dependabot-python 0.180.1 → 0.180.4
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 28ed10d7a31128ec65a3c4894d66472f1b4ac8d94e63514f1dcd7d8efa3ab1cd
|
4
|
+
data.tar.gz: b945f3293f3238862326a26d9c6b1b35a4570bac4c7fbd2c0c779631f4864f7b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f9673857f40bedec321b93621d1681d6d80375967502ea2343778630fd1c5a5c40c94a6218ebc644dfbead032e75ed81dc232f047dde66a06ac568dd36b554a3
|
7
|
+
data.tar.gz: eba64b2bdbddf52eb063a28504e589a84f481016ccba158f70c01f0e20662fd49efab242d4e0e569410fd1680a12369059c0d2cc33a4a5c3623430b5bbf3bcc6
|
data/helpers/requirements.txt
CHANGED
@@ -6,7 +6,7 @@ module Dependabot
|
|
6
6
|
NAME = /[a-zA-Z0-9](?:[a-zA-Z0-9\-_\.]*[a-zA-Z0-9])?/.freeze
|
7
7
|
EXTRA = /[a-zA-Z0-9\-_\.]+/.freeze
|
8
8
|
COMPARISON = /===|==|>=|<=|<|>|~=|!=/.freeze
|
9
|
-
VERSION = /[0-9]+[a-zA-Z0-9\-_
|
9
|
+
VERSION = /([1-9][0-9]*!)?[0-9]+[a-zA-Z0-9\-_.*]*(\+[0-9a-zA-Z]+(\.[0-9a-zA-Z]+)*)?/.
|
10
10
|
freeze
|
11
11
|
REQUIREMENT =
|
12
12
|
/(?<comparison>#{COMPARISON})\s*\\?\s*(?<version>#{VERSION})/.freeze
|
@@ -25,11 +25,13 @@ module Dependabot
|
|
25
25
|
# rubocop:disable Metrics/ClassLength
|
26
26
|
class PipCompileVersionResolver
|
27
27
|
GIT_DEPENDENCY_UNREACHABLE_REGEX =
|
28
|
-
/git clone --filter=blob:none
|
28
|
+
/git clone --filter=blob:none --quiet (?<url>[^\s]+).* /.freeze
|
29
29
|
GIT_REFERENCE_NOT_FOUND_REGEX =
|
30
|
-
/
|
30
|
+
/Did not find branch or tag '(?<tag>[^\n"]+)'/m.freeze
|
31
31
|
NATIVE_COMPILATION_ERROR =
|
32
32
|
"pip._internal.exceptions.InstallationSubprocessError: Command errored out with exit status 1:"
|
33
|
+
# See https://packaging.python.org/en/latest/tutorials/packaging-projects/#configuring-metadata
|
34
|
+
PYTHON_PACKAGE_NAME_REGEX = /[A-Za-z0-9_\-]+/.freeze
|
33
35
|
|
34
36
|
attr_reader :dependency, :dependency_files, :credentials
|
35
37
|
|
@@ -110,6 +112,7 @@ module Dependabot
|
|
110
112
|
end
|
111
113
|
|
112
114
|
# rubocop:disable Metrics/AbcSize
|
115
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
113
116
|
def handle_pip_compile_errors(error)
|
114
117
|
if error.message.include?("Could not find a version")
|
115
118
|
check_original_requirements_resolvable
|
@@ -143,9 +146,15 @@ module Dependabot
|
|
143
146
|
end
|
144
147
|
|
145
148
|
if error.message.match?(GIT_REFERENCE_NOT_FOUND_REGEX)
|
146
|
-
|
147
|
-
|
148
|
-
|
149
|
+
tag = error.message.match(GIT_REFERENCE_NOT_FOUND_REGEX).named_captures.fetch("tag")
|
150
|
+
constraints_section = error.message.split("Finding the best candidates:").first
|
151
|
+
egg_regex = /#{Regexp.escape(tag)}#egg=(#{PYTHON_PACKAGE_NAME_REGEX})/
|
152
|
+
name_match = constraints_section.scan(egg_regex)
|
153
|
+
|
154
|
+
# We can determine the name of the package from another part of the logger output if it has a unique tag
|
155
|
+
raise GitDependencyReferenceNotFound, name_match.first.first if name_match.length == 1
|
156
|
+
|
157
|
+
raise GitDependencyReferenceNotFound, "(unknown package at #{tag})"
|
149
158
|
end
|
150
159
|
|
151
160
|
if error.message.match?(GIT_DEPENDENCY_UNREACHABLE_REGEX)
|
@@ -156,8 +165,8 @@ module Dependabot
|
|
156
165
|
|
157
166
|
raise
|
158
167
|
end
|
159
|
-
|
160
168
|
# rubocop:enable Metrics/AbcSize
|
169
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
161
170
|
|
162
171
|
# Needed because pip-compile's resolver isn't perfect.
|
163
172
|
# Note: We raise errors from this method, rather than returning a
|
@@ -4,16 +4,18 @@ require "dependabot/utils"
|
|
4
4
|
require "rubygems_version_patch"
|
5
5
|
|
6
6
|
# Python versions can include a local version identifier, which Ruby can't
|
7
|
-
#
|
7
|
+
# parse. This class augments Gem::Version with local version identifier info.
|
8
8
|
# See https://www.python.org/dev/peps/pep-0440 for details.
|
9
9
|
|
10
10
|
module Dependabot
|
11
11
|
module Python
|
12
12
|
class Version < Gem::Version
|
13
|
+
attr_reader :epoch
|
13
14
|
attr_reader :local_version
|
14
15
|
attr_reader :post_release_version
|
15
16
|
|
16
|
-
|
17
|
+
# See https://peps.python.org/pep-0440/#appendix-b-parsing-version-strings-with-regular-expressions
|
18
|
+
VERSION_PATTERN = 'v?([1-9][0-9]*!)?[0-9]+[0-9a-zA-Z]*(?>\.[0-9a-zA-Z]+)*' \
|
17
19
|
'(-[0-9A-Za-z-]+(\.[0-9a-zA-Z-]+)*)?' \
|
18
20
|
'(\+[0-9a-zA-Z]+(\.[0-9a-zA-Z]+)*)?'
|
19
21
|
ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/.freeze
|
@@ -29,6 +31,11 @@ module Dependabot
|
|
29
31
|
version, @local_version = version.split("+")
|
30
32
|
version ||= ""
|
31
33
|
version = version.gsub(/^v/, "")
|
34
|
+
if version.include?("!")
|
35
|
+
@epoch, version = version.split("!")
|
36
|
+
else
|
37
|
+
@epoch = "0"
|
38
|
+
end
|
32
39
|
version = normalise_prerelease(version)
|
33
40
|
version, @post_release_version = version.split(/\.r(?=\d)/)
|
34
41
|
version ||= ""
|
@@ -45,33 +52,37 @@ module Dependabot
|
|
45
52
|
end
|
46
53
|
|
47
54
|
def <=>(other)
|
48
|
-
|
55
|
+
other = Version.new(other.to_s) unless other.is_a?(Python::Version)
|
56
|
+
|
57
|
+
epoch_comparison = epoch_comparison(other)
|
58
|
+
return epoch_comparison unless epoch_comparison.zero?
|
59
|
+
|
60
|
+
version_comparison = super(other)
|
49
61
|
return version_comparison unless version_comparison.zero?
|
50
62
|
|
51
|
-
|
63
|
+
post_version_comparison = post_version_comparison(other)
|
64
|
+
return post_version_comparison unless post_version_comparison.zero?
|
52
65
|
|
53
66
|
local_version_comparison(other)
|
54
67
|
end
|
55
68
|
|
69
|
+
private
|
70
|
+
|
71
|
+
def epoch_comparison(other)
|
72
|
+
epoch.to_i <=> other.epoch.to_i
|
73
|
+
end
|
74
|
+
|
56
75
|
def post_version_comparison(other)
|
57
|
-
unless other.
|
76
|
+
unless other.post_release_version
|
58
77
|
return post_release_version.nil? ? 0 : 1
|
59
78
|
end
|
60
79
|
|
61
80
|
return -1 if post_release_version.nil?
|
62
81
|
|
63
|
-
|
64
|
-
# just string-comparison them.
|
65
|
-
return 0 if post_release_version.to_i == other.post_release_version.to_i
|
66
|
-
|
67
|
-
post_release_version.to_i > other.post_release_version.to_i ? 1 : -1
|
82
|
+
post_release_version.to_i <=> other.post_release_version.to_i
|
68
83
|
end
|
69
84
|
|
70
85
|
def local_version_comparison(other)
|
71
|
-
unless other.is_a?(Python::Version)
|
72
|
-
return local_version.nil? ? 0 : 1
|
73
|
-
end
|
74
|
-
|
75
86
|
# Local version comparison works differently in Python: `1.0.beta`
|
76
87
|
# compares as greater than `1.0`. To accommodate, we make the
|
77
88
|
# strings the same length before comparing.
|
@@ -89,8 +100,6 @@ module Dependabot
|
|
89
100
|
lhsegments.count <=> rhsegments.count
|
90
101
|
end
|
91
102
|
|
92
|
-
private
|
93
|
-
|
94
103
|
def normalise_prerelease(version)
|
95
104
|
# Python has reserved words for release states, which are treated
|
96
105
|
# as equal (e.g., preview, pre and rc).
|
@@ -108,44 +117,6 @@ module Dependabot
|
|
108
117
|
tr("-", ".").
|
109
118
|
gsub(/(\d)([a-z])/i, '\1.\2')
|
110
119
|
end
|
111
|
-
|
112
|
-
# TODO: Delete this once we're using a version of Rubygems that includes
|
113
|
-
# https://github.com/rubygems/rubygems/pull/2651
|
114
|
-
#
|
115
|
-
# rubocop:disable Metrics/PerceivedComplexity
|
116
|
-
# rubocop:disable Style/CaseEquality
|
117
|
-
# rubocop:disable Style/ParallelAssignment
|
118
|
-
# rubocop:disable Style/RedundantReturn
|
119
|
-
def old_comp(other)
|
120
|
-
return unless Gem::Version === other
|
121
|
-
return 0 if @version == other._version || canonical_segments == other.canonical_segments
|
122
|
-
|
123
|
-
lhsegments = canonical_segments
|
124
|
-
rhsegments = other.canonical_segments
|
125
|
-
|
126
|
-
lhsize = lhsegments.size
|
127
|
-
rhsize = rhsegments.size
|
128
|
-
limit = (lhsize > rhsize ? lhsize : rhsize) - 1
|
129
|
-
|
130
|
-
i = 0
|
131
|
-
|
132
|
-
while i <= limit
|
133
|
-
lhs, rhs = lhsegments[i] || 0, rhsegments[i] || 0
|
134
|
-
i += 1
|
135
|
-
|
136
|
-
next if lhs == rhs
|
137
|
-
return -1 if String === lhs && Numeric === rhs
|
138
|
-
return 1 if Numeric === lhs && String === rhs
|
139
|
-
|
140
|
-
return lhs <=> rhs
|
141
|
-
end
|
142
|
-
|
143
|
-
return 0
|
144
|
-
end
|
145
|
-
# rubocop:enable Metrics/PerceivedComplexity
|
146
|
-
# rubocop:enable Style/CaseEquality
|
147
|
-
# rubocop:enable Style/ParallelAssignment
|
148
|
-
# rubocop:enable Style/RedundantReturn
|
149
120
|
end
|
150
121
|
end
|
151
122
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-python
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.180.
|
4
|
+
version: 0.180.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-04-06 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.180.
|
19
|
+
version: 0.180.4
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.180.
|
26
|
+
version: 0.180.4
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|