dependabot-python 0.223.0 → 0.224.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/helpers/build +1 -5
- data/lib/dependabot/python/file_fetcher.rb +22 -0
- metadata +5 -6
- data/helpers/build_for_version +0 -21
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4645b3b0e0215f8bb7712be3fe9cf9a46529e0ee40618dc49f272aeba112f97b
|
|
4
|
+
data.tar.gz: f9f612a49326fcd6bd14f7a441a6924556cc6ddaf90afecbe68692a5dbd523b0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ecb9be8cb63103314e8939582d89f91db9078f02e5bef1726b693ffc4134239ea26f80ee29ce0279a3b807a1ec7ed020bd7c03a6059412bb317de78a01f807b3
|
|
7
|
+
data.tar.gz: bae6574736ef53b38b64eac06945174e4c4926960e561d41f91ce86697bb8f35970653ed1798125e6e229c684cb4206eb1650f26ca29933d411fee7c232fe2f7
|
data/helpers/build
CHANGED
|
@@ -18,8 +18,4 @@ cp -r \
|
|
|
18
18
|
"$install_dir"
|
|
19
19
|
|
|
20
20
|
cd "$install_dir"
|
|
21
|
-
PYENV_VERSION
|
|
22
|
-
PYENV_VERSION=3.10.12 pyenv exec pip --disable-pip-version-check install --use-pep517 -r "requirements.txt"
|
|
23
|
-
PYENV_VERSION=3.9.17 pyenv exec pip --disable-pip-version-check install --use-pep517 -r "requirements.txt"
|
|
24
|
-
PYENV_VERSION=3.8.17 pyenv exec pip --disable-pip-version-check install --use-pep517 -r "requirements.txt"
|
|
25
|
-
PYENV_VERSION=3.7.17 pyenv exec pip --disable-pip-version-check install --use-pep517 -r "requirements.txt"
|
|
21
|
+
PYENV_VERSION=$1 pyenv exec pip --disable-pip-version-check install --use-pep517 -r "requirements.txt"
|
|
@@ -37,6 +37,28 @@ module Dependabot
|
|
|
37
37
|
"or a Pipfile."
|
|
38
38
|
end
|
|
39
39
|
|
|
40
|
+
def ecosystem_versions
|
|
41
|
+
# Hmm... it's weird that this calls file parser methods, but here we are in the file fetcher... for all
|
|
42
|
+
# ecosystems our goal is to extract the user specified versions, so we'll need to do file parsing... so should
|
|
43
|
+
# we move this `ecosystem_versions` metrics method to run in the file parser for all ecosystems? Downside is if
|
|
44
|
+
# file parsing blows up, this metric isn't emitted, but reality is we have to parse anyway... as we want to know
|
|
45
|
+
# the user-specified range of versions, not the version Dependabot chose to run.
|
|
46
|
+
python_requirement_parser = FileParser::PythonRequirementParser.new(dependency_files: files)
|
|
47
|
+
language_version_manager = LanguageVersionManager.new(python_requirement_parser: python_requirement_parser)
|
|
48
|
+
{
|
|
49
|
+
languages: {
|
|
50
|
+
python: {
|
|
51
|
+
# TODO: alternatively this could use `python_requirement_parser.user_specified_requirements` which
|
|
52
|
+
# returns an array... which we could flip to return a hash of manifest name => version
|
|
53
|
+
# string and then check for min/max versions... today it simply defaults to
|
|
54
|
+
# array.first which seems rather arbitrary.
|
|
55
|
+
"raw" => language_version_manager.user_specified_python_version || "unknown",
|
|
56
|
+
"max" => language_version_manager.python_major_minor || "unknown"
|
|
57
|
+
}
|
|
58
|
+
}
|
|
59
|
+
}
|
|
60
|
+
end
|
|
61
|
+
|
|
40
62
|
private
|
|
41
63
|
|
|
42
64
|
def fetch_files
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-python
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.224.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-07-
|
|
11
|
+
date: 2023-07-27 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.224.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.224.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -187,7 +187,6 @@ extensions: []
|
|
|
187
187
|
extra_rdoc_files: []
|
|
188
188
|
files:
|
|
189
189
|
- helpers/build
|
|
190
|
-
- helpers/build_for_version
|
|
191
190
|
- helpers/lib/__init__.py
|
|
192
191
|
- helpers/lib/hasher.py
|
|
193
192
|
- helpers/lib/parser.py
|
|
@@ -232,7 +231,7 @@ licenses:
|
|
|
232
231
|
- Nonstandard
|
|
233
232
|
metadata:
|
|
234
233
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
235
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
234
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.224.0
|
|
236
235
|
post_install_message:
|
|
237
236
|
rdoc_options: []
|
|
238
237
|
require_paths:
|
data/helpers/build_for_version
DELETED
|
@@ -1,21 +0,0 @@
|
|
|
1
|
-
#!/bin/bash
|
|
2
|
-
|
|
3
|
-
set -e
|
|
4
|
-
|
|
5
|
-
if [ -z "$DEPENDABOT_NATIVE_HELPERS_PATH" ]; then
|
|
6
|
-
echo "Unable to build, DEPENDABOT_NATIVE_HELPERS_PATH is not set"
|
|
7
|
-
exit 1
|
|
8
|
-
fi
|
|
9
|
-
|
|
10
|
-
install_dir="$DEPENDABOT_NATIVE_HELPERS_PATH/python"
|
|
11
|
-
mkdir -p "$install_dir"
|
|
12
|
-
|
|
13
|
-
helpers_dir="$(dirname "${BASH_SOURCE[0]}")"
|
|
14
|
-
cp -r \
|
|
15
|
-
"$helpers_dir/lib" \
|
|
16
|
-
"$helpers_dir/run.py" \
|
|
17
|
-
"$helpers_dir/requirements.txt" \
|
|
18
|
-
"$install_dir"
|
|
19
|
-
|
|
20
|
-
cd "$install_dir"
|
|
21
|
-
PYENV_VERSION=$1 pyenv exec pip --disable-pip-version-check install --use-pep517 -r "requirements.txt"
|