dependabot-python 0.189.0 → 0.191.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/requirements.txt +2 -2
- data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb +1 -0
- data/lib/dependabot/python/file_updater/poetry_file_updater.rb +8 -7
- data/lib/dependabot/python/file_updater/pyproject_preparer.rb +15 -43
- data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb +1 -0
- data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb +1 -0
- data/lib/dependabot/python/update_checker/poetry_version_resolver.rb +8 -8
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 150269043a3867fcb18117aa1d10218739fbc4c1012aac13f791aab02643d5b5
|
4
|
+
data.tar.gz: 0ac19e084fd83d7c6746745a4df2bedb7bb9b4e14784262559137a2bf395e29f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 642466d5f39522eb5e94c684dc577c6b2c9cfed14235ba9d9b592791c755d6164f315bffae3d0751a5f4338fe6285507eafd792cc098111d61a60f549bccb68f
|
7
|
+
data.tar.gz: 9cfefc6e1b85823611190fb357dac2bd29dd4b6bb523ae072293028388740919e43829adccb9a77d3215aa331098ae1d26f995bf61b84df15f2f92e6dbf7909b
|
data/helpers/requirements.txt
CHANGED
@@ -1,5 +1,5 @@
|
|
1
|
-
pip>=21.3.1 # Allow earlier versions to retain python 3.6 support
|
2
|
-
pip-tools>=6.4.0 # Allow earlier versions to retain python 3.6 support
|
1
|
+
pip>=21.3.1,<=22.1.1 # Allow earlier versions to retain python 3.6 support
|
2
|
+
pip-tools>=6.4.0,<=6.6.2 # Allow earlier versions to retain python 3.6 support
|
3
3
|
flake8==4.0.1
|
4
4
|
hashin==0.17.0
|
5
5
|
pipenv==2022.4.8
|
@@ -223,6 +223,7 @@ module Dependabot
|
|
223
223
|
return if run_command("pyenv versions").include?("#{python_version}\n")
|
224
224
|
|
225
225
|
run_command("pyenv install -s #{python_version}")
|
226
|
+
run_command("pyenv exec pip install --upgrade pip")
|
226
227
|
run_command("pyenv exec pip install -r "\
|
227
228
|
"#{NativeHelpers.python_requirements_path}")
|
228
229
|
end
|
@@ -105,7 +105,6 @@ module Dependabot
|
|
105
105
|
content = sanitize(content)
|
106
106
|
content = freeze_other_dependencies(content)
|
107
107
|
content = freeze_dependencies_being_updated(content)
|
108
|
-
content = add_private_sources(content)
|
109
108
|
content
|
110
109
|
end
|
111
110
|
end
|
@@ -150,12 +149,6 @@ module Dependabot
|
|
150
149
|
poetry_object[subdep_type][dependency.name] = dep.version
|
151
150
|
end
|
152
151
|
|
153
|
-
def add_private_sources(pyproject_content)
|
154
|
-
PyprojectPreparer.
|
155
|
-
new(pyproject_content: pyproject_content).
|
156
|
-
replace_sources(credentials)
|
157
|
-
end
|
158
|
-
|
159
152
|
def subdep_type
|
160
153
|
category =
|
161
154
|
TomlRB.parse(lockfile.content).fetch("package", []).
|
@@ -175,9 +168,11 @@ module Dependabot
|
|
175
168
|
SharedHelpers.in_a_temporary_directory do
|
176
169
|
SharedHelpers.with_git_configured(credentials: credentials) do
|
177
170
|
write_temporary_dependency_files(pyproject_content)
|
171
|
+
add_auth_env_vars
|
178
172
|
|
179
173
|
if python_version && !pre_installed_python?(python_version)
|
180
174
|
run_poetry_command("pyenv install -s #{python_version}")
|
175
|
+
run_poetry_command("pyenv exec pip install --upgrade pip")
|
181
176
|
run_poetry_command("pyenv exec pip install -r"\
|
182
177
|
"#{NativeHelpers.python_requirements_path}")
|
183
178
|
end
|
@@ -231,6 +226,12 @@ module Dependabot
|
|
231
226
|
File.write("pyproject.toml", pyproject_content)
|
232
227
|
end
|
233
228
|
|
229
|
+
def add_auth_env_vars
|
230
|
+
Python::FileUpdater::PyprojectPreparer.
|
231
|
+
new(pyproject_content: pyproject.content).
|
232
|
+
add_auth_env_vars(credentials)
|
233
|
+
end
|
234
|
+
|
234
235
|
def python_version
|
235
236
|
requirements = python_requirement_parser.user_specified_requirements
|
236
237
|
requirements = requirements.
|
@@ -18,24 +18,22 @@ module Dependabot
|
|
18
18
|
@lockfile = lockfile
|
19
19
|
end
|
20
20
|
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
21
|
+
# For hosted Dependabot token will be nil since the credentials aren't present.
|
22
|
+
# This is for those running Dependabot themselves and for dry-run.
|
23
|
+
def add_auth_env_vars(credentials)
|
24
|
+
TomlRB.parse(@pyproject_content).dig("tool", "poetry", "source")&.each do |source|
|
25
|
+
cred = credentials&.find { |c| c["index-url"] == source["url"] }
|
26
|
+
next unless cred
|
27
|
+
|
28
|
+
token = cred.fetch("token", nil)
|
29
|
+
next unless token && token.count(":") == 1
|
30
|
+
|
31
|
+
arr = token.split(":")
|
32
|
+
# https://python-poetry.org/docs/configuration/#using-environment-variables
|
33
|
+
name = source["name"]&.upcase&.gsub(/\W/, "_")
|
34
|
+
ENV["POETRY_HTTP_BASIC_#{name}_USERNAME"] = arr[0]
|
35
|
+
ENV["POETRY_HTTP_BASIC_#{name}_PASSWORD"] = arr[1]
|
34
36
|
end
|
35
|
-
|
36
|
-
poetry_object["source"] = sources_hash.values unless sources_hash.empty?
|
37
|
-
|
38
|
-
TomlRB.dump(pyproject_object)
|
39
37
|
end
|
40
38
|
|
41
39
|
def sanitize
|
@@ -97,32 +95,6 @@ module Dependabot
|
|
97
95
|
NameNormaliser.normalise(name)
|
98
96
|
end
|
99
97
|
|
100
|
-
def pyproject_sources
|
101
|
-
return @pyproject_sources if @pyproject_sources
|
102
|
-
|
103
|
-
pyproject_sources ||=
|
104
|
-
TomlRB.parse(pyproject_content).
|
105
|
-
dig("tool", "poetry", "source")
|
106
|
-
|
107
|
-
@pyproject_sources ||=
|
108
|
-
(pyproject_sources || []).
|
109
|
-
map { |h| h.dup.merge("url" => h["url"].gsub(%r{/*$}, "") + "/") }
|
110
|
-
end
|
111
|
-
|
112
|
-
def config_variable_sources(credentials)
|
113
|
-
@config_variable_sources ||=
|
114
|
-
credentials.
|
115
|
-
select { |cred| cred["type"] == "python_index" }.
|
116
|
-
map do |c|
|
117
|
-
{
|
118
|
-
"original_url" => c["index-url"],
|
119
|
-
"url" => AuthedUrlBuilder.authed_url(credential: c),
|
120
|
-
"name" => SecureRandom.hex[0..3],
|
121
|
-
"default" => c["replaces-base"]
|
122
|
-
}.compact
|
123
|
-
end
|
124
|
-
end
|
125
|
-
|
126
98
|
def parsed_lockfile
|
127
99
|
@parsed_lockfile ||= TomlRB.parse(lockfile.content)
|
128
100
|
end
|
@@ -313,6 +313,7 @@ module Dependabot
|
|
313
313
|
return if run_command("pyenv versions").include?("#{python_version}\n")
|
314
314
|
|
315
315
|
run_command("pyenv install -s #{python_version}")
|
316
|
+
run_command("pyenv exec pip install --upgrade pip")
|
316
317
|
run_command("pyenv exec pip install -r"\
|
317
318
|
"#{NativeHelpers.python_requirements_path}")
|
318
319
|
end
|
@@ -323,6 +323,7 @@ module Dependabot
|
|
323
323
|
|
324
324
|
requirements_path = NativeHelpers.python_requirements_path
|
325
325
|
run_command("pyenv install -s #{python_version}")
|
326
|
+
run_command("pyenv exec pip install --upgrade pip")
|
326
327
|
run_command("pyenv exec pip install -r "\
|
327
328
|
"#{requirements_path}")
|
328
329
|
end
|
@@ -76,9 +76,11 @@ module Dependabot
|
|
76
76
|
SharedHelpers.in_a_temporary_directory do
|
77
77
|
SharedHelpers.with_git_configured(credentials: credentials) do
|
78
78
|
write_temporary_dependency_files(updated_req: requirement)
|
79
|
+
add_auth_env_vars
|
79
80
|
|
80
81
|
if python_version && !pre_installed_python?(python_version)
|
81
82
|
run_poetry_command("pyenv install -s #{python_version}")
|
83
|
+
run_poetry_command("pyenv exec pip install --upgrade pip")
|
82
84
|
run_poetry_command(
|
83
85
|
"pyenv exec pip install -r "\
|
84
86
|
"#{NativeHelpers.python_requirements_path}"
|
@@ -194,6 +196,12 @@ module Dependabot
|
|
194
196
|
end
|
195
197
|
end
|
196
198
|
|
199
|
+
def add_auth_env_vars
|
200
|
+
Python::FileUpdater::PyprojectPreparer.
|
201
|
+
new(pyproject_content: pyproject.content).
|
202
|
+
add_auth_env_vars(credentials)
|
203
|
+
end
|
204
|
+
|
197
205
|
def python_version
|
198
206
|
requirements = python_requirement_parser.user_specified_requirements
|
199
207
|
requirements = requirements.
|
@@ -227,7 +235,6 @@ module Dependabot
|
|
227
235
|
def updated_pyproject_content(updated_requirement:)
|
228
236
|
content = pyproject.content
|
229
237
|
content = sanitize_pyproject_content(content)
|
230
|
-
content = add_private_sources(content)
|
231
238
|
content = freeze_other_dependencies(content)
|
232
239
|
content = set_target_dependency_req(content, updated_requirement)
|
233
240
|
content
|
@@ -236,7 +243,6 @@ module Dependabot
|
|
236
243
|
def sanitized_pyproject_content
|
237
244
|
content = pyproject.content
|
238
245
|
content = sanitize_pyproject_content(content)
|
239
|
-
content = add_private_sources(content)
|
240
246
|
content
|
241
247
|
end
|
242
248
|
|
@@ -246,12 +252,6 @@ module Dependabot
|
|
246
252
|
sanitize
|
247
253
|
end
|
248
254
|
|
249
|
-
def add_private_sources(pyproject_content)
|
250
|
-
Python::FileUpdater::PyprojectPreparer.
|
251
|
-
new(pyproject_content: pyproject_content).
|
252
|
-
replace_sources(credentials)
|
253
|
-
end
|
254
|
-
|
255
255
|
def freeze_other_dependencies(pyproject_content)
|
256
256
|
Python::FileUpdater::PyprojectPreparer.
|
257
257
|
new(pyproject_content: pyproject_content, lockfile: lockfile).
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-python
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.191.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-06-07 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.191.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.191.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debase
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|