dependabot-python 0.225.0 → 0.226.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/requirements.txt +2 -3
- data/lib/dependabot/python/file_fetcher.rb +31 -14
- data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb +0 -3
- data/lib/dependabot/python/file_updater/pipfile_file_updater.rb +3 -6
- data/lib/dependabot/python/file_updater/pipfile_preparer.rb +7 -6
- data/lib/dependabot/python/file_updater/poetry_file_updater.rb +0 -3
- data/lib/dependabot/python/file_updater/requirement_file_updater.rb +0 -3
- data/lib/dependabot/python/language_version_manager.rb +1 -2
- data/lib/dependabot/python/metadata_finder.rb +0 -1
- data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb +0 -11
- metadata +7 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 62fa8493503751dac8cc47e22819a502a292e5de2523c22a5dbd9edcb44e8051
|
4
|
+
data.tar.gz: 37ea1a41eb2064d2eb28149f86bc6e0c6aee4e9f6b40c64e044fa8b0d69ac8af
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: '08074756f750b4cae957e60277544eac7c23ec2f958a78d44d8c258921fbba181d783c1a1cf0ca11813969ad1cf0446493367893a797493ab9febae8668ddf75'
|
7
|
+
data.tar.gz: 5416cb34a8d3a2aeaf66da9a8bbe90e44d00ff950ed1444c1558131af7863ba7fc1b7b8944c153647686a129539d01b62d9cc2e6b9796927c43f9e0011909a76
|
data/helpers/requirements.txt
CHANGED
@@ -1,10 +1,9 @@
|
|
1
1
|
pip>=21.3.1,<23.2.0 # Range maintains py36 support TODO: Review python 3.6 support in April 2023 (eol ubuntu 18.04)
|
2
|
-
pip-tools>=6.4.0,<=6.
|
2
|
+
pip-tools>=6.4.0,<=6.14.0 # Range maintains py36 support TODO: Review python 3.6 support in April 2023 (eol ubuntu 18.04)
|
3
3
|
hashin==0.17.0
|
4
4
|
pipenv==2022.4.8
|
5
5
|
pipfile==0.0.2
|
6
6
|
poetry>=1.1.15,<1.6.0
|
7
|
-
wheel==0.37.1
|
8
7
|
|
9
8
|
# Some dependencies will only install if Cython is present
|
10
|
-
Cython==0.
|
9
|
+
Cython==3.0.0
|
@@ -116,21 +116,27 @@ module Dependabot
|
|
116
116
|
end
|
117
117
|
|
118
118
|
def setup_file
|
119
|
-
@setup_file
|
119
|
+
return @setup_file if defined?(@setup_file)
|
120
|
+
|
121
|
+
@setup_file = fetch_file_if_present("setup.py")
|
120
122
|
end
|
121
123
|
|
122
124
|
def setup_cfg_file
|
123
|
-
@setup_cfg_file
|
125
|
+
return @setup_cfg_file if defined?(@setup_cfg_file)
|
126
|
+
|
127
|
+
@setup_cfg_file = fetch_file_if_present("setup.cfg")
|
124
128
|
end
|
125
129
|
|
126
130
|
def pip_conf
|
127
|
-
@pip_conf
|
128
|
-
|
131
|
+
return @pip_conf if defined?(@pip_conf)
|
132
|
+
|
133
|
+
@pip_conf = fetch_support_file("pip.conf")
|
129
134
|
end
|
130
135
|
|
131
136
|
def python_version_file
|
132
|
-
@python_version_file
|
133
|
-
|
137
|
+
return @python_version_file if defined?(@python_version_file)
|
138
|
+
|
139
|
+
@python_version_file = fetch_support_file(".python-version")
|
134
140
|
|
135
141
|
return @python_version_file if @python_version_file
|
136
142
|
return if [".", "/"].include?(directory)
|
@@ -138,33 +144,44 @@ module Dependabot
|
|
138
144
|
# Check the top-level for a .python-version file, too
|
139
145
|
reverse_path = Pathname.new(directory[0]).relative_path_from(directory)
|
140
146
|
@python_version_file ||=
|
141
|
-
|
142
|
-
tap { |f| f.support_file = true }&.
