dependabot-python 0.118.8 → 0.119.0.beta1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/helpers/install-dir/python/lib/__init__.py +0 -0
- data/helpers/install-dir/python/lib/hasher.py +24 -0
- data/helpers/install-dir/python/lib/parser.py +138 -0
- data/helpers/install-dir/python/requirements.txt +9 -0
- data/helpers/install-dir/python/run.py +18 -0
- data/helpers/requirements.txt +1 -1
- data/lib/dependabot/python/authed_url_builder.rb +7 -0
- data/lib/dependabot/python/python_versions.rb +1 -1
- metadata +13 -22
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 0c443c75018adfd2cf364c97de4ef952789b4b1d279c9ef325ee181e8f46cd56
|
|
4
|
+
data.tar.gz: 3ef40c7a0ac388eea5b3a2ea5b70ca5019a0110088fae84e5913c2584d37eb8d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 13bcdc6647e905be59181cac53a5e79073531940e291684b9431b68bbb16702871d56c964ea4ba4cdee736ec74f050db09b94bd0ba2b370813e5c4ae9cf7e144
|
|
7
|
+
data.tar.gz: 8f7113e04bf9c2c2fd727ecba7c7240d1f7f518237f4c8361531370e3fa86fb712d22544bbfe5751fee6296749c3dfc179c786bdd41a3db241d164a5cd5fb6ca
|
|
File without changes
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
import hashin
|
|
2
|
+
import json
|
|
3
|
+
import pipfile
|
|
4
|
+
from poetry.poetry import Poetry
|
|
5
|
+
from poetry.factory import Factory
|
|
6
|
+
|
|
7
|
+
def get_dependency_hash(dependency_name, dependency_version, algorithm):
|
|
8
|
+
hashes = hashin.get_package_hashes(
|
|
9
|
+
dependency_name,
|
|
10
|
+
version=dependency_version,
|
|
11
|
+
algorithm=algorithm
|
|
12
|
+
)
|
|
13
|
+
|
|
14
|
+
return json.dumps({ "result": hashes["hashes"] })
|
|
15
|
+
|
|
16
|
+
def get_pipfile_hash(directory):
|
|
17
|
+
p = pipfile.load(directory + '/Pipfile')
|
|
18
|
+
|
|
19
|
+
return json.dumps({ "result": p.hash })
|
|
20
|
+
|
|
21
|
+
def get_pyproject_hash(directory):
|
|
22
|
+
p = Factory().create_poetry(directory)
|
|
23
|
+
|
|
24
|
+
return json.dumps({ "result": p.locker._get_content_hash() })
|
|
@@ -0,0 +1,138 @@
|
|
|
1
|
+
from itertools import chain
|
|
2
|
+
import glob
|
|
3
|
+
import io
|
|
4
|
+
import json
|
|
5
|
+
import optparse
|
|
6
|
+
import os.path
|
|
7
|
+
import re
|
|
8
|
+
|
|
9
|
+
import setuptools
|
|
10
|
+
import pip._internal.req.req_file
|
|
11
|
+
from pip._internal.network.session import PipSession
|
|
12
|
+
from pip._internal.models.format_control import FormatControl
|
|
13
|
+
from pip._internal.req.constructors import (
|
|
14
|
+
install_req_from_line,
|
|
15
|
+
install_req_from_parsed_requirement,
|
|
16
|
+
)
|
|
17
|
+
|
|
18
|
+
def parse_requirements(directory):
|
|
19
|
+
# Parse the requirements.txt
|
|
20
|
+
requirement_packages = []
|
|
21
|
+
requirement_files = glob.glob(os.path.join(directory, '*.txt')) \
|
|
22
|
+
+ glob.glob(os.path.join(directory, '**', '*.txt'))
|
|
23
|
+
|
|
24
|
+
pip_compile_files = glob.glob(os.path.join(directory, '*.in')) \
|
|
25
|
+
+ glob.glob(os.path.join(directory, '**', '*.in'))
|
|
26
|
+
|
|
27
|
+
def version_from_install_req(install_req):
|
|
28
|
+
if install_req.is_pinned:
|
|
29
|
+
return next(iter(install_req.specifier)).version
|
|
30
|
+
|
|
31
|
+
for reqs_file in requirement_files + pip_compile_files:
|
|
32
|
+
try:
|
|
33
|
+
requirements = pip._internal.req.req_file.parse_requirements(
|
|
34
|
+
reqs_file,
|
|
35
|
+
session=PipSession()
|
|
36
|
+
)
|
|
37
|
+
for parsed_req in requirements:
|
|
38
|
+
install_req = install_req_from_parsed_requirement(parsed_req)
|
|
39
|
+
if install_req.original_link:
|
|
40
|
+
continue
|
|
41
|
+
|
|
42
|
+
pattern = r"-[cr] (.*) \(line \d+\)"
|
|
43
|
+
abs_path = re.search(pattern, install_req.comes_from).group(1)
|
|
44
|
+
rel_path = os.path.relpath(abs_path, directory)
|
|
45
|
+
|
|
46
|
+
requirement_packages.append({
|
|
47
|
+
"name": install_req.req.name,
|
|
48
|
+
"version": version_from_install_req(install_req),
|
|
49
|
+
"markers": str(install_req.markers) or None,
|
|
50
|
+
"file": rel_path,
|
|
51
|
+
"requirement": str(install_req.specifier) or None,
|
|
52
|
+
"extras": sorted(list(install_req.extras))
|
|
53
|
+
})
|
|
54
|
+
except Exception as e:
|
|
55
|
+
print(json.dumps({ "error": repr(e) }))
|
|
56
|
+
exit(1)
|
|
57
|
+
|
|
58
|
+
return json.dumps({ "result": requirement_packages })
|
|
59
|
+
|
|
60
|
+
def parse_setup(directory):
|
|
61
|
+
# Parse the setup.py
|
|
62
|
+
setup_packages = []
|
|
63
|
+
if os.path.isfile(directory + '/setup.py'):
|
|
64
|
+
def version_from_install_req(install_req):
|
|
65
|
+
if install_req.is_pinned:
|
|
66
|
+
return next(iter(install_req.specifier)).version
|
|
67
|
+
|
|
68
|
+
def parse_requirement(req, req_type):
|
|
69
|
+
install_req = install_req_from_line(req)
|
|
70
|
+
if install_req.original_link:
|
|
71
|
+
return
|
|
72
|
+
|
|
73
|
+
setup_packages.append({
|
|
74
|
+
"name": install_req.req.name,
|
|
75
|
+
"version": version_from_install_req(install_req),
|
|
76
|
+
"markers": str(install_req.markers) or None,
|
|
77
|
+
"file": "setup.py",
|
|
78
|
+
"requirement": str(install_req.specifier) or None,
|
|
79
|
+
"requirement_type": req_type,
|
|
80
|
+
"extras": sorted(list(install_req.extras))
|
|
81
|
+
})
|
|
82
|
+
|
|
83
|
+
def setup(*args, **kwargs):
|
|
84
|
+
for arg in ['setup_requires', 'install_requires', 'tests_require']:
|
|
85
|
+
if not kwargs.get(arg):
|
|
86
|
+
continue
|
|
87
|
+
for req in kwargs.get(arg):
|
|
88
|
+
parse_requirement(req, arg)
|
|
89
|
+
extras_require_dict = kwargs.get('extras_require', {})
|
|
90
|
+
for key in extras_require_dict:
|
|
91
|
+
for req in extras_require_dict[key]:
|
|
92
|
+
parse_requirement(req, 'extras_require:{}'.format(key))
|
|
93
|
+
setuptools.setup = setup
|
|
94
|
+
|
|
95
|
+
def noop(*args, **kwargs):
|
|
96
|
+
pass
|
|
97
|
+
|
|
98
|
+
def fake_parse(*args, **kwargs):
|
|
99
|
+
return []
|
|
100
|
+
|
|
101
|
+
global fake_open
|
|
102
|
+
def fake_open(*args, **kwargs):
|
|
103
|
+
content = ("VERSION = ('0', '0', '1+dependabot')\n"
|
|
104
|
+
"__version__ = '0.0.1+dependabot'\n"
|
|
105
|
+
"__author__ = 'someone'\n"
|
|
106
|
+
"__title__ = 'something'\n"
|
|
107
|
+
"__description__ = 'something'\n"
|
|
108
|
+
"__author_email__ = 'something'\n"
|
|
109
|
+
"__license__ = 'something'\n"
|
|
110
|
+
"__url__ = 'something'\n")
|
|
111
|
+
return io.StringIO(content)
|
|
112
|
+
|
|
113
|
+
content = open(directory + '/setup.py', 'r').read()
|
|
114
|
+
|
|
115
|
+
# Remove `print`, `open`, `log` and import statements
|
|
116
|
+
content = re.sub(r"print\s*\(", "noop(", content)
|
|
117
|
+
content = re.sub(r"log\s*(\.\w+)*\(", "noop(", content)
|
|
118
|
+
content = re.sub(r"\b(\w+\.)*(open|file)\s*\(", "fake_open(", content)
|
|
119
|
+
content = content.replace("parse_requirements(", "fake_parse(")
|
|
120
|
+
version_re = re.compile(r"^.*import.*__version__.*$", re.MULTILINE)
|
|
121
|
+
content = re.sub(version_re, "", content)
|
|
122
|
+
|
|
123
|
+
# Set variables likely to be imported
|
|
124
|
+
__version__ = '0.0.1+dependabot'
|
|
125
|
+
__author__ = 'someone'
|
|
126
|
+
__title__ = 'something'
|
|
127
|
+
__description__ = 'something'
|
|
128
|
+
__author_email__ = 'something'
|
|
129
|
+
__license__ = 'something'
|
|
130
|
+
__url__ = 'something'
|
|
131
|
+
|
|
132
|
+
# Run as main (since setup.py is a script)
|
|
133
|
+
__name__ = '__main__'
|
|
134
|
+
|
|
135
|
+
# Exec the setup.py
|
|
136
|
+
exec(content) in globals(), locals()
|
|
137
|
+
|
|
138
|
+
return json.dumps({ "result": setup_packages })
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
import sys
|
|
2
|
+
import json
|
|
3
|
+
|
|
4
|
+
from lib import parser, hasher
|
|
5
|
+
|
|
6
|
+
if __name__ == "__main__":
|
|
7
|
+
args = json.loads(sys.stdin.read())
|
|
8
|
+
|
|
9
|
+
if args["function"] == "parse_requirements":
|
|
10
|
+
print(parser.parse_requirements(args["args"][0]))
|
|
11
|
+
if args["function"] == "parse_setup":
|
|
12
|
+
print(parser.parse_setup(args["args"][0]))
|
|
13
|
+
elif args["function"] == "get_dependency_hash":
|
|
14
|
+
print(hasher.get_dependency_hash(*args["args"]))
|
|
15
|
+
elif args["function"] == "get_pipfile_hash":
|
|
16
|
+
print(hasher.get_pipfile_hash(*args["args"]))
|
|
17
|
+
elif args["function"] == "get_pyproject_hash":
|
|
18
|
+
print(hasher.get_pyproject_hash(*args["args"]))
|
data/helpers/requirements.txt
CHANGED
|
@@ -3,6 +3,7 @@
|
|
|
3
3
|
module Dependabot
|
|
4
4
|
module Python
|
|
5
5
|
class AuthedUrlBuilder
|
|
6
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
|
6
7
|
def self.authed_url(credential:)
|
|
7
8
|
token = credential.fetch("token", nil)
|
|
8
9
|
url = credential.fetch("index-url")
|
|
@@ -16,8 +17,14 @@ module Dependabot
|
|
|
16
17
|
else token
|
|
17
18
|
end
|
|
18
19
|
|
|
20
|
+
if basic_auth_details.include?(":")
|
|
21
|
+
username, _, password = basic_auth_details.partition(":")
|
|
22
|
+
basic_auth_details = "#{CGI.escape(username)}:#{CGI.escape(password)}"
|
|
23
|
+
end
|
|
24
|
+
|
|
19
25
|
url.sub("://", "://#{basic_auth_details}@")
|
|
20
26
|
end
|
|
27
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
|
21
28
|
end
|
|
22
29
|
end
|
|
23
30
|
end
|
|
@@ -11,7 +11,7 @@ module Dependabot
|
|
|
11
11
|
# the Dependabot container.
|
|
12
12
|
SUPPORTED_VERSIONS = %w(
|
|
13
13
|
3.8.5 3.8.4 3.8.3 3.8.2 3.8.1 3.8.0
|
|
14
|
-
3.7.7 3.7.6 3.7.5 3.7.4 3.7.3 3.7.2 3.7.1 3.7.0
|
|
14
|
+
3.7.8 3.7.7 3.7.6 3.7.5 3.7.4 3.7.3 3.7.2 3.7.1 3.7.0
|
|
15
15
|
3.6.9 3.6.8 3.6.7 3.6.6 3.6.5 3.6.4 3.6.3 3.6.2 3.6.1 3.6.0
|
|
16
16
|
3.5.7 3.5.6 3.5.5 3.5.4 3.5.3
|
|
17
17
|
2.7.18 2.7.17 2.7.16 2.7.15 2.7.14 2.7.13
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-python
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.119.0.beta1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-08-20 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.119.0.beta1
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.119.0.beta1
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -94,20 +94,6 @@ dependencies:
|
|
|
94
94
|
- - "~>"
|
|
95
95
|
- !ruby/object:Gem::Version
|
|
96
96
|
version: '1.2'
|
|
97
|
-
- !ruby/object:Gem::Dependency
|
|
98
|
-
name: rspec_junit_formatter
|
|
99
|
-
requirement: !ruby/object:Gem::Requirement
|
|
100
|
-
requirements:
|
|
101
|
-
- - "~>"
|
|
102
|
-
- !ruby/object:Gem::Version
|
|
103
|
-
version: '0.4'
|
|
104
|
-
type: :development
|
|
105
|
-
prerelease: false
|
|
106
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
107
|
-
requirements:
|
|
108
|
-
- - "~>"
|
|
109
|
-
- !ruby/object:Gem::Version
|
|
110
|
-
version: '0.4'
|
|
111
97
|
- !ruby/object:Gem::Dependency
|
|
112
98
|
name: rubocop
|
|
113
99
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -158,6 +144,11 @@ extensions: []
|
|
|
158
144
|
extra_rdoc_files: []
|
|
159
145
|
files:
|
|
160
146
|
- helpers/build
|
|
147
|
+
- helpers/install-dir/python/lib/__init__.py
|
|
148
|
+
- helpers/install-dir/python/lib/hasher.py
|
|
149
|
+
- helpers/install-dir/python/lib/parser.py
|
|
150
|
+
- helpers/install-dir/python/requirements.txt
|
|
151
|
+
- helpers/install-dir/python/run.py
|
|
161
152
|
- helpers/lib/__init__.py
|
|
162
153
|
- helpers/lib/hasher.py
|
|
163
154
|
- helpers/lib/parser.py
|
|
@@ -200,7 +191,7 @@ homepage: https://github.com/dependabot/dependabot-core
|
|
|
200
191
|
licenses:
|
|
201
192
|
- Nonstandard
|
|
202
193
|
metadata: {}
|
|
203
|
-
post_install_message:
|
|
194
|
+
post_install_message:
|
|
204
195
|
rdoc_options: []
|
|
205
196
|
require_paths:
|
|
206
197
|
- lib
|
|
@@ -215,8 +206,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
215
206
|
- !ruby/object:Gem::Version
|
|
216
207
|
version: 2.5.0
|
|
217
208
|
requirements: []
|
|
218
|
-
rubygems_version: 3.
|
|
219
|
-
signing_key:
|
|
209
|
+
rubygems_version: 3.1.4
|
|
210
|
+
signing_key:
|
|
220
211
|
specification_version: 4
|
|
221
212
|
summary: Python support for dependabot
|
|
222
213
|
test_files: []
|