dependabot-python 0.263.0 → 0.265.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/helpers/requirements.txt +1 -1
- data/lib/dependabot/python/authed_url_builder.rb +1 -0
- data/lib/dependabot/python/file_fetcher.rb +2 -2
- data/lib/dependabot/python/file_updater.rb +30 -8
- data/lib/dependabot/python/pip_compile_file_matcher.rb +9 -3
- data/lib/dependabot/python/requirement.rb +7 -2
- data/lib/dependabot/python/update_checker/requirements_updater.rb +5 -5
- metadata +5 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 428bb1e1c9c44c9ef4b889e90d8f76386e0a178d1f8fe294043118964cb26c48
|
4
|
+
data.tar.gz: 8f2462ce25b115f32eb8d25290aa55704ec7b945c117e21f51577801688a76ee
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f0b68334df8cc79d5f4875e73398ac9e593480d1865df9ab63781dc20ddd88eead8bbcb5ef0e74c2a24a7859389f5f19d863b20c090aef2a3aa4f49f20c55309
|
7
|
+
data.tar.gz: a40dfb15cc8c8fa70aba4cf8a8ba340b12b698ba24e195a2ef359e09992d17918eccf2d7165e606da15a652d351f81b1f2bbb7f6cc5cfdf92963aa346ce90e6e
|
data/helpers/requirements.txt
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: true
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require "toml-rb"
|
@@ -139,7 +139,7 @@ module Dependabot
|
|
139
139
|
|
140
140
|
# Check the top-level for a .python-version file, too
|
141
141
|
reverse_path = Pathname.new(directory[0]).relative_path_from(directory)
|
142
|
-
@python_version_file
|
142
|
+
@python_version_file =
|
143
143
|
fetch_support_file(File.join(reverse_path, ".python-version"))
|
144
144
|
&.tap { |f| f.name = ".python-version" }
|
145
145
|
end
|
@@ -1,19 +1,23 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: strict
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require "toml-rb"
|
5
5
|
require "dependabot/file_updaters"
|
6
6
|
require "dependabot/file_updaters/base"
|
7
7
|
require "dependabot/shared_helpers"
|
8
|
+
require "sorbet-runtime"
|
8
9
|
|
9
10
|
module Dependabot
|
10
11
|
module Python
|
11
12
|
class FileUpdater < Dependabot::FileUpdaters::Base
|
13
|
+
extend T::Sig
|
14
|
+
|
12
15
|
require_relative "file_updater/pipfile_file_updater"
|
13
16
|
require_relative "file_updater/pip_compile_file_updater"
|
14
17
|
require_relative "file_updater/poetry_file_updater"
|
15
18
|
require_relative "file_updater/requirement_file_updater"
|
16
19
|
|
20
|
+
sig { override.returns(T::Array[Regexp]) }
|
17
21
|
def self.updated_files_regex
|
18
22
|
[
|
19
23
|
/^Pipfile$/,
|
@@ -27,6 +31,7 @@ module Dependabot
|
|
27
31
|
]
|
28
32
|
end
|
29
33
|
|
34
|
+
sig { override.returns(T::Array[DependencyFile]) }
|
30
35
|
def updated_dependency_files
|
31
36
|
updated_files =
|
32
37
|
case resolver_type
|
@@ -48,6 +53,8 @@ module Dependabot
|
|
48
53
|
private
|
49
54
|
|
50
55
|
# rubocop:disable Metrics/PerceivedComplexity
|
56
|
+
|
57
|
+
sig { returns(Symbol) }
|
51
58
|
def resolver_type
|
52
59
|
reqs = dependencies.flat_map(&:requirements)
|
53
60
|
changed_reqs = reqs.zip(dependencies.flat_map(&:previous_requirements))
|
@@ -76,6 +83,7 @@ module Dependabot
|
|
76
83
|
end
|
77
84
|
# rubocop:enable Metrics/PerceivedComplexity
|
78
85
|
|
86
|
+
sig { returns(Symbol) }
|
79
87
|
def subdependency_resolver
|
80
88
|
return :pipfile if pipfile_lock
|
81
89
|
return :poetry if poetry_lock
|
@@ -84,6 +92,7 @@ module Dependabot
|
|
84
92
|
raise "Claimed to be a sub-dependency, but no lockfile exists!"
|
85
93
|
end
|
86
94
|
|
95
|
+
sig { returns(T::Array[DependencyFile]) }
|
87
96
|
def updated_pipfile_based_files
|
88
97
|
PipfileFileUpdater.new(
|
89
98
|
dependencies: dependencies,
|
@@ -93,6 +102,7 @@ module Dependabot
|
|
93
102
|
).updated_dependency_files
|
94
103
|
end
|
95
104
|
|
105
|
+
sig { returns(T::Array[DependencyFile]) }
|
96
106
|
def updated_poetry_based_files
|
97
107
|
PoetryFileUpdater.new(
|
98
108
|
dependencies: dependencies,
|
@@ -101,6 +111,7 @@ module Dependabot
|
|
101
111
|
).updated_dependency_files
|
102
112
|
end
|
103
113
|
|
114
|
+
sig { returns(T::Array[DependencyFile]) }
|
104
115
|
def updated_pip_compile_based_files
|
105
116
|
PipCompileFileUpdater.new(
|
106
117
|
dependencies: dependencies,
|
@@ -110,6 +121,7 @@ module Dependabot
|
|
110
121
|
).updated_dependency_files
|
111
122
|
end
|
112
123
|
|
124
|
+
sig { returns(T::Array[DependencyFile]) }
|
113
125
|
def updated_requirement_based_files
|
114
126
|
RequirementFileUpdater.new(
|
115
127
|
dependencies: dependencies,
|
@@ -119,6 +131,7 @@ module Dependabot
|
|
119
131
|
).updated_dependency_files
|
120
132
|
end
|
121
133
|
|
134
|
+
sig { returns(T::Array[String]) }
|
122
135
|
def pip_compile_index_urls
|
123
136
|
if credentials.any?(&:replaces_base?)
|
124
137
|
credentials.select(&:replaces_base?).map { |cred| AuthedUrlBuilder.authed_url(credential: cred) }
|
@@ -130,6 +143,7 @@ module Dependabot
|
|
130
143
|
end
|
131
144
|
end
|
132
145
|
|
146
|
+
sig { override.void }
|
133
147
|
def check_required_files
|
134
148
|
filenames = dependency_files.map(&:name)
|
135
149
|
return if filenames.any? { |name| name.end_with?(".txt", ".in") }
|
@@ -141,31 +155,39 @@ module Dependabot
|
|
141
155
|
raise "Missing required files!"
|
142
156
|
end
|
143
157
|
|
158
|
+
sig { returns(T::Boolean) }
|
144
159
|
def poetry_based?
|
145
160
|
return false unless pyproject
|
146
161
|
|
147
|
-
!TomlRB.parse(pyproject
|
162
|
+
!TomlRB.parse(pyproject&.content).dig("tool", "poetry").nil?
|
148
163
|
end
|
149
164
|
|
165
|
+
sig { returns(T.nilable(Dependabot::DependencyFile)) }
|
150
166
|
def pipfile
|
151
|
-
@pipfile ||= get_original_file("Pipfile")
|
167
|
+
@pipfile ||= T.let(get_original_file("Pipfile"), T.nilable(Dependabot::DependencyFile))
|
152
168
|
end
|
153
169
|
|
170
|
+
sig { returns(T.nilable(Dependabot::DependencyFile)) }
|
154
171
|
def pipfile_lock
|
155
|
-
@pipfile_lock ||= get_original_file("Pipfile.lock")
|
172
|
+
@pipfile_lock ||= T.let(get_original_file("Pipfile.lock"), T.nilable(Dependabot::DependencyFile))
|
156
173
|
end
|
157
174
|
|
175
|
+
sig { returns(T.nilable(Dependabot::DependencyFile)) }
|
158
176
|
def pyproject
|
159
|
-
@pyproject ||= get_original_file("pyproject.toml")
|
177
|
+
@pyproject ||= T.let(get_original_file("pyproject.toml"), T.nilable(Dependabot::DependencyFile))
|
160
178
|
end
|
161
179
|
|
180
|
+
sig { returns(T.nilable(Dependabot::DependencyFile)) }
|
162
181
|
def poetry_lock
|
163
|
-
@poetry_lock ||= get_original_file("poetry.lock")
|
182
|
+
@poetry_lock ||= T.let(get_original_file("poetry.lock"), T.nilable(Dependabot::DependencyFile))
|
164
183
|
end
|
165
184
|
|
185
|
+
sig { returns(T::Array[DependencyFile]) }
|
166
186
|
def pip_compile_files
|
167
|
-
@pip_compile_files ||=
|
168
|
-
dependency_files.select { |f| f.name.end_with?(".in") }
|
187
|
+
@pip_compile_files ||= T.let(
|
188
|
+
dependency_files.select { |f| f.name.end_with?(".in") },
|
189
|
+
T.nilable(T::Array[DependencyFile])
|
190
|
+
)
|
169
191
|
end
|
170
192
|
end
|
171
193
|
end
|
@@ -1,29 +1,35 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: strict
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
module Dependabot
|
5
5
|
module Python
|
6
6
|
class PipCompileFileMatcher
|
7
|
+
extend T::Sig
|
8
|
+
|
9
|
+
sig { params(requirements_in_files: T::Array[Dependabot::Python::Requirement]).void }
|
7
10
|
def initialize(requirements_in_files)
|
8
11
|
@requirements_in_files = requirements_in_files
|
9
12
|
end
|
10
13
|
|
14
|
+
sig { params(file: Dependabot::DependencyFile).returns(T::Boolean) }
|
11
15
|
def lockfile_for_pip_compile_file?(file)
|
12
16
|
return false unless requirements_in_files.any?
|
13
17
|
|
14
18
|
name = file.name
|
15
19
|
return false unless name.end_with?(".txt")
|
16
20
|
|
17
|
-
return true if file.content
|
21
|
+
return true if file.content&.match?(output_file_regex(name))
|
18
22
|
|
19
23
|
basename = name.gsub(/\.txt$/, "")
|
20
|
-
requirements_in_files.any? { |f| f.name == basename + ".in" }
|
24
|
+
requirements_in_files.any? { |f| f.instance_variable_get(:@name) == basename + ".in" }
|
21
25
|
end
|
22
26
|
|
23
27
|
private
|
24
28
|
|
29
|
+
sig { returns(T::Array[Dependabot::Python::Requirement]) }
|
25
30
|
attr_reader :requirements_in_files
|
26
31
|
|
32
|
+
sig { params(filename: T.any(String, Symbol)).returns(String) }
|
27
33
|
def output_file_regex(filename)
|
28
34
|
"--output-file[=\s]+#{Regexp.escape(filename)}(?:\s|$)"
|
29
35
|
end
|
@@ -20,6 +20,11 @@ module Dependabot
|
|
20
20
|
"===" => ->(v, r) { v.to_s == r.to_s }
|
21
21
|
)
|
22
22
|
|
23
|
+
# Override the lower bound logic for bump versions strategy.
|
24
|
+
BUMP_VERSIONS_OPS = OPS.merge(
|
25
|
+
">=" => ->(v, r) { v.to_s == r.to_s }
|
26
|
+
)
|
27
|
+
|
23
28
|
quoted = OPS.keys.sort_by(&:length).reverse
|
24
29
|
.map { |k| Regexp.quote(k) }.join("|")
|
25
30
|
version_pattern = Python::Version::VERSION_PATTERN
|
@@ -78,10 +83,10 @@ module Dependabot
|
|
78
83
|
super(requirements)
|
79
84
|
end
|
80
85
|
|
81
|
-
def satisfied_by?(version)
|
86
|
+
def satisfied_by?(version, ops = OPS)
|
82
87
|
version = Python::Version.new(version.to_s)
|
83
88
|
|
84
|
-
requirements.all? { |op, rv| (
|
89
|
+
requirements.all? { |op, rv| (ops[op] || ops["="]).call(version, rv) }
|
85
90
|
end
|
86
91
|
|
87
92
|
def exact?
|
@@ -278,14 +278,14 @@ module Dependabot
|
|
278
278
|
requirement_strings.map { |r| requirement_class.new(r) }
|
279
279
|
|
280
280
|
updated_requirement_strings = ruby_requirements.flat_map do |r|
|
281
|
-
next r.to_s if r.satisfied_by?(latest_resolvable_version)
|
281
|
+
next r.to_s if r.satisfied_by?(latest_resolvable_version, Requirement::BUMP_VERSIONS_OPS)
|
282
282
|
|
283
283
|
case op = r.requirements.first.first
|
284
284
|
when "<"
|
285
|
-
"
|
286
|
-
when "<="
|
287
|
-
"
|
288
|
-
when "!=", ">"
|
285
|
+
"#{op}#{update_greatest_version(r.requirements.first.last, latest_resolvable_version)}"
|
286
|
+
when "<=", ">="
|
287
|
+
"#{op}#{latest_resolvable_version}"
|
288
|
+
when "!=", ">"
|
289
289
|
raise UnfixableRequirement
|
290
290
|
else
|
291
291
|
raise "Unexpected op for unsatisfied requirement: #{op}"
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-python
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.265.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-
|
11
|
+
date: 2024-07-11 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.265.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.265.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -288,7 +288,7 @@ licenses:
|
|
288
288
|
- MIT
|
289
289
|
metadata:
|
290
290
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
291
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
291
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.265.0
|
292
292
|
post_install_message:
|
293
293
|
rdoc_options: []
|
294
294
|
require_paths:
|