dependabot-python 0.118.6 → 0.118.12

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/build +1 -1
  3. data/helpers/requirements.txt +2 -2
  4. data/lib/dependabot/python/authed_url_builder.rb +5 -0
  5. data/lib/dependabot/python/file_parser.rb +5 -3
  6. data/lib/dependabot/python/file_updater/pyproject_preparer.rb +4 -0
  7. data/lib/dependabot/python/python_versions.rb +2 -2
  8. data/lib/dependabot/python/version.rb +0 -2
  9. metadata +7 -21
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 52599a336bb280fa61f3314061816eb990ab717cd406dadeb9949122cbc9098f
4
- data.tar.gz: a16632cf0dd92162301b174d36ebe3bee361344f8f937fd8d3a54163ba8a4f42
3
+ metadata.gz: 2844692b3664fc81003147966e9e0ae95c3664f09ea786e7d25a69d3bc1b5cdd
4
+ data.tar.gz: '0829918ec1a85fcf597c38774c27ef802fa20180f182d1f9d1d86ce30f1d739d'
5
5
  SHA512:
6
- metadata.gz: 1978c2a41f5b8db88e547735f8e0821cb3d2a8fdaf406fe6ad33e0a689276377c7ba797031b949e73f24543a32be345768e11949d441e1ff14bad0eb6f489a2c
7
- data.tar.gz: dec37ceec34949b59cd716441d62557fad89f1c01eabb5fade9ce45f7c290a5d4c9163cc8923254905a79e5e093ff698dc1181f712d4aabd00000a4a435354a9
6
+ metadata.gz: 179616f5a1c548a19e8cfdf8fc3cde06950069bfe2efb664054dedf0a7d973616e794ea775d4c75b4166978b2b60828cd75ea88b490c230f9cd2e61a85c6ab0a
7
+ data.tar.gz: 6a3466a1196404f3d266ec7cf10512f5c4df38c377ff40644941dc02ce546ae74bd56549dce4e638d3e433b277bf17dd391c621c88fef7fb24a9c36a82df5914
data/helpers/build CHANGED
@@ -17,4 +17,4 @@ cp -r \
17
17
 
18
18
  cd "$install_dir"
19
19
  PYENV_VERSION=2.7.18 pyenv exec pip install -r "requirements.txt"
20
- PYENV_VERSION=3.8.3 pyenv exec pip install -r "requirements.txt"
20
+ PYENV_VERSION=3.8.5 pyenv exec pip install -r "requirements.txt"
data/helpers/requirements.txt CHANGED
@@ -1,9 +1,9 @@
1
1
  pip==20.1.1
2
- pip-tools==5.2.1
2
+ pip-tools==5.3.1
3
3
  hashin==0.15.0
4
4
  pipenv==2018.11.26
5
5
  pipfile==0.0.2
6
6
  poetry==1.0.9
7
7
 
8
8
  # Some dependencies will only install if Cython is present
9
- Cython==0.29.20
9
+ Cython==0.29.21
data/lib/dependabot/python/authed_url_builder.rb CHANGED
@@ -16,6 +16,11 @@ module Dependabot
16
16
  else token
17
17
  end
18
18
 
19
+ if basic_auth_details.include?(":")
20
+ username, _, password = basic_auth_details.partition(":")
21
+ basic_auth_details = "#{CGI.escape(username)}:#{CGI.escape(password)}"
22
+ end
23
+
19
24
  url.sub("://", "://#{basic_auth_details}@")
20
25
  end
21
26
  end
data/lib/dependabot/python/file_parser.rb CHANGED
@@ -181,12 +181,14 @@ module Dependabot
181
181
  each do |file|
182
182
  path = file.name
183
183
  FileUtils.mkdir_p(Pathname.new(path).dirname)
184
- File.write(path, remove_imports(file.content))
184
+ File.write(path, remove_imports(file))
185
185
  end
186
186
  end
187
187
 
188
- def remove_imports(content)
189
- content.lines.
188
+ def remove_imports(file)
189
+ return file.content if file.path.end_with?(".tar.gz", ".whl", ".zip")
190
+
191
+ file.content.lines.
190
192
  reject { |l| l.match?(/^['"]?(?<path>\..*?)(?=\[|#|'|"|$)/) }.
191
193
  reject { |l| l.match?(/^(?:-e)\s+['"]?(?<path>.*?)(?=\[|#|'|"|$)/) }.
192
194
  join
data/lib/dependabot/python/file_updater/pyproject_preparer.rb CHANGED
@@ -36,6 +36,7 @@ module Dependabot
36
36
  end
37
37
 
38
38
  # rubocop:disable Metrics/PerceivedComplexity
39
+ # rubocop:disable Metrics/CyclomaticComplexity
39
40
  def freeze_top_level_dependencies_except(dependencies)
40
41
  return pyproject_content unless lockfile
41
42
 
