dependabot-python 0.214.0 → 0.216.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/helpers/build +5 -5
- data/helpers/build_for_version +21 -0
- data/helpers/requirements.txt +4 -5
- data/lib/dependabot/python/file_parser/pyproject_files_parser.rb +25 -15
- data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb +48 -53
- data/lib/dependabot/python/file_updater/pipfile_file_updater.rb +19 -59
- data/lib/dependabot/python/file_updater/pipfile_preparer.rb +17 -1
- data/lib/dependabot/python/file_updater/poetry_file_updater.rb +47 -38
- data/lib/dependabot/python/language_version_manager.rb +115 -0
- data/lib/dependabot/python/python_versions.rb +6 -6
- data/lib/dependabot/python/requirement_parser.rb +1 -1
- data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb +46 -50
- data/lib/dependabot/python/update_checker/pip_version_resolver.rb +14 -40
- data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb +23 -58
- data/lib/dependabot/python/update_checker/poetry_version_resolver.rb +55 -49
- data/lib/dependabot/python/update_checker/requirements_updater.rb +25 -6
- data/lib/dependabot/python/update_checker.rb +22 -49
- data/lib/dependabot/python/version.rb +2 -2
- metadata +37 -33
- data/lib/dependabot/python/helpers.rb +0 -37
@@ -92,15 +92,15 @@ module Dependabot
|
|
92
92
|
write_temporary_dependency_files(updated_req: requirement)
|
93
93
|
add_auth_env_vars
|
94
94
|
|
95
|
-
|
95
|
+
language_version_manager.install_required_python
|
96
96
|
|
97
97
|
# use system git instead of the pure Python dulwich
|
98
|
-
unless python_version&.start_with?("3.6")
|
98
|
+
unless language_version_manager.python_version&.start_with?("3.6")
|
99
99
|
run_poetry_command("pyenv exec poetry config experimental.system-git-client true")
|
100
100
|
end
|
101
101
|
|
102
102
|
# Shell out to Poetry, which handles everything for us.
|
103
|
-
|
103
|
+
run_poetry_update_command
|
104
104
|
|
105
105
|
updated_lockfile =
|
106
106
|
if File.exist?("poetry.lock") then File.read("poetry.lock")
|
@@ -163,8 +163,11 @@ module Dependabot
|
|
163
163
|
|
164
164
|
# Using `--lock` avoids doing an install.
|
165
165
|
# Using `--no-interaction` avoids asking for passwords.
|
166
|
-
def
|
167
|
-
|
166
|
+
def run_poetry_update_command
|
167
|
+
run_poetry_command(
|
168
|
+
"pyenv exec poetry update #{dependency.name} --lock --no-interaction",
|
169
|
+
fingerprint: "pyenv exec poetry update <dependency_name> --lock --no-interaction"
|
170
|
+
)
|
168
171
|
end
|
169
172
|
|
170
173
|
def check_original_requirements_resolvable
|
@@ -174,7 +177,7 @@ module Dependabot
|
|
174
177
|
SharedHelpers.with_git_configured(credentials: credentials) do
|
175
178
|
write_temporary_dependency_files(update_pyproject: false)
|
176
179
|
|
177
|
-
|
180
|
+
run_poetry_update_command
|
178
181
|
|
179
182
|
@original_reqs_resolvable = true
|
180
183
|
rescue SharedHelpers::HelperSubprocessFailed => e
|
@@ -202,7 +205,7 @@ module Dependabot
|
|
202
205
|
end
|
203
206
|
|
204
207
|
# Overwrite the .python-version with updated content
|
205
|
-
File.write(".python-version",
|
208
|
+
File.write(".python-version", language_version_manager.python_major_minor)
|
206
209
|
|
207
210
|
# Overwrite the pyproject with updated content
|
208
211
|
if update_pyproject
|
@@ -221,39 +224,10 @@ module Dependabot
|
|
221
224
|
add_auth_env_vars(credentials)
|
222
225
|
end
|
223
226
|
|
224
|
-
def python_version
|
225
|
-
requirements = python_requirement_parser.user_specified_requirements
|
226
|
-
requirements = requirements.
|
227
|
-
map { |r| Python::Requirement.requirements_array(r) }
|
228
|
-
|
229
|
-
version = PythonVersions::SUPPORTED_VERSIONS_TO_ITERATE.find do |v|
|
230
|
-
requirements.all? do |reqs|
|
231
|
-
reqs.any? { |r| r.satisfied_by?(Python::Version.new(v)) }
|
232
|
-
end
|
233
|
-
end
|
234
|
-
return version if version
|
235
|
-
|
236
|
-
msg = "Dependabot detected the following Python requirements " \
|
237
|
-
"for your project: '#{requirements}'.\n\nCurrently, the " \
|
238
|
-
"following Python versions are supported in Dependabot: " \
|
239
|
-
"#{PythonVersions::SUPPORTED_VERSIONS.join(', ')}."
|
240
|
-
raise DependencyFileNotResolvable, msg
|
241
|
-
end
|
242
|
-
|
243
|
-
def python_requirement_parser
|
244
|
-
@python_requirement_parser ||=
|
245
|
-
FileParser::PythonRequirementParser.new(
|
246
|
-
dependency_files: dependency_files
|
247
|
-
)
|
248
|
-
end
|
249
|
-
|
250
|
-
def pre_installed_python?(version)
|
251
|
-
PythonVersions::PRE_INSTALLED_PYTHON_VERSIONS.include?(version)
|
252
|
-
end
|
253
|
-
|
254
227
|
def updated_pyproject_content(updated_requirement:)
|
255
228
|
content = pyproject.content
|
256
229
|
content = sanitize_pyproject_content(content)
|
230
|
+
content = update_python_requirement(content)
|
257
231
|
content = freeze_other_dependencies(content)
|
258
232
|
content = set_target_dependency_req(content, updated_requirement)
|
259
233
|
content
|
@@ -262,6 +236,7 @@ module Dependabot
|
|
262
236
|
def sanitized_pyproject_content
|
263
237
|
content = pyproject.content
|
264
238
|
content = sanitize_pyproject_content(content)
|
239
|
+
content = update_python_requirement(content)
|
265
240
|
content
|
266
241
|
end
|
267
242
|
|
@@ -271,13 +246,18 @@ module Dependabot
|
|
271
246
|
sanitize
|
272
247
|
end
|
273
248
|
|
249
|
+
def update_python_requirement(pyproject_content)
|
250
|
+
Python::FileUpdater::PyprojectPreparer.
|
251
|
+
new(pyproject_content: pyproject_content).
|
252
|
+
update_python_requirement(language_version_manager.python_major_minor)
|
253
|
+
end
|
254
|
+
|
274
255
|
def freeze_other_dependencies(pyproject_content)
|
275
256
|
Python::FileUpdater::PyprojectPreparer.
|
276
257
|
new(pyproject_content: pyproject_content, lockfile: lockfile).
|
277
258
|
freeze_top_level_dependencies_except([dependency])
|
278
259
|
end
|
279
260
|
|
280
|
-
# rubocop:disable Metrics/PerceivedComplexity
|
281
261
|
def set_target_dependency_req(pyproject_content, updated_requirement)
|
282
262
|
return pyproject_content unless updated_requirement
|
283
263
|
|
@@ -285,15 +265,15 @@ module Dependabot
|
|
285
265
|
poetry_object = pyproject_object.dig("tool", "poetry")
|
286
266
|
|
287
267
|
Dependabot::Python::FileParser::PyprojectFilesParser::POETRY_DEPENDENCY_TYPES.each do |type|
|
288
|
-
|
289
|
-
|
290
|
-
|
291
|
-
|
292
|
-
|
293
|
-
|
294
|
-
|
295
|
-
|
296
|
-
|
268
|
+
dependencies = poetry_object[type]
|
269
|
+
next unless dependencies
|
270
|
+
|
271
|
+
update_dependency_requirement(dependencies, updated_requirement)
|
272
|
+
end
|
273
|
+
|
274
|
+
groups = poetry_object["group"]&.values || []
|
275
|
+
groups.each do |group_spec|
|
276
|
+
update_dependency_requirement(group_spec["dependencies"], updated_requirement)
|
297
277
|
end
|
298
278
|
|
299
279
|
# If this is a sub-dependency, add the new requirement
|
@@ -304,7 +284,18 @@ module Dependabot
|
|
304
284
|
|
305
285
|
TomlRB.dump(pyproject_object)
|
306
286
|
end
|
307
|
-
|
287
|
+
|
288
|
+
def update_dependency_requirement(toml_node, requirement)
|
289
|
+
names = toml_node.keys
|
290
|
+
pkg_name = names.find { |nm| normalise(nm) == dependency.name }
|
291
|
+
return unless pkg_name
|
292
|
+
|
293
|
+
if toml_node[pkg_name].is_a?(Hash)
|
294
|
+
toml_node[pkg_name]["version"] = requirement
|
295
|
+
else
|
296
|
+
toml_node[pkg_name] = requirement
|
297
|
+
end
|
298
|
+
end
|
308
299
|
|
309
300
|
def subdep_type
|
310
301
|
category =
|
@@ -315,6 +306,20 @@ module Dependabot
|
|
315
306
|
category == "dev" ? "dev-dependencies" : "dependencies"
|
316
307
|
end
|
317
308
|
|
309
|
+
def python_requirement_parser
|
310
|
+
@python_requirement_parser ||=
|
311
|
+
FileParser::PythonRequirementParser.new(
|
312
|
+
dependency_files: dependency_files
|
313
|
+
)
|
314
|
+
end
|
315
|
+
|
316
|
+
def language_version_manager
|
317
|
+
@language_version_manager ||=
|
318
|
+
LanguageVersionManager.new(
|
319
|
+
python_requirement_parser: python_requirement_parser
|
320
|
+
)
|
321
|
+
end
|
322
|
+
|
318
323
|
def pyproject
|
319
324
|
dependency_files.find { |f| f.name == "pyproject.toml" }
|
320
325
|
end
|
@@ -331,7 +336,7 @@ module Dependabot
|
|
331
336
|
poetry_lock || pyproject_lock
|
332
337
|
end
|
333
338
|
|
334
|
-
def run_poetry_command(command)
|
339
|
+
def run_poetry_command(command, fingerprint: nil)
|
335
340
|
start = Time.now
|
336
341
|
command = SharedHelpers.escape_command(command)
|
337
342
|
stdout, process = Open3.capture2e(command)
|
@@ -345,6 +350,7 @@ module Dependabot
|
|
345
350
|
message: stdout,
|
346
351
|
error_context: {
|
347
352
|
command: command,
|
353
|
+
fingerprint: fingerprint,
|
348
354
|
time_taken: time_taken,
|
349
355
|
process_exit_value: process.to_s
|
350
356
|
}
|
@@ -88,12 +88,19 @@ module Dependabot
|
|
88
88
|
case update_strategy
|
89
89
|
when :widen_ranges then widen_pyproject_requirement(req)
|
90
90
|
when :bump_versions then update_pyproject_version(req)
|
91
|
+
when :bump_versions_if_necessary then update_pyproject_version_if_needed(req)
|
91
92
|
else raise "Unexpected update strategy: #{update_strategy}"
|
92
93
|
end
|
93
94
|
rescue UnfixableRequirement
|
94
95
|
req.merge(requirement: :unfixable)
|
95
96
|
end
|
96
97
|
|
98
|
+
def update_pyproject_version_if_needed(req)
|
99
|
+
return req if new_version_satisfies?(req)
|
100
|
+
|
101
|
+
update_pyproject_version(req)
|
102
|
+
end
|
103
|
+
|
97
104
|
def update_pyproject_version(req)
|
98
105
|
requirement_strings = req[:requirement].split(",").map(&:strip)
|
99
106
|
|
@@ -180,10 +187,14 @@ module Dependabot
|
|
180
187
|
return req unless req.fetch(:requirement)
|
181
188
|
|
182
189
|
case update_strategy
|
190
|
+
when :widen_ranges
|
191
|
+
widen_requirement(req)
|
183
192
|
when :bump_versions
|
184
193
|
update_requirement(req)
|
185
194
|
when :bump_versions_if_necessary
|
186
195
|
update_requirement_if_needed(req)
|
196
|
+
else
|
197
|
+
raise "Unexpected update strategy: #{update_strategy}"
|
187
198
|
end
|
188
199
|
end
|
189
200
|
|
@@ -212,6 +223,14 @@ module Dependabot
|
|
212
223
|
req.merge(requirement: :unfixable)
|
213
224
|
end
|
214
225
|
|
226
|
+
def widen_requirement(req)
|
227
|
+
return req if new_version_satisfies?(req)
|
228
|
+
|
229
|
+
new_requirement = widen_requirement_range(req[:requirement])
|
230
|
+
|
231
|
+
req.merge(requirement: new_requirement)
|
232
|
+
end
|
233
|
+
|
215
234
|
def new_version_satisfies?(req)
|
216
235
|
requirement_class.
|
217
236
|
requirements_array(req.fetch(:requirement)).
|
@@ -256,8 +275,10 @@ module Dependabot
|
|
256
275
|
next r.to_s if r.satisfied_by?(latest_resolvable_version)
|
257
276
|
|
258
277
|
case op = r.requirements.first.first
|
259
|
-
when "<"
|
260
|
-
"<" + update_greatest_version(r.
|
278
|
+
when "<"
|
279
|
+
"<" + update_greatest_version(r.requirements.first.last, latest_resolvable_version)
|
280
|
+
when "<="
|
281
|
+
"<=" + latest_resolvable_version.to_s
|
261
282
|
when "!=", ">", ">="
|
262
283
|
raise UnfixableRequirement
|
263
284
|
else
|
@@ -329,14 +350,12 @@ module Dependabot
|
|
329
350
|
end
|
330
351
|
end
|
331
352
|
|
332
|
-
# Updates the version in a "<"
|
333
|
-
|
334
|
-
def update_greatest_version(req_string, version_to_be_permitted)
|
353
|
+
# Updates the version in a "<" constraint to allow the given version
|
354
|
+
def update_greatest_version(version, version_to_be_permitted)
|
335
355
|
if version_to_be_permitted.is_a?(String)
|
336
356
|
version_to_be_permitted =
|
337
357
|
Python::Version.new(version_to_be_permitted)
|
338
358
|
end
|
339
|
-
version = Python::Version.new(req_string.gsub(/<=?/, ""))
|
340
359
|
version = version.release if version.prerelease?
|
341
360
|
|
342
361
|
index_to_update = [
|
@@ -34,43 +34,25 @@ module Dependabot
|
|
34
34
|
|
35
35
|
def latest_resolvable_version
|
36
36
|
@latest_resolvable_version ||=
|
37
|
-
|
38
|
-
|
39
|
-
|
37
|
+
if resolver_type == :requirements
|
38
|
+
resolver.latest_resolvable_version
|
39
|
+
elsif resolver_type == :pip_compile && resolver.resolvable?(version: latest_version)
|
40
|
+
latest_version
|
41
|
+
else
|
42
|
+
resolver.latest_resolvable_version(
|
40
43
|
requirement: unlocked_requirement_string
|
41
44
|
)
|
42
|
-
when :poetry
|
43
|
-
poetry_version_resolver.latest_resolvable_version(
|
44
|
-
requirement: unlocked_requirement_string
|
45
|
-
)
|
46
|
-
when :pip_compile
|
47
|
-
pip_compile_version_resolver.latest_resolvable_version(
|
48
|
-
requirement: unlocked_requirement_string
|
49
|
-
)
|
50
|
-
when :requirements
|
51
|
-
pip_version_resolver.latest_resolvable_version
|
52
|
-
else raise "Unexpected resolver type #{resolver_type}"
|
53
45
|
end
|
54
46
|
end
|
55
47
|
|
56
48
|
def latest_resolvable_version_with_no_unlock
|
57
49
|
@latest_resolvable_version_with_no_unlock ||=
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
)
|
63
|
-
when :poetry
|
64
|
-
poetry_version_resolver.latest_resolvable_version(
|
65
|
-
requirement: current_requirement_string
|
66
|
-
)
|
67
|
-
when :pip_compile
|
68
|
-
pip_compile_version_resolver.latest_resolvable_version(
|
50
|
+
if resolver_type == :requirements
|
51
|
+
resolver.latest_resolvable_version_with_no_unlock
|
52
|
+
else
|
53
|
+
resolver.latest_resolvable_version(
|
69
54
|
requirement: current_requirement_string
|
70
55
|
)
|
71
|
-
when :requirements
|
72
|
-
pip_version_resolver.latest_resolvable_version_with_no_unlock
|
73
|
-
else raise "Unexpected resolver type #{resolver_type}"
|
74
56
|
end
|
75
57
|
end
|
76
58
|
|
@@ -115,34 +97,25 @@ module Dependabot
|
|
115
97
|
raise NotImplementedError
|
116
98
|
end
|
117
99
|
|
118
|
-
def preferred_version_resolvable_with_unlock?
|
119
|
-
# Our requirements file updater doesn't currently support widening
|
120
|
-
# ranges, so avoid updating this dependency if widening ranges has been
|
121
|
-
# required and the dependency is present on a requirements file.
|
122
|
-
# Otherwise, we will crash later on. TODO: Consider what the correct
|
123
|
-
# behavior is in these cases.
|
124
|
-
return false if requirements_update_strategy == :widen_ranges && updating_requirements_file?
|
125
|
-
|
126
|
-
super
|
127
|
-
end
|
128
|
-
|
129
100
|
def fetch_lowest_resolvable_security_fix_version
|
130
101
|
fix_version = lowest_security_fix_version
|
131
102
|
return latest_resolvable_version if fix_version.nil?
|
132
103
|
|
133
|
-
return
|
134
|
-
|
135
|
-
resolver =
|
136
|
-
case resolver_type
|
137
|
-
when :pip_compile then pip_compile_version_resolver
|
138
|
-
when :pipenv then pipenv_version_resolver
|
139
|
-
when :poetry then poetry_version_resolver
|
140
|
-
else raise "Unexpected resolver type #{resolver_type}"
|
141
|
-
end
|
104
|
+
return resolver.lowest_resolvable_security_fix_version if resolver_type == :requirements
|
142
105
|
|
143
106
|
resolver.resolvable?(version: fix_version) ? fix_version : nil
|
144
107
|
end
|
145
108
|
|
109
|
+
def resolver
|
110
|
+
case resolver_type
|
111
|
+
when :pip_compile then pip_compile_version_resolver
|
112
|
+
when :pipenv then pipenv_version_resolver
|
113
|
+
when :poetry then poetry_version_resolver
|
114
|
+
when :requirements then pip_version_resolver
|
115
|
+
else raise "Unexpected resolver type #{resolver_type}"
|
116
|
+
end
|
117
|
+
end
|
118
|
+
|
146
119
|
def resolver_type
|
147
120
|
reqs = requirements
|
148
121
|
|
@@ -292,7 +265,7 @@ module Dependabot
|
|
292
265
|
|
293
266
|
pypi_info = JSON.parse(index_response.body)["info"] || {}
|
294
267
|
pypi_info["summary"] == library_details["description"]
|
295
|
-
rescue Excon::Error::Timeout
|
268
|
+
rescue Excon::Error::Timeout, Excon::Error::Socket
|
296
269
|
false
|
297
270
|
rescue URI::InvalidURIError
|
298
271
|
false
|
@@ -1,7 +1,7 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
+
require "dependabot/version"
|
3
4
|
require "dependabot/utils"
|
4
|
-
require "rubygems_version_patch"
|
5
5
|
|
6
6
|
# Python versions can include a local version identifier, which Ruby can't
|
7
7
|
# parse. This class augments Gem::Version with local version identifier info.
|
@@ -9,7 +9,7 @@ require "rubygems_version_patch"
|
|
9
9
|
|
10
10
|
module Dependabot
|
11
11
|
module Python
|
12
|
-
class Version <
|
12
|
+
class Version < Dependabot::Version
|
13
13
|
attr_reader :epoch
|
14
14
|
attr_reader :local_version
|
15
15
|
attr_reader :post_release_version
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-python
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.216.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2023-04-12 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,28 +16,28 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.216.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.216.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
30
30
|
requirements:
|
31
|
-
- - "
|
31
|
+
- - "~>"
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version: 1.
|
33
|
+
version: 1.7.1
|
34
34
|
type: :development
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
|
-
- - "
|
38
|
+
- - "~>"
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version: 1.
|
40
|
+
version: 1.7.1
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: gpgme
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
@@ -58,14 +58,14 @@ dependencies:
|
|
58
58
|
requirements:
|
59
59
|
- - "~>"
|
60
60
|
- !ruby/object:Gem::Version
|
61
|
-
version: 4.
|
61
|
+
version: 4.2.0
|
62
62
|
type: :development
|
63
63
|
prerelease: false
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
65
65
|
requirements:
|
66
66
|
- - "~>"
|
67
67
|
- !ruby/object:Gem::Version
|
68
|
-
version: 4.
|
68
|
+
version: 4.2.0
|
69
69
|
- !ruby/object:Gem::Dependency
|
70
70
|
name: rake
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|
@@ -86,70 +86,70 @@ dependencies:
|
|
86
86
|
requirements:
|
87
87
|
- - "~>"
|
88
88
|
- !ruby/object:Gem::Version
|
89
|
-
version: '3.
|
89
|
+
version: '3.12'
|
90
90
|
type: :development
|
91
91
|
prerelease: false
|
92
92
|
version_requirements: !ruby/object:Gem::Requirement
|
93
93
|
requirements:
|
94
94
|
- - "~>"
|
95
95
|
- !ruby/object:Gem::Version
|
96
|
-
version: '3.
|
96
|
+
version: '3.12'
|
97
97
|
- !ruby/object:Gem::Dependency
|
98
98
|
name: rspec-its
|
99
99
|
requirement: !ruby/object:Gem::Requirement
|
100
100
|
requirements:
|
101
101
|
- - "~>"
|
102
102
|
- !ruby/object:Gem::Version
|
103
|
-
version: '1.
|
103
|
+
version: '1.3'
|
104
104
|
type: :development
|
105
105
|
prerelease: false
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
107
107
|
requirements:
|
108
108
|
- - "~>"
|
109
109
|
- !ruby/object:Gem::Version
|
110
|
-
version: '1.
|
110
|
+
version: '1.3'
|
111
111
|
- !ruby/object:Gem::Dependency
|
112
112
|
name: rubocop
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|
114
114
|
requirements:
|
115
115
|
- - "~>"
|
116
116
|
- !ruby/object:Gem::Version
|
117
|
-
version: 1.
|
117
|
+
version: 1.48.0
|
118
118
|
type: :development
|
119
119
|
prerelease: false
|
120
120
|
version_requirements: !ruby/object:Gem::Requirement
|
121
121
|
requirements:
|
122
122
|
- - "~>"
|
123
123
|
- !ruby/object:Gem::Version
|
124
|
-
version: 1.
|
124
|
+
version: 1.48.0
|
125
125
|
- !ruby/object:Gem::Dependency
|
126
126
|
name: rubocop-performance
|
127
127
|
requirement: !ruby/object:Gem::Requirement
|
128
128
|
requirements:
|
129
129
|
- - "~>"
|
130
130
|
- !ruby/object:Gem::Version
|
131
|
-
version: 1.
|
131
|
+
version: 1.17.1
|
132
132
|
type: :development
|
133
133
|
prerelease: false
|
134
134
|
version_requirements: !ruby/object:Gem::Requirement
|
135
135
|
requirements:
|
136
136
|
- - "~>"
|
137
137
|
- !ruby/object:Gem::Version
|
138
|
-
version: 1.
|
138
|
+
version: 1.17.1
|
139
139
|
- !ruby/object:Gem::Dependency
|
140
140
|
name: simplecov
|
141
141
|
requirement: !ruby/object:Gem::Requirement
|
142
142
|
requirements:
|
143
143
|
- - "~>"
|
144
144
|
- !ruby/object:Gem::Version
|
145
|
-
version: 0.
|
145
|
+
version: 0.22.0
|
146
146
|
type: :development
|
147
147
|
prerelease: false
|
148
148
|
version_requirements: !ruby/object:Gem::Requirement
|
149
149
|
requirements:
|
150
150
|
- - "~>"
|
151
151
|
- !ruby/object:Gem::Version
|
152
|
-
version: 0.
|
152
|
+
version: 0.22.0
|
153
153
|
- !ruby/object:Gem::Dependency
|
154
154
|
name: simplecov-console
|
155
155
|
requirement: !ruby/object:Gem::Requirement
|
@@ -182,38 +182,40 @@ dependencies:
|
|
182
182
|
name: vcr
|
183
183
|
requirement: !ruby/object:Gem::Requirement
|
184
184
|
requirements:
|
185
|
-
- -
|
185
|
+
- - "~>"
|
186
186
|
- !ruby/object:Gem::Version
|
187
|
-
version: 6.1
|
187
|
+
version: '6.1'
|
188
188
|
type: :development
|
189
189
|
prerelease: false
|
190
190
|
version_requirements: !ruby/object:Gem::Requirement
|
191
191
|
requirements:
|
192
|
-
- -
|
192
|
+
- - "~>"
|
193
193
|
- !ruby/object:Gem::Version
|
194
|
-
version: 6.1
|
194
|
+
version: '6.1'
|
195
195
|
- !ruby/object:Gem::Dependency
|
196
196
|
name: webmock
|
197
197
|
requirement: !ruby/object:Gem::Requirement
|
198
198
|
requirements:
|
199
199
|
- - "~>"
|
200
200
|
- !ruby/object:Gem::Version
|
201
|
-
version: '3.
|
201
|
+
version: '3.18'
|
202
202
|
type: :development
|
203
203
|
prerelease: false
|
204
204
|
version_requirements: !ruby/object:Gem::Requirement
|
205
205
|
requirements:
|
206
206
|
- - "~>"
|
207
207
|
- !ruby/object:Gem::Version
|
208
|
-
version: '3.
|
209
|
-
description:
|
210
|
-
|
211
|
-
|
208
|
+
version: '3.18'
|
209
|
+
description: Dependabot-Python provides support for bumping Python packages via Dependabot.
|
210
|
+
If you want support for multiple package managers, you probably want the meta-gem
|
211
|
+
dependabot-omnibus.
|
212
|
+
email: opensource@github.com
|
212
213
|
executables: []
|
213
214
|
extensions: []
|
214
215
|
extra_rdoc_files: []
|
215
216
|
files:
|
216
217
|
- helpers/build
|
218
|
+
- helpers/build_for_version
|
217
219
|
- helpers/lib/__init__.py
|
218
220
|
- helpers/lib/hasher.py
|
219
221
|
- helpers/lib/parser.py
|
@@ -237,7 +239,7 @@ files:
|
|
237
239
|
- lib/dependabot/python/file_updater/requirement_file_updater.rb
|
238
240
|
- lib/dependabot/python/file_updater/requirement_replacer.rb
|
239
241
|
- lib/dependabot/python/file_updater/setup_file_sanitizer.rb
|
240
|
-
- lib/dependabot/python/
|
242
|
+
- lib/dependabot/python/language_version_manager.rb
|
241
243
|
- lib/dependabot/python/metadata_finder.rb
|
242
244
|
- lib/dependabot/python/name_normaliser.rb
|
243
245
|
- lib/dependabot/python/native_helpers.rb
|
@@ -256,7 +258,9 @@ files:
|
|
256
258
|
homepage: https://github.com/dependabot/dependabot-core
|
257
259
|
licenses:
|
258
260
|
- Nonstandard
|
259
|
-
metadata:
|
261
|
+
metadata:
|
262
|
+
issue_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
263
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/blob/main/CHANGELOG.md
|
260
264
|
post_install_message:
|
261
265
|
rdoc_options: []
|
262
266
|
require_paths:
|
@@ -272,8 +276,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
272
276
|
- !ruby/object:Gem::Version
|
273
277
|
version: 3.1.0
|
274
278
|
requirements: []
|
275
|
-
rubygems_version: 3.3.
|
279
|
+
rubygems_version: 3.3.26
|
276
280
|
signing_key:
|
277
281
|
specification_version: 4
|
278
|
-
summary:
|
282
|
+
summary: Provides Dependabot support for Python
|
279
283
|
test_files: []
|
@@ -1,37 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "dependabot/logger"
|
4
|
-
require "dependabot/python/version"
|
5
|
-
|
6
|
-
module Dependabot
|
7
|
-
module Python
|
8
|
-
module Helpers
|
9
|
-
def self.install_required_python(python_version)
|
10
|
-
# The leading space is important in the version check
|
11
|
-
return if SharedHelpers.run_shell_command("pyenv versions").include?(" #{python_major_minor(python_version)}.")
|
12
|
-
|
13
|
-
if File.exist?("/usr/local/.pyenv/#{python_major_minor(python_version)}.tar.gz")
|
14
|
-
SharedHelpers.run_shell_command(
|
15
|
-
"tar xzf /usr/local/.pyenv/#{python_major_minor(python_version)}.tar.gz -C /usr/local/.pyenv/"
|
16
|
-
)
|
17
|
-
return if SharedHelpers.run_shell_command("pyenv versions").
|
18
|
-
include?(" #{python_major_minor(python_version)}.")
|
19
|
-
end
|
20
|
-
|
21
|
-
Dependabot.logger.info("Installing required Python #{python_version}.")
|
22
|
-
start = Time.now
|
23
|
-
SharedHelpers.run_shell_command("pyenv install -s #{python_version}")
|
24
|
-
SharedHelpers.run_shell_command("pyenv exec pip install --upgrade pip")
|
25
|
-
SharedHelpers.run_shell_command("pyenv exec pip install -r" \
|
26
|
-
"#{NativeHelpers.python_requirements_path}")
|
27
|
-
time_taken = Time.now - start
|
28
|
-
Dependabot.logger.info("Installing Python #{python_version} took #{time_taken}s.")
|
29
|
-
end
|
30
|
-
|
31
|
-
def self.python_major_minor(python_version)
|
32
|
-
python = Python::Version.new(python_version)
|
33
|
-
"#{python.segments[0]}.#{python.segments[1]}"
|
34
|
-
end
|
35
|
-
end
|
36
|
-
end
|
37
|
-
end
|