550c3a1b2decfa17ccc885242bd73898129b3bced0d97a1c5fc1c372ceca41c0fa42ca69e75f2099
7
- data.tar.gz: 22673c3e13735dc892f5bbb0dc910049149ce09da3b5fc8dd02a84ea82d5f79055a7a94a0d57a24c274e97fb8066b8bf085be124ca53f1ab09862873afe549eb
6
+ metadata.gz: 27837da107b38259b08cafd3f1c4219680c2fd371c026df55ab3eaf805876b27e09c4dd5a7e8b0bbc57a1513512045529c1f6d2fe1839986412be49c7371c68d
7
+ data.tar.gz: b047c8281910a138e7cb3869f100547518e014b84dd95b4c7e2765249dbdbd43e3a9e23de6d13e87f835dc5aa5e811f8a857a4d12040c6682ec6ed219297c9d1
data/helpers/build CHANGED
@@ -16,5 +16,5 @@ cp -r \
16
16
  "$install_dir"
17
17
 
18
18
  cd "$install_dir"
19
- PYENV_VERSION=2.7.17 pyenv exec pip install -r "requirements.txt"
20
- PYENV_VERSION=3.8.2 pyenv exec pip install -r "requirements.txt"
19
+ PYENV_VERSION=2.7.18 pyenv exec pip install -r "requirements.txt"
20
+ PYENV_VERSION=3.8.3 pyenv exec pip install -r "requirements.txt"
data/helpers/requirements.txt CHANGED
@@ -6,4 +6,4 @@ pipfile==0.0.2
6
6
  poetry==1.0.5
7
7
 
8
8
  # Some dependencies will only install if Cython is present
9
- Cython==0.29.16
9
+ Cython==0.29.19
data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb CHANGED
@@ -174,9 +174,9 @@ module Dependabot
174
174
 
175
175
  raise relevant_error unless error_suggests_bad_python_version?(msg)
176
176
  raise relevant_error if user_specified_python_version
177
- raise relevant_error if python_version == "2.7.17"
177
+ raise relevant_error if python_version == "2.7.18"
178
178
 
179
- @python_version = "2.7.17"
179
+ @python_version = "2.7.18"
180
180
  retry
181
181
  ensure
182
182
  @python_version = nil
data/lib/dependabot/python/file_updater/pipfile_file_updater.rb CHANGED
@@ -280,7 +280,7 @@ module Dependabot
280
280
  run_command("pyenv local #{python_version}")
281
281
  run_command("pyenv exec pipenv --rm")
282
282
 
283
- @python_version = "2.7.17"
283
+ @python_version = "2.7.18"
284
284
  retry
285
285
  ensure
286
286
  @python_version = nil
data/lib/dependabot/python/python_versions.rb CHANGED
@@ -4,17 +4,17 @@ module Dependabot
4
4
  module Python
5
5
  module PythonVersions
6
6
  PRE_INSTALLED_PYTHON_VERSIONS = %w(
7
- 3.8.2 2.7.17
7
+ 3.8.3 2.7.18
8
8
  ).freeze
9
9
 
10
10
  # Due to an OpenSSL issue we can only install the following versions in
11
11
  # the Dependabot container.
12
12
  SUPPORTED_VERSIONS = %w(
13
- 3.8.2 3.8.1 3.8.0
13
+ 3.8.3 3.8.2 3.8.1 3.8.0
14
14
  3.7.7 3.7.6 3.7.5 3.7.4 3.7.3 3.7.2 3.7.1 3.7.0
15
15
  3.6.9 3.6.8 3.6.7 3.6.6 3.6.5 3.6.4 3.6.3 3.6.2 3.6.1 3.6.0
16
16
  3.5.7 3.5.6 3.5.5 3.5.4 3.5.3
17
- 2.7.17 2.7.16 2.7.15 2.7.14 2.7.13
17
+ 2.7.18 2.7.17 2.7.16 2.7.15 2.7.14 2.7.13
18
18
  ).freeze
19
19
 
20
20
  # This list gets iterated through to find a valid version, so we have
data/lib/dependabot/python/update_checker.rb CHANGED
@@ -195,6 +195,7 @@ module Dependabot
195
195
  dependency_files: dependency_files,
196
196
  credentials: credentials,
197
197
  ignored_versions: ignored_versions,
198
+ raise_on_ignored: @raise_on_ignored,
198
199
  security_advisories: security_advisories
199
200
  )
200
201
  end
@@ -262,6 +263,7 @@ module Dependabot
262
263
  dependency_files: dependency_files,
263
264
  credentials: credentials,
264
265
  ignored_versions: ignored_versions,
266
+ raise_on_ignored: @raise_on_ignored,
265
267
  security_advisories: security_advisories
266
268
  )
267
269
  end
data/lib/dependabot/python/update_checker/latest_version_finder.rb CHANGED
@@ -17,11 +17,13 @@ module Dependabot
17
17
  require_relative "index_finder"
18
18
 
19
19
  def initialize(dependency:, dependency_files:, credentials:,
20
- ignored_versions:, security_advisories:)
20
+ ignored_versions:, raise_on_ignored: false,
21
+ security_advisories:)
21
22
  @dependency = dependency
22
23
  @dependency_files = dependency_files
23
24
  @credentials = credentials
24
25
  @ignored_versions = ignored_versions
26
+ @raise_on_ignored = raise_on_ignored
25
27
  @security_advisories = security_advisories
26
28
  end
27
29
 
@@ -69,8 +71,8 @@ module Dependabot
69
71
  versions = filter_yanked_versions(versions)
70
72
  versions = filter_unsupported_versions(versions, python_version)
71
73
  versions = filter_prerelease_versions(versions)
72
- versions = filter_ignored_versions(versions)
73
74
  versions = filter_vulnerable_versions(versions)
75
+ versions = filter_ignored_versions(versions)
74
76
  versions = filter_lower_versions(versions)
75
77
  versions.min
76
78
  end
@@ -97,8 +99,13 @@ module Dependabot
97
99
  end
98
100
 
99
101
  def filter_ignored_versions(versions_array)
100
- versions_array.
101
- reject { |v| ignore_reqs.any? { |r| r.satisfied_by?(v) } }
102
+ filtered = versions_array.
103
+ reject { |v| ignore_reqs.any? { |r| r.satisfied_by?(v) } }
104
+ if @raise_on_ignored && filtered.empty? && versions_array.any?
105
+ raise Dependabot::AllVersionsIgnored
106
+ end
107
+
108
+ filtered
102
109
  end
103
110
 
104
111
  def filter_vulnerable_versions(versions_array)
data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb CHANGED
@@ -229,9 +229,9 @@ module Dependabot
229
229
  relevant_error = choose_relevant_error(original_err, e)
230
230
  raise relevant_error unless error_suggests_bad_python_version?(msg)
231
231
  raise relevant_error if user_specified_python_version
232
- raise relevant_error if python_version == "2.7.17"
232
+ raise relevant_error if python_version == "2.7.18"
233
233
 
234
- @python_version = "2.7.17"
234
+ @python_version = "2.7.18"
235
235
  retry
236
236
  ensure
237
237
  @python_version = nil
data/lib/dependabot/python/update_checker/pip_version_resolver.rb CHANGED
@@ -9,11 +9,13 @@ module Dependabot
9
9
  class UpdateChecker
10
10
  class PipVersionResolver
11
11
  def initialize(dependency:, dependency_files:, credentials:,
12
- ignored_versions:, security_advisories:)
12
+ ignored_versions:, raise_on_ignored: false,
13
+ security_advisories:)
13
14
  @dependency = dependency
14
15
  @dependency_files = dependency_files
15
16
  @credentials = credentials
16
17
  @ignored_versions = ignored_versions
18
+ @raise_on_ignored = raise_on_ignored
17
19
  @security_advisories = security_advisories
18
20
  end
19
21
 
@@ -42,6 +44,7 @@ module Dependabot
42
44
  dependency_files: dependency_files,
43
45
  credentials: credentials,
44
46
  ignored_versions: ignored_versions,
47
+ raise_on_ignored: @raise_on_ignored,
45
48
  security_advisories: security_advisories
46
49
  )
47
50
  end
data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb CHANGED
@@ -458,7 +458,7 @@ module Dependabot
458
458
  run_command("pyenv local #{python_version}")
459
459
  run_command("pyenv exec pipenv --rm")
460
460
 
461
- @python_version = "2.7.17"
461
+ @python_version = "2.7.18"
462
462
  retry
463
463
  ensure
464
464
  @python_version = nil
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.117.6
4
+ version: 0.117.11
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-04-09 00:00:00.000000000 Z
11
+ date: 2020-05-28 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.117.6
19
+ version: 0.117.11
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.117.6
26
+ version: 0.117.11
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -114,14 +114,14 @@ dependencies:
114
114
  requirements:
115
115
  - - "~>"
116
116
  - !ruby/object:Gem::Version
117
- version: 0.80.1
117
+ version: 0.83.0
118
118
  type: :development
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - "~>"
123
123
  - !ruby/object:Gem::Version
124
- version: 0.80.1
124
+ version: 0.83.0
125
125
  - !ruby/object:Gem::Dependency
126
126
  name: vcr
127
127
  requirement: !ruby/object:Gem::Requirement