dependabot-python 0.253.0 → 0.255.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c1e05506cf84267bd43a63e0db63d939c458872d75519148d1b7186bc1297949
4
- data.tar.gz: a8df3880bd956cd02fc30cc458ebe967ab764e4a37583d654a79bbafbce31513
3
+ metadata.gz: 631b990e99ca7a3be0911a8bf0e8355e2ffa8076a760a2677a99d4359503798a
4
+ data.tar.gz: 10e7a86fcf9a94f1af3d45f9cbc97afae3f91f0c8fe0442b0c1aa38a4fc92347
5
5
  SHA512:
6
- metadata.gz: a47450613132feac9d741e58d3ffbdc9f0cbb28903772f23cd460c6f8b1b16f5467ad160ef5ff55d0bdb4051ef4abca56c20e7dee6a832bd388394a7d201d427
7
- data.tar.gz: f1792da350a5ca7d8495ff525a7b8833bab4b3eead8262d061b26ad5535806b53899c06f71ddc0e00b4ba83cb0c2902c721bc955839ffe807b4dab73b9e42a1d
6
+ metadata.gz: 3ceb72b14d9a1b4f787e00574259b0f75fb840173e16ba535233b49696661ff60e36b4d9fe25f6b130831e56ad36be19c7f1ca8752dd39fe1b3dd5641097a96f
7
+ data.tar.gz: 5e8b5844b682e2714e87e433412ed0699d61f114bb1f78d98bc7ad41cbafac12b915caeff12ee3d0facdf88e31862758b96d99e73606bb17c3ae817eada8dd18
@@ -1,17 +1,26 @@
1
1
  import hashin
2
2
  import json
3
3
  import plette
4
+ import traceback
4
5
  from poetry.factory import Factory
5
6
 
6
7
 
7
- def get_dependency_hash(dependency_name, dependency_version, algorithm):
8
- hashes = hashin.get_package_hashes(
9
- dependency_name,
10
- version=dependency_version,
11
- algorithm=algorithm
12
- )
13
-
14
- return json.dumps({"result": hashes["hashes"]})
8
+ def get_dependency_hash(dependency_name, dependency_version, algorithm,
9
+ index_url=hashin.DEFAULT_INDEX_URL):
10
+ try:
11
+ hashes = hashin.get_package_hashes(
12
+ dependency_name,
13
+ version=dependency_version,
14
+ algorithm=algorithm,
15
+ index_url=index_url
16
+ )
17
+ return json.dumps({"result": hashes["hashes"]})
18
+ except hashin.PackageNotFoundError as e:
19
+ return json.dumps({
20
+ "error": repr(e),
21
+ "error_class:": e.__class__.__name__,
22
+ "trace:": ''.join(traceback.format_stack())
23
+ })
15
24
 
16
25
 
17
26
  def get_pipfile_hash(directory):
@@ -2,8 +2,8 @@ pip==24.0
2
2
  pip-tools==7.4.1
3
3
  flake8==7.0.0
4
4
  hashin==1.0.1
5
- pipenv==2023.11.17
6
- plette==0.4.4
5
+ pipenv==2023.12.1
6
+ plette==2.0.2
7
7
  poetry==1.8.2
8
8
  # TODO: Replace 3p package `toml` with 3.11's new stdlib `tomllib` once we drop support for Python 3.10.
9
9
  toml==0.10.2
@@ -83,7 +83,12 @@ module Dependabot
83
83
  def python_version_file_version
84
84
  return unless python_version_file
85
85
 
86
- file_version = python_version_file.content.strip
86
+ # read the content, split into lines and remove any lines with '#'
87
+ content_lines = python_version_file.content.each_line.map do |line|
88
+ line.sub(/#.*$/, " ").strip
89
+ end.reject(&:empty?)
90
+
91
+ file_version = content_lines.first
87
92
  return if file_version&.empty?
88
93
  return unless pyenv_versions.include?("#{file_version}\n")
89
94
 
@@ -34,10 +34,11 @@ module Dependabot
34
34
  attr_reader :dependency_files
35
35
  attr_reader :credentials
36
36
 
37
- def initialize(dependencies:, dependency_files:, credentials:)
37
+ def initialize(dependencies:, dependency_files:, credentials:, index_urls: nil)
38
38
  @dependencies = dependencies
39
39
  @dependency_files = dependency_files
40
40
  @credentials = credentials
41
+ @index_urls = index_urls
41
42
  @build_isolation = true
42
43
  end
43
44
 
@@ -265,7 +266,8 @@ module Dependabot
265
266
  content: file.content,
266
267
  dependency_name: dependency.name,
267
268
  old_requirement: old_req[:requirement],
268
- new_requirement: "==#{dependency.version}"
269
+ new_requirement: "==#{dependency.version}",
270
+ index_urls: @index_urls
269
271
  ).updated_content
270
272
  end
271
273
 
@@ -283,7 +285,8 @@ module Dependabot
283
285
  content: file.content,
284
286
  dependency_name: dependency.name,
285
287
  old_requirement: old_req[:requirement],
286
- new_requirement: new_req[:requirement]
288
+ new_requirement: new_req[:requirement],
289
+ index_urls: @index_urls
287
290
  ).updated_content
288
291
  end
289
292
 
@@ -389,11 +392,29 @@ module Dependabot
389
392
  end
390
393
 
391
394
  def package_hashes_for(name:, version:, algorithm:)
392
- SharedHelpers.run_helper_subprocess(
393
- command: "pyenv exec python3 #{NativeHelpers.python_helper_path}",
394
- function: "get_dependency_hash",
395
- args: [name, version, algorithm]
396
- ).map { |h| "--hash=#{algorithm}:#{h['hash']}" }
395
+ index_urls = @index_urls || [nil]
396
+ hashes = []
397
+
398
+ index_urls.each do |index_url|
399
+ args = [name, version, algorithm]
400
+ args << index_url if index_url
401
+
402
+ begin
403
+ native_helper_hashes = SharedHelpers.run_helper_subprocess(
404
+ command: "pyenv exec python3 #{NativeHelpers.python_helper_path}",
405
+ function: "get_dependency_hash",
406
+ args: args
407
+ ).map { |h| "--hash=#{algorithm}:#{h['hash']}" }
408
+
409
+ hashes.concat(native_helper_hashes)
410
+ rescue SharedHelpers::HelperSubprocessFailed => e
411
+ raise unless e.error_class.include?("PackageNotFoundError")
412
+
413
+ next
414
+ end
415
+ end
416
+
417
+ hashes
397
418
  end
398
419
 
399
420
  def hash_separator(requirement_string)
@@ -16,10 +16,11 @@ module Dependabot
16
16
  attr_reader :dependency_files
17
17
  attr_reader :credentials
18
18
 
19
- def initialize(dependencies:, dependency_files:, credentials:)
19
+ def initialize(dependencies:, dependency_files:, credentials:, index_urls: nil)
20
20
  @dependencies = dependencies
21
21
  @dependency_files = dependency_files
22
22
  @credentials = credentials
23
+ @index_urls = index_urls
23
24
  end
24
25
 
25
26
  def updated_dependency_files
@@ -58,7 +59,8 @@ module Dependabot
58
59
  dependency_name: dependency.name,
59
60
  old_requirement: old_req.fetch(:requirement),
60
61
  new_requirement: new_req.fetch(:requirement),
61
- new_hash_version: dependency.version
62
+ new_hash_version: dependency.version,
63
+ index_urls: @index_urls
62
64
  ).updated_content
63
65
  end
64
66
 
@@ -12,13 +12,16 @@ module Dependabot
12
12
  module Python
13
13
  class FileUpdater
14
14
  class RequirementReplacer
15
+ PACKAGE_NOT_FOUND_ERROR = "PackageNotFoundError"
16
+
15
17
  def initialize(content:, dependency_name:, old_requirement:,
16
- new_requirement:, new_hash_version: nil)
18
+ new_requirement:, new_hash_version: nil, index_urls: nil)
17
19
  @content = content
18
20
  @dependency_name = normalise(dependency_name)
19
21
  @old_requirement = old_requirement
20
22
  @new_requirement = new_requirement
21
23
  @new_hash_version = new_hash_version
24
+ @index_urls = index_urls
22
25
  end
23
26
 
24
27
  def updated_content
@@ -137,11 +140,28 @@ module Dependabot
137
140
  end
138
141
 
139
142
  def package_hashes_for(name:, version:, algorithm:)
140
- SharedHelpers.run_helper_subprocess(
141
- command: "pyenv exec python3 #{NativeHelpers.python_helper_path}",
142
- function: "get_dependency_hash",
143
- args: [name, version, algorithm]
144
- ).map { |h| "--hash=#{algorithm}:#{h['hash']}" }
143
+ index_urls = @index_urls || [nil]
144
+
145
+ index_urls.map do |index_url|
146
+ args = [name, version, algorithm]
147
+ args << index_url unless index_url.nil?
148
+
149
+ begin
150
+ result = SharedHelpers.run_helper_subprocess(
151
+ command: "pyenv exec python3 #{NativeHelpers.python_helper_path}",
152
+ function: "get_dependency_hash",
153
+ args: args
154
+ )
155
+ rescue SharedHelpers::HelperSubprocessFailed => e
156
+ raise unless e.message.include?("PackageNotFoundError")
157
+
158
+ next
159
+ end
160
+
161
+ return result.map { |h| "--hash=#{algorithm}:#{h['hash']}" } if result.is_a?(Array)
162
+ end
163
+
164
+ raise Dependabot::DependencyFileNotResolvable, "Unable to find hashes for package #{name}"
145
165
  end
146
166
 
147
167
  def original_dependency_declaration_string(old_req)
@@ -21,7 +21,7 @@ module Dependabot
21
21
  # in the lockfile.
22
22
  content =
23
23
  "from setuptools import setup\n\n" \
24
- "setup(name=\"sanitized-package\",version=\"0.0.1\"," \
24
+ "setup(name=\"#{package_name}\",version=\"0.0.1\"," \
25
25
  "install_requires=#{install_requires_array.to_json}," \
26
26
  "extras_require=#{extras_require_hash.to_json}"
27
27
 
@@ -85,6 +85,12 @@ module Dependabot
85
85
  ].compact
86
86
  ).dependency_set
87
87
  end
88
+
89
+ def package_name
90
+ content = setup_file.content
91
+ match = content.match(/name\s*=\s*['"](?<package_name>[^'"]+)['"]/)
92
+ match ? match[:package_name] : "default_package_name"
93
+ end
88
94
  end
89
95
  end
90
96
  end
@@ -105,7 +105,8 @@ module Dependabot
105
105
  PipCompileFileUpdater.new(
106
106
  dependencies: dependencies,
107
107
  dependency_files: dependency_files,
108
- credentials: credentials
108
+ credentials: credentials,
109
+ index_urls: pip_compile_index_urls
109
110
  ).updated_dependency_files
110
111
  end
111
112
 
@@ -113,10 +114,22 @@ module Dependabot
113
114
  RequirementFileUpdater.new(
114
115
  dependencies: dependencies,
115
116
  dependency_files: dependency_files,
116
- credentials: credentials
117
+ credentials: credentials,
118
+ index_urls: pip_compile_index_urls
117
119
  ).updated_dependency_files
118
120
  end
119
121
 
122
+ def pip_compile_index_urls
123
+ if credentials.any?(&:replaces_base?)
124
+ credentials.select(&:replaces_base?).map { |cred| AuthedUrlBuilder.authed_url(credential: cred) }
125
+ else
126
+ urls = credentials.map { |cred| AuthedUrlBuilder.authed_url(credential: cred) }
127
+ # If there are no credentials that replace the base, we need to
128
+ # ensure that the base URL is included in the list of extra-index-urls.
129
+ [nil, *urls]
130
+ end
131
+ end
132
+
120
133
  def check_required_files
121
134
  filenames = dependency_files.map(&:name)
122
135
  return if filenames.any? { |name| name.end_with?(".txt", ".in") }
@@ -9,8 +9,8 @@ module Dependabot
9
9
  class LanguageVersionManager
10
10
  # This list must match the versions specified at the top of `python/Dockerfile`
11
11
  PRE_INSTALLED_PYTHON_VERSIONS = %w(
12
- 3.12.2
13
- 3.11.8
12
+ 3.12.3
13
+ 3.11.9
14
14
  3.10.13
15
15
  3.9.18
16
16
  3.8.18
@@ -262,6 +262,8 @@ module Dependabot
262
262
  def library?
263
263
  return false unless updating_pyproject?
264
264
 
265
+ return false if library_details["name"].nil?
266
+
265
267
  # Hit PyPi and check whether there are details for a library with a
266
268
  # matching name and description
267
269
  index_response = Dependabot::RegistryClient.get(
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.253.0
4
+ version: 0.255.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-04-18 00:00:00.000000000 Z
11
+ date: 2024-05-03 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,28 +16,28 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.253.0
19
+ version: 0.255.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.253.0
26
+ version: 0.255.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - "~>"
32
32
  - !ruby/object:Gem::Version
33
- version: 1.8.0
33
+ version: 1.9.2
34
34
  type: :development
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: 1.8.0
40
+ version: 1.9.2
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: gpgme
43
43
  requirement: !ruby/object:Gem::Requirement
@@ -114,56 +114,70 @@ dependencies:
114
114
  requirements:
115
115
  - - "~>"
116
116
  - !ruby/object:Gem::Version
117
- version: 1.58.0
117
+ version: 1.63.2
118
118
  type: :development
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - "~>"
123
123
  - !ruby/object:Gem::Version
124
- version: 1.58.0
124
+ version: 1.63.2
125
125
  - !ruby/object:Gem::Dependency
126
126
  name: rubocop-performance
127
127
  requirement: !ruby/object:Gem::Requirement
128
128
  requirements:
129
129
  - - "~>"
130
130
  - !ruby/object:Gem::Version
131
- version: 1.19.0
131
+ version: 1.21.0
132
132
  type: :development
133
133
  prerelease: false
134
134
  version_requirements: !ruby/object:Gem::Requirement
135
135
  requirements:
136
136
  - - "~>"
137
137
  - !ruby/object:Gem::Version
138
- version: 1.19.0
138
+ version: 1.21.0
139
139
  - !ruby/object:Gem::Dependency
140
140
  name: rubocop-rspec
141
141
  requirement: !ruby/object:Gem::Requirement
142
142
  requirements:
143
143
  - - "~>"
144
144
  - !ruby/object:Gem::Version
145
- version: 2.27.1
145
+ version: 2.29.1
146
146
  type: :development
147
147
  prerelease: false
148
148
  version_requirements: !ruby/object:Gem::Requirement
149
149
  requirements:
150
150
  - - "~>"
151
151
  - !ruby/object:Gem::Version
152
- version: 2.27.1
152
+ version: 2.29.1
153
153
  - !ruby/object:Gem::Dependency
154
154
  name: rubocop-sorbet
155
155
  requirement: !ruby/object:Gem::Requirement
156
156
  requirements:
157
157
  - - "~>"
158
158
  - !ruby/object:Gem::Version
159
- version: 0.7.3
159
+ version: 0.8.1
160
+ type: :development
161
+ prerelease: false
162
+ version_requirements: !ruby/object:Gem::Requirement
163
+ requirements:
164
+ - - "~>"
165
+ - !ruby/object:Gem::Version
166
+ version: 0.8.1
167
+ - !ruby/object:Gem::Dependency
168
+ name: simplecov
169
+ requirement: !ruby/object:Gem::Requirement
170
+ requirements:
171
+ - - "~>"
172
+ - !ruby/object:Gem::Version
173
+ version: 0.22.0
160
174
  type: :development
161
175
  prerelease: false
162
176
  version_requirements: !ruby/object:Gem::Requirement
163
177
  requirements:
164
178
  - - "~>"
165
179
  - !ruby/object:Gem::Version
166
- version: 0.7.3
180
+ version: 0.22.0
167
181
  - !ruby/object:Gem::Dependency
168
182
  name: turbo_tests
169
183
  requirement: !ruby/object:Gem::Requirement
@@ -274,7 +288,7 @@ licenses:
274
288
  - Nonstandard
275
289
  metadata:
276
290
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
277
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.253.0
291
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.255.0
278
292
  post_install_message:
279
293
  rdoc_options: []
280
294
  require_paths:
@@ -290,7 +304,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
290
304
  - !ruby/object:Gem::Version
291
305
  version: 3.1.0
292
306
  requirements: []
293
- rubygems_version: 3.3.26
307
+ rubygems_version: 3.5.9
294
308
  signing_key:
295
309
  specification_version: 4
296
310
  summary: Provides Dependabot support for Python