dependabot-python 0.215.0 → 0.216.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/build +5 -5
- data/helpers/build_for_version +21 -0
- data/helpers/requirements.txt +4 -5
- data/lib/dependabot/python/file_parser/pyproject_files_parser.rb +25 -15
- data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb +16 -43
- data/lib/dependabot/python/file_updater/pipfile_file_updater.rb +19 -59
- data/lib/dependabot/python/file_updater/pipfile_preparer.rb +17 -1
- data/lib/dependabot/python/file_updater/poetry_file_updater.rb +39 -34
- data/lib/dependabot/python/language_version_manager.rb +115 -0
- data/lib/dependabot/python/python_versions.rb +6 -6
- data/lib/dependabot/python/requirement_parser.rb +1 -1
- data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb +16 -44
- data/lib/dependabot/python/update_checker/pip_version_resolver.rb +14 -40
- data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb +23 -58
- data/lib/dependabot/python/update_checker/poetry_version_resolver.rb +46 -44
- data/lib/dependabot/python/update_checker/requirements_updater.rb +25 -6
- data/lib/dependabot/python/update_checker.rb +21 -48
- data/lib/dependabot/python/version.rb +2 -2
- metadata +37 -33
- data/lib/dependabot/python/helpers.rb +0 -37
|
@@ -34,43 +34,25 @@ module Dependabot
|
|
|
34
34
|
|
|
35
35
|
def latest_resolvable_version
|
|
36
36
|
@latest_resolvable_version ||=
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
37
|
+
if resolver_type == :requirements
|
|
38
|
+
resolver.latest_resolvable_version
|
|
39
|
+
elsif resolver_type == :pip_compile && resolver.resolvable?(version: latest_version)
|
|
40
|
+
latest_version
|
|
41
|
+
else
|
|
42
|
+
resolver.latest_resolvable_version(
|
|
40
43
|
requirement: unlocked_requirement_string
|
|
41
44
|
)
|
|
42
|
-
when :poetry
|
|
43
|
-
poetry_version_resolver.latest_resolvable_version(
|
|
44
|
-
requirement: unlocked_requirement_string
|
|
45
|
-
)
|
|
46
|
-
when :pip_compile
|
|
47
|
-
pip_compile_version_resolver.latest_resolvable_version(
|
|
48
|
-
requirement: unlocked_requirement_string
|
|
49
|
-
)
|
|
50
|
-
when :requirements
|
|
51
|
-
pip_version_resolver.latest_resolvable_version
|
|
52
|
-
else raise "Unexpected resolver type #{resolver_type}"
|
|
53
45
|
end
|
|
54
46
|
end
|
|
55
47
|
|
|
56
48
|
def latest_resolvable_version_with_no_unlock
|
|
57
49
|
@latest_resolvable_version_with_no_unlock ||=
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
)
|
|
63
|
-
when :poetry
|
|
64
|
-
poetry_version_resolver.latest_resolvable_version(
|
|
65
|
-
requirement: current_requirement_string
|
|
66
|
-
)
|
|
67
|
-
when :pip_compile
|
|
68
|
-
pip_compile_version_resolver.latest_resolvable_version(
|
|
50
|
+
if resolver_type == :requirements
|
|
51
|
+
resolver.latest_resolvable_version_with_no_unlock
|
|
52
|
+
else
|
|
53
|
+
resolver.latest_resolvable_version(
|
|
69
54
|
requirement: current_requirement_string
|
|
70
55
|
)
|
|
71
|
-
when :requirements
|
|
72
|
-
pip_version_resolver.latest_resolvable_version_with_no_unlock
|
|
73
|
-
else raise "Unexpected resolver type #{resolver_type}"
|
|
74
56
|
end
|
|
75
57
|
end
|
|
76
58
|
|
|
@@ -115,34 +97,25 @@ module Dependabot
|
|
|
115
97
|
raise NotImplementedError
|
|
116
98
|
end
|
|
117
99
|
|
|
118
|
-
def preferred_version_resolvable_with_unlock?
|
|
119
|
-
# Our requirements file updater doesn't currently support widening
|
|
120
|
-
# ranges, so avoid updating this dependency if widening ranges has been
|
|
121
|
-
# required and the dependency is present on a requirements file.
|
|
122
|
-
# Otherwise, we will crash later on. TODO: Consider what the correct
|
|
123
|
-
# behavior is in these cases.
|
|
124
|
-
return false if requirements_update_strategy == :widen_ranges && updating_requirements_file?
|
|
125
|
-
|
|
126
|
-
super
|
|
127
|
-
end
|
|
128
|
-
|
|
129
100
|
def fetch_lowest_resolvable_security_fix_version
|
|
130
101
|
fix_version = lowest_security_fix_version
|
|
131
102
|
return latest_resolvable_version if fix_version.nil?
|
|
132
103
|
|
|
133
|
-
return
|
|
134
|
-
|
|
135
|
-
resolver =
|
|
136
|
-
case resolver_type
|
|
137
|
-
when :pip_compile then pip_compile_version_resolver
|
|
138
|
-
when :pipenv then pipenv_version_resolver
|
|
139
|
-
when :poetry then poetry_version_resolver
|
|
140
|
-
else raise "Unexpected resolver type #{resolver_type}"
|
|
141
|
-
end
|
|
104
|
+
return resolver.lowest_resolvable_security_fix_version if resolver_type == :requirements
|
|
142
105
|
|
|
143
106
|
resolver.resolvable?(version: fix_version) ? fix_version : nil
|
|
144
107
|
end
|
|
145
108
|
|
|
109
|
+
def resolver
|
|
110
|
+
case resolver_type
|
|
111
|
+
when :pip_compile then pip_compile_version_resolver
|
|
112
|
+
when :pipenv then pipenv_version_resolver
|
|
113
|
+
when :poetry then poetry_version_resolver
|
|
114
|
+
when :requirements then pip_version_resolver
|
|
115
|
+
else raise "Unexpected resolver type #{resolver_type}"
|
|
116
|
+
end
|
|
117
|
+
end
|
|
118
|
+
|
|
146
119
|
def resolver_type
|
|
147
120
|
reqs = requirements
|
|
148
121
|
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
+
require "dependabot/version"
|
|
3
4
|
require "dependabot/utils"
|
|
4
|
-
require "rubygems_version_patch"
|
|
5
5
|
|
|
6
6
|
# Python versions can include a local version identifier, which Ruby can't
|
|
7
7
|
# parse. This class augments Gem::Version with local version identifier info.
|
|
@@ -9,7 +9,7 @@ require "rubygems_version_patch"
|
|
|
9
9
|
|
|
10
10
|
module Dependabot
|
|
11
11
|
module Python
|
|
12
|
-
class Version <
|
|
12
|
+
class Version < Dependabot::Version
|
|
13
13
|
attr_reader :epoch
|
|
14
14
|
attr_reader :local_version
|
|
15
15
|
attr_reader :post_release_version
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-python
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.216.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2023-04-12 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,28 +16,28 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.216.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.216.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
30
30
|
requirements:
|
|
31
|
-
- - "
|
|
31
|
+
- - "~>"
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: 1.
|
|
33
|
+
version: 1.7.1
|
|
34
34
|
type: :development
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
|
-
- - "
|
|
38
|
+
- - "~>"
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version: 1.
|
|
40
|
+
version: 1.7.1
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: gpgme
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -58,14 +58,14 @@ dependencies:
|
|
|
58
58
|
requirements:
|
|
59
59
|
- - "~>"
|
|
60
60
|
- !ruby/object:Gem::Version
|
|
61
|
-
version: 4.
|
|
61
|
+
version: 4.2.0
|
|
62
62
|
type: :development
|
|
63
63
|
prerelease: false
|
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
|
65
65
|
requirements:
|
|
66
66
|
- - "~>"
|
|
67
67
|
- !ruby/object:Gem::Version
|
|
68
|
-
version: 4.
|
|
68
|
+
version: 4.2.0
|
|
69
69
|
- !ruby/object:Gem::Dependency
|
|
70
70
|
name: rake
|
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -86,70 +86,70 @@ dependencies:
|
|
|
86
86
|
requirements:
|
|
87
87
|
- - "~>"
|
|
88
88
|
- !ruby/object:Gem::Version
|
|
89
|
-
version: '3.
|
|
89
|
+
version: '3.12'
|
|
90
90
|
type: :development
|
|
91
91
|
prerelease: false
|
|
92
92
|
version_requirements: !ruby/object:Gem::Requirement
|
|
93
93
|
requirements:
|
|
94
94
|
- - "~>"
|
|
95
95
|
- !ruby/object:Gem::Version
|
|
96
|
-
version: '3.
|
|
96
|
+
version: '3.12'
|
|
97
97
|
- !ruby/object:Gem::Dependency
|
|
98
98
|
name: rspec-its
|
|
99
99
|
requirement: !ruby/object:Gem::Requirement
|
|
100
100
|
requirements:
|
|
101
101
|
- - "~>"
|
|
102
102
|
- !ruby/object:Gem::Version
|
|
103
|
-
version: '1.
|
|
103
|
+
version: '1.3'
|
|
104
104
|
type: :development
|
|
105
105
|
prerelease: false
|
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
|
107
107
|
requirements:
|
|
108
108
|
- - "~>"
|
|
109
109
|
- !ruby/object:Gem::Version
|
|
110
|
-
version: '1.
|
|
110
|
+
version: '1.3'
|
|
111
111
|
- !ruby/object:Gem::Dependency
|
|
112
112
|
name: rubocop
|
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|
|
114
114
|
requirements:
|
|
115
115
|
- - "~>"
|
|
116
116
|
- !ruby/object:Gem::Version
|
|
117
|
-
version: 1.
|
|
117
|
+
version: 1.48.0
|
|
118
118
|
type: :development
|
|
119
119
|
prerelease: false
|
|
120
120
|
version_requirements: !ruby/object:Gem::Requirement
|
|
121
121
|
requirements:
|
|
122
122
|
- - "~>"
|
|
123
123
|
- !ruby/object:Gem::Version
|
|
124
|
-
version: 1.
|
|
124
|
+
version: 1.48.0
|
|
125
125
|
- !ruby/object:Gem::Dependency
|
|
126
126
|
name: rubocop-performance
|
|
127
127
|
requirement: !ruby/object:Gem::Requirement
|
|
128
128
|
requirements:
|
|
129
129
|
- - "~>"
|
|
130
130
|
- !ruby/object:Gem::Version
|
|
131
|
-
version: 1.
|
|
131
|
+
version: 1.17.1
|
|
132
132
|
type: :development
|
|
133
133
|
prerelease: false
|
|
134
134
|
version_requirements: !ruby/object:Gem::Requirement
|
|
135
135
|
requirements:
|
|
136
136
|
- - "~>"
|
|
137
137
|
- !ruby/object:Gem::Version
|
|
138
|
-
version: 1.
|
|
138
|
+
version: 1.17.1
|
|
139
139
|
- !ruby/object:Gem::Dependency
|
|
140
140
|
name: simplecov
|
|
141
141
|
requirement: !ruby/object:Gem::Requirement
|
|
142
142
|
requirements:
|
|
143
143
|
- - "~>"
|
|
144
144
|
- !ruby/object:Gem::Version
|
|
145
|
-
version: 0.
|
|
145
|
+
version: 0.22.0
|
|
146
146
|
type: :development
|
|
147
147
|
prerelease: false
|
|
148
148
|
version_requirements: !ruby/object:Gem::Requirement
|
|
149
149
|
requirements:
|
|
150
150
|
- - "~>"
|
|
151
151
|
- !ruby/object:Gem::Version
|
|
152
|
-
version: 0.
|
|
152
|
+
version: 0.22.0
|
|
153
153
|
- !ruby/object:Gem::Dependency
|
|
154
154
|
name: simplecov-console
|
|
155
155
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -182,38 +182,40 @@ dependencies:
|
|
|
182
182
|
name: vcr
|
|
183
183
|
requirement: !ruby/object:Gem::Requirement
|
|
184
184
|
requirements:
|
|
185
|
-
- -
|
|
185
|
+
- - "~>"
|
|
186
186
|
- !ruby/object:Gem::Version
|
|
187
|
-
version: 6.1
|
|
187
|
+
version: '6.1'
|
|
188
188
|
type: :development
|
|
189
189
|
prerelease: false
|
|
190
190
|
version_requirements: !ruby/object:Gem::Requirement
|
|
191
191
|
requirements:
|
|
192
|
-
- -
|
|
192
|
+
- - "~>"
|
|
193
193
|
- !ruby/object:Gem::Version
|
|
194
|
-
version: 6.1
|
|
194
|
+
version: '6.1'
|
|
195
195
|
- !ruby/object:Gem::Dependency
|
|
196
196
|
name: webmock
|
|
197
197
|
requirement: !ruby/object:Gem::Requirement
|
|
198
198
|
requirements:
|
|
199
199
|
- - "~>"
|
|
200
200
|
- !ruby/object:Gem::Version
|
|
201
|
-
version: '3.
|
|
201
|
+
version: '3.18'
|
|
202
202
|
type: :development
|
|
203
203
|
prerelease: false
|
|
204
204
|
version_requirements: !ruby/object:Gem::Requirement
|
|
205
205
|
requirements:
|
|
206
206
|
- - "~>"
|
|
207
207
|
- !ruby/object:Gem::Version
|
|
208
|
-
version: '3.
|
|
209
|
-
description:
|
|
210
|
-
|
|
211
|
-
|
|
208
|
+
version: '3.18'
|
|
209
|
+
description: Dependabot-Python provides support for bumping Python packages via Dependabot.
|
|
210
|
+
If you want support for multiple package managers, you probably want the meta-gem
|
|
211
|
+
dependabot-omnibus.
|
|
212
|
+
email: opensource@github.com
|
|
212
213
|
executables: []
|
|
213
214
|
extensions: []
|
|
214
215
|
extra_rdoc_files: []
|
|
215
216
|
files:
|
|
216
217
|
- helpers/build
|
|
218
|
+
- helpers/build_for_version
|
|
217
219
|
- helpers/lib/__init__.py
|
|
218
220
|
- helpers/lib/hasher.py
|
|
219
221
|
- helpers/lib/parser.py
|
|
@@ -237,7 +239,7 @@ files:
|
|
|
237
239
|
- lib/dependabot/python/file_updater/requirement_file_updater.rb
|
|
238
240
|
- lib/dependabot/python/file_updater/requirement_replacer.rb
|
|
239
241
|
- lib/dependabot/python/file_updater/setup_file_sanitizer.rb
|
|
240
|
-
- lib/dependabot/python/
|
|
242
|
+
- lib/dependabot/python/language_version_manager.rb
|
|
241
243
|
- lib/dependabot/python/metadata_finder.rb
|
|
242
244
|
- lib/dependabot/python/name_normaliser.rb
|
|
243
245
|
- lib/dependabot/python/native_helpers.rb
|
|
@@ -256,7 +258,9 @@ files:
|
|
|
256
258
|
homepage: https://github.com/dependabot/dependabot-core
|
|
257
259
|
licenses:
|
|
258
260
|
- Nonstandard
|
|
259
|
-
metadata:
|
|
261
|
+
metadata:
|
|
262
|
+
issue_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
263
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/blob/main/CHANGELOG.md
|
|
260
264
|
post_install_message:
|
|
261
265
|
rdoc_options: []
|
|
262
266
|
require_paths:
|
|
@@ -272,8 +276,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
272
276
|
- !ruby/object:Gem::Version
|
|
273
277
|
version: 3.1.0
|
|
274
278
|
requirements: []
|
|
275
|
-
rubygems_version: 3.3.
|
|
279
|
+
rubygems_version: 3.3.26
|
|
276
280
|
signing_key:
|
|
277
281
|
specification_version: 4
|
|
278
|
-
summary:
|
|
282
|
+
summary: Provides Dependabot support for Python
|
|
279
283
|
test_files: []
|
|
@@ -1,37 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require "dependabot/logger"
|
|
4
|
-
require "dependabot/python/version"
|
|
5
|
-
|
|
6
|
-
module Dependabot
|
|
7
|
-
module Python
|
|
8
|
-
module Helpers
|
|
9
|
-
def self.install_required_python(python_version)
|
|
10
|
-
# The leading space is important in the version check
|
|
11
|
-
return if SharedHelpers.run_shell_command("pyenv versions").include?(" #{python_major_minor(python_version)}.")
|
|
12
|
-
|
|
13
|
-
if File.exist?("/usr/local/.pyenv/#{python_major_minor(python_version)}.tar.gz")
|
|
14
|
-
SharedHelpers.run_shell_command(
|
|
15
|
-
"tar xzf /usr/local/.pyenv/#{python_major_minor(python_version)}.tar.gz -C /usr/local/.pyenv/"
|
|
16
|
-
)
|
|
17
|
-
return if SharedHelpers.run_shell_command("pyenv versions").
|
|
18
|
-
include?(" #{python_major_minor(python_version)}.")
|
|
19
|
-
end
|
|
20
|
-
|
|
21
|
-
Dependabot.logger.info("Installing required Python #{python_version}.")
|
|
22
|
-
start = Time.now
|
|
23
|
-
SharedHelpers.run_shell_command("pyenv install -s #{python_version}")
|
|
24
|
-
SharedHelpers.run_shell_command("pyenv exec pip install --upgrade pip")
|
|
25
|
-
SharedHelpers.run_shell_command("pyenv exec pip install -r" \
|
|
26
|
-
"#{NativeHelpers.python_requirements_path}")
|
|
27
|
-
time_taken = Time.now - start
|
|
28
|
-
Dependabot.logger.info("Installing Python #{python_version} took #{time_taken}s.")
|
|
29
|
-
end
|
|
30
|
-
|
|
31
|
-
def self.python_major_minor(python_version)
|
|
32
|
-
python = Python::Version.new(python_version)
|
|
33
|
-
"#{python.segments[0]}.#{python.segments[1]}"
|
|
34
|
-
end
|
|
35
|
-
end
|
|
36
|
-
end
|
|
37
|
-
end
|