dependabot-python 0.156.1 → 0.156.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/python/file_fetcher.rb +2 -1
- data/lib/dependabot/python/file_parser/poetry_files_parser.rb +5 -2
- data/lib/dependabot/python/file_updater/poetry_file_updater.rb +1 -1
- data/lib/dependabot/python/file_updater/pyproject_preparer.rb +1 -1
- data/lib/dependabot/python/update_checker/poetry_version_resolver.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a7698ced1b8299c320160a975c20d8cbc575bf12180bb648aeeb4cfb32b9191b
|
4
|
+
data.tar.gz: a5daa83e5086c39d9b8b9d92fac071c00a52a2081908d5593aed8cb7c49c8e74
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3c60f2933b3bfb9cd36953d5e36b6030a1a09f139d749142dbe143d9d7cf5cc043643c07668c11aee1a17857baabbcd1cfdda0a37ad3610212b1b1913e885e74
|
7
|
+
data.tar.gz: e4ab8a6186922dedff37def822f96927e82916caef8aa22da4018064445a869caebdd991d1ecda530958334ab6c38ea0f5dab079c57870bd879a915199d93baf
|
@@ -5,6 +5,7 @@ require "toml-rb"
|
|
5
5
|
require "dependabot/file_fetchers"
|
6
6
|
require "dependabot/file_fetchers/base"
|
7
7
|
require "dependabot/python/requirement_parser"
|
8
|
+
require "dependabot/python/file_parser/poetry_files_parser"
|
8
9
|
require "dependabot/errors"
|
9
10
|
|
10
11
|
module Dependabot
|
@@ -385,7 +386,7 @@ module Dependabot
|
|
385
386
|
return [] unless pyproject
|
386
387
|
|
387
388
|
paths = []
|
388
|
-
|
389
|
+
Dependabot::Python::FileParser::PoetryFilesParser::POETRY_DEPENDENCY_TYPES.each do |dep_type|
|
389
390
|
next unless parsed_pyproject.dig("tool", "poetry", dep_type)
|
390
391
|
|
391
392
|
parsed_pyproject.dig("tool", "poetry", dep_type).each do |_, req|
|
@@ -15,6 +15,9 @@ module Dependabot
|
|
15
15
|
class PoetryFilesParser
|
16
16
|
POETRY_DEPENDENCY_TYPES = %w(dependencies dev-dependencies).freeze
|
17
17
|
|
18
|
+
# https://python-poetry.org/docs/dependency-specification/
|
19
|
+
UNSUPPORTED_DEPENDENCY_TYPES = %w(git path url).freeze
|
20
|
+
|
18
21
|
def initialize(dependency_files:)
|
19
22
|
@dependency_files = dependency_files
|
20
23
|
end
|
@@ -40,7 +43,7 @@ module Dependabot
|
|
40
43
|
|
41
44
|
deps_hash.each do |name, req|
|
42
45
|
next if normalise(name) == "python"
|
43
|
-
next if req.is_a?(Hash) && req.key?(
|
46
|
+
next if req.is_a?(Hash) && UNSUPPORTED_DEPENDENCY_TYPES.any? { |t| req.key?(t) }
|
44
47
|
|
45
48
|
check_requirements(req)
|
46
49
|
|
@@ -69,7 +72,7 @@ module Dependabot
|
|
69
72
|
dependencies = Dependabot::FileParsers::Base::DependencySet.new
|
70
73
|
|
71
74
|
parsed_lockfile.fetch("package", []).each do |details|
|
72
|
-
next if details.dig("source", "type")
|
75
|
+
next if %w(directory git url).include?(details.dig("source", "type"))
|
73
76
|
|
74
77
|
dependencies <<
|
75
78
|
Dependency.new(
|
@@ -132,7 +132,7 @@ module Dependabot
|
|
132
132
|
end
|
133
133
|
|
134
134
|
def lock_declaration_to_new_version!(poetry_object, dep)
|
135
|
-
|
135
|
+
Dependabot::Python::FileParser::PoetryFilesParser::POETRY_DEPENDENCY_TYPES.each do |type|
|
136
136
|
names = poetry_object[type]&.keys || []
|
137
137
|
pkg_name = names.find { |nm| normalise(nm) == dep.name }
|
138
138
|
next unless pkg_name
|
@@ -44,7 +44,7 @@ module Dependabot
|
|
44
44
|
poetry_object = pyproject_object["tool"]["poetry"]
|
45
45
|
excluded_names = dependencies.map(&:name) + ["python"]
|
46
46
|
|
47
|
-
|
47
|
+
Dependabot::Python::FileParser::PoetryFilesParser::POETRY_DEPENDENCY_TYPES.each do |key|
|
48
48
|
next unless poetry_object[key]
|
49
49
|
|
50
50
|
poetry_object.fetch(key).each do |dep_name, _|
|
@@ -263,7 +263,7 @@ module Dependabot
|
|
263
263
|
pyproject_object = TomlRB.parse(pyproject_content)
|
264
264
|
poetry_object = pyproject_object.dig("tool", "poetry")
|
265
265
|
|
266
|
-
|
266
|
+
Dependabot::Python::FileParser::PoetryFilesParser::POETRY_DEPENDENCY_TYPES.each do |type|
|
267
267
|
names = poetry_object[type]&.keys || []
|
268
268
|
pkg_name = names.find { |nm| normalise(nm) == dependency.name }
|
269
269
|
next unless pkg_name
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-python
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.156.
|
4
|
+
version: 0.156.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-06-
|
11
|
+
date: 2021-06-25 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.156.
|
19
|
+
version: 0.156.2
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.156.
|
26
|
+
version: 0.156.2
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|