dependabot-python 0.224.0 → 0.226.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/helpers/requirements.txt +2 -3
- data/lib/dependabot/python/file_fetcher.rb +31 -14
- data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb +0 -3
- data/lib/dependabot/python/file_updater/pipfile_file_updater.rb +3 -6
- data/lib/dependabot/python/file_updater/pipfile_preparer.rb +7 -6
- data/lib/dependabot/python/file_updater/poetry_file_updater.rb +0 -3
- data/lib/dependabot/python/file_updater/requirement_file_updater.rb +0 -3
- data/lib/dependabot/python/language_version_manager.rb +1 -2
- data/lib/dependabot/python/metadata_finder.rb +0 -1
- data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb +0 -11
- metadata +7 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 62fa8493503751dac8cc47e22819a502a292e5de2523c22a5dbd9edcb44e8051
|
4
|
+
data.tar.gz: 37ea1a41eb2064d2eb28149f86bc6e0c6aee4e9f6b40c64e044fa8b0d69ac8af
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: '08074756f750b4cae957e60277544eac7c23ec2f958a78d44d8c258921fbba181d783c1a1cf0ca11813969ad1cf0446493367893a797493ab9febae8668ddf75'
|
7
|
+
data.tar.gz: 5416cb34a8d3a2aeaf66da9a8bbe90e44d00ff950ed1444c1558131af7863ba7fc1b7b8944c153647686a129539d01b62d9cc2e6b9796927c43f9e0011909a76
|
data/helpers/requirements.txt
CHANGED
@@ -1,10 +1,9 @@
|
|
1
1
|
pip>=21.3.1,<23.2.0 # Range maintains py36 support TODO: Review python 3.6 support in April 2023 (eol ubuntu 18.04)
|
2
|
-
pip-tools>=6.4.0,<=6.
|
2
|
+
pip-tools>=6.4.0,<=6.14.0 # Range maintains py36 support TODO: Review python 3.6 support in April 2023 (eol ubuntu 18.04)
|
3
3
|
hashin==0.17.0
|
4
4
|
pipenv==2022.4.8
|
5
5
|
pipfile==0.0.2
|
6
6
|
poetry>=1.1.15,<1.6.0
|
7
|
-
wheel==0.37.1
|
8
7
|
|
9
8
|
# Some dependencies will only install if Cython is present
|
10
|
-
Cython==0.
|
9
|
+
Cython==3.0.0
|
@@ -116,21 +116,27 @@ module Dependabot
|
|
116
116
|
end
|
117
117
|
|
118
118
|
def setup_file
|
119
|
-
@setup_file
|
119
|
+
return @setup_file if defined?(@setup_file)
|
120
|
+
|
121
|
+
@setup_file = fetch_file_if_present("setup.py")
|
120
122
|
end
|
121
123
|
|
122
124
|
def setup_cfg_file
|
123
|
-
@setup_cfg_file
|
125
|
+
return @setup_cfg_file if defined?(@setup_cfg_file)
|
126
|
+
|
127
|
+
@setup_cfg_file = fetch_file_if_present("setup.cfg")
|
124
128
|
end
|
125
129
|
|
126
130
|
def pip_conf
|
127
|
-
@pip_conf
|
128
|
-
|
131
|
+
return @pip_conf if defined?(@pip_conf)
|
132
|
+
|
133
|
+
@pip_conf = fetch_support_file("pip.conf")
|
129
134
|
end
|
130
135
|
|
131
136
|
def python_version_file
|
132
|
-
@python_version_file
|
133
|
-
|
137
|
+
return @python_version_file if defined?(@python_version_file)
|
138
|
+
|
139
|
+
@python_version_file = fetch_support_file(".python-version")
|
134
140
|
|
135
141
|
return @python_version_file if @python_version_file
|
136
142
|
return if [".", "/"].include?(directory)
|
@@ -138,33 +144,44 @@ module Dependabot
|
|
138
144
|
# Check the top-level for a .python-version file, too
|
139
145
|
reverse_path = Pathname.new(directory[0]).relative_path_from(directory)
|
140
146
|
@python_version_file ||=
|
141
|
-
|
142
|
-
tap { |f| f.support_file = true }&.
