dependabot-python 0.197.0 → 0.200.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/lib/parser.py +1 -1
  3. data/lib/dependabot/python/file_fetcher.rb +4 -1
  4. data/lib/dependabot/python/metadata_finder.rb +11 -23
  5. data/lib/dependabot/python/update_checker/latest_version_finder.rb +7 -9
  6. data/lib/dependabot/python/update_checker.rb +3 -5
  7. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 942b633bb536e1db742099aa6198a1c571779afd43178cc89de793de61c368f1
4
- data.tar.gz: f76a1116d377f0f664bbac363669e135057a13ab3e17c9754647ce7914ecf981
3
+ metadata.gz: 9be24501fe52b0392c0b01241a514cd91e507c3173fe52684560c018992100a8
4
+ data.tar.gz: 7dc9b31ded1ceb87f26fed68a3afa0ccda7afda77c7ddb778e15336cd5bba18d
5
5
  SHA512:
6
- metadata.gz: 6fdac7a0ef17c8888b28f041c29bf7caf6036e3065ff37a5b9ffbc255d16e5b59ea84919200317116696dad382477c177abc9f4e010997b02945a48070699154
7
- data.tar.gz: a1efbee21bd62eef7fbc4c426f9e782df083f032df9c8a6c125a176e82e63046bc9891283fb205f96345d84e876f2ce6ca39e1eb73d3d7af6efc86d8feab0607
6
+ metadata.gz: da30f75f6048e430cbd8054f33ebcc20c25927d9a67cafaee4c41ad53abea47628aa122cf4b371c2a8a6eacf2449ca5e20d5ef0b71711a45f56ace8e36077100
7
+ data.tar.gz: 172b3a2777c5e04a984570e74b012d0da5a84ee5fc594a2b2649f9ceb1d65ef8f3cbf5d978f3b1afac67ba38bcb63ae45d52cf3e4bf1de01013f5e812f26faf5
data/helpers/lib/parser.py CHANGED
@@ -37,7 +37,7 @@ def parse_requirements(directory):
37
37
  )
38
38
  for parsed_req in requirements:
39
39
  install_req = install_req_from_parsed_requirement(parsed_req)
40
- if install_req.original_link:
40
+ if install_req.req is None:
41
41
  continue
42
42
 
43
43
  pattern = r"-[cr] (.*) \(line \d+\)"
data/lib/dependabot/python/file_fetcher.rb CHANGED
@@ -290,7 +290,10 @@ module Dependabot
290
290
  fetch_submodules: true
291
291
  ).tap { |f| f.support_file = true }
292
292
  rescue Dependabot::DependencyFileNotFound
293
- raise unless allow_pyproject
293
+ # For Poetry projects attempt to fetch a pyproject.toml at the
294
+ # given path instead of a setup.py. We do not require a
295
+ # setup.py to be present, so if none can be found, simply return
296
+ return [] unless allow_pyproject
294
297
 
295
298
  fetch_file_from_host(
296
299
  path.gsub("setup.py", "pyproject.toml"),
data/lib/dependabot/python/metadata_finder.rb CHANGED
@@ -5,7 +5,7 @@ require "uri"
5
5
 
6
6
  require "dependabot/metadata_finders"
7
7
  require "dependabot/metadata_finders/base"
8
- require "dependabot/shared_helpers"
8
+ require "dependabot/registry_client"
9
9
  require "dependabot/python/authed_url_builder"
10
10
  require "dependabot/python/name_normaliser"
11
11
 
@@ -65,11 +65,7 @@ module Dependabot
65
65
  @source_from_description ||=
66
66
  potential_source_urls.find do |url|
67
67
  full_url = Source.from_url(url).url
68
- response = Excon.get(
69
- full_url,
70
- idempotent: true,
71
- **SharedHelpers.excon_defaults
72
- )
68
+ response = Dependabot::RegistryClient.get(url: full_url)
73
69
  next unless response.status == 200
74
70
 
75
71
  response.body.include?(normalised_dependency_name)
@@ -94,11 +90,7 @@ module Dependabot
94
90
  @source_from_homepage ||=
95
91
  potential_source_urls.find do |url|
96
92
  full_url = Source.from_url(url).url
97
- response = Excon.get(
98
- full_url,
99
- idempotent: true,
100
- **SharedHelpers.excon_defaults
101
- )
93
+ response = Dependabot::RegistryClient.get(url: full_url)
102
94
  next unless response.status == 200
103
95
 
104
96
  response.body.include?(normalised_dependency_name)
@@ -116,11 +108,7 @@ module Dependabot
116
108
 
117
109
  @homepage_response ||=
118
110
  begin
119
- Excon.get(
120
- homepage_url,
121
- idempotent: true,
122
- **SharedHelpers.excon_defaults
123
- )
111
+ Dependabot::RegistryClient.get(url: homepage_url)
124
112
  rescue Excon::Error::Timeout, Excon::Error::Socket,
125
113
  Excon::Error::TooManyRedirects, ArgumentError
126
114
  nil
@@ -153,15 +141,15 @@ module Dependabot
153
141
  Regexp.last_match.captures[1].include?("@")
154
142
  protocol, user, pass, url = Regexp.last_match.captures
155
143
 
156
- Excon.get(
157
- "#{protocol}://#{url}",
158
- user: user,
159
- password: pass,
160
- idempotent: true,
161
- **SharedHelpers.excon_defaults
144
+ Dependabot::RegistryClient.get(
145
+ url: "#{protocol}://#{url}",
146
+ options: {
147
+ user: user,
148
+ password: pass
149
+ }
162
150
  )
163
151
  else
164
- Excon.get(url, idempotent: true, **SharedHelpers.excon_defaults)
152
+ Dependabot::RegistryClient.get(url: url)
165
153
  end
166
154
  end
167
155
 
data/lib/dependabot/python/update_checker/latest_version_finder.rb CHANGED
@@ -7,7 +7,7 @@ require "nokogiri"
7
7
  require "dependabot/dependency"
8
8
  require "dependabot/python/update_checker"
9
9
  require "dependabot/update_checkers/version_filters"
10
- require "dependabot/shared_helpers"
10
+ require "dependabot/registry_client"
11
11
  require "dependabot/python/authed_url_builder"
12
12
  require "dependabot/python/name_normaliser"
13
13
 
@@ -214,18 +214,16 @@ module Dependabot
214
214
  end
215
215
 
216
216
  def registry_response_for_dependency(index_url)
217
- Excon.get(
218
- index_url + normalised_name + "/",
219
- idempotent: true,
220
- **SharedHelpers.excon_defaults(headers: { "Accept" => "text/html" })
217
+ Dependabot::RegistryClient.get(
218
+ url: index_url + normalised_name + "/",
219
+ headers: { "Accept" => "text/html" }
221
220
  )
222
221
  end
223
222
 
224
223
  def registry_index_response(index_url)
225
- Excon.get(
226
- index_url,
227
- idempotent: true,
228
- **SharedHelpers.excon_defaults(headers: { "Accept" => "text/html" })
224
+ Dependabot::RegistryClient.get(
225
+ url: index_url,
226
+ headers: { "Accept" => "text/html" }
229
227
  )
230
228
  end
231
229
 
data/lib/dependabot/python/update_checker.rb CHANGED
@@ -6,7 +6,7 @@ require "toml-rb"
6
6
  require "dependabot/dependency"
7
7
  require "dependabot/update_checkers"
8
8
  require "dependabot/update_checkers/base"
9
- require "dependabot/shared_helpers"
9
+ require "dependabot/registry_client"
10
10
  require "dependabot/errors"
11
11
  require "dependabot/python/requirement"
12
12
  require "dependabot/python/requirement_parser"
@@ -274,10 +274,8 @@ module Dependabot
274
274
  details = TomlRB.parse(pyproject.content).dig("tool", "poetry")
275
275
  return false unless details
276
276
 
277
- index_response = Excon.get(
278
- "https://pypi.org/pypi/#{normalised_name(details['name'])}/json/",
279
- idempotent: true,
280
- **SharedHelpers.excon_defaults
277
+ index_response = Dependabot::RegistryClient.get(
278
+ url: "https://pypi.org/pypi/#{normalised_name(details['name'])}/json/"
281
279
  )
282
280
 
283
281
  return false unless index_response.status == 200
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.197.0
4
+ version: 0.200.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-07-15 00:00:00.000000000 Z
11
+ date: 2022-07-21 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.197.0
19
+ version: 0.200.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.197.0
26
+ version: 0.200.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debase
29
29
  requirement: !ruby/object:Gem::Requirement