dependabot-python 0.117.8 → 0.118.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (13) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/build +2 -2
  3. data/helpers/lib/parser.py +7 -17
  4. data/helpers/requirements.txt +3 -3
  5. data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb +2 -2
  6. data/lib/dependabot/python/file_updater/pipfile_file_updater.rb +1 -1
  7. data/lib/dependabot/python/python_versions.rb +3 -3
  8. data/lib/dependabot/python/update_checker.rb +2 -0
  9. data/lib/dependabot/python/update_checker/latest_version_finder.rb +11 -4
  10. data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb +2 -2
  11. data/lib/dependabot/python/update_checker/pip_version_resolver.rb +4 -1
  12. data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb +1 -1
  13. metadata +6 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: cb334b77feb7fb23c325222e774c033a6dd0403f4f6a5b638d896ca580ba5ca9
4
- data.tar.gz: c36b439813db2bdbf203169f93c84678c471c191b17b7421a87afb35b2bdccda
3
+ metadata.gz: 99caa4e6d7f387794e2318fd4dcc553dbfe83b14aa08ae97d0a61a402b1fe2ee
4
+ data.tar.gz: 011076d83323011ae02b6d633c683ecd115d1d99ddb7c052d4f4cda2fd9a35c2
5
5
  SHA512:
6
- metadata.gz: 706444a09b1e6e58ce1f0859148f734703c3edada16ecefb5a5a8ef29a4ef9daa6eed32971a157b45ab1efc5dac42b56ddfd27467d8d078004d4b420d5ff3bce
7
- data.tar.gz: c8382f5406e1d56ac23e44f54d847cb6bed472e743316c7fb066ffea93d475a49759f41e53cf262fab4378a2cd3396664967172e05b9f747a2d0eaeedf1362bc
6
+ metadata.gz: 3b9b8802a3df681735ae73677490e415eecf6f2dc83a6fd540f090860dd5f0375870cec8491bb0841046e95d4b78e6fbfe9e18ad4671f10606148d794e7960d5
7
+ data.tar.gz: 07a6bad7d18a9663a4a1f1b5d29022a6ebebff14317ac74c095dea05394e1d23352d923c96bba2f961383aea85117cb24ae880945e8ae8590c418b305bc53774
data/helpers/build CHANGED
@@ -16,5 +16,5 @@ cp -r \
16
16
  "$install_dir"
17
17
 
18
18
  cd "$install_dir"
19
- PYENV_VERSION=2.7.17 pyenv exec pip install -r "requirements.txt"
20
- PYENV_VERSION=3.8.2 pyenv exec pip install -r "requirements.txt"
19
+ PYENV_VERSION=2.7.18 pyenv exec pip install -r "requirements.txt"
20
+ PYENV_VERSION=3.8.3 pyenv exec pip install -r "requirements.txt"
data/helpers/lib/parser.py CHANGED
@@ -8,26 +8,16 @@ import re
8
8
 
9
9
  import setuptools
10
10
  import pip._internal.req.req_file
11
- from pip._internal.download import PipSession
11
+ from pip._internal.network.session import PipSession
12
12
  from pip._internal.models.format_control import FormatControl
13
- from pip._internal.req.constructors import install_req_from_line
14
-
15
- JINJA_DELIMITER_IGNORE_REGEX = r"({{(.*?)}})|({%[-]?(.*?)%})|({#(.*?)#})"
13
+ from pip._internal.req.constructors import (
14
+ install_req_from_line,
15
+ install_req_from_parsed_requirement,
16
+ )
16
17
 
17
18
  def parse_requirements(directory):
18
19
  # Parse the requirements.txt
19
20
  requirement_packages = []
20
- parser_options = optparse.Values(
21
- {
22
- "skip_requirements_regex": JINJA_DELIMITER_IGNORE_REGEX,
23
- # pip._internal assumes parse_requirements will be called from
24
- # CLI, which sets default values. When passing parser options,
25
- # need to explicitly set those defaults.
26
- "isolated_mode": False,
27
- "format_control": FormatControl(),
28
- }
29
- )
30
-
31
21
  requirement_files = glob.glob(os.path.join(directory, '*.txt')) \
32
22
  + glob.glob(os.path.join(directory, '**', '*.txt'))
33
23
 
