RubyGems - dependabot-python - Versions diffs - 0.247.0 → 0.249.0 - Mend

dependabot-python 0.247.0 → 0.249.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (25) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a1c2d4b06b6d94bcd630b68c25aa77f2325b3d26251ab0ef34656ba96e00d104
-  data.tar.gz: 6d8d5767fe28c68b0c5fe6e72999db3f71ba18166d186bec70a74203b72fa9c2
+  metadata.gz: ecba4569a39f8b421db58252a748e5b381663d08ea152f7575fd5c71df3ebdb8
+  data.tar.gz: adde88b59c21e6b7867fe8d4f60880043ca9d4eb7a1305d1fe1c08e6676b3fd2
 SHA512:
-  metadata.gz: a82fe3e2a7bf8017de7bd9754565f4740a766f75d6ed522fc873e1583d3e0f6a66a0f3cb4df8606e21ef6b5e6011bca16ec08bb52a662b41891612eb45a9b42c
-  data.tar.gz: b1946c632da0864b595c10519337c8de69109695ce9f366093b3418159024567df168a378dd6ce4c0003aca1fda301b1bac2f4111737d1ec6f96a4feff37c413
+  metadata.gz: 245eefbf7638ea4da729d6e9e5412275a83fda9a25ccf1805a5e4f56b34afdd8fad49100765004f64855eec121683e7c15858af39f4055569580d3328245a6c6
+  data.tar.gz: 045742f071d3e7b187a02eea94a5825420d15da2b8f5a8ae9669f27ee05f42513612025b38359818da043f231cd01b3a3dc785b2661bffe4581db2cfc513dbae

data/helpers/lib/hasher.py CHANGED Viewed

@@ -1,6 +1,6 @@
 import hashin
 import json
-import pipfile
+import plette
 from poetry.factory import Factory
@@ -15,9 +15,10 @@ def get_dependency_hash(dependency_name, dependency_version, algorithm):
 def get_pipfile_hash(directory):
-    p = pipfile.load(directory + '/Pipfile')
+    with open(directory + '/Pipfile') as f:
+        pipfile = plette.Pipfile.load(f)
-    return json.dumps({"result": p.hash})
+    return json.dumps({"result": pipfile.get_hash().value})
 def get_pyproject_hash(directory):

data/helpers/lib/parser.py CHANGED Viewed

@@ -13,6 +13,8 @@ from pip._internal.req.constructors import (
 )
 from packaging.requirements import InvalidRequirement, Requirement
+# TODO: Replace 3p package `toml` with 3.11's new stdlib `tomllib` once we drop
+# support for Python 3.10.
 import toml
 # Inspired by pips internal check:

data/helpers/requirements.txt CHANGED Viewed

@@ -1,10 +1,12 @@
 pip==23.3.2
 pip-tools==7.4.1
 flake8==7.0.0
-hashin==0.17.0
+hashin==1.0.1
 pipenv==2023.11.17
-pipfile==0.0.2
-poetry==1.7.1
+plette==0.4.4
+poetry==1.8.2
+# TODO: Replace 3p package `toml` with 3.11's new stdlib `tomllib` once we drop support for Python 3.10.
+toml==0.10.2
 # Some dependencies will only install if Cython is present
 Cython==3.0.8

data/helpers/run.py CHANGED Viewed

@@ -6,6 +6,8 @@ from lib import parser, hasher
 if __name__ == "__main__":
     args = json.loads(sys.stdin.read())
+    # TODO Python 3.10 added native switch statements, so switch this if/elif
+    # to that once we drop support for 3.9.
     if args["function"] == "parse_requirements":
         print(parser.parse_requirements(args["args"][0]))
     elif args["function"] == "parse_setup":

data/lib/dependabot/python/file_parser/pyproject_files_parser.rb CHANGED Viewed

@@ -160,7 +160,9 @@ module Dependabot
         end
         def missing_poetry_keys
-          %w(name version description authors).reject { |key| poetry_root.key?(key) }
+          package_mode = poetry_root.fetch("package-mode", true)
+          required_keys = package_mode ? %w(name version description authors) : []
+          required_keys.reject { |key| poetry_root.key?(key) }
         end
         def using_pep621?

data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb CHANGED Viewed

@@ -30,7 +30,9 @@ module Dependabot
         NATIVE_COMPILATION_ERROR =
           "pip._internal.exceptions.InstallationSubprocessError: Getting requirements to build wheel exited with 1"
-        attr_reader :dependencies, :dependency_files, :credentials
+        attr_reader :dependencies
+        attr_reader :dependency_files
+        attr_reader :credentials
         def initialize(dependencies:, dependency_files:, credentials:)
           @dependencies = dependencies

data/lib/dependabot/python/file_updater/pipfile_file_updater.rb CHANGED Viewed

@@ -21,7 +21,10 @@ module Dependabot
         DEPENDENCY_TYPES = %w(packages dev-packages).freeze
-        attr_reader :dependencies, :dependency_files, :credentials, :repo_contents_path
+        attr_reader :dependencies
+        attr_reader :dependency_files
+        attr_reader :credentials
+        attr_reader :repo_contents_path
         def initialize(dependencies:, dependency_files:, credentials:, repo_contents_path:)
           @dependencies = dependencies

data/lib/dependabot/python/file_updater/pipfile_manifest_updater.rb CHANGED Viewed

@@ -31,7 +31,8 @@ module Dependabot
         private
-        attr_reader :dependencies, :manifest
+        attr_reader :dependencies
+        attr_reader :manifest
         def update_requirements(content:, dependency:)
           updated_content = content.dup

data/lib/dependabot/python/file_updater/pipfile_preparer.rb CHANGED Viewed

@@ -41,7 +41,8 @@ module Dependabot
         private
-        attr_reader :pipfile_content, :lockfile
+        attr_reader :pipfile_content
+        attr_reader :lockfile
         def pipfile_sources
           @pipfile_sources ||= TomlRB.parse(pipfile_content).fetch("source", [])

data/lib/dependabot/python/file_updater/poetry_file_updater.rb CHANGED Viewed

@@ -19,7 +19,9 @@ module Dependabot
       class PoetryFileUpdater
         require_relative "pyproject_preparer"
-        attr_reader :dependencies, :dependency_files, :credentials
+        attr_reader :dependencies
+        attr_reader :dependency_files
+        attr_reader :credentials
         def initialize(dependencies:, dependency_files:, credentials:)
           @dependencies = dependencies

data/lib/dependabot/python/file_updater/pyproject_preparer.rb CHANGED Viewed

@@ -103,7 +103,8 @@ module Dependabot
         private
-        attr_reader :pyproject_content, :lockfile
+        attr_reader :pyproject_content
+        attr_reader :lockfile
         def locked_details(dep_name)
           parsed_lockfile.fetch("package")

data/lib/dependabot/python/file_updater/requirement_file_updater.rb CHANGED Viewed

@@ -12,7 +12,9 @@ module Dependabot
       class RequirementFileUpdater
         require_relative "requirement_replacer"
-        attr_reader :dependencies, :dependency_files, :credentials
+        attr_reader :dependencies
+        attr_reader :dependency_files
+        attr_reader :credentials
         def initialize(dependencies:, dependency_files:, credentials:)
           @dependencies = dependencies

data/lib/dependabot/python/file_updater/requirement_replacer.rb CHANGED Viewed

@@ -38,8 +38,11 @@ module Dependabot
         private
-        attr_reader :content, :dependency_name, :old_requirement,
-                    :new_requirement, :new_hash_version
+        attr_reader :content
+        attr_reader :dependency_name
+        attr_reader :old_requirement
+        attr_reader :new_requirement
+        attr_reader :new_hash_version
         def update_hashes?
           !new_hash_version.nil?

data/lib/dependabot/python/file_updater/setup_file_sanitizer.rb CHANGED Viewed

@@ -31,7 +31,8 @@ module Dependabot
         private
-        attr_reader :setup_file, :setup_cfg
+        attr_reader :setup_file
+        attr_reader :setup_cfg
         def include_pbr?
           setup_requires_array.any? { |d| d.start_with?("pbr") }

data/lib/dependabot/python/language_version_manager.rb CHANGED Viewed

@@ -9,8 +9,8 @@ module Dependabot
     class LanguageVersionManager
       # This list must match the versions specified at the top of `python/Dockerfile`
       PRE_INSTALLED_PYTHON_VERSIONS = %w(
-        3.12.1
-        3.11.7
+        3.12.2
+        3.11.8
         3.10.13
         3.9.18
         3.8.18

data/lib/dependabot/python/pipenv_runner.rb CHANGED Viewed

@@ -41,7 +41,9 @@ module Dependabot
       private
-      attr_reader :dependency, :lockfile, :language_version_manager
+      attr_reader :dependency
+      attr_reader :lockfile
+      attr_reader :language_version_manager
       def fetch_version_from_parsed_lockfile(updated_lockfile)
         deps = updated_lockfile[lockfile_section] || {}

data/lib/dependabot/python/update_checker/index_finder.rb CHANGED Viewed

@@ -40,7 +40,8 @@ module Dependabot
         private
-        attr_reader :dependency_files, :credentials
+        attr_reader :dependency_files
+        attr_reader :credentials
         def main_index_url
           url =

data/lib/dependabot/python/update_checker/latest_version_finder.rb CHANGED Viewed

@@ -49,8 +49,11 @@ module Dependabot
         private
-        attr_reader :dependency, :dependency_files, :credentials,
-                    :ignored_versions, :security_advisories
+        attr_reader :dependency
+        attr_reader :dependency_files
+        attr_reader :credentials
+        attr_reader :ignored_versions
+        attr_reader :security_advisories
         def fetch_latest_version(python_version:)
           versions = available_versions

data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb CHANGED Viewed

@@ -33,7 +33,10 @@ module Dependabot
         RESOLUTION_IMPOSSIBLE_ERROR = "ResolutionImpossible"
         ERROR_REGEX = /(?<=ERROR\:\W).*$/
-        attr_reader :dependency, :dependency_files, :credentials, :repo_contents_path
+        attr_reader :dependency
+        attr_reader :dependency_files
+        attr_reader :credentials
+        attr_reader :repo_contents_path
         def initialize(dependency:, dependency_files:, credentials:, repo_contents_path:)
           @dependency               = dependency

data/lib/dependabot/python/update_checker/pip_version_resolver.rb CHANGED Viewed

@@ -37,8 +37,11 @@ module Dependabot
         private
-        attr_reader :dependency, :dependency_files, :credentials,
-                    :ignored_versions, :security_advisories
+        attr_reader :dependency
+        attr_reader :dependency_files
+        attr_reader :credentials
+        attr_reader :ignored_versions
+        attr_reader :security_advisories
         def latest_version_finder
           @latest_version_finder ||= LatestVersionFinder.new(

data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb CHANGED Viewed

@@ -32,7 +32,10 @@ module Dependabot
         PIPENV_RANGE_WARNING = /Warning:\sPython\s[<>].* was not found/
-        attr_reader :dependency, :dependency_files, :credentials, :repo_contents_path
+        attr_reader :dependency
+        attr_reader :dependency_files
+        attr_reader :credentials
+        attr_reader :repo_contents_path
         def initialize(dependency:, dependency_files:, credentials:, repo_contents_path:)
           @dependency               = dependency

data/lib/dependabot/python/update_checker/poetry_version_resolver.rb CHANGED Viewed

@@ -38,7 +38,10 @@ module Dependabot
           \s+check\syour\sgit\sconfiguration
         /mx
-        attr_reader :dependency, :dependency_files, :credentials, :repo_contents_path
+        attr_reader :dependency
+        attr_reader :dependency_files
+        attr_reader :credentials
+        attr_reader :repo_contents_path
         def initialize(dependency:, dependency_files:, credentials:, repo_contents_path:)
           @dependency               = dependency

data/lib/dependabot/python/update_checker/requirements_updater.rb CHANGED Viewed

@@ -16,8 +16,10 @@ module Dependabot
         class UnfixableRequirement < StandardError; end
-        attr_reader :requirements, :update_strategy, :has_lockfile,
-                    :latest_resolvable_version
+        attr_reader :requirements
+        attr_reader :update_strategy
+        attr_reader :has_lockfile
+        attr_reader :latest_resolvable_version
         def initialize(requirements:, update_strategy:, has_lockfile:,
                        latest_resolvable_version:)

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-python
 version: !ruby/object:Gem::Version
-  version: 0.247.0
+  version: 0.249.0
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-03-14 00:00:00.000000000 Z
+date: 2024-03-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.247.0
+        version: 0.249.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.247.0
+        version: 0.249.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -288,7 +288,7 @@ licenses:
 - Nonstandard
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.247.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.249.0
 post_install_message:
 rdoc_options: []
 require_paths: