dependabot-python 0.154.1 → 0.155.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 02be9dd87e3cfff7fd1e2e8013ffd32ab4b8eac65680c3813d7d07a9dedfc8f1
|
|
4
|
+
data.tar.gz: 5c8d7ca7fb855a43363e95960fdd831aba2305f1fefd94b1b77fd24af3882547
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4ee05c4b28b04b31353a5bb1c9ded2e9a356845a26bc2ac2ff8faf4b7dc2680d5b55f3faa4b452d05d26c0b321a547f3e7c9f4812aca11d5c225672a5de15bd0
|
|
7
|
+
data.tar.gz: b1478f0eb4340fe4eaee70be83bbe788b9186f7f256ea81be11d121c59f885d866b950e930c8a6873f594e84226794cffc547941dedc5e1ec6a8ee070ce4f4c7
|
|
@@ -131,7 +131,7 @@ module Dependabot
|
|
|
131
131
|
reject { |file| updated_filenames.include?(file.name) }
|
|
132
132
|
|
|
133
133
|
args = dependency.to_h
|
|
134
|
-
args =
|
|
134
|
+
args = args.keys.map { |k| [k.to_sym, args[k]] }.to_h
|
|
135
135
|
args[:requirements] = new_reqs
|
|
136
136
|
args[:previous_requirements] = old_reqs
|
|
137
137
|
|
|
@@ -175,16 +175,16 @@ module Dependabot
|
|
|
175
175
|
end
|
|
176
176
|
|
|
177
177
|
def pipenv_version_resolver
|
|
178
|
-
@pipenv_version_resolver ||= PipenvVersionResolver.new(resolver_args)
|
|
178
|
+
@pipenv_version_resolver ||= PipenvVersionResolver.new(**resolver_args)
|
|
179
179
|
end
|
|
180
180
|
|
|
181
181
|
def pip_compile_version_resolver
|
|
182
182
|
@pip_compile_version_resolver ||=
|
|
183
|
-
PipCompileVersionResolver.new(resolver_args)
|
|
183
|
+
PipCompileVersionResolver.new(**resolver_args)
|
|
184
184
|
end
|
|
185
185
|
|
|
186
186
|
def poetry_version_resolver
|
|
187
|
-
@poetry_version_resolver ||= PoetryVersionResolver.new(resolver_args)
|
|
187
|
+
@poetry_version_resolver ||= PoetryVersionResolver.new(**resolver_args)
|
|
188
188
|
end
|
|
189
189
|
|
|
190
190
|
def pip_version_resolver
|
|
@@ -6,6 +6,7 @@ require "nokogiri"
|
|
|
6
6
|
|
|
7
7
|
require "dependabot/dependency"
|
|
8
8
|
require "dependabot/python/update_checker"
|
|
9
|
+
require "dependabot/update_checkers/version_filters"
|
|
9
10
|
require "dependabot/shared_helpers"
|
|
10
11
|
require "dependabot/python/authed_url_builder"
|
|
11
12
|
require "dependabot/python/name_normaliser"
|
|
@@ -71,9 +72,11 @@ module Dependabot
|
|
|
71
72
|
versions = filter_yanked_versions(versions)
|
|
72
73
|
versions = filter_unsupported_versions(versions, python_version)
|
|
73
74
|
versions = filter_prerelease_versions(versions)
|
|
74
|
-
versions = filter_vulnerable_versions(versions
|
|
75
|
+
versions = Dependabot::UpdateCheckers::VersionFilters.filter_vulnerable_versions(versions,
|
|
76
|
+
security_advisories)
|
|
75
77
|
versions = filter_ignored_versions(versions)
|
|
76
78
|
versions = filter_lower_versions(versions)
|
|
79
|
+
|
|
77
80
|
versions.min
|
|
78
81
|
end
|
|
79
82
|
|
|
@@ -108,11 +111,6 @@ module Dependabot
|
|
|
108
111
|
filtered
|
|
109
112
|
end
|
|
110
113
|
|
|
111
|
-
def filter_vulnerable_versions(versions_array)
|
|
112
|
-
versions_array.
|
|
113
|
-
reject { |v| security_advisories.any? { |a| a.vulnerable?(v) } }
|
|
114
|
-
end
|
|
115
|
-
|
|
116
114
|
def filter_lower_versions(versions_array)
|
|
117
115
|
return versions_array unless dependency.version && version_class.correct?(dependency.version)
|
|
118
116
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-python
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.155.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-06-
|
|
11
|
+
date: 2021-06-22 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.155.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.155.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|