@@ -42,10 +32,10 @@ def parse_requirements(directory):
42
32
  try:
43
33
  requirements = pip._internal.req.req_file.parse_requirements(
44
34
  reqs_file,
45
- options=parser_options,
46
35
  session=PipSession()
47
36
  )
48
- for install_req in requirements:
37
+ for parsed_req in requirements:
38
+ install_req = install_req_from_parsed_requirement(parsed_req)
49
39
  if install_req.original_link:
50
40
  continue
51
41
 
data/helpers/requirements.txt CHANGED
@@ -1,9 +1,9 @@
1
- pip==19.3.1
2
- pip-tools==4.5.1
1
+ pip==20.1.1
2
+ pip-tools==5.1.2
3
3
  hashin==0.14.6
4
4
  pipenv==2018.11.26
5
5
  pipfile==0.0.2
6
6
  poetry==1.0.5
7
7
 
8
8
  # Some dependencies will only install if Cython is present
9
- Cython==0.29.17
9
+ Cython==0.29.19
data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb CHANGED
@@ -174,9 +174,9 @@ module Dependabot
174
174
 
175
175
  raise relevant_error unless error_suggests_bad_python_version?(msg)
176
176
  raise relevant_error if user_specified_python_version
177
- raise relevant_error if python_version == "2.7.17"
177
+ raise relevant_error if python_version == "2.7.18"
178
178
 
179
- @python_version = "2.7.17"
179
+ @python_version = "2.7.18"
180
180
  retry
181
181
  ensure
182
182
  @python_version = nil
data/lib/dependabot/python/file_updater/pipfile_file_updater.rb CHANGED
@@ -280,7 +280,7 @@ module Dependabot
280
280
  run_command("pyenv local #{python_version}")
281
281
  run_command("pyenv exec pipenv --rm")
282
282
 
283
- @python_version = "2.7.17"
283
+ @python_version = "2.7.18"
284
284
  retry
285
285
  ensure
286
286
  @python_version = nil
data/lib/dependabot/python/python_versions.rb CHANGED
@@ -4,17 +4,17 @@ module Dependabot
4
4
  module Python
5
5
  module PythonVersions
6
6
  PRE_INSTALLED_PYTHON_VERSIONS = %w(
7
- 3.8.2 2.7.17
7
+ 3.8.3 2.7.18
8
8
  ).freeze
9
9
 
10
10
  # Due to an OpenSSL issue we can only install the following versions in
11
11
  # the Dependabot container.
12
12
  SUPPORTED_VERSIONS = %w(
13
- 3.8.2 3.8.1 3.8.0
13
+ 3.8.3 3.8.2 3.8.1 3.8.0
14
14
  3.7.7 3.7.6 3.7.5 3.7.4 3.7.3 3.7.2 3.7.1 3.7.0
15
15
  3.6.9 3.6.8 3.6.7 3.6.6 3.6.5 3.6.4 3.6.3 3.6.2 3.6.1 3.6.0
16
16
  3.5.7 3.5.6 3.5.5 3.5.4 3.5.3
17
- 2.7.17 2.7.16 2.7.15 2.7.14 2.7.13
17
+ 2.7.18 2.7.17 2.7.16 2.7.15 2.7.14 2.7.13
18
18
  ).freeze
19
19
 
20
20
  # This list gets iterated through to find a valid version, so we have
data/lib/dependabot/python/update_checker.rb CHANGED
@@ -195,6 +195,7 @@ module Dependabot
195
195
  dependency_files: dependency_files,
196
196
  credentials: credentials,
197
197
  ignored_versions: ignored_versions,
198
+ raise_on_ignored: @raise_on_ignored,
198
199
  security_advisories: security_advisories
199
200
  )
200
201
  end
@@ -262,6 +263,7 @@ module Dependabot
262
263
  dependency_files: dependency_files,
263
264
  credentials: credentials,
264
265
  ignored_versions: ignored_versions,
266
+ raise_on_ignored: @raise_on_ignored,
265
267
  security_advisories: security_advisories
266
268
  )
267
269
  end
data/lib/dependabot/python/update_checker/latest_version_finder.rb CHANGED
@@ -17,11 +17,13 @@ module Dependabot
17
17
  require_relative "index_finder"
18
18
 
19
19
  def initialize(dependency:, dependency_files:, credentials:,
20
- ignored_versions:, security_advisories:)
20
+ ignored_versions:, raise_on_ignored: false,
21
+ security_advisories:)
21
22
  @dependency = dependency
22
23
  @dependency_files = dependency_files
23
24
  @credentials = credentials
24
25
  @ignored_versions = ignored_versions
26
+ @raise_on_ignored = raise_on_ignored
25
27
  @security_advisories = security_advisories
26
28
  end
27
29
 
@@ -69,8 +71,8 @@ module Dependabot
69
71
  versions = filter_yanked_versions(versions)
70
72
  versions = filter_unsupported_versions(versions, python_version)
71
73
  versions = filter_prerelease_versions(versions)
72
- versions = filter_ignored_versions(versions)
73
74
  versions = filter_vulnerable_versions(versions)
75
+ versions = filter_ignored_versions(versions)
74
76
  versions = filter_lower_versions(versions)
75
77
  versions.min
76
78
  end
@@ -97,8 +99,13 @@ module Dependabot
97
99
  end
98
100
 
99
101
  def filter_ignored_versions(versions_array)
100
- versions_array.
101
- reject { |v| ignore_reqs.any? { |r| r.satisfied_by?(v) } }
102
+ filtered = versions_array.
103
+ reject { |v| ignore_reqs.any? { |r| r.satisfied_by?(v) } }
104
+ if @raise_on_ignored && filtered.empty? && versions_array.any?
105
+ raise Dependabot::AllVersionsIgnored
106
+ end
107
+
108
+ filtered
102
109
  end
103
110
 
104
111
  def filter_vulnerable_versions(versions_array)
data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb CHANGED
@@ -229,9 +229,9 @@ module Dependabot
229
229
  relevant_error = choose_relevant_error(original_err, e)
230
230
  raise relevant_error unless error_suggests_bad_python_version?(msg)
231
231
  raise relevant_error if user_specified_python_version
232
- raise relevant_error if python_version == "2.7.17"
232
+ raise relevant_error if python_version == "2.7.18"
233
233
 
234
- @python_version = "2.7.17"
234
+ @python_version = "2.7.18"
235
235
  retry
236
236
  ensure
237
237
  @python_version = nil
data/lib/dependabot/python/update_checker/pip_version_resolver.rb CHANGED
@@ -9,11 +9,13 @@ module Dependabot
9
9
  class UpdateChecker
10
10
  class PipVersionResolver
11
11
  def initialize(dependency:, dependency_files:, credentials:,
12
- ignored_versions:, security_advisories:)
12
+ ignored_versions:, raise_on_ignored: false,
13
+ security_advisories:)
13
14
  @dependency = dependency
14
15
  @dependency_files = dependency_files
15
16
  @credentials = credentials
16
17
  @ignored_versions = ignored_versions
18
+ @raise_on_ignored = raise_on_ignored
17
19
  @security_advisories = security_advisories
18
20
  end
19
21
 
@@ -42,6 +44,7 @@ module Dependabot
42
44
  dependency_files: dependency_files,
43
45
  credentials: credentials,
44
46
  ignored_versions: ignored_versions,
47
+ raise_on_ignored: @raise_on_ignored,
45
48
  security_advisories: security_advisories
46
49
  )
47
50
  end
data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb CHANGED
@@ -458,7 +458,7 @@ module Dependabot
458
458
  run_command("pyenv local #{python_version}")
459
459
  run_command("pyenv exec pipenv --rm")
460
460
 
461
- @python_version = "2.7.17"
461
+ @python_version = "2.7.18"
462
462
  retry
463
463
  ensure
464
464
  @python_version = nil
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.117.8
4
+ version: 0.118.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-05-12 00:00:00.000000000 Z
11
+ date: 2020-06-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.117.8
19
+ version: 0.118.1
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.117.8
26
+ version: 0.118.1
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -114,14 +114,14 @@ dependencies:
114
114
  requirements:
115
115
  - - "~>"
116
116
  - !ruby/object:Gem::Version
117
- version: 0.82.0
117
+ version: 0.83.0
118
118
  type: :development
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - "~>"
123
123
  - !ruby/object:Gem::Version
124
- version: 0.82.0
124
+ version: 0.83.0
125
125
  - !ruby/object:Gem::Dependency
126
126
  name: vcr
127
127
  requirement: !ruby/object:Gem::Requirement