dependabot-python 0.142.1 → 0.143.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/lib/parser.py +77 -40
- data/helpers/requirements.txt +1 -1
- data/helpers/run.py +1 -1
- data/lib/dependabot/python/file_fetcher.rb +8 -6
- data/lib/dependabot/python/file_parser.rb +7 -2
- data/lib/dependabot/python/file_parser/setup_file_parser.rb +2 -0
- data/lib/dependabot/python/file_updater.rb +3 -1
- data/lib/dependabot/python/requirement.rb +1 -1
- data/lib/dependabot/python/update_checker/latest_version_finder.rb +3 -3
- data/lib/dependabot/python/update_checker/requirements_updater.rb +1 -1
- metadata +6 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3c5213cae4180101719ac96a4a0f0bd0e29bd16f2666b3433b4862e766a955c4
|
|
4
|
+
data.tar.gz: 3587c17bf019688baf12d851ea212c0169a94f731db64ac4c39195b3adb27a14
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ddf4ffe5b59765040d9108cf2e4138a450e4f5c2c8c8dfb05f507593b076abca25d293172267abc26dd26161c5953da3ffc2c2dc3180df17e2aec1f3e1a970a5
|
|
7
|
+
data.tar.gz: f702c765f8fe7c8941e3f7c9d5ce39caa4c53b309133cb32f12e63e1a4ed9474aa44ea93f040aae55372da89ba4d2ec6eeac94243e7111b98c9c410d1f82a9fc
|
data/helpers/lib/parser.py
CHANGED
|
@@ -57,38 +57,50 @@ def parse_requirements(directory):
|
|
|
57
57
|
|
|
58
58
|
|
|
59
59
|
def parse_setup(directory):
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
def version_from_install_req(install_req):
|
|
64
|
-
if install_req.is_pinned:
|
|
65
|
-
return next(iter(install_req.specifier)).version
|
|
60
|
+
def version_from_install_req(install_req):
|
|
61
|
+
if install_req.is_pinned:
|
|
62
|
+
return next(iter(install_req.specifier)).version
|
|
66
63
|
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
64
|
+
def parse_requirement(req, req_type, filename):
|
|
65
|
+
install_req = install_req_from_line(req)
|
|
66
|
+
if install_req.original_link:
|
|
67
|
+
return
|
|
71
68
|
|
|
72
|
-
|
|
69
|
+
setup_packages.append(
|
|
70
|
+
{
|
|
73
71
|
"name": install_req.req.name,
|
|
74
72
|
"version": version_from_install_req(install_req),
|
|
75
73
|
"markers": str(install_req.markers) or None,
|
|
76
|
-
"file":
|
|
74
|
+
"file": filename,
|
|
77
75
|
"requirement": str(install_req.specifier) or None,
|
|
78
76
|
"requirement_type": req_type,
|
|
79
|
-
"extras": sorted(list(install_req.extras))
|
|
80
|
-
}
|
|
77
|
+
"extras": sorted(list(install_req.extras)),
|
|
78
|
+
}
|
|
79
|
+
)
|
|
80
|
+
|
|
81
|
+
def parse_requirements(requires, req_type, filename):
|
|
82
|
+
for req in requires:
|
|
83
|
+
parse_requirement(req, req_type, filename)
|
|
84
|
+
|
|
85
|
+
# Parse the setup.py and setup.cfg
|
|
86
|
+
setup_py = "setup.py"
|
|
87
|
+
setup_py_path = os.path.join(directory, setup_py)
|
|
88
|
+
setup_cfg = "setup.cfg"
|
|
89
|
+
setup_cfg_path = os.path.join(directory, setup_cfg)
|
|
90
|
+
setup_packages = []
|
|
91
|
+
|
|
92
|
+
if os.path.isfile(setup_py_path):
|
|
81
93
|
|
|
82
94
|
def setup(*args, **kwargs):
|
|
83
|
-
for arg in [
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
95
|
+
for arg in ["setup_requires", "install_requires", "tests_require"]:
|
|
96
|
+
requires = kwargs.get(arg, [])
|
|
97
|
+
parse_requirements(requires, arg, setup_py)
|
|
98
|
+
extras_require_dict = kwargs.get("extras_require", {})
|
|
99
|
+
for key, value in extras_require_dict.items():
|
|
100
|
+
parse_requirements(
|
|
101
|
+
value, "extras_require:{}".format(key), setup_py
|
|
102
|
+
)
|
|
103
|
+
|
|
92
104
|
setuptools.setup = setup
|
|
93
105
|
|
|
94
106
|
def noop(*args, **kwargs):
|
|
@@ -100,17 +112,19 @@ def parse_setup(directory):
|
|
|
100
112
|
global fake_open
|
|
101
113
|
|
|
102
114
|
def fake_open(*args, **kwargs):
|
|
103
|
-
content = (
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
115
|
+
content = (
|
|
116
|
+
"VERSION = ('0', '0', '1+dependabot')\n"
|
|
117
|
+
"__version__ = '0.0.1+dependabot'\n"
|
|
118
|
+
"__author__ = 'someone'\n"
|
|
119
|
+
"__title__ = 'something'\n"
|
|
120
|
+
"__description__ = 'something'\n"
|
|
121
|
+
"__author_email__ = 'something'\n"
|
|
122
|
+
"__license__ = 'something'\n"
|
|
123
|
+
"__url__ = 'something'\n"
|
|
124
|
+
)
|
|
111
125
|
return io.StringIO(content)
|
|
112
126
|
|
|
113
|
-
content = open(
|
|
127
|
+
content = open(setup_py_path, "r").read()
|
|
114
128
|
|
|
115
129
|
# Remove `print`, `open`, `log` and import statements
|
|
116
130
|
content = re.sub(r"print\s*\(", "noop(", content)
|
|
@@ -121,18 +135,41 @@ def parse_setup(directory):
|
|
|
121
135
|
content = re.sub(version_re, "", content)
|
|
122
136
|
|
|
123
137
|
# Set variables likely to be imported
|
|
124
|
-
__version__ =
|
|
125
|
-
__author__ =
|
|
126
|
-
__title__ =
|
|
127
|
-
__description__ =
|
|
128
|
-
__author_email__ =
|
|
129
|
-
__license__ =
|
|
130
|
-
__url__ =
|
|
138
|
+
__version__ = "0.0.1+dependabot"
|
|
139
|
+
__author__ = "someone"
|
|
140
|
+
__title__ = "something"
|
|
141
|
+
__description__ = "something"
|
|
142
|
+
__author_email__ = "something"
|
|
143
|
+
__license__ = "something"
|
|
144
|
+
__url__ = "something"
|
|
131
145
|
|
|
132
146
|
# Run as main (since setup.py is a script)
|
|
133
|
-
__name__ =
|
|
147
|
+
__name__ = "__main__"
|
|
134
148
|
|
|
135
149
|
# Exec the setup.py
|
|
136
150
|
exec(content) in globals(), locals()
|
|
137
151
|
|
|
152
|
+
if os.path.isfile(setup_cfg_path):
|
|
153
|
+
try:
|
|
154
|
+
config = setuptools.config.read_configuration(setup_cfg_path)
|
|
155
|
+
|
|
156
|
+
for req_type in [
|
|
157
|
+
"setup_requires",
|
|
158
|
+
"install_requires",
|
|
159
|
+
"tests_require",
|
|
160
|
+
]:
|
|
161
|
+
requires = config.get("options", {}).get(req_type, [])
|
|
162
|
+
parse_requirements(requires, req_type, setup_cfg)
|
|
163
|
+
|
|
164
|
+
extras_require = config.get("options", {}).get(
|
|
165
|
+
"extras_require", {}
|
|
166
|
+
)
|
|
167
|
+
for key, value in extras_require.items():
|
|
168
|
+
parse_requirements(
|
|
169
|
+
value, "extras_require:{}".format(key), setup_cfg
|
|
170
|
+
)
|
|
171
|
+
except Exception as e:
|
|
172
|
+
print(json.dumps({"error": repr(e)}))
|
|
173
|
+
exit(1)
|
|
174
|
+
|
|
138
175
|
return json.dumps({"result": setup_packages})
|
data/helpers/requirements.txt
CHANGED
data/helpers/run.py
CHANGED
|
@@ -8,7 +8,7 @@ if __name__ == "__main__":
|
|
|
8
8
|
|
|
9
9
|
if args["function"] == "parse_requirements":
|
|
10
10
|
print(parser.parse_requirements(args["args"][0]))
|
|
11
|
-
|
|
11
|
+
elif args["function"] == "parse_setup":
|
|
12
12
|
print(parser.parse_setup(args["args"][0]))
|
|
13
13
|
elif args["function"] == "get_dependency_hash":
|
|
14
14
|
print(hasher.get_dependency_hash(*args["args"]))
|
|
@@ -25,11 +25,13 @@ module Dependabot
|
|
|
25
25
|
# If this repo is using Poetry return true
|
|
26
26
|
return true if filenames.include?("pyproject.toml")
|
|
27
27
|
|
|
28
|
-
filenames.include?("setup.py")
|
|
28
|
+
return true if filenames.include?("setup.py")
|
|
29
|
+
|
|
30
|
+
filenames.include?("setup.cfg")
|
|
29
31
|
end
|
|
30
32
|
|
|
31
33
|
def self.required_files_message
|
|
32
|
-
"Repo must contain a requirements.txt, setup.py, pyproject.toml, "\
|
|
34
|
+
"Repo must contain a requirements.txt, setup.py, setup.cfg, pyproject.toml, "\
|
|
33
35
|
"or a Pipfile."
|
|
34
36
|
end
|
|
35
37
|
|
|
@@ -45,7 +47,7 @@ module Dependabot
|
|
|
45
47
|
fetched_files += requirement_files if requirements_txt_files.any?
|
|
46
48
|
|
|
47
49
|
fetched_files << setup_file if setup_file
|
|
48
|
-
fetched_files <<
|
|
50
|
+
fetched_files << setup_cfg_file if setup_cfg_file
|
|
49
51
|
fetched_files += path_setup_files
|
|
50
52
|
fetched_files << pip_conf if pip_conf
|
|
51
53
|
fetched_files << python_version if python_version
|
|
@@ -77,7 +79,7 @@ module Dependabot
|
|
|
77
79
|
end
|
|
78
80
|
|
|
79
81
|
def check_required_files_present
|
|
80
|
-
return if requirements_txt_files.any? || setup_file || pipfile || pyproject
|
|
82
|
+
return if requirements_txt_files.any? || setup_file || setup_cfg_file || pipfile || pyproject
|
|
81
83
|
|
|
82
84
|
path = Pathname.new(File.join(directory, "requirements.txt")).
|
|
83
85
|
cleanpath.to_path
|
|
@@ -88,8 +90,8 @@ module Dependabot
|
|
|
88
90
|
@setup_file ||= fetch_file_if_present("setup.py")
|
|
89
91
|
end
|
|
90
92
|
|
|
91
|
-
def
|
|
92
|
-
@
|
|
93
|
+
def setup_cfg_file
|
|
94
|
+
@setup_cfg_file ||= fetch_file_if_present("setup.cfg")
|
|
93
95
|
end
|
|
94
96
|
|
|
95
97
|
def pip_conf
|
|
@@ -44,7 +44,7 @@ module Dependabot
|
|
|
44
44
|
dependency_set += pipenv_dependencies if pipfile
|
|
45
45
|
dependency_set += poetry_dependencies if using_poetry?
|
|
46
46
|
dependency_set += requirement_dependencies if requirement_files.any?
|
|
47
|
-
dependency_set += setup_file_dependencies if setup_file
|
|
47
|
+
dependency_set += setup_file_dependencies if setup_file || setup_cfg_file
|
|
48
48
|
|
|
49
49
|
dependency_set.dependencies
|
|
50
50
|
end
|
|
@@ -207,8 +207,9 @@ module Dependabot
|
|
|
207
207
|
return if pipfile
|
|
208
208
|
return if pyproject
|
|
209
209
|
return if setup_file
|
|
210
|
+
return if setup_cfg_file
|
|
210
211
|
|
|
211
|
-
raise "
|
|
212
|
+
raise "Missing required files!"
|
|
212
213
|
end
|
|
213
214
|
|
|
214
215
|
def pipfile
|
|
@@ -248,6 +249,10 @@ module Dependabot
|
|
|
248
249
|
@setup_file ||= get_original_file("setup.py")
|
|
249
250
|
end
|
|
250
251
|
|
|
252
|
+
def setup_cfg_file
|
|
253
|
+
@setup_cfg_file ||= get_original_file("setup.cfg")
|
|
254
|
+
end
|
|
255
|
+
|
|
251
256
|
def pip_compile_files
|
|
252
257
|
@pip_compile_files ||=
|
|
253
258
|
dependency_files.select { |f| f.name.end_with?(".in") }
|
|
@@ -19,6 +19,7 @@ module Dependabot
|
|
|
19
19
|
/.*\.txt$/,
|
|
20
20
|
/.*\.in$/,
|
|
21
21
|
/^setup\.py$/,
|
|
22
|
+
/^setup\.cfg$/,
|
|
22
23
|
/^pyproject\.toml$/,
|
|
23
24
|
/^pyproject\.lock$/
|
|
24
25
|
]
|
|
@@ -113,8 +114,9 @@ module Dependabot
|
|
|
113
114
|
return if pipfile
|
|
114
115
|
return if pyproject
|
|
115
116
|
return if get_original_file("setup.py")
|
|
117
|
+
return if get_original_file("setup.cfg")
|
|
116
118
|
|
|
117
|
-
raise "
|
|
119
|
+
raise "Missing required files!"
|
|
118
120
|
end
|
|
119
121
|
|
|
120
122
|
def pipfile
|
|
@@ -50,7 +50,7 @@ module Dependabot
|
|
|
50
50
|
requirements = requirements.flatten.flat_map do |req_string|
|
|
51
51
|
next if req_string.nil?
|
|
52
52
|
|
|
53
|
-
req_string.split(",").map do |r|
|
|
53
|
+
req_string.split(",").map(&:strip).map do |r|
|
|
54
54
|
convert_python_constraint_to_ruby_constraint(r)
|
|
55
55
|
end
|
|
56
56
|
end
|
|
@@ -100,7 +100,7 @@ module Dependabot
|
|
|
100
100
|
|
|
101
101
|
def filter_ignored_versions(versions_array)
|
|
102
102
|
filtered = versions_array.
|
|
103
|
-
reject { |v|
|
|
103
|
+
reject { |v| ignore_requirements.any? { |r| r.satisfied_by?(v) } }
|
|
104
104
|
raise Dependabot::AllVersionsIgnored if @raise_on_ignored && filtered.empty? && versions_array.any?
|
|
105
105
|
|
|
106
106
|
filtered
|
|
@@ -226,8 +226,8 @@ module Dependabot
|
|
|
226
226
|
)
|
|
227
227
|
end
|
|
228
228
|
|
|
229
|
-
def
|
|
230
|
-
ignored_versions.
|
|
229
|
+
def ignore_requirements
|
|
230
|
+
ignored_versions.flat_map { |req| requirement_class.requirements_array(req) }
|
|
231
231
|
end
|
|
232
232
|
|
|
233
233
|
def normalised_name
|
|
@@ -32,7 +32,7 @@ module Dependabot
|
|
|
32
32
|
def updated_requirements
|
|
33
33
|
requirements.map do |req|
|
|
34
34
|
case req[:file]
|
|
35
|
-
when
|
|
35
|
+
when /setup\.(?:py|cfg)$/ then updated_setup_requirement(req)
|
|
36
36
|
when "pyproject.toml" then updated_pyproject_requirement(req)
|
|
37
37
|
when "Pipfile" then updated_pipfile_requirement(req)
|
|
38
38
|
when /\.txt$|\.in$/ then updated_requirement(req)
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-python
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.143.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-04-
|
|
11
|
+
date: 2021-04-26 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.143.4
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.143.4
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -100,14 +100,14 @@ dependencies:
|
|
|
100
100
|
requirements:
|
|
101
101
|
- - "~>"
|
|
102
102
|
- !ruby/object:Gem::Version
|
|
103
|
-
version: 1.
|
|
103
|
+
version: 1.13.0
|
|
104
104
|
type: :development
|
|
105
105
|
prerelease: false
|
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
|
107
107
|
requirements:
|
|
108
108
|
- - "~>"
|
|
109
109
|
- !ruby/object:Gem::Version
|
|
110
|
-
version: 1.
|
|
110
|
+
version: 1.13.0
|
|
111
111
|
- !ruby/object:Gem::Dependency
|
|
112
112
|
name: simplecov
|
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|