dependabot-python 0.230.0 → 0.231.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (36) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/python/authed_url_builder.rb +1 -0
  3. data/lib/dependabot/python/file_fetcher.rb +41 -40
  4. data/lib/dependabot/python/file_parser/pipfile_files_parser.rb +3 -2
  5. data/lib/dependabot/python/file_parser/pyproject_files_parser.rb +4 -3
  6. data/lib/dependabot/python/file_parser/python_requirement_parser.rb +11 -10
  7. data/lib/dependabot/python/file_parser/setup_file_parser.rb +4 -3
  8. data/lib/dependabot/python/file_parser.rb +17 -16
  9. data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb +40 -39
  10. data/lib/dependabot/python/file_updater/pipfile_file_updater.rb +22 -21
  11. data/lib/dependabot/python/file_updater/pipfile_manifest_updater.rb +11 -10
  12. data/lib/dependabot/python/file_updater/pipfile_preparer.rb +4 -3
  13. data/lib/dependabot/python/file_updater/poetry_file_updater.rb +21 -20
  14. data/lib/dependabot/python/file_updater/pyproject_preparer.rb +6 -5
  15. data/lib/dependabot/python/file_updater/requirement_file_updater.rb +1 -0
  16. data/lib/dependabot/python/file_updater/requirement_replacer.rb +28 -27
  17. data/lib/dependabot/python/file_updater/setup_file_sanitizer.rb +5 -4
  18. data/lib/dependabot/python/file_updater.rb +4 -3
  19. data/lib/dependabot/python/helpers.rb +1 -0
  20. data/lib/dependabot/python/language_version_manager.rb +1 -0
  21. data/lib/dependabot/python/metadata_finder.rb +4 -3
  22. data/lib/dependabot/python/name_normaliser.rb +1 -0
  23. data/lib/dependabot/python/native_helpers.rb +1 -0
  24. data/lib/dependabot/python/requirement.rb +16 -15
  25. data/lib/dependabot/python/requirement_parser.rb +1 -0
  26. data/lib/dependabot/python/update_checker/index_finder.rb +27 -26
  27. data/lib/dependabot/python/update_checker/latest_version_finder.rb +13 -12
  28. data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb +18 -17
  29. data/lib/dependabot/python/update_checker/pip_version_resolver.rb +5 -4
  30. data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb +34 -33
  31. data/lib/dependabot/python/update_checker/poetry_version_resolver.rb +20 -19
  32. data/lib/dependabot/python/update_checker/requirements_updater.rb +28 -27
  33. data/lib/dependabot/python/update_checker.rb +7 -6
  34. data/lib/dependabot/python/version.rb +13 -12
  35. data/lib/dependabot/python.rb +3 -2
  36. metadata +19 -5
@@ -1,3 +1,4 @@
1
+ # typed: false
1
2
  # frozen_string_literal: true
2
3
 
3
4
  require "excon"
@@ -100,9 +101,9 @@ module Dependabot
100
101
  deps = updated_lockfile[group] || {}
101
102
 
102
103
  version =
103
- deps.transform_keys { |k| normalise(k) }.
104
- dig(dependency.name, "version")&.
105
- gsub(/^==/, "")
104
+ deps.transform_keys { |k| normalise(k) }
105
+ .dig(dependency.name, "version")
106
+ &.gsub(/^==/, "")
106
107
 
107
108
  return version
108
109
  end
@@ -110,9 +111,9 @@ module Dependabot
110
111
  Python::FileParser::DEPENDENCY_GROUP_KEYS.each do |keys|
111
112
  deps = updated_lockfile[keys.fetch(:lockfile)] || {}
112
113
  version =
113
- deps.transform_keys { |k| normalise(k) }.
114
- dig(dependency.name, "version")&.
115
- gsub(/^==/, "")
114
+ deps.transform_keys { |k| normalise(k) }
115
+ .dig(dependency.name, "version")
116
+ &.gsub(/^==/, "")
116
117
 
117
118
  return version if version
118
119
  end
@@ -183,14 +184,14 @@ module Dependabot
183
184
  end
184
185
 
185
186
  if error.message.match?(GIT_DEPENDENCY_UNREACHABLE_REGEX)
186
- url = error.message.match(GIT_DEPENDENCY_UNREACHABLE_REGEX).
187
- named_captures.fetch("url")
187
+ url = error.message.match(GIT_DEPENDENCY_UNREACHABLE_REGEX)
188
+ .named_captures.fetch("url")
188
189
  raise GitDependenciesNotReachable, url
189
190
  end
190
191
 
