dependabot-python 0.119.0.beta1 → 0.119.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0c443c75018adfd2cf364c97de4ef952789b4b1d279c9ef325ee181e8f46cd56
-  data.tar.gz: 3ef40c7a0ac388eea5b3a2ea5b70ca5019a0110088fae84e5913c2584d37eb8d
+  metadata.gz: f201c4255c524ae0ecbbfc557cdf318b8efc552d6ac6abb2e713d81e95e1cb27
+  data.tar.gz: 627aaaa1ad891da06db8d67f5927d72f09b635cb5f57cf1b0a45068dde6861ad
 SHA512:
-  metadata.gz: 13bcdc6647e905be59181cac53a5e79073531940e291684b9431b68bbb16702871d56c964ea4ba4cdee736ec74f050db09b94bd0ba2b370813e5c4ae9cf7e144
-  data.tar.gz: 8f7113e04bf9c2c2fd727ecba7c7240d1f7f518237f4c8361531370e3fa86fb712d22544bbfe5751fee6296749c3dfc179c786bdd41a3db241d164a5cd5fb6ca
+  metadata.gz: 6d742f3fd17de985eda66beac0c1e950fdde39d4a12bb2ad84a5fd15effb15b8fec6c7a9f3dd70941dd6367d1119bd8a74911c008cdd11f95a6d70d50a60795d
+  data.tar.gz: 945f396b17b6175c8139fa4dab6da997f281fe84f4618bbedc5ec3161f5138c6fd50a2b2344098ae5a10b156f21410d24be850e0a9677b2fd9e9aa7b2de8626c

data/helpers/requirements.txt

@@ -3,7 +3,7 @@ pip-tools==5.3.1
 hashin==0.15.0
 pipenv==2018.11.26
 pipfile==0.0.2
-poetry==1.0.9
+poetry==1.0.10
 
 # Some dependencies will only install if Cython is present
 Cython==0.29.21

data/lib/dependabot/python/authed_url_builder.rb

@@ -3,7 +3,6 @@
 module Dependabot
   module Python
     class AuthedUrlBuilder
-      # rubocop:disable Metrics/PerceivedComplexity
       def self.authed_url(credential:)
         token = credential.fetch("token", nil)
         url = credential.fetch("index-url")
@@ -24,7 +23,6 @@ module Dependabot
 
         url.sub("://", "://#{basic_auth_details}@")
       end
-      # rubocop:enable Metrics/PerceivedComplexity
     end
   end
 end

data/lib/dependabot/python/file_fetcher.rb

@@ -350,14 +350,14 @@ module Dependabot
       def parse_path_setup_paths(req_file)
         uneditable_reqs =
           req_file.content.
-          scan(/^['"]?(?<path>\..*?)(?=\[|#|'|"|$)/).
+          scan(/^['"]?(?:file:)?(?<path>\..*?)(?=\[|#|'|"|$)/).
           flatten.
           map(&:strip).
           reject { |p| p.include?("://") }
 
         editable_reqs =
           req_file.content.
-          scan(/^(?:-e)\s+['"]?(?<path>.*?)(?=\[|#|'|"|$)/).
+          scan(/^(?:-e)\s+['"]?(?:file:)?(?<path>.*?)(?=\[|#|'|"|$)/).
           flatten.
           map(&:strip).
           reject { |p| p.include?("://") || p.include?("git@") }

data/lib/dependabot/python/file_updater.rb

@@ -44,6 +44,7 @@ module Dependabot
 
       private
 
+      # rubocop:disable Metrics/PerceivedComplexity
       def resolver_type
         reqs = dependencies.flat_map(&:requirements)
         changed_reqs = reqs.zip(dependencies.flat_map(&:previous_requirements)).
@@ -64,6 +65,7 @@ module Dependabot
 
         :requirements
       end
+      # rubocop:enable Metrics/PerceivedComplexity
 
       def subdependency_resolver
         return :pipfile if pipfile_lock

data/lib/dependabot/python/file_updater/pipfile_file_updater.rb

@@ -142,6 +142,7 @@ module Dependabot
             freeze_top_level_dependencies_except(dependencies)
         end
 
+        # rubocop:disable Metrics/PerceivedComplexity
         def freeze_dependencies_being_updated(pipfile_content)
           pipfile_object = TomlRB.parse(pipfile_content)
 
@@ -163,6 +164,7 @@ module Dependabot
 
           TomlRB.dump(pipfile_object)
         end
+        # rubocop:enable Metrics/PerceivedComplexity
 
         def subdep_type?(type)
           return false if dependency.top_level?

data/lib/dependabot/python/file_updater/pipfile_preparer.rb

@@ -46,7 +46,6 @@ module Dependabot
           TomlRB.dump(pipfile_object)
         end
 
-        # rubocop:disable Metrics/PerceivedComplexity
         def freeze_dependency(dep_name, pipfile_object, keys)
           locked_version = version_from_lockfile(
             keys[:lockfile],
@@ -66,7 +65,6 @@ module Dependabot
             pipfile_object[keys[:pipfile]][dep_name] = "==#{locked_version}"
           end
         end
-        # rubocop:enable Metrics/PerceivedComplexity
 
         def update_python_requirement(requirement)
           pipfile_object = TomlRB.parse(pipfile_content)

data/lib/dependabot/python/file_updater/pyproject_preparer.rb

@@ -36,7 +36,7 @@ module Dependabot
         end
 
         # rubocop:disable Metrics/PerceivedComplexity
-        # rubocop:disable Metrics/CyclomaticComplexity
+        # rubocop:disable Metrics/AbcSize
         def freeze_top_level_dependencies_except(dependencies)
           return pyproject_content unless lockfile
 
@@ -71,8 +71,8 @@ module Dependabot
 
           TomlRB.dump(pyproject_object)
         end
+        # rubocop:enable Metrics/AbcSize
         # rubocop:enable Metrics/PerceivedComplexity
-        # rubocop:enable Metrics/CyclomaticComplexity
 
         private
 

data/lib/dependabot/python/file_updater/requirement_replacer.rb

@@ -30,8 +30,8 @@ module Dependabot
               updated_dependency_declaration_string
             end
 
-          unless old_requirement == new_requirement
-            raise "Expected content to change!" if content == updated_content
+          if old_requirement != new_requirement && content == updated_content
+            raise "Expected content to change!"
           end
 
           updated_content

data/lib/dependabot/python/requirement.rb

@@ -100,7 +100,7 @@ module Dependabot
       def convert_caret_req(req_string)
         version = req_string.gsub(/^\^/, "")
         parts = version.split(".")
-        parts = parts.fill(0, parts.length...3)
+        parts.fill(0, parts.length...3)
         first_non_zero = parts.find { |d| d != "0" }
         first_non_zero_index =
           first_non_zero ? parts.index(first_non_zero) : parts.count - 1

data/lib/dependabot/python/update_checker/latest_version_finder.rb

@@ -166,6 +166,7 @@ module Dependabot
             end
         end
 
+        # rubocop:disable Metrics/PerceivedComplexity
         def version_details_from_link(link)
           doc = Nokogiri::XML(link)
           filename = doc.at_css("a")&.content
@@ -181,6 +182,7 @@ module Dependabot
             yanked: link&.include?("data-yanked")
           }
         end
+        # rubocop:enable Metrics/PerceivedComplexity
 
         def get_version_from_filename(filename)
           filename.

data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb

@@ -97,7 +97,6 @@ module Dependabot
             end
         end
 
-        # rubocop:disable Metrics/PerceivedComplexity
         # rubocop:disable Metrics/AbcSize
         def handle_pip_compile_errors(error)
           if error.message.include?("Could not find a version")
@@ -114,11 +113,14 @@ module Dependabot
             check_original_requirements_resolvable
           end
 
-          if error.message.include?('Command "python setup.py egg_info') ||
-             error.message.include?("exit status 1: python setup.py egg_info")
+          if (error.message.include?('Command "python setup.py egg_info') ||
+              error.message.include?(
+                "exit status 1: python setup.py egg_info"
+              )) &&
+             check_original_requirements_resolvable
             # The latest version of the dependency we're updating is borked
             # (because it has an unevaluatable setup.py). Skip the update.
-            return if check_original_requirements_resolvable
+            return
           end
 
           if error.message.include?("Could not find a version ") &&
@@ -143,7 +145,6 @@ module Dependabot
           raise
         end
 
-        # rubocop:enable Metrics/PerceivedComplexity
         # rubocop:enable Metrics/AbcSize
 
         # Needed because pip-compile's resolver isn't perfect.

data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb

@@ -152,11 +152,14 @@ module Dependabot
             check_original_requirements_resolvable
           end
 
-          if error.message.include?('Command "python setup.py egg_info"') ||
-             error.message.include?("exit status 1: python setup.py egg_info")
+          if (error.message.include?('Command "python setup.py egg_info"') ||
+              error.message.include?(
+                "exit status 1: python setup.py egg_info"
+              )) &&
+             check_original_requirements_resolvable
             # The latest version of the dependency we're updating is borked
             # (because it has an unevaluatable setup.py). Skip the update.
-            return if check_original_requirements_resolvable
+            return
           end
 
           if error.message.include?("UnsupportedPythonVersion") &&
@@ -332,6 +335,7 @@ module Dependabot
             freeze_top_level_dependencies_except([dependency])
         end
 
+        # rubocop:disable Metrics/PerceivedComplexity
         def set_target_dependency_req(pipfile_content, updated_requirement)
           return pipfile_content unless updated_requirement
 
@@ -352,6 +356,7 @@ module Dependabot
 
           TomlRB.dump(pipfile_object)
         end
+        # rubocop:enable Metrics/PerceivedComplexity
 
         def subdep_type?(type)
           return false if dependency.top_level?

data/lib/dependabot/python/update_checker/poetry_version_resolver.rb

@@ -22,12 +22,18 @@ module Dependabot
     class UpdateChecker
       # This class does version resolution for pyproject.toml files.
       class PoetryVersionResolver
-        GIT_REFERENCE_NOT_FOUND_REGEX =
-          /'git'.*pypoetry-git-(?<name>.+?).{8}','checkout','(?<tag>.+?)'/.
-          freeze
-        GIT_DEPENDENCY_UNREACHABLE_REGEX =
-          /'\['git',\s+'clone',\s+'(?<url>.+?)'.*\s+exit\s+status\s+128/m.
-          freeze
+        GIT_REFERENCE_NOT_FOUND_REGEX = /
+          'git'.*pypoetry-git-(?<name>.+?).{8}',
+          'checkout',
+          '(?<tag>.+?)'
+        /x.freeze
+        GIT_DEPENDENCY_UNREACHABLE_REGEX = /
+            '\['git',
+            \s+'clone',
+            \s+'--recurse-submodules',
+            \s+'(?<url>.+?)'.*
+            \s+exit\s+status\s+128
+          /mx.freeze
 
         attr_reader :dependency, :dependency_files, :credentials
 
@@ -252,6 +258,7 @@ module Dependabot
             freeze_top_level_dependencies_except([dependency])
         end
 
+        # rubocop:disable Metrics/PerceivedComplexity
         def set_target_dependency_req(pyproject_content, updated_requirement)
           return pyproject_content unless updated_requirement
 
@@ -278,6 +285,7 @@ module Dependabot
 
           TomlRB.dump(pyproject_object)
         end
+        # rubocop:enable Metrics/PerceivedComplexity
 
         def subdep_type
           category =

data/lib/dependabot/python/update_checker/requirements_updater.rb

@@ -73,7 +73,6 @@ module Dependabot
           updated_requirement(req)
         end
 
-        # rubocop:disable Metrics/PerceivedComplexity
         def updated_pyproject_requirement(req)
           return req unless latest_resolvable_version
           return req unless req.fetch(:requirement)
@@ -99,8 +98,6 @@ module Dependabot
           req.merge(requirement: :unfixable)
         end
 
-        # rubocop:enable Metrics/PerceivedComplexity
-
         def update_pyproject_version(req)
           requirement_strings = req[:requirement].split(",").map(&:strip)
 
@@ -160,6 +157,7 @@ module Dependabot
           "#{req_string.strip} || #{new_option.strip}"
         end
 
+        # rubocop:disable Metrics/PerceivedComplexity
         def widen_requirement_range(req_string)
           requirement_strings = req_string.split(",").map(&:strip)
 
@@ -179,6 +177,7 @@ module Dependabot
             update_requirements_range(requirement_strings)
           end
         end
+        # rubocop:enable Metrics/PerceivedComplexity
 
         # rubocop:disable Metrics/PerceivedComplexity
         def updated_requirement(req)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-python
 version: !ruby/object:Gem::Version
-  version: 0.119.0.beta1
+  version: 0.119.4
 platform: ruby
 authors:
 - Dependabot
-autorequire:
+autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-08-20 00:00:00.000000000 Z
+date: 2020-09-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.119.0.beta1
+        version: 0.119.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.119.0.beta1
+        version: 0.119.4
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
@@ -100,14 +100,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.88.0
+        version: 0.90.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.88.0
+        version: 0.90.0
 - !ruby/object:Gem::Dependency
   name: vcr
   requirement: !ruby/object:Gem::Requirement
@@ -144,11 +144,6 @@ extensions: []
 extra_rdoc_files: []
 files:
 - helpers/build
-- helpers/install-dir/python/lib/__init__.py
-- helpers/install-dir/python/lib/hasher.py
-- helpers/install-dir/python/lib/parser.py
-- helpers/install-dir/python/requirements.txt
-- helpers/install-dir/python/run.py
 - helpers/lib/__init__.py
 - helpers/lib/hasher.py
 - helpers/lib/parser.py
@@ -191,7 +186,7 @@ homepage: https://github.com/dependabot/dependabot-core
 licenses:
 - Nonstandard
 metadata: {}
-post_install_message:
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -206,8 +201,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 2.5.0
 requirements: []
-rubygems_version: 3.1.4
-signing_key:
+rubygems_version: 3.1.2
+signing_key: 
 specification_version: 4
 summary: Python support for dependabot
 test_files: []

data/helpers/install-dir/python/lib/hasher.py

@@ -1,24 +0,0 @@
-import hashin
-import json
-import pipfile
-from poetry.poetry import Poetry
-from poetry.factory import Factory
-
-def get_dependency_hash(dependency_name, dependency_version, algorithm):
-    hashes = hashin.get_package_hashes(
-        dependency_name,
-        version=dependency_version,
-        algorithm=algorithm
-    )
-
-    return json.dumps({ "result": hashes["hashes"] })
-
-def get_pipfile_hash(directory):
-    p = pipfile.load(directory + '/Pipfile')
-
-    return json.dumps({ "result": p.hash })
-
-def get_pyproject_hash(directory):
-    p = Factory().create_poetry(directory)
-
-    return json.dumps({ "result": p.locker._get_content_hash() })

data/helpers/install-dir/python/lib/parser.py

@@ -1,138 +0,0 @@
-from itertools import chain
-import glob
-import io
-import json
-import optparse
-import os.path
-import re
-
-import setuptools
-import pip._internal.req.req_file
-from pip._internal.network.session import PipSession
-from pip._internal.models.format_control import FormatControl
-from pip._internal.req.constructors import (
-        install_req_from_line,
-        install_req_from_parsed_requirement,
-)
-
-def parse_requirements(directory):
-    # Parse the requirements.txt
-    requirement_packages = []
-    requirement_files = glob.glob(os.path.join(directory, '*.txt')) \
-                        + glob.glob(os.path.join(directory, '**', '*.txt'))
-
-    pip_compile_files = glob.glob(os.path.join(directory, '*.in')) \
-                        + glob.glob(os.path.join(directory, '**', '*.in'))
-
-    def version_from_install_req(install_req):
-        if install_req.is_pinned:
-            return next(iter(install_req.specifier)).version
-
-    for reqs_file in requirement_files + pip_compile_files:
-        try:
-            requirements = pip._internal.req.req_file.parse_requirements(
-                reqs_file,
-                session=PipSession()
-            )
-            for parsed_req in requirements:
-                install_req = install_req_from_parsed_requirement(parsed_req)
-                if install_req.original_link:
-                    continue
-
-                pattern = r"-[cr] (.*) \(line \d+\)"
-                abs_path = re.search(pattern, install_req.comes_from).group(1)
-                rel_path = os.path.relpath(abs_path, directory)
-
-                requirement_packages.append({
-                    "name": install_req.req.name,
-                    "version": version_from_install_req(install_req),
-                    "markers": str(install_req.markers) or None,
-                    "file": rel_path,
-                    "requirement": str(install_req.specifier) or None,
-                    "extras": sorted(list(install_req.extras))
-                })
-        except Exception as e:
-            print(json.dumps({ "error": repr(e) }))
-            exit(1)
-
-    return json.dumps({ "result": requirement_packages })
-
-def parse_setup(directory):
-    # Parse the setup.py
-    setup_packages = []
-    if os.path.isfile(directory + '/setup.py'):
-        def version_from_install_req(install_req):
-            if install_req.is_pinned:
-                return next(iter(install_req.specifier)).version
-
-        def parse_requirement(req, req_type):
-            install_req = install_req_from_line(req)
-            if install_req.original_link:
-                return
-
-            setup_packages.append({
-                "name": install_req.req.name,
-                "version": version_from_install_req(install_req),
-                "markers": str(install_req.markers) or None,
-                "file": "setup.py",
-                "requirement": str(install_req.specifier) or None,
-                "requirement_type": req_type,
-                "extras": sorted(list(install_req.extras))
-            })
-
-        def setup(*args, **kwargs):
-            for arg in ['setup_requires', 'install_requires', 'tests_require']:
-                if not kwargs.get(arg):
-                    continue
-                for req in kwargs.get(arg):
-                    parse_requirement(req, arg)
-            extras_require_dict = kwargs.get('extras_require', {})
-            for key in extras_require_dict:
-                for req in extras_require_dict[key]:
-                    parse_requirement(req, 'extras_require:{}'.format(key))
-        setuptools.setup = setup
-
-        def noop(*args, **kwargs):
-            pass
-
-        def fake_parse(*args, **kwargs):
-            return []
-
-        global fake_open
-        def fake_open(*args, **kwargs):
-            content = ("VERSION = ('0', '0', '1+dependabot')\n"
-                       "__version__ = '0.0.1+dependabot'\n"
-                       "__author__ = 'someone'\n"
-                       "__title__ = 'something'\n"
-                       "__description__ = 'something'\n"
-                       "__author_email__ = 'something'\n"
-                       "__license__ = 'something'\n"
-                       "__url__ = 'something'\n")
-            return io.StringIO(content)
-
-        content = open(directory + '/setup.py', 'r').read()
-
-        # Remove `print`, `open`, `log` and import statements
-        content = re.sub(r"print\s*\(", "noop(", content)
-        content = re.sub(r"log\s*(\.\w+)*\(", "noop(", content)
-        content = re.sub(r"\b(\w+\.)*(open|file)\s*\(", "fake_open(", content)
-        content = content.replace("parse_requirements(", "fake_parse(")
-        version_re = re.compile(r"^.*import.*__version__.*$", re.MULTILINE)
-        content = re.sub(version_re, "", content)
-
-        # Set variables likely to be imported
-        __version__ = '0.0.1+dependabot'
-        __author__ = 'someone'
-        __title__ = 'something'
-        __description__ = 'something'
-        __author_email__ = 'something'
-        __license__ = 'something'
-        __url__ = 'something'
-
-        # Run as main (since setup.py is a script)
-        __name__ = '__main__'
-
-        # Exec the setup.py
-        exec(content) in globals(), locals()
-
-    return json.dumps({ "result": setup_packages })

data/helpers/install-dir/python/requirements.txt

@@ -1,9 +0,0 @@
-pip==20.1.1
-pip-tools==5.3.0
-hashin==0.15.0
-pipenv==2018.11.26
-pipfile==0.0.2
-poetry==1.0.10
-
-# Some dependencies will only install if Cython is present
-Cython==0.29.21

data/helpers/install-dir/python/run.py

@@ -1,18 +0,0 @@
-import sys
-import json
-
-from lib import parser, hasher
-
-if __name__ == "__main__":
-    args = json.loads(sys.stdin.read())
-
-    if args["function"] == "parse_requirements":
-        print(parser.parse_requirements(args["args"][0]))
-    if args["function"] == "parse_setup":
-        print(parser.parse_setup(args["args"][0]))
-    elif args["function"] == "get_dependency_hash":
-        print(hasher.get_dependency_hash(*args["args"]))
-    elif args["function"] == "get_pipfile_hash":
-        print(hasher.get_pipfile_hash(*args["args"]))
-    elif args["function"] == "get_pyproject_hash":
-        print(hasher.get_pyproject_hash(*args["args"]))