dependabot-python 0.166.1 → 0.169.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/helpers/requirements.txt +3 -3
- data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb +3 -0
- data/lib/dependabot/python/file_updater/pyproject_preparer.rb +1 -1
- data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb +1 -1
- data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb +9 -8
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 491d235ce8877b0da3a7de048d9ec6cb38b89f8898c46f5a07760900d6b8bcc8
|
|
4
|
+
data.tar.gz: 0b0434fe1caa2459cdd3ba3cb9aff518c63697b0ffbe1f9128858c6e1839f26d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 314e6788ad67e4c9a7021c4ee3ee3292418ec6619cca1be069b7c63712f73ed6fe742a5408859466d040532093fd10edd2c734d860eb02f32e71f9f5d50c6210
|
|
7
|
+
data.tar.gz: 0d011a883b921c37d728b1510904f0a382e5ca043b21539119cfea4dff5e3318687141a9cf4a8c48b39c9041a039123474b3af9199fa9d8ba39005a13a3f4733
|
data/helpers/requirements.txt
CHANGED
|
@@ -430,6 +430,9 @@ module Dependabot
|
|
|
430
430
|
options << "--no-header" unless requirements_file.content.include?("autogenerated by pip-c")
|
|
431
431
|
|
|
432
432
|
options << "--pre" if requirements_file.content.include?("--pre")
|
|
433
|
+
|
|
434
|
+
options << "--strip-extras" if requirements_file.content.include?("--strip-extras")
|
|
435
|
+
|
|
433
436
|
options
|
|
434
437
|
end
|
|
435
438
|
|
|
@@ -54,7 +54,7 @@ module Dependabot
|
|
|
54
54
|
|
|
55
55
|
next unless (locked_version = locked_details&.fetch("version"))
|
|
56
56
|
|
|
57
|
-
next if locked_details&.dig("source", "type")
|
|
57
|
+
next if %w(directory file url).include?(locked_details&.dig("source", "type"))
|
|
58
58
|
|
|
59
59
|
if locked_details&.dig("source", "type") == "git"
|
|
60
60
|
poetry_object[key][dep_name] = {
|
|
@@ -25,7 +25,7 @@ module Dependabot
|
|
|
25
25
|
# rubocop:disable Metrics/ClassLength
|
|
26
26
|
class PipCompileVersionResolver
|
|
27
27
|
GIT_DEPENDENCY_UNREACHABLE_REGEX =
|
|
28
|
-
/git clone -q (?<url>[^\s]+).* /.freeze
|
|
28
|
+
/git clone --filter=blob:none -q (?<url>[^\s]+).* /.freeze
|
|
29
29
|
GIT_REFERENCE_NOT_FOUND_REGEX =
|
|
30
30
|
/egg=(?<name>\S+).*.*WARNING: Did not find branch or tag \'(?<tag>[^\n"]+)\'/m.freeze
|
|
31
31
|
NATIVE_COMPILATION_ERROR =
|
|
@@ -40,7 +40,9 @@ module Dependabot
|
|
|
40
40
|
PIPENV_INSTALLATION_ERROR_REGEX =
|
|
41
41
|
/#{Regexp.quote(TRACEBACK)}[\s\S]*^\s+import\s(?<name>.+)[\s\S]*^#{Regexp.quote(PIPENV_INSTALLATION_ERROR)}/.
|
|
42
42
|
freeze
|
|
43
|
-
|
|
43
|
+
UNSUPPORTED_DEPS = %w(pyobjc).freeze
|
|
44
|
+
UNSUPPORTED_DEP_REGEX =
|
|
45
|
+
/Could not find a version that satisfies the requirement.*(?:#{UNSUPPORTED_DEPS.join("|")})/.freeze
|
|
44
46
|
PIPENV_RANGE_WARNING = /Warning:\sPython\s[<>].* was not found/.freeze
|
|
45
47
|
|
|
46
48
|
attr_reader :dependency, :dependency_files, :credentials
|
|
@@ -62,11 +64,7 @@ module Dependabot
|
|
|
62
64
|
@resolvable ||= {}
|
|
63
65
|
return @resolvable[version] if @resolvable.key?(version)
|
|
64
66
|
|
|
65
|
-
@resolvable[version] =
|
|
66
|
-
true
|
|
67
|
-
else
|
|
68
|
-
false
|
|
69
|
-
end
|
|
67
|
+
@resolvable[version] = !!fetch_latest_resolvable_version_string(requirement: "==#{version}")
|
|
70
68
|
end
|
|
71
69
|
|
|
72
70
|
private
|
|
@@ -155,7 +153,9 @@ module Dependabot
|
|
|
155
153
|
raise DependencyFileNotResolvable, msg
|
|
156
154
|
end
|
|
157
155
|
|
|
158
|
-
|
|
156
|
+
if error.message.include?("Could not find a version") || error.message.include?("ResolutionFailure")
|
|
157
|
+
check_original_requirements_resolvable
|
|
158
|
+
end
|
|
159
159
|
|
|
160
160
|
if error.message.include?("SyntaxError: invalid syntax")
|
|
161
161
|
raise DependencyFileNotResolvable,
|
|
@@ -220,7 +220,8 @@ module Dependabot
|
|
|
220
220
|
end
|
|
221
221
|
|
|
222
222
|
def handle_pipenv_errors_resolving_original_reqs(error)
|
|
223
|
-
if error.message.include?("Could not find a version")
|
|
223
|
+
if error.message.include?("Could not find a version") ||
|
|
224
|
+
error.message.include?("package versions have conflicting dependencies")
|
|
224
225
|
msg = clean_error_message(error.message)
|
|
225
226
|
msg.gsub!(/\s+\(from .*$/, "")
|
|
226
227
|
raise if msg.empty?
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-python
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.169.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-11-
|
|
11
|
+
date: 2021-11-29 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.169.1
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.169.1
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|