dependabot-python 0.238.0 → 0.240.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/build +1 -2
  3. data/lib/dependabot/python/file_fetcher.rb +1 -13
  4. data/lib/dependabot/python/language_version_manager.rb +4 -3
  5. data/lib/dependabot/python/requirement.rb +9 -3
  6. data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb +7 -2
  7. metadata +21 -7
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b05bd36f835c00c6533153183b23d848d6b06759d20dc4e643cc2fd5e9a8c5e6
4
- data.tar.gz: 0c08d7fdb367c16636cd558dca7ad36e16bba8851b4f906ac076d8a28b45bbdb
3
+ metadata.gz: 00aa637ad3528abfe132c01e9f26414bbf218e2c723351374dbc002a87d042ea
4
+ data.tar.gz: '01529b9365ff17a32883e43958de7f2b3ee0af6796861cee0dc939f455d2c2ef'
5
5
  SHA512:
6
- metadata.gz: 1a7faaff71e67be34ad8d152bb5f869313f69a7a031cf4ffe4f1b2e5cc565e40ca0d9e9e5e2c470ff5477b5ab8c166ac29fc2323ac2c7548ec7e684348fac98b
7
- data.tar.gz: 78adf7610fff0b22a46ac7d105a6463e1040505de29ecb15e9b087930bdfe5ba54cf6755bdefbff610a9009ae6a6bac6ae59997cae050c9dae06cd31ec1eda0d
6
+ metadata.gz: 0b99ef75a8dc1dc8ed62dd3fd610dba5b74200afa8017485c8a6cb27c6ecdbaf340d085318dd6a0b3d1d6b90dd5dcfaa896d856f23d7f4ed9529c4c0488fbc65
7
+ data.tar.gz: '08dee3fbd1077f6bd35128593f9a9c8ffd7583d45e67cecbaedc16d543c76d2fb10ecb9d68488007c1f616243db593dd9bd3ad6084ed9348bb6166996526e62d'
data/helpers/build CHANGED
@@ -1,4 +1,4 @@
1
- #!/bin/bash
1
+ #!/usr/bin/env bash
2
2
 
3
3
  set -e
4
4
 
@@ -32,4 +32,3 @@ find "${PYENV_ROOT:-/usr/local/.pyenv}/versions" -depth \
32
32
  find -L "${PYENV_ROOT:-/usr/local/.pyenv}/versions" -type f \
33
33
  -name '*.so' \
34
34
  -exec strip --preserve-dates {} +
35
-
data/lib/dependabot/python/file_fetcher.rb CHANGED
@@ -53,6 +53,7 @@ module Dependabot
53
53
  # the user-specified range of versions, not the version Dependabot chose to run.
54
54
  python_requirement_parser = FileParser::PythonRequirementParser.new(dependency_files: files)
55
55
  language_version_manager = LanguageVersionManager.new(python_requirement_parser: python_requirement_parser)
56
+ Dependabot.logger.info("Dependabot is using Python version '#{language_version_manager.python_major_minor}'.")
56
57
  {
57
58
  languages: {
58
59
  python: {
@@ -83,7 +84,6 @@ module Dependabot
83
84
  fetched_files << pip_conf if pip_conf
84
85
  fetched_files << python_version_file if python_version_file
85
86
 
86
- check_required_files_present
87
87
  uniq_files(fetched_files)
88
88
  end
89
89
 
@@ -111,18 +111,6 @@ module Dependabot
111
111
  ]
112
112
  end
113
113
 
114
- def check_required_files_present
115
- return if requirements_txt_files.any? ||
116
- requirements_in_files.any? ||
117
- setup_file ||
118
- setup_cfg_file ||
119
- pipfile ||
120
- pyproject
121
-
122
- path = cleanpath(File.join(directory, "requirements.txt"))
123
- raise Dependabot::DependencyFileNotFound, path
124
- end
125
-
126
114
  def setup_file
127
115
  return @setup_file if defined?(@setup_file)
128
116
 
data/lib/dependabot/python/language_version_manager.rb CHANGED
@@ -9,7 +9,8 @@ module Dependabot
9
9
  class LanguageVersionManager
10
10
  # This list must match the versions specified at the top of `python/Dockerfile`
11
11
  PRE_INSTALLED_PYTHON_VERSIONS = %w(
12
- 3.11.5
12
+ 3.12.1
13
+ 3.11.7
13
14
  3.10.13
14
15
  3.9.18
15
16
  3.8.18
@@ -29,7 +30,7 @@ module Dependabot
29
30
  end
30
31
 
31
32
  def python_major_minor
32
- @python_major_minor ||= Python::Version.new(python_version).segments[0..1].join(".")
33
+ @python_major_minor ||= T.must(Python::Version.new(python_version).segments[0..1]).join(".")
33
34
  end
34
35
 
35
36
  def python_version
@@ -57,7 +58,7 @@ module Dependabot
57
58
  requirement_string = requirement_string.gsub(/\.\d+$/, ".*") if requirement_string.start_with?(/\d/)
58
59
 
59
60
  # Try to match one of our pre-installed Python versions
60
- requirement = Python::Requirement.requirements_array(requirement_string).first
61
+ requirement = T.must(Python::Requirement.requirements_array(requirement_string).first)
61
62
  version = PRE_INSTALLED_PYTHON_VERSIONS.find { |v| requirement.satisfied_by?(Python::Version.new(v)) }
62
63
  return version if version
63
64
 
data/lib/dependabot/python/requirement.rb CHANGED
@@ -1,12 +1,17 @@
1
1
  # typed: true
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "sorbet-runtime"
5
+
6
+ require "dependabot/requirement"
4
7
  require "dependabot/utils"
5
8
  require "dependabot/python/version"
6
9
 
7
10
  module Dependabot
8
11
  module Python
9
- class Requirement < Gem::Requirement
12
+ class Requirement < Dependabot::Requirement
13
+ extend T::Sig
14
+
10
15
  OR_SEPARATOR = /(?<=[a-zA-Z0-9)*])\s*\|+/
11
16
 
12
17
  # Add equality and arbitrary-equality matchers
@@ -38,13 +43,14 @@ module Dependabot
38
43
 
39
44
  return DefaultRequirement if matches[1] == ">=" && matches[2] == "0"
40
45
 
41
- [matches[1] || "=", Python::Version.new(matches[2])]
46
+ [matches[1] || "=", Python::Version.new(T.must(matches[2]))]
42
47
  end
43
48
 
44
49
  # Returns an array of requirements. At least one requirement from the
45
50
  # returned array must be satisfied for a version to be valid.
46
51
  #
47
52
  # NOTE: Or requirements are only valid for Poetry.
53
+ sig { override.params(requirement_string: T.nilable(String)).returns(T::Array[Requirement]) }
48
54
  def self.requirements_array(requirement_string)
49
55
  return [new(nil)] if requirement_string.nil?
50
56
 
@@ -52,7 +58,7 @@ module Dependabot
52
58
  requirement_string = matches[1]
53
59
  end
54
60
 
55
- requirement_string.strip.split(OR_SEPARATOR).map do |req_string|
61
+ T.must(requirement_string).strip.split(OR_SEPARATOR).map do |req_string|
56
62
  new(req_string.strip)
57
63
  end
58
64
  end
data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb CHANGED
@@ -21,9 +21,14 @@ module Dependabot
21
21
  class PipenvVersionResolver
22
22
  GIT_DEPENDENCY_UNREACHABLE_REGEX = /git clone --filter=blob:none --quiet (?<url>[^\s]+).*/
23
23
  GIT_REFERENCE_NOT_FOUND_REGEX = /git checkout -q (?<tag>[^\s]+).*/
24
- PIPENV_INSTALLATION_ERROR = "python setup.py egg_info exited with 1"
24
+ PIPENV_INSTALLATION_ERROR_NEW = "Getting requirements to build wheel exited with 1"
25
+
26
+ # Can be removed when Python 3.11 support is dropped
27
+ PIPENV_INSTALLATION_ERROR_OLD = Regexp.quote("python setup.py egg_info exited with 1")
28
+
29
+ PIPENV_INSTALLATION_ERROR = /#{PIPENV_INSTALLATION_ERROR_NEW}|#{PIPENV_INSTALLATION_ERROR_OLD}/
25
30
  PIPENV_INSTALLATION_ERROR_REGEX =
26
- /[\s\S]*Collecting\s(?<name>.+)\s\(from\s-r.+\)[\s\S]*#{Regexp.quote(PIPENV_INSTALLATION_ERROR)}/
31
+ /[\s\S]*Collecting\s(?<name>.+)\s\(from\s-r.+\)[\s\S]*(#{PIPENV_INSTALLATION_ERROR})/
27
32
 
28
33
  PIPENV_RANGE_WARNING = /Warning:\sPython\s[<>].* was not found/
29
34
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.238.0
4
+ version: 0.240.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-12-07 00:00:00.000000000 Z
11
+ date: 2024-01-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.238.0
19
+ version: 0.240.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.238.0
26
+ version: 0.240.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -114,14 +114,14 @@ dependencies:
114
114
  requirements:
115
115
  - - "~>"
116
116
  - !ruby/object:Gem::Version
117
- version: 1.57.2
117
+ version: 1.58.0
118
118
  type: :development
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - "~>"
123
123
  - !ruby/object:Gem::Version
124
- version: 1.57.2
124
+ version: 1.58.0
125
125
  - !ruby/object:Gem::Dependency
126
126
  name: rubocop-performance
127
127
  requirement: !ruby/object:Gem::Requirement
@@ -206,6 +206,20 @@ dependencies:
206
206
  - - "~>"
207
207
  - !ruby/object:Gem::Version
208
208
  version: '3.18'
209
+ - !ruby/object:Gem::Dependency
210
+ name: webrick
211
+ requirement: !ruby/object:Gem::Requirement
212
+ requirements:
213
+ - - ">="
214
+ - !ruby/object:Gem::Version
215
+ version: '1.7'
216
+ type: :development
217
+ prerelease: false
218
+ version_requirements: !ruby/object:Gem::Requirement
219
+ requirements:
220
+ - - ">="
221
+ - !ruby/object:Gem::Version
222
+ version: '1.7'
209
223
  description: Dependabot-Python provides support for bumping Python packages via Dependabot.
210
224
  If you want support for multiple package managers, you probably want the meta-gem
211
225
  dependabot-omnibus.
@@ -260,7 +274,7 @@ licenses:
260
274
  - Nonstandard
261
275
  metadata:
262
276
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
263
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.238.0
277
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.240.0
264
278
  post_install_message:
265
279
  rdoc_options: []
266
280
  require_paths: