dependabot-python 0.248.0 → 0.249.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 165e432faa4b40b16ac49232c58dbe9f6a1187bf063cf8c347ed683515f06577
-  data.tar.gz: 0b22f327bbab4b6bc752b1784c02f756000aa21b043a049e34b445c820526056
+  metadata.gz: ecba4569a39f8b421db58252a748e5b381663d08ea152f7575fd5c71df3ebdb8
+  data.tar.gz: adde88b59c21e6b7867fe8d4f60880043ca9d4eb7a1305d1fe1c08e6676b3fd2
 SHA512:
-  metadata.gz: 9dc8379104510deef1670b51c960a6a806263cfb47298447c550dd2b9d5b140f3e5f5f981e7038a0b18d3eee3e455e8ae52d3dfca63f5e3d5f9c403b3c270188
-  data.tar.gz: d09814b8cbf11cad971a7188ae7db79772f5426bcdbaac9ccde586b5486695d251723a20430beb9f6e705cfce7622ef0c78150ee97f2648320f316ed4c5723a3
+  metadata.gz: 245eefbf7638ea4da729d6e9e5412275a83fda9a25ccf1805a5e4f56b34afdd8fad49100765004f64855eec121683e7c15858af39f4055569580d3328245a6c6
+  data.tar.gz: 045742f071d3e7b187a02eea94a5825420d15da2b8f5a8ae9669f27ee05f42513612025b38359818da043f231cd01b3a3dc785b2661bffe4581db2cfc513dbae

data/helpers/lib/hasher.py

@@ -1,6 +1,6 @@
 import hashin
 import json
-import pipfile
+import plette
 from poetry.factory import Factory
 
 
@@ -15,9 +15,10 @@ def get_dependency_hash(dependency_name, dependency_version, algorithm):
 
 
 def get_pipfile_hash(directory):
-    p = pipfile.load(directory + '/Pipfile')
+    with open(directory + '/Pipfile') as f:
+        pipfile = plette.Pipfile.load(f)
 
-    return json.dumps({"result": p.hash})
+    return json.dumps({"result": pipfile.get_hash().value})
 
 
 def get_pyproject_hash(directory):

data/helpers/requirements.txt

@@ -1,10 +1,10 @@
 pip==23.3.2
 pip-tools==7.4.1
 flake8==7.0.0
-hashin==0.17.0
+hashin==1.0.1
 pipenv==2023.11.17
-pipfile==0.0.2
-poetry==1.7.1
+plette==0.4.4
+poetry==1.8.2
 # TODO: Replace 3p package `toml` with 3.11's new stdlib `tomllib` once we drop support for Python 3.10.
 toml==0.10.2
 

data/lib/dependabot/python/file_parser/pyproject_files_parser.rb

@@ -160,7 +160,9 @@ module Dependabot
         end
 
         def missing_poetry_keys
-          %w(name version description authors).reject { |key| poetry_root.key?(key) }
+          package_mode = poetry_root.fetch("package-mode", true)
+          required_keys = package_mode ? %w(name version description authors) : []
+          required_keys.reject { |key| poetry_root.key?(key) }
         end
 
         def using_pep621?

data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb

@@ -30,7 +30,9 @@ module Dependabot
         NATIVE_COMPILATION_ERROR =
           "pip._internal.exceptions.InstallationSubprocessError: Getting requirements to build wheel exited with 1"
 
-        attr_reader :dependencies, :dependency_files, :credentials
+        attr_reader :dependencies
+        attr_reader :dependency_files
+        attr_reader :credentials
 
         def initialize(dependencies:, dependency_files:, credentials:)
           @dependencies = dependencies

data/lib/dependabot/python/file_updater/pipfile_file_updater.rb

@@ -21,7 +21,10 @@ module Dependabot
 
         DEPENDENCY_TYPES = %w(packages dev-packages).freeze
 
-        attr_reader :dependencies, :dependency_files, :credentials, :repo_contents_path
+        attr_reader :dependencies
+        attr_reader :dependency_files
+        attr_reader :credentials
+        attr_reader :repo_contents_path
 
         def initialize(dependencies:, dependency_files:, credentials:, repo_contents_path:)
           @dependencies = dependencies

data/lib/dependabot/python/file_updater/pipfile_manifest_updater.rb

@@ -31,7 +31,8 @@ module Dependabot
 
         private
 
-        attr_reader :dependencies, :manifest
+        attr_reader :dependencies
+        attr_reader :manifest
 
         def update_requirements(content:, dependency:)
           updated_content = content.dup

data/lib/dependabot/python/file_updater/pipfile_preparer.rb

@@ -41,7 +41,8 @@ module Dependabot
 
         private
 
-        attr_reader :pipfile_content, :lockfile
+        attr_reader :pipfile_content
+        attr_reader :lockfile
 
         def pipfile_sources
           @pipfile_sources ||= TomlRB.parse(pipfile_content).fetch("source", [])

data/lib/dependabot/python/file_updater/poetry_file_updater.rb

@@ -19,7 +19,9 @@ module Dependabot
       class PoetryFileUpdater
         require_relative "pyproject_preparer"
 
-        attr_reader :dependencies, :dependency_files, :credentials
+        attr_reader :dependencies
+        attr_reader :dependency_files
+        attr_reader :credentials
 
         def initialize(dependencies:, dependency_files:, credentials:)
           @dependencies = dependencies

data/lib/dependabot/python/file_updater/pyproject_preparer.rb

@@ -103,7 +103,8 @@ module Dependabot
 
         private
 
-        attr_reader :pyproject_content, :lockfile
+        attr_reader :pyproject_content
+        attr_reader :lockfile
 
         def locked_details(dep_name)
           parsed_lockfile.fetch("package")

data/lib/dependabot/python/file_updater/requirement_file_updater.rb

@@ -12,7 +12,9 @@ module Dependabot
       class RequirementFileUpdater
         require_relative "requirement_replacer"
 
-        attr_reader :dependencies, :dependency_files, :credentials
+        attr_reader :dependencies
+        attr_reader :dependency_files
+        attr_reader :credentials
 
         def initialize(dependencies:, dependency_files:, credentials:)
           @dependencies = dependencies

data/lib/dependabot/python/file_updater/requirement_replacer.rb

@@ -38,8 +38,11 @@ module Dependabot
 
         private
 
-        attr_reader :content, :dependency_name, :old_requirement,
-                    :new_requirement, :new_hash_version
+        attr_reader :content
+        attr_reader :dependency_name
+        attr_reader :old_requirement
+        attr_reader :new_requirement
+        attr_reader :new_hash_version
 
         def update_hashes?
           !new_hash_version.nil?

data/lib/dependabot/python/file_updater/setup_file_sanitizer.rb

@@ -31,7 +31,8 @@ module Dependabot
 
         private
 
-        attr_reader :setup_file, :setup_cfg
+        attr_reader :setup_file
+        attr_reader :setup_cfg
 
         def include_pbr?
           setup_requires_array.any? { |d| d.start_with?("pbr") }

data/lib/dependabot/python/pipenv_runner.rb

@@ -41,7 +41,9 @@ module Dependabot
 
       private
 
-      attr_reader :dependency, :lockfile, :language_version_manager
+      attr_reader :dependency
+      attr_reader :lockfile
+      attr_reader :language_version_manager
 
       def fetch_version_from_parsed_lockfile(updated_lockfile)
         deps = updated_lockfile[lockfile_section] || {}

data/lib/dependabot/python/update_checker/index_finder.rb

@@ -40,7 +40,8 @@ module Dependabot
 
         private
 
-        attr_reader :dependency_files, :credentials
+        attr_reader :dependency_files
+        attr_reader :credentials
 
         def main_index_url
           url =

data/lib/dependabot/python/update_checker/latest_version_finder.rb

@@ -49,8 +49,11 @@ module Dependabot
 
         private
 
-        attr_reader :dependency, :dependency_files, :credentials,
-                    :ignored_versions, :security_advisories
+        attr_reader :dependency
+        attr_reader :dependency_files
+        attr_reader :credentials
+        attr_reader :ignored_versions
+        attr_reader :security_advisories
 
         def fetch_latest_version(python_version:)
           versions = available_versions

data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb

@@ -33,7 +33,10 @@ module Dependabot
         RESOLUTION_IMPOSSIBLE_ERROR = "ResolutionImpossible"
         ERROR_REGEX = /(?<=ERROR\:\W).*$/
 
-        attr_reader :dependency, :dependency_files, :credentials, :repo_contents_path
+        attr_reader :dependency
+        attr_reader :dependency_files
+        attr_reader :credentials
+        attr_reader :repo_contents_path
 
         def initialize(dependency:, dependency_files:, credentials:, repo_contents_path:)
           @dependency               = dependency

data/lib/dependabot/python/update_checker/pip_version_resolver.rb

@@ -37,8 +37,11 @@ module Dependabot
 
         private
 
-        attr_reader :dependency, :dependency_files, :credentials,
-                    :ignored_versions, :security_advisories
+        attr_reader :dependency
+        attr_reader :dependency_files
+        attr_reader :credentials
+        attr_reader :ignored_versions
+        attr_reader :security_advisories
 
         def latest_version_finder
           @latest_version_finder ||= LatestVersionFinder.new(

data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb

@@ -32,7 +32,10 @@ module Dependabot
 
         PIPENV_RANGE_WARNING = /Warning:\sPython\s[<>].* was not found/
 
-        attr_reader :dependency, :dependency_files, :credentials, :repo_contents_path
+        attr_reader :dependency
+        attr_reader :dependency_files
+        attr_reader :credentials
+        attr_reader :repo_contents_path
 
         def initialize(dependency:, dependency_files:, credentials:, repo_contents_path:)
           @dependency               = dependency

data/lib/dependabot/python/update_checker/poetry_version_resolver.rb

@@ -38,7 +38,10 @@ module Dependabot
           \s+check\syour\sgit\sconfiguration
         /mx
 
-        attr_reader :dependency, :dependency_files, :credentials, :repo_contents_path
+        attr_reader :dependency
+        attr_reader :dependency_files
+        attr_reader :credentials
+        attr_reader :repo_contents_path
 
         def initialize(dependency:, dependency_files:, credentials:, repo_contents_path:)
           @dependency               = dependency

data/lib/dependabot/python/update_checker/requirements_updater.rb

@@ -16,8 +16,10 @@ module Dependabot
 
         class UnfixableRequirement < StandardError; end
 
-        attr_reader :requirements, :update_strategy, :has_lockfile,
-                    :latest_resolvable_version
+        attr_reader :requirements
+        attr_reader :update_strategy
+        attr_reader :has_lockfile
+        attr_reader :latest_resolvable_version
 
         def initialize(requirements:, update_strategy:, has_lockfile:,
                        latest_resolvable_version:)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-python
 version: !ruby/object:Gem::Version
-  version: 0.248.0
+  version: 0.249.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-03-21 00:00:00.000000000 Z
+date: 2024-03-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.248.0
+        version: 0.249.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.248.0
+        version: 0.249.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -288,7 +288,7 @@ licenses:
 - Nonstandard
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.248.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.249.0
 post_install_message: 
 rdoc_options: []
 require_paths: