dependabot-python 0.117.8 → 0.118.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/build +2 -2
- data/helpers/lib/parser.py +7 -17
- data/helpers/requirements.txt +3 -3
- data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb +2 -2
- data/lib/dependabot/python/file_updater/pipfile_file_updater.rb +1 -1
- data/lib/dependabot/python/python_versions.rb +3 -3
- data/lib/dependabot/python/update_checker.rb +2 -0
- data/lib/dependabot/python/update_checker/latest_version_finder.rb +11 -4
- data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb +2 -2
- data/lib/dependabot/python/update_checker/pip_version_resolver.rb +4 -1
- data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb +1 -1
- metadata +6 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 99caa4e6d7f387794e2318fd4dcc553dbfe83b14aa08ae97d0a61a402b1fe2ee
|
4
|
+
data.tar.gz: 011076d83323011ae02b6d633c683ecd115d1d99ddb7c052d4f4cda2fd9a35c2
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3b9b8802a3df681735ae73677490e415eecf6f2dc83a6fd540f090860dd5f0375870cec8491bb0841046e95d4b78e6fbfe9e18ad4671f10606148d794e7960d5
|
7
|
+
data.tar.gz: 07a6bad7d18a9663a4a1f1b5d29022a6ebebff14317ac74c095dea05394e1d23352d923c96bba2f961383aea85117cb24ae880945e8ae8590c418b305bc53774
|
data/helpers/build
CHANGED
@@ -16,5 +16,5 @@ cp -r \
|
|
16
16
|
"$install_dir"
|
17
17
|
|
18
18
|
cd "$install_dir"
|
19
|
-
PYENV_VERSION=2.7.
|
20
|
-
PYENV_VERSION=3.8.
|
19
|
+
PYENV_VERSION=2.7.18 pyenv exec pip install -r "requirements.txt"
|
20
|
+
PYENV_VERSION=3.8.3 pyenv exec pip install -r "requirements.txt"
|
data/helpers/lib/parser.py
CHANGED
@@ -8,26 +8,16 @@ import re
|
|
8
8
|
|
9
9
|
import setuptools
|
10
10
|
import pip._internal.req.req_file
|
11
|
-
from pip._internal.
|
11
|
+
from pip._internal.network.session import PipSession
|
12
12
|
from pip._internal.models.format_control import FormatControl
|
13
|
-
from pip._internal.req.constructors import
|
14
|
-
|
15
|
-
|
13
|
+
from pip._internal.req.constructors import (
|
14
|
+
install_req_from_line,
|
15
|
+
install_req_from_parsed_requirement,
|
16
|
+
)
|
16
17
|
|
17
18
|
def parse_requirements(directory):
|
18
19
|
# Parse the requirements.txt
|
19
20
|
requirement_packages = []
|
20
|
-
parser_options = optparse.Values(
|
21
|
-
{
|
22
|
-
"skip_requirements_regex": JINJA_DELIMITER_IGNORE_REGEX,
|
23
|
-
# pip._internal assumes parse_requirements will be called from
|
24
|
-
# CLI, which sets default values. When passing parser options,
|
25
|
-
# need to explicitly set those defaults.
|
26
|
-
"isolated_mode": False,
|
27
|
-
"format_control": FormatControl(),
|
28
|
-
}
|
29
|
-
)
|
30
|
-
|
31
21
|
requirement_files = glob.glob(os.path.join(directory, '*.txt')) \
|
32
22
|
+ glob.glob(os.path.join(directory, '**', '*.txt'))
|
33
23
|
|
@@ -42,10 +32,10 @@ def parse_requirements(directory):
|
|
42
32
|
try:
|
43
33
|
requirements = pip._internal.req.req_file.parse_requirements(
|
44
34
|
reqs_file,
|
45
|
-
options=parser_options,
|
46
35
|
session=PipSession()
|
47
36
|
)
|
48
|
-
for
|
37
|
+
for parsed_req in requirements:
|
38
|
+
install_req = install_req_from_parsed_requirement(parsed_req)
|
49
39
|
if install_req.original_link:
|
50
40
|
continue
|
51
41
|
|
data/helpers/requirements.txt
CHANGED
@@ -174,9 +174,9 @@ module Dependabot
|
|
174
174
|
|
175
175
|
raise relevant_error unless error_suggests_bad_python_version?(msg)
|
176
176
|
raise relevant_error if user_specified_python_version
|
177
|
-
raise relevant_error if python_version == "2.7.
|
177
|
+
raise relevant_error if python_version == "2.7.18"
|
178
178
|
|
179
|
-
@python_version = "2.7.
|
179
|
+
@python_version = "2.7.18"
|
180
180
|
retry
|
181
181
|
ensure
|
182
182
|
@python_version = nil
|
@@ -4,17 +4,17 @@ module Dependabot
|
|
4
4
|
module Python
|
5
5
|
module PythonVersions
|
6
6
|
PRE_INSTALLED_PYTHON_VERSIONS = %w(
|
7
|
-
3.8.
|
7
|
+
3.8.3 2.7.18
|
8
8
|
).freeze
|
9
9
|
|
10
10
|
# Due to an OpenSSL issue we can only install the following versions in
|
11
11
|
# the Dependabot container.
|
12
12
|
SUPPORTED_VERSIONS = %w(
|
13
|
-
3.8.2 3.8.1 3.8.0
|
13
|
+
3.8.3 3.8.2 3.8.1 3.8.0
|
14
14
|
3.7.7 3.7.6 3.7.5 3.7.4 3.7.3 3.7.2 3.7.1 3.7.0
|
15
15
|
3.6.9 3.6.8 3.6.7 3.6.6 3.6.5 3.6.4 3.6.3 3.6.2 3.6.1 3.6.0
|
16
16
|
3.5.7 3.5.6 3.5.5 3.5.4 3.5.3
|
17
|
-
2.7.17 2.7.16 2.7.15 2.7.14 2.7.13
|
17
|
+
2.7.18 2.7.17 2.7.16 2.7.15 2.7.14 2.7.13
|
18
18
|
).freeze
|
19
19
|
|
20
20
|
# This list gets iterated through to find a valid version, so we have
|
@@ -195,6 +195,7 @@ module Dependabot
|
|
195
195
|
dependency_files: dependency_files,
|
196
196
|
credentials: credentials,
|
197
197
|
ignored_versions: ignored_versions,
|
198
|
+
raise_on_ignored: @raise_on_ignored,
|
198
199
|
security_advisories: security_advisories
|
199
200
|
)
|
200
201
|
end
|
@@ -262,6 +263,7 @@ module Dependabot
|
|
262
263
|
dependency_files: dependency_files,
|
263
264
|
credentials: credentials,
|
264
265
|
ignored_versions: ignored_versions,
|
266
|
+
raise_on_ignored: @raise_on_ignored,
|
265
267
|
security_advisories: security_advisories
|
266
268
|
)
|
267
269
|
end
|
@@ -17,11 +17,13 @@ module Dependabot
|
|
17
17
|
require_relative "index_finder"
|
18
18
|
|
19
19
|
def initialize(dependency:, dependency_files:, credentials:,
|
20
|
-
ignored_versions:,
|
20
|
+
ignored_versions:, raise_on_ignored: false,
|
21
|
+
security_advisories:)
|
21
22
|
@dependency = dependency
|
22
23
|
@dependency_files = dependency_files
|
23
24
|
@credentials = credentials
|
24
25
|
@ignored_versions = ignored_versions
|
26
|
+
@raise_on_ignored = raise_on_ignored
|
25
27
|
@security_advisories = security_advisories
|
26
28
|
end
|
27
29
|
|
@@ -69,8 +71,8 @@ module Dependabot
|
|
69
71
|
versions = filter_yanked_versions(versions)
|
70
72
|
versions = filter_unsupported_versions(versions, python_version)
|
71
73
|
versions = filter_prerelease_versions(versions)
|
72
|
-
versions = filter_ignored_versions(versions)
|
73
74
|
versions = filter_vulnerable_versions(versions)
|
75
|
+
versions = filter_ignored_versions(versions)
|
74
76
|
versions = filter_lower_versions(versions)
|
75
77
|
versions.min
|
76
78
|
end
|
@@ -97,8 +99,13 @@ module Dependabot
|
|
97
99
|
end
|
98
100
|
|
99
101
|
def filter_ignored_versions(versions_array)
|
100
|
-
versions_array.
