dependabot-python 0.198.0 → 0.201.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 941d0fac4b28e5144d4688da00937ed04fbcdfb1c113116e178a51c831b92fde
-  data.tar.gz: 89bbc2f136b6e5170628f689e355b0aa4411f90d92c1e3a2815ed5a04687f1e9
+  metadata.gz: 691608193e4e83233c5e6df04c3f7c81eb67d67d1ecdd0507f6be9521d9b1075
+  data.tar.gz: e9e88024c6696b0d106078ac8e6766ce8f20b098d8f0545ce4bb8de94245d33a
 SHA512:
-  metadata.gz: 9c5b8816596b35eb024f80c57bf9d96a66c59da8635835ac04d6acf6d30559be3b5c6510cb670bbe0c2196b56988ee2e1b9d1fd6a496970cc90aff1ef471555e
-  data.tar.gz: 568c28e3ff03fb48da4ae6799200021abe050dd7d28c163833ce879da00f95a55cd813a4516b0ee4a1976d0fc156220408d2efece7771c52b177d97378512654
+  metadata.gz: 77457b46061285262798c842528d341b8618d4fd7dac815da3d57b1054465f7beba288516b30bad4791b87df15abc4e8dfad8560b56e15ef278c393581e9850b
+  data.tar.gz: b027f54369922502281ae431ebc296a01e335a5b873df88ab0494690aaa44b98c4b3d0d677ba2d1556dc9d56dd7e7e75be1a9e375a5fd8245dbb0eec748eb89b

data/helpers/lib/parser.py

@@ -37,7 +37,7 @@ def parse_requirements(directory):
             )
             for parsed_req in requirements:
                 install_req = install_req_from_parsed_requirement(parsed_req)
-                if install_req.original_link:
+                if install_req.req is None:
                     continue
 
                 pattern = r"-[cr] (.*) \(line \d+\)"

data/lib/dependabot/python/file_fetcher.rb

@@ -290,7 +290,10 @@ module Dependabot
               fetch_submodules: true
             ).tap { |f| f.support_file = true }
           rescue Dependabot::DependencyFileNotFound
-            raise unless allow_pyproject
+            # For Poetry projects attempt to fetch a pyproject.toml at the
+            # given path instead of a setup.py. We do not require a
+            # setup.py to be present, so if none can be found, simply return
+            return [] unless allow_pyproject
 
             fetch_file_from_host(
               path.gsub("setup.py", "pyproject.toml"),

data/lib/dependabot/python/metadata_finder.rb

@@ -5,7 +5,7 @@ require "uri"
 
 require "dependabot/metadata_finders"
 require "dependabot/metadata_finders/base"
-require "dependabot/shared_helpers"
+require "dependabot/registry_client"
 require "dependabot/python/authed_url_builder"
 require "dependabot/python/name_normaliser"
 
@@ -65,11 +65,7 @@ module Dependabot
         @source_from_description ||=
           potential_source_urls.find do |url|
             full_url = Source.from_url(url).url
-            response = Excon.get(
-              full_url,
-              idempotent: true,
-              **SharedHelpers.excon_defaults
-            )
+            response = Dependabot::RegistryClient.get(url: full_url)
             next unless response.status == 200
 
             response.body.include?(normalised_dependency_name)
@@ -94,11 +90,7 @@ module Dependabot
         @source_from_homepage ||=
           potential_source_urls.find do |url|
             full_url = Source.from_url(url).url
-            response = Excon.get(
-              full_url,
-              idempotent: true,
-              **SharedHelpers.excon_defaults
-            )
+            response = Dependabot::RegistryClient.get(url: full_url)
             next unless response.status == 200
 
             response.body.include?(normalised_dependency_name)
@@ -116,11 +108,7 @@ module Dependabot
 
         @homepage_response ||=
           begin
-            Excon.get(
-              homepage_url,
-              idempotent: true,
-              **SharedHelpers.excon_defaults
-            )
+            Dependabot::RegistryClient.get(url: homepage_url)
           rescue Excon::Error::Timeout, Excon::Error::Socket,
                  Excon::Error::TooManyRedirects, ArgumentError
             nil
@@ -153,15 +141,15 @@ module Dependabot
            Regexp.last_match.captures[1].include?("@")
           protocol, user, pass, url = Regexp.last_match.captures
 
-          Excon.get(
-            "#{protocol}://#{url}",
-            user: user,
-            password: pass,
-            idempotent: true,
-            **SharedHelpers.excon_defaults
+          Dependabot::RegistryClient.get(
+            url: "#{protocol}://#{url}",
+            options: {
+              user: user,
+              password: pass
+            }
           )
         else
-          Excon.get(url, idempotent: true, **SharedHelpers.excon_defaults)
+          Dependabot::RegistryClient.get(url: url)
         end
       end
 

data/lib/dependabot/python/update_checker/latest_version_finder.rb

@@ -7,7 +7,7 @@ require "nokogiri"
 require "dependabot/dependency"
 require "dependabot/python/update_checker"
 require "dependabot/update_checkers/version_filters"
-require "dependabot/shared_helpers"
+require "dependabot/registry_client"
 require "dependabot/python/authed_url_builder"
 require "dependabot/python/name_normaliser"
 
@@ -214,18 +214,16 @@ module Dependabot
         end
 
         def registry_response_for_dependency(index_url)
-          Excon.get(
-            index_url + normalised_name + "/",
-            idempotent: true,
-            **SharedHelpers.excon_defaults(headers: { "Accept" => "text/html" })
+          Dependabot::RegistryClient.get(
+            url: index_url + normalised_name + "/",
+            headers: { "Accept" => "text/html" }
           )
         end
 
         def registry_index_response(index_url)
-          Excon.get(
-            index_url,
-            idempotent: true,
-            **SharedHelpers.excon_defaults(headers: { "Accept" => "text/html" })
+          Dependabot::RegistryClient.get(
+            url: index_url,
+            headers: { "Accept" => "text/html" }
           )
         end
 

data/lib/dependabot/python/update_checker.rb

@@ -6,7 +6,7 @@ require "toml-rb"
 require "dependabot/dependency"
 require "dependabot/update_checkers"
 require "dependabot/update_checkers/base"
-require "dependabot/shared_helpers"
+require "dependabot/registry_client"
 require "dependabot/errors"
 require "dependabot/python/requirement"
 require "dependabot/python/requirement_parser"
@@ -274,10 +274,8 @@ module Dependabot
         details = TomlRB.parse(pyproject.content).dig("tool", "poetry")
         return false unless details
 
-        index_response = Excon.get(
-          "https://pypi.org/pypi/#{normalised_name(details['name'])}/json/",
-          idempotent: true,
-          **SharedHelpers.excon_defaults
+        index_response = Dependabot::RegistryClient.get(
+          url: "https://pypi.org/pypi/#{normalised_name(details['name'])}/json/"
         )
 
         return false unless index_response.status == 200

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-python
 version: !ruby/object:Gem::Version
-  version: 0.198.0
+  version: 0.201.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-07-15 00:00:00.000000000 Z
+date: 2022-07-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.198.0
+        version: 0.201.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.198.0
+        version: 0.201.0
 - !ruby/object:Gem::Dependency
   name: debase
   requirement: !ruby/object:Gem::Requirement