dependabot-python 0.118.5 → 0.118.11

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/build +1 -1
  3. data/helpers/requirements.txt +2 -2
  4. data/lib/dependabot/python/authed_url_builder.rb +2 -0
  5. data/lib/dependabot/python/file_parser.rb +5 -3
  6. data/lib/dependabot/python/file_updater/pyproject_preparer.rb +4 -0
  7. data/lib/dependabot/python/python_versions.rb +2 -2
  8. data/lib/dependabot/python/version.rb +0 -2
  9. metadata +7 -21
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ef0007055eb0b6c3613952be79f577cff9f45931a0625314ec80916a727129d7
4
- data.tar.gz: ed97749bcbe0b72c0d6a626e752ca803968682e87899f1da45df29b84b9ee8b7
3
+ metadata.gz: 9182c7153fa02da0392f82a0176f8a6d4d4b4d15a467eeca1c93e30ddc4a1f3b
4
+ data.tar.gz: 5050a1a11d871fc0d080c7abc64e49379dd1a85c5f7f1ac92ceaa5861b160c48
5
5
  SHA512:
6
- metadata.gz: e0716f0cb926970aefa9a1b11a8bcb0fb2d8909a7d1b687d934785af767c450c3339ac3b8426a9fa93cc280d267b8a2a55430e00e9db33cc6b5ff581068e126d
7
- data.tar.gz: 6c2168c2c0b1417e88c226a40dcb3e75f3bbf809702e28f043d062f38b1c0344e3f7bd467f118d78d3e1897e1feba42c1d5132a26dea446287537dc96dd1f34b
6
+ metadata.gz: b6a5bd38a586cb66a1acbc75908a28a0744c24c628e127d9485ff78d85a732ef7849eb99da1c156e98ed31ef967f4e154085104f1cdcd10647b4073e75aaba9b
7
+ data.tar.gz: aed8d65f3aa7a0dc54c34e4789ca88f9904183eb87e6acbaba45f512ea1c491ab20a290b7023f2f810682a44fd077e8bce38d738153372f6c233c3d5579bafcc
data/helpers/build CHANGED
@@ -17,4 +17,4 @@ cp -r \
17
17
 
18
18
  cd "$install_dir"
19
19
  PYENV_VERSION=2.7.18 pyenv exec pip install -r "requirements.txt"
20
- PYENV_VERSION=3.8.3 pyenv exec pip install -r "requirements.txt"
20
+ PYENV_VERSION=3.8.5 pyenv exec pip install -r "requirements.txt"
data/helpers/requirements.txt CHANGED
@@ -1,9 +1,9 @@
1
1
  pip==20.1.1
2
- pip-tools==5.2.1
2
+ pip-tools==5.3.1
3
3
  hashin==0.15.0
4
4
  pipenv==2018.11.26
5
5
  pipfile==0.0.2
6
6
  poetry==1.0.9
7
7
 
8
8
  # Some dependencies will only install if Cython is present
9
- Cython==0.29.20
9
+ Cython==0.29.21
data/lib/dependabot/python/authed_url_builder.rb CHANGED
@@ -16,6 +16,8 @@ module Dependabot
16
16
  else token
17
17
  end
18
18
 
19
+ basic_auth_details = basic_auth_details.gsub("@", "%40")
20
+
19
21
  url.sub("://", "://#{basic_auth_details}@")
20
22
  end
21
23
  end
data/lib/dependabot/python/file_parser.rb CHANGED
@@ -181,12 +181,14 @@ module Dependabot
181
181
  each do |file|
182
182
  path = file.name
183
183
  FileUtils.mkdir_p(Pathname.new(path).dirname)
184
- File.write(path, remove_imports(file.content))
184
+ File.write(path, remove_imports(file))
185
185
  end
186
186
  end
187
187
 
188
- def remove_imports(content)
189
- content.lines.
188
+ def remove_imports(file)
189
+ return file.content if file.path.end_with?(".tar.gz", ".whl", ".zip")
190
+
191
+ file.content.lines.
190
192
  reject { |l| l.match?(/^['"]?(?<path>\..*?)(?=\[|#|'|"|$)/) }.
191
193
  reject { |l| l.match?(/^(?:-e)\s+['"]?(?<path>.*?)(?=\[|#|'|"|$)/) }.
192
194
  join
data/lib/dependabot/python/file_updater/pyproject_preparer.rb CHANGED
@@ -36,6 +36,7 @@ module Dependabot
36
36
  end
37
37
 
38
38
  # rubocop:disable Metrics/PerceivedComplexity
39
+ # rubocop:disable Metrics/CyclomaticComplexity
39
40
  def freeze_top_level_dependencies_except(dependencies)
40
41
  return pyproject_content unless lockfile
41
42
 
@@ -53,6 +54,8 @@ module Dependabot
53
54
 
54
55
  next unless (locked_version = locked_details&.fetch("version"))
55
56
 
57
+ next if locked_details&.dig("source", "type") == "directory"
58
+
56
59
  if locked_details&.dig("source", "type") == "git"
57
60
  poetry_object[key][dep_name] = {
58
61
  "git" => locked_details&.dig("source", "url"),
@@ -69,6 +72,7 @@ module Dependabot
69
72
  TomlRB.dump(pyproject_object)
70
73
  end
71
74
  # rubocop:enable Metrics/PerceivedComplexity
75
+ # rubocop:enable Metrics/CyclomaticComplexity
72
76
 
73
77
  private
74
78
 
data/lib/dependabot/python/python_versions.rb CHANGED
@@ -4,13 +4,13 @@ module Dependabot
4
4
  module Python
5
5
  module PythonVersions
6
6
  PRE_INSTALLED_PYTHON_VERSIONS = %w(
7
- 3.8.3 2.7.18
7
+ 3.8.5 2.7.18
8
8
  ).freeze
9
9
 
10
10
  # Due to an OpenSSL issue we can only install the following versions in
11
11
  # the Dependabot container.
12
12
  SUPPORTED_VERSIONS = %w(
13
- 3.8.3 3.8.2 3.8.1 3.8.0
13
+ 3.8.5 3.8.4 3.8.3 3.8.2 3.8.1 3.8.0
14
14
  3.7.7 3.7.6 3.7.5 3.7.4 3.7.3 3.7.2 3.7.1 3.7.0
15
15
  3.6.9 3.6.8 3.6.7 3.6.6 3.6.5 3.6.4 3.6.3 3.6.2 3.6.1 3.6.0
16
16
  3.5.7 3.5.6 3.5.5 3.5.4 3.5.3
data/lib/dependabot/python/version.rb CHANGED
@@ -114,7 +114,6 @@ module Dependabot
114
114
  # TODO: Delete this once we're using a version of Rubygems that includes
115
115
  # https://github.com/rubygems/rubygems/pull/2651
116
116
  #
117
- # rubocop:disable Metrics/CyclomaticComplexity
118
117
  # rubocop:disable Metrics/PerceivedComplexity
119
118
  # rubocop:disable Style/CaseEquality
120
119
  # rubocop:disable Layout/LineLength
@@ -146,7 +145,6 @@ module Dependabot
146
145
 
147
146
  return 0
148
147
  end
149
- # rubocop:enable Metrics/CyclomaticComplexity
150
148
  # rubocop:enable Metrics/PerceivedComplexity
151
149
  # rubocop:enable Style/CaseEquality
152
150
  # rubocop:enable Layout/LineLength
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.118.5
4
+ version: 0.118.11
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-06-24 00:00:00.000000000 Z
11
+ date: 2020-08-06 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.118.5
19
+ version: 0.118.11
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.118.5
26
+ version: 0.118.11
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -94,34 +94,20 @@ dependencies:
94
94
  - - "~>"
95
95
  - !ruby/object:Gem::Version
96
96
  version: '1.2'
97
- - !ruby/object:Gem::Dependency
98
- name: rspec_junit_formatter
99
- requirement: !ruby/object:Gem::Requirement
100
- requirements:
101
- - - "~>"
102
- - !ruby/object:Gem::Version
103
- version: '0.4'
104
- type: :development
105
- prerelease: false
106
- version_requirements: !ruby/object:Gem::Requirement
107
- requirements:
108
- - - "~>"
109
- - !ruby/object:Gem::Version
110
- version: '0.4'
111
97
  - !ruby/object:Gem::Dependency
112
98
  name: rubocop
113
99
  requirement: !ruby/object:Gem::Requirement
114
100
  requirements:
115
101
  - - "~>"
116
102
  - !ruby/object:Gem::Version
117
- version: 0.85.0
103
+ version: 0.88.0
118
104
  type: :development
119
105
  prerelease: false
120
106
  version_requirements: !ruby/object:Gem::Requirement
121
107
  requirements:
122
108
  - - "~>"
123
109
  - !ruby/object:Gem::Version
124
- version: 0.85.0
110
+ version: 0.88.0
125
111
  - !ruby/object:Gem::Dependency
126
112
  name: vcr
127
113
  requirement: !ruby/object:Gem::Requirement
@@ -215,7 +201,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
215
201
  - !ruby/object:Gem::Version
216
202
  version: 2.5.0
217
203
  requirements: []
218
- rubygems_version: 3.0.3
204
+ rubygems_version: 3.1.2
219
205
  signing_key:
220
206
  specification_version: 4
221
207
  summary: Python support for dependabot