dependabot-python 0.169.7 → 0.170.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 23cda27107d1a352124bd9f73be3dc47fa1cf1d6298099fdb61c6831f6d8bc3f
-  data.tar.gz: b76e35660b56e4fcdc51a69879644cdec55f5f8121b5499774cc645a75318b1b
+  metadata.gz: b4a906dfe3206d1e0edf1e3f55dd90f9402fec3d2da33f912754321af5145a81
+  data.tar.gz: aa98c889439a4e8d78af0b53d0b7f3adb74ac20a41fb525a28543eb71613ca4b
 SHA512:
-  metadata.gz: f4804b346fcc17c5ab1ff2c426ebd82fe3a7a8c5960050410fcffa30f844a0eb6a73ba7c50acaba34616de40cb1388303e8bb0883537fc39a4305b0296de176d
-  data.tar.gz: ea1bae1000cd71d3fd675098d8a835424b3e7d61ae03cdd91231a2571356cb73700d5a7d1f9905bfd7a0ae4738c77829a3aa890174d06a02d04f9b7202b4563f
+  metadata.gz: f61266d5b9fd89f32aa0081b8f5016b8701727c34a634e12c695e538bb7973e99f3817e58d86861e32298791e3c55d4e7c6fe595fe417a7c4689766e4c3d5d0a
+  data.tar.gz: 6bfa715b143c550afd52e5cad29d92a6a59c16a6ef4ea28d272a3fed743145855112327538f3f721e1d002e810df59e4770c921b4860c4c52e6861023f2b9ab4

data/helpers/requirements.txt

@@ -2,10 +2,10 @@ pip==21.3.1
 pip-tools==6.4.0
 flake8==4.0.1
 hashin==0.15.0
-pipenv==2021.11.23
+pipenv==2022.1.8
 pipfile==0.0.2
 poetry==1.1.12
-wheel==0.37.0
+wheel==0.37.1
 
 # Some dependencies will only install if Cython is present
-Cython==0.29.25
+Cython==0.29.26

data/lib/dependabot/python/file_updater/pyproject_preparer.rb

@@ -22,8 +22,18 @@ module Dependabot
           pyproject_object = TomlRB.parse(pyproject_content)
           poetry_object = pyproject_object.fetch("tool").fetch("poetry")
 
-          sources = pyproject_sources + config_variable_sources(credentials)
-          poetry_object["source"] = sources if sources.any?
+          sources_hash = pyproject_sources.map { |source| [source["url"], source] }.to_h
+
+          config_variable_sources(credentials).each do |source|
+            if sources_hash.key?(source["original_url"])
+              sources_hash[source["original_url"]]["url"] = source["url"]
+            else
+              source.delete("original_url")
+              sources_hash[source["url"]] = source
+            end
+          end
+
+          poetry_object["source"] = sources_hash.values unless sources_hash.empty?
 
           TomlRB.dump(pyproject_object)
         end
@@ -105,6 +115,7 @@ module Dependabot
             select { |cred| cred["type"] == "python_index" }.
             map do |c|
               {
+                "original_url" => c["index-url"],
                 "url" => AuthedUrlBuilder.authed_url(credential: c),
                 "name" => SecureRandom.hex[0..3],
                 "default" => c["replaces-base"]

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-python
 version: !ruby/object:Gem::Version
-  version: 0.169.7
+  version: 0.170.2
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-12-20 00:00:00.000000000 Z
+date: 2022-01-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.169.7
+        version: 0.170.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.169.7
+        version: 0.170.2
 - !ruby/object:Gem::Dependency
-  name: byebug
+  name: debug
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '11.0'
+        version: 1.0.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '11.0'
+        version: 1.0.0
 - !ruby/object:Gem::Dependency
   name: gpgme
   requirement: !ruby/object:Gem::Requirement