RubyGems - dependabot-python - Versions diffs - 0.224.0 → 0.226.0 - Mend

dependabot-python 0.224.0 → 0.226.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4645b3b0e0215f8bb7712be3fe9cf9a46529e0ee40618dc49f272aeba112f97b
-  data.tar.gz: f9f612a49326fcd6bd14f7a441a6924556cc6ddaf90afecbe68692a5dbd523b0
+  metadata.gz: 62fa8493503751dac8cc47e22819a502a292e5de2523c22a5dbd9edcb44e8051
+  data.tar.gz: 37ea1a41eb2064d2eb28149f86bc6e0c6aee4e9f6b40c64e044fa8b0d69ac8af
 SHA512:
-  metadata.gz: ecb9be8cb63103314e8939582d89f91db9078f02e5bef1726b693ffc4134239ea26f80ee29ce0279a3b807a1ec7ed020bd7c03a6059412bb317de78a01f807b3
-  data.tar.gz: bae6574736ef53b38b64eac06945174e4c4926960e561d41f91ce86697bb8f35970653ed1798125e6e229c684cb4206eb1650f26ca29933d411fee7c232fe2f7
+  metadata.gz: '08074756f750b4cae957e60277544eac7c23ec2f958a78d44d8c258921fbba181d783c1a1cf0ca11813969ad1cf0446493367893a797493ab9febae8668ddf75'
+  data.tar.gz: 5416cb34a8d3a2aeaf66da9a8bbe90e44d00ff950ed1444c1558131af7863ba7fc1b7b8944c153647686a129539d01b62d9cc2e6b9796927c43f9e0011909a76

data/helpers/requirements.txt CHANGED Viewed

@@ -1,10 +1,9 @@
 pip>=21.3.1,<23.2.0  # Range maintains py36 support TODO: Review python 3.6 support in April 2023 (eol ubuntu 18.04)
-pip-tools>=6.4.0,<=6.13.0  # Range maintains py36 support TODO: Review python 3.6 support in April 2023 (eol ubuntu 18.04)
+pip-tools>=6.4.0,<=6.14.0  # Range maintains py36 support TODO: Review python 3.6 support in April 2023 (eol ubuntu 18.04)
 hashin==0.17.0
 pipenv==2022.4.8
 pipfile==0.0.2
 poetry>=1.1.15,<1.6.0
-wheel==0.37.1
 # Some dependencies will only install if Cython is present
-Cython==0.29.34
+Cython==3.0.0

data/lib/dependabot/python/file_fetcher.rb CHANGED Viewed

@@ -116,21 +116,27 @@ module Dependabot
       end
       def setup_file
-        @setup_file ||= fetch_file_if_present("setup.py")
+        return @setup_file if defined?(@setup_file)
+        @setup_file = fetch_file_if_present("setup.py")
       end
       def setup_cfg_file
-        @setup_cfg_file ||= fetch_file_if_present("setup.cfg")
+        return @setup_cfg_file if defined?(@setup_cfg_file)
+        @setup_cfg_file = fetch_file_if_present("setup.cfg")
       end
       def pip_conf
-        @pip_conf ||= fetch_file_if_present("pip.conf")&.
-                      tap { |f| f.support_file = true }
+        return @pip_conf if defined?(@pip_conf)
+        @pip_conf = fetch_support_file("pip.conf")
       end
       def python_version_file
-        @python_version_file ||= fetch_file_if_present(".python-version")&.
-                            tap { |f| f.support_file = true }
+        return @python_version_file if defined?(@python_version_file)
+        @python_version_file = fetch_support_file(".python-version")
         return @python_version_file if @python_version_file
         return if [".", "/"].include?(directory)
@@ -138,33 +144,44 @@ module Dependabot
         # Check the top-level for a .python-version file, too
         reverse_path = Pathname.new(directory[0]).relative_path_from(directory)
         @python_version_file ||=
-          fetch_file_if_present(File.join(reverse_path, ".python-version"))&.
-          tap { |f| f.support_file = true }&.
+          fetch_support_file(File.join(reverse_path, ".python-version"))&.
           tap { |f| f.name = ".python-version" }
       end
       def pipfile
-        @pipfile ||= fetch_file_if_present("Pipfile")
+        return @pipfile if defined?(@pipfile)
+        @pipfile = fetch_file_if_present("Pipfile")
       end
       def pipfile_lock
-        @pipfile_lock ||= fetch_file_if_present("Pipfile.lock")
+        return @pipfile_lock if defined?(@pipfile_lock)
+        @pipfile_lock = fetch_file_if_present("Pipfile.lock")
       end
       def pyproject
-        @pyproject ||= fetch_file_if_present("pyproject.toml")
+        return @pyproject if defined?(@pyproject)
+        @pyproject = fetch_file_if_present("pyproject.toml")
       end
       def pyproject_lock
-        @pyproject_lock ||= fetch_file_if_present("pyproject.lock")
+        return @pyproject_lock if defined?(@pyproject_lock)
+        @pyproject_lock = fetch_file_if_present("pyproject.lock")
       end
       def poetry_lock
-        @poetry_lock ||= fetch_file_if_present("poetry.lock")
+        return @poetry_lock if defined?(@poetry_lock)
+        @poetry_lock = fetch_file_if_present("poetry.lock")
       end
       def pdm_lock
-        @pdm_lock ||= fetch_file_if_present("pdm.lock")
+        return @pdm_lock if defined?(@pdm_lock)
+        @pdm_lock = fetch_file_if_present("pdm.lock")
       end
       def requirements_txt_files

data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb CHANGED Viewed

@@ -37,9 +37,6 @@ module Dependabot
         end
         def updated_dependency_files
-          return @updated_dependency_files if @update_already_attempted
-          @update_already_attempted = true
           @updated_dependency_files ||= fetch_updated_dependency_files
         end

data/lib/dependabot/python/file_updater/pipfile_file_updater.rb CHANGED Viewed

@@ -30,9 +30,6 @@ module Dependabot
         end
         def updated_dependency_files
-          return @updated_dependency_files if @update_already_attempted
-          @update_already_attempted = true
           @updated_dependency_files ||= fetch_updated_dependency_files
         end
@@ -92,7 +89,7 @@ module Dependabot
           # Find any requirement files that list the same dependencies as
           # the (old) Pipfile.lock. Any such files were almost certainly
-          # generated using `pipenv lock -r`
+          # generated using `pipenv requirements`
           requirements_files.select do |req_file|
             deps = []
             req_file.content.scan(regex) { deps << Regexp.last_match }
@@ -237,12 +234,12 @@ module Dependabot
         def generate_updated_requirements_files
           req_content = run_pipenv_command(
-            "pyenv exec pipenv lock -r"
+            "pyenv exec pipenv requirements"
           )
           File.write("req.txt", req_content)
           dev_req_content = run_pipenv_command(
-            "pyenv exec pipenv lock -r -d"
+            "pyenv exec pipenv requirements --dev"
           )
           File.write("dev-req.txt", dev_req_content)
         end

data/lib/dependabot/python/file_updater/pipfile_preparer.rb CHANGED Viewed

@@ -109,9 +109,7 @@ module Dependabot
         end
         def pipfile_sources
-          @pipfile_sources ||=
-            TomlRB.parse(pipfile_content).fetch("source", []).
-            map { |h| h.dup.merge("url" => h["url"].gsub(%r{/*$}, "") + "/") }
+          @pipfile_sources ||= TomlRB.parse(pipfile_content).fetch("source", [])
         end
         def sub_auth_url(source, credentials)
@@ -132,9 +130,12 @@ module Dependabot
         def config_variable_sources(credentials)
           @config_variable_sources ||=
-            credentials.
-            select { |cred| cred["type"] == "python_index" }.
-            map { |c| { "url" => AuthedUrlBuilder.authed_url(credential: c) } }
+            credentials.select { |cred| cred["type"] == "python_index" }.map.with_index do |c, i|
+              {
+                "name" => "dependabot-inserted-index-#{i}",
+                "url" => AuthedUrlBuilder.authed_url(credential: c)
+              }
+            end
         end
       end
     end

data/lib/dependabot/python/file_updater/poetry_file_updater.rb CHANGED Viewed

@@ -28,9 +28,6 @@ module Dependabot
         end
         def updated_dependency_files
-          return @updated_dependency_files if @update_already_attempted
-          @update_already_attempted = true
           @updated_dependency_files ||= fetch_updated_dependency_files
         end

data/lib/dependabot/python/file_updater/requirement_file_updater.rb CHANGED Viewed

@@ -20,9 +20,6 @@ module Dependabot
         end
         def updated_dependency_files
-          return @updated_dependency_files if @update_already_attempted
-          @update_already_attempted = true
           @updated_dependency_files ||= fetch_updated_dependency_files
         end

data/lib/dependabot/python/language_version_manager.rb CHANGED Viewed

@@ -33,8 +33,7 @@ module Dependabot
       end
       def python_major_minor
-        @python ||= Python::Version.new(python_version)
-        "#{@python.segments[0]}.#{@python.segments[1]}"
+        @python_major_minor ||= Python::Version.new(python_version).segments[0..1].join(".")
       end
       def python_version

data/lib/dependabot/python/metadata_finder.rb CHANGED Viewed

@@ -27,7 +27,6 @@ module Dependabot
         potential_source_urls = [
           pypi_listing.dig("info", "project_urls", "Source"),
           pypi_listing.dig("info", "home_page"),
-          pypi_listing.dig("info", "bugtrack_url"),
           pypi_listing.dig("info", "download_url"),
           pypi_listing.dig("info", "docs_url")
         ].compact

data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb CHANGED Viewed

@@ -301,17 +301,6 @@ module Dependabot
           env
         end
-        def error_certainly_bad_python_version?(message)
-          return true if message.include?("UnsupportedPythonVersion")
-          unless message.include?('"python setup.py egg_info" failed') ||
-                 message.include?("exit status 1: python setup.py egg_info")
-            return false
-          end
-          message.include?("SyntaxError")
-        end
         def write_temporary_dependency_files(updated_req: nil,
                                              update_requirement: true)
           dependency_files.each do |file|

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-python
 version: !ruby/object:Gem::Version
-  version: 0.224.0
+  version: 0.226.0
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-07-27 00:00:00.000000000 Z
+date: 2023-08-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.224.0
+        version: 0.226.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.224.0
+        version: 0.226.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -128,14 +128,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.17.1
+        version: 1.18.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.17.1
+        version: 1.18.0
 - !ruby/object:Gem::Dependency
   name: stackprof
   requirement: !ruby/object:Gem::Requirement
@@ -231,7 +231,7 @@ licenses:
 - Nonstandard
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.224.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.226.0
 post_install_message:
 rdoc_options: []
 require_paths: