dependabot-python 0.230.0 → 0.231.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (36) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/python/authed_url_builder.rb +1 -0
  3. data/lib/dependabot/python/file_fetcher.rb +41 -40
  4. data/lib/dependabot/python/file_parser/pipfile_files_parser.rb +3 -2
  5. data/lib/dependabot/python/file_parser/pyproject_files_parser.rb +4 -3
  6. data/lib/dependabot/python/file_parser/python_requirement_parser.rb +11 -10
  7. data/lib/dependabot/python/file_parser/setup_file_parser.rb +4 -3
  8. data/lib/dependabot/python/file_parser.rb +17 -16
  9. data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb +40 -39
  10. data/lib/dependabot/python/file_updater/pipfile_file_updater.rb +22 -21
  11. data/lib/dependabot/python/file_updater/pipfile_manifest_updater.rb +11 -10
  12. data/lib/dependabot/python/file_updater/pipfile_preparer.rb +4 -3
  13. data/lib/dependabot/python/file_updater/poetry_file_updater.rb +21 -20
  14. data/lib/dependabot/python/file_updater/pyproject_preparer.rb +6 -5
  15. data/lib/dependabot/python/file_updater/requirement_file_updater.rb +1 -0
  16. data/lib/dependabot/python/file_updater/requirement_replacer.rb +28 -27
  17. data/lib/dependabot/python/file_updater/setup_file_sanitizer.rb +5 -4
  18. data/lib/dependabot/python/file_updater.rb +4 -3
  19. data/lib/dependabot/python/helpers.rb +1 -0
  20. data/lib/dependabot/python/language_version_manager.rb +1 -0
  21. data/lib/dependabot/python/metadata_finder.rb +4 -3
  22. data/lib/dependabot/python/name_normaliser.rb +1 -0
  23. data/lib/dependabot/python/native_helpers.rb +1 -0
  24. data/lib/dependabot/python/requirement.rb +16 -15
  25. data/lib/dependabot/python/requirement_parser.rb +1 -0
  26. data/lib/dependabot/python/update_checker/index_finder.rb +27 -26
  27. data/lib/dependabot/python/update_checker/latest_version_finder.rb +13 -12
  28. data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb +18 -17
  29. data/lib/dependabot/python/update_checker/pip_version_resolver.rb +5 -4
  30. data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb +34 -33
  31. data/lib/dependabot/python/update_checker/poetry_version_resolver.rb +20 -19
  32. data/lib/dependabot/python/update_checker/requirements_updater.rb +28 -27
  33. data/lib/dependabot/python/update_checker.rb +7 -6
  34. data/lib/dependabot/python/version.rb +13 -12
  35. data/lib/dependabot/python.rb +3 -2
  36. metadata +19 -5
@@ -1,3 +1,4 @@
1
+ # typed: false
1
2
  # frozen_string_literal: true
2
3
 
3
4
  require "excon"
@@ -100,9 +101,9 @@ module Dependabot
100
101
  deps = updated_lockfile[group] || {}
101
102
 
102
103
  version =
103
- deps.transform_keys { |k| normalise(k) }.
104
- dig(dependency.name, "version")&.
105
- gsub(/^==/, "")
104
+ deps.transform_keys { |k| normalise(k) }
105
+ .dig(dependency.name, "version")
106
+ &.gsub(/^==/, "")
106
107
 
107
108
  return version
108
109
  end
@@ -110,9 +111,9 @@ module Dependabot
110
111
  Python::FileParser::DEPENDENCY_GROUP_KEYS.each do |keys|
111
112
  deps = updated_lockfile[keys.fetch(:lockfile)] || {}
112
113
  version =
113
- deps.transform_keys { |k| normalise(k) }.
114
- dig(dependency.name, "version")&.
115
- gsub(/^==/, "")
114
+ deps.transform_keys { |k| normalise(k) }
115
+ .dig(dependency.name, "version")
116
+ &.gsub(/^==/, "")
116
117
 
117
118
  return version if version
118
119
  end
@@ -183,14 +184,14 @@ module Dependabot
183
184
  end
184
185
 
185
186
  if error.message.match?(GIT_DEPENDENCY_UNREACHABLE_REGEX)
186
- url = error.message.match(GIT_DEPENDENCY_UNREACHABLE_REGEX).
187
- named_captures.fetch("url")
187
+ url = error.message.match(GIT_DEPENDENCY_UNREACHABLE_REGEX)
188
+ .named_captures.fetch("url")
188
189
  raise GitDependenciesNotReachable, url
189
190
  end
190
191
 
191
192
  if error.message.match?(GIT_REFERENCE_NOT_FOUND_REGEX)
192
- name = error.message.match(GIT_REFERENCE_NOT_FOUND_REGEX).
193
- named_captures.fetch("name")
193
+ name = error.message.match(GIT_REFERENCE_NOT_FOUND_REGEX)
194
+ .named_captures.fetch("name")
194
195
  raise GitDependencyReferenceNotFound, name
195
196
  end
196
197
 
@@ -229,8 +230,8 @@ module Dependabot
229
230
 
230
231
  if error.message.include?("UnsupportedPythonVersion") &&
231
232
  language_version_manager.user_specified_python_version
232
- msg = clean_error_message(error.message).
233
- lines.take_while { |l| !l.start_with?("File") }.join.strip
233
+ msg = clean_error_message(error.message)
234
+ .lines.take_while { |l| !l.start_with?("File") }.join.strip
234
235
  raise if msg.empty?
235
236
 
236
237
  raise DependencyFileNotResolvable, msg
@@ -251,9 +252,9 @@ module Dependabot
251
252
  # Pipenv outputs a lot of things to STDERR, so we need to clean
252
253
  # up the error message
253
254
  msg_lines = message.lines
254
- msg = msg_lines.
255
- take_while { |l| !l.start_with?("During handling of") }.
256
- drop_while do |l|
255
+ msg = msg_lines
256
+ .take_while { |l| !l.start_with?("During handling of") }
257
+ .drop_while do |l|
257
258
  next false if l.start_with?("CRITICAL:")
258
259
  next false if l.start_with?("ERROR:")
259
260
  next false if l.start_with?("packaging.specifiers")
@@ -325,9 +326,9 @@ module Dependabot
325
326
  def sanitized_setup_file_content(file)
326
327
  @sanitized_setup_file_content ||= {}
327
328
  @sanitized_setup_file_content[file.name] ||=
328
- Python::FileUpdater::SetupFileSanitizer.
329
- new(setup_file: file, setup_cfg: setup_cfg(file)).
330
- sanitized_content
329
+ Python::FileUpdater::SetupFileSanitizer
330
+ .new(setup_file: file, setup_cfg: setup_cfg(file))
331
+ .sanitized_content
331
332
  end
332
333
 
333
334
  def setup_cfg(file)
@@ -345,15 +346,15 @@ module Dependabot
345
346
  end
346
347
 
347
348
  def freeze_other_dependencies(pipfile_content)
348
- Python::FileUpdater::PipfilePreparer.
349
- new(pipfile_content: pipfile_content, lockfile: lockfile).
350
- freeze_top_level_dependencies_except([dependency])
349
+ Python::FileUpdater::PipfilePreparer
350
+ .new(pipfile_content: pipfile_content, lockfile: lockfile)
351
+ .freeze_top_level_dependencies_except([dependency])
351
352
  end
352
353
 
353
354
  def update_python_requirement(pipfile_content)
354
- Python::FileUpdater::PipfilePreparer.
355
- new(pipfile_content: pipfile_content).
356
- update_python_requirement(language_version_manager.python_major_minor)
355
+ Python::FileUpdater::PipfilePreparer
356
+ .new(pipfile_content: pipfile_content)
357
+ .update_python_requirement(language_version_manager.python_major_minor)
357
358
  end
358
359
 
359
360
  # rubocop:disable Metrics/PerceivedComplexity
@@ -382,19 +383,19 @@ module Dependabot
382
383
  def subdep_type?(type)
383
384
  return false if dependency.top_level?
384
385
 
385
- lockfile_type = Python::FileParser::DEPENDENCY_GROUP_KEYS.
386
- find { |i| i.fetch(:pipfile) == type }.
387
- fetch(:lockfile)
386
+ lockfile_type = Python::FileParser::DEPENDENCY_GROUP_KEYS
387
+ .find { |i| i.fetch(:pipfile) == type }
388
+ .fetch(:lockfile)
388
389
 
389
- JSON.parse(lockfile.content).
390
- fetch(lockfile_type, {}).
391
- keys.any? { |k| normalise(k) == dependency.name }
390
+ JSON.parse(lockfile.content)
391
+ .fetch(lockfile_type, {})
392
+ .keys.any? { |k| normalise(k) == dependency.name }
392
393
  end
393
394
 
394
395
  def add_private_sources(pipfile_content)
395
- Python::FileUpdater::PipfilePreparer.
396
- new(pipfile_content: pipfile_content).
397
- replace_sources(credentials)
396
+ Python::FileUpdater::PipfilePreparer
397
+ .new(pipfile_content: pipfile_content)
398
+ .replace_sources(credentials)
398
399
  end
399
400
 
400
401
  def run_command(command, env: {})
@@ -1,3 +1,4 @@
1
+ # typed: false
1
2
  # frozen_string_literal: true
2
3
 
3
4
  require "excon"
@@ -100,9 +101,9 @@ module Dependabot
100
101
 
101
102
  def fetch_version_from_parsed_lockfile(updated_lockfile)
102
103
  version =
103
- updated_lockfile.fetch("package", []).
104
- find { |d| d["name"] && normalise(d["name"]) == dependency.name }&.
105
- fetch("version")
104
+ updated_lockfile.fetch("package", [])
105
+ .find { |d| d["name"] && normalise(d["name"]) == dependency.name }
106
+ &.fetch("version")
106
107
 
107
108
  return version unless version.nil? && dependency.top_level?
108
109
 
@@ -116,15 +117,15 @@ module Dependabot
116
117
  name = if (url = match.named_captures.fetch("url"))
117
118
  File.basename(URI.parse(url).path)
118
119
  else
119
- message.match(GIT_REFERENCE_NOT_FOUND_REGEX).
120
- named_captures.fetch("name")
120
+ message.match(GIT_REFERENCE_NOT_FOUND_REGEX)
121
+ .named_captures.fetch("name")
121
122
  end
122
123
  raise GitDependencyReferenceNotFound, name
123
124
  end
124
125
 
125
126
  if error.message.match?(GIT_DEPENDENCY_UNREACHABLE_REGEX)
126
- url = error.message.match(GIT_DEPENDENCY_UNREACHABLE_REGEX).
127
- named_captures.fetch("url")
127
+ url = error.message.match(GIT_DEPENDENCY_UNREACHABLE_REGEX)
128
+ .named_captures.fetch("url")
128
129
  raise GitDependenciesNotReachable, url
129
130
  end
130
131
 
@@ -199,9 +200,9 @@ module Dependabot
199
200
  end
200
201
 
201
202
  def add_auth_env_vars
202
- Python::FileUpdater::PyprojectPreparer.
203
- new(pyproject_content: pyproject.content).
204
- add_auth_env_vars(credentials)
203
+ Python::FileUpdater::PyprojectPreparer
204
+ .new(pyproject_content: pyproject.content)
205
+ .add_auth_env_vars(credentials)
205
206
  end
206
207
 
207
208
  def updated_pyproject_content(updated_requirement:)
@@ -221,21 +222,21 @@ module Dependabot
221
222
  end
222
223
 
223
224
  def sanitize_pyproject_content(pyproject_content)
224
- Python::FileUpdater::PyprojectPreparer.
225
- new(pyproject_content: pyproject_content).
226
- sanitize
225
+ Python::FileUpdater::PyprojectPreparer
226
+ .new(pyproject_content: pyproject_content)
227
+ .sanitize
227
228
  end
228
229
 
229
230
  def update_python_requirement(pyproject_content)
230
- Python::FileUpdater::PyprojectPreparer.
231
- new(pyproject_content: pyproject_content).
232
- update_python_requirement(language_version_manager.python_version)
231
+ Python::FileUpdater::PyprojectPreparer
232
+ .new(pyproject_content: pyproject_content)
233
+ .update_python_requirement(language_version_manager.python_version)
233
234
  end
234
235
 
235
236
  def freeze_other_dependencies(pyproject_content)
236
- Python::FileUpdater::PyprojectPreparer.
237
- new(pyproject_content: pyproject_content, lockfile: lockfile).
238
- freeze_top_level_dependencies_except([dependency])
237
+ Python::FileUpdater::PyprojectPreparer
238
+ .new(pyproject_content: pyproject_content, lockfile: lockfile)
239
+ .freeze_top_level_dependencies_except([dependency])
239
240
  end
240
241
 
241
242
  def set_target_dependency_req(pyproject_content, updated_requirement)
@@ -1,3 +1,4 @@
1
+ # typed: false
1
2
  # frozen_string_literal: true
2
3
 
3
4
  require "dependabot/python/requirement_parser"
@@ -142,8 +143,8 @@ module Dependabot
142
143
  end
143
144
 
144
145
  def add_new_requirement_option(req_string)
145
- option_to_copy = req_string.split(PYPROJECT_OR_SEPARATOR).last.
146
- split(PYPROJECT_SEPARATOR).first.strip
146
+ option_to_copy = req_string.split(PYPROJECT_OR_SEPARATOR).last
147
+ .split(PYPROJECT_SEPARATOR).first.strip
147
148
  operator = option_to_copy.gsub(/\d.*/, "").strip
148
149
 
149
150
  new_option =
@@ -174,8 +175,8 @@ module Dependabot
174
175
  requirement_strings.any? { |r| r.include?("*") }
175
176
  # If a compatibility operator is being used, widen its
176
177
  # range to include the new version
177
- v_req = requirement_strings.
178
- find { |r| r.start_with?("~", "^") || r.include?("*") }
178
+ v_req = requirement_strings
179
+ .find { |r| r.start_with?("~", "^") || r.include?("*") }
179
180
  convert_to_range(v_req, latest_resolvable_version)
180
181
  else
181
182
  # Otherwise we have a range, and need to update the upper bound
@@ -234,25 +235,25 @@ module Dependabot
234
235
  end
235
236
 
236
237
  def new_version_satisfies?(req)
237
- requirement_class.
238
- requirements_array(req.fetch(:requirement)).
239
- any? { |r| r.satisfied_by?(latest_resolvable_version) }
238
+ requirement_class
239
+ .requirements_array(req.fetch(:requirement))
240
+ .any? { |r| r.satisfied_by?(latest_resolvable_version) }
240
241
  end
241
242
 
242
243
  def find_and_update_equality_match(requirement_strings)
243
244
  if requirement_strings.any? { |r| requirement_class.new(r).exact? }
244
245
  # True equality match
245
- requirement_strings.find { |r| requirement_class.new(r).exact? }.
246
- sub(
247
- RequirementParser::VERSION,
248
- latest_resolvable_version.to_s
249
- )
246
+ requirement_strings.find { |r| requirement_class.new(r).exact? }
247
+ .sub(
248
+ RequirementParser::VERSION,
249
+ latest_resolvable_version.to_s
250
+ )
250
251
  else
251
252
  # Prefix match
252
- requirement_strings.find { |r| r.match?(/^(=+|\d)/) }.
253
- sub(RequirementParser::VERSION) do |v|
254
- at_same_precision(latest_resolvable_version.to_s, v)
255
- end
253
+ requirement_strings.find { |r| r.match?(/^(=+|\d)/) }
254
+ .sub(RequirementParser::VERSION) do |v|
255
+ at_same_precision(latest_resolvable_version.to_s, v)
256
+ end
256
257
  end
257
258
  end
258
259
 
@@ -262,11 +263,11 @@ module Dependabot
262
263
  count = old_version.split(".").count
263
264
  precision = old_version.split(".").index("*") || count
264
265
 
265
- new_version.
266
- split(".").
267
- first(count).
268
- map.with_index { |s, i| i < precision ? s : "*" }.
269
- join(".")
266
+ new_version
267
+ .split(".")
268
+ .first(count)
269
+ .map.with_index { |s, i| i < precision ? s : "*" }
270
+ .join(".")
270
271
  end
271
272
 
272
273
  def update_requirements_range(requirement_strings)
@@ -288,16 +289,16 @@ module Dependabot
288
289
  end
289
290
  end.compact
290
291
 
291
- updated_requirement_strings.
292
- sort_by { |r| requirement_class.new(r).requirements.first.last }.
293
- map(&:to_s).join(",").delete(" ")
292
+ updated_requirement_strings
293
+ .sort_by { |r| requirement_class.new(r).requirements.first.last }
294
+ .map(&:to_s).join(",").delete(" ")
294
295
  end
295
296
 
296
297
  # Updates the version in a constraint to be the given version
297
298
  def bump_version(req_string, version_to_be_permitted)
298
- old_version = req_string.
299
- match(/(#{RequirementParser::VERSION})/o).
300
- captures.first
299
+ old_version = req_string
300
+ .match(/(#{RequirementParser::VERSION})/o)
301
+ .captures.first
301
302
 
302
303
  req_string.sub(
303
304
  old_version,
@@ -1,3 +1,4 @@
1
+ # typed: false
1
2
  # frozen_string_literal: true
2
3
 
3
4
  require "excon"
@@ -227,12 +228,12 @@ module Dependabot
227
228
  return ">= #{dependency.version}" if dependency.version
228
229
 
229
230
  version_for_requirement =
230
- requirements.filter_map { |r| r[:requirement] }.
231
- reject { |req_string| req_string.start_with?("<") }.
232
- select { |req_string| req_string.match?(VERSION_REGEX) }.
233
- map { |req_string| req_string.match(VERSION_REGEX) }.
234
- select { |version| Gem::Version.correct?(version) }.
235
- max_by { |version| Gem::Version.new(version) }
231
+ requirements.filter_map { |r| r[:requirement] }
232
+ .reject { |req_string| req_string.start_with?("<") }
233
+ .select { |req_string| req_string.match?(VERSION_REGEX) }
234
+ .map { |req_string| req_string.match(VERSION_REGEX) }
235
+ .select { |version| Gem::Version.correct?(version) }
236
+ .max_by { |version| Gem::Version.new(version) }
236
237
 
237
238
  ">= #{version_for_requirement || 0}"
238
239
  end
@@ -1,3 +1,4 @@
1
+ # typed: false
1
2
  # frozen_string_literal: true
2
3
 
3
4
  require "dependabot/version"
@@ -106,20 +107,20 @@ module Dependabot
106
107
  # Further, Python treats dashes as a separator between version
107
108
  # parts and treats the alphabetical characters in strings as the
108
109
  # start of a new version part (so 1.1a2 == 1.1.alpha.2).
109
- version.
110
- gsub("alpha", "a").
111
- gsub("beta", "b").
112
- gsub("preview", "c").
113
- gsub("pre", "c").
114
- gsub("post", "r").
115
- gsub("rev", "r").
116
- gsub(/([\d.\-_])rc([\d.\-_])?/, '\1c\2').
117
- tr("-", ".").
118
- gsub(/(\d)([a-z])/i, '\1.\2')
110
+ version
111
+ .gsub("alpha", "a")
112
+ .gsub("beta", "b")
113
+ .gsub("preview", "c")
114
+ .gsub("pre", "c")
115
+ .gsub("post", "r")
116
+ .gsub("rev", "r")
117
+ .gsub(/([\d.\-_])rc([\d.\-_])?/, '\1c\2')
118
+ .tr("-", ".")
119
+ .gsub(/(\d)([a-z])/i, '\1.\2')
119
120
  end
120
121
  end
121
122
  end
122
123
  end
123
124
 
124
- Dependabot::Utils.
125
- register_version_class("pip", Dependabot::Python::Version)
125
+ Dependabot::Utils
126
+ .register_version_class("pip", Dependabot::Python::Version)
@@ -1,3 +1,4 @@
1
+ # typed: false
1
2
  # frozen_string_literal: true
2
3
 
3
4
  # These all need to be required so the various classes can be registered in a
@@ -12,8 +13,8 @@ require "dependabot/python/version"
12
13
  require "dependabot/python/name_normaliser"
13
14
 
14
15
  require "dependabot/pull_request_creator/labeler"
15
- Dependabot::PullRequestCreator::Labeler.
16
- register_label_details("pip", name: "python", colour: "2b67c6")
16
+ Dependabot::PullRequestCreator::Labeler
17
+ .register_label_details("pip", name: "python", colour: "2b67c6")
17
18
 
18
19
  require "dependabot/dependency"
19
20
  Dependabot::Dependency.register_production_check(
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.230.0
4
+ version: 0.231.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-09-08 00:00:00.000000000 Z
11
+ date: 2023-09-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.230.0
19
+ version: 0.231.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.230.0
26
+ version: 0.231.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -136,6 +136,20 @@ dependencies:
136
136
  - - "~>"
137
137
  - !ruby/object:Gem::Version
138
138
  version: 1.19.0
139
+ - !ruby/object:Gem::Dependency
140
+ name: rubocop-sorbet
141
+ requirement: !ruby/object:Gem::Requirement
142
+ requirements:
143
+ - - "~>"
144
+ - !ruby/object:Gem::Version
145
+ version: 0.7.3
146
+ type: :development
147
+ prerelease: false
148
+ version_requirements: !ruby/object:Gem::Requirement
149
+ requirements:
150
+ - - "~>"
151
+ - !ruby/object:Gem::Version
152
+ version: 0.7.3
139
153
  - !ruby/object:Gem::Dependency
140
154
  name: stackprof
141
155
  requirement: !ruby/object:Gem::Requirement
@@ -231,7 +245,7 @@ licenses:
231
245
  - Nonstandard
232
246
  metadata:
233
247
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
234
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.230.0
248
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.231.0
235
249
  post_install_message:
236
250
  rdoc_options: []
237
251
  require_paths: