dependabot-python 0.247.0 → 0.249.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/lib/hasher.py +4 -3
- data/helpers/lib/parser.py +2 -0
- data/helpers/requirements.txt +5 -3
- data/helpers/run.py +2 -0
- data/lib/dependabot/python/file_parser/pyproject_files_parser.rb +3 -1
- data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb +3 -1
- data/lib/dependabot/python/file_updater/pipfile_file_updater.rb +4 -1
- data/lib/dependabot/python/file_updater/pipfile_manifest_updater.rb +2 -1
- data/lib/dependabot/python/file_updater/pipfile_preparer.rb +2 -1
- data/lib/dependabot/python/file_updater/poetry_file_updater.rb +3 -1
- data/lib/dependabot/python/file_updater/pyproject_preparer.rb +2 -1
- data/lib/dependabot/python/file_updater/requirement_file_updater.rb +3 -1
- data/lib/dependabot/python/file_updater/requirement_replacer.rb +5 -2
- data/lib/dependabot/python/file_updater/setup_file_sanitizer.rb +2 -1
- data/lib/dependabot/python/language_version_manager.rb +2 -2
- data/lib/dependabot/python/pipenv_runner.rb +3 -1
- data/lib/dependabot/python/update_checker/index_finder.rb +2 -1
- data/lib/dependabot/python/update_checker/latest_version_finder.rb +5 -2
- data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb +4 -1
- data/lib/dependabot/python/update_checker/pip_version_resolver.rb +5 -2
- data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb +4 -1
- data/lib/dependabot/python/update_checker/poetry_version_resolver.rb +4 -1
- data/lib/dependabot/python/update_checker/requirements_updater.rb +4 -2
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ecba4569a39f8b421db58252a748e5b381663d08ea152f7575fd5c71df3ebdb8
|
|
4
|
+
data.tar.gz: adde88b59c21e6b7867fe8d4f60880043ca9d4eb7a1305d1fe1c08e6676b3fd2
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 245eefbf7638ea4da729d6e9e5412275a83fda9a25ccf1805a5e4f56b34afdd8fad49100765004f64855eec121683e7c15858af39f4055569580d3328245a6c6
|
|
7
|
+
data.tar.gz: 045742f071d3e7b187a02eea94a5825420d15da2b8f5a8ae9669f27ee05f42513612025b38359818da043f231cd01b3a3dc785b2661bffe4581db2cfc513dbae
|
data/helpers/lib/hasher.py
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import hashin
|
|
2
2
|
import json
|
|
3
|
-
import
|
|
3
|
+
import plette
|
|
4
4
|
from poetry.factory import Factory
|
|
5
5
|
|
|
6
6
|
|
|
@@ -15,9 +15,10 @@ def get_dependency_hash(dependency_name, dependency_version, algorithm):
|
|
|
15
15
|
|
|
16
16
|
|
|
17
17
|
def get_pipfile_hash(directory):
|
|
18
|
-
|
|
18
|
+
with open(directory + '/Pipfile') as f:
|
|
19
|
+
pipfile = plette.Pipfile.load(f)
|
|
19
20
|
|
|
20
|
-
return json.dumps({"result":
|
|
21
|
+
return json.dumps({"result": pipfile.get_hash().value})
|
|
21
22
|
|
|
22
23
|
|
|
23
24
|
def get_pyproject_hash(directory):
|
data/helpers/lib/parser.py
CHANGED
|
@@ -13,6 +13,8 @@ from pip._internal.req.constructors import (
|
|
|
13
13
|
)
|
|
14
14
|
|
|
15
15
|
from packaging.requirements import InvalidRequirement, Requirement
|
|
16
|
+
# TODO: Replace 3p package `toml` with 3.11's new stdlib `tomllib` once we drop
|
|
17
|
+
# support for Python 3.10.
|
|
16
18
|
import toml
|
|
17
19
|
|
|
18
20
|
# Inspired by pips internal check:
|
data/helpers/requirements.txt
CHANGED
|
@@ -1,10 +1,12 @@
|
|
|
1
1
|
pip==23.3.2
|
|
2
2
|
pip-tools==7.4.1
|
|
3
3
|
flake8==7.0.0
|
|
4
|
-
hashin==0.
|
|
4
|
+
hashin==1.0.1
|
|
5
5
|
pipenv==2023.11.17
|
|
6
|
-
|
|
7
|
-
poetry==1.
|
|
6
|
+
plette==0.4.4
|
|
7
|
+
poetry==1.8.2
|
|
8
|
+
# TODO: Replace 3p package `toml` with 3.11's new stdlib `tomllib` once we drop support for Python 3.10.
|
|
9
|
+
toml==0.10.2
|
|
8
10
|
|
|
9
11
|
# Some dependencies will only install if Cython is present
|
|
10
12
|
Cython==3.0.8
|
data/helpers/run.py
CHANGED
|
@@ -6,6 +6,8 @@ from lib import parser, hasher
|
|
|
6
6
|
if __name__ == "__main__":
|
|
7
7
|
args = json.loads(sys.stdin.read())
|
|
8
8
|
|
|
9
|
+
# TODO Python 3.10 added native switch statements, so switch this if/elif
|
|
10
|
+
# to that once we drop support for 3.9.
|
|
9
11
|
if args["function"] == "parse_requirements":
|
|
10
12
|
print(parser.parse_requirements(args["args"][0]))
|
|
11
13
|
elif args["function"] == "parse_setup":
|
|
@@ -160,7 +160,9 @@ module Dependabot
|
|
|
160
160
|
end
|
|
161
161
|
|
|
162
162
|
def missing_poetry_keys
|
|
163
|
-
|
|
163
|
+
package_mode = poetry_root.fetch("package-mode", true)
|
|
164
|
+
required_keys = package_mode ? %w(name version description authors) : []
|
|
165
|
+
required_keys.reject { |key| poetry_root.key?(key) }
|
|
164
166
|
end
|
|
165
167
|
|
|
166
168
|
def using_pep621?
|
|
@@ -30,7 +30,9 @@ module Dependabot
|
|
|
30
30
|
NATIVE_COMPILATION_ERROR =
|
|
31
31
|
"pip._internal.exceptions.InstallationSubprocessError: Getting requirements to build wheel exited with 1"
|
|
32
32
|
|
|
33
|
-
attr_reader :dependencies
|
|
33
|
+
attr_reader :dependencies
|
|
34
|
+
attr_reader :dependency_files
|
|
35
|
+
attr_reader :credentials
|
|
34
36
|
|
|
35
37
|
def initialize(dependencies:, dependency_files:, credentials:)
|
|
36
38
|
@dependencies = dependencies
|
|
@@ -21,7 +21,10 @@ module Dependabot
|
|
|
21
21
|
|
|
22
22
|
DEPENDENCY_TYPES = %w(packages dev-packages).freeze
|
|
23
23
|
|
|
24
|
-
attr_reader :dependencies
|
|
24
|
+
attr_reader :dependencies
|
|
25
|
+
attr_reader :dependency_files
|
|
26
|
+
attr_reader :credentials
|
|
27
|
+
attr_reader :repo_contents_path
|
|
25
28
|
|
|
26
29
|
def initialize(dependencies:, dependency_files:, credentials:, repo_contents_path:)
|
|
27
30
|
@dependencies = dependencies
|
|
@@ -19,7 +19,9 @@ module Dependabot
|
|
|
19
19
|
class PoetryFileUpdater
|
|
20
20
|
require_relative "pyproject_preparer"
|
|
21
21
|
|
|
22
|
-
attr_reader :dependencies
|
|
22
|
+
attr_reader :dependencies
|
|
23
|
+
attr_reader :dependency_files
|
|
24
|
+
attr_reader :credentials
|
|
23
25
|
|
|
24
26
|
def initialize(dependencies:, dependency_files:, credentials:)
|
|
25
27
|
@dependencies = dependencies
|
|
@@ -12,7 +12,9 @@ module Dependabot
|
|
|
12
12
|
class RequirementFileUpdater
|
|
13
13
|
require_relative "requirement_replacer"
|
|
14
14
|
|
|
15
|
-
attr_reader :dependencies
|
|
15
|
+
attr_reader :dependencies
|
|
16
|
+
attr_reader :dependency_files
|
|
17
|
+
attr_reader :credentials
|
|
16
18
|
|
|
17
19
|
def initialize(dependencies:, dependency_files:, credentials:)
|
|
18
20
|
@dependencies = dependencies
|
|
@@ -38,8 +38,11 @@ module Dependabot
|
|
|
38
38
|
|
|
39
39
|
private
|
|
40
40
|
|
|
41
|
-
attr_reader :content
|
|
42
|
-
|
|
41
|
+
attr_reader :content
|
|
42
|
+
attr_reader :dependency_name
|
|
43
|
+
attr_reader :old_requirement
|
|
44
|
+
attr_reader :new_requirement
|
|
45
|
+
attr_reader :new_hash_version
|
|
43
46
|
|
|
44
47
|
def update_hashes?
|
|
45
48
|
!new_hash_version.nil?
|
|
@@ -41,7 +41,9 @@ module Dependabot
|
|
|
41
41
|
|
|
42
42
|
private
|
|
43
43
|
|
|
44
|
-
attr_reader :dependency
|
|
44
|
+
attr_reader :dependency
|
|
45
|
+
attr_reader :lockfile
|
|
46
|
+
attr_reader :language_version_manager
|
|
45
47
|
|
|
46
48
|
def fetch_version_from_parsed_lockfile(updated_lockfile)
|
|
47
49
|
deps = updated_lockfile[lockfile_section] || {}
|
|
@@ -49,8 +49,11 @@ module Dependabot
|
|
|
49
49
|
|
|
50
50
|
private
|
|
51
51
|
|
|
52
|
-
attr_reader :dependency
|
|
53
|
-
|
|
52
|
+
attr_reader :dependency
|
|
53
|
+
attr_reader :dependency_files
|
|
54
|
+
attr_reader :credentials
|
|
55
|
+
attr_reader :ignored_versions
|
|
56
|
+
attr_reader :security_advisories
|
|
54
57
|
|
|
55
58
|
def fetch_latest_version(python_version:)
|
|
56
59
|
versions = available_versions
|
|
@@ -33,7 +33,10 @@ module Dependabot
|
|
|
33
33
|
RESOLUTION_IMPOSSIBLE_ERROR = "ResolutionImpossible"
|
|
34
34
|
ERROR_REGEX = /(?<=ERROR\:\W).*$/
|
|
35
35
|
|
|
36
|
-
attr_reader :dependency
|
|
36
|
+
attr_reader :dependency
|
|
37
|
+
attr_reader :dependency_files
|
|
38
|
+
attr_reader :credentials
|
|
39
|
+
attr_reader :repo_contents_path
|
|
37
40
|
|
|
38
41
|
def initialize(dependency:, dependency_files:, credentials:, repo_contents_path:)
|
|
39
42
|
@dependency = dependency
|
|
@@ -37,8 +37,11 @@ module Dependabot
|
|
|
37
37
|
|
|
38
38
|
private
|
|
39
39
|
|
|
40
|
-
attr_reader :dependency
|
|
41
|
-
|
|
40
|
+
attr_reader :dependency
|
|
41
|
+
attr_reader :dependency_files
|
|
42
|
+
attr_reader :credentials
|
|
43
|
+
attr_reader :ignored_versions
|
|
44
|
+
attr_reader :security_advisories
|
|
42
45
|
|
|
43
46
|
def latest_version_finder
|
|
44
47
|
@latest_version_finder ||= LatestVersionFinder.new(
|
|
@@ -32,7 +32,10 @@ module Dependabot
|
|
|
32
32
|
|
|
33
33
|
PIPENV_RANGE_WARNING = /Warning:\sPython\s[<>].* was not found/
|
|
34
34
|
|
|
35
|
-
attr_reader :dependency
|
|
35
|
+
attr_reader :dependency
|
|
36
|
+
attr_reader :dependency_files
|
|
37
|
+
attr_reader :credentials
|
|
38
|
+
attr_reader :repo_contents_path
|
|
36
39
|
|
|
37
40
|
def initialize(dependency:, dependency_files:, credentials:, repo_contents_path:)
|
|
38
41
|
@dependency = dependency
|
|
@@ -38,7 +38,10 @@ module Dependabot
|
|
|
38
38
|
\s+check\syour\sgit\sconfiguration
|
|
39
39
|
/mx
|
|
40
40
|
|
|
41
|
-
attr_reader :dependency
|
|
41
|
+
attr_reader :dependency
|
|
42
|
+
attr_reader :dependency_files
|
|
43
|
+
attr_reader :credentials
|
|
44
|
+
attr_reader :repo_contents_path
|
|
42
45
|
|
|
43
46
|
def initialize(dependency:, dependency_files:, credentials:, repo_contents_path:)
|
|
44
47
|
@dependency = dependency
|
|
@@ -16,8 +16,10 @@ module Dependabot
|
|
|
16
16
|
|
|
17
17
|
class UnfixableRequirement < StandardError; end
|
|
18
18
|
|
|
19
|
-
attr_reader :requirements
|
|
20
|
-
|
|
19
|
+
attr_reader :requirements
|
|
20
|
+
attr_reader :update_strategy
|
|
21
|
+
attr_reader :has_lockfile
|
|
22
|
+
attr_reader :latest_resolvable_version
|
|
21
23
|
|
|
22
24
|
def initialize(requirements:, update_strategy:, has_lockfile:,
|
|
23
25
|
latest_resolvable_version:)
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-python
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.249.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-03-
|
|
11
|
+
date: 2024-03-28 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.249.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.249.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -288,7 +288,7 @@ licenses:
|
|
|
288
288
|
- Nonstandard
|
|
289
289
|
metadata:
|
|
290
290
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
291
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
291
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.249.0
|
|
292
292
|
post_install_message:
|
|
293
293
|
rdoc_options: []
|
|
294
294
|
require_paths:
|