dependabot-python 0.245.0 → 0.247.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a1c2d4b06b6d94bcd630b68c25aa77f2325b3d26251ab0ef34656ba96e00d104
|
4
|
+
data.tar.gz: 6d8d5767fe28c68b0c5fe6e72999db3f71ba18166d186bec70a74203b72fa9c2
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a82fe3e2a7bf8017de7bd9754565f4740a766f75d6ed522fc873e1583d3e0f6a66a0f3cb4df8606e21ef6b5e6011bca16ec08bb52a662b41891612eb45a9b42c
|
7
|
+
data.tar.gz: b1946c632da0864b595c10519337c8de69109695ce9f366093b3418159024567df168a378dd6ce4c0003aca1fda301b1bac2f4111737d1ec6f96a4feff37c413
|
data/helpers/requirements.txt
CHANGED
@@ -4,6 +4,7 @@
|
|
4
4
|
require "cgi"
|
5
5
|
require "excon"
|
6
6
|
require "nokogiri"
|
7
|
+
require "sorbet-runtime"
|
7
8
|
|
8
9
|
require "dependabot/dependency"
|
9
10
|
require "dependabot/python/update_checker"
|
@@ -16,6 +17,8 @@ module Dependabot
|
|
16
17
|
module Python
|
17
18
|
class UpdateChecker
|
18
19
|
class LatestVersionFinder
|
20
|
+
extend T::Sig
|
21
|
+
|
19
22
|
require_relative "index_finder"
|
20
23
|
|
21
24
|
def initialize(dependency:, dependency_files:, credentials:,
|
@@ -81,12 +84,21 @@ module Dependabot
|
|
81
84
|
versions.min
|
82
85
|
end
|
83
86
|
|
87
|
+
sig { params(versions_array: T::Array[T.untyped]).returns(T::Array[T.untyped]) }
|
84
88
|
def filter_yanked_versions(versions_array)
|
85
|
-
versions_array.reject { |details| details.fetch(:yanked) }
|
89
|
+
filtered = versions_array.reject { |details| details.fetch(:yanked) }
|
90
|
+
if versions_array.count > filtered.count
|
91
|
+
Dependabot.logger.info("Filtered out #{versions_array.count - filtered.count} yanked versions")
|
92
|
+
end
|
93
|
+
filtered
|
86
94
|
end
|
87
95
|
|
96
|
+
sig do
|
97
|
+
params(versions_array: T::Array[T.untyped], python_version: T.nilable(T.any(String, Version)))
|
98
|
+
.returns(T::Array[T.untyped])
|
99
|
+
end
|
88
100
|
def filter_unsupported_versions(versions_array, python_version)
|
89
|
-
versions_array.filter_map do |details|
|
101
|
+
filtered = versions_array.filter_map do |details|
|
90
102
|
python_requirement = details.fetch(:python_requirement)
|
91
103
|
next details.fetch(:version) unless python_version
|
92
104
|
next details.fetch(:version) unless python_requirement
|
@@ -94,14 +106,27 @@ module Dependabot
|
|
94
106
|
|
95
107
|
details.fetch(:version)
|
96
108
|
end
|
109
|
+
if versions_array.count > filtered.count
|
110
|
+
delta = versions_array.count - filtered.count
|
111
|
+
Dependabot.logger.info("Filtered out #{delta} unsupported Python #{python_version} versions")
|
112
|
+
end
|
113
|
+
filtered
|
97
114
|
end
|
98
115
|
|
116
|
+
sig { params(versions_array: T::Array[T.untyped]).returns(T::Array[T.untyped]) }
|
99
117
|
def filter_prerelease_versions(versions_array)
|
100
118
|
return versions_array if wants_prerelease?
|
101
119
|
|
102
|
-
versions_array.reject(&:prerelease?)
|
120
|
+
filtered = versions_array.reject(&:prerelease?)
|
121
|
+
|
122
|
+
if versions_array.count > filtered.count
|
123
|
+
Dependabot.logger.info("Filtered out #{versions_array.count - filtered.count} pre-release versions")
|
124
|
+
end
|
125
|
+
|
126
|
+
filtered
|
103
127
|
end
|
104
128
|
|
129
|
+
sig { params(versions_array: T::Array[T.untyped]).returns(T::Array[T.untyped]) }
|
105
130
|
def filter_ignored_versions(versions_array)
|
106
131
|
filtered = versions_array
|
107
132
|
.reject { |v| ignore_requirements.any? { |r| r.satisfied_by?(v) } }
|
@@ -109,6 +134,9 @@ module Dependabot
|
|
109
134
|
raise Dependabot::AllVersionsIgnored
|
110
135
|
end
|
111
136
|
|
137
|
+
if versions_array.count > filtered.count
|
138
|
+
Dependabot.logger.info("Filtered out #{versions_array.count - filtered.count} ignored versions")
|
139
|
+
end
|
112
140
|
filtered
|
113
141
|
end
|
114
142
|
|
@@ -2,9 +2,10 @@
|
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require "dependabot/python/requirement_parser"
|
5
|
+
require "dependabot/python/requirement"
|
5
6
|
require "dependabot/python/update_checker"
|
6
7
|
require "dependabot/python/version"
|
7
|
-
require "dependabot/
|
8
|
+
require "dependabot/requirements_update_strategy"
|
8
9
|
|
9
10
|
module Dependabot
|
10
11
|
module Python
|
@@ -31,7 +32,7 @@ module Dependabot
|
|
31
32
|
end
|
32
33
|
|
33
34
|
def updated_requirements
|
34
|
-
return requirements if update_strategy ==
|
35
|
+
return requirements if update_strategy == RequirementsUpdateStrategy::LockfileOnly
|
35
36
|
|
36
37
|
requirements.map do |req|
|
37
38
|
case req[:file]
|
@@ -89,9 +90,9 @@ module Dependabot
|
|
89
90
|
return update_pyproject_version(req) if req.fetch(:groups).include?("dev-dependencies")
|
90
91
|
|
91
92
|
case update_strategy
|
92
|
-
when
|
93
|
-
when
|
94
|
-
when
|
93
|
+
when RequirementsUpdateStrategy::WidenRanges then widen_pyproject_requirement(req)
|
94
|
+
when RequirementsUpdateStrategy::BumpVersions then update_pyproject_version(req)
|
95
|
+
when RequirementsUpdateStrategy::BumpVersionsIfNecessary then update_pyproject_version_if_needed(req)
|
95
96
|
else raise "Unexpected update strategy: #{update_strategy}"
|
96
97
|
end
|
97
98
|
rescue UnfixableRequirement
|
@@ -190,11 +191,11 @@ module Dependabot
|
|
190
191
|
return req unless req.fetch(:requirement)
|
191
192
|
|
192
193
|
case update_strategy
|
193
|
-
when
|
194
|
+
when RequirementsUpdateStrategy::WidenRanges
|
194
195
|
widen_requirement(req)
|
195
|
-
when
|
196
|
+
when RequirementsUpdateStrategy::BumpVersions
|
196
197
|
update_requirement(req)
|
197
|
-
when
|
198
|
+
when RequirementsUpdateStrategy::BumpVersionsIfNecessary
|
198
199
|
update_requirement_if_needed(req)
|
199
200
|
else
|
200
201
|
raise "Unexpected update strategy: #{update_strategy}"
|
@@ -5,13 +5,14 @@ require "excon"
|
|
5
5
|
require "toml-rb"
|
6
6
|
|
7
7
|
require "dependabot/dependency"
|
8
|
-
require "dependabot/update_checkers"
|
9
|
-
require "dependabot/update_checkers/base"
|
10
|
-
require "dependabot/registry_client"
|
11
8
|
require "dependabot/errors"
|
12
|
-
require "dependabot/python/requirement"
|
13
|
-
require "dependabot/python/requirement_parser"
|
14
9
|
require "dependabot/python/name_normaliser"
|
10
|
+
require "dependabot/python/requirement_parser"
|
11
|
+
require "dependabot/python/requirement"
|
12
|
+
require "dependabot/registry_client"
|
13
|
+
require "dependabot/requirements_update_strategy"
|
14
|
+
require "dependabot/update_checkers"
|
15
|
+
require "dependabot/update_checkers/base"
|
15
16
|
|
16
17
|
module Dependabot
|
17
18
|
module Python
|
@@ -80,15 +81,15 @@ module Dependabot
|
|
80
81
|
end
|
81
82
|
|
82
83
|
def requirements_unlocked_or_can_be?
|
83
|
-
requirements_update_strategy !=
|
84
|
+
requirements_update_strategy != RequirementsUpdateStrategy::LockfileOnly
|
84
85
|
end
|
85
86
|
|
86
87
|
def requirements_update_strategy
|
87
88
|
# If passed in as an option (in the base class) honour that option
|
88
|
-
return @requirements_update_strategy
|
89
|
+
return @requirements_update_strategy if @requirements_update_strategy
|
89
90
|
|
90
91
|
# Otherwise, check if this is a library or not
|
91
|
-
library? ?
|
92
|
+
library? ? RequirementsUpdateStrategy::WidenRanges : RequirementsUpdateStrategy::BumpVersions
|
92
93
|
end
|
93
94
|
|
94
95
|
private
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-python
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.247.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-
|
11
|
+
date: 2024-03-14 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.247.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.247.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -136,6 +136,20 @@ dependencies:
|
|
136
136
|
- - "~>"
|
137
137
|
- !ruby/object:Gem::Version
|
138
138
|
version: 1.19.0
|
139
|
+
- !ruby/object:Gem::Dependency
|
140
|
+
name: rubocop-rspec
|
141
|
+
requirement: !ruby/object:Gem::Requirement
|
142
|
+
requirements:
|
143
|
+
- - "~>"
|
144
|
+
- !ruby/object:Gem::Version
|
145
|
+
version: 2.27.1
|
146
|
+
type: :development
|
147
|
+
prerelease: false
|
148
|
+
version_requirements: !ruby/object:Gem::Requirement
|
149
|
+
requirements:
|
150
|
+
- - "~>"
|
151
|
+
- !ruby/object:Gem::Version
|
152
|
+
version: 2.27.1
|
139
153
|
- !ruby/object:Gem::Dependency
|
140
154
|
name: rubocop-sorbet
|
141
155
|
requirement: !ruby/object:Gem::Requirement
|
@@ -274,7 +288,7 @@ licenses:
|
|
274
288
|
- Nonstandard
|
275
289
|
metadata:
|
276
290
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
277
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
291
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.247.0
|
278
292
|
post_install_message:
|
279
293
|
rdoc_options: []
|
280
294
|
require_paths:
|