|
147
|
+
fetch_support_file(File.join(reverse_path, ".python-version"))&.
|
143
148
|
tap { |f| f.name = ".python-version" }
|
144
149
|
end
|
145
150
|
|
146
151
|
def pipfile
|
147
|
-
@pipfile
|
152
|
+
return @pipfile if defined?(@pipfile)
|
153
|
+
|
154
|
+
@pipfile = fetch_file_if_present("Pipfile")
|
148
155
|
end
|
149
156
|
|
150
157
|
def pipfile_lock
|
151
|
-
@pipfile_lock
|
158
|
+
return @pipfile_lock if defined?(@pipfile_lock)
|
159
|
+
|
160
|
+
@pipfile_lock = fetch_file_if_present("Pipfile.lock")
|
152
161
|
end
|
153
162
|
|
154
163
|
def pyproject
|
155
|
-
@pyproject
|
164
|
+
return @pyproject if defined?(@pyproject)
|
165
|
+
|
166
|
+
@pyproject = fetch_file_if_present("pyproject.toml")
|
156
167
|
end
|
157
168
|
|
158
169
|
def pyproject_lock
|
159
|
-
@pyproject_lock
|
170
|
+
return @pyproject_lock if defined?(@pyproject_lock)
|
171
|
+
|
172
|
+
@pyproject_lock = fetch_file_if_present("pyproject.lock")
|
160
173
|
end
|
161
174
|
|
162
175
|
def poetry_lock
|
163
|
-
@poetry_lock
|
176
|
+
return @poetry_lock if defined?(@poetry_lock)
|
177
|
+
|
178
|
+
@poetry_lock = fetch_file_if_present("poetry.lock")
|
164
179
|
end
|
165
180
|
|
166
181
|
def pdm_lock
|
167
|
-
@pdm_lock
|
182
|
+
return @pdm_lock if defined?(@pdm_lock)
|
183
|
+
|
184
|
+
@pdm_lock = fetch_file_if_present("pdm.lock")
|
168
185
|
end
|
169
186
|
|
170
187
|
def requirements_txt_files
|
@@ -30,9 +30,6 @@ module Dependabot
|
|
30
30
|
end
|
31
31
|
|
32
32
|
def updated_dependency_files
|
33
|
-
return @updated_dependency_files if @update_already_attempted
|
34
|
-
|
35
|
-
@update_already_attempted = true
|
36
33
|
@updated_dependency_files ||= fetch_updated_dependency_files
|
37
34
|
end
|
38
35
|
|
@@ -92,7 +89,7 @@ module Dependabot
|
|
92
89
|
|
93
90
|
# Find any requirement files that list the same dependencies as
|
94
91
|
# the (old) Pipfile.lock. Any such files were almost certainly
|
95
|
-
# generated using `pipenv
|
92
|
+
# generated using `pipenv requirements`
|
96
93
|
requirements_files.select do |req_file|
|
97
94
|
deps = []
|
98
95
|
req_file.content.scan(regex) { deps << Regexp.last_match }
|
@@ -237,12 +234,12 @@ module Dependabot
|
|
237
234
|
|
238
235
|
def generate_updated_requirements_files
|
239
236
|
req_content = run_pipenv_command(
|
240
|
-
"pyenv exec pipenv
|
237
|
+
"pyenv exec pipenv requirements"
|
241
238
|
)
|
242
239
|
File.write("req.txt", req_content)
|
243
240
|
|
244
241
|
dev_req_content = run_pipenv_command(
|
245
|
-
"pyenv exec pipenv
|
242
|
+
"pyenv exec pipenv requirements --dev"
|
246
243
|
)
|
247
244
|
File.write("dev-req.txt", dev_req_content)
|
248
245
|
end
|
@@ -109,9 +109,7 @@ module Dependabot
|
|
109
109
|
end
|
110
110
|
|
111
111
|
def pipfile_sources
|
112
|
-
@pipfile_sources ||=
|
113
|
-
TomlRB.parse(pipfile_content).fetch("source", []).
|
114
|
-
map { |h| h.dup.merge("url" => h["url"].gsub(%r{/*$}, "") + "/") }
|
112
|
+
@pipfile_sources ||= TomlRB.parse(pipfile_content).fetch("source", [])
|
115
113
|
end
|
116
114
|
|
117
115
|
def sub_auth_url(source, credentials)
|
@@ -132,9 +130,12 @@ module Dependabot
|
|
132
130
|
|
133
131
|
def config_variable_sources(credentials)
|
134
132
|
@config_variable_sources ||=
|
135
|
-
credentials.
|
136
|
-
|
137
|
-
|
133
|
+
credentials.select { |cred| cred["type"] == "python_index" }.map.with_index do |c, i|
|
134
|
+
{
|
135
|
+
"name" => "dependabot-inserted-index-#{i}",
|
136
|
+
"url" => AuthedUrlBuilder.authed_url(credential: c)
|
137
|
+
}
|
138
|
+
end
|
138
139
|
end
|
139
140
|
end
|
140
141
|
end
|
@@ -33,8 +33,7 @@ module Dependabot
|
|
33
33
|
end
|
34
34
|
|
35
35
|
def python_major_minor
|
36
|
-
@
|
37
|
-
"#{@python.segments[0]}.#{@python.segments[1]}"
|
36
|
+
@python_major_minor ||= Python::Version.new(python_version).segments[0..1].join(".")
|
38
37
|
end
|
39
38
|
|
40
39
|
def python_version
|
@@ -27,7 +27,6 @@ module Dependabot
|
|
27
27
|
potential_source_urls = [
|
28
28
|
pypi_listing.dig("info", "project_urls", "Source"),
|
29
29
|
pypi_listing.dig("info", "home_page"),
|
30
|
-
pypi_listing.dig("info", "bugtrack_url"),
|
31
30
|
pypi_listing.dig("info", "download_url"),
|
32
31
|
pypi_listing.dig("info", "docs_url")
|
33
32
|
].compact
|
@@ -301,17 +301,6 @@ module Dependabot
|
|
301
301
|
env
|
302
302
|
end
|
303
303
|
|
304
|
-
def error_certainly_bad_python_version?(message)
|
305
|
-
return true if message.include?("UnsupportedPythonVersion")
|
306
|
-
|
307
|
-
unless message.include?('"python setup.py egg_info" failed') ||
|
308
|
-
message.include?("exit status 1: python setup.py egg_info")
|
309
|
-
return false
|
310
|
-
end
|
311
|
-
|
312
|
-
message.include?("SyntaxError")
|
313
|
-
end
|
314
|
-
|
315
304
|
def write_temporary_dependency_files(updated_req: nil,
|
316
305
|
update_requirement: true)
|
317
306
|
dependency_files.each do |file|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-python
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.226.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-
|
11
|
+
date: 2023-08-11 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.226.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.226.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -128,14 +128,14 @@ dependencies:
|
|
128
128
|
requirements:
|
129
129
|
- - "~>"
|
130
130
|
- !ruby/object:Gem::Version
|
131
|
-
version: 1.
|
131
|
+
version: 1.18.0
|
132
132
|
type: :development
|
133
133
|
prerelease: false
|
134
134
|
version_requirements: !ruby/object:Gem::Requirement
|
135
135
|
requirements:
|
136
136
|
- - "~>"
|
137
137
|
- !ruby/object:Gem::Version
|
138
|
-
version: 1.
|
138
|
+
version: 1.18.0
|
139
139
|
- !ruby/object:Gem::Dependency
|
140
140
|
name: stackprof
|
141
141
|
requirement: !ruby/object:Gem::Requirement
|
@@ -231,7 +231,7 @@ licenses:
|
|
231
231
|
- Nonstandard
|
232
232
|
metadata:
|
233
233
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
234
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
234
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.226.0
|
235
235
|
post_install_message:
|
236
236
|
rdoc_options: []
|
237
237
|
require_paths:
|