dependabot-python 0.189.0 → 0.191.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/helpers/requirements.txt +2 -2
- data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb +1 -0
- data/lib/dependabot/python/file_updater/poetry_file_updater.rb +8 -7
- data/lib/dependabot/python/file_updater/pyproject_preparer.rb +15 -43
- data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb +1 -0
- data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb +1 -0
- data/lib/dependabot/python/update_checker/poetry_version_resolver.rb +8 -8
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 150269043a3867fcb18117aa1d10218739fbc4c1012aac13f791aab02643d5b5
|
|
4
|
+
data.tar.gz: 0ac19e084fd83d7c6746745a4df2bedb7bb9b4e14784262559137a2bf395e29f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 642466d5f39522eb5e94c684dc577c6b2c9cfed14235ba9d9b592791c755d6164f315bffae3d0751a5f4338fe6285507eafd792cc098111d61a60f549bccb68f
|
|
7
|
+
data.tar.gz: 9cfefc6e1b85823611190fb357dac2bd29dd4b6bb523ae072293028388740919e43829adccb9a77d3215aa331098ae1d26f995bf61b84df15f2f92e6dbf7909b
|
data/helpers/requirements.txt
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
pip>=21.3.1 # Allow earlier versions to retain python 3.6 support
|
|
2
|
-
pip-tools>=6.4.0 # Allow earlier versions to retain python 3.6 support
|
|
1
|
+
pip>=21.3.1,<=22.1.1 # Allow earlier versions to retain python 3.6 support
|
|
2
|
+
pip-tools>=6.4.0,<=6.6.2 # Allow earlier versions to retain python 3.6 support
|
|
3
3
|
flake8==4.0.1
|
|
4
4
|
hashin==0.17.0
|
|
5
5
|
pipenv==2022.4.8
|
|
@@ -223,6 +223,7 @@ module Dependabot
|
|
|
223
223
|
return if run_command("pyenv versions").include?("#{python_version}\n")
|
|
224
224
|
|
|
225
225
|
run_command("pyenv install -s #{python_version}")
|
|
226
|
+
run_command("pyenv exec pip install --upgrade pip")
|
|
226
227
|
run_command("pyenv exec pip install -r "\
|
|
227
228
|
"#{NativeHelpers.python_requirements_path}")
|
|
228
229
|
end
|
|
@@ -105,7 +105,6 @@ module Dependabot
|
|
|
105
105
|
content = sanitize(content)
|
|
106
106
|
content = freeze_other_dependencies(content)
|
|
107
107
|
content = freeze_dependencies_being_updated(content)
|
|
108
|
-
content = add_private_sources(content)
|
|
109
108
|
content
|
|
110
109
|
end
|
|
111
110
|
end
|
|
@@ -150,12 +149,6 @@ module Dependabot
|
|
|
150
149
|
poetry_object[subdep_type][dependency.name] = dep.version
|
|
151
150
|
end
|
|
152
151
|
|
|
153
|
-
def add_private_sources(pyproject_content)
|
|
154
|
-
PyprojectPreparer.
|
|
155
|
-
new(pyproject_content: pyproject_content).
|
|
156
|
-
replace_sources(credentials)
|
|
157
|
-
end
|
|
158
|
-
|
|
159
152
|
def subdep_type
|
|
160
153
|
category =
|
|
161
154
|
TomlRB.parse(lockfile.content).fetch("package", []).
|
|
@@ -175,9 +168,11 @@ module Dependabot
|
|
|
175
168
|
SharedHelpers.in_a_temporary_directory do
|
|
176
169
|
SharedHelpers.with_git_configured(credentials: credentials) do
|
|
177
170
|
write_temporary_dependency_files(pyproject_content)
|
|
171
|
+
add_auth_env_vars
|
|
178
172
|
|
|
179
173
|
if python_version && !pre_installed_python?(python_version)
|
|
180
174
|
run_poetry_command("pyenv install -s #{python_version}")
|
|
175
|
+
run_poetry_command("pyenv exec pip install --upgrade pip")
|
|
181
176
|
run_poetry_command("pyenv exec pip install -r"\
|
|
182
177
|
"#{NativeHelpers.python_requirements_path}")
|
|
183
178
|
end
|
|
@@ -231,6 +226,12 @@ module Dependabot
|
|
|
231
226
|
File.write("pyproject.toml", pyproject_content)
|
|
232
227
|
end
|
|
233
228
|
|
|
229
|
+
def add_auth_env_vars
|
|
230
|
+
Python::FileUpdater::PyprojectPreparer.
|
|
231
|
+
new(pyproject_content: pyproject.content).
|
|
232
|
+
add_auth_env_vars(credentials)
|
|
233
|
+
end
|
|
234
|
+
|
|
234
235
|
def python_version
|
|
235
236
|
requirements = python_requirement_parser.user_specified_requirements
|
|
236
237
|
requirements = requirements.
|
|
@@ -18,24 +18,22 @@ module Dependabot
|
|
|
18
18
|
@lockfile = lockfile
|
|
19
19
|
end
|
|
20
20
|
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
21
|
+
# For hosted Dependabot token will be nil since the credentials aren't present.
|
|
22
|
+
# This is for those running Dependabot themselves and for dry-run.
|
|
23
|
+
def add_auth_env_vars(credentials)
|
|
24
|
+
TomlRB.parse(@pyproject_content).dig("tool", "poetry", "source")&.each do |source|
|
|
25
|
+
cred = credentials&.find { |c| c["index-url"] == source["url"] }
|
|
26
|
+
next unless cred
|
|
27
|
+
|
|
28
|
+
token = cred.fetch("token", nil)
|
|
29
|
+
next unless token && token.count(":") == 1
|
|
30
|
+
|
|
31
|
+
arr = token.split(":")
|
|
32
|
+
# https://python-poetry.org/docs/configuration/#using-environment-variables
|
|
33
|
+
name = source["name"]&.upcase&.gsub(/\W/, "_")
|
|
34
|
+
ENV["POETRY_HTTP_BASIC_#{name}_USERNAME"] = arr[0]
|
|
35
|
+
ENV["POETRY_HTTP_BASIC_#{name}_PASSWORD"] = arr[1]
|
|
34
36
|
end
|
|
35
|
-
|
|
36
|
-
poetry_object["source"] = sources_hash.values unless sources_hash.empty?
|
|
37
|
-
|
|
38
|
-
TomlRB.dump(pyproject_object)
|
|
39
37
|
end
|
|
40
38
|
|
|
41
39
|
def sanitize
|
|
@@ -97,32 +95,6 @@ module Dependabot
|
|
|
97
95
|
NameNormaliser.normalise(name)
|
|
98
96
|
end
|
|
99
97
|
|
|
100
|
-
def pyproject_sources
|
|
101
|
-
return @pyproject_sources if @pyproject_sources
|
|
102
|
-
|
|
103
|
-
pyproject_sources ||=
|
|
104
|
-
TomlRB.parse(pyproject_content).
|
|
105
|
-
dig("tool", "poetry", "source")
|
|
106
|
-
|
|
107
|
-
@pyproject_sources ||=
|
|
108
|
-
(pyproject_sources || []).
|
|
109
|
-
map { |h| h.dup.merge("url" => h["url"].gsub(%r{/*$}, "") + "/") }
|
|
110
|
-
end
|
|
111
|
-
|
|
112
|
-
def config_variable_sources(credentials)
|
|
113
|
-
@config_variable_sources ||=
|
|
114
|
-
credentials.
|
|
115
|
-
select { |cred| cred["type"] == "python_index" }.
|
|
116
|
-
map do |c|
|
|
117
|
-
{
|
|
118
|
-
"original_url" => c["index-url"],
|
|
119
|
-
"url" => AuthedUrlBuilder.authed_url(credential: c),
|
|
120
|
-
"name" => SecureRandom.hex[0..3],
|
|
121
|
-
"default" => c["replaces-base"]
|
|
122
|
-
}.compact
|
|
123
|
-
end
|
|
124
|
-
end
|
|
125
|
-
|
|
126
98
|
def parsed_lockfile
|
|
127
99
|
@parsed_lockfile ||= TomlRB.parse(lockfile.content)
|
|
128
100
|
end
|
|
@@ -313,6 +313,7 @@ module Dependabot
|
|
|
313
313
|
return if run_command("pyenv versions").include?("#{python_version}\n")
|
|
314
314
|
|
|
315
315
|
run_command("pyenv install -s #{python_version}")
|
|
316
|
+
run_command("pyenv exec pip install --upgrade pip")
|
|
316
317
|
run_command("pyenv exec pip install -r"\
|
|
317
318
|
"#{NativeHelpers.python_requirements_path}")
|
|
318
319
|
end
|
|
@@ -323,6 +323,7 @@ module Dependabot
|
|
|
323
323
|
|
|
324
324
|
requirements_path = NativeHelpers.python_requirements_path
|
|
325
325
|
run_command("pyenv install -s #{python_version}")
|
|
326
|
+
run_command("pyenv exec pip install --upgrade pip")
|
|
326
327
|
run_command("pyenv exec pip install -r "\
|
|
327
328
|
"#{requirements_path}")
|
|
328
329
|
end
|
|
@@ -76,9 +76,11 @@ module Dependabot
|
|
|
76
76
|
SharedHelpers.in_a_temporary_directory do
|
|
77
77
|
SharedHelpers.with_git_configured(credentials: credentials) do
|
|
78
78
|
write_temporary_dependency_files(updated_req: requirement)
|
|
79
|
+
add_auth_env_vars
|
|
79
80
|
|
|
80
81
|
if python_version && !pre_installed_python?(python_version)
|
|
81
82
|
run_poetry_command("pyenv install -s #{python_version}")
|
|
83
|
+
run_poetry_command("pyenv exec pip install --upgrade pip")
|
|
82
84
|
run_poetry_command(
|
|
83
85
|
"pyenv exec pip install -r "\
|
|
84
86
|
"#{NativeHelpers.python_requirements_path}"
|
|
@@ -194,6 +196,12 @@ module Dependabot
|
|
|
194
196
|
end
|
|
195
197
|
end
|
|
196
198
|
|
|
199
|
+
def add_auth_env_vars
|
|
200
|
+
Python::FileUpdater::PyprojectPreparer.
|
|
201
|
+
new(pyproject_content: pyproject.content).
|
|
202
|
+
add_auth_env_vars(credentials)
|
|
203
|
+
end
|
|
204
|
+
|
|
197
205
|
def python_version
|
|
198
206
|
requirements = python_requirement_parser.user_specified_requirements
|
|
199
207
|
requirements = requirements.
|
|
@@ -227,7 +235,6 @@ module Dependabot
|
|
|
227
235
|
def updated_pyproject_content(updated_requirement:)
|
|
228
236
|
content = pyproject.content
|
|
229
237
|
content = sanitize_pyproject_content(content)
|
|
230
|
-
content = add_private_sources(content)
|
|
231
238
|
content = freeze_other_dependencies(content)
|
|
232
239
|
content = set_target_dependency_req(content, updated_requirement)
|
|
233
240
|
content
|
|
@@ -236,7 +243,6 @@ module Dependabot
|
|
|
236
243
|
def sanitized_pyproject_content
|
|
237
244
|
content = pyproject.content
|
|
238
245
|
content = sanitize_pyproject_content(content)
|
|
239
|
-
content = add_private_sources(content)
|
|
240
246
|
content
|
|
241
247
|
end
|
|
242
248
|
|
|
@@ -246,12 +252,6 @@ module Dependabot
|
|
|
246
252
|
sanitize
|
|
247
253
|
end
|
|
248
254
|
|
|
249
|
-
def add_private_sources(pyproject_content)
|
|
250
|
-
Python::FileUpdater::PyprojectPreparer.
|
|
251
|
-
new(pyproject_content: pyproject_content).
|
|
252
|
-
replace_sources(credentials)
|
|
253
|
-
end
|
|
254
|
-
|
|
255
255
|
def freeze_other_dependencies(pyproject_content)
|
|
256
256
|
Python::FileUpdater::PyprojectPreparer.
|
|
257
257
|
new(pyproject_content: pyproject_content, lockfile: lockfile).
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-python
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.191.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-06-07 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.191.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.191.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debase
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|