dependabot-python 0.214.0 → 0.215.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/helpers/requirements.txt +1 -1
- data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb +33 -11
- data/lib/dependabot/python/file_updater/poetry_file_updater.rb +8 -4
- data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb +31 -7
- data/lib/dependabot/python/update_checker/poetry_version_resolver.rb +9 -5
- data/lib/dependabot/python/update_checker.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: bb146c09fb17142425be804da23abdf95e938a9c8e70c8b95697ebdbc55f89c3
|
|
4
|
+
data.tar.gz: d0b61ca9973b582448c78edecb798b500806b6eb5805f7236ae87703255ad953
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e023894b96f723c3cf3d812a959b35f9a1d9de5b33981c2090af0b0ba259376e83f5dc728cd3e06c5f3aceb39c6ce1181e6ed8eb10d8d1d0a9e0e216698a24fa
|
|
7
|
+
data.tar.gz: bfeafe03ba027242f9a1327f1aee036768ea693cffb08e485062879829109f956dcd8b77b7a24c3bde2eb289b50d9b57717216a199e107df221c8a391de8ecea
|
data/helpers/requirements.txt
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
pip>=21.3.1,<22.4.0 # Range maintains py36 support TODO: Review python 3.6 support in April 2023 (eol ubuntu 18.04)
|
|
2
|
-
pip-tools>=6.4.0,<6.
|
|
2
|
+
pip-tools>=6.4.0,<6.11.1 # Range maintains py36 support TODO: Review python 3.6 support in April 2023 (eol ubuntu 18.04)
|
|
3
3
|
flake8==5.0.4
|
|
4
4
|
hashin==0.17.0
|
|
5
5
|
pipenv==2022.4.8
|
|
@@ -71,15 +71,25 @@ module Dependabot
|
|
|
71
71
|
filenames_to_compile.each do |filename|
|
|
72
72
|
# Shell out to pip-compile, generate a new set of requirements.
|
|
73
73
|
# This is slow, as pip-compile needs to do installs.
|
|
74
|
+
options = pip_compile_options(filename)
|
|
75
|
+
options_fingerprint = pip_compile_options_fingerprint(options)
|
|
76
|
+
|
|
74
77
|
name_part = "pyenv exec pip-compile " \
|
|
75
|
-
"#{
|
|
78
|
+
"#{options} -P " \
|
|
76
79
|
"#{dependency.name}"
|
|
80
|
+
fingerprint_name_part = "pyenv exec pip-compile " \
|
|
81
|
+
"#{options_fingerprint} -P " \
|
|
82
|
+
"<dependency_name>"
|
|
83
|
+
|
|
77
84
|
version_part = "#{dependency.version} #{filename}"
|
|
85
|
+
fingerprint_version_part = "<dependency_version> <filename>"
|
|
86
|
+
|
|
78
87
|
# Don't escape pyenv `dep-name==version` syntax
|
|
79
88
|
run_pip_compile_command(
|
|
80
89
|
"#{SharedHelpers.escape_command(name_part)}==" \
|
|
81
90
|
"#{SharedHelpers.escape_command(version_part)}",
|
|
82
|
-
allow_unsafe_shell_command: true
|
|
91
|
+
allow_unsafe_shell_command: true,
|
|
92
|
+
fingerprint: "#{fingerprint_name_part}==#{fingerprint_version_part}"
|
|
83
93
|
)
|
|
84
94
|
end
|
|
85
95
|
|
|
@@ -137,7 +147,7 @@ module Dependabot
|
|
|
137
147
|
).updated_dependency_files
|
|
138
148
|
end
|
|
139
149
|
|
|
140
|
-
def run_command(cmd, env: python_env, allow_unsafe_shell_command: false)
|
|
150
|
+
def run_command(cmd, env: python_env, allow_unsafe_shell_command: false, fingerprint:)
|
|
141
151
|
start = Time.now
|
|
142
152
|
command = if allow_unsafe_shell_command
|
|
143
153
|
cmd
|
|
@@ -149,10 +159,6 @@ module Dependabot
|
|
|
149
159
|
|
|
150
160
|
return stdout if process.success?
|
|
151
161
|
|
|
152
|
-
handle_pip_errors(stdout, command, time_taken, process.to_s)
|
|
153
|
-
end
|
|
154
|
-
|
|
155
|
-
def handle_pip_errors(stdout, command, time_taken, exit_value)
|
|
156
162
|
if stdout.match?(INCOMPATIBLE_VERSIONS_REGEX)
|
|
157
163
|
raise DependencyFileNotResolvable, stdout.match(INCOMPATIBLE_VERSIONS_REGEX)
|
|
158
164
|
end
|
|
@@ -161,17 +167,23 @@ module Dependabot
|
|
|
161
167
|
message: stdout,
|
|
162
168
|
error_context: {
|
|
163
169
|
command: command,
|
|
170
|
+
fingerprint: fingerprint,
|
|
164
171
|
time_taken: time_taken,
|
|
165
|
-
process_exit_value:
|
|
172
|
+
process_exit_value: process.to_s
|
|
166
173
|
}
|
|
167
174
|
)
|
|
168
175
|
end
|
|
169
176
|
|
|
170
|
-
def run_pip_compile_command(command, allow_unsafe_shell_command: false)
|
|
171
|
-
run_command(
|
|
177
|
+
def run_pip_compile_command(command, allow_unsafe_shell_command: false, fingerprint:)
|
|
178
|
+
run_command(
|
|
179
|
+
"pyenv local #{Helpers.python_major_minor(python_version)}",
|
|
180
|
+
fingerprint: "pyenv local <python_major_minor>"
|
|
181
|
+
)
|
|
182
|
+
|
|
172
183
|
run_command(
|
|
173
184
|
command,
|
|
174
|
-
allow_unsafe_shell_command: allow_unsafe_shell_command
|
|
185
|
+
allow_unsafe_shell_command: allow_unsafe_shell_command,
|
|
186
|
+
fingerprint: fingerprint
|
|
175
187
|
)
|
|
176
188
|
end
|
|
177
189
|
|
|
@@ -391,6 +403,16 @@ module Dependabot
|
|
|
391
403
|
current_separator || default_separator
|
|
392
404
|
end
|
|
393
405
|
|
|
406
|
+
def pip_compile_options_fingerprint(options)
|
|
407
|
+
options.sub(
|
|
408
|
+
/--output-file=\S+/, "--output-file=<output_file>"
|
|
409
|
+
).sub(
|
|
410
|
+
/--index-url=\S+/, "--index-url=<index_url>"
|
|
411
|
+
).sub(
|
|
412
|
+
/--extra-index-url=\S+/, "--extra-index-url=<extra_index_url>"
|
|
413
|
+
)
|
|
414
|
+
end
|
|
415
|
+
|
|
394
416
|
def pip_compile_options(filename)
|
|
395
417
|
options = ["--build-isolation"]
|
|
396
418
|
options += pip_compile_index_options
|
|
@@ -185,7 +185,7 @@ module Dependabot
|
|
|
185
185
|
run_poetry_command("pyenv exec poetry config experimental.system-git-client true")
|
|
186
186
|
end
|
|
187
187
|
|
|
188
|
-
|
|
188
|
+
run_poetry_update_command
|
|
189
189
|
|
|
190
190
|
return File.read("poetry.lock") if File.exist?("poetry.lock")
|
|
191
191
|
|
|
@@ -196,11 +196,14 @@ module Dependabot
|
|
|
196
196
|
|
|
197
197
|
# Using `--lock` avoids doing an install.
|
|
198
198
|
# Using `--no-interaction` avoids asking for passwords.
|
|
199
|
-
def
|
|
200
|
-
|
|
199
|
+
def run_poetry_update_command
|
|
200
|
+
run_poetry_command(
|
|
201
|
+
"pyenv exec poetry update #{dependency.name} --lock --no-interaction",
|
|
202
|
+
fingerprint: "pyenv exec poetry update <dependency_name> --lock --no-interaction"
|
|
203
|
+
)
|
|
201
204
|
end
|
|
202
205
|
|
|
203
|
-
def run_poetry_command(command)
|
|
206
|
+
def run_poetry_command(command, fingerprint: nil)
|
|
204
207
|
start = Time.now
|
|
205
208
|
command = SharedHelpers.escape_command(command)
|
|
206
209
|
stdout, process = Open3.capture2e(command)
|
|
@@ -214,6 +217,7 @@ module Dependabot
|
|
|
214
217
|
message: stdout,
|
|
215
218
|
error_context: {
|
|
216
219
|
command: command,
|
|
220
|
+
fingerprint: fingerprint,
|
|
217
221
|
time_taken: time_taken,
|
|
218
222
|
process_exit_value: process.to_s
|
|
219
223
|
}
|
|
@@ -76,8 +76,12 @@ module Dependabot
|
|
|
76
76
|
filenames_to_compile.each do |filename|
|
|
77
77
|
# Shell out to pip-compile.
|
|
78
78
|
# This is slow, as pip-compile needs to do installs.
|
|
79
|
+
options = pip_compile_options(filename)
|
|
80
|
+
options_fingerprint = pip_compile_options_fingerprint(options)
|
|
81
|
+
|
|
79
82
|
run_pip_compile_command(
|
|
80
|
-
"pyenv exec pip-compile -v #{
|
|
83
|
+
"pyenv exec pip-compile -v #{options} -P #{dependency.name} #{filename}",
|
|
84
|
+
fingerprint: "pyenv exec pip-compile -v #{options_fingerprint} -P <dependency_name> <filename>"
|
|
81
85
|
)
|
|
82
86
|
|
|
83
87
|
next if dependency.top_level?
|
|
@@ -91,7 +95,8 @@ module Dependabot
|
|
|
91
95
|
# update_not_possible.
|
|
92
96
|
write_original_manifest_files
|
|
93
97
|
run_pip_compile_command(
|
|
94
|
-
"pyenv exec pip-compile #{
|
|
98
|
+
"pyenv exec pip-compile #{options} #{filename}",
|
|
99
|
+
fingerprint: "pyenv exec pip-compile #{options_fingerprint} <filename>"
|
|
95
100
|
)
|
|
96
101
|
end
|
|
97
102
|
|
|
@@ -183,8 +188,12 @@ module Dependabot
|
|
|
183
188
|
write_temporary_dependency_files(update_requirement: false)
|
|
184
189
|
|
|
185
190
|
filenames_to_compile.each do |filename|
|
|
191
|
+
options = pip_compile_options(filename)
|
|
192
|
+
options_fingerprint = pip_compile_options_fingerprint(options)
|
|
193
|
+
|
|
186
194
|
run_pip_compile_command(
|
|
187
|
-
"pyenv exec pip-compile #{
|
|
195
|
+
"pyenv exec pip-compile #{options} #{filename}",
|
|
196
|
+
fingerprint: "pyenv exec pip-compile #{options_fingerprint} <filename>"
|
|
188
197
|
)
|
|
189
198
|
end
|
|
190
199
|
|
|
@@ -204,7 +213,7 @@ module Dependabot
|
|
|
204
213
|
end
|
|
205
214
|
end
|
|
206
215
|
|
|
207
|
-
def run_command(command, env: python_env)
|
|
216
|
+
def run_command(command, env: python_env, fingerprint:)
|
|
208
217
|
start = Time.now
|
|
209
218
|
command = SharedHelpers.escape_command(command)
|
|
210
219
|
stdout, process = Open3.capture2e(env, command)
|
|
@@ -216,6 +225,7 @@ module Dependabot
|
|
|
216
225
|
message: stdout,
|
|
217
226
|
error_context: {
|
|
218
227
|
command: command,
|
|
228
|
+
fingerprint: fingerprint,
|
|
219
229
|
time_taken: time_taken,
|
|
220
230
|
process_exit_value: process.to_s
|
|
221
231
|
}
|
|
@@ -226,6 +236,16 @@ module Dependabot
|
|
|
226
236
|
python_version >= Python::Version.new("3.7")
|
|
227
237
|
end
|
|
228
238
|
|
|
239
|
+
def pip_compile_options_fingerprint(options)
|
|
240
|
+
options.sub(
|
|
241
|
+
/--output-file=\S+/, "--output-file=<output_file>"
|
|
242
|
+
).sub(
|
|
243
|
+
/--index-url=\S+/, "--index-url=<index_url>"
|
|
244
|
+
).sub(
|
|
245
|
+
/--extra-index-url=\S+/, "--extra-index-url=<extra_index_url>"
|
|
246
|
+
)
|
|
247
|
+
end
|
|
248
|
+
|
|
229
249
|
def pip_compile_options(filename)
|
|
230
250
|
options = @build_isolation ? ["--build-isolation"] : ["--no-build-isolation"]
|
|
231
251
|
options += pip_compile_index_options
|
|
@@ -253,9 +273,13 @@ module Dependabot
|
|
|
253
273
|
end
|
|
254
274
|
end
|
|
255
275
|
|
|
256
|
-
def run_pip_compile_command(command)
|
|
257
|
-
run_command(
|
|
258
|
-
|
|
276
|
+
def run_pip_compile_command(command, fingerprint:)
|
|
277
|
+
run_command(
|
|
278
|
+
"pyenv local #{Helpers.python_major_minor(python_version)}",
|
|
279
|
+
fingerprint: "pyenv local <python_major_minor>"
|
|
280
|
+
)
|
|
281
|
+
|
|
282
|
+
run_command(command, fingerprint: fingerprint)
|
|
259
283
|
end
|
|
260
284
|
|
|
261
285
|
def python_env
|
|
@@ -100,7 +100,7 @@ module Dependabot
|
|
|
100
100
|
end
|
|
101
101
|
|
|
102
102
|
# Shell out to Poetry, which handles everything for us.
|
|
103
|
-
|
|
103
|
+
run_poetry_update_command
|
|
104
104
|
|
|
105
105
|
updated_lockfile =
|
|
106
106
|
if File.exist?("poetry.lock") then File.read("poetry.lock")
|
|
@@ -163,8 +163,11 @@ module Dependabot
|
|
|
163
163
|
|
|
164
164
|
# Using `--lock` avoids doing an install.
|
|
165
165
|
# Using `--no-interaction` avoids asking for passwords.
|
|
166
|
-
def
|
|
167
|
-
|
|
166
|
+
def run_poetry_update_command
|
|
167
|
+
run_poetry_command(
|
|
168
|
+
"pyenv exec poetry update #{dependency.name} --lock --no-interaction",
|
|
169
|
+
fingerprint: "pyenv exec poetry update <dependency_name> --lock --no-interaction"
|
|
170
|
+
)
|
|
168
171
|
end
|
|
169
172
|
|
|
170
173
|
def check_original_requirements_resolvable
|
|
@@ -174,7 +177,7 @@ module Dependabot
|
|
|
174
177
|
SharedHelpers.with_git_configured(credentials: credentials) do
|
|
175
178
|
write_temporary_dependency_files(update_pyproject: false)
|
|
176
179
|
|
|
177
|
-
|
|
180
|
+
run_poetry_update_command
|
|
178
181
|
|
|
179
182
|
@original_reqs_resolvable = true
|
|
180
183
|
rescue SharedHelpers::HelperSubprocessFailed => e
|
|
@@ -331,7 +334,7 @@ module Dependabot
|
|
|
331
334
|
poetry_lock || pyproject_lock
|
|
332
335
|
end
|
|
333
336
|
|
|
334
|
-
def run_poetry_command(command)
|
|
337
|
+
def run_poetry_command(command, fingerprint: nil)
|
|
335
338
|
start = Time.now
|
|
336
339
|
command = SharedHelpers.escape_command(command)
|
|
337
340
|
stdout, process = Open3.capture2e(command)
|
|
@@ -345,6 +348,7 @@ module Dependabot
|
|
|
345
348
|
message: stdout,
|
|
346
349
|
error_context: {
|
|
347
350
|
command: command,
|
|
351
|
+
fingerprint: fingerprint,
|
|
348
352
|
time_taken: time_taken,
|
|
349
353
|
process_exit_value: process.to_s
|
|
350
354
|
}
|
|
@@ -292,7 +292,7 @@ module Dependabot
|
|
|
292
292
|
|
|
293
293
|
pypi_info = JSON.parse(index_response.body)["info"] || {}
|
|
294
294
|
pypi_info["summary"] == library_details["description"]
|
|
295
|
-
rescue Excon::Error::Timeout
|
|
295
|
+
rescue Excon::Error::Timeout, Excon::Error::Socket
|
|
296
296
|
false
|
|
297
297
|
rescue URI::InvalidURIError
|
|
298
298
|
false
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-python
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.215.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-12-
|
|
11
|
+
date: 2022-12-07 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.215.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.215.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|