dependabot-python 0.230.0 → 0.231.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/python/authed_url_builder.rb +1 -0
- data/lib/dependabot/python/file_fetcher.rb +41 -40
- data/lib/dependabot/python/file_parser/pipfile_files_parser.rb +3 -2
- data/lib/dependabot/python/file_parser/pyproject_files_parser.rb +4 -3
- data/lib/dependabot/python/file_parser/python_requirement_parser.rb +11 -10
- data/lib/dependabot/python/file_parser/setup_file_parser.rb +4 -3
- data/lib/dependabot/python/file_parser.rb +17 -16
- data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb +40 -39
- data/lib/dependabot/python/file_updater/pipfile_file_updater.rb +22 -21
- data/lib/dependabot/python/file_updater/pipfile_manifest_updater.rb +11 -10
- data/lib/dependabot/python/file_updater/pipfile_preparer.rb +4 -3
- data/lib/dependabot/python/file_updater/poetry_file_updater.rb +21 -20
- data/lib/dependabot/python/file_updater/pyproject_preparer.rb +6 -5
- data/lib/dependabot/python/file_updater/requirement_file_updater.rb +1 -0
- data/lib/dependabot/python/file_updater/requirement_replacer.rb +28 -27
- data/lib/dependabot/python/file_updater/setup_file_sanitizer.rb +5 -4
- data/lib/dependabot/python/file_updater.rb +4 -3
- data/lib/dependabot/python/helpers.rb +1 -0
- data/lib/dependabot/python/language_version_manager.rb +1 -0
- data/lib/dependabot/python/metadata_finder.rb +4 -3
- data/lib/dependabot/python/name_normaliser.rb +1 -0
- data/lib/dependabot/python/native_helpers.rb +1 -0
- data/lib/dependabot/python/requirement.rb +16 -15
- data/lib/dependabot/python/requirement_parser.rb +1 -0
- data/lib/dependabot/python/update_checker/index_finder.rb +27 -26
- data/lib/dependabot/python/update_checker/latest_version_finder.rb +13 -12
- data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb +18 -17
- data/lib/dependabot/python/update_checker/pip_version_resolver.rb +5 -4
- data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb +34 -33
- data/lib/dependabot/python/update_checker/poetry_version_resolver.rb +20 -19
- data/lib/dependabot/python/update_checker/requirements_updater.rb +28 -27
- data/lib/dependabot/python/update_checker.rb +7 -6
- data/lib/dependabot/python/version.rb +13 -12
- data/lib/dependabot/python.rb +3 -2
- metadata +19 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e7e856d45cf46b8379f86d8ed43d53c622eaa9444c8e9cd24d0563d56509c3c7
|
4
|
+
data.tar.gz: 65a0173503758395b1ce82d88e7dd09d02decde06a223e47cfeb95d7a5aee68f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 48ce906627997bbb5f87355879fdd887bb6f4b3af533177d8c991aa3956c1ae09e4d4ac67ed09c595dfcace80fc682617379208dd87212a4d819d852199f3424
|
7
|
+
data.tar.gz: 33de2574168426711d09f0045e387674a91522672af3459f7da0eb7ccd7715987621ed4db755f105eb0df63cb78535929d726af8a32dcd16c2bf4b7d00984e84
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "toml-rb"
|
@@ -84,8 +85,8 @@ module Dependabot
|
|
84
85
|
|
85
86
|
def uniq_files(fetched_files)
|
86
87
|
uniq_files = fetched_files.reject(&:support_file?).uniq
|
87
|
-
uniq_files += fetched_files
|
88
|
-
reject { |f| uniq_files.map(&:name).include?(f.name) }
|
88
|
+
uniq_files += fetched_files
|
89
|
+
.reject { |f| uniq_files.map(&:name).include?(f.name) }
|
89
90
|
end
|
90
91
|
|
91
92
|
def pipenv_files
|
@@ -112,8 +113,8 @@ module Dependabot
|
|
112
113
|
pipfile ||
|
113
114
|
pyproject
|
114
115
|
|
115
|
-
path = Pathname.new(File.join(directory, "requirements.txt"))
|
116
|
-
|
116
|
+
path = Pathname.new(File.join(directory, "requirements.txt"))
|
117
|
+
.cleanpath.to_path
|
117
118
|
raise Dependabot::DependencyFileNotFound, path
|
118
119
|
end
|
119
120
|
|
@@ -146,8 +147,8 @@ module Dependabot
|
|
146
147
|
# Check the top-level for a .python-version file, too
|
147
148
|
reverse_path = Pathname.new(directory[0]).relative_path_from(directory)
|
148
149
|
@python_version_file ||=
|
149
|
-
fetch_support_file(File.join(reverse_path, ".python-version"))
|
150
|
-
tap { |f| f.name = ".python-version" }
|
150
|
+
fetch_support_file(File.join(reverse_path, ".python-version"))
|
151
|
+
&.tap { |f| f.name = ".python-version" }
|
151
152
|
end
|
152
153
|
|
153
154
|
def pipfile
|
@@ -210,17 +211,17 @@ module Dependabot
|
|
210
211
|
|
211
212
|
@req_txt_and_in_files = []
|
212
213
|
|
213
|
-
repo_contents
|
214
|
-
select { |f| f.type == "file" }
|
215
|
-
select { |f| f.name.end_with?(".txt", ".in") }
|
216
|
-
reject { |f| f.size > 500_000 }
|
217
|
-
map { |f| fetch_file_from_host(f.name) }
|
218
|
-
select { |f| requirements_file?(f) }
|
219
|
-
each { |f| @req_txt_and_in_files << f }
|
214
|
+
repo_contents
|
215
|
+
.select { |f| f.type == "file" }
|
216
|
+
.select { |f| f.name.end_with?(".txt", ".in") }
|
217
|
+
.reject { |f| f.size > 500_000 }
|
218
|
+
.map { |f| fetch_file_from_host(f.name) }
|
219
|
+
.select { |f| requirements_file?(f) }
|
220
|
+
.each { |f| @req_txt_and_in_files << f }
|
220
221
|
|
221
|
-
repo_contents
|
222
|
-
select { |f| f.type == "dir" }
|
223
|
-
each { |f| @req_txt_and_in_files += req_files_for_dir(f) }
|
222
|
+
repo_contents
|
223
|
+
.select { |f| f.type == "dir" }
|
224
|
+
.each { |f| @req_txt_and_in_files += req_files_for_dir(f) }
|
224
225
|
|
225
226
|
@req_txt_and_in_files
|
226
227
|
end
|
@@ -230,12 +231,12 @@ module Dependabot
|
|
230
231
|
relative_reqs_dir =
|
231
232
|
requirements_dir.path.gsub(%r{^/?#{Regexp.escape(dir)}/?}, "")
|
232
233
|
|
233
|
-
repo_contents(dir: relative_reqs_dir)
|
234
|
-
select { |f| f.type == "file" }
|
235
|
-
select { |f| f.name.end_with?(".txt", ".in") }
|
236
|
-
reject { |f| f.size > 500_000 }
|
237
|
-
map { |f| fetch_file_from_host("#{relative_reqs_dir}/#{f.name}") }
|
238
|
-
select { |f| requirements_file?(f) }
|
234
|
+
repo_contents(dir: relative_reqs_dir)
|
235
|
+
.select { |f| f.type == "file" }
|
236
|
+
.select { |f| f.name.end_with?(".txt", ".in") }
|
237
|
+
.reject { |f| f.size > 500_000 }
|
238
|
+
.map { |f| fetch_file_from_host("#{relative_reqs_dir}/#{f.name}") }
|
239
|
+
.select { |f| requirements_file?(f) }
|
239
240
|
end
|
240
241
|
|
241
242
|
def child_requirement_txt_files
|
@@ -356,8 +357,8 @@ module Dependabot
|
|
356
357
|
|
357
358
|
begin
|
358
359
|
[
|
359
|
-
fetch_file_from_host(cfg_path, fetch_submodules: true)
|
360
|
-
tap { |f| f.support_file = true }
|
360
|
+
fetch_file_from_host(cfg_path, fetch_submodules: true)
|
361
|
+
.tap { |f| f.support_file = true }
|
361
362
|
]
|
362
363
|
rescue Dependabot::DependencyFileNotFound
|
363
364
|
# Ignore lack of a setup.cfg
|
@@ -384,31 +385,31 @@ module Dependabot
|
|
384
385
|
end
|
385
386
|
|
386
387
|
def requirement_txt_path_setup_file_paths
|
387
|
-
(requirements_txt_files + child_requirement_txt_files)
|
388
|
-
map { |req_file| parse_path_setup_paths(req_file) }
|
389
|
-
flatten.uniq
|
388
|
+
(requirements_txt_files + child_requirement_txt_files)
|
389
|
+
.map { |req_file| parse_path_setup_paths(req_file) }
|
390
|
+
.flatten.uniq
|
390
391
|
end
|
391
392
|
|
392
393
|
def requirement_in_path_setup_file_paths
|
393
|
-
requirements_in_files
|
394
|
-
map { |req_file| parse_path_setup_paths(req_file) }
|
395
|
-
flatten.uniq
|
394
|
+
requirements_in_files
|
395
|
+
.map { |req_file| parse_path_setup_paths(req_file) }
|
396
|
+
.flatten.uniq
|
396
397
|
end
|
397
398
|
|
398
399
|
def parse_path_setup_paths(req_file)
|
399
400
|
uneditable_reqs =
|
400
|
-
req_file.content
|
401
|
-
|
402
|
-
|
403
|
-
|
404
|
-
|
401
|
+
req_file.content
|
402
|
+
.scan(/^['"]?(?:file:)?(?<path>\..*?)(?=\[|#|'|"|$)/)
|
403
|
+
.flatten
|
404
|
+
.map(&:strip)
|
405
|
+
.reject { |p| p.include?("://") }
|
405
406
|
|
406
407
|
editable_reqs =
|
407
|
-
req_file.content
|
408
|
-
|
409
|
-
|
410
|
-
|
411
|
-
|
408
|
+
req_file.content
|
409
|
+
.scan(/^(?:-e)\s+['"]?(?:file:)?(?<path>.*?)(?=\[|#|'|"|$)/)
|
410
|
+
.flatten
|
411
|
+
.map(&:strip)
|
412
|
+
.reject { |p| p.include?("://") || p.include?("git@") }
|
412
413
|
|
413
414
|
uneditable_reqs + editable_reqs
|
414
415
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "toml-rb"
|
@@ -110,8 +111,8 @@ module Dependabot
|
|
110
111
|
req = version_from_hash_or_string(requirement)
|
111
112
|
|
112
113
|
if pipfile_lock
|
113
|
-
details = parsed_pipfile_lock
|
114
|
-
dig(group, normalised_name(dep_name))
|
114
|
+
details = parsed_pipfile_lock
|
115
|
+
.dig(group, normalised_name(dep_name))
|
115
116
|
|
116
117
|
version = version_from_hash_or_string(details)
|
117
118
|
version&.gsub(/^===?/, "")
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "toml-rb"
|
@@ -205,9 +206,9 @@ module Dependabot
|
|
205
206
|
def version_from_lockfile(dep_name)
|
206
207
|
return unless parsed_lockfile
|
207
208
|
|
208
|
-
parsed_lockfile.fetch("package", [])
|
209
|
-
|
210
|
-
fetch("version", nil)
|
209
|
+
parsed_lockfile.fetch("package", [])
|
210
|
+
.find { |p| normalise(p.fetch("name")) == normalise(dep_name) }
|
211
|
+
&.fetch("version", nil)
|
211
212
|
end
|
212
213
|
|
213
214
|
def check_requirements(req)
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "toml-rb"
|
@@ -31,11 +32,11 @@ module Dependabot
|
|
31
32
|
# (e.g., Django 2.x implies Python 3)
|
32
33
|
def imputed_requirements
|
33
34
|
requirement_files.flat_map do |file|
|
34
|
-
file.content.lines
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
35
|
+
file.content.lines
|
36
|
+
.select { |l| l.include?(";") && l.include?("python") }
|
37
|
+
.filter_map { |l| l.match(/python_version(?<req>.*?["'].*?['"])/) }
|
38
|
+
.map { |re| re.named_captures.fetch("req").gsub(/['"]/, "") }
|
39
|
+
.select { |r| valid_requirement?(r) }
|
39
40
|
end
|
40
41
|
end
|
41
42
|
|
@@ -76,8 +77,8 @@ module Dependabot
|
|
76
77
|
def runtime_file_python_version
|
77
78
|
return unless runtime_file
|
78
79
|
|
79
|
-
file_version = runtime_file.content
|
80
|
-
|
80
|
+
file_version = runtime_file.content
|
81
|
+
.match(/(?<=python-).*/)&.to_s&.strip
|
81
82
|
return if file_version&.empty?
|
82
83
|
return unless pyenv_versions.include?("#{file_version}\n")
|
83
84
|
|
@@ -87,9 +88,9 @@ module Dependabot
|
|
87
88
|
def setup_file_requirement
|
88
89
|
return unless setup_file
|
89
90
|
|
90
|
-
req = setup_file.content
|
91
|
-
|
92
|
-
named_captures&.fetch("req")&.strip
|
91
|
+
req = setup_file.content
|
92
|
+
.match(/python_requires\s*=\s*['"](?<req>[^'"]+)['"]/)
|
93
|
+
&.named_captures&.fetch("req")&.strip
|
93
94
|
|
94
95
|
requirement_class.new(req)
|
95
96
|
req
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "dependabot/dependency"
|
@@ -108,9 +109,9 @@ module Dependabot
|
|
108
109
|
end
|
109
110
|
|
110
111
|
def write_temporary_dependency_files
|
111
|
-
dependency_files
|
112
|
-
reject { |f| f.name == ".python-version" }
|
113
|
-
each do |file|
|
112
|
+
dependency_files
|
113
|
+
.reject { |f| f.name == ".python-version" }
|
114
|
+
.each do |file|
|
114
115
|
path = file.name
|
115
116
|
FileUtils.mkdir_p(Pathname.new(path).dirname)
|
116
117
|
File.write(path, file.content)
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "dependabot/dependency"
|
@@ -54,16 +55,16 @@ module Dependabot
|
|
54
55
|
|
55
56
|
def pipenv_dependencies
|
56
57
|
@pipenv_dependencies ||=
|
57
|
-
PipfileFilesParser
|
58
|
-
new(dependency_files: dependency_files)
|
59
|
-
dependency_set
|
58
|
+
PipfileFilesParser
|
59
|
+
.new(dependency_files: dependency_files)
|
60
|
+
.dependency_set
|
60
61
|
end
|
61
62
|
|
62
63
|
def pyproject_file_dependencies
|
63
64
|
@pyproject_file_dependencies ||=
|
64
|
-
PyprojectFilesParser
|
65
|
-
new(dependency_files: dependency_files)
|
66
|
-
dependency_set
|
65
|
+
PyprojectFilesParser
|
66
|
+
.new(dependency_files: dependency_files)
|
67
|
+
.dependency_set
|
67
68
|
end
|
68
69
|
|
69
70
|
def requirement_dependencies
|
@@ -112,9 +113,9 @@ module Dependabot
|
|
112
113
|
|
113
114
|
def setup_file_dependencies
|
114
115
|
@setup_file_dependencies ||=
|
115
|
-
SetupFileParser
|
116
|
-
new(dependency_files: dependency_files)
|
117
|
-
dependency_set
|
116
|
+
SetupFileParser
|
117
|
+
.new(dependency_files: dependency_files)
|
118
|
+
.dependency_set
|
118
119
|
end
|
119
120
|
|
120
121
|
def lockfile_for_pip_compile_file?(filename)
|
@@ -159,9 +160,9 @@ module Dependabot
|
|
159
160
|
end
|
160
161
|
|
161
162
|
def write_temporary_dependency_files
|
162
|
-
dependency_files
|
163
|
-
reject { |f| f.name == ".python-version" }
|
164
|
-
each do |file|
|
163
|
+
dependency_files
|
164
|
+
.reject { |f| f.name == ".python-version" }
|
165
|
+
.each do |file|
|
165
166
|
path = file.name
|
166
167
|
FileUtils.mkdir_p(Pathname.new(path).dirname)
|
167
168
|
File.write(path, remove_imports(file))
|
@@ -171,10 +172,10 @@ module Dependabot
|
|
171
172
|
def remove_imports(file)
|
172
173
|
return file.content if file.path.end_with?(".tar.gz", ".whl", ".zip")
|
173
174
|
|
174
|
-
file.content.lines
|
175
|
-
|
176
|
-
|
177
|
-
|
175
|
+
file.content.lines
|
176
|
+
.reject { |l| l.match?(/^['"]?(?<path>\..*?)(?=\[|#|'|"|$)/) }
|
177
|
+
.reject { |l| l.match?(/^(?:-e)\s+['"]?(?<path>.*?)(?=\[|#|'|"|$)/) }
|
178
|
+
.join
|
178
179
|
end
|
179
180
|
|
180
181
|
def normalised_name(name, extras = [])
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "open3"
|
@@ -122,15 +123,15 @@ module Dependabot
|
|
122
123
|
|
123
124
|
def update_uncompiled_files(updated_files)
|
124
125
|
updated_filenames = updated_files.map(&:name)
|
125
|
-
old_reqs = dependency.previous_requirements
|
126
|
-
|
127
|
-
new_reqs = dependency.requirements
|
128
|
-
|
126
|
+
old_reqs = dependency.previous_requirements
|
127
|
+
.reject { |r| updated_filenames.include?(r[:file]) }
|
128
|
+
new_reqs = dependency.requirements
|
129
|
+
.reject { |r| updated_filenames.include?(r[:file]) }
|
129
130
|
|
130
131
|
return [] if new_reqs.none?
|
131
132
|
|
132
|
-
files = dependency_files
|
133
|
-
reject { |file| updated_filenames.include?(file.name) }
|
133
|
+
files = dependency_files
|
134
|
+
.reject { |file| updated_filenames.include?(file.name) }
|
134
135
|
|
135
136
|
args = dependency.to_h
|
136
137
|
args = args.keys.to_h { |k| [k.to_sym, args[k]] }
|
@@ -227,9 +228,9 @@ module Dependabot
|
|
227
228
|
return @sanitized_setup_file_content[file.name] if @sanitized_setup_file_content[file.name]
|
228
229
|
|
229
230
|
@sanitized_setup_file_content[file.name] =
|
230
|
-
SetupFileSanitizer
|
231
|
-
new(setup_file: file, setup_cfg: setup_cfg(file))
|
232
|
-
sanitized_content
|
231
|
+
SetupFileSanitizer
|
232
|
+
.new(setup_file: file, setup_cfg: setup_cfg(file))
|
233
|
+
.sanitized_content
|
233
234
|
end
|
234
235
|
|
235
236
|
def setup_cfg(file)
|
@@ -241,8 +242,8 @@ module Dependabot
|
|
241
242
|
def freeze_dependency_requirement(file)
|
242
243
|
return file.content unless file.name.end_with?(".in")
|
243
244
|
|
244
|
-
old_req = dependency.previous_requirements
|
245
|
-
|
245
|
+
old_req = dependency.previous_requirements
|
246
|
+
.find { |r| r[:file] == file.name }
|
246
247
|
|
247
248
|
return file.content unless old_req
|
248
249
|
return file.content if old_req == "==#{dependency.version}"
|
@@ -258,10 +259,10 @@ module Dependabot
|
|
258
259
|
def update_dependency_requirement(file)
|
259
260
|
return file.content unless file.name.end_with?(".in")
|
260
261
|
|
261
|
-
old_req = dependency.previous_requirements
|
262
|
-
|
263
|
-
new_req = dependency.requirements
|
264
|
-
|
262
|
+
old_req = dependency.previous_requirements
|
263
|
+
.find { |r| r[:file] == file.name }
|
264
|
+
new_req = dependency.requirements
|
265
|
+
.find { |r| r[:file] == file.name }
|
265
266
|
return file.content unless old_req&.fetch(:requirement)
|
266
267
|
return file.content if old_req == new_req
|
267
268
|
|
@@ -299,9 +300,9 @@ module Dependabot
|
|
299
300
|
next update_count += 1 if updated_content.include?(original_line)
|
300
301
|
|
301
302
|
line_to_update =
|
302
|
-
updated_content.lines
|
303
|
-
|
304
|
-
|
303
|
+
updated_content.lines
|
304
|
+
.select { |l| l.start_with?("-e") }
|
305
|
+
.at(update_count)
|
305
306
|
raise "Mismatch in editable requirements!" unless line_to_update
|
306
307
|
|
307
308
|
content = content.gsub(line_to_update, original_line)
|
@@ -339,8 +340,8 @@ module Dependabot
|
|
339
340
|
).sort.join(hash_separator(mtch.to_s))
|
340
341
|
)
|
341
342
|
|
342
|
-
updated_content_with_hashes = updated_content_with_hashes
|
343
|
-
gsub(mtch.to_s, updated_string)
|
343
|
+
updated_content_with_hashes = updated_content_with_hashes
|
344
|
+
.gsub(mtch.to_s, updated_string)
|
344
345
|
end
|
345
346
|
updated_content_with_hashes
|
346
347
|
end
|
@@ -387,15 +388,15 @@ module Dependabot
|
|
387
388
|
return unless requirement_string.match?(hash_regex)
|
388
389
|
|
389
390
|
current_separator =
|
390
|
-
requirement_string
|
391
|
-
match(/#{hash_regex}((?<separator>\s*\\?\s*?)#{hash_regex})*/)
|
392
|
-
named_captures.fetch("separator")
|
391
|
+
requirement_string
|
392
|
+
.match(/#{hash_regex}((?<separator>\s*\\?\s*?)#{hash_regex})*/)
|
393
|
+
.named_captures.fetch("separator")
|
393
394
|
|
394
395
|
default_separator =
|
395
|
-
requirement_string
|
396
|
-
match(RequirementParser::HASH)
|
397
|
-
pre_match.match(/(?<separator>\s*\\?\s*?)\z/)
|
398
|
-
named_captures.fetch("separator")
|
396
|
+
requirement_string
|
397
|
+
.match(RequirementParser::HASH)
|
398
|
+
.pre_match.match(/(?<separator>\s*\\?\s*?)\z/)
|
399
|
+
.named_captures.fetch("separator")
|
399
400
|
|
400
401
|
current_separator || default_separator
|
401
402
|
end
|
@@ -446,9 +447,9 @@ module Dependabot
|
|
446
447
|
end
|
447
448
|
|
448
449
|
def pip_compile_index_options
|
449
|
-
credentials
|
450
|
-
select { |cred| cred["type"] == "python_index" }
|
451
|
-
map do |cred|
|
450
|
+
credentials
|
451
|
+
.select { |cred| cred["type"] == "python_index" }
|
452
|
+
.map do |cred|
|
452
453
|
authed_url = AuthedUrlBuilder.authed_url(credential: cred)
|
453
454
|
|
454
455
|
if cred["replaces-base"]
|
@@ -465,9 +466,9 @@ module Dependabot
|
|
465
466
|
|
466
467
|
def filenames_to_compile
|
467
468
|
files_from_reqs =
|
468
|
-
dependency.requirements
|
469
|
-
|
470
|
-
|
469
|
+
dependency.requirements
|
470
|
+
.map { |r| r[:file] }
|
471
|
+
.select { |fn| fn.end_with?(".in") }
|
471
472
|
|
472
473
|
files_from_compiled_files =
|
473
474
|
pip_compile_files.map(&:name).select do |fn|
|
@@ -482,12 +483,12 @@ module Dependabot
|
|
482
483
|
|
483
484
|
def compiled_file_for_filename(filename)
|
484
485
|
compiled_file =
|
485
|
-
compiled_files
|
486
|
-
find { |f| f.content.match?(output_file_regex(filename)) }
|
486
|
+
compiled_files
|
487
|
+
.find { |f| f.content.match?(output_file_regex(filename)) }
|
487
488
|
|
488
489
|
compiled_file ||=
|
489
|
-
compiled_files
|
490
|
-
find { |f| f.name == filename.gsub(/\.in$/, ".txt") }
|
490
|
+
compiled_files
|
491
|
+
.find { |f| f.name == filename.gsub(/\.in$/, ".txt") }
|
491
492
|
|
492
493
|
compiled_file
|
493
494
|
end
|
@@ -517,8 +518,8 @@ module Dependabot
|
|
517
518
|
|
518
519
|
while (remaining_filenames = filenames - ordered_filenames).any?
|
519
520
|
ordered_filenames +=
|
520
|
-
remaining_filenames
|
521
|
-
reject do |fn|
|
521
|
+
remaining_filenames
|
522
|
+
.reject do |fn|
|
522
523
|
unupdated_reqs = requirement_map[fn] - ordered_filenames
|
523
524
|
unupdated_reqs.intersect?(filenames)
|
524
525
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "toml-rb"
|
@@ -136,15 +137,15 @@ module Dependabot
|
|
136
137
|
end
|
137
138
|
|
138
139
|
def freeze_other_dependencies(pipfile_content)
|
139
|
-
PipfilePreparer
|
140
|
-
new(pipfile_content: pipfile_content, lockfile: lockfile)
|
141
|
-
freeze_top_level_dependencies_except(dependencies)
|
140
|
+
PipfilePreparer
|
141
|
+
.new(pipfile_content: pipfile_content, lockfile: lockfile)
|
142
|
+
.freeze_top_level_dependencies_except(dependencies)
|
142
143
|
end
|
143
144
|
|
144
145
|
def update_python_requirement(pipfile_content)
|
145
|
-
PipfilePreparer
|
146
|
-
new(pipfile_content: pipfile_content)
|
147
|
-
update_python_requirement(language_version_manager.python_major_minor)
|
146
|
+
PipfilePreparer
|
147
|
+
.new(pipfile_content: pipfile_content)
|
148
|
+
.update_python_requirement(language_version_manager.python_major_minor)
|
148
149
|
end
|
149
150
|
|
150
151
|
# rubocop:disable Metrics/PerceivedComplexity
|
@@ -174,19 +175,19 @@ module Dependabot
|
|
174
175
|
def subdep_type?(type)
|
175
176
|
return false if dependency.top_level?
|
176
177
|
|
177
|
-
lockfile_type = Python::FileParser::DEPENDENCY_GROUP_KEYS
|
178
|
-
find { |i| i.fetch(:pipfile) == type }
|
179
|
-
fetch(:lockfile)
|
178
|
+
lockfile_type = Python::FileParser::DEPENDENCY_GROUP_KEYS
|
179
|
+
.find { |i| i.fetch(:pipfile) == type }
|
180
|
+
.fetch(:lockfile)
|
180
181
|
|
181
|
-
JSON.parse(lockfile.content)
|
182
|
-
|
183
|
-
|
182
|
+
JSON.parse(lockfile.content)
|
183
|
+
.fetch(lockfile_type, {})
|
184
|
+
.keys.any? { |k| normalise(k) == dependency.name }
|
184
185
|
end
|
185
186
|
|
186
187
|
def add_private_sources(pipfile_content)
|
187
|
-
PipfilePreparer
|
188
|
-
new(pipfile_content: pipfile_content)
|
189
|
-
replace_sources(credentials)
|
188
|
+
PipfilePreparer
|
189
|
+
.new(pipfile_content: pipfile_content)
|
190
|
+
.replace_sources(credentials)
|
190
191
|
end
|
191
192
|
|
192
193
|
def updated_generated_files
|
@@ -227,9 +228,9 @@ module Dependabot
|
|
227
228
|
new_lockfile_json["_meta"]["requires"] = original_reqs
|
228
229
|
new_lockfile_json["_meta"]["sources"] = original_source
|
229
230
|
|
230
|
-
JSON.pretty_generate(new_lockfile_json, indent: " ")
|
231
|
-
|
232
|
-
|
231
|
+
JSON.pretty_generate(new_lockfile_json, indent: " ")
|
232
|
+
.gsub(/\{\n\s*\}/, "{}")
|
233
|
+
.gsub(/\}\z/, "}\n")
|
233
234
|
end
|
234
235
|
|
235
236
|
def generate_updated_requirements_files
|
@@ -311,9 +312,9 @@ module Dependabot
|
|
311
312
|
return @sanitized_setup_file_content[file.name] if @sanitized_setup_file_content[file.name]
|
312
313
|
|
313
314
|
@sanitized_setup_file_content[file.name] =
|
314
|
-
SetupFileSanitizer
|
315
|
-
new(setup_file: file, setup_cfg: setup_cfg(file))
|
316
|
-
sanitized_content
|
315
|
+
SetupFileSanitizer
|
316
|
+
.new(setup_file: file, setup_cfg: setup_cfg(file))
|
317
|
+
.sanitized_content
|
317
318
|
end
|
318
319
|
|
319
320
|
def setup_cfg(file)
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "dependabot/python/file_updater"
|
@@ -12,9 +13,9 @@ module Dependabot
|
|
12
13
|
end
|
13
14
|
|
14
15
|
def updated_manifest_content
|
15
|
-
dependencies
|
16
|
-
select { |dep| requirement_changed?(dep) }
|
17
|
-
reduce(manifest.content.dup) do |content, dep|
|
16
|
+
dependencies
|
17
|
+
.select { |dep| requirement_changed?(dep) }
|
18
|
+
.reduce(manifest.content.dup) do |content, dep|
|
18
19
|
updated_content = content
|
19
20
|
|
20
21
|
updated_content = update_requirements(
|
@@ -37,9 +38,9 @@ module Dependabot
|
|
37
38
|
|
38
39
|
# The UpdateChecker ensures the order of requirements is preserved
|
39
40
|
# when updating, so we can zip them together in new/old pairs.
|
40
|
-
reqs = dependency.requirements
|
41
|
-
|
42
|
-
|
41
|
+
reqs = dependency.requirements
|
42
|
+
.zip(dependency.previous_requirements)
|
43
|
+
.reject { |new_req, old_req| new_req == old_req }
|
43
44
|
|
44
45
|
# Loop through each changed requirement
|
45
46
|
reqs.each do |new_req, old_req|
|
@@ -59,8 +60,8 @@ module Dependabot
|
|
59
60
|
end
|
60
61
|
|
61
62
|
def update_manifest_req(content:, dep:, old_req:, new_req:)
|
62
|
-
simple_declaration = content.scan(declaration_regex(dep))
|
63
|
-
|
63
|
+
simple_declaration = content.scan(declaration_regex(dep))
|
64
|
+
.find { |m| m.include?(old_req) }
|
64
65
|
|
65
66
|
if simple_declaration
|
66
67
|
simple_declaration_regex =
|
@@ -70,8 +71,8 @@ module Dependabot
|
|
70
71
|
end
|
71
72
|
elsif content.match?(table_declaration_version_regex(dep))
|
72
73
|
content.gsub(table_declaration_version_regex(dep)) do |part|
|
73
|
-
line = content.match(table_declaration_version_regex(dep))
|
74
|
-
|
74
|
+
line = content.match(table_declaration_version_regex(dep))
|
75
|
+
.named_captures.fetch("version_declaration")
|
75
76
|
new_line = line.gsub(old_req, new_req)
|
76
77
|
part.gsub(line, new_line)
|
77
78
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "toml-rb"
|
@@ -116,9 +117,9 @@ module Dependabot
|
|
116
117
|
if source["url"].include?("${")
|
117
118
|
base_url = source["url"].sub(/\${.*}@/, "")
|
118
119
|
|
119
|
-
source_cred = credentials
|
120
|
-
select { |cred| cred["type"] == "python_index" }
|
121
|
-
find { |c| c["index-url"].sub(/\${.*}@/, "") == base_url }
|
120
|
+
source_cred = credentials
|
121
|
+
.select { |cred| cred["type"] == "python_index" }
|
122
|
+
.find { |c| c["index-url"].sub(/\${.*}@/, "") == base_url }
|
122
123
|
|
123
124
|
return nil if source_cred.nil?
|
124
125
|
|