dependabot-python 0.156.1 → 0.156.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/python/file_fetcher.rb +2 -1
- data/lib/dependabot/python/file_parser/poetry_files_parser.rb +5 -2
- data/lib/dependabot/python/file_updater/poetry_file_updater.rb +1 -1
- data/lib/dependabot/python/file_updater/pyproject_preparer.rb +1 -1
- data/lib/dependabot/python/update_checker/poetry_version_resolver.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a7698ced1b8299c320160a975c20d8cbc575bf12180bb648aeeb4cfb32b9191b
|
|
4
|
+
data.tar.gz: a5daa83e5086c39d9b8b9d92fac071c00a52a2081908d5593aed8cb7c49c8e74
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3c60f2933b3bfb9cd36953d5e36b6030a1a09f139d749142dbe143d9d7cf5cc043643c07668c11aee1a17857baabbcd1cfdda0a37ad3610212b1b1913e885e74
|
|
7
|
+
data.tar.gz: e4ab8a6186922dedff37def822f96927e82916caef8aa22da4018064445a869caebdd991d1ecda530958334ab6c38ea0f5dab079c57870bd879a915199d93baf
|
|
@@ -5,6 +5,7 @@ require "toml-rb"
|
|
|
5
5
|
require "dependabot/file_fetchers"
|
|
6
6
|
require "dependabot/file_fetchers/base"
|
|
7
7
|
require "dependabot/python/requirement_parser"
|
|
8
|
+
require "dependabot/python/file_parser/poetry_files_parser"
|
|
8
9
|
require "dependabot/errors"
|
|
9
10
|
|
|
10
11
|
module Dependabot
|
|
@@ -385,7 +386,7 @@ module Dependabot
|
|
|
385
386
|
return [] unless pyproject
|
|
386
387
|
|
|
387
388
|
paths = []
|
|
388
|
-
|
|
389
|
+
Dependabot::Python::FileParser::PoetryFilesParser::POETRY_DEPENDENCY_TYPES.each do |dep_type|
|
|
389
390
|
next unless parsed_pyproject.dig("tool", "poetry", dep_type)
|
|
390
391
|
|
|
391
392
|
parsed_pyproject.dig("tool", "poetry", dep_type).each do |_, req|
|
|
@@ -15,6 +15,9 @@ module Dependabot
|
|
|
15
15
|
class PoetryFilesParser
|
|
16
16
|
POETRY_DEPENDENCY_TYPES = %w(dependencies dev-dependencies).freeze
|
|
17
17
|
|
|
18
|
+
# https://python-poetry.org/docs/dependency-specification/
|
|
19
|
+
UNSUPPORTED_DEPENDENCY_TYPES = %w(git path url).freeze
|
|
20
|
+
|
|
18
21
|
def initialize(dependency_files:)
|
|
19
22
|
@dependency_files = dependency_files
|
|
20
23
|
end
|
|
@@ -40,7 +43,7 @@ module Dependabot
|
|
|
40
43
|
|
|
41
44
|
deps_hash.each do |name, req|
|
|
42
45
|
next if normalise(name) == "python"
|
|
43
|
-
next if req.is_a?(Hash) && req.key?(
|
|
46
|
+
next if req.is_a?(Hash) && UNSUPPORTED_DEPENDENCY_TYPES.any? { |t| req.key?(t) }
|
|
44
47
|
|
|
45
48
|
check_requirements(req)
|
|
46
49
|
|
|
@@ -69,7 +72,7 @@ module Dependabot
|
|
|
69
72
|
dependencies = Dependabot::FileParsers::Base::DependencySet.new
|
|
70
73
|
|
|
71
74
|
parsed_lockfile.fetch("package", []).each do |details|
|
|
72
|
-
next if details.dig("source", "type")
|
|
75
|
+
next if %w(directory git url).include?(details.dig("source", "type"))
|
|
73
76
|
|
|
74
77
|
dependencies <<
|
|
75
78
|
Dependency.new(
|
|
@@ -132,7 +132,7 @@ module Dependabot
|
|
|
132
132
|
end
|
|
133
133
|
|
|
134
134
|
def lock_declaration_to_new_version!(poetry_object, dep)
|
|
135
|
-
|
|
135
|
+
Dependabot::Python::FileParser::PoetryFilesParser::POETRY_DEPENDENCY_TYPES.each do |type|
|
|
136
136
|
names = poetry_object[type]&.keys || []
|
|
137
137
|
pkg_name = names.find { |nm| normalise(nm) == dep.name }
|
|
138
138
|
next unless pkg_name
|
|
@@ -44,7 +44,7 @@ module Dependabot
|
|
|
44
44
|
poetry_object = pyproject_object["tool"]["poetry"]
|
|
45
45
|
excluded_names = dependencies.map(&:name) + ["python"]
|
|
46
46
|
|
|
47
|
-
|
|
47
|
+
Dependabot::Python::FileParser::PoetryFilesParser::POETRY_DEPENDENCY_TYPES.each do |key|
|
|
48
48
|
next unless poetry_object[key]
|
|
49
49
|
|
|
50
50
|
poetry_object.fetch(key).each do |dep_name, _|
|
|
@@ -263,7 +263,7 @@ module Dependabot
|
|
|
263
263
|
pyproject_object = TomlRB.parse(pyproject_content)
|
|
264
264
|
poetry_object = pyproject_object.dig("tool", "poetry")
|
|
265
265
|
|
|
266
|
-
|
|
266
|
+
Dependabot::Python::FileParser::PoetryFilesParser::POETRY_DEPENDENCY_TYPES.each do |type|
|
|
267
267
|
names = poetry_object[type]&.keys || []
|
|
268
268
|
pkg_name = names.find { |nm| normalise(nm) == dependency.name }
|
|
269
269
|
next unless pkg_name
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-python
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.156.
|
|
4
|
+
version: 0.156.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-06-
|
|
11
|
+
date: 2021-06-25 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.156.
|
|
19
|
+
version: 0.156.2
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.156.
|
|
26
|
+
version: 0.156.2
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|