dependabot-python 0.238.0 → 0.240.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/build +1 -2
  3. data/lib/dependabot/python/file_fetcher.rb +1 -13
  4. data/lib/dependabot/python/language_version_manager.rb +4 -3
  5. data/lib/dependabot/python/requirement.rb +9 -3
  6. data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb +7 -2
  7. metadata +21 -7
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b05bd36f835c00c6533153183b23d848d6b06759d20dc4e643cc2fd5e9a8c5e6
4
- data.tar.gz: 0c08d7fdb367c16636cd558dca7ad36e16bba8851b4f906ac076d8a28b45bbdb
3
+ metadata.gz: 00aa637ad3528abfe132c01e9f26414bbf218e2c723351374dbc002a87d042ea
4
+ data.tar.gz: '01529b9365ff17a32883e43958de7f2b3ee0af6796861cee0dc939f455d2c2ef'
5
5
  SHA512:
6
- metadata.gz: 1a7faaff71e67be34ad8d152bb5f869313f69a7a031cf4ffe4f1b2e5cc565e40ca0d9e9e5e2c470ff5477b5ab8c166ac29fc2323ac2c7548ec7e684348fac98b
7
- data.tar.gz: 78adf7610fff0b22a46ac7d105a6463e1040505de29ecb15e9b087930bdfe5ba54cf6755bdefbff610a9009ae6a6bac6ae59997cae050c9dae06cd31ec1eda0d
6
+ metadata.gz: 0b99ef75a8dc1dc8ed62dd3fd610dba5b74200afa8017485c8a6cb27c6ecdbaf340d085318dd6a0b3d1d6b90dd5dcfaa896d856f23d7f4ed9529c4c0488fbc65
7
+ data.tar.gz: '08dee3fbd1077f6bd35128593f9a9c8ffd7583d45e67cecbaedc16d543c76d2fb10ecb9d68488007c1f616243db593dd9bd3ad6084ed9348bb6166996526e62d'
data/helpers/build CHANGED
@@ -1,4 +1,4 @@
1
- #!/bin/bash
1
+ #!/usr/bin/env bash
2
2
 
3
3
  set -e
4
4
 
@@ -32,4 +32,3 @@ find "${PYENV_ROOT:-/usr/local/.pyenv}/versions" -depth \
32
32
  find -L "${PYENV_ROOT:-/usr/local/.pyenv}/versions" -type f \
33
33
  -name '*.so' \
34
34
  -exec strip --preserve-dates {} +
35
-
data/lib/dependabot/python/file_fetcher.rb CHANGED
@@ -53,6 +53,7 @@ module Dependabot
53
53
  # the user-specified range of versions, not the version Dependabot chose to run.
54
54
  python_requirement_parser = FileParser::PythonRequirementParser.new(dependency_files: files)
55
55
  language_version_manager = LanguageVersionManager.new(python_requirement_parser: python_requirement_parser)
56
+ Dependabot.logger.info("Dependabot is using Python version '#{language_version_manager.python_major_minor}'.")
56
57
  {
57
58
  languages: {
58
59
  python: {
@@ -83,7 +84,6 @@ module Dependabot
83
84
  fetched_files << pip_conf if pip_conf
84
85
  fetched_files << python_version_file if python_version_file
85
86
 
86
- check_required_files_present
87
87
  uniq_files(fetched_files)
88
88
  end
89
89
 
@@ -111,18 +111,6 @@ module Dependabot
111
111
  ]
112
112
  end
113
113
 
114
- def check_required_files_present
115
- return if requirements_txt_files.any? ||
116
- requirements_in_files.any? ||
117
- setup_file ||
118
- setup_cfg_file ||
119
- pipfile ||
120
- pyproject
121
-
122
- path = cleanpath(File.join(directory, "requirements.txt"))
123
- raise Dependabot::DependencyFileNotFound, path
124
- end
125
-
126
114
  def setup_file
127
115
  return @setup_file if defined?(@setup_file)
128
116
 
data/lib/dependabot/python/language_version_manager.rb CHANGED
@@ -9,7 +9,8 @@ module Dependabot
9
9
  class LanguageVersionManager
10
10
  # This list must match the versions specified at the top of `python/Dockerfile`
11
11
  PRE_INSTALLED_PYTHON_VERSIONS = %w(
12
- 3.11.5
12
+ 3.12.1
13
+ 3.11.7
13
14
  3.10.13
14
15
  3.9.18
15
16
  3.8.18
@@ -29,7 +30,7 @@ module Dependabot
29
30
  end
30
31
 
31
32
  def python_major_minor
32
- @python_major_minor ||= Python::Version.new(python_version).segments[0..1].join(".")
33
+ @python_major_minor ||= T.must(Python::Version.new(python_version).segments[0..1]).join(".")
33
34
  end
34
35
 
35
36
  def python_version
@@ -57,7 +58,7 @@ module Dependabot
57
58
  requirement_string = requirement_string.gsub(/\.\d+$/, ".*") if requirement_string.start_with?(/\d/)
58
59
 
59
60
  # Try to match one of our pre-installed Python versions
60
- requirement = Python::Requirement.requirements_array(requirement_string).first
61
+ requirement = T.must(Python::Requirement.requirements_array(requirement_string).first)
61
62
  version = PRE_INSTALLED_PYTHON_VERSIONS.find { |v| requirement.satisfied_by?(Python::Version.new(v)) }
62
63
  return version if version
63
64
 
data/lib/dependabot/python/requirement.rb CHANGED
@@ -1,12 +1,17 @@
1
1
  # typed: true
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "sorbet-runtime"
5
+
6
+ require "dependabot/requirement"
4
7
  require "dependabot/utils"
5
8
  require "dependabot/python/version"
6
9
 
7
10
  module Dependabot
8
11
  module Python
9
- class Requirement < Gem::Requirement
12
+ class Requirement < Dependabot::Requirement
13
+ extend T::Sig
14
+
10
15
  OR_SEPARATOR = /(?<=[a-zA-Z0-9)*])\s*\|+/
11
16
 
12
17
  # Add equality and arbitrary-equality matchers
@@ -38,13 +43,14 @@ module Dependabot
38
43
 
39
44
  return DefaultRequirement if matches[1] == ">=" && matches[2] == "0"
40
45
 
41
- [matches[1] || "=", Python::Version.new(matches[2])]
46
+ [matches[1] || "=", Python::Version.new(T.must(matches[2]))]
42
47
  end
43
48
 
44
49
  # Returns an array of requirements. At least one requirement from the
45
50
  # returned array must be satisfied for a version to be valid.
46
51
  #
47
52
  # NOTE: Or requirements are only valid for Poetry.
53
+ sig { override.params(requirement_string: T.nilable(String)).returns(T::Array[Requirement]) }
48
54
  def self.requirements_array(requirement_string)
49
55
  return [new(nil)] if requirement_string.nil?
50
56
 
@@ -52,7 +58,7 @@ module Dependabot
52
58
  requirement_string = matches[1]
53
59
  end
54
60
 
55
- requirement_string.strip.split(OR_SEPARATOR).map do |req_string|
61
+ T.must(requirement_string).strip.split(OR_SEPARATOR).map do |req_string|
56
62
  new(req_string.strip)
57
63
  end
58
64
  end
data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb CHANGED
@@ -21,9 +21,14 @@ module Dependabot
21
21
  class PipenvVersionResolver
22
22
  GIT_DEPENDENCY_UNREACHABLE_REGEX = /git clone --filter=blob:none --quiet (?<url>[^\s]+).*/
23
23
  GIT_REFERENCE_NOT_FOUND_REGEX = /git checkout -q (?<tag>[^\s]+).*/
24
- PIPENV_INSTALLATION_ERROR = "python setup.py egg_info exited with 1"
24
+ PIPENV_INSTALLATION_ERROR_NEW = "Getting requirements to build wheel exited with 1"
25
+
26
+ # Can be removed when Python 3.11 support is dropped
27
+ PIPENV_INSTALLATION_ERROR_OLD = Regexp.quote("python setup.py egg_info exited with 1")
28
+
29
+ PIPENV_INSTALLATION_ERROR = /#{PIPENV_INSTALLATION_ERROR_NEW}|#{PIPENV_INSTALLATION_ERROR_OLD}/
25
30
  PIPENV_INSTALLATION_ERROR_REGEX =
26
- /[\s\S]*Collecting\s(?<name>.+)\s\(from\s-r.+\)[\s\S]*#{Regexp.quote(PIPENV_INSTALLATION_ERROR)}/
31
+ /[\s\S]*Collecting\s(?<name>.+)\s\(from\s-r.+\)[\s\S]*(#{PIPENV_INSTALLATION_ERROR})/
27
32
 
28
33
  PIPENV_RANGE_WARNING = /Warning:\sPython\s[<>].* was not found/
29
34
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.238.0
4
+ version: 0.240.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-12-07 00:00:00.000000000 Z
11
+ date: 2024-01-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.238.0
19
+ version: 0.240.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.238.0
26
+ version: 0.240.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -114,14 +114,14 @@ dependencies:
114
114
  requirements:
115
115
  - - "~>"
116
116
  - !ruby/object:Gem::Version
117
- version: 1.57.2
117
+ version: 1.58.0
118
118
  type: :development
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - "~>"
123
123
  - !ruby/object:Gem::Version
124
- version: 1.57.2
124
+ version: 1.58.0
125
125
  - !ruby/object:Gem::Dependency
126
126
  name: rubocop-performance
127
127
  requirement: !ruby/object:Gem::Requirement
@@ -206,6 +206,20 @@ dependencies:
206
206
  - - "~>"
207
207
  - !ruby/object:Gem::Version
208
208
  version: '3.18'
209
+ - !ruby/object:Gem::Dependency
210
+ name: webrick
211
+ requirement: !ruby/object:Gem::Requirement
212
+ requirements:
213
+ - - ">="
214
+ - !ruby/object:Gem::Version
215
+ version: '1.7'
216
+ type: :development
217
+ prerelease: false
218
+ version_requirements: !ruby/object:Gem::Requirement
219
+ requirements:
220
+ - - ">="
221
+ - !ruby/object:Gem::Version
222
+ version: '1.7'
209
223
  description: Dependabot-Python provides support for bumping Python packages via Dependabot.
210
224
  If you want support for multiple package managers, you probably want the meta-gem
211
225
  dependabot-omnibus.
@@ -260,7 +274,7 @@ licenses:
260
274
  - Nonstandard
261
275
  metadata:
262
276
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
263
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.238.0
277
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.240.0
264
278
  post_install_message:
265
279
  rdoc_options: []
266
280
  require_paths: