dependabot-python 0.189.0 → 0.191.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 5005a8ffff56a50b66f7d0b08bb6378624f551abfe59b1f6d2dfad60f0a316b8
4
- data.tar.gz: 8cd1aa115ba03a2a792b217bbf2062c0c0b60c94191ae42e3aaa2ccfd4e61239
3
+ metadata.gz: 150269043a3867fcb18117aa1d10218739fbc4c1012aac13f791aab02643d5b5
4
+ data.tar.gz: 0ac19e084fd83d7c6746745a4df2bedb7bb9b4e14784262559137a2bf395e29f
5
5
  SHA512:
6
- metadata.gz: a665adab3e2a259d5540b9b8d281135ff95dafa31073780a69aac199567d0f3d0369a0e58c96e0f21ba9a53eff867d7846236edca81f022ced2fcf6fa0ba415d
7
- data.tar.gz: eeaa000f63bb8d3d2c483398230497ceabea672c6aaa72b930b568c1f1aab7f7a462174817ca161ef5d3abb876a59859bbc1233953bf0bb771ea0798861efaeb
6
+ metadata.gz: 642466d5f39522eb5e94c684dc577c6b2c9cfed14235ba9d9b592791c755d6164f315bffae3d0751a5f4338fe6285507eafd792cc098111d61a60f549bccb68f
7
+ data.tar.gz: 9cfefc6e1b85823611190fb357dac2bd29dd4b6bb523ae072293028388740919e43829adccb9a77d3215aa331098ae1d26f995bf61b84df15f2f92e6dbf7909b
@@ -1,5 +1,5 @@
1
- pip>=21.3.1 # Allow earlier versions to retain python 3.6 support
2
- pip-tools>=6.4.0 # Allow earlier versions to retain python 3.6 support
1
+ pip>=21.3.1,<=22.1.1 # Allow earlier versions to retain python 3.6 support
2
+ pip-tools>=6.4.0,<=6.6.2 # Allow earlier versions to retain python 3.6 support
3
3
  flake8==4.0.1
4
4
  hashin==0.17.0
5
5
  pipenv==2022.4.8
@@ -223,6 +223,7 @@ module Dependabot
223
223
  return if run_command("pyenv versions").include?("#{python_version}\n")
224
224
 
225
225
  run_command("pyenv install -s #{python_version}")
226
+ run_command("pyenv exec pip install --upgrade pip")
226
227
  run_command("pyenv exec pip install -r "\
227
228
  "#{NativeHelpers.python_requirements_path}")
228
229
  end
@@ -105,7 +105,6 @@ module Dependabot
105
105
  content = sanitize(content)
106
106
  content = freeze_other_dependencies(content)
107
107
  content = freeze_dependencies_being_updated(content)
108
- content = add_private_sources(content)
109
108
  content
110
109
  end
111
110
  end
@@ -150,12 +149,6 @@ module Dependabot
150
149
  poetry_object[subdep_type][dependency.name] = dep.version
151
150
  end
152
151
 
153
- def add_private_sources(pyproject_content)
154
- PyprojectPreparer.
155
- new(pyproject_content: pyproject_content).
156
- replace_sources(credentials)
157
- end
158
-
159
152
  def subdep_type
160
153
  category =
161
154
  TomlRB.parse(lockfile.content).fetch("package", []).
@@ -175,9 +168,11 @@ module Dependabot
175
168
  SharedHelpers.in_a_temporary_directory do
176
169
  SharedHelpers.with_git_configured(credentials: credentials) do
177
170
  write_temporary_dependency_files(pyproject_content)
171
+ add_auth_env_vars
178
172
 
179
173
  if python_version && !pre_installed_python?(python_version)
180
174
  run_poetry_command("pyenv install -s #{python_version}")
175
+ run_poetry_command("pyenv exec pip install --upgrade pip")
181
176
  run_poetry_command("pyenv exec pip install -r"\
182
177
  "#{NativeHelpers.python_requirements_path}")
183
178
  end
@@ -231,6 +226,12 @@ module Dependabot
231
226
  File.write("pyproject.toml", pyproject_content)
232
227
  end
233
228
 
229
+ def add_auth_env_vars
230
+ Python::FileUpdater::PyprojectPreparer.
231
+ new(pyproject_content: pyproject.content).
232
+ add_auth_env_vars(credentials)
233
+ end
234
+
234
235
  def python_version
235
236
  requirements = python_requirement_parser.user_specified_requirements
236
237
  requirements = requirements.
@@ -18,24 +18,22 @@ module Dependabot
18
18
  @lockfile = lockfile
19
19
  end
20
20
 
21
- def replace_sources(credentials)
22
- pyproject_object = TomlRB.parse(pyproject_content)
23
- poetry_object = pyproject_object.fetch("tool").fetch("poetry")
24
-
25
- sources_hash = pyproject_sources.map { |source| [source["url"], source] }.to_h
26
-
27
- config_variable_sources(credentials).each do |source|
28
- if sources_hash.key?(source["original_url"])
29
- sources_hash[source["original_url"]]["url"] = source["url"]
30
- else
31
- source.delete("original_url")
32
- sources_hash[source["url"]] = source
33
- end
21
+ # For hosted Dependabot token will be nil since the credentials aren't present.
22
+ # This is for those running Dependabot themselves and for dry-run.
23
+ def add_auth_env_vars(credentials)
24
+ TomlRB.parse(@pyproject_content).dig("tool", "poetry", "source")&.each do |source|
25
+ cred = credentials&.find { |c| c["index-url"] == source["url"] }
26
+ next unless cred
27
+
28
+ token = cred.fetch("token", nil)
29
+ next unless token && token.count(":") == 1
30
+
31
+ arr = token.split(":")
32
+ # https://python-poetry.org/docs/configuration/#using-environment-variables
33
+ name = source["name"]&.upcase&.gsub(/\W/, "_")
34
+ ENV["POETRY_HTTP_BASIC_#{name}_USERNAME"] = arr[0]
35
+ ENV["POETRY_HTTP_BASIC_#{name}_PASSWORD"] = arr[1]
34
36
  end
35
-
36
- poetry_object["source"] = sources_hash.values unless sources_hash.empty?
37
-
38
- TomlRB.dump(pyproject_object)
39
37
  end
40
38
 
41
39
  def sanitize
@@ -97,32 +95,6 @@ module Dependabot
97
95
  NameNormaliser.normalise(name)
98
96
  end
99
97
 
100
- def pyproject_sources
101
- return @pyproject_sources if @pyproject_sources
102
-
103
- pyproject_sources ||=
104
- TomlRB.parse(pyproject_content).
105
- dig("tool", "poetry", "source")
106
-
107
- @pyproject_sources ||=
108
- (pyproject_sources || []).
109
- map { |h| h.dup.merge("url" => h["url"].gsub(%r{/*$}, "") + "/") }
110
- end
111
-
112
- def config_variable_sources(credentials)
113
- @config_variable_sources ||=
114
- credentials.
115
- select { |cred| cred["type"] == "python_index" }.
116
- map do |c|
117
- {
118
- "original_url" => c["index-url"],
119
- "url" => AuthedUrlBuilder.authed_url(credential: c),
120
- "name" => SecureRandom.hex[0..3],
121
- "default" => c["replaces-base"]
122
- }.compact
123
- end
124
- end
125
-
126
98
  def parsed_lockfile
127
99
  @parsed_lockfile ||= TomlRB.parse(lockfile.content)
128
100
  end
@@ -313,6 +313,7 @@ module Dependabot
313
313
  return if run_command("pyenv versions").include?("#{python_version}\n")
314
314
 
315
315
  run_command("pyenv install -s #{python_version}")
316
+ run_command("pyenv exec pip install --upgrade pip")
316
317
  run_command("pyenv exec pip install -r"\
317
318
  "#{NativeHelpers.python_requirements_path}")
318
319
  end
@@ -323,6 +323,7 @@ module Dependabot
323
323
 
324
324
  requirements_path = NativeHelpers.python_requirements_path
325
325
  run_command("pyenv install -s #{python_version}")
326
+ run_command("pyenv exec pip install --upgrade pip")
326
327
  run_command("pyenv exec pip install -r "\
327
328
  "#{requirements_path}")
328
329
  end
@@ -76,9 +76,11 @@ module Dependabot
76
76
  SharedHelpers.in_a_temporary_directory do
77
77
  SharedHelpers.with_git_configured(credentials: credentials) do
78
78
  write_temporary_dependency_files(updated_req: requirement)
79
+ add_auth_env_vars
79
80
 
80
81
  if python_version && !pre_installed_python?(python_version)
81
82
  run_poetry_command("pyenv install -s #{python_version}")
83
+ run_poetry_command("pyenv exec pip install --upgrade pip")
82
84
  run_poetry_command(
83
85
  "pyenv exec pip install -r "\
84
86
  "#{NativeHelpers.python_requirements_path}"
@@ -194,6 +196,12 @@ module Dependabot
194
196
  end
195
197
  end
196
198
 
199
+ def add_auth_env_vars
200
+ Python::FileUpdater::PyprojectPreparer.
201
+ new(pyproject_content: pyproject.content).
202
+ add_auth_env_vars(credentials)
203
+ end
204
+
197
205
  def python_version
198
206
  requirements = python_requirement_parser.user_specified_requirements
199
207
  requirements = requirements.
@@ -227,7 +235,6 @@ module Dependabot
227
235
  def updated_pyproject_content(updated_requirement:)
228
236
  content = pyproject.content
229
237
  content = sanitize_pyproject_content(content)
230
- content = add_private_sources(content)
231
238
  content = freeze_other_dependencies(content)
232
239
  content = set_target_dependency_req(content, updated_requirement)
233
240
  content
@@ -236,7 +243,6 @@ module Dependabot
236
243
  def sanitized_pyproject_content
237
244
  content = pyproject.content
238
245
  content = sanitize_pyproject_content(content)
239
- content = add_private_sources(content)
240
246
  content
241
247
  end
242
248
 
@@ -246,12 +252,6 @@ module Dependabot
246
252
  sanitize
247
253
  end
248
254
 
249
- def add_private_sources(pyproject_content)
250
- Python::FileUpdater::PyprojectPreparer.
251
- new(pyproject_content: pyproject_content).
252
- replace_sources(credentials)
253
- end
254
-
255
255
  def freeze_other_dependencies(pyproject_content)
256
256
  Python::FileUpdater::PyprojectPreparer.
257
257
  new(pyproject_content: pyproject_content, lockfile: lockfile).
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.189.0
4
+ version: 0.191.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-05-17 00:00:00.000000000 Z
11
+ date: 2022-06-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.189.0
19
+ version: 0.191.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.189.0
26
+ version: 0.191.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debase
29
29
  requirement: !ruby/object:Gem::Requirement