|
101
|
-
|
102
|
+
filtered = versions_array.
|
103
|
+
reject { |v| ignore_reqs.any? { |r| r.satisfied_by?(v) } }
|
104
|
+
if @raise_on_ignored && filtered.empty? && versions_array.any?
|
105
|
+
raise Dependabot::AllVersionsIgnored
|
106
|
+
end
|
107
|
+
|
108
|
+
filtered
|
102
109
|
end
|
103
110
|
|
104
111
|
def filter_vulnerable_versions(versions_array)
|
@@ -229,9 +229,9 @@ module Dependabot
|
|
229
229
|
relevant_error = choose_relevant_error(original_err, e)
|
230
230
|
raise relevant_error unless error_suggests_bad_python_version?(msg)
|
231
231
|
raise relevant_error if user_specified_python_version
|
232
|
-
raise relevant_error if python_version == "2.7.
|
232
|
+
raise relevant_error if python_version == "2.7.18"
|
233
233
|
|
234
|
-
@python_version = "2.7.
|
234
|
+
@python_version = "2.7.18"
|
235
235
|
retry
|
236
236
|
ensure
|
237
237
|
@python_version = nil
|
@@ -9,11 +9,13 @@ module Dependabot
|
|
9
9
|
class UpdateChecker
|
10
10
|
class PipVersionResolver
|
11
11
|
def initialize(dependency:, dependency_files:, credentials:,
|
12
|
-
ignored_versions:,
|
12
|
+
ignored_versions:, raise_on_ignored: false,
|
13
|
+
security_advisories:)
|
13
14
|
@dependency = dependency
|
14
15
|
@dependency_files = dependency_files
|
15
16
|
@credentials = credentials
|
16
17
|
@ignored_versions = ignored_versions
|
18
|
+
@raise_on_ignored = raise_on_ignored
|
17
19
|
@security_advisories = security_advisories
|
18
20
|
end
|
19
21
|
|
@@ -42,6 +44,7 @@ module Dependabot
|
|
42
44
|
dependency_files: dependency_files,
|
43
45
|
credentials: credentials,
|
44
46
|
ignored_versions: ignored_versions,
|
47
|
+
raise_on_ignored: @raise_on_ignored,
|
45
48
|
security_advisories: security_advisories
|
46
49
|
)
|
47
50
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-python
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.118.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-06-04 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.118.1
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.118.1
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -114,14 +114,14 @@ dependencies:
|
|
114
114
|
requirements:
|
115
115
|
- - "~>"
|
116
116
|
- !ruby/object:Gem::Version
|
117
|
-
version: 0.
|
117
|
+
version: 0.83.0
|
118
118
|
type: :development
|
119
119
|
prerelease: false
|
120
120
|
version_requirements: !ruby/object:Gem::Requirement
|
121
121
|
requirements:
|
122
122
|
- - "~>"
|
123
123
|
- !ruby/object:Gem::Version
|
124
|
-
version: 0.
|
124
|
+
version: 0.83.0
|
125
125
|
- !ruby/object:Gem::Dependency
|
126
126
|
name: vcr
|
127
127
|
requirement: !ruby/object:Gem::Requirement
|