dependabot-python 0.169.8 → 0.171.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8c786cadd8d0d028aa09ecdb9a418867e5316daf1f332787237a34210591b9bb
-  data.tar.gz: 726d89700968acca54eb7866a8bd5e51851f269fa2ea5f998111cb3e2553a219
+  metadata.gz: 8abe744f5aac43f30dcac998d3507f93e35495a87ddb44469c72af91d916f679
+  data.tar.gz: 2f4e2adbac0ade94278ad55abcce0e1bc31f04652c68891f1dc4515ad30e7c37
 SHA512:
-  metadata.gz: 6e9489fe6e1cb0656692e7127f9a13ec83771668225f87dab07afb7e4e03f9e6e531a448ecd561ccf18089ad5952e4b29270e6e647c3b6072502b3de539f7b93
-  data.tar.gz: 9270d42b4b368da12930a9a671845297985214d0db6d243e076848c63c3560e642b73261c8bc7b8bb1b0a611a234bfb9aa218b906ac67204770fd0dc3e6a8de1
+  metadata.gz: 11c2527849b18ee3f9b6218c3d432c306179519fc0d67e8fe0bf62814a9d085ce15e0a500009b3ad06c60689c489f4a08d2e2b5fe33e1b8d40ad512909666075
+  data.tar.gz: beb4177224c2b8c2c9cd84658f033d707680f0187751df04204cfdea75cadc1bd5f1871092cedd3a2aef7fb939d06e3fb9eca6341229a4292e2ddbfc56ebbbd1

data/helpers/requirements.txt

@@ -2,10 +2,10 @@ pip==21.3.1
 pip-tools==6.4.0
 flake8==4.0.1
 hashin==0.15.0
-pipenv==2021.11.23
+pipenv==2022.1.8
 pipfile==0.0.2
 poetry==1.1.12
-wheel==0.37.0
+wheel==0.37.1
 
 # Some dependencies will only install if Cython is present
-Cython==0.29.25
+Cython==0.29.26

data/lib/dependabot/python/file_updater/pyproject_preparer.rb

@@ -22,8 +22,18 @@ module Dependabot
           pyproject_object = TomlRB.parse(pyproject_content)
           poetry_object = pyproject_object.fetch("tool").fetch("poetry")
 
-          sources = pyproject_sources + config_variable_sources(credentials)
-          poetry_object["source"] = sources if sources.any?
+          sources_hash = pyproject_sources.map { |source| [source["url"], source] }.to_h
+
+          config_variable_sources(credentials).each do |source|
+            if sources_hash.key?(source["original_url"])
+              sources_hash[source["original_url"]]["url"] = source["url"]
+            else
+              source.delete("original_url")
+              sources_hash[source["url"]] = source
+            end
+          end
+
+          poetry_object["source"] = sources_hash.values unless sources_hash.empty?
 
           TomlRB.dump(pyproject_object)
         end
@@ -105,6 +115,7 @@ module Dependabot
             select { |cred| cred["type"] == "python_index" }.
             map do |c|
               {
+                "original_url" => c["index-url"],
                 "url" => AuthedUrlBuilder.authed_url(credential: c),
                 "name" => SecureRandom.hex[0..3],
                 "default" => c["replaces-base"]

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-python
 version: !ruby/object:Gem::Version
-  version: 0.169.8
+  version: 0.171.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-12-21 00:00:00.000000000 Z
+date: 2022-01-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.169.8
+        version: 0.171.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.169.8
+        version: 0.171.0
 - !ruby/object:Gem::Dependency
-  name: byebug
+  name: debug
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '11.0'
+        version: 1.0.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '11.0'
+        version: 1.0.0
 - !ruby/object:Gem::Dependency
   name: gpgme
   requirement: !ruby/object:Gem::Requirement