dependabot-python 0.281.0 → 0.282.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: cb78159e578c1979c167b0539aef17d508c9a07b17b257c05a7d177a3c543d56
|
4
|
+
data.tar.gz: 31e6e4a5c352927c54cca8ef0a9b69265737d1739e9d85622aab8fba4b9e5ac3
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4a15a3f16e2e68aa7c35d2fc3c011e88210a483cc13b7676e6412a035b8dac2abc831f395074185ca21e4bc020aa0cc775bb8d4b8efb3dda2be0332612bdf3f7
|
7
|
+
data.tar.gz: a241cbe9a4b2bab87b9daa50ad2e3ff357b2890f4ecb3f540a97350d44e7a24bd39dcfa660f9d2777d950834ab114ff54183255e35e8edfb22b1daeea92c74ae
|
@@ -24,7 +24,7 @@ module Dependabot
|
|
24
24
|
.map { |k| Regexp.quote(k) }.join("|")
|
25
25
|
version_pattern = Python::Version::VERSION_PATTERN
|
26
26
|
|
27
|
-
PATTERN_RAW = "\\s*(
|
27
|
+
PATTERN_RAW = "\\s*(?<op>#{quoted})?\\s*(?<version>#{version_pattern})\\s*".freeze
|
28
28
|
PATTERN = /\A#{PATTERN_RAW}\z/
|
29
29
|
PARENS_PATTERN = /\A\(([^)]+)\)\z/
|
30
30
|
|
@@ -36,24 +36,14 @@ module Dependabot
|
|
36
36
|
line = matches[1]
|
37
37
|
end
|
38
38
|
|
39
|
-
|
40
|
-
|
41
|
-
if Dependabot::Experiments.enabled?(:python_new_version)
|
42
|
-
quoted = OPS.keys.sort_by(&:length).reverse
|
43
|
-
.map { |k| Regexp.quote(k) }.join("|")
|
44
|
-
version_pattern = Python::Version::NEW_VERSION_PATTERN
|
45
|
-
pattern_raw = "\\s*(?<op>#{quoted})?\\s*(?<version>#{version_pattern})\\s*".freeze
|
46
|
-
pattern = /\A#{pattern_raw}\z/
|
47
|
-
end
|
48
|
-
|
49
|
-
unless (matches = pattern.match(line))
|
39
|
+
unless (matches = PATTERN.match(line))
|
50
40
|
msg = "Illformed requirement [#{obj.inspect}]"
|
51
41
|
raise BadRequirementError, msg
|
52
42
|
end
|
53
43
|
|
54
|
-
return DefaultRequirement if matches[
|
44
|
+
return DefaultRequirement if matches[:op] == ">=" && matches[:version] == "0"
|
55
45
|
|
56
|
-
[matches[
|
46
|
+
[matches[:op] || "=", Python::Version.new(T.must(matches[:version]))]
|
57
47
|
end
|
58
48
|
|
59
49
|
# Returns an array of requirements. At least one requirement from the
|
@@ -159,10 +159,7 @@ module Dependabot
|
|
159
159
|
end
|
160
160
|
|
161
161
|
def wants_prerelease?
|
162
|
-
if dependency.version
|
163
|
-
version = version_class.new(dependency.version.tr("+", "."))
|
164
|
-
return version.prerelease?
|
165
|
-
end
|
162
|
+
return version_class.new(dependency.version).prerelease? if dependency.version
|
166
163
|
|
167
164
|
dependency.requirements.any? do |req|
|
168
165
|
reqs = (req.fetch(:requirement) || "").split(",").map(&:strip)
|
@@ -27,14 +27,11 @@ module Dependabot
|
|
27
27
|
sig { returns(T.nilable(T::Array[T.any(String, Integer)])) }
|
28
28
|
attr_reader :local
|
29
29
|
|
30
|
-
attr_reader :local_version
|
31
|
-
attr_reader :post_release_version
|
32
|
-
|
33
30
|
INFINITY = 1000
|
34
31
|
NEGATIVE_INFINITY = -INFINITY
|
35
32
|
|
36
33
|
# See https://peps.python.org/pep-0440/#appendix-b-parsing-version-strings-with-regular-expressions
|
37
|
-
|
34
|
+
VERSION_PATTERN = /
|
38
35
|
v?
|
39
36
|
(?:
|
40
37
|
(?:(?<epoch>[0-9]+)!)? # epoch
|
@@ -65,62 +62,37 @@ module Dependabot
|
|
65
62
|
(?:\+(?<local>[a-z0-9]+(?:[-_\.][a-z0-9]+)*))? # local version
|
66
63
|
/ix
|
67
64
|
|
68
|
-
VERSION_PATTERN = 'v?([1-9][0-9]*!)?[0-9]+[0-9a-zA-Z]*(?>\.[0-9a-zA-Z]+)*' \
|
69
|
-
'(-[0-9A-Za-z]+(\.[0-9a-zA-Z]+)*)?' \
|
70
|
-
'(\+[0-9a-zA-Z]+(\.[0-9a-zA-Z]+)*)?'
|
71
|
-
|
72
65
|
ANCHORED_VERSION_PATTERN = /\A\s*#{VERSION_PATTERN}\s*\z/
|
73
66
|
|
74
67
|
sig { override.params(version: VersionParameter).returns(T::Boolean) }
|
75
68
|
def self.correct?(version)
|
76
69
|
return false if version.nil?
|
77
70
|
|
78
|
-
|
79
|
-
version.to_s.match?(/\A\s*#{NEW_VERSION_PATTERN}\s*\z/o)
|
80
|
-
else
|
81
|
-
version.to_s.match?(ANCHORED_VERSION_PATTERN)
|
82
|
-
end
|
71
|
+
version.to_s.match?(ANCHORED_VERSION_PATTERN)
|
83
72
|
end
|
84
73
|
|
85
74
|
sig { override.params(version: VersionParameter).void }
|
86
|
-
def initialize(version)
|
75
|
+
def initialize(version)
|
87
76
|
raise Dependabot::BadRequirementError, "Malformed version string - string is nil" if version.nil?
|
88
77
|
|
89
78
|
@version_string = version.to_s
|
90
79
|
|
91
80
|
raise Dependabot::BadRequirementError, "Malformed version string - string is empty" if @version_string.empty?
|
92
81
|
|
93
|
-
matches =
|
82
|
+
matches = ANCHORED_VERSION_PATTERN.match(@version_string.downcase)
|
94
83
|
|
95
84
|
unless matches
|
96
85
|
raise Dependabot::BadRequirementError,
|
97
86
|
"Malformed version string - #{@version_string} does not match regex"
|
98
87
|
end
|
99
88
|
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
super(matches["release"] || "")
|
108
|
-
else
|
109
|
-
version, @local_version = @version_string.split("+")
|
110
|
-
version ||= ""
|
111
|
-
version = version.gsub(/^v/, "")
|
112
|
-
if version.include?("!")
|
113
|
-
epoch, version = version.split("!")
|
114
|
-
@epoch = epoch.to_i
|
115
|
-
else
|
116
|
-
@epoch = 0
|
117
|
-
end
|
118
|
-
version = normalise_prerelease(version)
|
119
|
-
version, @post_release_version = version.split(/\.r(?=\d)/)
|
120
|
-
version ||= ""
|
121
|
-
@local_version = normalise_prerelease(@local_version) if @local_version
|
122
|
-
super
|
123
|
-
end
|
89
|
+
@epoch = matches["epoch"].to_i
|
90
|
+
@release_segment = matches["release"]&.split(".")&.map(&:to_i) || []
|
91
|
+
@pre = parse_letter_version(matches["pre_l"], matches["pre_n"])
|
92
|
+
@post = parse_letter_version(matches["post_l"], matches["post_n1"] || matches["post_n2"])
|
93
|
+
@dev = parse_letter_version(matches["dev_l"], matches["dev_n"])
|
94
|
+
@local = parse_local_version(matches["local"])
|
95
|
+
super(matches["release"] || "")
|
124
96
|
end
|
125
97
|
|
126
98
|
sig { override.params(version: VersionParameter).returns(Dependabot::Python::Version) }
|
@@ -140,52 +112,35 @@ module Dependabot
|
|
140
112
|
|
141
113
|
sig { returns(T::Boolean) }
|
142
114
|
def prerelease?
|
143
|
-
return super unless Dependabot::Experiments.enabled?(:python_new_version)
|
144
|
-
|
145
115
|
!!(pre || dev)
|
146
116
|
end
|
147
117
|
|
148
|
-
sig { returns(
|
118
|
+
sig { returns(Dependabot::Python::Version) }
|
149
119
|
def release
|
150
|
-
return super unless Dependabot::Experiments.enabled?(:python_new_version)
|
151
|
-
|
152
120
|
Dependabot::Python::Version.new(release_segment.join("."))
|
153
121
|
end
|
154
122
|
|
155
123
|
sig { params(other: VersionParameter).returns(Integer) }
|
156
|
-
def <=>(other)
|
124
|
+
def <=>(other)
|
157
125
|
other = Dependabot::Python::Version.new(other.to_s) unless other.is_a?(Dependabot::Python::Version)
|
158
126
|
other = T.cast(other, Dependabot::Python::Version)
|
159
127
|
|
160
|
-
|
161
|
-
|
162
|
-
return epoch_comparison unless epoch_comparison.zero?
|
128
|
+
epoch_comparison = epoch <=> other.epoch
|
129
|
+
return epoch_comparison unless epoch_comparison.zero?
|
163
130
|
|
164
|
-
|
165
|
-
|
131
|
+
release_comparison = release_version_comparison(other)
|
132
|
+
return release_comparison unless release_comparison.zero?
|
166
133
|
|
167
|
-
|
168
|
-
|
134
|
+
pre_comparison = compare_keys(pre_cmp_key, other.pre_cmp_key)
|
135
|
+
return pre_comparison unless pre_comparison.zero?
|
169
136
|
|
170
|
-
|
171
|
-
|
137
|
+
post_comparison = compare_keys(post_cmp_key, other.post_cmp_key)
|
138
|
+
return post_comparison unless post_comparison.zero?
|
172
139
|
|
173
|
-
|
174
|
-
|
140
|
+
dev_comparison = compare_keys(dev_cmp_key, other.dev_cmp_key)
|
141
|
+
return dev_comparison unless dev_comparison.zero?
|
175
142
|
|
176
|
-
|
177
|
-
else
|
178
|
-
epoch_comparison = epoch_comparison(other)
|
179
|
-
return epoch_comparison unless epoch_comparison.zero?
|
180
|
-
|
181
|
-
version_comparison = super
|
182
|
-
return T.must(version_comparison) unless version_comparison&.zero?
|
183
|
-
|
184
|
-
post_version_comparison = post_version_comparison(other)
|
185
|
-
return post_version_comparison unless post_version_comparison.zero?
|
186
|
-
|
187
|
-
local_version_comparison(other)
|
188
|
-
end
|
143
|
+
compare_keys(local_cmp_key, other.local_cmp_key)
|
189
144
|
end
|
190
145
|
|
191
146
|
sig do
|
@@ -254,6 +209,11 @@ module Dependabot
|
|
254
209
|
T.must(dev)
|
255
210
|
end
|
256
211
|
|
212
|
+
sig { returns(String) }
|
213
|
+
def lowest_prerelease_suffix
|
214
|
+
"dev0"
|
215
|
+
end
|
216
|
+
|
257
217
|
private
|
258
218
|
|
259
219
|
sig { params(other: Dependabot::Python::Version).returns(Integer) }
|
@@ -321,65 +281,6 @@ module Dependabot
|
|
321
281
|
|
322
282
|
[letter, number.to_i]
|
323
283
|
end
|
324
|
-
|
325
|
-
sig { returns(Regexp) }
|
326
|
-
def anchored_version_pattern
|
327
|
-
if Dependabot::Experiments.enabled?(:python_new_version)
|
328
|
-
/\A\s*#{NEW_VERSION_PATTERN}\s*\z/o
|
329
|
-
else
|
330
|
-
ANCHORED_VERSION_PATTERN
|
331
|
-
end
|
332
|
-
end
|
333
|
-
|
334
|
-
def epoch_comparison(other)
|
335
|
-
epoch.to_i <=> other.epoch.to_i
|
336
|
-
end
|
337
|
-
|
338
|
-
def post_version_comparison(other)
|
339
|
-
unless other.post_release_version
|
340
|
-
return post_release_version.nil? ? 0 : 1
|
341
|
-
end
|
342
|
-
|
343
|
-
return -1 if post_release_version.nil?
|
344
|
-
|
345
|
-
post_release_version.to_i <=> other.post_release_version.to_i
|
346
|
-
end
|
347
|
-
|
348
|
-
def local_version_comparison(other)
|
349
|
-
# Local version comparison works differently in Python: `1.0.beta`
|
350
|
-
# compares as greater than `1.0`. To accommodate, we make the
|
351
|
-
# strings the same length before comparing.
|
352
|
-
lhsegments = local_version.to_s.split(".").map(&:downcase)
|
353
|
-
rhsegments = other.local_version.to_s.split(".").map(&:downcase)
|
354
|
-
limit = [lhsegments.count, rhsegments.count].min
|
355
|
-
|
356
|
-
lhs = ["1", *lhsegments.first(limit)].join(".")
|
357
|
-
rhs = ["1", *rhsegments.first(limit)].join(".")
|
358
|
-
|
359
|
-
local_comparison = Gem::Version.new(lhs) <=> Gem::Version.new(rhs)
|
360
|
-
|
361
|
-
return local_comparison unless local_comparison&.zero?
|
362
|
-
|
363
|
-
lhsegments.count <=> rhsegments.count
|
364
|
-
end
|
365
|
-
|
366
|
-
def normalise_prerelease(version)
|
367
|
-
# Python has reserved words for release states, which are treated
|
368
|
-
# as equal (e.g., preview, pre and rc).
|
369
|
-
# Further, Python treats dashes as a separator between version
|
370
|
-
# parts and treats the alphabetical characters in strings as the
|
371
|
-
# start of a new version part (so 1.1a2 == 1.1.alpha.2).
|
372
|
-
version
|
373
|
-
.gsub("alpha", "a")
|
374
|
-
.gsub("beta", "b")
|
375
|
-
.gsub("preview", "c")
|
376
|
-
.gsub("pre", "c")
|
377
|
-
.gsub("post", "r")
|
378
|
-
.gsub("rev", "r")
|
379
|
-
.gsub(/([\d.\-_])rc([\d.\-_])?/, '\1c\2')
|
380
|
-
.tr("-", ".")
|
381
|
-
.gsub(/(\d)([a-z])/i, '\1.\2')
|
382
|
-
end
|
383
284
|
end
|
384
285
|
end
|
385
286
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-python
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.282.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-10-
|
11
|
+
date: 2024-10-24 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.282.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.282.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -114,28 +114,28 @@ dependencies:
|
|
114
114
|
requirements:
|
115
115
|
- - "~>"
|
116
116
|
- !ruby/object:Gem::Version
|
117
|
-
version: 1.
|
117
|
+
version: 1.67.0
|
118
118
|
type: :development
|
119
119
|
prerelease: false
|
120
120
|
version_requirements: !ruby/object:Gem::Requirement
|
121
121
|
requirements:
|
122
122
|
- - "~>"
|
123
123
|
- !ruby/object:Gem::Version
|
124
|
-
version: 1.
|
124
|
+
version: 1.67.0
|
125
125
|
- !ruby/object:Gem::Dependency
|
126
126
|
name: rubocop-performance
|
127
127
|
requirement: !ruby/object:Gem::Requirement
|
128
128
|
requirements:
|
129
129
|
- - "~>"
|
130
130
|
- !ruby/object:Gem::Version
|
131
|
-
version: 1.
|
131
|
+
version: 1.22.1
|
132
132
|
type: :development
|
133
133
|
prerelease: false
|
134
134
|
version_requirements: !ruby/object:Gem::Requirement
|
135
135
|
requirements:
|
136
136
|
- - "~>"
|
137
137
|
- !ruby/object:Gem::Version
|
138
|
-
version: 1.
|
138
|
+
version: 1.22.1
|
139
139
|
- !ruby/object:Gem::Dependency
|
140
140
|
name: rubocop-rspec
|
141
141
|
requirement: !ruby/object:Gem::Requirement
|
@@ -288,7 +288,7 @@ licenses:
|
|
288
288
|
- MIT
|
289
289
|
metadata:
|
290
290
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
291
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
291
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.282.0
|
292
292
|
post_install_message:
|
293
293
|
rdoc_options: []
|
294
294
|
require_paths:
|