dependabot-python 0.156.0 → 0.156.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/requirements.txt +2 -2
  3. data/lib/dependabot/python/file_fetcher.rb +2 -1
  4. data/lib/dependabot/python/file_parser/poetry_files_parser.rb +5 -2
  5. data/lib/dependabot/python/file_updater/poetry_file_updater.rb +3 -2
  6. data/lib/dependabot/python/file_updater/pyproject_preparer.rb +1 -1
  7. data/lib/dependabot/python/update_checker/poetry_version_resolver.rb +1 -1
  8. metadata +6 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8111d6d931e26121852366b8ec4285edb168b880c126cf5989a148e694944f13
4
- data.tar.gz: 812be57d5546c3535ebd1dca5c82184c6f91ba0e3dd0dbfd17cbc61ea71d64f3
3
+ metadata.gz: 497eaf046a6cf155b746f6db4f42f5c994409f1e7fefab37cfa35ab3f734abd1
4
+ data.tar.gz: 50a32d32b6a2797c54cf120d44c9fa0d1d2b5914a440351a75abd5413195ffc1
5
5
  SHA512:
6
- metadata.gz: 474c0f48a4aca4cd437f30d6cf59e775c5a7269a6af185851833bf6d3d5df248e60c2dfce8c918f5f29215ea067b4fcb39100d775f042b64624e6b36412e5bc5
7
- data.tar.gz: 1147881012eb980101afcbc1ec7a8aa37ebdfc3add6556b2f0bcaab7c0128312b956abd6aad28770105bcb343853a25e8f7a022aca1f88aa6c52f8c8ed0a6a50
6
+ metadata.gz: a341078afe9d97b84e9c637007be438a3c97f924413b0510217cae130ab35b5f8c08bdf7018a3d145cb64b3be92d19a49f319dea2a053bee38347638eae05906
7
+ data.tar.gz: 03ed405fd2cd1f697dce49d4d01298c6bad10be42789168908bcbf3637baad3c3d8cc036a0a7914a7ed519d7953792d269e7876abaa1eea048754361367c83ea
data/helpers/requirements.txt CHANGED
@@ -1,10 +1,10 @@
1
- pip==21.1.2
1
+ pip==21.1.3
2
2
  pip-tools==6.2.0
3
3
  flake8==3.9.2
4
4
  hashin==0.15.0
5
5
  pipenv==2021.5.29
6
6
  pipfile==0.0.2
7
- poetry==1.1.6
7
+ poetry==1.1.7
8
8
  wheel==0.36.2
9
9
 
10
10
  # Some dependencies will only install if Cython is present
data/lib/dependabot/python/file_fetcher.rb CHANGED
@@ -5,6 +5,7 @@ require "toml-rb"
5
5
  require "dependabot/file_fetchers"
6
6
  require "dependabot/file_fetchers/base"
7
7
  require "dependabot/python/requirement_parser"
8
+ require "dependabot/python/file_parser/poetry_files_parser"
8
9
  require "dependabot/errors"
9
10
 
10
11
  module Dependabot
@@ -385,7 +386,7 @@ module Dependabot
385
386
  return [] unless pyproject
386
387
 
387
388
  paths = []
388
- %w(dependencies dev-dependencies).each do |dep_type|
389
+ Dependabot::Python::FileParser::PoetryFilesParser::POETRY_DEPENDENCY_TYPES.each do |dep_type|
389
390
  next unless parsed_pyproject.dig("tool", "poetry", dep_type)
390
391
 
391
392
  parsed_pyproject.dig("tool", "poetry", dep_type).each do |_, req|
data/lib/dependabot/python/file_parser/poetry_files_parser.rb CHANGED
@@ -15,6 +15,9 @@ module Dependabot
15
15
  class PoetryFilesParser
16
16
  POETRY_DEPENDENCY_TYPES = %w(dependencies dev-dependencies).freeze
17
17
 
18
+ # https://python-poetry.org/docs/dependency-specification/
19
+ UNSUPPORTED_DEPENDENCY_TYPES = %w(git path url).freeze
20
+
18
21
  def initialize(dependency_files:)
19
22
  @dependency_files = dependency_files
20
23
  end
@@ -40,7 +43,7 @@ module Dependabot
40
43
 
41
44
  deps_hash.each do |name, req|
42
45
  next if normalise(name) == "python"
43
- next if req.is_a?(Hash) && req.key?("git")
46
+ next if req.is_a?(Hash) && UNSUPPORTED_DEPENDENCY_TYPES.any? { |t| req.key?(t) }
44
47
 
45
48
  check_requirements(req)
46
49
 
@@ -69,7 +72,7 @@ module Dependabot
69
72
  dependencies = Dependabot::FileParsers::Base::DependencySet.new
70
73
 
71
74
  parsed_lockfile.fetch("package", []).each do |details|
72
- next if details.dig("source", "type") == "git"
75
+ next if %w(directory git url).include?(details.dig("source", "type"))
73
76
 
74
77
  dependencies <<
75
78
  Dependency.new(
data/lib/dependabot/python/file_updater/poetry_file_updater.rb CHANGED
@@ -132,7 +132,7 @@ module Dependabot
132
132
  end
133
133
 
134
134
  def lock_declaration_to_new_version!(poetry_object, dep)
135
- %w(dependencies dev-dependencies).each do |type|
135
+ Dependabot::Python::FileParser::PoetryFilesParser::POETRY_DEPENDENCY_TYPES.each do |type|
136
136
  names = poetry_object[type]&.keys || []
137
137
  pkg_name = names.find { |nm| normalise(nm) == dep.name }
138
138
  next unless pkg_name
@@ -257,7 +257,8 @@ module Dependabot
257
257
  def pyproject_hash_for(pyproject_content)
258
258
  SharedHelpers.in_a_temporary_directory do |dir|
259
259
  SharedHelpers.with_git_configured(credentials: credentials) do
260
- File.write(File.join(dir, "pyproject.toml"), pyproject_content)
260
+ write_temporary_dependency_files(pyproject_content)
261
+
261
262
  SharedHelpers.run_helper_subprocess(
262
263
  command: "pyenv exec python #{python_helper_path}",
263
264
  function: "get_pyproject_hash",
data/lib/dependabot/python/file_updater/pyproject_preparer.rb CHANGED
@@ -44,7 +44,7 @@ module Dependabot
44
44
  poetry_object = pyproject_object["tool"]["poetry"]
45
45
  excluded_names = dependencies.map(&:name) + ["python"]
46
46
 
47
- %w(dependencies dev-dependencies).each do |key|
47
+ Dependabot::Python::FileParser::PoetryFilesParser::POETRY_DEPENDENCY_TYPES.each do |key|
48
48
  next unless poetry_object[key]
49
49
 
50
50
  poetry_object.fetch(key).each do |dep_name, _|
data/lib/dependabot/python/update_checker/poetry_version_resolver.rb CHANGED
@@ -263,7 +263,7 @@ module Dependabot
263
263
  pyproject_object = TomlRB.parse(pyproject_content)
264
264
  poetry_object = pyproject_object.dig("tool", "poetry")
265
265
 
266
- %w(dependencies dev-dependencies).each do |type|
266
+ Dependabot::Python::FileParser::PoetryFilesParser::POETRY_DEPENDENCY_TYPES.each do |type|
267
267
  names = poetry_object[type]&.keys || []
268
268
  pkg_name = names.find { |nm| normalise(nm) == dependency.name }
269
269
  next unless pkg_name
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.156.0
4
+ version: 0.156.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-06-23 00:00:00.000000000 Z
11
+ date: 2021-07-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.156.0
19
+ version: 0.156.5
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.156.0
26
+ version: 0.156.5
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -100,14 +100,14 @@ dependencies:
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: 1.16.0
103
+ version: 1.18.0
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: 1.16.0
110
+ version: 1.18.0
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: simplecov
113
113
  requirement: !ruby/object:Gem::Requirement