@@ -53,6 +54,8 @@ module Dependabot
53
54
 
54
55
  next unless (locked_version = locked_details&.fetch("version"))
55
56
 
57
+ next if locked_details&.dig("source", "type") == "directory"
58
+
56
59
  if locked_details&.dig("source", "type") == "git"
57
60
  poetry_object[key][dep_name] = {
58
61
  "git" => locked_details&.dig("source", "url"),
@@ -69,6 +72,7 @@ module Dependabot
69
72
  TomlRB.dump(pyproject_object)
70
73
  end
71
74
  # rubocop:enable Metrics/PerceivedComplexity
75
+ # rubocop:enable Metrics/CyclomaticComplexity
72
76
 
73
77
  private
74
78
 
data/lib/dependabot/python/python_versions.rb CHANGED
@@ -4,13 +4,13 @@ module Dependabot
4
4
  module Python
5
5
  module PythonVersions
6
6
  PRE_INSTALLED_PYTHON_VERSIONS = %w(
7
- 3.8.3 2.7.18
7
+ 3.8.5 2.7.18
8
8
  ).freeze
9
9
 
10
10
  # Due to an OpenSSL issue we can only install the following versions in
11
11
  # the Dependabot container.
12
12
  SUPPORTED_VERSIONS = %w(
13
- 3.8.3 3.8.2 3.8.1 3.8.0
13
+ 3.8.5 3.8.4 3.8.3 3.8.2 3.8.1 3.8.0
14
14
  3.7.7 3.7.6 3.7.5 3.7.4 3.7.3 3.7.2 3.7.1 3.7.0
15
15
  3.6.9 3.6.8 3.6.7 3.6.6 3.6.5 3.6.4 3.6.3 3.6.2 3.6.1 3.6.0
16
16
  3.5.7 3.5.6 3.5.5 3.5.4 3.5.3
data/lib/dependabot/python/version.rb CHANGED
@@ -114,7 +114,6 @@ module Dependabot
114
114
  # TODO: Delete this once we're using a version of Rubygems that includes
115
115
  # https://github.com/rubygems/rubygems/pull/2651
116
116
  #
117
- # rubocop:disable Metrics/CyclomaticComplexity
118
117
  # rubocop:disable Metrics/PerceivedComplexity
119
118
  # rubocop:disable Style/CaseEquality
120
119
  # rubocop:disable Layout/LineLength
@@ -146,7 +145,6 @@ module Dependabot
146
145
 
147
146
  return 0
148
147
  end
149
- # rubocop:enable Metrics/CyclomaticComplexity
150
148
  # rubocop:enable Metrics/PerceivedComplexity
151
149
  # rubocop:enable Style/CaseEquality
152
150
  # rubocop:enable Layout/LineLength
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.118.6
4
+ version: 0.118.12
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-06-30 00:00:00.000000000 Z
11
+ date: 2020-08-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.118.6
19
+ version: 0.118.12
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.118.6
26
+ version: 0.118.12
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -94,34 +94,20 @@ dependencies:
94
94
  - - "~>"
95
95
  - !ruby/object:Gem::Version
96
96
  version: '1.2'
97
- - !ruby/object:Gem::Dependency
98
- name: rspec_junit_formatter
99
- requirement: !ruby/object:Gem::Requirement
100
- requirements:
101
- - - "~>"
102
- - !ruby/object:Gem::Version
103
- version: '0.4'
104
- type: :development
105
- prerelease: false
106
- version_requirements: !ruby/object:Gem::Requirement
107
- requirements:
108
- - - "~>"
109
- - !ruby/object:Gem::Version
110
- version: '0.4'
111
97
  - !ruby/object:Gem::Dependency
112
98
  name: rubocop
113
99
  requirement: !ruby/object:Gem::Requirement
114
100
  requirements:
115
101
  - - "~>"
116
102
  - !ruby/object:Gem::Version
117
- version: 0.85.0
103
+ version: 0.88.0
118
104
  type: :development
119
105
  prerelease: false
120
106
  version_requirements: !ruby/object:Gem::Requirement
121
107
  requirements:
122
108
  - - "~>"
123
109
  - !ruby/object:Gem::Version
124
- version: 0.85.0
110
+ version: 0.88.0
125
111
  - !ruby/object:Gem::Dependency
126
112
  name: vcr
127
113
  requirement: !ruby/object:Gem::Requirement
@@ -215,7 +201,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
215
201
  - !ruby/object:Gem::Version
216
202
  version: 2.5.0
217
203
  requirements: []
218
- rubygems_version: 3.0.3
204
+ rubygems_version: 3.1.2
219
205
  signing_key:
220
206
  specification_version: 4
221
207
  summary: Python support for dependabot