dependabot-python 0.224.0 → 0.226.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4645b3b0e0215f8bb7712be3fe9cf9a46529e0ee40618dc49f272aeba112f97b
4
- data.tar.gz: f9f612a49326fcd6bd14f7a441a6924556cc6ddaf90afecbe68692a5dbd523b0
3
+ metadata.gz: 62fa8493503751dac8cc47e22819a502a292e5de2523c22a5dbd9edcb44e8051
4
+ data.tar.gz: 37ea1a41eb2064d2eb28149f86bc6e0c6aee4e9f6b40c64e044fa8b0d69ac8af
5
5
  SHA512:
6
- metadata.gz: ecb9be8cb63103314e8939582d89f91db9078f02e5bef1726b693ffc4134239ea26f80ee29ce0279a3b807a1ec7ed020bd7c03a6059412bb317de78a01f807b3
7
- data.tar.gz: bae6574736ef53b38b64eac06945174e4c4926960e561d41f91ce86697bb8f35970653ed1798125e6e229c684cb4206eb1650f26ca29933d411fee7c232fe2f7
6
+ metadata.gz: '08074756f750b4cae957e60277544eac7c23ec2f958a78d44d8c258921fbba181d783c1a1cf0ca11813969ad1cf0446493367893a797493ab9febae8668ddf75'
7
+ data.tar.gz: 5416cb34a8d3a2aeaf66da9a8bbe90e44d00ff950ed1444c1558131af7863ba7fc1b7b8944c153647686a129539d01b62d9cc2e6b9796927c43f9e0011909a76
@@ -1,10 +1,9 @@
1
1
  pip>=21.3.1,<23.2.0 # Range maintains py36 support TODO: Review python 3.6 support in April 2023 (eol ubuntu 18.04)
2
- pip-tools>=6.4.0,<=6.13.0 # Range maintains py36 support TODO: Review python 3.6 support in April 2023 (eol ubuntu 18.04)
2
+ pip-tools>=6.4.0,<=6.14.0 # Range maintains py36 support TODO: Review python 3.6 support in April 2023 (eol ubuntu 18.04)
3
3
  hashin==0.17.0
4
4
  pipenv==2022.4.8
5
5
  pipfile==0.0.2
6
6
  poetry>=1.1.15,<1.6.0
7
- wheel==0.37.1
8
7
 
9
8
  # Some dependencies will only install if Cython is present
10
- Cython==0.29.34
9
+ Cython==3.0.0
@@ -116,21 +116,27 @@ module Dependabot
116
116
  end
117
117
 
118
118
  def setup_file
119
- @setup_file ||= fetch_file_if_present("setup.py")
119
+ return @setup_file if defined?(@setup_file)
120
+
121
+ @setup_file = fetch_file_if_present("setup.py")
120
122
  end
121
123
 
122
124
  def setup_cfg_file
123
- @setup_cfg_file ||= fetch_file_if_present("setup.cfg")
125
+ return @setup_cfg_file if defined?(@setup_cfg_file)
126
+
127
+ @setup_cfg_file = fetch_file_if_present("setup.cfg")
124
128
  end
125
129
 
126
130
  def pip_conf
127
- @pip_conf ||= fetch_file_if_present("pip.conf")&.
128
- tap { |f| f.support_file = true }
131
+ return @pip_conf if defined?(@pip_conf)
132
+
133
+ @pip_conf = fetch_support_file("pip.conf")
129
134
  end
130
135
 
131
136
  def python_version_file
132
- @python_version_file ||= fetch_file_if_present(".python-version")&.
133
- tap { |f| f.support_file = true }
137
+ return @python_version_file if defined?(@python_version_file)
138
+
139
+ @python_version_file = fetch_support_file(".python-version")
134
140
 
135
141
  return @python_version_file if @python_version_file
136
142
  return if [".", "/"].include?(directory)
@@ -138,33 +144,44 @@ module Dependabot
138
144
  # Check the top-level for a .python-version file, too
139
145
  reverse_path = Pathname.new(directory[0]).relative_path_from(directory)
140
146
  @python_version_file ||=
141
- fetch_file_if_present(File.join(reverse_path, ".python-version"))&.
142
- tap { |f| f.support_file = true }&.
147
+ fetch_support_file(File.join(reverse_path, ".python-version"))&.
143
148
  tap { |f| f.name = ".python-version" }
144
149
  end
145
150
 
146
151
  def pipfile
147
- @pipfile ||= fetch_file_if_present("Pipfile")
152
+ return @pipfile if defined?(@pipfile)
153
+
154
+ @pipfile = fetch_file_if_present("Pipfile")
148
155
  end
149
156
 
150
157
  def pipfile_lock
151
- @pipfile_lock ||= fetch_file_if_present("Pipfile.lock")
158
+ return @pipfile_lock if defined?(@pipfile_lock)
159
+
160
+ @pipfile_lock = fetch_file_if_present("Pipfile.lock")
152
161
  end
153
162
 
154
163
  def pyproject
155
- @pyproject ||= fetch_file_if_present("pyproject.toml")
164
+ return @pyproject if defined?(@pyproject)
165
+
166
+ @pyproject = fetch_file_if_present("pyproject.toml")
156
167
  end
157
168
 
158
169
  def pyproject_lock
159
- @pyproject_lock ||= fetch_file_if_present("pyproject.lock")
170
+ return @pyproject_lock if defined?(@pyproject_lock)
171
+
172
+ @pyproject_lock = fetch_file_if_present("pyproject.lock")
160
173
  end
161
174
 
162
175
  def poetry_lock
163
- @poetry_lock ||= fetch_file_if_present("poetry.lock")
176
+ return @poetry_lock if defined?(@poetry_lock)
177
+
178
+ @poetry_lock = fetch_file_if_present("poetry.lock")
164
179
  end
165
180
 
166
181
  def pdm_lock
167
- @pdm_lock ||= fetch_file_if_present("pdm.lock")
182
+ return @pdm_lock if defined?(@pdm_lock)
183
+
184
+ @pdm_lock = fetch_file_if_present("pdm.lock")
168
185
  end
169
186
 
170
187
  def requirements_txt_files
@@ -37,9 +37,6 @@ module Dependabot
37
37
  end
38
38
 
39
39
  def updated_dependency_files
40
- return @updated_dependency_files if @update_already_attempted
41
-
42
- @update_already_attempted = true
43
40
  @updated_dependency_files ||= fetch_updated_dependency_files
44
41
  end
45
42
 
@@ -30,9 +30,6 @@ module Dependabot
30
30
  end
31
31
 
32
32
  def updated_dependency_files
33
- return @updated_dependency_files if @update_already_attempted
34
-
35
- @update_already_attempted = true
36
33
  @updated_dependency_files ||= fetch_updated_dependency_files
37
34
  end
38
35
 
@@ -92,7 +89,7 @@ module Dependabot
92
89
 
93
90
  # Find any requirement files that list the same dependencies as
94
91
  # the (old) Pipfile.lock. Any such files were almost certainly
95
- # generated using `pipenv lock -r`
92
+ # generated using `pipenv requirements`
96
93
  requirements_files.select do |req_file|
97
94
  deps = []
98
95
  req_file.content.scan(regex) { deps << Regexp.last_match }
@@ -237,12 +234,12 @@ module Dependabot
237
234
 
238
235
  def generate_updated_requirements_files
239
236
  req_content = run_pipenv_command(
240
- "pyenv exec pipenv lock -r"
237
+ "pyenv exec pipenv requirements"
241
238
  )
242
239
  File.write("req.txt", req_content)
243
240
 
244
241
  dev_req_content = run_pipenv_command(
245
- "pyenv exec pipenv lock -r -d"
242
+ "pyenv exec pipenv requirements --dev"
246
243
  )
247
244
  File.write("dev-req.txt", dev_req_content)
248
245
  end
@@ -109,9 +109,7 @@ module Dependabot
109
109
  end
110
110
 
111
111
  def pipfile_sources
112
- @pipfile_sources ||=
113
- TomlRB.parse(pipfile_content).fetch("source", []).
114
- map { |h| h.dup.merge("url" => h["url"].gsub(%r{/*$}, "") + "/") }
112
+ @pipfile_sources ||= TomlRB.parse(pipfile_content).fetch("source", [])
115
113
  end
116
114
 
117
115
  def sub_auth_url(source, credentials)
@@ -132,9 +130,12 @@ module Dependabot
132
130
 
133
131
  def config_variable_sources(credentials)
134
132
  @config_variable_sources ||=
135
- credentials.
136
- select { |cred| cred["type"] == "python_index" }.
137
- map { |c| { "url" => AuthedUrlBuilder.authed_url(credential: c) } }
133
+ credentials.select { |cred| cred["type"] == "python_index" }.map.with_index do |c, i|
134
+ {
135
+ "name" => "dependabot-inserted-index-#{i}",
136
+ "url" => AuthedUrlBuilder.authed_url(credential: c)
137
+ }
138
+ end
138
139
  end
139
140
  end
140
141
  end
@@ -28,9 +28,6 @@ module Dependabot
28
28
  end
29
29
 
30
30
  def updated_dependency_files
31
- return @updated_dependency_files if @update_already_attempted
32
-
33
- @update_already_attempted = true
34
31
  @updated_dependency_files ||= fetch_updated_dependency_files
35
32
  end
36
33
 
@@ -20,9 +20,6 @@ module Dependabot
20
20
  end
21
21
 
22
22
  def updated_dependency_files
23
- return @updated_dependency_files if @update_already_attempted
24
-
25
- @update_already_attempted = true
26
23
  @updated_dependency_files ||= fetch_updated_dependency_files
27
24
  end
28
25
 
@@ -33,8 +33,7 @@ module Dependabot
33
33
  end
34
34
 
35
35
  def python_major_minor
36
- @python ||= Python::Version.new(python_version)
37
- "#{@python.segments[0]}.#{@python.segments[1]}"
36
+ @python_major_minor ||= Python::Version.new(python_version).segments[0..1].join(".")
38
37
  end
39
38
 
40
39
  def python_version
@@ -27,7 +27,6 @@ module Dependabot
27
27
  potential_source_urls = [
28
28
  pypi_listing.dig("info", "project_urls", "Source"),
29
29
  pypi_listing.dig("info", "home_page"),
30
- pypi_listing.dig("info", "bugtrack_url"),
31
30
  pypi_listing.dig("info", "download_url"),
32
31
  pypi_listing.dig("info", "docs_url")
33
32
  ].compact
@@ -301,17 +301,6 @@ module Dependabot
301
301
  env
302
302
  end
303
303
 
304
- def error_certainly_bad_python_version?(message)
305
- return true if message.include?("UnsupportedPythonVersion")
306
-
307
- unless message.include?('"python setup.py egg_info" failed') ||
308
- message.include?("exit status 1: python setup.py egg_info")
309
- return false
310
- end
311
-
312
- message.include?("SyntaxError")
313
- end
314
-
315
304
  def write_temporary_dependency_files(updated_req: nil,
316
305
  update_requirement: true)
317
306
  dependency_files.each do |file|
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.224.0
4
+ version: 0.226.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-07-27 00:00:00.000000000 Z
11
+ date: 2023-08-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.224.0
19
+ version: 0.226.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.224.0
26
+ version: 0.226.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -128,14 +128,14 @@ dependencies:
128
128
  requirements:
129
129
  - - "~>"
130
130
  - !ruby/object:Gem::Version
131
- version: 1.17.1
131
+ version: 1.18.0
132
132
  type: :development
133
133
  prerelease: false
134
134
  version_requirements: !ruby/object:Gem::Requirement
135
135
  requirements:
136
136
  - - "~>"
137
137
  - !ruby/object:Gem::Version
138
- version: 1.17.1
138
+ version: 1.18.0
139
139
  - !ruby/object:Gem::Dependency
140
140
  name: stackprof
141
141
  requirement: !ruby/object:Gem::Requirement
@@ -231,7 +231,7 @@ licenses:
231
231
  - Nonstandard
232
232
  metadata:
233
233
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
234
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.224.0
234
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.226.0
235
235
  post_install_message:
236
236
  rdoc_options: []
237
237
  require_paths: