dependabot-python 0.215.0 → 0.216.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/helpers/build +5 -5
- data/helpers/build_for_version +21 -0
- data/helpers/requirements.txt +4 -5
- data/lib/dependabot/python/file_parser/pyproject_files_parser.rb +25 -15
- data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb +16 -43
- data/lib/dependabot/python/file_updater/pipfile_file_updater.rb +19 -59
- data/lib/dependabot/python/file_updater/pipfile_preparer.rb +17 -1
- data/lib/dependabot/python/file_updater/poetry_file_updater.rb +39 -34
- data/lib/dependabot/python/language_version_manager.rb +115 -0
- data/lib/dependabot/python/python_versions.rb +6 -6
- data/lib/dependabot/python/requirement_parser.rb +1 -1
- data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb +16 -44
- data/lib/dependabot/python/update_checker/pip_version_resolver.rb +14 -40
- data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb +23 -58
- data/lib/dependabot/python/update_checker/poetry_version_resolver.rb +46 -44
- data/lib/dependabot/python/update_checker/requirements_updater.rb +25 -6
- data/lib/dependabot/python/update_checker.rb +21 -48
- data/lib/dependabot/python/version.rb +2 -2
- metadata +37 -33
- data/lib/dependabot/python/helpers.rb +0 -37
|
@@ -34,43 +34,25 @@ module Dependabot
|
|
|
34
34
|
|
|
35
35
|
def latest_resolvable_version
|
|
36
36
|
@latest_resolvable_version ||=
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
37
|
+
if resolver_type == :requirements
|
|
38
|
+
resolver.latest_resolvable_version
|
|
39
|
+
elsif resolver_type == :pip_compile && resolver.resolvable?(version: latest_version)
|
|
40
|
+
latest_version
|
|
41
|
+
else
|
|
42
|
+
resolver.latest_resolvable_version(
|
|
40
43
|
requirement: unlocked_requirement_string
|
|
41
44
|
)
|
|
42
|
-
when :poetry
|
|
43
|
-
poetry_version_resolver.latest_resolvable_version(
|
|
44
|
-
requirement: unlocked_requirement_string
|
|
45
|
-
)
|
|
46
|
-
when :pip_compile
|
|
47
|
-
pip_compile_version_resolver.latest_resolvable_version(
|
|
48
|
-
requirement: unlocked_requirement_string
|
|
49
|
-
)
|
|
50
|
-
when :requirements
|
|
51
|
-
pip_version_resolver.latest_resolvable_version
|
|
52
|
-
else raise "Unexpected resolver type #{resolver_type}"
|
|
53
45
|
end
|
|
54
46
|
end
|
|
55
47
|
|
|
56
48
|
def latest_resolvable_version_with_no_unlock
|
|
57
49
|
@latest_resolvable_version_with_no_unlock ||=
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
)
|
|
63
|
-
when :poetry
|
|
64
|
-
poetry_version_resolver.latest_resolvable_version(
|
|
65
|
-
requirement: current_requirement_string
|
|
66
|
-
)
|
|
67
|
-
when :pip_compile
|
|
68
|
-
pip_compile_version_resolver.latest_resolvable_version(
|
|
50
|
+
if resolver_type == :requirements
|
|
51
|
+
resolver.latest_resolvable_version_with_no_unlock
|
|
52
|
+
else
|
|
53
|
+
resolver.latest_resolvable_version(
|
|
69
54
|
requirement: current_requirement_string
|
|
70
55
|
)
|
|
71
|
-
when :requirements
|
|
72
|
-
pip_version_resolver.latest_resolvable_version_with_no_unlock
|
|
73
|
-
else raise "Unexpected resolver type #{resolver_type}"
|
|
74
56
|
end
|
|
75
57
|
end
|
|
76
58
|
|
|
@@ -115,34 +97,25 @@ module Dependabot
|
|
|
115
97
|
raise NotImplementedError
|
|
116
98
|
end
|
|
117
99
|
|
|
118
|
-
def preferred_version_resolvable_with_unlock?
|
|
119
|
-
# Our requirements file updater doesn't currently support widening
|
|
120
|
-
# ranges, so avoid updating this dependency if widening ranges has been
|
|
121
|
-
# required and the dependency is present on a requirements file.
|
|
122
|
-
# Otherwise, we will crash later on. TODO: Consider what the correct
|
|
123
|
-
# behavior is in these cases.
|
|
124
|
-
return false if requirements_update_strategy == :widen_ranges && updating_requirements_file?
|
|
125
|
-
|
|
126
|
-
super
|
|
127
|
-
end
|
|
128
|
-
|
|
129
100
|
def fetch_lowest_resolvable_security_fix_version
|
|
130
101
|
fix_version = lowest_security_fix_version
|
|
131
102
|
return latest_resolvable_version if fix_version.nil?
|
|
132
103
|
|
|
133
|
-
return
|
|
134
|
-
|
|
135
|
-
resolver =
|
|
136
|
-
case resolver_type
|
|
137
|
-
when :pip_compile then pip_compile_version_resolver
|
|
138
|
-
when :pipenv then pipenv_version_resolver
|
|
139
|
-
when :poetry then poetry_version_resolver
|
|
140
|
-
else raise "Unexpected resolver type #{resolver_type}"
|
|
141
|
-
end
|
|
104
|
+
return resolver.lowest_resolvable_security_fix_version if resolver_type == :requirements
|
|
142
105
|
|
|
143
106
|
resolver.resolvable?(version: fix_version) ? fix_version : nil
|
|
144
107
|
end
|
|
145
108
|
|
|
109
|
+
def resolver
|
|
110
|
+
case resolver_type
|
|
111
|
+
when :pip_compile then pip_compile_version_resolver
|
|
112
|
+
when :pipenv then pipenv_version_resolver
|
|
113
|
+
when :poetry then poetry_version_resolver
|
|
114
|
+
when :requirements then pip_version_resolver
|
|
115
|
+
else raise "Unexpected resolver type #{resolver_type}"
|
|
116
|
+
end
|
|
117
|
+
end
|
|
118
|
+
|
|
146
119
|
def resolver_type
|
|
147
120
|
reqs = requirements
|
|
148
121
|
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
+
require "dependabot/version"
|
|
3
4
|
require "dependabot/utils"
|
|
4
|
-
require "rubygems_version_patch"
|
|
5
5
|
|
|
6
6
|
# Python versions can include a local version identifier, which Ruby can't
|
|
7
7
|
# parse. This class augments Gem::Version with local version identifier info.
|
|
@@ -9,7 +9,7 @@ require "rubygems_version_patch"
|
|
|
9
9
|
|
|
10
10
|
module Dependabot
|
|
11
11
|
module Python
|
|
12
|
-
class Version <
|
|
12
|
+
class Version < Dependabot::Version
|
|
13
13
|
attr_reader :epoch
|
|
14
14
|
attr_reader :local_version
|
|
15
15
|
attr_reader :post_release_version
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-python
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.216.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2023-04-12 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,28 +16,28 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.216.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.216.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
30
30
|
requirements:
|
|
31
|
-
- - "
|
|
31
|
+
- - "~>"
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: 1.
|
|
33
|
+
version: 1.7.1
|
|
34
34
|
type: :development
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
|
-
- - "
|
|
38
|
+
- - "~>"
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version: 1.
|
|
40
|
+
version: 1.7.1
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: gpgme
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -58,14 +58,14 @@ dependencies:
|
|
|
58
58
|
requirements:
|
|
59
59
|
- - "~>"
|
|
60
60
|
- !ruby/object:Gem::Version
|
|
61
|
-
version: 4.
|
|
61
|
+
version: 4.2.0
|
|
62
62
|
type: :development
|
|
63
63
|
prerelease: false
|
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
|
65
65
|
requirements:
|
|
66
66
|
- - "~>"
|
|
67
67
|
- !ruby/object:Gem::Version
|
|
68
|
-
version: 4.
|
|
68
|
+
version: 4.2.0
|
|
69
69
|
- !ruby/object:Gem::Dependency
|
|
70
70
|
name: rake
|
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -86,70 +86,70 @@ dependencies:
|
|
|
86
86
|
requirements:
|
|
87
87
|
- - "~>"
|
|
88
88
|
- !ruby/object:Gem::Version
|
|
89
|
-
version: '3.
|
|
89
|
+
version: '3.12'
|
|
90
90
|
type: :development
|
|
91
91
|
prerelease: false
|
|
92
92
|
version_requirements: !ruby/object:Gem::Requirement
|
|
93
93
|
requirements:
|
|
94
94
|
- - "~>"
|
|
95
95
|
- !ruby/object:Gem::Version
|
|
96
|
-
version: '3.
|
|
96
|
+
version: '3.12'
|
|
97
97
|
- !ruby/object:Gem::Dependency
|
|
98
98
|
name: rspec-its
|
|
99
99
|
requirement: !ruby/object:Gem::Requirement
|
|
100
100
|
requirements:
|
|
101
101
|
- - "~>"
|
|
102
102
|
- !ruby/object:Gem::Version
|
|
103
|
-
version: '1.
|
|
103
|
+
version: '1.3'
|
|
104
104
|
type: :development
|
|
105
105
|
prerelease: false
|
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
|
107
107
|
requirements:
|
|
108
108
|
- - "~>"
|
|
109
109
|
- !ruby/object:Gem::Version
|
|
110
|
-
version: '1.
|
|
110
|
+
version: '1.3'
|
|
111
111
|
- !ruby/object:Gem::Dependency
|
|
112
112
|
name: rubocop
|
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|
|
114
114
|
requirements:
|
|
115
115
|
- - "~>"
|
|
116
116
|
- !ruby/object:Gem::Version
|
|
117
|
-
version: 1.
|
|
117
|
+
version: 1.48.0
|
|
118
118
|
type: :development
|
|
119
119
|
prerelease: false
|
|
120
120
|
version_requirements: !ruby/object:Gem::Requirement
|
|
121
121
|
requirements:
|
|
122
122
|
- - "~>"
|
|
123
123
|
- !ruby/object:Gem::Version
|
|
124
|
-
version: 1.
|
|
124
|
+
version: 1.48.0
|
|
125
125
|
- !ruby/object:Gem::Dependency
|
|
126
126
|
name: rubocop-performance
|
|
127
127
|
requirement: !ruby/object:Gem::Requirement
|
|
128
128
|
requirements:
|
|
129
129
|
- - "~>"
|
|
130
130
|
- !ruby/object:Gem::Version
|
|
131
|
-
version: 1.
|
|
131
|
+
version: 1.17.1
|
|
132
132
|
type: :development
|
|
133
133
|
prerelease: false
|
|
134
134
|
version_requirements: !ruby/object:Gem::Requirement
|
|
135
135
|
requirements:
|
|
136
136
|
- - "~>"
|
|
137
137
|
- !ruby/object:Gem::Version
|
|
138
|
-
version: 1.
|
|
138
|
+
version: 1.17.1
|
|
139
139
|
- !ruby/object:Gem::Dependency
|
|
140
140
|
name: simplecov
|
|
141
141
|
requirement: !ruby/object:Gem::Requirement
|
|
142
142
|
requirements:
|
|
143
143
|
- - "~>"
|
|
144
144
|
- !ruby/object:Gem::Version
|
|
145
|
-
version: 0.
|
|
145
|
+
version: 0.22.0
|
|
146
146
|
type: :development
|
|
147
147
|
prerelease: false
|
|
148
148
|
version_requirements: !ruby/object:Gem::Requirement
|
|
149
149
|
requirements:
|
|
150
150
|
- - "~>"
|
|
151
151
|
- !ruby/object:Gem::Version
|
|
152
|
-
version: 0.
|
|
152
|
+
version: 0.22.0
|
|
153
153
|
- !ruby/object:Gem::Dependency
|
|
154
154
|
name: simplecov-console
|
|
155
155
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -182,38 +182,40 @@ dependencies:
|
|
|
182
182
|
name: vcr
|
|
183
183
|
requirement: !ruby/object:Gem::Requirement
|
|
184
184
|
requirements:
|
|
185
|
-
- -
|
|
185
|
+
- - "~>"
|
|
186
186
|
- !ruby/object:Gem::Version
|
|
187
|
-
version: 6.1
|
|
187
|
+
version: '6.1'
|
|
188
188
|
type: :development
|
|
189
189
|
prerelease: false
|
|
190
190
|
version_requirements: !ruby/object:Gem::Requirement
|
|
191
191
|
requirements:
|
|
192
|
-
- -
|
|
192
|
+
- - "~>"
|
|
193
193
|
- !ruby/object:Gem::Version
|
|
194
|
-
version: 6.1
|
|
194
|
+
version: '6.1'
|
|
195
195
|
- !ruby/object:Gem::Dependency
|
|
196
196
|
name: webmock
|
|
197
197
|
requirement: !ruby/object:Gem::Requirement
|
|
198
198
|
requirements:
|
|
199
199
|
- - "~>"
|
|
200
200
|
- !ruby/object:Gem::Version
|
|
201
|
-
version: '3.
|
|
201
|
+
version: '3.18'
|
|
202
202
|
type: :development
|
|
203
203
|
prerelease: false
|
|
204
204
|
version_requirements: !ruby/object:Gem::Requirement
|
|
205
205
|
requirements:
|
|
206
206
|
- - "~>"
|
|
207
207
|
- !ruby/object:Gem::Version
|
|
208
|
-
version: '3.
|
|
209
|
-
description:
|
|
210
|
-
|
|
211
|
-
|
|
208
|
+
version: '3.18'
|
|
209
|
+
description: Dependabot-Python provides support for bumping Python packages via Dependabot.
|
|
210
|
+
If you want support for multiple package managers, you probably want the meta-gem
|
|
211
|
+
dependabot-omnibus.
|
|
212
|
+
email: opensource@github.com
|
|
212
213
|
executables: []
|
|
213
214
|
extensions: []
|
|
214
215
|
extra_rdoc_files: []
|
|
215
216
|
files:
|
|
216
217
|
- helpers/build
|
|
218
|
+
- helpers/build_for_version
|
|
217
219
|
- helpers/lib/__init__.py
|
|
218
220
|
- helpers/lib/hasher.py
|
|
219
221
|
- helpers/lib/parser.py
|
|
@@ -237,7 +239,7 @@ files:
|
|
|
237
239
|
- lib/dependabot/python/file_updater/requirement_file_updater.rb
|
|
238
240
|
- lib/dependabot/python/file_updater/requirement_replacer.rb
|
|
239
241
|
- lib/dependabot/python/file_updater/setup_file_sanitizer.rb
|
|
240
|
-
- lib/dependabot/python/
|
|
242
|
+
- lib/dependabot/python/language_version_manager.rb
|
|
241
243
|
- lib/dependabot/python/metadata_finder.rb
|
|
242
244
|
- lib/dependabot/python/name_normaliser.rb
|
|
243
245
|
- lib/dependabot/python/native_helpers.rb
|
|
@@ -256,7 +258,9 @@ files:
|
|
|
256
258
|
homepage: https://github.com/dependabot/dependabot-core
|
|
257
259
|
licenses:
|
|
258
260
|
- Nonstandard
|
|
259
|
-
metadata:
|
|
261
|
+
metadata:
|
|
262
|
+
issue_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
263
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/blob/main/CHANGELOG.md
|
|
260
264
|
post_install_message:
|
|
261
265
|
rdoc_options: []
|
|
262
266
|
require_paths:
|
|
@@ -272,8 +276,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
272
276
|
- !ruby/object:Gem::Version
|
|
273
277
|
version: 3.1.0
|
|
274
278
|
requirements: []
|
|
275
|
-
rubygems_version: 3.3.
|
|
279
|
+
rubygems_version: 3.3.26
|
|
276
280
|
signing_key:
|
|
277
281
|
specification_version: 4
|
|
278
|
-
summary:
|
|
282
|
+
summary: Provides Dependabot support for Python
|
|
279
283
|
test_files: []
|
|
@@ -1,37 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require "dependabot/logger"
|
|
4
|
-
require "dependabot/python/version"
|
|
5
|
-
|
|
6
|
-
module Dependabot
|
|
7
|
-
module Python
|
|
8
|
-
module Helpers
|
|
9
|
-
def self.install_required_python(python_version)
|
|
10
|
-
# The leading space is important in the version check
|
|
11
|
-
return if SharedHelpers.run_shell_command("pyenv versions").include?(" #{python_major_minor(python_version)}.")
|
|
12
|
-
|
|
13
|
-
if File.exist?("/usr/local/.pyenv/#{python_major_minor(python_version)}.tar.gz")
|
|
14
|
-
SharedHelpers.run_shell_command(
|
|
15
|
-
"tar xzf /usr/local/.pyenv/#{python_major_minor(python_version)}.tar.gz -C /usr/local/.pyenv/"
|
|
16
|
-
)
|
|
17
|
-
return if SharedHelpers.run_shell_command("pyenv versions").
|
|
18
|
-
include?(" #{python_major_minor(python_version)}.")
|
|
19
|
-
end
|
|
20
|
-
|
|
21
|
-
Dependabot.logger.info("Installing required Python #{python_version}.")
|
|
22
|
-
start = Time.now
|
|
23
|
-
SharedHelpers.run_shell_command("pyenv install -s #{python_version}")
|
|
24
|
-
SharedHelpers.run_shell_command("pyenv exec pip install --upgrade pip")
|
|
25
|
-
SharedHelpers.run_shell_command("pyenv exec pip install -r" \
|
|
26
|
-
"#{NativeHelpers.python_requirements_path}")
|
|
27
|
-
time_taken = Time.now - start
|
|
28
|
-
Dependabot.logger.info("Installing Python #{python_version} took #{time_taken}s.")
|
|
29
|
-
end
|
|
30
|
-
|
|
31
|
-
def self.python_major_minor(python_version)
|
|
32
|
-
python = Python::Version.new(python_version)
|
|
33
|
-
"#{python.segments[0]}.#{python.segments[1]}"
|
|
34
|
-
end
|
|
35
|
-
end
|
|
36
|
-
end
|
|
37
|
-
end
|