dependabot-python 0.276.0 → 0.277.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/requirements.txt +1 -1
  3. data/lib/dependabot/python/file_updater/pipfile_file_updater.rb +8 -0
  4. data/lib/dependabot/python/file_updater/pipfile_preparer.rb +15 -0
  5. data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb +9 -1
  6. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b0c0ebe17176ecc264d11ac2b7e4a4b569f89d9caef5d82855c804045c23c2f2
4
- data.tar.gz: caa6f4908c81929629fa4df74457c3ef18d67533eec81b0863f0b5b5d366ea52
3
+ metadata.gz: 4da06b9469d330346925302b154afcdd9fc86b56bebf83cdfdd507e5c0c5d49d
4
+ data.tar.gz: e19f02eb10fd9a05c18173efcf0ea1731af7a2bb90a9e984b5dadf39f39b5040
5
5
  SHA512:
6
- metadata.gz: 0237ca31de163f73dc570289e2f103d4d1400fd6ca65adadd2ea9e8bb648d10a25500969513236cfc9c3047339ced25f5188101b15128ce584c95991f458957b
7
- data.tar.gz: 677869a2cda25d91e93c3cf7dd6a6174e1c471c0f4234ece66e5231ac52864c283a1c740d2d5b4b2c40589a77440c2868e47ce38969cf277059431a4731e4550
6
+ metadata.gz: f5a8f5476bb1b546f0eb7914e3736e714f6411efada1e5937328733829e7ebeeb698f221177aca327608d6f4c44b6dd9b4469fda1bfab7b2a6b005ef23235678
7
+ data.tar.gz: 14f76ec80065edbe87d2443825ec7ae9eaca97d94d6ee387e112242b407b60b96dd30ae105f4095196b7557e986225fed2a2a9429a662595f00f028d55da43d5
data/helpers/requirements.txt CHANGED
@@ -2,7 +2,7 @@ pip==24.0
2
2
  pip-tools==7.4.1
3
3
  flake8==7.1.0
4
4
  hashin==1.0.1
5
- pipenv==2023.12.1
5
+ pipenv==2024.0.2
6
6
  plette==2.1.0
7
7
  poetry==1.8.3
8
8
  # TODO: Replace 3p package `toml` with 3.11's new stdlib `tomllib` once we drop support for Python 3.10.
data/lib/dependabot/python/file_updater/pipfile_file_updater.rb CHANGED
@@ -133,6 +133,8 @@ module Dependabot
133
133
  content = updated_pipfile_content
134
134
  content = add_private_sources(content)
135
135
  content = update_python_requirement(content)
136
+ content = update_ssl_requirement(content, updated_pipfile_content)
137
+
136
138
  content
137
139
  end
138
140
 
@@ -142,6 +144,12 @@ module Dependabot
142
144
  .update_python_requirement(language_version_manager.python_major_minor)
143
145
  end
144
146
 
147
+ def update_ssl_requirement(pipfile_content, parsed_file)
148
+ Python::FileUpdater::PipfilePreparer
149
+ .new(pipfile_content: pipfile_content)
150
+ .update_ssl_requirement(parsed_file)
151
+ end
152
+
145
153
  def add_private_sources(pipfile_content)
146
154
  PipfilePreparer
147
155
  .new(pipfile_content: pipfile_content)
data/lib/dependabot/python/file_updater/pipfile_preparer.rb CHANGED
@@ -39,6 +39,21 @@ module Dependabot
39
39
  TomlRB.dump(pipfile_object)
40
40
  end
41
41
 
42
+ def update_ssl_requirement(parsed_file)
43
+ pipfile_object = TomlRB.parse(pipfile_content)
44
+ parsed_object = TomlRB.parse(parsed_file)
45
+
46
+ # we parse the verify_ssl value from manifest if it exists
47
+ verify_ssl = parsed_object["source"].map { |x| x["verify_ssl"] }.first
48
+
49
+ # provide a default "true" value to file generator in case no value is provided in manifest file
50
+ pipfile_object["source"].each do |key|
51
+ key["verify_ssl"] = verify_ssl.nil? ? true : verify_ssl
52
+ end
53
+
54
+ TomlRB.dump(pipfile_object)
55
+ end
56
+
42
57
  private
43
58
 
44
59
  attr_reader :pipfile_content
data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb CHANGED
@@ -30,7 +30,7 @@ module Dependabot
30
30
  PIPENV_INSTALLATION_ERROR_REGEX =
31
31
  /[\s\S]*Collecting\s(?<name>.+)\s\(from\s-r.+\)[\s\S]*(#{PIPENV_INSTALLATION_ERROR})/
32
32
 
33
- PIPENV_RANGE_WARNING = /Warning:\sPython\s[<>].* was not found/
33
+ PIPENV_RANGE_WARNING = /Python version range specifier '(?<ver>.*)' is not supported/
34
34
 
35
35
  attr_reader :dependency
36
36
  attr_reader :dependency_files
@@ -284,6 +284,8 @@ module Dependabot
284
284
  content = pipfile.content
285
285
  content = add_private_sources(content)
286
286
  content = update_python_requirement(content)
287
+ content = update_ssl_requirement(content, pipfile.content)
288
+
287
289
  content
288
290
  end
289
291
 
@@ -293,6 +295,12 @@ module Dependabot
293
295
  .update_python_requirement(language_version_manager.python_major_minor)
294
296
  end
295
297
 
298
+ def update_ssl_requirement(pipfile_content, parsed_file)
299
+ Python::FileUpdater::PipfilePreparer
300
+ .new(pipfile_content: pipfile_content)
301
+ .update_ssl_requirement(parsed_file)
302
+ end
303
+
296
304
  def add_private_sources(pipfile_content)
297
305
  Python::FileUpdater::PipfilePreparer
298
306
  .new(pipfile_content: pipfile_content)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.276.0
4
+ version: 0.277.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-09-19 00:00:00.000000000 Z
11
+ date: 2024-09-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.276.0
19
+ version: 0.277.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.276.0
26
+ version: 0.277.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -288,7 +288,7 @@ licenses:
288
288
  - MIT
289
289
  metadata:
290
290
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
291
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.276.0
291
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.277.0
292
292
  post_install_message:
293
293
  rdoc_options: []
294
294
  require_paths: