dependabot-python 0.154.5 → 0.156.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4743a1819d2691ef58dc44eb4405d437a717f771babfd3b6c1e19b6b7bdc8eb3
-  data.tar.gz: 5947310bf72f3b9d7f0d968b0bfa0617d36629ef9b0c87e7600c180187b7eac0
+  metadata.gz: a7698ced1b8299c320160a975c20d8cbc575bf12180bb648aeeb4cfb32b9191b
+  data.tar.gz: a5daa83e5086c39d9b8b9d92fac071c00a52a2081908d5593aed8cb7c49c8e74
 SHA512:
-  metadata.gz: f0c270a2438dc95d5db8699a1625730e9223803ce32c0b5578df83b098e34cf24ab3fd77fd5d5ab5825712391a5d1ea8b7ae078f8a0647f3578850994967411e
-  data.tar.gz: 9d84f0cd478b00615689bdb075d515a1c3450ddf62f7fcbab9588b91e421a1f3bb999892c4637fa578a3ad73551074ea40d0c4fd7c8bae1dbfe1886686cdbfc3
+  metadata.gz: 3c60f2933b3bfb9cd36953d5e36b6030a1a09f139d749142dbe143d9d7cf5cc043643c07668c11aee1a17857baabbcd1cfdda0a37ad3610212b1b1913e885e74
+  data.tar.gz: e4ab8a6186922dedff37def822f96927e82916caef8aa22da4018064445a869caebdd991d1ecda530958334ab6c38ea0f5dab079c57870bd879a915199d93baf

data/helpers/requirements.txt

@@ -1,5 +1,5 @@
 pip==21.1.2
-pip-tools==6.1.0
+pip-tools==6.2.0
 flake8==3.9.2
 hashin==0.15.0
 pipenv==2021.5.29

data/lib/dependabot/python/file_fetcher.rb

@@ -5,6 +5,7 @@ require "toml-rb"
 require "dependabot/file_fetchers"
 require "dependabot/file_fetchers/base"
 require "dependabot/python/requirement_parser"
+require "dependabot/python/file_parser/poetry_files_parser"
 require "dependabot/errors"
 
 module Dependabot
@@ -385,7 +386,7 @@ module Dependabot
         return [] unless pyproject
 
         paths = []
-        %w(dependencies dev-dependencies).each do |dep_type|
+        Dependabot::Python::FileParser::PoetryFilesParser::POETRY_DEPENDENCY_TYPES.each do |dep_type|
           next unless parsed_pyproject.dig("tool", "poetry", dep_type)
 
           parsed_pyproject.dig("tool", "poetry", dep_type).each do |_, req|

data/lib/dependabot/python/file_parser/poetry_files_parser.rb

@@ -15,6 +15,9 @@ module Dependabot
       class PoetryFilesParser
         POETRY_DEPENDENCY_TYPES = %w(dependencies dev-dependencies).freeze
 
+        # https://python-poetry.org/docs/dependency-specification/
+        UNSUPPORTED_DEPENDENCY_TYPES = %w(git path url).freeze
+
         def initialize(dependency_files:)
           @dependency_files = dependency_files
         end
@@ -40,7 +43,7 @@ module Dependabot
 
             deps_hash.each do |name, req|
               next if normalise(name) == "python"
-              next if req.is_a?(Hash) && req.key?("git")
+              next if req.is_a?(Hash) && UNSUPPORTED_DEPENDENCY_TYPES.any? { |t| req.key?(t) }
 
               check_requirements(req)
 
@@ -69,7 +72,7 @@ module Dependabot
           dependencies = Dependabot::FileParsers::Base::DependencySet.new
 
           parsed_lockfile.fetch("package", []).each do |details|
-            next if details.dig("source", "type") == "git"
+            next if %w(directory git url).include?(details.dig("source", "type"))
 
             dependencies <<
               Dependency.new(

data/lib/dependabot/python/file_updater/poetry_file_updater.rb

@@ -132,7 +132,7 @@ module Dependabot
         end
 
         def lock_declaration_to_new_version!(poetry_object, dep)
-          %w(dependencies dev-dependencies).each do |type|
+          Dependabot::Python::FileParser::PoetryFilesParser::POETRY_DEPENDENCY_TYPES.each do |type|
             names = poetry_object[type]&.keys || []
             pkg_name = names.find { |nm| normalise(nm) == dep.name }
             next unless pkg_name

data/lib/dependabot/python/file_updater/pyproject_preparer.rb

@@ -44,7 +44,7 @@ module Dependabot
           poetry_object = pyproject_object["tool"]["poetry"]
           excluded_names = dependencies.map(&:name) + ["python"]
 
-          %w(dependencies dev-dependencies).each do |key|
+          Dependabot::Python::FileParser::PoetryFilesParser::POETRY_DEPENDENCY_TYPES.each do |key|
             next unless poetry_object[key]
 
             poetry_object.fetch(key).each do |dep_name, _|

data/lib/dependabot/python/update_checker/poetry_version_resolver.rb

@@ -263,7 +263,7 @@ module Dependabot
           pyproject_object = TomlRB.parse(pyproject_content)
           poetry_object = pyproject_object.dig("tool", "poetry")
 
-          %w(dependencies dev-dependencies).each do |type|
+          Dependabot::Python::FileParser::PoetryFilesParser::POETRY_DEPENDENCY_TYPES.each do |type|
             names = poetry_object[type]&.keys || []
             pkg_name = names.find { |nm| normalise(nm) == dependency.name }
             next unless pkg_name

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-python
 version: !ruby/object:Gem::Version
-  version: 0.154.5
+  version: 0.156.2
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-06-22 00:00:00.000000000 Z
+date: 2021-06-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.154.5
+        version: 0.156.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.154.5
+        version: 0.156.2
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
@@ -100,14 +100,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.16.0
+        version: 1.17.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.16.0
+        version: 1.17.0
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement