dependabot-python 0.118.8 → 0.119.0.beta1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/install-dir/python/lib/__init__.py +0 -0
- data/helpers/install-dir/python/lib/hasher.py +24 -0
- data/helpers/install-dir/python/lib/parser.py +138 -0
- data/helpers/install-dir/python/requirements.txt +9 -0
- data/helpers/install-dir/python/run.py +18 -0
- data/helpers/requirements.txt +1 -1
- data/lib/dependabot/python/authed_url_builder.rb +7 -0
- data/lib/dependabot/python/python_versions.rb +1 -1
- metadata +13 -22
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 0c443c75018adfd2cf364c97de4ef952789b4b1d279c9ef325ee181e8f46cd56
|
|
4
|
+
data.tar.gz: 3ef40c7a0ac388eea5b3a2ea5b70ca5019a0110088fae84e5913c2584d37eb8d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 13bcdc6647e905be59181cac53a5e79073531940e291684b9431b68bbb16702871d56c964ea4ba4cdee736ec74f050db09b94bd0ba2b370813e5c4ae9cf7e144
|
|
7
|
+
data.tar.gz: 8f7113e04bf9c2c2fd727ecba7c7240d1f7f518237f4c8361531370e3fa86fb712d22544bbfe5751fee6296749c3dfc179c786bdd41a3db241d164a5cd5fb6ca
|
|
File without changes
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
import hashin
|
|
2
|
+
import json
|
|
3
|
+
import pipfile
|
|
4
|
+
from poetry.poetry import Poetry
|
|
5
|
+
from poetry.factory import Factory
|
|
6
|
+
|
|
7
|
+
def get_dependency_hash(dependency_name, dependency_version, algorithm):
|
|
8
|
+
hashes = hashin.get_package_hashes(
|
|
9
|
+
dependency_name,
|
|
10
|
+
version=dependency_version,
|
|
11
|
+
algorithm=algorithm
|
|
12
|
+
)
|
|
13
|
+
|
|
14
|
+
return json.dumps({ "result": hashes["hashes"] })
|
|
15
|
+
|
|
16
|
+
def get_pipfile_hash(directory):
|
|
17
|
+
p = pipfile.load(directory + '/Pipfile')
|
|
18
|
+
|
|
19
|
+
return json.dumps({ "result": p.hash })
|
|
20
|
+
|
|
21
|
+
def get_pyproject_hash(directory):
|
|
22
|
+
p = Factory().create_poetry(directory)
|
|
23
|
+
|
|
24
|
+
return json.dumps({ "result": p.locker._get_content_hash() })
|
|
@@ -0,0 +1,138 @@
|
|
|
1
|
+
from itertools import chain
|
|
2
|
+
import glob
|
|
3
|
+
import io
|
|
4
|
+
import json
|
|
5
|
+
import optparse
|
|
6
|
+
import os.path
|
|
7
|
+
import re
|
|
8
|
+
|
|
9
|
+
import setuptools
|
|
10
|
+
import pip._internal.req.req_file
|
|
11
|
+
from pip._internal.network.session import PipSession
|
|
12
|
+
from pip._internal.models.format_control import FormatControl
|
|
13
|
+
from pip._internal.req.constructors import (
|
|
14
|
+
install_req_from_line,
|
|
15
|
+
install_req_from_parsed_requirement,
|
|
16
|
+
)
|
|
17
|
+
|
|
18
|
+
def parse_requirements(directory):
|
|
19
|
+
# Parse the requirements.txt
|
|
20
|
+
requirement_packages = []
|
|
21
|
+
requirement_files = glob.glob(os.path.join(directory, '*.txt')) \
|
|
22
|
+
+ glob.glob(os.path.join(directory, '**', '*.txt'))
|
|
23
|
+
|
|
24
|
+
pip_compile_files = glob.glob(os.path.join(directory, '*.in')) \
|
|
25
|
+
+ glob.glob(os.path.join(directory, '**', '*.in'))
|
|
26
|
+
|
|
27
|
+
def version_from_install_req(install_req):
|
|
28
|
+
if install_req.is_pinned:
|
|
29
|
+
return next(iter(install_req.specifier)).version
|
|
30
|
+
|
|
31
|
+
for reqs_file in requirement_files + pip_compile_files:
|
|
32
|
+
try:
|
|
33
|
+
requirements = pip._internal.req.req_file.parse_requirements(
|
|
34
|
+
reqs_file,
|
|
35
|
+
session=PipSession()
|
|
36
|
+
)
|
|
37
|
+
for parsed_req in requirements:
|
|
38
|
+
install_req = install_req_from_parsed_requirement(parsed_req)
|
|
39
|
+
if install_req.original_link:
|
|
40
|
+
continue
|
|
41
|
+
|
|
42
|
+
pattern = r"-[cr] (.*) \(line \d+\)"
|
|
43
|
+
abs_path = re.search(pattern, install_req.comes_from).group(1)
|
|
44
|
+
rel_path = os.path.relpath(abs_path, directory)
|
|
45
|
+
|
|
46
|
+
requirement_packages.append({
|
|
47
|
+
"name": install_req.req.name,
|
|
48
|
+
"version": version_from_install_req(install_req),
|
|
49
|
+
"markers": str(install_req.markers) or None,
|
|
50
|
+
"file": rel_path,
|
|
51
|
+
"requirement": str(install_req.specifier) or None,
|
|
52
|
+
"extras": sorted(list(install_req.extras))
|
|
53
|
+
})
|
|
54
|
+
except Exception as e:
|
|
55
|
+
print(json.dumps({ "error": repr(e) }))
|
|
56
|
+
exit(1)
|
|
57
|
+
|
|
58
|
+
return json.dumps({ "result": requirement_packages })
|
|
59
|
+
|
|
60
|
+
def parse_setup(directory):
|
|
61
|
+
# Parse the setup.py
|
|
62
|
+
setup_packages = []
|
|
63
|
+
if os.path.isfile(directory + '/setup.py'):
|
|
64
|
+
def version_from_install_req(install_req):
|
|
65
|
+
if install_req.is_pinned:
|
|
66
|
+
return next(iter(install_req.specifier)).version
|
|
67
|
+
|
|
68
|
+
def parse_requirement(req, req_type):
|
|
69
|
+
install_req = install_req_from_line(req)
|
|
70
|
+
if install_req.original_link:
|
|
71
|
+
return
|
|
72
|
+
|
|
73
|
+
setup_packages.append({
|
|
74
|
+
"name": install_req.req.name,
|
|
75
|
+
"version": version_from_install_req(install_req),
|
|
76
|
+
"markers": str(install_req.markers) or None,
|
|
77
|
+
"file": "setup.py",
|
|
78
|
+
"requirement": str(install_req.specifier) or None,
|
|
79
|
+
"requirement_type": req_type,
|
|
80
|
+
"extras": sorted(list(install_req.extras))
|
|
81
|
+
})
|
|
82
|
+
|
|
83
|
+
def setup(*args, **kwargs):
|
|
84
|
+
for arg in ['setup_requires', 'install_requires', 'tests_require']:
|
|
85
|
+
if not kwargs.get(arg):
|
|
86
|
+
continue
|
|
87
|
+
for req in kwargs.get(arg):
|
|
88
|
+
parse_requirement(req, arg)
|
|
89
|
+
extras_require_dict = kwargs.get('extras_require', {})
|
|
90
|
+
for key in extras_require_dict:
|
|
91
|
+
for req in extras_require_dict[key]:
|
|
92
|
+
parse_requirement(req, 'extras_require:{}'.format(key))
|
|
93
|
+
setuptools.setup = setup
|
|
94
|
+
|
|
95
|
+
def noop(*args, **kwargs):
|
|
96
|
+
pass
|
|
97
|
+
|
|
98
|
+
def fake_parse(*args, **kwargs):
|
|
99
|
+
return []
|
|
100
|
+
|
|
101
|
+
global fake_open
|
|
102
|
+
def fake_open(*args, **kwargs):
|
|
103
|
+
content = ("VERSION = ('0', '0', '1+dependabot')\n"
|
|
104
|
+
"__version__ = '0.0.1+dependabot'\n"
|
|
105
|
+
"__author__ = 'someone'\n"
|
|
106
|
+
"__title__ = 'something'\n"
|
|
107
|
+
"__description__ = 'something'\n"
|
|
108
|
+
"__author_email__ = 'something'\n"
|
|
109
|
+
"__license__ = 'something'\n"
|
|
110
|
+
"__url__ = 'something'\n")
|
|
111
|
+
return io.StringIO(content)
|
|
112
|
+
|
|
113
|
+
content = open(directory + '/setup.py', 'r').read()
|
|
114
|
+
|
|
115
|
+
# Remove `print`, `open`, `log` and import statements
|
|
116
|
+
content = re.sub(r"print\s*\(", "noop(", content)
|
|
117
|
+
content = re.sub(r"log\s*(\.\w+)*\(", "noop(", content)
|
|
118
|
+
content = re.sub(r"\b(\w+\.)*(open|file)\s*\(", "fake_open(", content)
|
|
119
|
+
content = content.replace("parse_requirements(", "fake_parse(")
|
|
120
|
+
version_re = re.compile(r"^.*import.*__version__.*$", re.MULTILINE)
|
|
121
|
+
content = re.sub(version_re, "", content)
|
|
122
|
+
|
|
123
|
+
# Set variables likely to be imported
|
|
124
|
+
__version__ = '0.0.1+dependabot'
|
|
125
|
+
__author__ = 'someone'
|
|
126
|
+
__title__ = 'something'
|
|
127
|
+
__description__ = 'something'
|
|
128
|
+
__author_email__ = 'something'
|
|
129
|
+
__license__ = 'something'
|
|
130
|
+
__url__ = 'something'
|
|
131
|
+
|
|
132
|
+
# Run as main (since setup.py is a script)
|
|
133
|
+
__name__ = '__main__'
|
|
134
|
+
|
|
135
|
+
# Exec the setup.py
|
|
136
|
+
exec(content) in globals(), locals()
|
|
137
|
+
|
|
138
|
+
return json.dumps({ "result": setup_packages })
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
import sys
|
|
2
|
+
import json
|
|
3
|
+
|
|
4
|
+
from lib import parser, hasher
|
|
5
|
+
|
|
6
|
+
if __name__ == "__main__":
|
|
7
|
+
args = json.loads(sys.stdin.read())
|
|
8
|
+
|
|
9
|
+
if args["function"] == "parse_requirements":
|
|
10
|
+
print(parser.parse_requirements(args["args"][0]))
|
|
11
|
+
if args["function"] == "parse_setup":
|
|
12
|
+
print(parser.parse_setup(args["args"][0]))
|
|
13
|
+
elif args["function"] == "get_dependency_hash":
|
|
14
|
+
print(hasher.get_dependency_hash(*args["args"]))
|
|
15
|
+
elif args["function"] == "get_pipfile_hash":
|
|
16
|
+
print(hasher.get_pipfile_hash(*args["args"]))
|
|
17
|
+
elif args["function"] == "get_pyproject_hash":
|
|
18
|
+
print(hasher.get_pyproject_hash(*args["args"]))
|
data/helpers/requirements.txt
CHANGED
|
@@ -3,6 +3,7 @@
|
|
|
3
3
|
module Dependabot
|
|
4
4
|
module Python
|
|
5
5
|
class AuthedUrlBuilder
|
|
6
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
|
6
7
|
def self.authed_url(credential:)
|
|
7
8
|
token = credential.fetch("token", nil)
|
|
8
9
|
url = credential.fetch("index-url")
|
|
@@ -16,8 +17,14 @@ module Dependabot
|
|
|
16
17
|
else token
|
|
17
18
|
end
|
|
18
19
|
|
|
20
|
+
if basic_auth_details.include?(":")
|
|
21
|
+
username, _, password = basic_auth_details.partition(":")
|
|
22
|
+
basic_auth_details = "#{CGI.escape(username)}:#{CGI.escape(password)}"
|
|
23
|
+
end
|
|
24
|
+
|
|
19
25
|
url.sub("://", "://#{basic_auth_details}@")
|
|
20
26
|
end
|
|
27
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
|
21
28
|
end
|
|
22
29
|
end
|
|
23
30
|
end
|
|
@@ -11,7 +11,7 @@ module Dependabot
|
|
|
11
11
|
# the Dependabot container.
|
|
12
12
|
SUPPORTED_VERSIONS = %w(
|
|
13
13
|
3.8.5 3.8.4 3.8.3 3.8.2 3.8.1 3.8.0
|
|
14
|
-
3.7.7 3.7.6 3.7.5 3.7.4 3.7.3 3.7.2 3.7.1 3.7.0
|
|
14
|
+
3.7.8 3.7.7 3.7.6 3.7.5 3.7.4 3.7.3 3.7.2 3.7.1 3.7.0
|
|
15
15
|
3.6.9 3.6.8 3.6.7 3.6.6 3.6.5 3.6.4 3.6.3 3.6.2 3.6.1 3.6.0
|
|
16
16
|
3.5.7 3.5.6 3.5.5 3.5.4 3.5.3
|
|
17
17
|
2.7.18 2.7.17 2.7.16 2.7.15 2.7.14 2.7.13
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-python
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.119.0.beta1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-08-20 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.119.0.beta1
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.119.0.beta1
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -94,20 +94,6 @@ dependencies:
|
|
|
94
94
|
- - "~>"
|
|
95
95
|
- !ruby/object:Gem::Version
|
|
96
96
|
version: '1.2'
|
|
97
|
-
- !ruby/object:Gem::Dependency
|
|
98
|
-
name: rspec_junit_formatter
|
|
99
|
-
requirement: !ruby/object:Gem::Requirement
|
|
100
|
-
requirements:
|
|
101
|
-
- - "~>"
|
|
102
|
-
- !ruby/object:Gem::Version
|
|
103
|
-
version: '0.4'
|
|
104
|
-
type: :development
|
|
105
|
-
prerelease: false
|
|
106
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
107
|
-
requirements:
|
|
108
|
-
- - "~>"
|
|
109
|
-
- !ruby/object:Gem::Version
|
|
110
|
-
version: '0.4'
|
|
111
97
|
- !ruby/object:Gem::Dependency
|
|
112
98
|
name: rubocop
|
|
113
99
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -158,6 +144,11 @@ extensions: []
|
|
|
158
144
|
extra_rdoc_files: []
|
|
159
145
|
files:
|
|
160
146
|
- helpers/build
|
|
147
|
+
- helpers/install-dir/python/lib/__init__.py
|
|
148
|
+
- helpers/install-dir/python/lib/hasher.py
|
|
149
|
+
- helpers/install-dir/python/lib/parser.py
|
|
150
|
+
- helpers/install-dir/python/requirements.txt
|
|
151
|
+
- helpers/install-dir/python/run.py
|
|
161
152
|
- helpers/lib/__init__.py
|
|
162
153
|
- helpers/lib/hasher.py
|
|
163
154
|
- helpers/lib/parser.py
|
|
@@ -200,7 +191,7 @@ homepage: https://github.com/dependabot/dependabot-core
|
|
|
200
191
|
licenses:
|
|
201
192
|
- Nonstandard
|
|
202
193
|
metadata: {}
|
|
203
|
-
post_install_message:
|
|
194
|
+
post_install_message:
|
|
204
195
|
rdoc_options: []
|
|
205
196
|
require_paths:
|
|
206
197
|
- lib
|
|
@@ -215,8 +206,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
215
206
|
- !ruby/object:Gem::Version
|
|
216
207
|
version: 2.5.0
|
|
217
208
|
requirements: []
|
|
218
|
-
rubygems_version: 3.
|
|
219
|
-
signing_key:
|
|
209
|
+
rubygems_version: 3.1.4
|
|
210
|
+
signing_key:
|
|
220
211
|
specification_version: 4
|
|
221
212
|
summary: Python support for dependabot
|
|
222
213
|
test_files: []
|