dependabot-python 0.124.8 → 0.125.4

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e53fd7e8d170ad9565e68e31fc8aa45c7fc1e56d68dbb9347e9a412e81ddac91
4
- data.tar.gz: 9de755c8c2c9c3415a4a2c4488df0ce5c6d423e06c30ce3a51bee1bb62845c8d
3
+ metadata.gz: 49ee7c4f8b233552c4059517cbc4e2f5a9f59c96b0c653193108d08f7203deda
4
+ data.tar.gz: e566d0569a126b9aaf6d0691e71925e4cd27c7ee51c0ea7875db5ecc88657332
5
5
  SHA512:
6
- metadata.gz: b640bd6144ff37fe6c5b728a5430fa94235d09b89bc18dc384c412af7b8f0b6de319028fdfe16e3689586f895bee9440521dfde974e0dc53e58e30dd06e60ead
7
- data.tar.gz: '08c7e51c224a72706f2583dffbb4a1fa1cce940a2512c29562c6e9dd19d4b60244212b2225f8b1b1a38bc9ddd885771c91da96411eb0d7dc3d26f976009100bb'
6
+ metadata.gz: '05891073c63f8f001bd9aee6cc176640b301589bf77b64c75955f3127ac6112c396a2fefc05a141e6331f1e382b86079bc76d172f9f49f56a7316ab929ad488f'
7
+ data.tar.gz: 66cc41df9d682e1ddbca467472c829e8350e109c37b3d703e1e7d7b85f78f1b09f10c13abfec751263cb15ed448093925ab980ac0640e0bfe198dc2044d6a88c
@@ -76,9 +76,7 @@ module Dependabot
76
76
  end
77
77
 
78
78
  def check_required_files_present
79
- if requirements_txt_files.any? || setup_file || pipfile || pyproject
80
- return
81
- end
79
+ return if requirements_txt_files.any? || setup_file || pipfile || pyproject
82
80
 
83
81
  path = Pathname.new(File.join(directory, "requirements.txt")).
84
82
  cleanpath.to_path
@@ -268,9 +266,7 @@ module Dependabot
268
266
  unfetchable_files << e.file_path.gsub(%r{^/}, "")
269
267
  end
270
268
 
271
- if unfetchable_files.any?
272
- raise Dependabot::PathDependenciesNotReachable, unfetchable_files
273
- end
269
+ raise Dependabot::PathDependenciesNotReachable, unfetchable_files if unfetchable_files.any?
274
270
 
275
271
  path_setup_files
276
272
  end
@@ -69,9 +69,7 @@ module Dependabot
69
69
  requirements
70
70
  end
71
71
  rescue SharedHelpers::HelperSubprocessFailed => e
72
- if e.message.start_with?("InstallationError")
73
- raise Dependabot::DependencyFileNotEvaluatable, e.message
74
- end
72
+ raise Dependabot::DependencyFileNotEvaluatable, e.message if e.message.start_with?("InstallationError")
75
73
 
76
74
  parsed_sanitized_setup_file
77
75
  end
@@ -78,7 +78,7 @@ module Dependabot
78
78
  run_pip_compile_command(
79
79
  "#{SharedHelpers.escape_command(name_part)}=="\
80
80
  "#{SharedHelpers.escape_command(version_part)}",
81
- escape_command_str: false
81
+ allow_unsafe_shell_command: true
82
82
  )
83
83
  # Run pip-compile a second time, without an update argument, to
84
84
  # ensure it resets the right comments.
@@ -142,9 +142,13 @@ module Dependabot
142
142
  ).updated_dependency_files
143
143
  end
144
144
 
145
- def run_command(cmd, env: python_env, escape_command_str: true)
145
+ def run_command(cmd, env: python_env, allow_unsafe_shell_command: false)
146
146
  start = Time.now
147
- command = escape_command_str ? SharedHelpers.escape_command(cmd) : cmd
147
+ command = if allow_unsafe_shell_command
148
+ cmd
149
+ else
150
+ SharedHelpers.escape_command(cmd)
151
+ end
148
152
  stdout, process = Open3.capture2e(env, command)
149
153
  time_taken = Time.now - start
150
154
 
@@ -160,9 +164,12 @@ module Dependabot
160
164
  )
161
165
  end
162
166
 
163
- def run_pip_compile_command(command, escape_command_str: true)
167
+ def run_pip_compile_command(command, allow_unsafe_shell_command: false)
164
168
  run_command("pyenv local #{python_version}")
165
- run_command(command, escape_command_str: escape_command_str)
169
+ run_command(
170
+ command,
171
+ allow_unsafe_shell_command: allow_unsafe_shell_command
172
+ )
166
173
  rescue SharedHelpers::HelperSubprocessFailed => e
167
174
  original_error ||= e
168
175
  msg = e.message
@@ -230,9 +237,7 @@ module Dependabot
230
237
  end
231
238
 
232
239
  def install_required_python
233
- if run_command("pyenv versions").include?("#{python_version}\n")
234
- return
235
- end
240
+ return if run_command("pyenv versions").include?("#{python_version}\n")
236
241
 
237
242
  run_command("pyenv install -s #{python_version}")
238
243
  run_command("pyenv exec pip install -r "\
@@ -241,9 +246,7 @@ module Dependabot
241
246
 
242
247
  def sanitized_setup_file_content(file)
243
248
  @sanitized_setup_file_content ||= {}
244
- if @sanitized_setup_file_content[file.name]
245
- return @sanitized_setup_file_content[file.name]
246
- end
249
+ return @sanitized_setup_file_content[file.name] if @sanitized_setup_file_content[file.name]
247
250
 
248
251
  @sanitized_setup_file_content[file.name] =
249
252
  SetupFileSanitizer.
@@ -333,9 +336,7 @@ module Dependabot
333
336
  def remove_new_warnings(updated_content, original_content)
334
337
  content = updated_content
335
338
 
336
- if content.match?(WARNINGS) && !original_content.match?(WARNINGS)
337
- content = content.sub(WARNINGS, "\n")
338
- end
339
+ content = content.sub(WARNINGS, "\n") if content.match?(WARNINGS) && !original_content.match?(WARNINGS)
339
340
 
340
341
  if content.match?(UNSAFE_NOTE) &&
341
342
  !original_content.match?(UNSAFE_NOTE)
@@ -435,25 +436,15 @@ module Dependabot
435
436
  def pip_compile_options_from_compiled_file(requirements_file)
436
437
  options = ["--output-file=#{requirements_file.name}"]
437
438
 
438
- unless requirements_file.content.include?("index-url http")
439
- options << "--no-index"
440
- end
439
+ options << "--no-index" unless requirements_file.content.include?("index-url http")
441
440
 
442
- if requirements_file.content.include?("--hash=sha")
443
- options << "--generate-hashes"
444
- end
441
+ options << "--generate-hashes" if requirements_file.content.include?("--hash=sha")
445
442
 
446
- if includes_unsafe_packages?(requirements_file.content)
447
- options << "--allow-unsafe"
448
- end
443
+ options << "--allow-unsafe" if includes_unsafe_packages?(requirements_file.content)
449
444
 
450
- unless requirements_file.content.include?("# via ")
451
- options << "--no-annotate"
452
- end
445
+ options << "--no-annotate" unless requirements_file.content.include?("# via ")
453
446
 
454
- unless requirements_file.content.include?("autogenerated by pip-c")
455
- options << "--no-header"
456
- end
447
+ options << "--no-header" unless requirements_file.content.include?("autogenerated by pip-c")
457
448
 
458
449
  options << "--pre" if requirements_file.content.include?("--pre")
459
450
  options
@@ -568,9 +559,7 @@ module Dependabot
568
559
  end
569
560
 
570
561
  def user_specified_python_version
571
- unless python_requirement_parser.user_specified_requirements.any?
572
- return
573
- end
562
+ return unless python_requirement_parser.user_specified_requirements.any?
574
563
 
575
564
  user_specified_requirements =
576
565
  python_requirement_parser.user_specified_requirements.
@@ -49,9 +49,7 @@ module Dependabot
49
49
  end
50
50
 
51
51
  if lockfile
52
- if lockfile.content == updated_lockfile_content
53
- raise "Expected Pipfile.lock to change!"
54
- end
52
+ raise "Expected Pipfile.lock to change!" if lockfile.content == updated_lockfile_content
55
53
 
56
54
  updated_files <<
57
55
  updated_file(file: lockfile, content: updated_lockfile_content)
@@ -330,9 +328,7 @@ module Dependabot
330
328
  nil
331
329
  end
332
330
 
333
- if run_command("pyenv versions").include?("#{python_version}\n")
334
- return
335
- end
331
+ return if run_command("pyenv versions").include?("#{python_version}\n")
336
332
 
337
333
  requirements_path = NativeHelpers.python_requirements_path
338
334
  run_command("pyenv install -s #{python_version}")
@@ -341,9 +337,7 @@ module Dependabot
341
337
 
342
338
  def sanitized_setup_file_content(file)
343
339
  @sanitized_setup_file_content ||= {}
344
- if @sanitized_setup_file_content[file.name]
345
- return @sanitized_setup_file_content[file.name]
346
- end
340
+ return @sanitized_setup_file_content[file.name] if @sanitized_setup_file_content[file.name]
347
341
 
348
342
  @sanitized_setup_file_content[file.name] =
349
343
  SetupFileSanitizer.
@@ -51,9 +51,7 @@ module Dependabot
51
51
  )
52
52
  end
53
53
 
54
- if lockfile && lockfile.content == updated_lockfile_content
55
- raise "Expected lockfile to change!"
56
- end
54
+ raise "Expected lockfile to change!" if lockfile && lockfile.content == updated_lockfile_content
57
55
 
58
56
  if lockfile
59
57
  updated_files <<
@@ -30,9 +30,7 @@ module Dependabot
30
30
  updated_dependency_declaration_string
31
31
  end
32
32
 
33
- if old_requirement != new_requirement && content == updated_content
34
- raise "Expected content to change!"
35
- end
33
+ raise "Expected content to change!" if old_requirement != new_requirement && content == updated_content
36
34
 
37
35
  updated_content
38
36
  end
@@ -49,9 +47,7 @@ module Dependabot
49
47
  def updated_requirement_string
50
48
  new_req_string = new_requirement
51
49
 
52
- if add_space_after_commas?
53
- new_req_string = new_req_string.gsub(/,\s*/, ", ")
54
- end
50
+ new_req_string = new_req_string.gsub(/,\s*/, ", ") if add_space_after_commas?
55
51
 
56
52
  if add_space_after_operators?
57
53
  new_req_string =
@@ -75,9 +71,7 @@ module Dependabot
75
71
  end
76
72
  end
77
73
 
78
- unless update_hashes? && requirement_includes_hashes?(old_req)
79
- return updated_string
80
- end
74
+ return updated_string unless update_hashes? && requirement_includes_hashes?(old_req)
81
75
 
82
76
  updated_string.sub(
83
77
  RequirementParser::HASHES,
@@ -81,9 +81,7 @@ module Dependabot
81
81
  def lowest_resolvable_security_fix_version
82
82
  raise "Dependency not vulnerable!" unless vulnerable?
83
83
 
84
- if defined?(@lowest_resolvable_security_fix_version)
85
- return @lowest_resolvable_security_fix_version
86
- end
84
+ return @lowest_resolvable_security_fix_version if defined?(@lowest_resolvable_security_fix_version)
87
85
 
88
86
  @lowest_resolvable_security_fix_version =
89
87
  fetch_lowest_resolvable_security_fix_version
@@ -100,9 +98,7 @@ module Dependabot
100
98
 
101
99
  def requirements_update_strategy
102
100
  # If passed in as an option (in the base class) honour that option
103
- if @requirements_update_strategy
104
- return @requirements_update_strategy.to_sym
105
- end
101
+ return @requirements_update_strategy.to_sym if @requirements_update_strategy
106
102
 
107
103
  # Otherwise, check if this is a poetry library or not
108
104
  poetry_library? ? :widen_ranges : :bump_versions
@@ -126,9 +122,7 @@ module Dependabot
126
122
  fix_version = lowest_security_fix_version
127
123
  return latest_resolvable_version if fix_version.nil?
128
124
 
129
- if resolver_type == :requirements
130
- return pip_version_resolver.lowest_resolvable_security_fix_version
131
- end
125
+ return pip_version_resolver.lowest_resolvable_security_fix_version if resolver_type == :requirements
132
126
 
133
127
  resolver =
134
128
  case resolver_type
@@ -152,9 +152,7 @@ module Dependabot
152
152
  def clean_check_and_remove_environment_variables(url)
153
153
  url = url.strip.gsub(%r{/*$}, "") + "/"
154
154
 
155
- unless url.match?(ENVIRONMENT_VARIABLE_REGEX)
156
- return authed_base_url(url)
157
- end
155
+ return authed_base_url(url) unless url.match?(ENVIRONMENT_VARIABLE_REGEX)
158
156
 
159
157
  config_variable_urls =
160
158
  [
@@ -101,9 +101,7 @@ module Dependabot
101
101
  def filter_ignored_versions(versions_array)
102
102
  filtered = versions_array.
103
103
  reject { |v| ignore_reqs.any? { |r| r.satisfied_by?(v) } }
104
- if @raise_on_ignored && filtered.empty? && versions_array.any?
105
- raise Dependabot::AllVersionsIgnored
106
- end
104
+ raise Dependabot::AllVersionsIgnored if @raise_on_ignored && filtered.empty? && versions_array.any?
107
105
 
108
106
  filtered
109
107
  end
@@ -49,20 +49,18 @@ module Dependabot
49
49
  @resolvable ||= {}
50
50
  return @resolvable[version] if @resolvable.key?(version)
51
51
 
52
- if fetch_latest_resolvable_version_string(requirement: "==#{version}")
53
- @resolvable[version] = true
54
- else
55
- @resolvable[version] = false
56
- end
52
+ @resolvable[version] = if fetch_latest_resolvable_version_string(requirement: "==#{version}")
53
+ true
54
+ else
55
+ false
56
+ end
57
57
  end
58
58
 
59
59
  private
60
60
 
61
61
  def fetch_latest_resolvable_version_string(requirement:)
62
62
  @latest_resolvable_version_string ||= {}
63
- if @latest_resolvable_version_string.key?(requirement)
64
- return @latest_resolvable_version_string[requirement]
65
- end
63
+ return @latest_resolvable_version_string[requirement] if @latest_resolvable_version_string.key?(requirement)
66
64
 
67
65
  @latest_resolvable_version_string[requirement] ||=
68
66
  SharedHelpers.in_a_temporary_directory do
@@ -244,15 +242,11 @@ module Dependabot
244
242
 
245
243
  # If the previous error was definitely due to using the wrong Python
246
244
  # version, return the new error (which can't be worse)
247
- if error_certainly_bad_python_version?(previous_error.message)
248
- return new_error
249
- end
245
+ return new_error if error_certainly_bad_python_version?(previous_error.message)
250
246
 
251
247
  # Otherwise, if the new error may be due to using the wrong Python
252
248
  # version, return the old error (which can't be worse)
253
- if error_suggests_bad_python_version?(new_error.message)
254
- return previous_error
255
- end
249
+ return previous_error if error_suggests_bad_python_version?(new_error.message)
256
250
 
257
251
  # Otherwise, default to the new error
258
252
  new_error
@@ -329,9 +323,7 @@ module Dependabot
329
323
  end
330
324
 
331
325
  def install_required_python
332
- if run_command("pyenv versions").include?("#{python_version}\n")
333
- return
334
- end
326
+ return if run_command("pyenv versions").include?("#{python_version}\n")
335
327
 
336
328
  run_command("pyenv install -s #{python_version}")
337
329
  run_command("pyenv exec pip install -r"\
@@ -340,9 +332,7 @@ module Dependabot
340
332
 
341
333
  def sanitized_setup_file_content(file)
342
334
  @sanitized_setup_file_content ||= {}
343
- if @sanitized_setup_file_content[file.name]
344
- return @sanitized_setup_file_content[file.name]
345
- end
335
+ return @sanitized_setup_file_content[file.name] if @sanitized_setup_file_content[file.name]
346
336
 
347
337
  @sanitized_setup_file_content[file.name] =
348
338
  Python::FileUpdater::SetupFileSanitizer.
@@ -361,9 +351,7 @@ module Dependabot
361
351
 
362
352
  req = dependency.requirements.find { |r| r[:file] == file.name }
363
353
 
364
- unless req&.fetch(:requirement)
365
- return file.content + "\n#{dependency.name} #{updated_req}"
366
- end
354
+ return file.content + "\n#{dependency.name} #{updated_req}" unless req&.fetch(:requirement)
367
355
 
368
356
  Python::FileUpdater::RequirementReplacer.new(
369
357
  content: file.content,
@@ -492,9 +480,7 @@ module Dependabot
492
480
  end
493
481
 
494
482
  def user_specified_python_version
495
- unless python_requirement_parser.user_specified_requirements.any?
496
- return
497
- end
483
+ return unless python_requirement_parser.user_specified_requirements.any?
498
484
 
499
485
  user_specified_requirements =
500
486
  python_requirement_parser.user_specified_requirements.
@@ -57,9 +57,7 @@ module Dependabot
57
57
  end
58
58
 
59
59
  def user_specified_python_version
60
- unless python_requirement_parser.user_specified_requirements.any?
61
- return
62
- end
60
+ return unless python_requirement_parser.user_specified_requirements.any?
63
61
 
64
62
  user_specified_requirements =
65
63
  python_requirement_parser.user_specified_requirements.
@@ -59,20 +59,18 @@ module Dependabot
59
59
  @resolvable ||= {}
60
60
  return @resolvable[version] if @resolvable.key?(version)
61
61
 
62
- if fetch_latest_resolvable_version_string(requirement: "==#{version}")
63
- @resolvable[version] = true
64
- else
65
- @resolvable[version] = false
66
- end
62
+ @resolvable[version] = if fetch_latest_resolvable_version_string(requirement: "==#{version}")
63
+ true
64
+ else
65
+ false
66
+ end
67
67
  end
68
68
 
69
69
  private
70
70
 
71
71
  def fetch_latest_resolvable_version_string(requirement:)
72
72
  @latest_resolvable_version_string ||= {}
73
- if @latest_resolvable_version_string.key?(requirement)
74
- return @latest_resolvable_version_string[requirement]
75
- end
73
+ return @latest_resolvable_version_string[requirement] if @latest_resolvable_version_string.key?(requirement)
76
74
 
77
75
  @latest_resolvable_version_string[requirement] ||=
78
76
  SharedHelpers.in_a_temporary_directory do
@@ -298,9 +296,7 @@ module Dependabot
298
296
  nil
299
297
  end
300
298
 
301
- if run_command("pyenv versions").include?("#{python_version}\n")
302
- return
303
- end
299
+ return if run_command("pyenv versions").include?("#{python_version}\n")
304
300
 
305
301
  requirements_path = NativeHelpers.python_requirements_path
306
302
  run_command("pyenv install -s #{python_version}")
@@ -54,11 +54,11 @@ module Dependabot
54
54
  @resolvable ||= {}
55
55
  return @resolvable[version] if @resolvable.key?(version)
56
56
 
57
- if fetch_latest_resolvable_version_string(requirement: "==#{version}")
58
- @resolvable[version] = true
59
- else
60
- @resolvable[version] = false
61
- end
57
+ @resolvable[version] = if fetch_latest_resolvable_version_string(requirement: "==#{version}")
58
+ true
59
+ else
60
+ false
61
+ end
62
62
  rescue SharedHelpers::HelperSubprocessFailed => e
63
63
  raise unless e.message.include?("SolverProblemError")
64
64
 
@@ -69,9 +69,7 @@ module Dependabot
69
69
 
70
70
  def fetch_latest_resolvable_version_string(requirement:)
71
71
  @latest_resolvable_version_string ||= {}
72
- if @latest_resolvable_version_string.key?(requirement)
73
- return @latest_resolvable_version_string[requirement]
74
- end
72
+ return @latest_resolvable_version_string[requirement] if @latest_resolvable_version_string.key?(requirement)
75
73
 
76
74
  @latest_resolvable_version_string[requirement] ||=
77
75
  SharedHelpers.in_a_temporary_directory do
@@ -79,15 +79,11 @@ module Dependabot
79
79
  return req if new_version_satisfies?(req) && !has_lockfile
80
80
 
81
81
  # If the requirement uses || syntax then we always want to widen it
82
- if req.fetch(:requirement).match?(PYPROJECT_OR_SEPARATOR)
83
- return widen_pyproject_requirement(req)
84
- end
82
+ return widen_pyproject_requirement(req) if req.fetch(:requirement).match?(PYPROJECT_OR_SEPARATOR)
85
83
 
86
84
  # If the requirement is a development dependency we always want to
87
85
  # bump it
88
- if req.fetch(:groups).include?("dev-dependencies")
89
- return update_pyproject_version(req)
90
- end
86
+ return update_pyproject_version(req) if req.fetch(:groups).include?("dev-dependencies")
91
87
 
92
88
  case update_strategy
93
89
  when :widen_ranges then widen_pyproject_requirement(req)
@@ -48,9 +48,7 @@ module Dependabot
48
48
  version_comparison = old_comp(other)
49
49
  return version_comparison unless version_comparison.zero?
50
50
 
51
- unless post_version_comparison(other).zero?
52
- return post_version_comparison(other)
53
- end
51
+ return post_version_comparison(other) unless post_version_comparison(other).zero?
54
52
 
55
53
  local_version_comparison(other)
56
54
  end
@@ -116,7 +114,6 @@ module Dependabot
116
114
  #
117
115
  # rubocop:disable Metrics/PerceivedComplexity
118
116
  # rubocop:disable Style/CaseEquality
119
- # rubocop:disable Layout/LineLength
120
117
  # rubocop:disable Style/ParallelAssignment
121
118
  # rubocop:disable Style/RedundantReturn
122
119
  def old_comp(other)
@@ -147,7 +144,6 @@ module Dependabot
147
144
  end
148
145
  # rubocop:enable Metrics/PerceivedComplexity
149
146
  # rubocop:enable Style/CaseEquality
150
- # rubocop:enable Layout/LineLength
151
147
  # rubocop:enable Style/ParallelAssignment
152
148
  # rubocop:enable Style/RedundantReturn
153
149
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.124.8
4
+ version: 0.125.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-11-04 00:00:00.000000000 Z
11
+ date: 2020-11-17 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.124.8
19
+ version: 0.125.4
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.124.8
26
+ version: 0.125.4
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -128,14 +128,14 @@ dependencies:
128
128
  requirements:
129
129
  - - "~>"
130
130
  - !ruby/object:Gem::Version
131
- version: 0.7.2
131
+ version: 0.8.0
132
132
  type: :development
133
133
  prerelease: false
134
134
  version_requirements: !ruby/object:Gem::Requirement
135
135
  requirements:
136
136
  - - "~>"
137
137
  - !ruby/object:Gem::Version
138
- version: 0.7.2
138
+ version: 0.8.0
139
139
  - !ruby/object:Gem::Dependency
140
140
  name: vcr
141
141
  requirement: !ruby/object:Gem::Requirement