dependabot-python 0.214.0 → 0.216.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/build +5 -5
- data/helpers/build_for_version +21 -0
- data/helpers/requirements.txt +4 -5
- data/lib/dependabot/python/file_parser/pyproject_files_parser.rb +25 -15
- data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb +48 -53
- data/lib/dependabot/python/file_updater/pipfile_file_updater.rb +19 -59
- data/lib/dependabot/python/file_updater/pipfile_preparer.rb +17 -1
- data/lib/dependabot/python/file_updater/poetry_file_updater.rb +47 -38
- data/lib/dependabot/python/language_version_manager.rb +115 -0
- data/lib/dependabot/python/python_versions.rb +6 -6
- data/lib/dependabot/python/requirement_parser.rb +1 -1
- data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb +46 -50
- data/lib/dependabot/python/update_checker/pip_version_resolver.rb +14 -40
- data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb +23 -58
- data/lib/dependabot/python/update_checker/poetry_version_resolver.rb +55 -49
- data/lib/dependabot/python/update_checker/requirements_updater.rb +25 -6
- data/lib/dependabot/python/update_checker.rb +22 -49
- data/lib/dependabot/python/version.rb +2 -2
- metadata +37 -33
- data/lib/dependabot/python/helpers.rb +0 -37
@@ -92,15 +92,15 @@ module Dependabot
|
|
92
92
|
write_temporary_dependency_files(updated_req: requirement)
|
93
93
|
add_auth_env_vars
|
94
94
|
|
95
|
-
|
95
|
+
language_version_manager.install_required_python
|
96
96
|
|
97
97
|
# use system git instead of the pure Python dulwich
|
98
|
-
unless python_version&.start_with?("3.6")
|
98
|
+
unless language_version_manager.python_version&.start_with?("3.6")
|
99
99
|
run_poetry_command("pyenv exec poetry config experimental.system-git-client true")
|
100
100
|
end
|
101
101
|
|
102
102
|
# Shell out to Poetry, which handles everything for us.
|
103
|
-
|
103
|
+
run_poetry_update_command
|
104
104
|
|
105
105
|
updated_lockfile =
|
106
106
|
if File.exist?("poetry.lock") then File.read("poetry.lock")
|
@@ -163,8 +163,11 @@ module Dependabot
|
|
163
163
|
|
164
164
|
# Using `--lock` avoids doing an install.
|
165
165
|
# Using `--no-interaction` avoids asking for passwords.
|
166
|
-
def
|
167
|
-
|
166
|
+
def run_poetry_update_command
|
167
|
+
run_poetry_command(
|
168
|
+
"pyenv exec poetry update #{dependency.name} --lock --no-interaction",
|
169
|
+
fingerprint: "pyenv exec poetry update <dependency_name> --lock --no-interaction"
|
170
|
+
)
|
168
171
|
end
|
169
172
|
|
170
173
|
def check_original_requirements_resolvable
|
@@ -174,7 +177,7 @@ module Dependabot
|
|
174
177
|
SharedHelpers.with_git_configured(credentials: credentials) do
|
175
178
|
write_temporary_dependency_files(update_pyproject: false)
|
176
179
|
|
177
|
-
|
180
|
+
run_poetry_update_command
|
178
181
|
|
179
182
|
@original_reqs_resolvable = true
|
180
183
|
rescue SharedHelpers::HelperSubprocessFailed => e
|
@@ -202,7 +205,7 @@ module Dependabot
|
|
202
205
|
end
|
203
206
|
|
204
207
|
# Overwrite the .python-version with updated content
|
205
|
-
File.write(".python-version",
|
208
|
+
File.write(".python-version", language_version_manager.python_major_minor)
|
206
209
|
|
207
210
|
# Overwrite the pyproject with updated content
|
208
211
|
if update_pyproject
|
@@ -221,39 +224,10 @@ module Dependabot
|
|
221
224
|
add_auth_env_vars(credentials)
|
222
225
|
end
|
223
226
|
|
224
|
-
def python_version
|
225
|
-
requirements = python_requirement_parser.user_specified_requirements
|
226
|
-
requirements = requirements.
|
227
|
-
map { |r| Python::Requirement.requirements_array(r) }
|
228
|
-
|
229
|
-
version = PythonVersions::SUPPORTED_VERSIONS_TO_ITERATE.find do |v|
|
230
|
-
requirements.all? do |reqs|
|
231
|
-
reqs.any? { |r| r.satisfied_by?(Python::Version.new(v)) }
|
232
|
-
end
|
233
|
-
end
|
234
|
-
return version if version
|
235
|
-
|
236
|
-
msg = "Dependabot detected the following Python requirements " \
|
237
|
-
"for your project: '#{requirements}'.\n\nCurrently, the " \
|
238
|
-
"following Python versions are supported in Dependabot: " \
|
239
|
-
"#{PythonVersions::SUPPORTED_VERSIONS.join(', ')}."
|
240
|
-
raise DependencyFileNotResolvable, msg
|
241
|
-
end
|
242
|
-
|
243
|
-
def python_requirement_parser
|
244
|
-
@python_requirement_parser ||=
|
245
|
-
FileParser::PythonRequirementParser.new(
|
246
|
-
dependency_files: dependency_files
|
247
|
-
)
|
248
|
-
end
|
249
|
-
|
250
|
-
def pre_installed_python?(version)
|
251
|
-
PythonVersions::PRE_INSTALLED_PYTHON_VERSIONS.include?(version)
|
252
|
-
end
|
253
|
-
|
254
227
|
def updated_pyproject_content(updated_requirement:)
|
255
228
|
content = pyproject.content
|
256
229
|
content = sanitize_pyproject_content(content)
|
230
|
+
content = update_python_requirement(content)
|
257
231
|
content = freeze_other_dependencies(content)
|
258
232
|
content = set_target_dependency_req(content, updated_requirement)
|
259
233
|
content
|
@@ -262,6 +236,7 @@ module Dependabot
|
|
262
236
|
def sanitized_pyproject_content
|
263
237
|
content = pyproject.content
|
264
238
|
content = sanitize_pyproject_content(content)
|
239
|
+
content = update_python_requirement(content)
|
265
240
|
content
|
266
241
|
end
|
267
242
|
|
@@ -271,13 +246,18 @@ module Dependabot
|
|
271
246
|
sanitize
|
272
247
|
end
|
273
248
|
|
249
|
+
def update_python_requirement(pyproject_content)
|
250
|
+
Python::FileUpdater::PyprojectPreparer.
|
251
|
+
new(pyproject_content: pyproject_content).
|
252
|
+
update_python_requirement(language_version_manager.python_major_minor)
|
253
|
+
end
|
254
|
+
|
274
255
|
def freeze_other_dependencies(pyproject_content)
|
275
256
|
Python::FileUpdater::PyprojectPreparer.
|
276
257
|
new(pyproject_content: pyproject_content, lockfile: lockfile).
|
277
258
|
freeze_top_level_dependencies_except([dependency])
|
278
259
|
end
|
279
260
|
|
280
|
-
# rubocop:disable Metrics/PerceivedComplexity
|
281
261
|
def set_target_dependency_req(pyproject_content, updated_requirement)
|
282
262
|
return pyproject_content unless updated_requirement
|
283
263
|
|
@@ -285,15 +265,15 @@ module Dependabot
|
|
285
265
|
poetry_object = pyproject_object.dig("tool", "poetry")
|
286
266
|
|
287
267
|
Dependabot::Python::FileParser::PyprojectFilesParser::POETRY_DEPENDENCY_TYPES.each do |type|
|
288
|
-
|
289
|
-
|
290
|
-
|
291
|
-
|
292
|
-
|
293
|
-
|
294
|
-
|
295
|
-
|
296
|
-
|
268
|
+
dependencies = poetry_object[type]
|
269
|
+
next unless dependencies
|
270
|
+
|
271
|
+
update_dependency_requirement(dependencies, updated_requirement)
|
272
|
+
end
|
273
|
+
|
274
|
+
groups = poetry_object["group"]&.values || []
|
275
|
+
groups.each do |group_spec|
|
276
|
+
update_dependency_requirement(group_spec["dependencies"], updated_requirement)
|
297
277
|
end
|
298
278
|
|
299
279
|
# If this is a sub-dependency, add the new requirement
|
@@ -304,7 +284,18 @@ module Dependabot
|
|
304
284
|
|
305
285
|
TomlRB.dump(pyproject_object)
|
306
286
|
end
|
307
|
-
|
287
|
+
|
288
|
+
def update_dependency_requirement(toml_node, requirement)
|
289
|
+
names = toml_node.keys
|
290
|
+
pkg_name = names.find { |nm| normalise(nm) == dependency.name }
|
291
|
+
return unless pkg_name
|
292
|
+
|
293
|
+
if toml_node[pkg_name].is_a?(Hash)
|
294
|
+
toml_node[pkg_name]["version"] = requirement
|
295
|
+
else
|
296
|
+
toml_node[pkg_name] = requirement
|
297
|
+
end
|
298
|
+
end
|
308
299
|
|
309
300
|
def subdep_type
|
310
301
|
category =
|
@@ -315,6 +306,20 @@ module Dependabot
|
|
315
306
|
category == "dev" ? "dev-dependencies" : "dependencies"
|
316
307
|
end
|
317
308
|
|
309
|
+
def python_requirement_parser
|
310
|
+
@python_requirement_parser ||=
|
311
|
+
FileParser::PythonRequirementParser.new(
|
312
|
+
dependency_files: dependency_files
|
313
|
+
)
|
314
|
+
end
|
315
|
+
|
316
|
+
def language_version_manager
|
317
|
+
@language_version_manager ||=
|
318
|
+
LanguageVersionManager.new(
|
319
|
+
python_requirement_parser: python_requirement_parser
|
320
|
+
)
|
321
|
+
end
|
322
|
+
|
318
323
|
def pyproject
|
319
324
|
dependency_files.find { |f| f.name == "pyproject.toml" }
|
320
325
|
end
|
@@ -331,7 +336,7 @@ module Dependabot
|
|
331
336
|
poetry_lock || pyproject_lock
|
332
337
|
end
|
333
338
|
|
334
|
-
def run_poetry_command(command)
|
339
|
+
def run_poetry_command(command, fingerprint: nil)
|
335
340
|
start = Time.now
|
336
341
|
command = SharedHelpers.escape_command(command)
|
337
342
|
stdout, process = Open3.capture2e(command)
|
@@ -345,6 +350,7 @@ module Dependabot
|
|
345
350
|
message: stdout,
|
346
351
|
error_context: {
|
347
352
|
command: command,
|
353
|
+
fingerprint: fingerprint,
|
348
354
|
time_taken: time_taken,
|
349
355
|
process_exit_value: process.to_s
|
350
356
|
}
|
@@ -88,12 +88,19 @@ module Dependabot
|
|
88
88
|
case update_strategy
|
89
89
|
when :widen_ranges then widen_pyproject_requirement(req)
|
90
90
|
when :bump_versions then update_pyproject_version(req)
|
91
|
+
when :bump_versions_if_necessary then update_pyproject_version_if_needed(req)
|
91
92
|
else raise "Unexpected update strategy: #{update_strategy}"
|
92
93
|
end
|
93
94
|
rescue UnfixableRequirement
|
94
95
|
req.merge(requirement: :unfixable)
|
95
96
|
end
|
96
97
|
|
98
|
+
def update_pyproject_version_if_needed(req)
|
99
|
+
return req if new_version_satisfies?(req)
|
100
|
+
|
101
|
+
update_pyproject_version(req)
|
102
|
+
end
|
103
|
+
|
97
104
|
def update_pyproject_version(req)
|
98
105
|
requirement_strings = req[:requirement].split(",").map(&:strip)
|
99
106
|
|
@@ -180,10 +187,14 @@ module Dependabot
|
|
180
187
|
return req unless req.fetch(:requirement)
|
181
188
|
|
182
189
|
case update_strategy
|
190
|
+
when :widen_ranges
|
191
|
+
widen_requirement(req)
|
183
192
|
when :bump_versions
|
184
193
|
update_requirement(req)
|
185
194
|
when :bump_versions_if_necessary
|
186
195
|
update_requirement_if_needed(req)
|
196
|
+
else
|
197
|
+
raise "Unexpected update strategy: #{update_strategy}"
|
187
198
|
end
|
188
199
|
end
|
189
200
|
|
@@ -212,6 +223,14 @@ module Dependabot
|
|
212
223
|
req.merge(requirement: :unfixable)
|
213
224
|
end
|
214
225
|
|
226
|
+
def widen_requirement(req)
|
227
|
+
return req if new_version_satisfies?(req)
|
228
|
+
|
229
|
+
new_requirement = widen_requirement_range(req[:requirement])
|
230
|
+
|
231
|
+
req.merge(requirement: new_requirement)
|
232
|
+
end
|
233
|
+
|
215
234
|
def new_version_satisfies?(req)
|
216
235
|
requirement_class.
|
217
236
|
requirements_array(req.fetch(:requirement)).
|
@@ -256,8 +275,10 @@ module Dependabot
|
|
256
275
|
next r.to_s if r.satisfied_by?(latest_resolvable_version)
|
257
276
|
|
258
277
|
case op = r.requirements.first.first
|
259
|
-
when "<"
|
260
|
-
"<" + update_greatest_version(r.
|
278
|
+
when "<"
|
279
|
+
"<" + update_greatest_version(r.requirements.first.last, latest_resolvable_version)
|
280
|
+
when "<="
|
281
|
+
"<=" + latest_resolvable_version.to_s
|
261
282
|
when "!=", ">", ">="
|
262
283
|
raise UnfixableRequirement
|
263
284
|
else
|
@@ -329,14 +350,12 @@ module Dependabot
|
|
329
350
|
end
|
330
351
|
end
|
331
352
|
|
332
|
-
# Updates the version in a "<"
|
333
|
-
|
334
|
-
def update_greatest_version(req_string, version_to_be_permitted)
|
353
|
+
# Updates the version in a "<" constraint to allow the given version
|
354
|
+
def update_greatest_version(version, version_to_be_permitted)
|
335
355
|
if version_to_be_permitted.is_a?(String)
|
336
356
|
version_to_be_permitted =
|
337
357
|
Python::Version.new(version_to_be_permitted)
|
338
358
|
end
|
339
|
-
version = Python::Version.new(req_string.gsub(/<=?/, ""))
|
340
359
|
version = version.release if version.prerelease?
|
341
360
|
|
342
361
|
index_to_update = [
|
@@ -34,43 +34,25 @@ module Dependabot
|
|
34
34
|
|
35
35
|
def latest_resolvable_version
|
36
36
|
@latest_resolvable_version ||=
|
37
|
-
|
38
|
-
|
39
|
-
|
37
|
+
if resolver_type == :requirements
|
38
|
+
resolver.latest_resolvable_version
|
39
|
+
elsif resolver_type == :pip_compile && resolver.resolvable?(version: latest_version)
|
40
|
+
latest_version
|
41
|
+
else
|
42
|
+
resolver.latest_resolvable_version(
|
40
43
|
requirement: unlocked_requirement_string
|
41
44
|
)
|
42
|
-
when :poetry
|
43
|
-
poetry_version_resolver.latest_resolvable_version(
|
44
|
-
requirement: unlocked_requirement_string
|
45
|
-
)
|
46
|
-
when :pip_compile
|
47
|
-
pip_compile_version_resolver.latest_resolvable_version(
|
48
|
-
requirement: unlocked_requirement_string
|
49
|
-
)
|
50
|
-
when :requirements
|
51
|
-
pip_version_resolver.latest_resolvable_version
|
52
|
-
else raise "Unexpected resolver type #{resolver_type}"
|
53
45
|
end
|
54
46
|
end
|
55
47
|
|
56
48
|
def latest_resolvable_version_with_no_unlock
|
57
49
|
@latest_resolvable_version_with_no_unlock ||=
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
)
|
63
|
-
when :poetry
|
64
|
-
poetry_version_resolver.latest_resolvable_version(
|
65
|
-
requirement: current_requirement_string
|
66
|
-
)
|
67
|
-
when :pip_compile
|
68
|
-
pip_compile_version_resolver.latest_resolvable_version(
|
50
|
+
if resolver_type == :requirements
|
51
|
+
resolver.latest_resolvable_version_with_no_unlock
|
52
|
+
else
|
53
|
+
resolver.latest_resolvable_version(
|
69
54
|
requirement: current_requirement_string
|
70
55
|
)
|
71
|
-
when :requirements
|
72
|
-
pip_version_resolver.latest_resolvable_version_with_no_unlock
|
73
|
-
else raise "Unexpected resolver type #{resolver_type}"
|
74
56
|
end
|
75
57
|
end
|
76
58
|
|
@@ -115,34 +97,25 @@ module Dependabot
|
|
115
97
|
raise NotImplementedError
|
116
98
|
end
|
117
99
|
|
118
|
-
def preferred_version_resolvable_with_unlock?
|
119
|
-
# Our requirements file updater doesn't currently support widening
|
120
|
-
# ranges, so avoid updating this dependency if widening ranges has been
|
121
|
-
# required and the dependency is present on a requirements file.
|
122
|
-
# Otherwise, we will crash later on. TODO: Consider what the correct
|
123
|
-
# behavior is in these cases.
|
124
|
-
return false if requirements_update_strategy == :widen_ranges && updating_requirements_file?
|
125
|
-
|
126
|
-
super
|
127
|
-
end
|
128
|
-
|
129
100
|
def fetch_lowest_resolvable_security_fix_version
|
130
101
|
fix_version = lowest_security_fix_version
|
131
102
|
return latest_resolvable_version if fix_version.nil?
|
132
103
|
|
133
|
-
return
|
134
|
-
|
135
|
-
resolver =
|
136
|
-
case resolver_type
|
137
|
-
when :pip_compile then pip_compile_version_resolver
|
138
|
-
when :pipenv then pipenv_version_resolver
|
139
|
-
when :poetry then poetry_version_resolver
|
140
|
-
else raise "Unexpected resolver type #{resolver_type}"
|
141
|
-
end
|
104
|
+
return resolver.lowest_resolvable_security_fix_version if resolver_type == :requirements
|
142
105
|
|
143
106
|
resolver.resolvable?(version: fix_version) ? fix_version : nil
|
144
107
|
end
|
145
108
|
|
109
|
+
def resolver
|
110
|
+
case resolver_type
|
111
|
+
when :pip_compile then pip_compile_version_resolver
|
112
|
+
when :pipenv then pipenv_version_resolver
|
113
|
+
when :poetry then poetry_version_resolver
|
114
|
+
when :requirements then pip_version_resolver
|
115
|
+
else raise "Unexpected resolver type #{resolver_type}"
|
116
|
+
end
|
117
|
+
end
|
118
|
+
|
146
119
|
def resolver_type
|
147
120
|
reqs = requirements
|
148
121
|
|
@@ -292,7 +265,7 @@ module Dependabot
|
|
292
265
|
|
293
266
|
pypi_info = JSON.parse(index_response.body)["info"] || {}
|
294
267
|
pypi_info["summary"] == library_details["description"]
|
295
|
-
rescue Excon::Error::Timeout
|
268
|
+
rescue Excon::Error::Timeout, Excon::Error::Socket
|
296
269
|
false
|
297
270
|
rescue URI::InvalidURIError
|
298
271
|
false
|
@@ -1,7 +1,7 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
+
require "dependabot/version"
|
3
4
|
require "dependabot/utils"
|
4
|
-
require "rubygems_version_patch"
|
5
5
|
|
6
6
|
# Python versions can include a local version identifier, which Ruby can't
|
7
7
|
# parse. This class augments Gem::Version with local version identifier info.
|
@@ -9,7 +9,7 @@ require "rubygems_version_patch"
|
|
9
9
|
|
10
10
|
module Dependabot
|
11
11
|
module Python
|
12
|
-
class Version <
|
12
|
+
class Version < Dependabot::Version
|
13
13
|
attr_reader :epoch
|
14
14
|
attr_reader :local_version
|
15
15
|
attr_reader :post_release_version
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-python
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.216.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2023-04-12 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,28 +16,28 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.216.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.216.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
30
30
|
requirements:
|
31
|
-
- - "
|
31
|
+
- - "~>"
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version: 1.
|
33
|
+
version: 1.7.1
|
34
34
|
type: :development
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
|
-
- - "
|
38
|
+
- - "~>"
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version: 1.
|
40
|
+
version: 1.7.1
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: gpgme
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
@@ -58,14 +58,14 @@ dependencies:
|
|
58
58
|
requirements:
|
59
59
|
- - "~>"
|
60
60
|
- !ruby/object:Gem::Version
|
61
|
-
version: 4.
|
61
|
+
version: 4.2.0
|
62
62
|
type: :development
|
63
63
|
prerelease: false
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
65
65
|
requirements:
|
66
66
|
- - "~>"
|
67
67
|
- !ruby/object:Gem::Version
|
68
|
-
version: 4.
|
68
|
+
version: 4.2.0
|
69
69
|
- !ruby/object:Gem::Dependency
|
70
70
|
name: rake
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|
@@ -86,70 +86,70 @@ dependencies:
|
|
86
86
|
requirements:
|
87
87
|
- - "~>"
|
88
88
|
- !ruby/object:Gem::Version
|
89
|
-
version: '3.
|
89
|
+
version: '3.12'
|
90
90
|
type: :development
|
91
91
|
prerelease: false
|
92
92
|
version_requirements: !ruby/object:Gem::Requirement
|
93
93
|
requirements:
|
94
94
|
- - "~>"
|
95
95
|
- !ruby/object:Gem::Version
|
96
|
-
version: '3.
|
96
|
+
version: '3.12'
|
97
97
|
- !ruby/object:Gem::Dependency
|
98
98
|
name: rspec-its
|
99
99
|
requirement: !ruby/object:Gem::Requirement
|
100
100
|
requirements:
|
101
101
|
- - "~>"
|
102
102
|
- !ruby/object:Gem::Version
|
103
|
-
version: '1.
|
103
|
+
version: '1.3'
|
104
104
|
type: :development
|
105
105
|
prerelease: false
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
107
107
|
requirements:
|
108
108
|
- - "~>"
|
109
109
|
- !ruby/object:Gem::Version
|
110
|
-
version: '1.
|
110
|
+
version: '1.3'
|
111
111
|
- !ruby/object:Gem::Dependency
|
112
112
|
name: rubocop
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|
114
114
|
requirements:
|
115
115
|
- - "~>"
|
116
116
|
- !ruby/object:Gem::Version
|
117
|
-
version: 1.
|
117
|
+
version: 1.48.0
|
118
118
|
type: :development
|
119
119
|
prerelease: false
|
120
120
|
version_requirements: !ruby/object:Gem::Requirement
|
121
121
|
requirements:
|
122
122
|
- - "~>"
|
123
123
|
- !ruby/object:Gem::Version
|
124
|
-
version: 1.
|
124
|
+
version: 1.48.0
|
125
125
|
- !ruby/object:Gem::Dependency
|
126
126
|
name: rubocop-performance
|
127
127
|
requirement: !ruby/object:Gem::Requirement
|
128
128
|
requirements:
|
129
129
|
- - "~>"
|
130
130
|
- !ruby/object:Gem::Version
|
131
|
-
version: 1.
|
131
|
+
version: 1.17.1
|
132
132
|
type: :development
|
133
133
|
prerelease: false
|
134
134
|
version_requirements: !ruby/object:Gem::Requirement
|
135
135
|
requirements:
|
136
136
|
- - "~>"
|
137
137
|
- !ruby/object:Gem::Version
|
138
|
-
version: 1.
|
138
|
+
version: 1.17.1
|
139
139
|
- !ruby/object:Gem::Dependency
|
140
140
|
name: simplecov
|
141
141
|
requirement: !ruby/object:Gem::Requirement
|
142
142
|
requirements:
|
143
143
|
- - "~>"
|
144
144
|
- !ruby/object:Gem::Version
|
145
|
-
version: 0.
|
145
|
+
version: 0.22.0
|
146
146
|
type: :development
|
147
147
|
prerelease: false
|
148
148
|
version_requirements: !ruby/object:Gem::Requirement
|
149
149
|
requirements:
|
150
150
|
- - "~>"
|
151
151
|
- !ruby/object:Gem::Version
|
152
|
-
version: 0.
|
152
|
+
version: 0.22.0
|
153
153
|
- !ruby/object:Gem::Dependency
|
154
154
|
name: simplecov-console
|
155
155
|
requirement: !ruby/object:Gem::Requirement
|
@@ -182,38 +182,40 @@ dependencies:
|
|
182
182
|
name: vcr
|
183
183
|
requirement: !ruby/object:Gem::Requirement
|
184
184
|
requirements:
|
185
|
-
- -
|
185
|
+
- - "~>"
|
186
186
|
- !ruby/object:Gem::Version
|
187
|
-
version: 6.1
|
187
|
+
version: '6.1'
|
188
188
|
type: :development
|
189
189
|
prerelease: false
|
190
190
|
version_requirements: !ruby/object:Gem::Requirement
|
191
191
|
requirements:
|
192
|
-
- -
|
192
|
+
- - "~>"
|
193
193
|
- !ruby/object:Gem::Version
|
194
|
-
version: 6.1
|
194
|
+
version: '6.1'
|
195
195
|
- !ruby/object:Gem::Dependency
|
196
196
|
name: webmock
|
197
197
|
requirement: !ruby/object:Gem::Requirement
|
198
198
|
requirements:
|
199
199
|
- - "~>"
|
200
200
|
- !ruby/object:Gem::Version
|
201
|
-
version: '3.
|
201
|
+
version: '3.18'
|
202
202
|
type: :development
|
203
203
|
prerelease: false
|
204
204
|
version_requirements: !ruby/object:Gem::Requirement
|
205
205
|
requirements:
|
206
206
|
- - "~>"
|
207
207
|
- !ruby/object:Gem::Version
|
208
|
-
version: '3.
|
209
|
-
description:
|
210
|
-
|
211
|
-
|
208
|
+
version: '3.18'
|
209
|
+
description: Dependabot-Python provides support for bumping Python packages via Dependabot.
|
210
|
+
If you want support for multiple package managers, you probably want the meta-gem
|
211
|
+
dependabot-omnibus.
|
212
|
+
email: opensource@github.com
|
212
213
|
executables: []
|
213
214
|
extensions: []
|
214
215
|
extra_rdoc_files: []
|
215
216
|
files:
|
216
217
|
- helpers/build
|
218
|
+
- helpers/build_for_version
|
217
219
|
- helpers/lib/__init__.py
|
218
220
|
- helpers/lib/hasher.py
|
219
221
|
- helpers/lib/parser.py
|
@@ -237,7 +239,7 @@ files:
|
|
237
239
|
- lib/dependabot/python/file_updater/requirement_file_updater.rb
|
238
240
|
- lib/dependabot/python/file_updater/requirement_replacer.rb
|
239
241
|
- lib/dependabot/python/file_updater/setup_file_sanitizer.rb
|
240
|
-
- lib/dependabot/python/
|
242
|
+
- lib/dependabot/python/language_version_manager.rb
|
241
243
|
- lib/dependabot/python/metadata_finder.rb
|
242
244
|
- lib/dependabot/python/name_normaliser.rb
|
243
245
|
- lib/dependabot/python/native_helpers.rb
|
@@ -256,7 +258,9 @@ files:
|
|
256
258
|
homepage: https://github.com/dependabot/dependabot-core
|
257
259
|
licenses:
|
258
260
|
- Nonstandard
|
259
|
-
metadata:
|
261
|
+
metadata:
|
262
|
+
issue_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
263
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/blob/main/CHANGELOG.md
|
260
264
|
post_install_message:
|
261
265
|
rdoc_options: []
|
262
266
|
require_paths:
|
@@ -272,8 +276,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
272
276
|
- !ruby/object:Gem::Version
|
273
277
|
version: 3.1.0
|
274
278
|
requirements: []
|
275
|
-
rubygems_version: 3.3.
|
279
|
+
rubygems_version: 3.3.26
|
276
280
|
signing_key:
|
277
281
|
specification_version: 4
|
278
|
-
summary:
|
282
|
+
summary: Provides Dependabot support for Python
|
279
283
|
test_files: []
|
@@ -1,37 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "dependabot/logger"
|
4
|
-
require "dependabot/python/version"
|
5
|
-
|
6
|
-
module Dependabot
|
7
|
-
module Python
|
8
|
-
module Helpers
|
9
|
-
def self.install_required_python(python_version)
|
10
|
-
# The leading space is important in the version check
|
11
|
-
return if SharedHelpers.run_shell_command("pyenv versions").include?(" #{python_major_minor(python_version)}.")
|
12
|
-
|
13
|
-
if File.exist?("/usr/local/.pyenv/#{python_major_minor(python_version)}.tar.gz")
|
14
|
-
SharedHelpers.run_shell_command(
|
15
|
-
"tar xzf /usr/local/.pyenv/#{python_major_minor(python_version)}.tar.gz -C /usr/local/.pyenv/"
|
16
|
-
)
|
17
|
-
return if SharedHelpers.run_shell_command("pyenv versions").
|
18
|
-
include?(" #{python_major_minor(python_version)}.")
|
19
|
-
end
|
20
|
-
|
21
|
-
Dependabot.logger.info("Installing required Python #{python_version}.")
|
22
|
-
start = Time.now
|
23
|
-
SharedHelpers.run_shell_command("pyenv install -s #{python_version}")
|
24
|
-
SharedHelpers.run_shell_command("pyenv exec pip install --upgrade pip")
|
25
|
-
SharedHelpers.run_shell_command("pyenv exec pip install -r" \
|
26
|
-
"#{NativeHelpers.python_requirements_path}")
|
27
|
-
time_taken = Time.now - start
|
28
|
-
Dependabot.logger.info("Installing Python #{python_version} took #{time_taken}s.")
|
29
|
-
end
|
30
|
-
|
31
|
-
def self.python_major_minor(python_version)
|
32
|
-
python = Python::Version.new(python_version)
|
33
|
-
"#{python.segments[0]}.#{python.segments[1]}"
|
34
|
-
end
|
35
|
-
end
|
36
|
-
end
|
37
|
-
end
|