dependabot-python 0.124.5 → 0.125.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/python/file_fetcher.rb +2 -6
- data/lib/dependabot/python/file_parser/setup_file_parser.rb +1 -3
- data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb +21 -32
- data/lib/dependabot/python/file_updater/pipfile_file_updater.rb +3 -9
- data/lib/dependabot/python/file_updater/poetry_file_updater.rb +1 -3
- data/lib/dependabot/python/file_updater/requirement_replacer.rb +3 -9
- data/lib/dependabot/python/python_versions.rb +2 -2
- data/lib/dependabot/python/update_checker.rb +3 -9
- data/lib/dependabot/python/update_checker/index_finder.rb +1 -3
- data/lib/dependabot/python/update_checker/latest_version_finder.rb +1 -3
- data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb +12 -26
- data/lib/dependabot/python/update_checker/pip_version_resolver.rb +1 -3
- data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb +7 -11
- data/lib/dependabot/python/update_checker/poetry_version_resolver.rb +6 -8
- data/lib/dependabot/python/update_checker/requirements_updater.rb +2 -6
- data/lib/dependabot/python/version.rb +1 -5
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d63cab58ba9012b42f69237f7ff203223a7658f35533da97f6260ea045631062
|
|
4
|
+
data.tar.gz: 75bb5f0e238c2bad82f6da37b60f13796dc7a5686fa9268267cbac8f5f97ffb7
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6e2afcc22f49f2e2d500704dbd94e81f0dde22ead8b4f7a60bca823843a05bcd4569d94b38922e2a927723081023496c731e2bae4b0d9b09db01c7d98f8c0eca
|
|
7
|
+
data.tar.gz: c28a5f366b7a00ac6e90fcf348e18927d88e74f5280e393da2817513e22fd72d17942c4d04f2002a9e1fdacfac2d43724137f9247fe1ba9c8da979e10df64005
|
|
@@ -76,9 +76,7 @@ module Dependabot
|
|
|
76
76
|
end
|
|
77
77
|
|
|
78
78
|
def check_required_files_present
|
|
79
|
-
if requirements_txt_files.any? || setup_file || pipfile || pyproject
|
|
80
|
-
return
|
|
81
|
-
end
|
|
79
|
+
return if requirements_txt_files.any? || setup_file || pipfile || pyproject
|
|
82
80
|
|
|
83
81
|
path = Pathname.new(File.join(directory, "requirements.txt")).
|
|
84
82
|
cleanpath.to_path
|
|
@@ -268,9 +266,7 @@ module Dependabot
|
|
|
268
266
|
unfetchable_files << e.file_path.gsub(%r{^/}, "")
|
|
269
267
|
end
|
|
270
268
|
|
|
271
|
-
if unfetchable_files.any?
|
|
272
|
-
raise Dependabot::PathDependenciesNotReachable, unfetchable_files
|
|
273
|
-
end
|
|
269
|
+
raise Dependabot::PathDependenciesNotReachable, unfetchable_files if unfetchable_files.any?
|
|
274
270
|
|
|
275
271
|
path_setup_files
|
|
276
272
|
end
|
|
@@ -69,9 +69,7 @@ module Dependabot
|
|
|
69
69
|
requirements
|
|
70
70
|
end
|
|
71
71
|
rescue SharedHelpers::HelperSubprocessFailed => e
|
|
72
|
-
if e.message.start_with?("InstallationError")
|
|
73
|
-
raise Dependabot::DependencyFileNotEvaluatable, e.message
|
|
74
|
-
end
|
|
72
|
+
raise Dependabot::DependencyFileNotEvaluatable, e.message if e.message.start_with?("InstallationError")
|
|
75
73
|
|
|
76
74
|
parsed_sanitized_setup_file
|
|
77
75
|
end
|
|
@@ -78,7 +78,7 @@ module Dependabot
|
|
|
78
78
|
run_pip_compile_command(
|
|
79
79
|
"#{SharedHelpers.escape_command(name_part)}=="\
|
|
80
80
|
"#{SharedHelpers.escape_command(version_part)}",
|
|
81
|
-
|
|
81
|
+
allow_unsafe_shell_command: true
|
|
82
82
|
)
|
|
83
83
|
# Run pip-compile a second time, without an update argument, to
|
|
84
84
|
# ensure it resets the right comments.
|
|
@@ -142,9 +142,13 @@ module Dependabot
|
|
|
142
142
|
).updated_dependency_files
|
|
143
143
|
end
|
|
144
144
|
|
|
145
|
-
def run_command(cmd, env: python_env,
|
|
145
|
+
def run_command(cmd, env: python_env, allow_unsafe_shell_command: false)
|
|
146
146
|
start = Time.now
|
|
147
|
-
command =
|
|
147
|
+
command = if allow_unsafe_shell_command
|
|
148
|
+
cmd
|
|
149
|
+
else
|
|
150
|
+
SharedHelpers.escape_command(cmd)
|
|
151
|
+
end
|
|
148
152
|
stdout, process = Open3.capture2e(env, command)
|
|
149
153
|
time_taken = Time.now - start
|
|
150
154
|
|
|
@@ -160,9 +164,12 @@ module Dependabot
|
|
|
160
164
|
)
|
|
161
165
|
end
|
|
162
166
|
|
|
163
|
-
def run_pip_compile_command(command,
|
|
167
|
+
def run_pip_compile_command(command, allow_unsafe_shell_command: false)
|
|
164
168
|
run_command("pyenv local #{python_version}")
|
|
165
|
-
run_command(
|
|
169
|
+
run_command(
|
|
170
|
+
command,
|
|
171
|
+
allow_unsafe_shell_command: allow_unsafe_shell_command
|
|
172
|
+
)
|
|
166
173
|
rescue SharedHelpers::HelperSubprocessFailed => e
|
|
167
174
|
original_error ||= e
|
|
168
175
|
msg = e.message
|
|
@@ -230,9 +237,7 @@ module Dependabot
|
|
|
230
237
|
end
|
|
231
238
|
|
|
232
239
|
def install_required_python
|
|
233
|
-
if run_command("pyenv versions").include?("#{python_version}\n")
|
|
234
|
-
return
|
|
235
|
-
end
|
|
240
|
+
return if run_command("pyenv versions").include?("#{python_version}\n")
|
|
236
241
|
|
|
237
242
|
run_command("pyenv install -s #{python_version}")
|
|
238
243
|
run_command("pyenv exec pip install -r "\
|
|
@@ -241,9 +246,7 @@ module Dependabot
|
|
|
241
246
|
|
|
242
247
|
def sanitized_setup_file_content(file)
|
|
243
248
|
@sanitized_setup_file_content ||= {}
|
|
244
|
-
if @sanitized_setup_file_content[file.name]
|
|
245
|
-
return @sanitized_setup_file_content[file.name]
|
|
246
|
-
end
|
|
249
|
+
return @sanitized_setup_file_content[file.name] if @sanitized_setup_file_content[file.name]
|
|
247
250
|
|
|
248
251
|
@sanitized_setup_file_content[file.name] =
|
|
249
252
|
SetupFileSanitizer.
|
|
@@ -333,9 +336,7 @@ module Dependabot
|
|
|
333
336
|
def remove_new_warnings(updated_content, original_content)
|
|
334
337
|
content = updated_content
|
|
335
338
|
|
|
336
|
-
if content.match?(WARNINGS) && !original_content.match?(WARNINGS)
|
|
337
|
-
content = content.sub(WARNINGS, "\n")
|
|
338
|
-
end
|
|
339
|
+
content = content.sub(WARNINGS, "\n") if content.match?(WARNINGS) && !original_content.match?(WARNINGS)
|
|
339
340
|
|
|
340
341
|
if content.match?(UNSAFE_NOTE) &&
|
|
341
342
|
!original_content.match?(UNSAFE_NOTE)
|
|
@@ -435,25 +436,15 @@ module Dependabot
|
|
|
435
436
|
def pip_compile_options_from_compiled_file(requirements_file)
|
|
436
437
|
options = ["--output-file=#{requirements_file.name}"]
|
|
437
438
|
|
|
438
|
-
unless requirements_file.content.include?("index-url http")
|
|
439
|
-
options << "--no-index"
|
|
440
|
-
end
|
|
439
|
+
options << "--no-index" unless requirements_file.content.include?("index-url http")
|
|
441
440
|
|
|
442
|
-
if requirements_file.content.include?("--hash=sha")
|
|
443
|
-
options << "--generate-hashes"
|
|
444
|
-
end
|
|
441
|
+
options << "--generate-hashes" if requirements_file.content.include?("--hash=sha")
|
|
445
442
|
|
|
446
|
-
if includes_unsafe_packages?(requirements_file.content)
|
|
447
|
-
options << "--allow-unsafe"
|
|
448
|
-
end
|
|
443
|
+
options << "--allow-unsafe" if includes_unsafe_packages?(requirements_file.content)
|
|
449
444
|
|
|
450
|
-
unless requirements_file.content.include?("# via ")
|
|
451
|
-
options << "--no-annotate"
|
|
452
|
-
end
|
|
445
|
+
options << "--no-annotate" unless requirements_file.content.include?("# via ")
|
|
453
446
|
|
|
454
|
-
unless requirements_file.content.include?("autogenerated by pip-c")
|
|
455
|
-
options << "--no-header"
|
|
456
|
-
end
|
|
447
|
+
options << "--no-header" unless requirements_file.content.include?("autogenerated by pip-c")
|
|
457
448
|
|
|
458
449
|
options << "--pre" if requirements_file.content.include?("--pre")
|
|
459
450
|
options
|
|
@@ -568,9 +559,7 @@ module Dependabot
|
|
|
568
559
|
end
|
|
569
560
|
|
|
570
561
|
def user_specified_python_version
|
|
571
|
-
unless python_requirement_parser.user_specified_requirements.any?
|
|
572
|
-
return
|
|
573
|
-
end
|
|
562
|
+
return unless python_requirement_parser.user_specified_requirements.any?
|
|
574
563
|
|
|
575
564
|
user_specified_requirements =
|
|
576
565
|
python_requirement_parser.user_specified_requirements.
|
|
@@ -49,9 +49,7 @@ module Dependabot
|
|
|
49
49
|
end
|
|
50
50
|
|
|
51
51
|
if lockfile
|
|
52
|
-
if lockfile.content == updated_lockfile_content
|
|
53
|
-
raise "Expected Pipfile.lock to change!"
|
|
54
|
-
end
|
|
52
|
+
raise "Expected Pipfile.lock to change!" if lockfile.content == updated_lockfile_content
|
|
55
53
|
|
|
56
54
|
updated_files <<
|
|
57
55
|
updated_file(file: lockfile, content: updated_lockfile_content)
|
|
@@ -330,9 +328,7 @@ module Dependabot
|
|
|
330
328
|
nil
|
|
331
329
|
end
|
|
332
330
|
|
|
333
|
-
if run_command("pyenv versions").include?("#{python_version}\n")
|
|
334
|
-
return
|
|
335
|
-
end
|
|
331
|
+
return if run_command("pyenv versions").include?("#{python_version}\n")
|
|
336
332
|
|
|
337
333
|
requirements_path = NativeHelpers.python_requirements_path
|
|
338
334
|
run_command("pyenv install -s #{python_version}")
|
|
@@ -341,9 +337,7 @@ module Dependabot
|
|
|
341
337
|
|
|
342
338
|
def sanitized_setup_file_content(file)
|
|
343
339
|
@sanitized_setup_file_content ||= {}
|
|
344
|
-
if @sanitized_setup_file_content[file.name]
|
|
345
|
-
return @sanitized_setup_file_content[file.name]
|
|
346
|
-
end
|
|
340
|
+
return @sanitized_setup_file_content[file.name] if @sanitized_setup_file_content[file.name]
|
|
347
341
|
|
|
348
342
|
@sanitized_setup_file_content[file.name] =
|
|
349
343
|
SetupFileSanitizer.
|
|
@@ -51,9 +51,7 @@ module Dependabot
|
|
|
51
51
|
)
|
|
52
52
|
end
|
|
53
53
|
|
|
54
|
-
if lockfile && lockfile.content == updated_lockfile_content
|
|
55
|
-
raise "Expected lockfile to change!"
|
|
56
|
-
end
|
|
54
|
+
raise "Expected lockfile to change!" if lockfile && lockfile.content == updated_lockfile_content
|
|
57
55
|
|
|
58
56
|
if lockfile
|
|
59
57
|
updated_files <<
|
|
@@ -30,9 +30,7 @@ module Dependabot
|
|
|
30
30
|
updated_dependency_declaration_string
|
|
31
31
|
end
|
|
32
32
|
|
|
33
|
-
if old_requirement != new_requirement && content == updated_content
|
|
34
|
-
raise "Expected content to change!"
|
|
35
|
-
end
|
|
33
|
+
raise "Expected content to change!" if old_requirement != new_requirement && content == updated_content
|
|
36
34
|
|
|
37
35
|
updated_content
|
|
38
36
|
end
|
|
@@ -49,9 +47,7 @@ module Dependabot
|
|
|
49
47
|
def updated_requirement_string
|
|
50
48
|
new_req_string = new_requirement
|
|
51
49
|
|
|
52
|
-
if add_space_after_commas?
|
|
53
|
-
new_req_string = new_req_string.gsub(/,\s*/, ", ")
|
|
54
|
-
end
|
|
50
|
+
new_req_string = new_req_string.gsub(/,\s*/, ", ") if add_space_after_commas?
|
|
55
51
|
|
|
56
52
|
if add_space_after_operators?
|
|
57
53
|
new_req_string =
|
|
@@ -75,9 +71,7 @@ module Dependabot
|
|
|
75
71
|
end
|
|
76
72
|
end
|
|
77
73
|
|
|
78
|
-
unless update_hashes? && requirement_includes_hashes?(old_req)
|
|
79
|
-
return updated_string
|
|
80
|
-
end
|
|
74
|
+
return updated_string unless update_hashes? && requirement_includes_hashes?(old_req)
|
|
81
75
|
|
|
82
76
|
updated_string.sub(
|
|
83
77
|
RequirementParser::HASHES,
|
|
@@ -13,8 +13,8 @@ module Dependabot
|
|
|
13
13
|
3.9.0
|
|
14
14
|
3.8.6 3.8.5 3.8.4 3.8.3 3.8.2 3.8.1 3.8.0
|
|
15
15
|
3.7.9 3.7.8 3.7.7 3.7.6 3.7.5 3.7.4 3.7.3 3.7.2 3.7.1 3.7.0
|
|
16
|
-
3.6.
|
|
17
|
-
3.5.7 3.5.6 3.5.5 3.5.4 3.5.3
|
|
16
|
+
3.6.12 3.6.11 3.6.10 3.6.9 3.6.8 3.6.7 3.6.6 3.6.5 3.6.4 3.6.3 3.6.2
|
|
17
|
+
3.6.1 3.6.0 3.5.10 3.5.8 3.5.7 3.5.6 3.5.5 3.5.4 3.5.3
|
|
18
18
|
2.7.18 2.7.17 2.7.16 2.7.15 2.7.14 2.7.13
|
|
19
19
|
).freeze
|
|
20
20
|
|
|
@@ -81,9 +81,7 @@ module Dependabot
|
|
|
81
81
|
def lowest_resolvable_security_fix_version
|
|
82
82
|
raise "Dependency not vulnerable!" unless vulnerable?
|
|
83
83
|
|
|
84
|
-
if defined?(@lowest_resolvable_security_fix_version)
|
|
85
|
-
return @lowest_resolvable_security_fix_version
|
|
86
|
-
end
|
|
84
|
+
return @lowest_resolvable_security_fix_version if defined?(@lowest_resolvable_security_fix_version)
|
|
87
85
|
|
|
88
86
|
@lowest_resolvable_security_fix_version =
|
|
89
87
|
fetch_lowest_resolvable_security_fix_version
|
|
@@ -100,9 +98,7 @@ module Dependabot
|
|
|
100
98
|
|
|
101
99
|
def requirements_update_strategy
|
|
102
100
|
# If passed in as an option (in the base class) honour that option
|
|
103
|
-
if @requirements_update_strategy
|
|
104
|
-
return @requirements_update_strategy.to_sym
|
|
105
|
-
end
|
|
101
|
+
return @requirements_update_strategy.to_sym if @requirements_update_strategy
|
|
106
102
|
|
|
107
103
|
# Otherwise, check if this is a poetry library or not
|
|
108
104
|
poetry_library? ? :widen_ranges : :bump_versions
|
|
@@ -126,9 +122,7 @@ module Dependabot
|
|
|
126
122
|
fix_version = lowest_security_fix_version
|
|
127
123
|
return latest_resolvable_version if fix_version.nil?
