dependabot-python 0.156.0 → 0.156.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/requirements.txt +2 -2
- data/lib/dependabot/python/file_fetcher.rb +2 -1
- data/lib/dependabot/python/file_parser/poetry_files_parser.rb +5 -2
- data/lib/dependabot/python/file_updater/poetry_file_updater.rb +3 -2
- data/lib/dependabot/python/file_updater/pyproject_preparer.rb +1 -1
- data/lib/dependabot/python/update_checker/poetry_version_resolver.rb +1 -1
- metadata +6 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 497eaf046a6cf155b746f6db4f42f5c994409f1e7fefab37cfa35ab3f734abd1
|
|
4
|
+
data.tar.gz: 50a32d32b6a2797c54cf120d44c9fa0d1d2b5914a440351a75abd5413195ffc1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a341078afe9d97b84e9c637007be438a3c97f924413b0510217cae130ab35b5f8c08bdf7018a3d145cb64b3be92d19a49f319dea2a053bee38347638eae05906
|
|
7
|
+
data.tar.gz: 03ed405fd2cd1f697dce49d4d01298c6bad10be42789168908bcbf3637baad3c3d8cc036a0a7914a7ed519d7953792d269e7876abaa1eea048754361367c83ea
|
data/helpers/requirements.txt
CHANGED
|
@@ -5,6 +5,7 @@ require "toml-rb"
|
|
|
5
5
|
require "dependabot/file_fetchers"
|
|
6
6
|
require "dependabot/file_fetchers/base"
|
|
7
7
|
require "dependabot/python/requirement_parser"
|
|
8
|
+
require "dependabot/python/file_parser/poetry_files_parser"
|
|
8
9
|
require "dependabot/errors"
|
|
9
10
|
|
|
10
11
|
module Dependabot
|
|
@@ -385,7 +386,7 @@ module Dependabot
|
|
|
385
386
|
return [] unless pyproject
|
|
386
387
|
|
|
387
388
|
paths = []
|
|
388
|
-
|
|
389
|
+
Dependabot::Python::FileParser::PoetryFilesParser::POETRY_DEPENDENCY_TYPES.each do |dep_type|
|
|
389
390
|
next unless parsed_pyproject.dig("tool", "poetry", dep_type)
|
|
390
391
|
|
|
391
392
|
parsed_pyproject.dig("tool", "poetry", dep_type).each do |_, req|
|
|
@@ -15,6 +15,9 @@ module Dependabot
|
|
|
15
15
|
class PoetryFilesParser
|
|
16
16
|
POETRY_DEPENDENCY_TYPES = %w(dependencies dev-dependencies).freeze
|
|
17
17
|
|
|
18
|
+
# https://python-poetry.org/docs/dependency-specification/
|
|
19
|
+
UNSUPPORTED_DEPENDENCY_TYPES = %w(git path url).freeze
|
|
20
|
+
|
|
18
21
|
def initialize(dependency_files:)
|
|
19
22
|
@dependency_files = dependency_files
|
|
20
23
|
end
|
|
@@ -40,7 +43,7 @@ module Dependabot
|
|
|
40
43
|
|
|
41
44
|
deps_hash.each do |name, req|
|
|
42
45
|
next if normalise(name) == "python"
|
|
43
|
-
next if req.is_a?(Hash) && req.key?(
|
|
46
|
+
next if req.is_a?(Hash) && UNSUPPORTED_DEPENDENCY_TYPES.any? { |t| req.key?(t) }
|
|
44
47
|
|
|
45
48
|
check_requirements(req)
|
|
46
49
|
|
|
@@ -69,7 +72,7 @@ module Dependabot
|
|
|
69
72
|
dependencies = Dependabot::FileParsers::Base::DependencySet.new
|
|
70
73
|
|
|
71
74
|
parsed_lockfile.fetch("package", []).each do |details|
|
|
72
|
-
next if details.dig("source", "type")
|
|
75
|
+
next if %w(directory git url).include?(details.dig("source", "type"))
|
|
73
76
|
|
|
74
77
|
dependencies <<
|
|
75
78
|
Dependency.new(
|
|
@@ -132,7 +132,7 @@ module Dependabot
|
|
|
132
132
|
end
|
|
133
133
|
|
|
134
134
|
def lock_declaration_to_new_version!(poetry_object, dep)
|
|
135
|
-
|
|
135
|
+
Dependabot::Python::FileParser::PoetryFilesParser::POETRY_DEPENDENCY_TYPES.each do |type|
|
|
136
136
|
names = poetry_object[type]&.keys || []
|
|
137
137
|
pkg_name = names.find { |nm| normalise(nm) == dep.name }
|
|
138
138
|
next unless pkg_name
|
|
@@ -257,7 +257,8 @@ module Dependabot
|
|
|
257
257
|
def pyproject_hash_for(pyproject_content)
|
|
258
258
|
SharedHelpers.in_a_temporary_directory do |dir|
|
|
259
259
|
SharedHelpers.with_git_configured(credentials: credentials) do
|
|
260
|
-
|
|
260
|
+
write_temporary_dependency_files(pyproject_content)
|
|
261
|
+
|
|
261
262
|
SharedHelpers.run_helper_subprocess(
|
|
262
263
|
command: "pyenv exec python #{python_helper_path}",
|
|
263
264
|
function: "get_pyproject_hash",
|
|
@@ -44,7 +44,7 @@ module Dependabot
|
|
|
44
44
|
poetry_object = pyproject_object["tool"]["poetry"]
|
|
45
45
|
excluded_names = dependencies.map(&:name) + ["python"]
|
|
46
46
|
|
|
47
|
-
|
|
47
|
+
Dependabot::Python::FileParser::PoetryFilesParser::POETRY_DEPENDENCY_TYPES.each do |key|
|
|
48
48
|
next unless poetry_object[key]
|
|
49
49
|
|
|
50
50
|
poetry_object.fetch(key).each do |dep_name, _|
|
|
@@ -263,7 +263,7 @@ module Dependabot
|
|
|
263
263
|
pyproject_object = TomlRB.parse(pyproject_content)
|
|
264
264
|
poetry_object = pyproject_object.dig("tool", "poetry")
|
|
265
265
|
|
|
266
|
-
|
|
266
|
+
Dependabot::Python::FileParser::PoetryFilesParser::POETRY_DEPENDENCY_TYPES.each do |type|
|
|
267
267
|
names = poetry_object[type]&.keys || []
|
|
268
268
|
pkg_name = names.find { |nm| normalise(nm) == dependency.name }
|
|
269
269
|
next unless pkg_name
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-python
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.156.
|
|
4
|
+
version: 0.156.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-07-12 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.156.
|
|
19
|
+
version: 0.156.5
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.156.
|
|
26
|
+
version: 0.156.5
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -100,14 +100,14 @@ dependencies:
|
|
|
100
100
|
requirements:
|
|
101
101
|
- - "~>"
|
|
102
102
|
- !ruby/object:Gem::Version
|
|
103
|
-
version: 1.
|
|
103
|
+
version: 1.18.0
|
|
104
104
|
type: :development
|
|
105
105
|
prerelease: false
|
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
|
107
107
|
requirements:
|
|
108
108
|
- - "~>"
|
|
109
109
|
- !ruby/object:Gem::Version
|
|
110
|
-
version: 1.
|
|
110
|
+
version: 1.18.0
|
|
111
111
|
- !ruby/object:Gem::Dependency
|
|
112
112
|
name: simplecov
|
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|