RubyGems - dependabot-python - Versions diffs - 0.155.1 → 0.156.4 - Mend

dependabot-python 0.155.1 → 0.156.4

Files changed (8) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 20aff0ba688b8fdd6fa1e5f4471cb92043d74100dfe0ea9f29fb54d74d2e9641
-  data.tar.gz: e27b369cab9d5a010cc81701f7e98c4504a48515b1667ff295bf697c8aa02774
+  metadata.gz: 73bca5e20679f68f499ab9b0e09dcabc346f54b5b4f160305ca64696b2284ee4
+  data.tar.gz: e81462961162e739b0d27cadbb0fc14a396139e23e92938f6cf0c77bc6027e8d
 SHA512:
-  metadata.gz: 59cc5b238bd74995e4737de9bc0132db048dbe05ef34dee890be1f019f7d1d269a2cc8fa6013aa3e9cb3cb44c79e115496d91ddc4a7c292593e2193c3778c59b
-  data.tar.gz: '08d0b1995e7586c82db8a6ec97def18ecbbd6b57fff3e089045c57dfdb648fc95390237bb1f7f4aff72e5a2ea24a75f0ffb6a40cf4b8539045e28855fe4d0f5e'
+  metadata.gz: 68c0b3f2a65daf6a428fca84a7bfc657e5121fd7184129f4c6958e58488618984c263eef82034f0d4d3f7626658eed6521567809406958f1d96e553b823a0873
+  data.tar.gz: 6db3e59d18d9c053a2905d3508aec9d29ebc7f5ce5ffe8bcdcfd63e3394ed813b267bf6691594fcf2b49593d053e01221345385ae5fa1d90650ca30217e9bbfc

data/helpers/requirements.txt CHANGED Viewed

@@ -1,10 +1,10 @@
-pip==21.1.2
-pip-tools==6.1.0
+pip==21.1.3
+pip-tools==6.2.0
 flake8==3.9.2
 hashin==0.15.0
 pipenv==2021.5.29
 pipfile==0.0.2
-poetry==1.1.6
+poetry==1.1.7
 wheel==0.36.2
 # Some dependencies will only install if Cython is present

data/lib/dependabot/python/file_fetcher.rb CHANGED Viewed

@@ -5,6 +5,7 @@ require "toml-rb"
 require "dependabot/file_fetchers"
 require "dependabot/file_fetchers/base"
 require "dependabot/python/requirement_parser"
+require "dependabot/python/file_parser/poetry_files_parser"
 require "dependabot/errors"
 module Dependabot
@@ -385,7 +386,7 @@ module Dependabot
         return [] unless pyproject
         paths = []
-        %w(dependencies dev-dependencies).each do |dep_type|
+        Dependabot::Python::FileParser::PoetryFilesParser::POETRY_DEPENDENCY_TYPES.each do |dep_type|
           next unless parsed_pyproject.dig("tool", "poetry", dep_type)
           parsed_pyproject.dig("tool", "poetry", dep_type).each do |_, req|

@@ -15,6 +15,9 @@ module Dependabot
       class PoetryFilesParser
         POETRY_DEPENDENCY_TYPES = %w(dependencies dev-dependencies).freeze
+        # https://python-poetry.org/docs/dependency-specification/
+        UNSUPPORTED_DEPENDENCY_TYPES = %w(git path url).freeze
         def initialize(dependency_files:)
           @dependency_files = dependency_files
         end
@@ -40,7 +43,7 @@ module Dependabot
             deps_hash.each do |name, req|
               next if normalise(name) == "python"
-              next if req.is_a?(Hash) && req.key?("git")
+              next if req.is_a?(Hash) && UNSUPPORTED_DEPENDENCY_TYPES.any? { |t| req.key?(t) }
               check_requirements(req)
@@ -69,7 +72,7 @@ module Dependabot
           dependencies = Dependabot::FileParsers::Base::DependencySet.new
           parsed_lockfile.fetch("package", []).each do |details|
-            next if details.dig("source", "type") == "git"
+            next if %w(directory git url).include?(details.dig("source", "type"))
             dependencies <<
               Dependency.new(

@@ -132,7 +132,7 @@ module Dependabot
         end
         def lock_declaration_to_new_version!(poetry_object, dep)
-          %w(dependencies dev-dependencies).each do |type|
+          Dependabot::Python::FileParser::PoetryFilesParser::POETRY_DEPENDENCY_TYPES.each do |type|
             names = poetry_object[type]&.keys || []
             pkg_name = names.find { |nm| normalise(nm) == dep.name }
             next unless pkg_name

@@ -44,7 +44,7 @@ module Dependabot
           poetry_object = pyproject_object["tool"]["poetry"]
           excluded_names = dependencies.map(&:name) + ["python"]
-          %w(dependencies dev-dependencies).each do |key|
+          Dependabot::Python::FileParser::PoetryFilesParser::POETRY_DEPENDENCY_TYPES.each do |key|
             next unless poetry_object[key]
             poetry_object.fetch(key).each do |dep_name, _|

@@ -263,7 +263,7 @@ module Dependabot
           pyproject_object = TomlRB.parse(pyproject_content)
           poetry_object = pyproject_object.dig("tool", "poetry")
-          %w(dependencies dev-dependencies).each do |type|
+          Dependabot::Python::FileParser::PoetryFilesParser::POETRY_DEPENDENCY_TYPES.each do |type|
             names = poetry_object[type]&.keys || []
             pkg_name = names.find { |nm| normalise(nm) == dependency.name }
             next unless pkg_name

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-python
 version: !ruby/object:Gem::Version
-  version: 0.155.1
+  version: 0.156.4
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-06-23 00:00:00.000000000 Z
+date: 2021-06-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.155.1
+        version: 0.156.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.155.1
+        version: 0.156.4
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
@@ -100,14 +100,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.16.0
+        version: 1.18.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.16.0
+        version: 1.18.0
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement