dependabot-python 0.117.7 → 0.118.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (13) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/build +2 -2
  3. data/helpers/lib/parser.py +7 -17
  4. data/helpers/requirements.txt +3 -3
  5. data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb +2 -2
  6. data/lib/dependabot/python/file_updater/pipfile_file_updater.rb +1 -1
  7. data/lib/dependabot/python/python_versions.rb +3 -3
  8. data/lib/dependabot/python/update_checker.rb +2 -0
  9. data/lib/dependabot/python/update_checker/latest_version_finder.rb +11 -4
  10. data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb +2 -2
  11. data/lib/dependabot/python/update_checker/pip_version_resolver.rb +4 -1
  12. data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb +1 -1
  13. metadata +6 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b83ecfc9bdb5b93362e925db69427eb8ab97081b8fc2a1df6beae94f196b6ba8
4
- data.tar.gz: 20c73be9a3290bd69943458e46bd91593d7e8443c27d483b9e79944a99227bc1
3
+ metadata.gz: fafe1e5b63333c4294d6aa30a9e71e3a5b7787250266b8b7807669ad4a9785c0
4
+ data.tar.gz: afb8dc50eee27336900c081140f16983543d4e988cec2868661a888990f68379
5
5
  SHA512:
6
- metadata.gz: 55ec39dbb4d2bd8f5f5fe26912786bf63134b4da8b9fdd27fd96cfa8785a6fd47f7388367d9a66e5a8a1d63c5d7273274c0d0b5661698854405698a42139c89c
7
- data.tar.gz: c06fa8eb05c3ce10840a2066f8abc24c69af32bb6a0cb37f2dcecdbb912f039eec2a11d08c93a65a8e7cf2aa45154770255eb635c42884f09539375c0842bd72
6
+ metadata.gz: d8c2bda37f16f9f6b2b8ce1aa9f3023285c83dd22269b4248d55efd795b92b0f203a1cdd2f8628a0b430194ddd0e1a17df86ad2fdce6309a4c4663cce8c8baa8
7
+ data.tar.gz: e166b341a760c9c91218369158b2aed70f8ede35a10802a8f93d891c6e044df7545bb92196e6e677bf53beaa1e3e39b2555a00feeb62a27c171734f4dacc3119
data/helpers/build CHANGED
@@ -16,5 +16,5 @@ cp -r \
16
16
  "$install_dir"
17
17
 
18
18
  cd "$install_dir"
19
- PYENV_VERSION=2.7.17 pyenv exec pip install -r "requirements.txt"
20
- PYENV_VERSION=3.8.2 pyenv exec pip install -r "requirements.txt"
19
+ PYENV_VERSION=2.7.18 pyenv exec pip install -r "requirements.txt"
20
+ PYENV_VERSION=3.8.3 pyenv exec pip install -r "requirements.txt"
data/helpers/lib/parser.py CHANGED
@@ -8,26 +8,16 @@ import re
8
8
 
9
9
  import setuptools
10
10
  import pip._internal.req.req_file
11
- from pip._internal.download import PipSession
11
+ from pip._internal.network.session import PipSession
12
12
  from pip._internal.models.format_control import FormatControl
13
- from pip._internal.req.constructors import install_req_from_line
14
-
15
- JINJA_DELIMITER_IGNORE_REGEX = r"({{(.*?)}})|({%[-]?(.*?)%})|({#(.*?)#})"
13
+ from pip._internal.req.constructors import (
14
+ install_req_from_line,
15
+ install_req_from_parsed_requirement,
16
+ )
16
17
 
17
18
  def parse_requirements(directory):
18
19
  # Parse the requirements.txt
19
20
  requirement_packages = []
20
- parser_options = optparse.Values(
21
- {
22
- "skip_requirements_regex": JINJA_DELIMITER_IGNORE_REGEX,
23
- # pip._internal assumes parse_requirements will be called from
24
- # CLI, which sets default values. When passing parser options,
25
- # need to explicitly set those defaults.
26
- "isolated_mode": False,
27
- "format_control": FormatControl(),
28
- }
29
- )
30
-
31
21
  requirement_files = glob.glob(os.path.join(directory, '*.txt')) \
32
22
  + glob.glob(os.path.join(directory, '**', '*.txt'))
33
23
 
@@ -42,10 +32,10 @@ def parse_requirements(directory):
42
32
  try:
43
33
  requirements = pip._internal.req.req_file.parse_requirements(
44
34
  reqs_file,
45
- options=parser_options,
46
35
  session=PipSession()
47
36
  )
48
- for install_req in requirements:
37
+ for parsed_req in requirements:
38
+ install_req = install_req_from_parsed_requirement(parsed_req)
49
39
  if install_req.original_link:
50
40
  continue
51
41
 
data/helpers/requirements.txt CHANGED
@@ -1,9 +1,9 @@
1
- pip==19.3.1
2
- pip-tools==4.5.1
1
+ pip==20.1.1
2
+ pip-tools==5.1.2
3
3
  hashin==0.14.6
4
4
  pipenv==2018.11.26
5
5
  pipfile==0.0.2
6
6
  poetry==1.0.5
7
7
 
8
8
  # Some dependencies will only install if Cython is present
9
- Cython==0.29.16
9
+ Cython==0.29.19
data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb CHANGED
@@ -174,9 +174,9 @@ module Dependabot
174
174
 
175
175
  raise relevant_error unless error_suggests_bad_python_version?(msg)
176
176
  raise relevant_error if user_specified_python_version
177
- raise relevant_error if python_version == "2.7.17"
177
+ raise relevant_error if python_version == "2.7.18"
178
178
 
179
- @python_version = "2.7.17"
179
+ @python_version = "2.7.18"
180
180
  retry
181
181
  ensure
182
182
  @python_version = nil
data/lib/dependabot/python/file_updater/pipfile_file_updater.rb CHANGED
@@ -280,7 +280,7 @@ module Dependabot
280
280
  run_command("pyenv local #{python_version}")
281
281
  run_command("pyenv exec pipenv --rm")
282
282
 
283
- @python_version = "2.7.17"
283
+ @python_version = "2.7.18"
284
284
  retry
285
285
  ensure
286
286
  @python_version = nil
data/lib/dependabot/python/python_versions.rb CHANGED
@@ -4,17 +4,17 @@ module Dependabot
4
4
  module Python
5
5
  module PythonVersions
6
6
  PRE_INSTALLED_PYTHON_VERSIONS = %w(
7
- 3.8.2 2.7.17
7
+ 3.8.3 2.7.18
8
8
  ).freeze
9
9
 
10
10
  # Due to an OpenSSL issue we can only install the following versions in
11
11
  # the Dependabot container.
12
12
  SUPPORTED_VERSIONS = %w(
13
- 3.8.2 3.8.1 3.8.0
13
+ 3.8.3 3.8.2 3.8.1 3.8.0
14
14
  3.7.7 3.7.6 3.7.5 3.7.4 3.7.3 3.7.2 3.7.1 3.7.0
15
15
  3.6.9 3.6.8 3.6.7 3.6.6 3.6.5 3.6.4 3.6.3 3.6.2 3.6.1 3.6.0
16
16
  3.5.7 3.5.6 3.5.5 3.5.4 3.5.3
17
- 2.7.17 2.7.16 2.7.15 2.7.14 2.7.13
17
+ 2.7.18 2.7.17 2.7.16 2.7.15 2.7.14 2.7.13
18
18
  ).freeze
19
19
 
20
20
  # This list gets iterated through to find a valid version, so we have
data/lib/dependabot/python/update_checker.rb CHANGED
@@ -195,6 +195,7 @@ module Dependabot
195
195
  dependency_files: dependency_files,
196
196
  credentials: credentials,
197
197
  ignored_versions: ignored_versions,
198
+ raise_on_ignored: @raise_on_ignored,
198
199
  security_advisories: security_advisories
199
200
  )
200
201
  end
@@ -262,6 +263,7 @@ module Dependabot
262
263
  dependency_files: dependency_files,
263
264
  credentials: credentials,
264
265
  ignored_versions: ignored_versions,
266
+ raise_on_ignored: @raise_on_ignored,
265
267
  security_advisories: security_advisories
266
268
  )
267
269
  end
data/lib/dependabot/python/update_checker/latest_version_finder.rb CHANGED
@@ -17,11 +17,13 @@ module Dependabot
17
17
  require_relative "index_finder"
18
18
 
19
19
  def initialize(dependency:, dependency_files:, credentials:,
20
- ignored_versions:, security_advisories:)
20
+ ignored_versions:, raise_on_ignored: false,
21
+ security_advisories:)
21
22
  @dependency = dependency
22
23
  @dependency_files = dependency_files
23
24
  @credentials = credentials
24
25
  @ignored_versions = ignored_versions
26
+ @raise_on_ignored = raise_on_ignored
25
27
  @security_advisories = security_advisories
26
28
  end
27
29
 
@@ -69,8 +71,8 @@ module Dependabot
69
71
  versions = filter_yanked_versions(versions)
70
72
  versions = filter_unsupported_versions(versions, python_version)
71
73
  versions = filter_prerelease_versions(versions)
72
- versions = filter_ignored_versions(versions)
73
74
  versions = filter_vulnerable_versions(versions)
75
+ versions = filter_ignored_versions(versions)
74
76
  versions = filter_lower_versions(versions)
75
77
  versions.min
76
78
  end
@@ -97,8 +99,13 @@ module Dependabot
97
99
  end
98
100
 
99
101
  def filter_ignored_versions(versions_array)
100
- versions_array.
101
- reject { |v| ignore_reqs.any? { |r| r.satisfied_by?(v) } }
102
+ filtered = versions_array.
103
+ reject { |v| ignore_reqs.any? { |r| r.satisfied_by?(v) } }
104
+ if @raise_on_ignored && filtered.empty? && versions_array.any?
105
+ raise Dependabot::AllVersionsIgnored
106
+ end
107
+
108
+ filtered
102
109
  end
103
110
 
104
111
  def filter_vulnerable_versions(versions_array)
data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb CHANGED
@@ -229,9 +229,9 @@ module Dependabot
229
229
  relevant_error = choose_relevant_error(original_err, e)
230
230
  raise relevant_error unless error_suggests_bad_python_version?(msg)
231
231
  raise relevant_error if user_specified_python_version
232
- raise relevant_error if python_version == "2.7.17"
232
+ raise relevant_error if python_version == "2.7.18"
233
233
 
234
- @python_version = "2.7.17"
234
+ @python_version = "2.7.18"
235
235
  retry
236
236
  ensure
237
237
  @python_version = nil
data/lib/dependabot/python/update_checker/pip_version_resolver.rb CHANGED
@@ -9,11 +9,13 @@ module Dependabot
9
9
  class UpdateChecker
10
10
  class PipVersionResolver
11
11
  def initialize(dependency:, dependency_files:, credentials:,
12
- ignored_versions:, security_advisories:)
12
+ ignored_versions:, raise_on_ignored: false,
13
+ security_advisories:)
13
14
  @dependency = dependency
14
15
  @dependency_files = dependency_files
15
16
  @credentials = credentials
16
17
  @ignored_versions = ignored_versions
18
+ @raise_on_ignored = raise_on_ignored
17
19
  @security_advisories = security_advisories
18
20
  end
19
21
 
@@ -42,6 +44,7 @@ module Dependabot
42
44
  dependency_files: dependency_files,
43
45
  credentials: credentials,
44
46
  ignored_versions: ignored_versions,
47
+ raise_on_ignored: @raise_on_ignored,
45
48
  security_advisories: security_advisories
46
49
  )
47
50
  end
data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb CHANGED
@@ -458,7 +458,7 @@ module Dependabot
458
458
  run_command("pyenv local #{python_version}")
459
459
  run_command("pyenv exec pipenv --rm")
460
460
 
461
- @python_version = "2.7.17"
461
+ @python_version = "2.7.18"
462
462
  retry
463
463
  ensure
464
464
  @python_version = nil
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.117.7
4
+ version: 0.118.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-04-20 00:00:00.000000000 Z
11
+ date: 2020-05-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.117.7
19
+ version: 0.118.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.117.7
26
+ version: 0.118.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -114,14 +114,14 @@ dependencies:
114
114
  requirements:
115
115
  - - "~>"
116
116
  - !ruby/object:Gem::Version
117
- version: 0.82.0
117
+ version: 0.83.0
118
118
  type: :development
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - "~>"
123
123
  - !ruby/object:Gem::Version
124
- version: 0.82.0
124
+ version: 0.83.0
125
125
  - !ruby/object:Gem::Dependency
126
126
  name: vcr
127
127
  requirement: !ruby/object:Gem::Requirement