|
147
|
+
fetch_support_file(File.join(reverse_path, ".python-version"))&.
|
143
148
|
tap { |f| f.name = ".python-version" }
|
144
149
|
end
|
145
150
|
|
146
151
|
def pipfile
|
147
|
-
@pipfile
|
152
|
+
return @pipfile if defined?(@pipfile)
|
153
|
+
|
154
|
+
@pipfile = fetch_file_if_present("Pipfile")
|
148
155
|
end
|
149
156
|
|
150
157
|
def pipfile_lock
|
151
|
-
@pipfile_lock
|
158
|
+
return @pipfile_lock if defined?(@pipfile_lock)
|
159
|
+
|
160
|
+
@pipfile_lock = fetch_file_if_present("Pipfile.lock")
|
152
161
|
end
|
153
162
|
|
154
163
|
def pyproject
|
155
|
-
@pyproject
|
164
|
+
return @pyproject if defined?(@pyproject)
|
165
|
+
|
166
|
+
@pyproject = fetch_file_if_present("pyproject.toml")
|
156
167
|
end
|
157
168
|
|
158
169
|
def pyproject_lock
|
159
|
-
@pyproject_lock
|
170
|
+
return @pyproject_lock if defined?(@pyproject_lock)
|
171
|
+
|
172
|
+
@pyproject_lock = fetch_file_if_present("pyproject.lock")
|
160
173
|
end
|
161
174
|
|
162
175
|
def poetry_lock
|
163
|
-
@poetry_lock
|
176
|
+
return @poetry_lock if defined?(@poetry_lock)
|
177
|
+
|
178
|
+
@poetry_lock = fetch_file_if_present("poetry.lock")
|
164
179
|
end
|
165
180
|
|
166
181
|
def pdm_lock
|
167
|
-
@pdm_lock
|
182
|
+
return @pdm_lock if defined?(@pdm_lock)
|
183
|
+
|
184
|
+
@pdm_lock = fetch_file_if_present("pdm.lock")
|
168
185
|
end
|
169
186
|
|
170
187
|
def requirements_txt_files
|
@@ -30,9 +30,6 @@ module Dependabot
|
|
30
30
|
end
|
31
31
|
|
32
32
|
def updated_dependency_files
|
33
|
-
return @updated_dependency_files if @update_already_attempted
|
34
|
-
|
35
|
-
@update_already_attempted = true
|
36
33
|
@updated_dependency_files ||= fetch_updated_dependency_files
|
37
34
|
end
|
38
35
|
|
@@ -92,7 +89,7 @@ module Dependabot
|
|
92
89
|
|
93
90
|
# Find any requirement files that list the same dependencies as
|
94
91
|
# the (old) Pipfile.lock. Any such files were almost certainly
|
95
|
-
# generated using `pipenv
|
92
|
+
# generated using `pipenv requirements`
|
96
93
|
requirements_files.select do |req_file|
|
97
94
|
deps = []
|
98
95
|
req_file.content.scan(regex) { deps << Regexp.last_match }
|
@@ -237,12 +234,12 @@ module Dependabot
|
|
237
234
|
|
238
235
|
def generate_updated_requirements_files
|
239
236
|
req_content = run_pipenv_command(
|
240
|
-
"pyenv exec pipenv
|
237
|
+
"pyenv exec pipenv requirements"
|
241
238
|
)
|
242
239
|
File.write("req.txt", req_content)
|
243
240
|
|
244
241
|
dev_req_content = run_pipenv_command(
|
245
|
-
"pyenv exec pipenv
|
242
|
+
"pyenv exec pipenv requirements --dev"
|
246
243
|
)
|
247
244
|
File.write("dev-req.txt", dev_req_content)
|
248
245
|
end
|
@@ -109,9 +109,7 @@ module Dependabot
|
|
109
109
|
end
|
110
110
|
|
111
111
|
def pipfile_sources
|
112
|
-
@pipfile_sources ||=
|
113
|
-
TomlRB.parse(pipfile_content).fetch("source", []).
|
114
|
-
map { |h| h.dup.merge("url" => h["url"].gsub(%r{/*$}, "") + "/") }
|
112
|
+
@pipfile_sources ||= TomlRB.parse(pipfile_content).fetch("source", [])
|
115
113
|
end
|
116
114
|
|
117
115
|
def sub_auth_url(source, credentials)
|
@@ -132,9 +130,12 @@ module Dependabot
|
|
132
130
|
|
133
131
|
def config_variable_sources(credentials)
|
134
132
|
@config_variable_sources ||=
|
135
|
-
credentials.
|
136
|
-
|
137
|
-
|
133
|
+
credentials.select { |cred| cred["type"] == "python_index" }.map.with_index do |c, i|
|
134
|
+
{
|
135
|
+
"name" => "dependabot-inserted-index-#{i}",
|
136
|
+
"url" => AuthedUrlBuilder.authed_url(credential: c)
|
137
|
+
}
|
138
|
+
end
|
138
139
|
end
|
139
140
|
end
|
140
141
|
end
|
@@ -33,8 +33,7 @@ module Dependabot
|
|
33
33
|
end
|
34
34
|
|
35
35
|
def python_major_minor
|
36
|
-
@
|
37
|
-
"#{@python.segments[0]}.#{@python.segments[1]}"
|
36
|
+
@python_major_minor ||= Python::Version.new(python_version).segments[0..1].join(".")
|
38
37
|
end
|
39
38
|
|
40
39
|
def python_version
|
@@ -27,7 +27,6 @@ module Dependabot
|
|
27
27
|
potential_source_urls = [
|
28
28
|
pypi_listing.dig("info", "project_urls", "Source"),
|
29
29
|
pypi_listing.dig("info", "home_page"),
|
30
|
-
pypi_listing.dig("info", "bugtrack_url"),
|
31
30
|
pypi_listing.dig("info", "download_url"),
|
32
31
|
pypi_listing.dig("info", "docs_url")
|
33
32
|
].compact
|
@@ -301,17 +301,6 @@ module Dependabot
|
|
301
301
|
env
|
302
302
|
end
|
303
303
|
|
304
|
-
def error_certainly_bad_python_version?(message)
|
305
|
-
return true if message.include?("UnsupportedPythonVersion")
|
306
|
-
|
307
|
-
unless message.include?('"python setup.py egg_info" failed') ||
|
308
|
-
message.include?("exit status 1: python setup.py egg_info")
|
309
|
-
return false
|
310
|
-
end
|
311
|
-
|
312
|
-
message.include?("SyntaxError")
|
313
|
-
end
|
314
|
-
|
315
304
|
def write_temporary_dependency_files(updated_req: nil,
|
316
305
|
update_requirement: true)
|
317
306
|
dependency_files.each do |file|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-python
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.226.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-
|
11
|
+
date: 2023-08-11 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.226.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.226.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -128,14 +128,14 @@ dependencies:
|
|
128
128
|
requirements:
|
129
129
|
- - "~>"
|
130
130
|
- !ruby/object:Gem::Version
|
131
|
-
version: 1.
|
131
|
+
version: 1.18.0
|
132
132
|
type: :development
|
133
133
|
prerelease: false
|
134
134
|
version_requirements: !ruby/object:Gem::Requirement
|
135
135
|
requirements:
|
136
136
|
- - "~>"
|
137
137
|
- !ruby/object:Gem::Version
|
138
|
-
version: 1.
|
138
|
+
version: 1.18.0
|
139
139
|
- !ruby/object:Gem::Dependency
|
140
140
|
name: stackprof
|
141
141
|
requirement: !ruby/object:Gem::Requirement
|
@@ -231,7 +231,7 @@ licenses:
|
|
231
231
|
- Nonstandard
|
232
232
|
metadata:
|
233
233
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
234
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
234
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.226.0
|
235
235
|
post_install_message:
|
236
236
|
rdoc_options: []
|
237
237
|
require_paths:
|