dependabot-python 0.246.0 → 0.248.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/lib/parser.py +2 -0
- data/helpers/requirements.txt +3 -1
- data/helpers/run.py +2 -0
- data/lib/dependabot/python/language_version_manager.rb +2 -2
- data/lib/dependabot/python/update_checker/latest_version_finder.rb +31 -3
- data/lib/dependabot/python/update_checker/requirements_updater.rb +9 -8
- data/lib/dependabot/python/update_checker.rb +9 -8
- metadata +19 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 165e432faa4b40b16ac49232c58dbe9f6a1187bf063cf8c347ed683515f06577
|
4
|
+
data.tar.gz: 0b22f327bbab4b6bc752b1784c02f756000aa21b043a049e34b445c820526056
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 9dc8379104510deef1670b51c960a6a806263cfb47298447c550dd2b9d5b140f3e5f5f981e7038a0b18d3eee3e455e8ae52d3dfca63f5e3d5f9c403b3c270188
|
7
|
+
data.tar.gz: d09814b8cbf11cad971a7188ae7db79772f5426bcdbaac9ccde586b5486695d251723a20430beb9f6e705cfce7622ef0c78150ee97f2648320f316ed4c5723a3
|
data/helpers/lib/parser.py
CHANGED
@@ -13,6 +13,8 @@ from pip._internal.req.constructors import (
|
|
13
13
|
)
|
14
14
|
|
15
15
|
from packaging.requirements import InvalidRequirement, Requirement
|
16
|
+
# TODO: Replace 3p package `toml` with 3.11's new stdlib `tomllib` once we drop
|
17
|
+
# support for Python 3.10.
|
16
18
|
import toml
|
17
19
|
|
18
20
|
# Inspired by pips internal check:
|
data/helpers/requirements.txt
CHANGED
@@ -1,10 +1,12 @@
|
|
1
1
|
pip==23.3.2
|
2
|
-
pip-tools==7.
|
2
|
+
pip-tools==7.4.1
|
3
3
|
flake8==7.0.0
|
4
4
|
hashin==0.17.0
|
5
5
|
pipenv==2023.11.17
|
6
6
|
pipfile==0.0.2
|
7
7
|
poetry==1.7.1
|
8
|
+
# TODO: Replace 3p package `toml` with 3.11's new stdlib `tomllib` once we drop support for Python 3.10.
|
9
|
+
toml==0.10.2
|
8
10
|
|
9
11
|
# Some dependencies will only install if Cython is present
|
10
12
|
Cython==3.0.8
|
data/helpers/run.py
CHANGED
@@ -6,6 +6,8 @@ from lib import parser, hasher
|
|
6
6
|
if __name__ == "__main__":
|
7
7
|
args = json.loads(sys.stdin.read())
|
8
8
|
|
9
|
+
# TODO Python 3.10 added native switch statements, so switch this if/elif
|
10
|
+
# to that once we drop support for 3.9.
|
9
11
|
if args["function"] == "parse_requirements":
|
10
12
|
print(parser.parse_requirements(args["args"][0]))
|
11
13
|
elif args["function"] == "parse_setup":
|
@@ -4,6 +4,7 @@
|
|
4
4
|
require "cgi"
|
5
5
|
require "excon"
|
6
6
|
require "nokogiri"
|
7
|
+
require "sorbet-runtime"
|
7
8
|
|
8
9
|
require "dependabot/dependency"
|
9
10
|
require "dependabot/python/update_checker"
|
@@ -16,6 +17,8 @@ module Dependabot
|
|
16
17
|
module Python
|
17
18
|
class UpdateChecker
|
18
19
|
class LatestVersionFinder
|
20
|
+
extend T::Sig
|
21
|
+
|
19
22
|
require_relative "index_finder"
|
20
23
|
|
21
24
|
def initialize(dependency:, dependency_files:, credentials:,
|
@@ -81,12 +84,21 @@ module Dependabot
|
|
81
84
|
versions.min
|
82
85
|
end
|
83
86
|
|
87
|
+
sig { params(versions_array: T::Array[T.untyped]).returns(T::Array[T.untyped]) }
|
84
88
|
def filter_yanked_versions(versions_array)
|
85
|
-
versions_array.reject { |details| details.fetch(:yanked) }
|
89
|
+
filtered = versions_array.reject { |details| details.fetch(:yanked) }
|
90
|
+
if versions_array.count > filtered.count
|
91
|
+
Dependabot.logger.info("Filtered out #{versions_array.count - filtered.count} yanked versions")
|
92
|
+
end
|
93
|
+
filtered
|
86
94
|
end
|
87
95
|
|
96
|
+
sig do
|
97
|
+
params(versions_array: T::Array[T.untyped], python_version: T.nilable(T.any(String, Version)))
|
98
|
+
.returns(T::Array[T.untyped])
|
99
|
+
end
|
88
100
|
def filter_unsupported_versions(versions_array, python_version)
|
89
|
-
versions_array.filter_map do |details|
|
101
|
+
filtered = versions_array.filter_map do |details|
|
90
102
|
python_requirement = details.fetch(:python_requirement)
|
91
103
|
next details.fetch(:version) unless python_version
|
92
104
|
next details.fetch(:version) unless python_requirement
|
@@ -94,14 +106,27 @@ module Dependabot
|
|
94
106
|
|
95
107
|
details.fetch(:version)
|
96
108
|
end
|
109
|
+
if versions_array.count > filtered.count
|
110
|
+
delta = versions_array.count - filtered.count
|
111
|
+
Dependabot.logger.info("Filtered out #{delta} unsupported Python #{python_version} versions")
|
112
|
+
end
|
113
|
+
filtered
|
97
114
|
end
|
98
115
|
|
116
|
+
sig { params(versions_array: T::Array[T.untyped]).returns(T::Array[T.untyped]) }
|
99
117
|
def filter_prerelease_versions(versions_array)
|
100
118
|
return versions_array if wants_prerelease?
|
101
119
|
|
102
|
-
versions_array.reject(&:prerelease?)
|
120
|
+
filtered = versions_array.reject(&:prerelease?)
|
121
|
+
|
122
|
+
if versions_array.count > filtered.count
|
123
|
+
Dependabot.logger.info("Filtered out #{versions_array.count - filtered.count} pre-release versions")
|
124
|
+
end
|
125
|
+
|
126
|
+
filtered
|
103
127
|
end
|
104
128
|
|
129
|
+
sig { params(versions_array: T::Array[T.untyped]).returns(T::Array[T.untyped]) }
|
105
130
|
def filter_ignored_versions(versions_array)
|
106
131
|
filtered = versions_array
|
107
132
|
.reject { |v| ignore_requirements.any? { |r| r.satisfied_by?(v) } }
|
@@ -109,6 +134,9 @@ module Dependabot
|
|
109
134
|
raise Dependabot::AllVersionsIgnored
|
110
135
|
end
|
111
136
|
|
137
|
+
if versions_array.count > filtered.count
|
138
|
+
Dependabot.logger.info("Filtered out #{versions_array.count - filtered.count} ignored versions")
|
139
|
+
end
|
112
140
|
filtered
|
113
141
|
end
|
114
142
|
|
@@ -2,9 +2,10 @@
|
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require "dependabot/python/requirement_parser"
|
5
|
+
require "dependabot/python/requirement"
|
5
6
|
require "dependabot/python/update_checker"
|
6
7
|
require "dependabot/python/version"
|
7
|
-
require "dependabot/
|
8
|
+
require "dependabot/requirements_update_strategy"
|
8
9
|
|
9
10
|
module Dependabot
|
10
11
|
module Python
|
@@ -31,7 +32,7 @@ module Dependabot
|
|
31
32
|
end
|
32
33
|
|
33
34
|
def updated_requirements
|
34
|
-
return requirements if update_strategy ==
|
35
|
+
return requirements if update_strategy == RequirementsUpdateStrategy::LockfileOnly
|
35
36
|
|
36
37
|
requirements.map do |req|
|
37
38
|
case req[:file]
|
@@ -89,9 +90,9 @@ module Dependabot
|
|
89
90
|
return update_pyproject_version(req) if req.fetch(:groups).include?("dev-dependencies")
|
90
91
|
|
91
92
|
case update_strategy
|
92
|
-
when
|
93
|
-
when
|
94
|
-
when
|
93
|
+
when RequirementsUpdateStrategy::WidenRanges then widen_pyproject_requirement(req)
|
94
|
+
when RequirementsUpdateStrategy::BumpVersions then update_pyproject_version(req)
|
95
|
+
when RequirementsUpdateStrategy::BumpVersionsIfNecessary then update_pyproject_version_if_needed(req)
|
95
96
|
else raise "Unexpected update strategy: #{update_strategy}"
|
96
97
|
end
|
97
98
|
rescue UnfixableRequirement
|
@@ -190,11 +191,11 @@ module Dependabot
|
|
190
191
|
return req unless req.fetch(:requirement)
|
191
192
|
|
192
193
|
case update_strategy
|
193
|
-
when
|
194
|
+
when RequirementsUpdateStrategy::WidenRanges
|
194
195
|
widen_requirement(req)
|
195
|
-
when
|
196
|
+
when RequirementsUpdateStrategy::BumpVersions
|
196
197
|
update_requirement(req)
|
197
|
-
when
|
198
|
+
when RequirementsUpdateStrategy::BumpVersionsIfNecessary
|
198
199
|
update_requirement_if_needed(req)
|
199
200
|
else
|
200
201
|
raise "Unexpected update strategy: #{update_strategy}"
|
@@ -5,13 +5,14 @@ require "excon"
|
|
5
5
|
require "toml-rb"
|
6
6
|
|
7
7
|
require "dependabot/dependency"
|
8
|
-
require "dependabot/update_checkers"
|
9
|
-
require "dependabot/update_checkers/base"
|
10
|
-
require "dependabot/registry_client"
|
11
8
|
require "dependabot/errors"
|
12
|
-
require "dependabot/python/requirement"
|
13
|
-
require "dependabot/python/requirement_parser"
|
14
9
|
require "dependabot/python/name_normaliser"
|
10
|
+
require "dependabot/python/requirement_parser"
|
11
|
+
require "dependabot/python/requirement"
|
12
|
+
require "dependabot/registry_client"
|
13
|
+
require "dependabot/requirements_update_strategy"
|
14
|
+
require "dependabot/update_checkers"
|
15
|
+
require "dependabot/update_checkers/base"
|
15
16
|
|
16
17
|
module Dependabot
|
17
18
|
module Python
|
@@ -80,15 +81,15 @@ module Dependabot
|
|
80
81
|
end
|
81
82
|
|
82
83
|
def requirements_unlocked_or_can_be?
|
83
|
-
requirements_update_strategy !=
|
84
|
+
requirements_update_strategy != RequirementsUpdateStrategy::LockfileOnly
|
84
85
|
end
|
85
86
|
|
86
87
|
def requirements_update_strategy
|
87
88
|
# If passed in as an option (in the base class) honour that option
|
88
|
-
return @requirements_update_strategy
|
89
|
+
return @requirements_update_strategy if @requirements_update_strategy
|
89
90
|
|
90
91
|
# Otherwise, check if this is a library or not
|
91
|
-
library? ?
|
92
|
+
library? ? RequirementsUpdateStrategy::WidenRanges : RequirementsUpdateStrategy::BumpVersions
|
92
93
|
end
|
93
94
|
|
94
95
|
private
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-python
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.248.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-03-
|
11
|
+
date: 2024-03-21 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.248.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.248.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -136,6 +136,20 @@ dependencies:
|
|
136
136
|
- - "~>"
|
137
137
|
- !ruby/object:Gem::Version
|
138
138
|
version: 1.19.0
|
139
|
+
- !ruby/object:Gem::Dependency
|
140
|
+
name: rubocop-rspec
|
141
|
+
requirement: !ruby/object:Gem::Requirement
|
142
|
+
requirements:
|
143
|
+
- - "~>"
|
144
|
+
- !ruby/object:Gem::Version
|
145
|
+
version: 2.27.1
|
146
|
+
type: :development
|
147
|
+
prerelease: false
|
148
|
+
version_requirements: !ruby/object:Gem::Requirement
|
149
|
+
requirements:
|
150
|
+
- - "~>"
|
151
|
+
- !ruby/object:Gem::Version
|
152
|
+
version: 2.27.1
|
139
153
|
- !ruby/object:Gem::Dependency
|
140
154
|
name: rubocop-sorbet
|
141
155
|
requirement: !ruby/object:Gem::Requirement
|
@@ -274,7 +288,7 @@ licenses:
|
|
274
288
|
- Nonstandard
|
275
289
|
metadata:
|
276
290
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
277
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
291
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.248.0
|
278
292
|
post_install_message:
|
279
293
|
rdoc_options: []
|
280
294
|
require_paths:
|