dependabot-python 0.180.0 → 0.180.3

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 026671b4e176fceb00283fee55645abd574a6aaa38eebb055e1d5ec8d93dbb68
4
- data.tar.gz: ec3079745309a7b26222cd38f627b69e0d8740e49d86e486867ee2c30bdab64c
3
+ metadata.gz: 640e6703b3bb9e7aead40b2c323d23ffaf6c52f3adfa09a551ca1d941f561d36
4
+ data.tar.gz: fa0c3160e37d6a53e074eb661b4137810e644a64498fc1f1b96e1728c3960b94
5
5
  SHA512:
6
- metadata.gz: d7b2ad04c39bb0e2afacd659737c6be7c717f9590607fe557f8b18acfc45c3a6d9bbca1183e6345a9581b2444d6b890b2f2ce6dbf71b8fcbc012447678c6af92
7
- data.tar.gz: a6df3197844d92eb87762ca6ec8df88f68b5629b811907d166ef09c224f78da1ee83e1baf9f2958371fbf1a401987e259f2709fa4bafc995cb3aed5e80617ccb
6
+ metadata.gz: 10b638a550024566bdd242b5bbbb50c8d4db557c8ad74af19bf27268ec565303749a742365568727d00b77956dee71ec189d637984913044ad63270ec404c044
7
+ data.tar.gz: d23ae84a495f107d027ca8a774b6c32d3bbc95d382f84f4fb795c839ac6c7388985e22ced647c81d1df5aa2e0a64ee807a70786be28827f9bac8ab904b15d06f
@@ -1,8 +1,8 @@
1
- pip==21.3.1
1
+ pip==22.0.4
2
2
  pip-tools==6.5.1
3
3
  flake8==4.0.1
4
4
  hashin==0.17.0
5
- pipenv==2022.1.8
5
+ pipenv==2022.3.28
6
6
  pipfile==0.0.2
7
7
  poetry==1.1.13
8
8
  wheel==0.37.1
@@ -6,7 +6,7 @@ module Dependabot
6
6
  NAME = /[a-zA-Z0-9](?:[a-zA-Z0-9\-_\.]*[a-zA-Z0-9])?/.freeze
7
7
  EXTRA = /[a-zA-Z0-9\-_\.]+/.freeze
8
8
  COMPARISON = /===|==|>=|<=|<|>|~=|!=/.freeze
9
- VERSION = /[0-9]+[a-zA-Z0-9\-_\.*]*(\+[0-9a-zA-Z]+(\.[0-9a-zA-Z]+)*)?/.
9
+ VERSION = /([1-9][0-9]*!)?[0-9]+[a-zA-Z0-9\-_.*]*(\+[0-9a-zA-Z]+(\.[0-9a-zA-Z]+)*)?/.
10
10
  freeze
11
11
  REQUIREMENT =
12
12
  /(?<comparison>#{COMPARISON})\s*\\?\s*(?<version>#{VERSION})/.freeze
@@ -25,11 +25,13 @@ module Dependabot
25
25
  # rubocop:disable Metrics/ClassLength
26
26
  class PipCompileVersionResolver
27
27
  GIT_DEPENDENCY_UNREACHABLE_REGEX =
28
- /git clone --filter=blob:none -q (?<url>[^\s]+).* /.freeze
28
+ /git clone --filter=blob:none --quiet (?<url>[^\s]+).* /.freeze
29
29
  GIT_REFERENCE_NOT_FOUND_REGEX =
30
- /egg=(?<name>\S+).*.*WARNING: Did not find branch or tag \'(?<tag>[^\n"]+)\'/m.freeze
30
+ /Did not find branch or tag '(?<tag>[^\n"]+)'/m.freeze
31
31
  NATIVE_COMPILATION_ERROR =
32
32
  "pip._internal.exceptions.InstallationSubprocessError: Command errored out with exit status 1:"
33
+ # See https://packaging.python.org/en/latest/tutorials/packaging-projects/#configuring-metadata
34
+ PYTHON_PACKAGE_NAME_REGEX = /[A-Za-z0-9_\-]+/.freeze
33
35
 
34
36
  attr_reader :dependency, :dependency_files, :credentials
35
37
 
@@ -110,6 +112,7 @@ module Dependabot
110
112
  end
111
113
 
112
114
  # rubocop:disable Metrics/AbcSize
115
+ # rubocop:disable Metrics/PerceivedComplexity
113
116
  def handle_pip_compile_errors(error)
114
117
  if error.message.include?("Could not find a version")
115
118
  check_original_requirements_resolvable
@@ -143,9 +146,15 @@ module Dependabot
143
146
  end
144
147
 
145
148
  if error.message.match?(GIT_REFERENCE_NOT_FOUND_REGEX)
146
- name = error.message.match(GIT_REFERENCE_NOT_FOUND_REGEX).
147
- named_captures.fetch("name")
148
- raise GitDependencyReferenceNotFound, name
149
+ tag = error.message.match(GIT_REFERENCE_NOT_FOUND_REGEX).named_captures.fetch("tag")
150
+ constraints_section = error.message.split("Finding the best candidates:").first
151
+ egg_regex = /#{Regexp.escape(tag)}#egg=(#{PYTHON_PACKAGE_NAME_REGEX})/
152
+ name_match = constraints_section.scan(egg_regex)
153
+
154
+ # We can determine the name of the package from another part of the logger output if it has a unique tag
155
+ raise GitDependencyReferenceNotFound, name_match.first.first if name_match.length == 1
156
+
157
+ raise GitDependencyReferenceNotFound, "(unknown package at #{tag})"
149
158
  end
150
159
 
151
160
  if error.message.match?(GIT_DEPENDENCY_UNREACHABLE_REGEX)
@@ -156,8 +165,8 @@ module Dependabot
156
165
 
157
166
  raise
158
167
  end
159
-
160
168
  # rubocop:enable Metrics/AbcSize
169
+ # rubocop:enable Metrics/PerceivedComplexity
161
170
 
162
171
  # Needed because pip-compile's resolver isn't perfect.
163
172
  # Note: We raise errors from this method, rather than returning a
@@ -4,16 +4,18 @@ require "dependabot/utils"
4
4
  require "rubygems_version_patch"
5
5
 
6
6
  # Python versions can include a local version identifier, which Ruby can't
7
- # parser. This class augments Gem::Version with local version identifier info.
7
+ # parse. This class augments Gem::Version with local version identifier info.
8
8
  # See https://www.python.org/dev/peps/pep-0440 for details.
9
9
 
10
10
  module Dependabot
11
11
  module Python
12
12
  class Version < Gem::Version
13
+ attr_reader :epoch
13
14
  attr_reader :local_version
14
15
  attr_reader :post_release_version
15
16
 
16
- VERSION_PATTERN = 'v?[0-9]+[0-9a-zA-Z]*(?>\.[0-9a-zA-Z]+)*' \
17
+ # See https://peps.python.org/pep-0440/#appendix-b-parsing-version-strings-with-regular-expressions
18
+ VERSION_PATTERN = 'v?([1-9][0-9]*!)?[0-9]+[0-9a-zA-Z]*(?>\.[0-9a-zA-Z]+)*' \
17
19
  '(-[0-9A-Za-z-]+(\.[0-9a-zA-Z-]+)*)?' \
18
20
  '(\+[0-9a-zA-Z]+(\.[0-9a-zA-Z]+)*)?'
19
21
  ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/.freeze
@@ -29,6 +31,11 @@ module Dependabot
29
31
  version, @local_version = version.split("+")
30
32
  version ||= ""
31
33
  version = version.gsub(/^v/, "")
34
+ if version.include?("!")
35
+ @epoch, version = version.split("!")
36
+ else
37
+ @epoch = "0"
38
+ end
32
39
  version = normalise_prerelease(version)
33
40
  version, @post_release_version = version.split(/\.r(?=\d)/)
34
41
  version ||= ""
@@ -45,33 +52,37 @@ module Dependabot
45
52
  end
46
53
 
47
54
  def <=>(other)
48
- version_comparison = old_comp(other)
55
+ other = Version.new(other.to_s) unless other.is_a?(Python::Version)
56
+
57
+ epoch_comparison = epoch_comparison(other)
58
+ return epoch_comparison unless epoch_comparison.zero?
59
+
60
+ version_comparison = super(other)
49
61
  return version_comparison unless version_comparison.zero?
50
62
 
51
- return post_version_comparison(other) unless post_version_comparison(other).zero?
63
+ post_version_comparison = post_version_comparison(other)
64
+ return post_version_comparison unless post_version_comparison.zero?
52
65
 
53
66
  local_version_comparison(other)
54
67
  end
55
68
 
69
+ private
70
+
71
+ def epoch_comparison(other)
72
+ epoch.to_i <=> other.epoch.to_i
73
+ end
74
+
56
75
  def post_version_comparison(other)
57
- unless other.is_a?(Python::Version) && other.post_release_version
76
+ unless other.post_release_version
58
77
  return post_release_version.nil? ? 0 : 1
59
78
  end
60
79
 
61
80
  return -1 if post_release_version.nil?
62
81
 
63
- # Post release versions should only ever be a single number, so we can
64
- # just string-comparison them.
65
- return 0 if post_release_version.to_i == other.post_release_version.to_i
66
-
67
- post_release_version.to_i > other.post_release_version.to_i ? 1 : -1
82
+ post_release_version.to_i <=> other.post_release_version.to_i
68
83
  end
69
84
 
70
85
  def local_version_comparison(other)
71
- unless other.is_a?(Python::Version)
72
- return local_version.nil? ? 0 : 1
73
- end
74
-
75
86
  # Local version comparison works differently in Python: `1.0.beta`
76
87
  # compares as greater than `1.0`. To accommodate, we make the
77
88
  # strings the same length before comparing.
@@ -89,8 +100,6 @@ module Dependabot
89
100
  lhsegments.count <=> rhsegments.count
90
101
  end
91
102
 
92
- private
93
-
94
103
  def normalise_prerelease(version)
95
104
  # Python has reserved words for release states, which are treated
96
105
  # as equal (e.g., preview, pre and rc).
@@ -108,44 +117,6 @@ module Dependabot
108
117
  tr("-", ".").
109
118
  gsub(/(\d)([a-z])/i, '\1.\2')
110
119
  end
111
-
112
- # TODO: Delete this once we're using a version of Rubygems that includes
113
- # https://github.com/rubygems/rubygems/pull/2651
114
- #
115
- # rubocop:disable Metrics/PerceivedComplexity
116
- # rubocop:disable Style/CaseEquality
117
- # rubocop:disable Style/ParallelAssignment
118
- # rubocop:disable Style/RedundantReturn
119
- def old_comp(other)
120
- return unless Gem::Version === other
121
- return 0 if @version == other._version || canonical_segments == other.canonical_segments
122
-
123
- lhsegments = canonical_segments
124
- rhsegments = other.canonical_segments
125
-
126
- lhsize = lhsegments.size
127
- rhsize = rhsegments.size
128
- limit = (lhsize > rhsize ? lhsize : rhsize) - 1
129
-
130
- i = 0
131
-
132
- while i <= limit
133
- lhs, rhs = lhsegments[i] || 0, rhsegments[i] || 0
134
- i += 1
135
-
136
- next if lhs == rhs
137
- return -1 if String === lhs && Numeric === rhs
138
- return 1 if Numeric === lhs && String === rhs
139
-
140
- return lhs <=> rhs
141
- end
142
-
143
- return 0
144
- end
145
- # rubocop:enable Metrics/PerceivedComplexity
146
- # rubocop:enable Style/CaseEquality
147
- # rubocop:enable Style/ParallelAssignment
148
- # rubocop:enable Style/RedundantReturn
149
120
  end
150
121
  end
151
122
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.180.0
4
+ version: 0.180.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-03-18 00:00:00.000000000 Z
11
+ date: 2022-04-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.180.0
19
+ version: 0.180.3
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.180.0
26
+ version: 0.180.3
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -100,14 +100,14 @@ dependencies:
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: 1.23.0
103
+ version: 1.26.0
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: 1.23.0
110
+ version: 1.26.0
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: simplecov
113
113
  requirement: !ruby/object:Gem::Requirement