dependabot-python 0.118.6 → 0.118.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/build +1 -1
  3. data/helpers/requirements.txt +2 -2
  4. data/lib/dependabot/python/authed_url_builder.rb +5 -0
  5. data/lib/dependabot/python/file_parser.rb +5 -3
  6. data/lib/dependabot/python/file_updater/pyproject_preparer.rb +4 -0
  7. data/lib/dependabot/python/python_versions.rb +2 -2
  8. data/lib/dependabot/python/version.rb +0 -2
  9. metadata +7 -21
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 52599a336bb280fa61f3314061816eb990ab717cd406dadeb9949122cbc9098f
4
- data.tar.gz: a16632cf0dd92162301b174d36ebe3bee361344f8f937fd8d3a54163ba8a4f42
3
+ metadata.gz: 2844692b3664fc81003147966e9e0ae95c3664f09ea786e7d25a69d3bc1b5cdd
4
+ data.tar.gz: '0829918ec1a85fcf597c38774c27ef802fa20180f182d1f9d1d86ce30f1d739d'
5
5
  SHA512:
6
- metadata.gz: 1978c2a41f5b8db88e547735f8e0821cb3d2a8fdaf406fe6ad33e0a689276377c7ba797031b949e73f24543a32be345768e11949d441e1ff14bad0eb6f489a2c
7
- data.tar.gz: dec37ceec34949b59cd716441d62557fad89f1c01eabb5fade9ce45f7c290a5d4c9163cc8923254905a79e5e093ff698dc1181f712d4aabd00000a4a435354a9
6
+ metadata.gz: 179616f5a1c548a19e8cfdf8fc3cde06950069bfe2efb664054dedf0a7d973616e794ea775d4c75b4166978b2b60828cd75ea88b490c230f9cd2e61a85c6ab0a
7
+ data.tar.gz: 6a3466a1196404f3d266ec7cf10512f5c4df38c377ff40644941dc02ce546ae74bd56549dce4e638d3e433b277bf17dd391c621c88fef7fb24a9c36a82df5914
data/helpers/build CHANGED
@@ -17,4 +17,4 @@ cp -r \
17
17
 
18
18
  cd "$install_dir"
19
19
  PYENV_VERSION=2.7.18 pyenv exec pip install -r "requirements.txt"
20
- PYENV_VERSION=3.8.3 pyenv exec pip install -r "requirements.txt"
20
+ PYENV_VERSION=3.8.5 pyenv exec pip install -r "requirements.txt"
data/helpers/requirements.txt CHANGED
@@ -1,9 +1,9 @@
1
1
  pip==20.1.1
2
- pip-tools==5.2.1
2
+ pip-tools==5.3.1
3
3
  hashin==0.15.0
4
4
  pipenv==2018.11.26
5
5
  pipfile==0.0.2
6
6
  poetry==1.0.9
7
7
 
8
8
  # Some dependencies will only install if Cython is present
9
- Cython==0.29.20
9
+ Cython==0.29.21
data/lib/dependabot/python/authed_url_builder.rb CHANGED
@@ -16,6 +16,11 @@ module Dependabot
16
16
  else token
17
17
  end
18
18
 
19
+ if basic_auth_details.include?(":")
20
+ username, _, password = basic_auth_details.partition(":")
21
+ basic_auth_details = "#{CGI.escape(username)}:#{CGI.escape(password)}"
22
+ end
23
+
19
24
  url.sub("://", "://#{basic_auth_details}@")
20
25
  end
21
26
  end
data/lib/dependabot/python/file_parser.rb CHANGED
@@ -181,12 +181,14 @@ module Dependabot
181
181
  each do |file|
182
182
  path = file.name
183
183
  FileUtils.mkdir_p(Pathname.new(path).dirname)
184
- File.write(path, remove_imports(file.content))
184
+ File.write(path, remove_imports(file))
185
185
  end
186
186
  end
187
187
 
188
- def remove_imports(content)
189
- content.lines.
188
+ def remove_imports(file)
189
+ return file.content if file.path.end_with?(".tar.gz", ".whl", ".zip")
190
+
191
+ file.content.lines.
190
192
  reject { |l| l.match?(/^['"]?(?<path>\..*?)(?=\[|#|'|"|$)/) }.
191
193
  reject { |l| l.match?(/^(?:-e)\s+['"]?(?<path>.*?)(?=\[|#|'|"|$)/) }.
192
194
  join
data/lib/dependabot/python/file_updater/pyproject_preparer.rb CHANGED
@@ -36,6 +36,7 @@ module Dependabot
36
36
  end
37
37
 
38
38
  # rubocop:disable Metrics/PerceivedComplexity
39
+ # rubocop:disable Metrics/CyclomaticComplexity
39
40
  def freeze_top_level_dependencies_except(dependencies)
40
41
  return pyproject_content unless lockfile
41
42
 
@@ -53,6 +54,8 @@ module Dependabot
53
54
 
54
55
  next unless (locked_version = locked_details&.fetch("version"))
55
56
 
57
+ next if locked_details&.dig("source", "type") == "directory"
58
+
56
59
  if locked_details&.dig("source", "type") == "git"
57
60
  poetry_object[key][dep_name] = {
58
61
  "git" => locked_details&.dig("source", "url"),
@@ -69,6 +72,7 @@ module Dependabot
69
72
  TomlRB.dump(pyproject_object)
70
73
  end
71
74
  # rubocop:enable Metrics/PerceivedComplexity
75
+ # rubocop:enable Metrics/CyclomaticComplexity
72
76
 
73
77
  private
74
78
 
data/lib/dependabot/python/python_versions.rb CHANGED
@@ -4,13 +4,13 @@ module Dependabot
4
4
  module Python
5
5
  module PythonVersions
6
6
  PRE_INSTALLED_PYTHON_VERSIONS = %w(
7
- 3.8.3 2.7.18
7
+ 3.8.5 2.7.18
8
8
  ).freeze
9
9
 
10
10
  # Due to an OpenSSL issue we can only install the following versions in
11
11
  # the Dependabot container.
12
12
  SUPPORTED_VERSIONS = %w(
13
- 3.8.3 3.8.2 3.8.1 3.8.0
13
+ 3.8.5 3.8.4 3.8.3 3.8.2 3.8.1 3.8.0
14
14
  3.7.7 3.7.6 3.7.5 3.7.4 3.7.3 3.7.2 3.7.1 3.7.0
15
15
  3.6.9 3.6.8 3.6.7 3.6.6 3.6.5 3.6.4 3.6.3 3.6.2 3.6.1 3.6.0
16
16
  3.5.7 3.5.6 3.5.5 3.5.4 3.5.3
data/lib/dependabot/python/version.rb CHANGED
@@ -114,7 +114,6 @@ module Dependabot
114
114
  # TODO: Delete this once we're using a version of Rubygems that includes
115
115
  # https://github.com/rubygems/rubygems/pull/2651
116
116
  #
117
- # rubocop:disable Metrics/CyclomaticComplexity
118
117
  # rubocop:disable Metrics/PerceivedComplexity
119
118
  # rubocop:disable Style/CaseEquality
120
119
  # rubocop:disable Layout/LineLength
@@ -146,7 +145,6 @@ module Dependabot
146
145
 
147
146
  return 0
148
147
  end
149
- # rubocop:enable Metrics/CyclomaticComplexity
150
148
  # rubocop:enable Metrics/PerceivedComplexity
151
149
  # rubocop:enable Style/CaseEquality
152
150
  # rubocop:enable Layout/LineLength
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.118.6
4
+ version: 0.118.12
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-06-30 00:00:00.000000000 Z
11
+ date: 2020-08-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.118.6
19
+ version: 0.118.12
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.118.6
26
+ version: 0.118.12
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -94,34 +94,20 @@ dependencies:
94
94
  - - "~>"
95
95
  - !ruby/object:Gem::Version
96
96
  version: '1.2'
97
- - !ruby/object:Gem::Dependency
98
- name: rspec_junit_formatter
99
- requirement: !ruby/object:Gem::Requirement
100
- requirements:
101
- - - "~>"
102
- - !ruby/object:Gem::Version
103
- version: '0.4'
104
- type: :development
105
- prerelease: false
106
- version_requirements: !ruby/object:Gem::Requirement
107
- requirements:
108
- - - "~>"
109
- - !ruby/object:Gem::Version
110
- version: '0.4'
111
97
  - !ruby/object:Gem::Dependency
112
98
  name: rubocop
113
99
  requirement: !ruby/object:Gem::Requirement
114
100
  requirements:
115
101
  - - "~>"
116
102
  - !ruby/object:Gem::Version
117
- version: 0.85.0
103
+ version: 0.88.0
118
104
  type: :development
119
105
  prerelease: false
120
106
  version_requirements: !ruby/object:Gem::Requirement
121
107
  requirements:
122
108
  - - "~>"
123
109
  - !ruby/object:Gem::Version
124
- version: 0.85.0
110
+ version: 0.88.0
125
111
  - !ruby/object:Gem::Dependency
126
112
  name: vcr
127
113
  requirement: !ruby/object:Gem::Requirement
@@ -215,7 +201,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
215
201
  - !ruby/object:Gem::Version
216
202
  version: 2.5.0
217
203
  requirements: []
218
- rubygems_version: 3.0.3
204
+ rubygems_version: 3.1.2
219
205
  signing_key:
220
206
  specification_version: 4
221
207
  summary: Python support for dependabot