dependabot-python 0.222.0 → 0.224.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/build +1 -5
- data/lib/dependabot/python/file_fetcher.rb +22 -0
- metadata +5 -6
- data/helpers/build_for_version +0 -21
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4645b3b0e0215f8bb7712be3fe9cf9a46529e0ee40618dc49f272aeba112f97b
|
|
4
|
+
data.tar.gz: f9f612a49326fcd6bd14f7a441a6924556cc6ddaf90afecbe68692a5dbd523b0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ecb9be8cb63103314e8939582d89f91db9078f02e5bef1726b693ffc4134239ea26f80ee29ce0279a3b807a1ec7ed020bd7c03a6059412bb317de78a01f807b3
|
|
7
|
+
data.tar.gz: bae6574736ef53b38b64eac06945174e4c4926960e561d41f91ce86697bb8f35970653ed1798125e6e229c684cb4206eb1650f26ca29933d411fee7c232fe2f7
|
data/helpers/build
CHANGED
|
@@ -18,8 +18,4 @@ cp -r \
|
|
|
18
18
|
"$install_dir"
|
|
19
19
|
|
|
20
20
|
cd "$install_dir"
|
|
21
|
-
PYENV_VERSION
|
|
22
|
-
PYENV_VERSION=3.10.12 pyenv exec pip --disable-pip-version-check install --use-pep517 -r "requirements.txt"
|
|
23
|
-
PYENV_VERSION=3.9.17 pyenv exec pip --disable-pip-version-check install --use-pep517 -r "requirements.txt"
|
|
24
|
-
PYENV_VERSION=3.8.17 pyenv exec pip --disable-pip-version-check install --use-pep517 -r "requirements.txt"
|
|
25
|
-
PYENV_VERSION=3.7.17 pyenv exec pip --disable-pip-version-check install --use-pep517 -r "requirements.txt"
|
|
21
|
+
PYENV_VERSION=$1 pyenv exec pip --disable-pip-version-check install --use-pep517 -r "requirements.txt"
|
|
@@ -37,6 +37,28 @@ module Dependabot
|
|
|
37
37
|
"or a Pipfile."
|
|
38
38
|
end
|
|
39
39
|
|
|
40
|
+
def ecosystem_versions
|
|
41
|
+
# Hmm... it's weird that this calls file parser methods, but here we are in the file fetcher... for all
|
|
42
|
+
# ecosystems our goal is to extract the user specified versions, so we'll need to do file parsing... so should
|
|
43
|
+
# we move this `ecosystem_versions` metrics method to run in the file parser for all ecosystems? Downside is if
|
|
44
|
+
# file parsing blows up, this metric isn't emitted, but reality is we have to parse anyway... as we want to know
|
|
45
|
+
# the user-specified range of versions, not the version Dependabot chose to run.
|
|
46
|
+
python_requirement_parser = FileParser::PythonRequirementParser.new(dependency_files: files)
|
|
47
|
+
language_version_manager = LanguageVersionManager.new(python_requirement_parser: python_requirement_parser)
|
|
48
|
+
{
|
|
49
|
+
languages: {
|
|
50
|
+
python: {
|
|
51
|
+
# TODO: alternatively this could use `python_requirement_parser.user_specified_requirements` which
|
|
52
|
+
# returns an array... which we could flip to return a hash of manifest name => version
|
|
53
|
+
# string and then check for min/max versions... today it simply defaults to
|
|
54
|
+
# array.first which seems rather arbitrary.
|
|
55
|
+
"raw" => language_version_manager.user_specified_python_version || "unknown",
|
|
56
|
+
"max" => language_version_manager.python_major_minor || "unknown"
|
|
57
|
+
}
|
|
58
|
+
}
|
|
59
|
+
}
|
|
60
|
+
end
|
|
61
|
+
|
|
40
62
|
private
|
|
41
63
|
|
|
42
64
|
def fetch_files
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-python
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.224.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-07-
|
|
11
|
+
date: 2023-07-27 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.224.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.224.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -187,7 +187,6 @@ extensions: []
|
|
|
187
187
|
extra_rdoc_files: []
|
|
188
188
|
files:
|
|
189
189
|
- helpers/build
|
|
190
|
-
- helpers/build_for_version
|
|
191
190
|
- helpers/lib/__init__.py
|
|
192
191
|
- helpers/lib/hasher.py
|
|
193
192
|
- helpers/lib/parser.py
|
|
@@ -232,7 +231,7 @@ licenses:
|
|
|
232
231
|
- Nonstandard
|
|
233
232
|
metadata:
|
|
234
233
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
235
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
234
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.224.0
|
|
236
235
|
post_install_message:
|
|
237
236
|
rdoc_options: []
|
|
238
237
|
require_paths:
|
data/helpers/build_for_version
DELETED
|
@@ -1,21 +0,0 @@
|
|
|
1
|
-
#!/bin/bash
|
|
2
|
-
|
|
3
|
-
set -e
|
|
4
|
-
|
|
5
|
-
if [ -z "$DEPENDABOT_NATIVE_HELPERS_PATH" ]; then
|
|
6
|
-
echo "Unable to build, DEPENDABOT_NATIVE_HELPERS_PATH is not set"
|
|
7
|
-
exit 1
|
|
8
|
-
fi
|
|
9
|
-
|
|
10
|
-
install_dir="$DEPENDABOT_NATIVE_HELPERS_PATH/python"
|
|
11
|
-
mkdir -p "$install_dir"
|
|
12
|
-
|
|
13
|
-
helpers_dir="$(dirname "${BASH_SOURCE[0]}")"
|
|
14
|
-
cp -r \
|
|
15
|
-
"$helpers_dir/lib" \
|
|
16
|
-
"$helpers_dir/run.py" \
|
|
17
|
-
"$helpers_dir/requirements.txt" \
|
|
18
|
-
"$install_dir"
|
|
19
|
-
|
|
20
|
-
cd "$install_dir"
|
|
21
|
-
PYENV_VERSION=$1 pyenv exec pip --disable-pip-version-check install --use-pep517 -r "requirements.txt"
|