dependabot-python 0.119.1 → 0.119.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/python/authed_url_builder.rb +0 -2
- data/lib/dependabot/python/file_fetcher.rb +2 -2
- data/lib/dependabot/python/file_updater.rb +2 -0
- data/lib/dependabot/python/file_updater/pipfile_file_updater.rb +2 -0
- data/lib/dependabot/python/file_updater/pipfile_preparer.rb +0 -2
- data/lib/dependabot/python/file_updater/pyproject_preparer.rb +2 -2
- data/lib/dependabot/python/file_updater/requirement_replacer.rb +2 -2
- data/lib/dependabot/python/requirement.rb +1 -1
- data/lib/dependabot/python/update_checker/latest_version_finder.rb +2 -0
- data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb +6 -5
- data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb +8 -3
- data/lib/dependabot/python/update_checker/poetry_version_resolver.rb +2 -0
- data/lib/dependabot/python/update_checker/requirements_updater.rb +2 -3
- metadata +6 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d06cc0493e384b4156b2882654820dce32fe9b86e8052941cb908ab9e413299e
|
4
|
+
data.tar.gz: fc6ae7eb998282fea39189db9260f5025dda112a885714d1580c56a411d857da
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ff7c653ba55c0ef7e9d3cabc41bdaf0cdbb9306f2953afcbdc09b11913b0c16e2d213bf09a4794a2c83266dbd0115acb1ffa737c5ba449691c45c2ed3b8c0f5b
|
7
|
+
data.tar.gz: 7d3d0ab6c559a9c9eb2c1680b48a57d9a6443af54b83aa3b3b686530e28548bbacd5413e349a138fcb8eec14dcaa1e0b849f4b607d7e616c6a4349315bf0f197
|
@@ -3,7 +3,6 @@
|
|
3
3
|
module Dependabot
|
4
4
|
module Python
|
5
5
|
class AuthedUrlBuilder
|
6
|
-
# rubocop:disable Metrics/PerceivedComplexity
|
7
6
|
def self.authed_url(credential:)
|
8
7
|
token = credential.fetch("token", nil)
|
9
8
|
url = credential.fetch("index-url")
|
@@ -24,7 +23,6 @@ module Dependabot
|
|
24
23
|
|
25
24
|
url.sub("://", "://#{basic_auth_details}@")
|
26
25
|
end
|
27
|
-
# rubocop:enable Metrics/PerceivedComplexity
|
28
26
|
end
|
29
27
|
end
|
30
28
|
end
|
@@ -350,14 +350,14 @@ module Dependabot
|
|
350
350
|
def parse_path_setup_paths(req_file)
|
351
351
|
uneditable_reqs =
|
352
352
|
req_file.content.
|
353
|
-
scan(/^['"]?(?<path>\..*?)(?=\[|#|'|"|$)/).
|
353
|
+
scan(/^['"]?(?:file:)?(?<path>\..*?)(?=\[|#|'|"|$)/).
|
354
354
|
flatten.
|
355
355
|
map(&:strip).
|
356
356
|
reject { |p| p.include?("://") }
|
357
357
|
|
358
358
|
editable_reqs =
|
359
359
|
req_file.content.
|
360
|
-
scan(/^(?:-e)\s+['"]?(?<path>.*?)(?=\[|#|'|"|$)/).
|
360
|
+
scan(/^(?:-e)\s+['"]?(?:file:)?(?<path>.*?)(?=\[|#|'|"|$)/).
|
361
361
|
flatten.
|
362
362
|
map(&:strip).
|
363
363
|
reject { |p| p.include?("://") || p.include?("git@") }
|
@@ -44,6 +44,7 @@ module Dependabot
|
|
44
44
|
|
45
45
|
private
|
46
46
|
|
47
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
47
48
|
def resolver_type
|
48
49
|
reqs = dependencies.flat_map(&:requirements)
|
49
50
|
changed_reqs = reqs.zip(dependencies.flat_map(&:previous_requirements)).
|
@@ -64,6 +65,7 @@ module Dependabot
|
|
64
65
|
|
65
66
|
:requirements
|
66
67
|
end
|
68
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
67
69
|
|
68
70
|
def subdependency_resolver
|
69
71
|
return :pipfile if pipfile_lock
|
@@ -142,6 +142,7 @@ module Dependabot
|
|
142
142
|
freeze_top_level_dependencies_except(dependencies)
|
143
143
|
end
|
144
144
|
|
145
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
145
146
|
def freeze_dependencies_being_updated(pipfile_content)
|
146
147
|
pipfile_object = TomlRB.parse(pipfile_content)
|
147
148
|
|
@@ -163,6 +164,7 @@ module Dependabot
|
|
163
164
|
|
164
165
|
TomlRB.dump(pipfile_object)
|
165
166
|
end
|
167
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
166
168
|
|
167
169
|
def subdep_type?(type)
|
168
170
|
return false if dependency.top_level?
|
@@ -46,7 +46,6 @@ module Dependabot
|
|
46
46
|
TomlRB.dump(pipfile_object)
|
47
47
|
end
|
48
48
|
|
49
|
-
# rubocop:disable Metrics/PerceivedComplexity
|
50
49
|
def freeze_dependency(dep_name, pipfile_object, keys)
|
51
50
|
locked_version = version_from_lockfile(
|
52
51
|
keys[:lockfile],
|
@@ -66,7 +65,6 @@ module Dependabot
|
|
66
65
|
pipfile_object[keys[:pipfile]][dep_name] = "==#{locked_version}"
|
67
66
|
end
|
68
67
|
end
|
69
|
-
# rubocop:enable Metrics/PerceivedComplexity
|
70
68
|
|
71
69
|
def update_python_requirement(requirement)
|
72
70
|
pipfile_object = TomlRB.parse(pipfile_content)
|
@@ -36,7 +36,7 @@ module Dependabot
|
|
36
36
|
end
|
37
37
|
|
38
38
|
# rubocop:disable Metrics/PerceivedComplexity
|
39
|
-
# rubocop:disable Metrics/
|
39
|
+
# rubocop:disable Metrics/AbcSize
|
40
40
|
def freeze_top_level_dependencies_except(dependencies)
|
41
41
|
return pyproject_content unless lockfile
|
42
42
|
|
@@ -71,8 +71,8 @@ module Dependabot
|
|
71
71
|
|
72
72
|
TomlRB.dump(pyproject_object)
|
73
73
|
end
|
74
|
+
# rubocop:enable Metrics/AbcSize
|
74
75
|
# rubocop:enable Metrics/PerceivedComplexity
|
75
|
-
# rubocop:enable Metrics/CyclomaticComplexity
|
76
76
|
|
77
77
|
private
|
78
78
|
|
@@ -30,8 +30,8 @@ module Dependabot
|
|
30
30
|
updated_dependency_declaration_string
|
31
31
|
end
|
32
32
|
|
33
|
-
|
34
|
-
raise "Expected content to change!"
|
33
|
+
if old_requirement != new_requirement && content == updated_content
|
34
|
+
raise "Expected content to change!"
|
35
35
|
end
|
36
36
|
|
37
37
|
updated_content
|
@@ -100,7 +100,7 @@ module Dependabot
|
|
100
100
|
def convert_caret_req(req_string)
|
101
101
|
version = req_string.gsub(/^\^/, "")
|
102
102
|
parts = version.split(".")
|
103
|
-
parts
|
103
|
+
parts.fill(0, parts.length...3)
|
104
104
|
first_non_zero = parts.find { |d| d != "0" }
|
105
105
|
first_non_zero_index =
|
106
106
|
first_non_zero ? parts.index(first_non_zero) : parts.count - 1
|
@@ -166,6 +166,7 @@ module Dependabot
|
|
166
166
|
end
|
167
167
|
end
|
168
168
|
|
169
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
169
170
|
def version_details_from_link(link)
|
170
171
|
doc = Nokogiri::XML(link)
|
171
172
|
filename = doc.at_css("a")&.content
|
@@ -181,6 +182,7 @@ module Dependabot
|
|
181
182
|
yanked: link&.include?("data-yanked")
|
182
183
|
}
|
183
184
|
end
|
185
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
184
186
|
|
185
187
|
def get_version_from_filename(filename)
|
186
188
|
filename.
|
@@ -97,7 +97,6 @@ module Dependabot
|
|
97
97
|
end
|
98
98
|
end
|
99
99
|
|
100
|
-
# rubocop:disable Metrics/PerceivedComplexity
|
101
100
|
# rubocop:disable Metrics/AbcSize
|
102
101
|
def handle_pip_compile_errors(error)
|
103
102
|
if error.message.include?("Could not find a version")
|
@@ -114,11 +113,14 @@ module Dependabot
|
|
114
113
|
check_original_requirements_resolvable
|
115
114
|
end
|
116
115
|
|
117
|
-
if error.message.include?('Command "python setup.py egg_info') ||
|
118
|
-
|
116
|
+
if (error.message.include?('Command "python setup.py egg_info') ||
|
117
|
+
error.message.include?(
|
118
|
+
"exit status 1: python setup.py egg_info"
|
119
|
+
)) &&
|
120
|
+
check_original_requirements_resolvable
|
119
121
|
# The latest version of the dependency we're updating is borked
|
120
122
|
# (because it has an unevaluatable setup.py). Skip the update.
|
121
|
-
return
|
123
|
+
return
|
122
124
|
end
|
123
125
|
|
124
126
|
if error.message.include?("Could not find a version ") &&
|
@@ -143,7 +145,6 @@ module Dependabot
|
|
143
145
|
raise
|
144
146
|
end
|
145
147
|
|
146
|
-
# rubocop:enable Metrics/PerceivedComplexity
|
147
148
|
# rubocop:enable Metrics/AbcSize
|
148
149
|
|
149
150
|
# Needed because pip-compile's resolver isn't perfect.
|
@@ -152,11 +152,14 @@ module Dependabot
|
|
152
152
|
check_original_requirements_resolvable
|
153
153
|
end
|
154
154
|
|
155
|
-
if error.message.include?('Command "python setup.py egg_info"') ||
|
156
|
-
|
155
|
+
if (error.message.include?('Command "python setup.py egg_info"') ||
|
156
|
+
error.message.include?(
|
157
|
+
"exit status 1: python setup.py egg_info"
|
158
|
+
)) &&
|
159
|
+
check_original_requirements_resolvable
|
157
160
|
# The latest version of the dependency we're updating is borked
|
158
161
|
# (because it has an unevaluatable setup.py). Skip the update.
|
159
|
-
return
|
162
|
+
return
|
160
163
|
end
|
161
164
|
|
162
165
|
if error.message.include?("UnsupportedPythonVersion") &&
|
@@ -332,6 +335,7 @@ module Dependabot
|
|
332
335
|
freeze_top_level_dependencies_except([dependency])
|
333
336
|
end
|
334
337
|
|
338
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
335
339
|
def set_target_dependency_req(pipfile_content, updated_requirement)
|
336
340
|
return pipfile_content unless updated_requirement
|
337
341
|
|
@@ -352,6 +356,7 @@ module Dependabot
|
|
352
356
|
|
353
357
|
TomlRB.dump(pipfile_object)
|
354
358
|
end
|
359
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
355
360
|
|
356
361
|
def subdep_type?(type)
|
357
362
|
return false if dependency.top_level?
|
@@ -258,6 +258,7 @@ module Dependabot
|
|
258
258
|
freeze_top_level_dependencies_except([dependency])
|
259
259
|
end
|
260
260
|
|
261
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
261
262
|
def set_target_dependency_req(pyproject_content, updated_requirement)
|
262
263
|
return pyproject_content unless updated_requirement
|
263
264
|
|
@@ -284,6 +285,7 @@ module Dependabot
|
|
284
285
|
|
285
286
|
TomlRB.dump(pyproject_object)
|
286
287
|
end
|
288
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
287
289
|
|
288
290
|
def subdep_type
|
289
291
|
category =
|
@@ -73,7 +73,6 @@ module Dependabot
|
|
73
73
|
updated_requirement(req)
|
74
74
|
end
|
75
75
|
|
76
|
-
# rubocop:disable Metrics/PerceivedComplexity
|
77
76
|
def updated_pyproject_requirement(req)
|
78
77
|
return req unless latest_resolvable_version
|
79
78
|
return req unless req.fetch(:requirement)
|
@@ -99,8 +98,6 @@ module Dependabot
|
|
99
98
|
req.merge(requirement: :unfixable)
|
100
99
|
end
|
101
100
|
|
102
|
-
# rubocop:enable Metrics/PerceivedComplexity
|
103
|
-
|
104
101
|
def update_pyproject_version(req)
|
105
102
|
requirement_strings = req[:requirement].split(",").map(&:strip)
|
106
103
|
|
@@ -160,6 +157,7 @@ module Dependabot
|
|
160
157
|
"#{req_string.strip} || #{new_option.strip}"
|
161
158
|
end
|
162
159
|
|
160
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
163
161
|
def widen_requirement_range(req_string)
|
164
162
|
requirement_strings = req_string.split(",").map(&:strip)
|
165
163
|
|
@@ -179,6 +177,7 @@ module Dependabot
|
|
179
177
|
update_requirements_range(requirement_strings)
|
180
178
|
end
|
181
179
|
end
|
180
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
182
181
|
|
183
182
|
# rubocop:disable Metrics/PerceivedComplexity
|
184
183
|
def updated_requirement(req)
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-python
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.119.
|
4
|
+
version: 0.119.6
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-09-21 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.119.
|
19
|
+
version: 0.119.6
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.119.
|
26
|
+
version: 0.119.6
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -100,14 +100,14 @@ dependencies:
|
|
100
100
|
requirements:
|
101
101
|
- - "~>"
|
102
102
|
- !ruby/object:Gem::Version
|
103
|
-
version: 0.
|
103
|
+
version: 0.90.0
|
104
104
|
type: :development
|
105
105
|
prerelease: false
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
107
107
|
requirements:
|
108
108
|
- - "~>"
|
109
109
|
- !ruby/object:Gem::Version
|
110
|
-
version: 0.
|
110
|
+
version: 0.90.0
|
111
111
|
- !ruby/object:Gem::Dependency
|
112
112
|
name: vcr
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|