dependabot-python 0.197.0 → 0.200.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/lib/parser.py +1 -1
  3. data/lib/dependabot/python/file_fetcher.rb +4 -1
  4. data/lib/dependabot/python/metadata_finder.rb +11 -23
  5. data/lib/dependabot/python/update_checker/latest_version_finder.rb +7 -9
  6. data/lib/dependabot/python/update_checker.rb +3 -5
  7. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 942b633bb536e1db742099aa6198a1c571779afd43178cc89de793de61c368f1
4
- data.tar.gz: f76a1116d377f0f664bbac363669e135057a13ab3e17c9754647ce7914ecf981
3
+ metadata.gz: 9be24501fe52b0392c0b01241a514cd91e507c3173fe52684560c018992100a8
4
+ data.tar.gz: 7dc9b31ded1ceb87f26fed68a3afa0ccda7afda77c7ddb778e15336cd5bba18d
5
5
  SHA512:
6
- metadata.gz: 6fdac7a0ef17c8888b28f041c29bf7caf6036e3065ff37a5b9ffbc255d16e5b59ea84919200317116696dad382477c177abc9f4e010997b02945a48070699154
7
- data.tar.gz: a1efbee21bd62eef7fbc4c426f9e782df083f032df9c8a6c125a176e82e63046bc9891283fb205f96345d84e876f2ce6ca39e1eb73d3d7af6efc86d8feab0607
6
+ metadata.gz: da30f75f6048e430cbd8054f33ebcc20c25927d9a67cafaee4c41ad53abea47628aa122cf4b371c2a8a6eacf2449ca5e20d5ef0b71711a45f56ace8e36077100
7
+ data.tar.gz: 172b3a2777c5e04a984570e74b012d0da5a84ee5fc594a2b2649f9ceb1d65ef8f3cbf5d978f3b1afac67ba38bcb63ae45d52cf3e4bf1de01013f5e812f26faf5
data/helpers/lib/parser.py CHANGED
@@ -37,7 +37,7 @@ def parse_requirements(directory):
37
37
  )
38
38
  for parsed_req in requirements:
39
39
  install_req = install_req_from_parsed_requirement(parsed_req)
40
- if install_req.original_link:
40
+ if install_req.req is None:
41
41
  continue
42
42
 
43
43
  pattern = r"-[cr] (.*) \(line \d+\)"
data/lib/dependabot/python/file_fetcher.rb CHANGED
@@ -290,7 +290,10 @@ module Dependabot
290
290
  fetch_submodules: true
291
291
  ).tap { |f| f.support_file = true }
292
292
  rescue Dependabot::DependencyFileNotFound
293
- raise unless allow_pyproject
293
+ # For Poetry projects attempt to fetch a pyproject.toml at the
294
+ # given path instead of a setup.py. We do not require a
295
+ # setup.py to be present, so if none can be found, simply return
296
+ return [] unless allow_pyproject
294
297
 
295
298
  fetch_file_from_host(
296
299
  path.gsub("setup.py", "pyproject.toml"),
data/lib/dependabot/python/metadata_finder.rb CHANGED
@@ -5,7 +5,7 @@ require "uri"
5
5
 
6
6
  require "dependabot/metadata_finders"
7
7
  require "dependabot/metadata_finders/base"
8
- require "dependabot/shared_helpers"
8
+ require "dependabot/registry_client"
9
9
  require "dependabot/python/authed_url_builder"
10
10
  require "dependabot/python/name_normaliser"
11
11
 
@@ -65,11 +65,7 @@ module Dependabot
65
65
  @source_from_description ||=
66
66
  potential_source_urls.find do |url|
67
67
  full_url = Source.from_url(url).url
68
- response = Excon.get(
69
- full_url,
70
- idempotent: true,
71
- **SharedHelpers.excon_defaults
72
- )
68
+ response = Dependabot::RegistryClient.get(url: full_url)
73
69
  next unless response.status == 200
74
70
 
75
71
  response.body.include?(normalised_dependency_name)
@@ -94,11 +90,7 @@ module Dependabot
94
90
  @source_from_homepage ||=
95
91
  potential_source_urls.find do |url|
96
92
  full_url = Source.from_url(url).url
97
- response = Excon.get(
98
- full_url,
99
- idempotent: true,
100
- **SharedHelpers.excon_defaults
101
- )
93
+ response = Dependabot::RegistryClient.get(url: full_url)
102
94
  next unless response.status == 200
103
95
 
104
96
  response.body.include?(normalised_dependency_name)
@@ -116,11 +108,7 @@ module Dependabot
116
108
 
117
109
  @homepage_response ||=
118
110
  begin
119
- Excon.get(
120
- homepage_url,
121
- idempotent: true,
122
- **SharedHelpers.excon_defaults
123
- )
111
+ Dependabot::RegistryClient.get(url: homepage_url)
124
112
  rescue Excon::Error::Timeout, Excon::Error::Socket,
125
113
  Excon::Error::TooManyRedirects, ArgumentError
126
114
  nil
@@ -153,15 +141,15 @@ module Dependabot
153
141
  Regexp.last_match.captures[1].include?("@")
154
142
  protocol, user, pass, url = Regexp.last_match.captures
155
143
 
156
- Excon.get(
157
- "#{protocol}://#{url}",
158
- user: user,
159
- password: pass,
160
- idempotent: true,
161
- **SharedHelpers.excon_defaults
144
+ Dependabot::RegistryClient.get(
145
+ url: "#{protocol}://#{url}",
146
+ options: {
147
+ user: user,
148
+ password: pass
149
+ }
162
150
  )
163
151
  else
164
- Excon.get(url, idempotent: true, **SharedHelpers.excon_defaults)
152
+ Dependabot::RegistryClient.get(url: url)
165
153
  end
166
154
  end
167
155
 
data/lib/dependabot/python/update_checker/latest_version_finder.rb CHANGED
@@ -7,7 +7,7 @@ require "nokogiri"
7
7
  require "dependabot/dependency"
8
8
  require "dependabot/python/update_checker"
9
9
  require "dependabot/update_checkers/version_filters"
10
- require "dependabot/shared_helpers"
10
+ require "dependabot/registry_client"
11
11
  require "dependabot/python/authed_url_builder"
12
12
  require "dependabot/python/name_normaliser"
13
13
 
@@ -214,18 +214,16 @@ module Dependabot
214
214
  end
215
215
 
216
216
  def registry_response_for_dependency(index_url)
217
- Excon.get(
218
- index_url + normalised_name + "/",
219
- idempotent: true,
220
- **SharedHelpers.excon_defaults(headers: { "Accept" => "text/html" })
217
+ Dependabot::RegistryClient.get(
218
+ url: index_url + normalised_name + "/",
219
+ headers: { "Accept" => "text/html" }
221
220
  )
222
221
  end
223
222
 
224
223
  def registry_index_response(index_url)
225
- Excon.get(
226
- index_url,
227
- idempotent: true,
228
- **SharedHelpers.excon_defaults(headers: { "Accept" => "text/html" })
224
+ Dependabot::RegistryClient.get(
225
+ url: index_url,
226
+ headers: { "Accept" => "text/html" }
229
227
  )
230
228
  end
231
229
 
data/lib/dependabot/python/update_checker.rb CHANGED
@@ -6,7 +6,7 @@ require "toml-rb"
6
6
  require "dependabot/dependency"
7
7
  require "dependabot/update_checkers"
8
8
  require "dependabot/update_checkers/base"
9
- require "dependabot/shared_helpers"
9
+ require "dependabot/registry_client"
10
10
  require "dependabot/errors"
11
11
  require "dependabot/python/requirement"
12
12
  require "dependabot/python/requirement_parser"
@@ -274,10 +274,8 @@ module Dependabot
274
274
  details = TomlRB.parse(pyproject.content).dig("tool", "poetry")
275
275
  return false unless details
276
276
 
277
- index_response = Excon.get(
278
- "https://pypi.org/pypi/#{normalised_name(details['name'])}/json/",
279
- idempotent: true,
280
- **SharedHelpers.excon_defaults
277
+ index_response = Dependabot::RegistryClient.get(
278
+ url: "https://pypi.org/pypi/#{normalised_name(details['name'])}/json/"
281
279
  )
282
280
 
283
281
  return false unless index_response.status == 200
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.197.0
4
+ version: 0.200.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-07-15 00:00:00.000000000 Z
11
+ date: 2022-07-21 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.197.0
19
+ version: 0.200.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.197.0
26
+ version: 0.200.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debase
29
29
  requirement: !ruby/object:Gem::Requirement