|
|
128
124
|
|
|
129
|
-
if resolver_type == :requirements
|
|
130
|
-
return pip_version_resolver.lowest_resolvable_security_fix_version
|
|
131
|
-
end
|
|
125
|
+
return pip_version_resolver.lowest_resolvable_security_fix_version if resolver_type == :requirements
|
|
132
126
|
|
|
133
127
|
resolver =
|
|
134
128
|
case resolver_type
|
|
@@ -152,9 +152,7 @@ module Dependabot
|
|
|
152
152
|
def clean_check_and_remove_environment_variables(url)
|
|
153
153
|
url = url.strip.gsub(%r{/*$}, "") + "/"
|
|
154
154
|
|
|
155
|
-
unless url.match?(ENVIRONMENT_VARIABLE_REGEX)
|
|
156
|
-
return authed_base_url(url)
|
|
157
|
-
end
|
|
155
|
+
return authed_base_url(url) unless url.match?(ENVIRONMENT_VARIABLE_REGEX)
|
|
158
156
|
|
|
159
157
|
config_variable_urls =
|
|
160
158
|
[
|
|
@@ -101,9 +101,7 @@ module Dependabot
|
|
|
101
101
|
def filter_ignored_versions(versions_array)
|
|
102
102
|
filtered = versions_array.
|
|
103
103
|
reject { |v| ignore_reqs.any? { |r| r.satisfied_by?(v) } }
|
|
104
|
-
if @raise_on_ignored && filtered.empty? && versions_array.any?
|
|
105
|
-
raise Dependabot::AllVersionsIgnored
|
|
106
|
-
end
|
|
104
|
+
raise Dependabot::AllVersionsIgnored if @raise_on_ignored && filtered.empty? && versions_array.any?
|
|
107
105
|
|
|
108
106
|
filtered
|
|
109
107
|
end
|
|
@@ -49,20 +49,18 @@ module Dependabot
|
|
|
49
49
|
@resolvable ||= {}
|
|
50
50
|
return @resolvable[version] if @resolvable.key?(version)
|
|
51
51
|
|
|
52
|
-
if fetch_latest_resolvable_version_string(requirement: "==#{version}")
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
52
|
+
@resolvable[version] = if fetch_latest_resolvable_version_string(requirement: "==#{version}")
|
|
53
|
+
true
|
|
54
|
+
else
|
|
55
|
+
false
|
|
56
|
+
end
|
|
57
57
|
end
|
|
58
58
|
|
|
59
59
|
private
|
|
60
60
|
|
|
61
61
|
def fetch_latest_resolvable_version_string(requirement:)
|
|
62
62
|
@latest_resolvable_version_string ||= {}
|
|
63
|
-
if @latest_resolvable_version_string.key?(requirement)
|
|
64
|
-
return @latest_resolvable_version_string[requirement]
|
|
65
|
-
end
|
|
63
|
+
return @latest_resolvable_version_string[requirement] if @latest_resolvable_version_string.key?(requirement)
|
|
66
64
|
|
|
67
65
|
@latest_resolvable_version_string[requirement] ||=
|
|
68
66
|
SharedHelpers.in_a_temporary_directory do
|
|
@@ -244,15 +242,11 @@ module Dependabot
|
|
|
244
242
|
|
|
245
243
|
# If the previous error was definitely due to using the wrong Python
|
|
246
244
|
# version, return the new error (which can't be worse)
|
|
247
|
-
if error_certainly_bad_python_version?(previous_error.message)
|
|
248
|
-
return new_error
|
|
249
|
-
end
|
|
245
|
+
return new_error if error_certainly_bad_python_version?(previous_error.message)
|
|
250
246
|
|
|
251
247
|
# Otherwise, if the new error may be due to using the wrong Python
|
|
252
248
|
# version, return the old error (which can't be worse)
|
|
253
|
-
if error_suggests_bad_python_version?(new_error.message)
|
|
254
|
-
return previous_error
|
|
255
|
-
end
|
|
249
|
+
return previous_error if error_suggests_bad_python_version?(new_error.message)
|
|
256
250
|
|
|
257
251
|
# Otherwise, default to the new error
|
|
258
252
|
new_error
|
|
@@ -329,9 +323,7 @@ module Dependabot
|
|
|
329
323
|
end
|
|
330
324
|
|
|
331
325
|
def install_required_python
|
|
332
|
-
if run_command("pyenv versions").include?("#{python_version}\n")
|
|
333
|
-
return
|
|
334
|
-
end
|
|
326
|
+
return if run_command("pyenv versions").include?("#{python_version}\n")
|
|
335
327
|
|
|
336
328
|
run_command("pyenv install -s #{python_version}")
|
|
337
329
|
run_command("pyenv exec pip install -r"\
|
|
@@ -340,9 +332,7 @@ module Dependabot
|
|
|
340
332
|
|
|
341
333
|
def sanitized_setup_file_content(file)
|
|
342
334
|
@sanitized_setup_file_content ||= {}
|
|
343
|
-
if @sanitized_setup_file_content[file.name]
|
|
344
|
-
return @sanitized_setup_file_content[file.name]
|
|
345
|
-
end
|
|
335
|
+
return @sanitized_setup_file_content[file.name] if @sanitized_setup_file_content[file.name]
|
|
346
336
|
|
|
347
337
|
@sanitized_setup_file_content[file.name] =
|
|
348
338
|
Python::FileUpdater::SetupFileSanitizer.
|
|
@@ -361,9 +351,7 @@ module Dependabot
|
|
|
361
351
|
|
|
362
352
|
req = dependency.requirements.find { |r| r[:file] == file.name }
|
|
363
353
|
|
|
364
|
-
unless req&.fetch(:requirement)
|
|
365
|
-
return file.content + "\n#{dependency.name} #{updated_req}"
|
|
366
|
-
end
|
|
354
|
+
return file.content + "\n#{dependency.name} #{updated_req}" unless req&.fetch(:requirement)
|
|
367
355
|
|
|
368
356
|
Python::FileUpdater::RequirementReplacer.new(
|
|
369
357
|
content: file.content,
|
|
@@ -492,9 +480,7 @@ module Dependabot
|
|
|
492
480
|
end
|
|
493
481
|
|
|
494
482
|
def user_specified_python_version
|
|
495
|
-
unless python_requirement_parser.user_specified_requirements.any?
|
|
496
|
-
return
|
|
497
|
-
end
|
|
483
|
+
return unless python_requirement_parser.user_specified_requirements.any?
|
|
498
484
|
|
|
499
485
|
user_specified_requirements =
|
|
500
486
|
python_requirement_parser.user_specified_requirements.
|
|
@@ -57,9 +57,7 @@ module Dependabot
|
|
|
57
57
|
end
|
|
58
58
|
|
|
59
59
|
def user_specified_python_version
|
|
60
|
-
unless python_requirement_parser.user_specified_requirements.any?
|
|
61
|
-
return
|
|
62
|
-
end
|
|
60
|
+
return unless python_requirement_parser.user_specified_requirements.any?
|
|
63
61
|
|
|
64
62
|
user_specified_requirements =
|
|
65
63
|
python_requirement_parser.user_specified_requirements.
|
|
@@ -59,20 +59,18 @@ module Dependabot
|
|
|
59
59
|
@resolvable ||= {}
|
|
60
60
|
return @resolvable[version] if @resolvable.key?(version)
|
|
61
61
|
|
|
62
|
-
if fetch_latest_resolvable_version_string(requirement: "==#{version}")
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
62
|
+
@resolvable[version] = if fetch_latest_resolvable_version_string(requirement: "==#{version}")
|
|
63
|
+
true
|
|
64
|
+
else
|
|
65
|
+
false
|
|
66
|
+
end
|
|
67
67
|
end
|
|
68
68
|
|
|
69
69
|
private
|
|
70
70
|
|
|
71
71
|
def fetch_latest_resolvable_version_string(requirement:)
|
|
72
72
|
@latest_resolvable_version_string ||= {}
|
|
73
|
-
if @latest_resolvable_version_string.key?(requirement)
|
|
74
|
-
return @latest_resolvable_version_string[requirement]
|
|
75
|
-
end
|
|
73
|
+
return @latest_resolvable_version_string[requirement] if @latest_resolvable_version_string.key?(requirement)
|
|
76
74
|
|
|
77
75
|
@latest_resolvable_version_string[requirement] ||=
|
|
78
76
|
SharedHelpers.in_a_temporary_directory do
|
|
@@ -298,9 +296,7 @@ module Dependabot
|
|
|
298
296
|
nil
|
|
299
297
|
end
|
|
300
298
|
|
|
301
|
-
if run_command("pyenv versions").include?("#{python_version}\n")
|
|
302
|
-
return
|
|
303
|
-
end
|
|
299
|
+
return if run_command("pyenv versions").include?("#{python_version}\n")
|
|
304
300
|
|
|
305
301
|
requirements_path = NativeHelpers.python_requirements_path
|
|
306
302
|
run_command("pyenv install -s #{python_version}")
|
|
@@ -54,11 +54,11 @@ module Dependabot
|
|
|
54
54
|
@resolvable ||= {}
|
|
55
55
|
return @resolvable[version] if @resolvable.key?(version)
|
|
56
56
|
|
|
57
|
-
if fetch_latest_resolvable_version_string(requirement: "==#{version}")
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
57
|
+
@resolvable[version] = if fetch_latest_resolvable_version_string(requirement: "==#{version}")
|
|
58
|
+
true
|
|
59
|
+
else
|
|
60
|
+
false
|
|
61
|
+
end
|
|
62
62
|
rescue SharedHelpers::HelperSubprocessFailed => e
|
|
63
63
|
raise unless e.message.include?("SolverProblemError")
|
|
64
64
|
|
|
@@ -69,9 +69,7 @@ module Dependabot
|
|
|
69
69
|
|
|
70
70
|
def fetch_latest_resolvable_version_string(requirement:)
|
|
71
71
|
@latest_resolvable_version_string ||= {}
|
|
72
|
-
if @latest_resolvable_version_string.key?(requirement)
|
|
73
|
-
return @latest_resolvable_version_string[requirement]
|
|
74
|
-
end
|
|
72
|
+
return @latest_resolvable_version_string[requirement] if @latest_resolvable_version_string.key?(requirement)
|
|
75
73
|
|
|
76
74
|
@latest_resolvable_version_string[requirement] ||=
|
|
77
75
|
SharedHelpers.in_a_temporary_directory do
|
|
@@ -79,15 +79,11 @@ module Dependabot
|
|
|
79
79
|
return req if new_version_satisfies?(req) && !has_lockfile
|
|
80
80
|
|
|
81
81
|
# If the requirement uses || syntax then we always want to widen it
|
|
82
|
-
if req.fetch(:requirement).match?(PYPROJECT_OR_SEPARATOR)
|
|
83
|
-
return widen_pyproject_requirement(req)
|
|
84
|
-
end
|
|
82
|
+
return widen_pyproject_requirement(req) if req.fetch(:requirement).match?(PYPROJECT_OR_SEPARATOR)
|
|
85
83
|
|
|
86
84
|
# If the requirement is a development dependency we always want to
|
|
87
85
|
# bump it
|
|
88
|
-
if req.fetch(:groups).include?("dev-dependencies")
|
|
89
|
-
return update_pyproject_version(req)
|
|
90
|
-
end
|
|
86
|
+
return update_pyproject_version(req) if req.fetch(:groups).include?("dev-dependencies")
|
|
91
87
|
|
|
92
88
|
case update_strategy
|
|
93
89
|
when :widen_ranges then widen_pyproject_requirement(req)
|
|
@@ -48,9 +48,7 @@ module Dependabot
|
|
|
48
48
|
version_comparison = old_comp(other)
|
|
49
49
|
return version_comparison unless version_comparison.zero?
|
|
50
50
|
|
|
51
|
-
unless post_version_comparison(other).zero?
|
|
52
|
-
return post_version_comparison(other)
|
|
53
|
-
end
|
|
51
|
+
return post_version_comparison(other) unless post_version_comparison(other).zero?
|
|
54
52
|
|
|
55
53
|
local_version_comparison(other)
|
|
56
54
|
end
|
|
@@ -116,7 +114,6 @@ module Dependabot
|
|
|
116
114
|
#
|
|
117
115
|
# rubocop:disable Metrics/PerceivedComplexity
|
|
118
116
|
# rubocop:disable Style/CaseEquality
|
|
119
|
-
# rubocop:disable Layout/LineLength
|
|
120
117
|
# rubocop:disable Style/ParallelAssignment
|
|
121
118
|
# rubocop:disable Style/RedundantReturn
|
|
122
119
|
def old_comp(other)
|
|
@@ -147,7 +144,6 @@ module Dependabot
|
|
|
147
144
|
end
|
|
148
145
|
# rubocop:enable Metrics/PerceivedComplexity
|
|
149
146
|
# rubocop:enable Style/CaseEquality
|
|
150
|
-
# rubocop:enable Layout/LineLength
|
|
151
147
|
# rubocop:enable Style/ParallelAssignment
|
|
152
148
|
# rubocop:enable Style/RedundantReturn
|
|
153
149
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-python
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.125.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-11-05 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.125.1
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.125.1
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|