191
192
  if error.message.match?(GIT_REFERENCE_NOT_FOUND_REGEX)
192
- name = error.message.match(GIT_REFERENCE_NOT_FOUND_REGEX).
193
- named_captures.fetch("name")
193
+ name = error.message.match(GIT_REFERENCE_NOT_FOUND_REGEX)
194
+ .named_captures.fetch("name")
194
195
  raise GitDependencyReferenceNotFound, name
195
196
  end
196
197
 
@@ -229,8 +230,8 @@ module Dependabot
229
230
 
230
231
  if error.message.include?("UnsupportedPythonVersion") &&
231
232
  language_version_manager.user_specified_python_version
232
- msg = clean_error_message(error.message).
233
- lines.take_while { |l| !l.start_with?("File") }.join.strip
233
+ msg = clean_error_message(error.message)
234
+ .lines.take_while { |l| !l.start_with?("File") }.join.strip
234
235
  raise if msg.empty?
235
236
 
236
237
  raise DependencyFileNotResolvable, msg
@@ -251,9 +252,9 @@ module Dependabot
251
252
  # Pipenv outputs a lot of things to STDERR, so we need to clean
252
253
  # up the error message
253
254
  msg_lines = message.lines
254
- msg = msg_lines.
255
- take_while { |l| !l.start_with?("During handling of") }.
256
- drop_while do |l|
255
+ msg = msg_lines
256
+ .take_while { |l| !l.start_with?("During handling of") }
257
+ .drop_while do |l|
257
258
  next false if l.start_with?("CRITICAL:")
258
259
  next false if l.start_with?("ERROR:")
259
260
  next false if l.start_with?("packaging.specifiers")
@@ -325,9 +326,9 @@ module Dependabot
325
326
  def sanitized_setup_file_content(file)
326
327
  @sanitized_setup_file_content ||= {}
327
328
  @sanitized_setup_file_content[file.name] ||=
328
- Python::FileUpdater::SetupFileSanitizer.
329
- new(setup_file: file, setup_cfg: setup_cfg(file)).
330
- sanitized_content
329
+ Python::FileUpdater::SetupFileSanitizer
330
+ .new(setup_file: file, setup_cfg: setup_cfg(file))
331
+ .sanitized_content
331
332
  end
332
333
 
333
334
  def setup_cfg(file)
@@ -345,15 +346,15 @@ module Dependabot
345
346
  end
346
347
 
347
348
  def freeze_other_dependencies(pipfile_content)
348
- Python::FileUpdater::PipfilePreparer.
349
- new(pipfile_content: pipfile_content, lockfile: lockfile).
350
- freeze_top_level_dependencies_except([dependency])
349
+ Python::FileUpdater::PipfilePreparer
350
+ .new(pipfile_content: pipfile_content, lockfile: lockfile)
351
+ .freeze_top_level_dependencies_except([dependency])
351
352
  end
352
353
 
353
354
  def update_python_requirement(pipfile_content)
354
- Python::FileUpdater::PipfilePreparer.
355
- new(pipfile_content: pipfile_content).
356
- update_python_requirement(language_version_manager.python_major_minor)
355
+ Python::FileUpdater::PipfilePreparer
356
+ .new(pipfile_content: pipfile_content)
357
+ .update_python_requirement(language_version_manager.python_major_minor)
357
358
  end
358
359
 
359
360
  # rubocop:disable Metrics/PerceivedComplexity
@@ -382,19 +383,19 @@ module Dependabot
382
383
  def subdep_type?(type)
383
384
  return false if dependency.top_level?
384
385
 
385
- lockfile_type = Python::FileParser::DEPENDENCY_GROUP_KEYS.
386
- find { |i| i.fetch(:pipfile) == type }.
387
- fetch(:lockfile)
386
+ lockfile_type = Python::FileParser::DEPENDENCY_GROUP_KEYS
387
+ .find { |i| i.fetch(:pipfile) == type }
388
+ .fetch(:lockfile)
388
389
 
389
- JSON.parse(lockfile.content).
390
- fetch(lockfile_type, {}).
391
- keys.any? { |k| normalise(k) == dependency.name }
390
+ JSON.parse(lockfile.content)
391
+ .fetch(lockfile_type, {})
392
+ .keys.any? { |k| normalise(k) == dependency.name }
392
393
  end
393
394
 
394
395
  def add_private_sources(pipfile_content)
395
- Python::FileUpdater::PipfilePreparer.
396
- new(pipfile_content: pipfile_content).
397
- replace_sources(credentials)
396
+ Python::FileUpdater::PipfilePreparer
397
+ .new(pipfile_content: pipfile_content)
398
+ .replace_sources(credentials)
398
399
  end
399
400
 
400
401
  def run_command(command, env: {})
@@ -1,3 +1,4 @@
1
+ # typed: false
1
2
  # frozen_string_literal: true
2
3
 
3
4
  require "excon"
@@ -100,9 +101,9 @@ module Dependabot
100
101
 
101
102
  def fetch_version_from_parsed_lockfile(updated_lockfile)
102
103
  version =
103
- updated_lockfile.fetch("package", []).
104
- find { |d| d["name"] && normalise(d["name"]) == dependency.name }&.
105
- fetch("version")
104
+ updated_lockfile.fetch("package", [])
105
+ .find { |d| d["name"] && normalise(d["name"]) == dependency.name }
106
+ &.fetch("version")
106
107
 
107
108
  return version unless version.nil? && dependency.top_level?
108
109
 
@@ -116,15 +117,15 @@ module Dependabot
116
117
  name = if (url = match.named_captures.fetch("url"))
117
118
  File.basename(URI.parse(url).path)
118
119
  else
119
- message.match(GIT_REFERENCE_NOT_FOUND_REGEX).
120
- named_captures.fetch("name")
120
+ message.match(GIT_REFERENCE_NOT_FOUND_REGEX)
121
+ .named_captures.fetch("name")
121
122
  end
122
123
  raise GitDependencyReferenceNotFound, name
123
124
  end
124
125
 
125
126
  if error.message.match?(GIT_DEPENDENCY_UNREACHABLE_REGEX)
126
- url = error.message.match(GIT_DEPENDENCY_UNREACHABLE_REGEX).
127
- named_captures.fetch("url")
127
+ url = error.message.match(GIT_DEPENDENCY_UNREACHABLE_REGEX)
128
+ .named_captures.fetch("url")
128
129
  raise GitDependenciesNotReachable, url
129
130
  end
130
131
 
@@ -199,9 +200,9 @@ module Dependabot
199
200
  end
200
201
 
201
202
  def add_auth_env_vars
202
- Python::FileUpdater::PyprojectPreparer.
203
- new(pyproject_content: pyproject.content).
204
- add_auth_env_vars(credentials)
203
+ Python::FileUpdater::PyprojectPreparer
204
+ .new(pyproject_content: pyproject.content)
205
+ .add_auth_env_vars(credentials)
205
206
  end
206
207
 
207
208
  def updated_pyproject_content(updated_requirement:)
@@ -221,21 +222,21 @@ module Dependabot
221
222
  end
222
223
 
223
224
  def sanitize_pyproject_content(pyproject_content)
224
- Python::FileUpdater::PyprojectPreparer.
225
- new(pyproject_content: pyproject_content).
226
- sanitize
225
+ Python::FileUpdater::PyprojectPreparer
226
+ .new(pyproject_content: pyproject_content)
227
+ .sanitize
227
228
  end
228
229
 
229
230
  def update_python_requirement(pyproject_content)
230
- Python::FileUpdater::PyprojectPreparer.
231
- new(pyproject_content: pyproject_content).
232
- update_python_requirement(language_version_manager.python_version)
231
+ Python::FileUpdater::PyprojectPreparer
232
+ .new(pyproject_content: pyproject_content)
233
+ .update_python_requirement(language_version_manager.python_version)
233
234
  end
234
235
 
235
236
  def freeze_other_dependencies(pyproject_content)
236
- Python::FileUpdater::PyprojectPreparer.
237
- new(pyproject_content: pyproject_content, lockfile: lockfile).
238
- freeze_top_level_dependencies_except([dependency])
237
+ Python::FileUpdater::PyprojectPreparer
238
+ .new(pyproject_content: pyproject_content, lockfile: lockfile)
239
+ .freeze_top_level_dependencies_except([dependency])
239
240
  end
240
241
 
241
242
  def set_target_dependency_req(pyproject_content, updated_requirement)
@@ -1,3 +1,4 @@
1
+ # typed: false
1
2
  # frozen_string_literal: true
2
3
 
3
4
  require "dependabot/python/requirement_parser"
@@ -142,8 +143,8 @@ module Dependabot
142
143
  end
143
144
 
144
145
  def add_new_requirement_option(req_string)
145
- option_to_copy = req_string.split(PYPROJECT_OR_SEPARATOR).last.
146
- split(PYPROJECT_SEPARATOR).first.strip
146
+ option_to_copy = req_string.split(PYPROJECT_OR_SEPARATOR).last
147
+ .split(PYPROJECT_SEPARATOR).first.strip
147
148
  operator = option_to_copy.gsub(/\d.*/, "").strip
148
149
 
149
150
  new_option =
@@ -174,8 +175,8 @@ module Dependabot
174
175
  requirement_strings.any? { |r| r.include?("*") }
175
176
  # If a compatibility operator is being used, widen its
176
177
  # range to include the new version
177
- v_req = requirement_strings.
178
- find { |r| r.start_with?("~", "^") || r.include?("*") }
178
+ v_req = requirement_strings
179
+ .find { |r| r.start_with?("~", "^") || r.include?("*") }
179
180
  convert_to_range(v_req, latest_resolvable_version)
180
181
  else
181
182
  # Otherwise we have a range, and need to update the upper bound
@@ -234,25 +235,25 @@ module Dependabot
234
235
  end
235
236
 
236
237
  def new_version_satisfies?(req)
237
- requirement_class.
238
- requirements_array(req.fetch(:requirement)).
239
- any? { |r| r.satisfied_by?(latest_resolvable_version) }
238
+ requirement_class
239
+ .requirements_array(req.fetch(:requirement))
240
+ .any? { |r| r.satisfied_by?(latest_resolvable_version) }
240
241
  end
241
242
 
242
243
  def find_and_update_equality_match(requirement_strings)
243
244
  if requirement_strings.any? { |r| requirement_class.new(r).exact? }
244
245
  # True equality match
245
- requirement_strings.find { |r| requirement_class.new(r).exact? }.
246
- sub(
247
- RequirementParser::VERSION,
248
- latest_resolvable_version.to_s
249
- )
246
+ requirement_strings.find { |r| requirement_class.new(r).exact? }
247
+ .sub(
248
+ RequirementParser::VERSION,
249
+ latest_resolvable_version.to_s
250
+ )
250
251
  else
251
252
  # Prefix match
252
- requirement_strings.find { |r| r.match?(/^(=+|\d)/) }.
253
- sub(RequirementParser::VERSION) do |v|
254
- at_same_precision(latest_resolvable_version.to_s, v)
255
- end
253
+ requirement_strings.find { |r| r.match?(/^(=+|\d)/) }
254
+ .sub(RequirementParser::VERSION) do |v|
255
+ at_same_precision(latest_resolvable_version.to_s, v)
256
+ end
256
257
  end
257
258
  end
258
259
 
@@ -262,11 +263,11 @@ module Dependabot
262
263
  count = old_version.split(".").count
263
264
  precision = old_version.split(".").index("*") || count
264
265
 
265
- new_version.
266
- split(".").
267
- first(count).
268
- map.with_index { |s, i| i < precision ? s : "*" }.
269
- join(".")
266
+ new_version
267
+ .split(".")
268
+ .first(count)
269
+ .map.with_index { |s, i| i < precision ? s : "*" }
270
+ .join(".")
270
271
  end
271
272
 
272
273
  def update_requirements_range(requirement_strings)
@@ -288,16 +289,16 @@ module Dependabot
288
289
  end
289
290
  end.compact
290
291
 
291
- updated_requirement_strings.
292
- sort_by { |r| requirement_class.new(r).requirements.first.last }.
293
- map(&:to_s).join(",").delete(" ")
292
+ updated_requirement_strings
293
+ .sort_by { |r| requirement_class.new(r).requirements.first.last }
294
+ .map(&:to_s).join(",").delete(" ")
294
295
  end
295
296
 
296
297
  # Updates the version in a constraint to be the given version
297
298
  def bump_version(req_string, version_to_be_permitted)
298
- old_version = req_string.
299
- match(/(#{RequirementParser::VERSION})/o).
300
- captures.first
299
+ old_version = req_string
300
+ .match(/(#{RequirementParser::VERSION})/o)
301
+ .captures.first
301
302
 
302
303
  req_string.sub(
303
304
  old_version,
@@ -1,3 +1,4 @@
1
+ # typed: false
1
2
  # frozen_string_literal: true
2
3
 
3
4
  require "excon"
@@ -227,12 +228,12 @@ module Dependabot
227
228
  return ">= #{dependency.version}" if dependency.version
228
229
 
229
230
  version_for_requirement =
230
- requirements.filter_map { |r| r[:requirement] }.
231
- reject { |req_string| req_string.start_with?("<") }.
232
- select { |req_string| req_string.match?(VERSION_REGEX) }.
233
- map { |req_string| req_string.match(VERSION_REGEX) }.
234
- select { |version| Gem::Version.correct?(version) }.
235
- max_by { |version| Gem::Version.new(version) }
231
+ requirements.filter_map { |r| r[:requirement] }
232
+ .reject { |req_string| req_string.start_with?("<") }
233
+ .select { |req_string| req_string.match?(VERSION_REGEX) }
234
+ .map { |req_string| req_string.match(VERSION_REGEX) }
235
+ .select { |version| Gem::Version.correct?(version) }
236
+ .max_by { |version| Gem::Version.new(version) }
236
237
 
237
238
  ">= #{version_for_requirement || 0}"
238
239
  end
@@ -1,3 +1,4 @@
1
+ # typed: false
1
2
  # frozen_string_literal: true
2
3
 
3
4
  require "dependabot/version"
@@ -106,20 +107,20 @@ module Dependabot
106
107
  # Further, Python treats dashes as a separator between version
107
108
  # parts and treats the alphabetical characters in strings as the
108
109
  # start of a new version part (so 1.1a2 == 1.1.alpha.2).
109
- version.
110
- gsub("alpha", "a").
111
- gsub("beta", "b").
112
- gsub("preview", "c").
113
- gsub("pre", "c").
114
- gsub("post", "r").
115
- gsub("rev", "r").
116
- gsub(/([\d.\-_])rc([\d.\-_])?/, '\1c\2').
117
- tr("-", ".").
118
- gsub(/(\d)([a-z])/i, '\1.\2')
110
+ version
111
+ .gsub("alpha", "a")
112
+ .gsub("beta", "b")
113
+ .gsub("preview", "c")
114
+ .gsub("pre", "c")
115
+ .gsub("post", "r")
116
+ .gsub("rev", "r")
117
+ .gsub(/([\d.\-_])rc([\d.\-_])?/, '\1c\2')
118
+ .tr("-", ".")
119
+ .gsub(/(\d)([a-z])/i, '\1.\2')
119
120
  end
120
121
  end
121
122
  end
122
123
  end
123
124
 
124
- Dependabot::Utils.
125
- register_version_class("pip", Dependabot::Python::Version)
125
+ Dependabot::Utils
126
+ .register_version_class("pip", Dependabot::Python::Version)
@@ -1,3 +1,4 @@
1
+ # typed: false
1
2
  # frozen_string_literal: true
2
3
 
3
4
  # These all need to be required so the various classes can be registered in a
@@ -12,8 +13,8 @@ require "dependabot/python/version"
12
13
  require "dependabot/python/name_normaliser"
13
14
 
14
15
  require "dependabot/pull_request_creator/labeler"
15
- Dependabot::PullRequestCreator::Labeler.
16
- register_label_details("pip", name: "python", colour: "2b67c6")
16
+ Dependabot::PullRequestCreator::Labeler
17
+ .register_label_details("pip", name: "python", colour: "2b67c6")
17
18
 
18
19
  require "dependabot/dependency"
19
20
  Dependabot::Dependency.register_production_check(
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.230.0
4
+ version: 0.231.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-09-08 00:00:00.000000000 Z
11
+ date: 2023-09-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.230.0
19
+ version: 0.231.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.230.0
26
+ version: 0.231.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -136,6 +136,20 @@ dependencies:
136
136
  - - "~>"
137
137
  - !ruby/object:Gem::Version
138
138
  version: 1.19.0
139
+ - !ruby/object:Gem::Dependency
140
+ name: rubocop-sorbet
141
+ requirement: !ruby/object:Gem::Requirement
142
+ requirements:
143
+ - - "~>"
144
+ - !ruby/object:Gem::Version
145
+ version: 0.7.3
146
+ type: :development
147
+ prerelease: false
148
+ version_requirements: !ruby/object:Gem::Requirement
149
+ requirements:
150
+ - - "~>"
151
+ - !ruby/object:Gem::Version
152
+ version: 0.7.3
139
153
  - !ruby/object:Gem::Dependency
140
154
  name: stackprof
141
155
  requirement: !ruby/object:Gem::Requirement
@@ -231,7 +245,7 @@ licenses:
231
245
  - Nonstandard
232
246
  metadata:
233
247
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
234
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.230.0
248
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.231.0
235
249
  post_install_message:
236
250
  rdoc_options: []
237
251
  require_paths: