dependabot-python 0.118.7 → 0.118.13

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/build +1 -1
  3. data/helpers/requirements.txt +2 -2
  4. data/lib/dependabot/python/authed_url_builder.rb +7 -0
  5. data/lib/dependabot/python/file_updater/pyproject_preparer.rb +4 -0
  6. data/lib/dependabot/python/python_versions.rb +3 -3
  7. data/lib/dependabot/python/version.rb +0 -2
  8. metadata +7 -21
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f389bc06b0e930d319d2625c8c9753bea89d54cd6f188e2b8f92a45eae5d9164
4
- data.tar.gz: 7b9164faa17544c164c8c1a61a36aa1ef2f10b06d20d352a5bd2fb53e903b275
3
+ metadata.gz: 5d40b703af7755372ebc0e7313e0bb3e71760b73bfca3aeff321dc1d19914744
4
+ data.tar.gz: 991c0555715aa0f40f16e7dccce79b38733603962eafd39bbcfebf1f08da096a
5
5
  SHA512:
6
- metadata.gz: dca688da7c4ce4f5b5bf0cd743bc3fc012fbdbc49e9d8e049e7fbd5d066d4e42c142b9fe4eb7b8a011ee669de95f2ef5b1d19258d8b1c6517aa8d43498cee543
7
- data.tar.gz: 9da3df550234656e6e1159942f7f5230d4ff229881ea2f7158179f2b9112152e1828e2d027ec169c86399d2c7f4a8f1404d7d9c5ed110909af9b020916fd7bec
6
+ metadata.gz: f250e18d12e7056278813b7222b888c4ce080c293aa79c7e1cb72b5d5b5244953e69cf750836bfbf8585b7da08fd70571ae63cf4d0239bfba7df9f01927fe041
7
+ data.tar.gz: a6f2cdad3b38118dfd5125ee3864c2f8e0b2cfc966b098928376a5f7cdda74c331b3fe8a650ed106614c50f89b109aaccf047921e60a9126ca3c110948e0cb9b
data/helpers/build CHANGED
@@ -17,4 +17,4 @@ cp -r \
17
17
 
18
18
  cd "$install_dir"
19
19
  PYENV_VERSION=2.7.18 pyenv exec pip install -r "requirements.txt"
20
- PYENV_VERSION=3.8.3 pyenv exec pip install -r "requirements.txt"
20
+ PYENV_VERSION=3.8.5 pyenv exec pip install -r "requirements.txt"
data/helpers/requirements.txt CHANGED
@@ -1,9 +1,9 @@
1
1
  pip==20.1.1
2
- pip-tools==5.2.1
2
+ pip-tools==5.3.1
3
3
  hashin==0.15.0
4
4
  pipenv==2018.11.26
5
5
  pipfile==0.0.2
6
6
  poetry==1.0.9
7
7
 
8
8
  # Some dependencies will only install if Cython is present
9
- Cython==0.29.20
9
+ Cython==0.29.21
data/lib/dependabot/python/authed_url_builder.rb CHANGED
@@ -3,6 +3,7 @@
3
3
  module Dependabot
4
4
  module Python
5
5
  class AuthedUrlBuilder
6
+ # rubocop:disable Metrics/PerceivedComplexity
6
7
  def self.authed_url(credential:)
7
8
  token = credential.fetch("token", nil)
8
9
  url = credential.fetch("index-url")
@@ -16,8 +17,14 @@ module Dependabot
16
17
  else token
17
18
  end
18
19
 
20
+ if basic_auth_details.include?(":")
21
+ username, _, password = basic_auth_details.partition(":")
22
+ basic_auth_details = "#{CGI.escape(username)}:#{CGI.escape(password)}"
23
+ end
24
+
19
25
  url.sub("://", "://#{basic_auth_details}@")
20
26
  end
27
+ # rubocop:enable Metrics/PerceivedComplexity
21
28
  end
22
29
  end
23
30
  end
data/lib/dependabot/python/file_updater/pyproject_preparer.rb CHANGED
@@ -36,6 +36,7 @@ module Dependabot
36
36
  end
37
37
 
38
38
  # rubocop:disable Metrics/PerceivedComplexity
39
+ # rubocop:disable Metrics/CyclomaticComplexity
39
40
  def freeze_top_level_dependencies_except(dependencies)
40
41
  return pyproject_content unless lockfile
41
42
 
@@ -53,6 +54,8 @@ module Dependabot
53
54
 
54
55
  next unless (locked_version = locked_details&.fetch("version"))
55
56
 
57
+ next if locked_details&.dig("source", "type") == "directory"
58
+
56
59
  if locked_details&.dig("source", "type") == "git"
57
60
  poetry_object[key][dep_name] = {
58
61
  "git" => locked_details&.dig("source", "url"),
@@ -69,6 +72,7 @@ module Dependabot
69
72
  TomlRB.dump(pyproject_object)
70
73
  end
71
74
  # rubocop:enable Metrics/PerceivedComplexity
75
+ # rubocop:enable Metrics/CyclomaticComplexity
72
76
 
73
77
  private
74
78
 
data/lib/dependabot/python/python_versions.rb CHANGED
@@ -4,14 +4,14 @@ module Dependabot
4
4
  module Python
5
5
  module PythonVersions
6
6
  PRE_INSTALLED_PYTHON_VERSIONS = %w(
7
- 3.8.3 2.7.18
7
+ 3.8.5 2.7.18
8
8
  ).freeze
9
9
 
10
10
  # Due to an OpenSSL issue we can only install the following versions in
11
11
  # the Dependabot container.
12
12
  SUPPORTED_VERSIONS = %w(
13
- 3.8.3 3.8.2 3.8.1 3.8.0
14
- 3.7.7 3.7.6 3.7.5 3.7.4 3.7.3 3.7.2 3.7.1 3.7.0
13
+ 3.8.5 3.8.4 3.8.3 3.8.2 3.8.1 3.8.0
14
+ 3.7.8 3.7.7 3.7.6 3.7.5 3.7.4 3.7.3 3.7.2 3.7.1 3.7.0
15
15
  3.6.9 3.6.8 3.6.7 3.6.6 3.6.5 3.6.4 3.6.3 3.6.2 3.6.1 3.6.0
16
16
  3.5.7 3.5.6 3.5.5 3.5.4 3.5.3
17
17
  2.7.18 2.7.17 2.7.16 2.7.15 2.7.14 2.7.13
data/lib/dependabot/python/version.rb CHANGED
@@ -114,7 +114,6 @@ module Dependabot
114
114
  # TODO: Delete this once we're using a version of Rubygems that includes
115
115
  # https://github.com/rubygems/rubygems/pull/2651
116
116
  #
117
- # rubocop:disable Metrics/CyclomaticComplexity
118
117
  # rubocop:disable Metrics/PerceivedComplexity
119
118
  # rubocop:disable Style/CaseEquality
120
119
  # rubocop:disable Layout/LineLength
@@ -146,7 +145,6 @@ module Dependabot
146
145
 
147
146
  return 0
148
147
  end
149
- # rubocop:enable Metrics/CyclomaticComplexity
150
148
  # rubocop:enable Metrics/PerceivedComplexity
151
149
  # rubocop:enable Style/CaseEquality
152
150
  # rubocop:enable Layout/LineLength
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.118.7
4
+ version: 0.118.13
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-07-02 00:00:00.000000000 Z
11
+ date: 2020-08-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.118.7
19
+ version: 0.118.13
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.118.7
26
+ version: 0.118.13
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -94,34 +94,20 @@ dependencies:
94
94
  - - "~>"
95
95
  - !ruby/object:Gem::Version
96
96
  version: '1.2'
97
- - !ruby/object:Gem::Dependency
98
- name: rspec_junit_formatter
99
- requirement: !ruby/object:Gem::Requirement
100
- requirements:
101
- - - "~>"
102
- - !ruby/object:Gem::Version
103
- version: '0.4'
104
- type: :development
105
- prerelease: false
106
- version_requirements: !ruby/object:Gem::Requirement
107
- requirements:
108
- - - "~>"
109
- - !ruby/object:Gem::Version
110
- version: '0.4'
111
97
  - !ruby/object:Gem::Dependency
112
98
  name: rubocop
113
99
  requirement: !ruby/object:Gem::Requirement
114
100
  requirements:
115
101
  - - "~>"
116
102
  - !ruby/object:Gem::Version
117
- version: 0.85.0
103
+ version: 0.88.0
118
104
  type: :development
119
105
  prerelease: false
120
106
  version_requirements: !ruby/object:Gem::Requirement
121
107
  requirements:
122
108
  - - "~>"
123
109
  - !ruby/object:Gem::Version
124
- version: 0.85.0
110
+ version: 0.88.0
125
111
  - !ruby/object:Gem::Dependency
126
112
  name: vcr
127
113
  requirement: !ruby/object:Gem::Requirement
@@ -215,7 +201,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
215
201
  - !ruby/object:Gem::Version
216
202
  version: 2.5.0
217
203
  requirements: []
218
- rubygems_version: 3.0.3
204
+ rubygems_version: 3.1.2
219
205
  signing_key:
220
206
  specification_version: 4
221
207
  summary: Python support for dependabot