RubyGems - dependabot-python - Versions diffs - 0.118.2 → 0.118.7 - Mend

dependabot-python 0.118.2 → 0.118.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml +4 -4
data/helpers/requirements.txt +4 -4
data/lib/dependabot/python/file_parser.rb +5 -3
data/lib/dependabot/python/requirement_parser.rb +16 -0
metadata +4 -4

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 18c982dcb048a309b081b512008e87c06803eec81343ff75ce4fb4a69107f426
-  data.tar.gz: ba8558c09f898a42f65003949141e6a6addd69bfca8ada414d01fc387137b502
+  metadata.gz: f389bc06b0e930d319d2625c8c9753bea89d54cd6f188e2b8f92a45eae5d9164
+  data.tar.gz: 7b9164faa17544c164c8c1a61a36aa1ef2f10b06d20d352a5bd2fb53e903b275
 SHA512:
-  metadata.gz: 24877c91ed6e3ec83f5b3249cbc903fce3fedb093010643e9fa697d6e2391c9100c3a0db95ceeeceda502afff7485e0a127884a1a0cd0f6c193ade8849407e89
-  data.tar.gz: c3d4c9be44631d42ecbca0d6781f52d8cb2b0409062db315bd858e20d34f6b01c972a714cf700110c46d021995001d049195f6dfa31fd6304e7c07e0ad56cab3
+  metadata.gz: dca688da7c4ce4f5b5bf0cd743bc3fc012fbdbc49e9d8e049e7fbd5d066d4e42c142b9fe4eb7b8a011ee669de95f2ef5b1d19258d8b1c6517aa8d43498cee543
+  data.tar.gz: 9da3df550234656e6e1159942f7f5230d4ff229881ea2f7158179f2b9112152e1828e2d027ec169c86399d2c7f4a8f1404d7d9c5ed110909af9b020916fd7bec

data/helpers/requirements.txt CHANGED

@@ -1,9 +1,9 @@
 pip==20.1.1
-pip-tools==5.1.2
-hashin==0.14.6
+pip-tools==5.2.1
+hashin==0.15.0
 pipenv==2018.11.26
 pipfile==0.0.2
-poetry==1.0.8
+poetry==1.0.9
 # Some dependencies will only install if Cython is present
-Cython==0.29.19
+Cython==0.29.20

data/lib/dependabot/python/file_parser.rb CHANGED

@@ -181,12 +181,14 @@ module Dependabot
           each do |file|
             path = file.name
             FileUtils.mkdir_p(Pathname.new(path).dirname)
-            File.write(path, remove_imports(file.content))
+            File.write(path, remove_imports(file))
           end
       end
-      def remove_imports(content)
-        content.lines.
+      def remove_imports(file)
+        return file.content if file.path.end_with?(".tar.gz", ".whl", ".zip")
+        file.content.lines.
           reject { |l| l.match?(/^['"]?(?<path>\..*?)(?=\[|#|'|"|$)/) }.
           reject { |l| l.match?(/^(?:-e)\s+['"]?(?<path>.*?)(?=\[|#|'|"|$)/) }.
           join

data/lib/dependabot/python/requirement_parser.rb CHANGED

@@ -13,11 +13,25 @@ module Dependabot
       HASH = /--hash=(?<algorithm>.*?):(?<hash>.*?)(?=\s|$)/.freeze
       REQUIREMENTS = /#{REQUIREMENT}(\s*,\s*\\?\s*#{REQUIREMENT})*/.freeze
       HASHES = /#{HASH}(\s*\\?\s*#{HASH})*/.freeze
+      MARKER_OP = /\s*(#{COMPARISON}|(\s*in)|(\s*not\s*in))/.freeze
+      PYTHON_STR_C =
+        %r{[a-zA-Z0-9\s\(\)\.\{\}\-_\*#:;/\?\[\]!~`@\$%\^&=\+\|<>]}.freeze
+      PYTHON_STR = /('(#{PYTHON_STR_C}|")*'|"(#{PYTHON_STR_C}|')*")/.freeze
+      ENV_VAR =
+        /python_version|python_full_version|os_name|sys_platform|
+         platform_release|platform_system|platform_version|platform_machine|
+         platform_python_implementation|implementation_name|
+         implementation_version/.freeze
+      MARKER_VAR = /\s*(#{ENV_VAR}|#{PYTHON_STR})/.freeze
+      MARKER_EXPR_ONE = /#{MARKER_VAR}#{MARKER_OP}#{MARKER_VAR}/.freeze
+      MARKER_EXPR =
+        /(#{MARKER_EXPR_ONE}|\(\s*|\s*\)|\s+and\s+|\s+or\s+)+/.freeze
       INSTALL_REQ_WITH_REQUIREMENT =
         /\s*\\?\s*(?<name>#{NAME})
           \s*\\?\s*(\[\s*(?<extras>#{EXTRA}(\s*,\s*#{EXTRA})*)\s*\])?
           \s*\\?\s*\(?(?<requirements>#{REQUIREMENTS})\)?
+          \s*\\?\s*(;\s*(?<markers>#{MARKER_EXPR}))?
           \s*\\?\s*(?<hashes>#{HASHES})?
           \s*#*\s*(?<comment>.+)?
         /x.freeze
@@ -25,6 +39,7 @@ module Dependabot
       INSTALL_REQ_WITHOUT_REQUIREMENT =
         /^\s*\\?\s*(?<name>#{NAME})
           \s*\\?\s*(\[\s*(?<extras>#{EXTRA}(\s*,\s*#{EXTRA})*)\s*\])?
+          \s*\\?\s*(;\s*(?<markers>#{MARKER_EXPR}))?
           \s*\\?\s*(?<hashes>#{HASHES})?
           \s*#*\s*(?<comment>.+)?$
         /x.freeze
@@ -33,6 +48,7 @@ module Dependabot
         /^\s*\\?\s*(?<name>#{NAME})
           \s*\\?\s*(\[\s*(?<extras>#{EXTRA}(\s*,\s*#{EXTRA})*)\s*\])?
           \s*\\?\s*\(?(?<requirements>#{REQUIREMENTS})?\)?
+          \s*\\?\s*(;\s*(?<markers>#{MARKER_EXPR}))?
           \s*\\?\s*(?<hashes>#{HASHES})?
           \s*(\#+\s*(?<comment>.*))?$
         /x.freeze

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-python
 version: !ruby/object:Gem::Version
-  version: 0.118.2
+  version: 0.118.7
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-06-16 00:00:00.000000000 Z
+date: 2020-07-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.118.2
+        version: 0.118.7
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.118.2
+        version: 0.118.7
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement