dependabot-python 0.260.0 → 0.261.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 41b8b323a1393ba65b278a0cb9b333cc12f38ebf6ef744f7a68905f3cebc4055
4
- data.tar.gz: 2102bb88ef040557b38c6e8dcce3e9a0e8a03e176346cf976835e48b352a63c5
3
+ metadata.gz: 6f7872db15ecad633ad312a58d9aad4445eaa6cc546400e22a7558c67d563b76
4
+ data.tar.gz: fdbe82aa20379236c896e27ed5eabcebbfc4b4c62742596fee5e3a99d00d811c
5
5
  SHA512:
6
- metadata.gz: 7194f93fbc5e3b251a4d7adc949a25c306c9234d8857e19f511378e9b6bba4846dc80d32c664cb15cfec8b53a854124dd47718ee02e1bbc42e84f5a4502f3441
7
- data.tar.gz: 9b16465b177f1a762db9c1716c5e91aab56101f0752aed82cb1dd4d8e4998b5fab9bd9f1951d160b1f01007af8da8cdab0b40618d37fb4544229a27fc68e54cb
6
+ metadata.gz: 14370129f0bbdfe6453b006405e5fd00087ed1b1ed79a0c3e601b8a51196f663924d36db746d4f35ce6fb936d4cda4dbad98d57492bd9a3492757c321a0747ce
7
+ data.tar.gz: 8c69ff20d0554d713c4b329b7b17e04cc69abe50f0fd2641b034b825e71ab5e1bb0c00c9bf904e30d9966764ac06b0ab5a4efb65b2271e0473b54ac994fb2e85
@@ -294,7 +294,7 @@ module Dependabot
294
294
  end
295
295
 
296
296
  def project_files
297
- project_files = []
297
+ project_files = T.let([], T::Array[Dependabot::DependencyFile])
298
298
  unfetchable_deps = []
299
299
 
300
300
  path_dependencies.each do |dep|
@@ -302,7 +302,7 @@ module Dependabot
302
302
  project_files += fetch_project_file(path)
303
303
  rescue Dependabot::DependencyFileNotFound => e
304
304
  unfetchable_deps << if sdist_or_wheel?(path)
305
- e.file_path.gsub(%r{^/}, "")
305
+ e.file_path&.gsub(%r{^/}, "")
306
306
  else
307
307
  "\"#{dep[:name]}\" at #{cleanpath(File.join(directory, dep[:file]))}"
308
308
  end
@@ -311,7 +311,7 @@ module Dependabot
311
311
  poetry_path_dependencies.each do |path|
312
312
  project_files += fetch_project_file(path)
313
313
  rescue Dependabot::DependencyFileNotFound => e
314
- unfetchable_deps << e.file_path.gsub(%r{^/}, "")
314
+ unfetchable_deps << e.file_path&.gsub(%r{^/}, "")
315
315
  end
316
316
 
317
317
  raise Dependabot::PathDependenciesNotReachable, unfetchable_deps if unfetchable_deps.any?
@@ -1,4 +1,4 @@
1
- # typed: false
1
+ # typed: true
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "open3"
@@ -400,10 +400,13 @@ module Dependabot
400
400
  args << index_url if index_url
401
401
 
402
402
  begin
403
- native_helper_hashes = SharedHelpers.run_helper_subprocess(
404
- command: "pyenv exec python3 #{NativeHelpers.python_helper_path}",
405
- function: "get_dependency_hash",
406
- args: args
403
+ native_helper_hashes = T.cast(
404
+ SharedHelpers.run_helper_subprocess(
405
+ command: "pyenv exec python3 #{NativeHelpers.python_helper_path}",
406
+ function: "get_dependency_hash",
407
+ args: args
408
+ ),
409
+ T::Array[T::Hash[String, String]]
407
410
  ).map { |h| "--hash=#{algorithm}:#{h['hash']}" }
408
411
 
409
412
  hashes.concat(native_helper_hashes)
@@ -548,7 +551,7 @@ module Dependabot
548
551
  # If the files we need to update require one another then we need to
549
552
  # update them in the right order
550
553
  def order_filenames_for_compilation(filenames)
551
- ordered_filenames = []
554
+ ordered_filenames = T.let([], T::Array[String])
552
555
 
553
556
  while (remaining_filenames = filenames - ordered_filenames).any?
554
557
  ordered_filenames +=
@@ -1,4 +1,4 @@
1
- # typed: false
1
+ # typed: true
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "dependabot/dependency"
@@ -29,7 +29,7 @@ module Dependabot
29
29
  content.gsub(original_declaration_replacement_regex) do |mtch|
30
30
  # If the "declaration" is setting an option (e.g., no-binary)
31
31
  # ignore it, since it isn't actually a declaration
32
- next mtch if Regexp.last_match.pre_match.match?(/--.*\z/)
32
+ next mtch if Regexp.last_match&.pre_match&.match?(/--.*\z/)
33
33
 
34
34
  updated_dependency_declaration_string
35
35
  end
@@ -1,4 +1,4 @@
1
- # typed: false
1
+ # typed: true
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "excon"
@@ -42,6 +42,7 @@ module Dependabot
42
42
  Source.from_url(source_url)
43
43
  end
44
44
 
45
+ # rubocop:disable Metrics/PerceivedComplexity
45
46
  def source_from_description
46
47
  potential_source_urls = []
47
48
  desc = pypi_listing.dig("info", "description")
@@ -54,8 +55,8 @@ module Dependabot
54
55
  # Looking for a source where the repo name exactly matches the
55
56
  # dependency name
56
57
  match_url = potential_source_urls.find do |url|
57
- repo = Source.from_url(url).repo
58
- repo.downcase.end_with?(normalised_dependency_name)
58
+ repo = Source.from_url(url)&.repo
59
+ repo&.downcase&.end_with?(normalised_dependency_name)
59
60
  end
60
61
 
61
62
  return match_url if match_url
@@ -64,14 +65,18 @@ module Dependabot
64
65
  # mentioned when the link is followed
65
66
  @source_from_description ||=
66
67
  potential_source_urls.find do |url|
67
- full_url = Source.from_url(url).url
68
+ full_url = Source.from_url(url)&.url
69
+ next unless full_url
70
+
68
71
  response = Dependabot::RegistryClient.get(url: full_url)
69
72
  next unless response.status == 200
70
73
 
71
74
  response.body.include?(normalised_dependency_name)
72
75
  end
73
76
  end
77
+ # rubocop:enable Metrics/PerceivedComplexity
74
78
 
79
+ # rubocop:disable Metrics/PerceivedComplexity
75
80
  def source_from_homepage
76
81
  return unless homepage_body
77
82
 
@@ -81,21 +86,24 @@ module Dependabot
81
86
  end
82
87
 
83
88
  match_url = potential_source_urls.find do |url|
84
- repo = Source.from_url(url).repo
85
- repo.downcase.end_with?(normalised_dependency_name)
89
+ repo = Source.from_url(url)&.repo
90
+ repo&.downcase&.end_with?(normalised_dependency_name)
86
91
  end
87
92
 
88
93
  return match_url if match_url
89
94
 
90
95
  @source_from_homepage ||=
91
96
  potential_source_urls.find do |url|
92
- full_url = Source.from_url(url).url
97
+ full_url = Source.from_url(url)&.url
98
+ next unless full_url
99
+
93
100
  response = Dependabot::RegistryClient.get(url: full_url)
94
101
  next unless response.status == 200
95
102
 
96
103
  response.body.include?(normalised_dependency_name)
97
104
  end
98
105
  end
106
+ # rubocop:enable Metrics/PerceivedComplexity
99
107
 
100
108
  def homepage_body
101
109
  homepage_url = pypi_listing.dig("info", "home_page")
@@ -121,7 +129,7 @@ module Dependabot
121
129
 
122
130
  def pypi_listing
123
131
  return @pypi_listing unless @pypi_listing.nil?
124
- return @pypi_listing = {} if dependency.version.include?("+")
132
+ return @pypi_listing = {} if dependency.version&.include?("+")
125
133
 
126
134
  possible_listing_urls.each do |url|
127
135
  response = fetch_authed_url(url)
@@ -140,8 +148,8 @@ module Dependabot
140
148
 
141
149
  def fetch_authed_url(url)
142
150
  if url.match(%r{(.*)://(.*?):(.*)@([^@]+)$}) &&
143
- Regexp.last_match.captures[1].include?("@")
144
- protocol, user, pass, url = Regexp.last_match.captures
151
+ Regexp.last_match&.captures&.[](1)&.include?("@")
152
+ protocol, user, pass, url = T.must(Regexp.last_match).captures
145
153
 
146
154
  Dependabot::RegistryClient.get(
147
155
  url: "#{protocol}://#{url}",
@@ -1,14 +1,20 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "sorbet-runtime"
5
+
4
6
  module Dependabot
5
7
  module Python
6
8
  module NameNormaliser
9
+ extend T::Sig
10
+
11
+ sig { params(name: String).returns(String) }
7
12
  def self.normalise(name)
8
13
  extras_regex = /\[.+\]/
9
14
  name.downcase.gsub(/[-_.]+/, "-").gsub(extras_regex, "")
10
15
  end
11
16
 
17
+ sig { params(name: String, extras: T::Array[String]).returns(String) }
12
18
  def self.normalise_including_extras(name, extras)
13
19
  normalised_name = normalise(name)
14
20
  return normalised_name if extras.empty?
@@ -1,26 +1,35 @@
1
- # typed: true
1
+ # typed: strong
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "sorbet-runtime"
5
+
4
6
  module Dependabot
5
7
  module Python
6
8
  module NativeHelpers
9
+ extend T::Sig
10
+
11
+ sig { returns(String) }
7
12
  def self.python_helper_path
8
13
  clean_path(File.join(python_helpers_dir, "run.py"))
9
14
  end
10
15
 
16
+ sig { returns(String) }
11
17
  def self.python_requirements_path
12
18
  clean_path(File.join(python_helpers_dir, "requirements.txt"))
13
19
  end
14
20
 
21
+ sig { returns(String) }
15
22
  def self.python_helpers_dir
16
23
  File.join(native_helpers_root, "python")
17
24
  end
18
25
 
26
+ sig { returns(String) }
19
27
  def self.native_helpers_root
20
28
  default_path = File.join(__dir__, "../../../..")
21
29
  ENV.fetch("DEPENDABOT_NATIVE_HELPERS_PATH", default_path)
22
30
  end
23
31
 
32
+ sig { params(path: T.nilable(String)).returns(String) }
24
33
  def self.clean_path(path)
25
34
  Pathname.new(path).cleanpath.to_path
26
35
  end
@@ -1,4 +1,4 @@
1
- # typed: false
1
+ # typed: true
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "dependabot/python/update_checker"
@@ -52,8 +52,6 @@ module Dependabot
52
52
  pyproject_index_urls[:main] ||
53
53
  PYPI_BASE_URL
54
54
 
55
- return unless url
56
-
57
55
  clean_check_and_remove_environment_variables(url)
58
56
  end
59
57
 
@@ -1,4 +1,4 @@
1
- # typed: false
1
+ # typed: true
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "open3"
@@ -413,7 +413,7 @@ module Dependabot
413
413
  # If the files we need to update require one another then we need to
414
414
  # update them in the right order
415
415
  def order_filenames_for_compilation(filenames)
416
- ordered_filenames = []
416
+ ordered_filenames = T.let([], T::Array[String])
417
417
 
418
418
  while (remaining_filenames = filenames - ordered_filenames).any?
419
419
  ordered_filenames +=
@@ -1,4 +1,4 @@
1
- # typed: false
1
+ # typed: true
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "excon"
@@ -113,12 +113,13 @@ module Dependabot
113
113
  raise "No version in lockfile!"
114
114
  end
115
115
 
116
+ # rubocop:disable Metrics/AbcSize
116
117
  def handle_poetry_errors(error)
117
118
  if error.message.gsub(/\s/, "").match?(GIT_REFERENCE_NOT_FOUND_REGEX)
118
119
  message = error.message.gsub(/\s/, "")
119
120
  match = message.match(GIT_REFERENCE_NOT_FOUND_REGEX)
120
121
  name = if (url = match.named_captures.fetch("url"))
121
- File.basename(URI.parse(url).path)
122
+ File.basename(T.must(URI.parse(url).path))
122
123
  else
123
124
  message.match(GIT_REFERENCE_NOT_FOUND_REGEX)
124
125
  .named_captures.fetch("name")
@@ -146,6 +147,7 @@ module Dependabot
146
147
  # change then we want to hear about it
147
148
  raise
148
149
  end
150
+ # rubocop:enable Metrics/AbcSize
149
151
 
150
152
  # Using `--lock` avoids doing an install.
151
153
  # Using `--no-interaction` avoids asking for passwords.
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.260.0
4
+ version: 0.261.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-06-06 00:00:00.000000000 Z
11
+ date: 2024-06-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.260.0
19
+ version: 0.261.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.260.0
26
+ version: 0.261.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -288,7 +288,7 @@ licenses:
288
288
  - MIT
289
289
  metadata:
290
290
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
291
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.260.0
291
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.261.0
292
292
  post_install_message:
293
293
  rdoc_options: []
294
294
  require_paths: