dependabot-python 0.281.0 → 0.282.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: cb78159e578c1979c167b0539aef17d508c9a07b17b257c05a7d177a3c543d56
|
|
4
|
+
data.tar.gz: 31e6e4a5c352927c54cca8ef0a9b69265737d1739e9d85622aab8fba4b9e5ac3
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4a15a3f16e2e68aa7c35d2fc3c011e88210a483cc13b7676e6412a035b8dac2abc831f395074185ca21e4bc020aa0cc775bb8d4b8efb3dda2be0332612bdf3f7
|
|
7
|
+
data.tar.gz: a241cbe9a4b2bab87b9daa50ad2e3ff357b2890f4ecb3f540a97350d44e7a24bd39dcfa660f9d2777d950834ab114ff54183255e35e8edfb22b1daeea92c74ae
|
|
@@ -24,7 +24,7 @@ module Dependabot
|
|
|
24
24
|
.map { |k| Regexp.quote(k) }.join("|")
|
|
25
25
|
version_pattern = Python::Version::VERSION_PATTERN
|
|
26
26
|
|
|
27
|
-
PATTERN_RAW = "\\s*(
|
|
27
|
+
PATTERN_RAW = "\\s*(?<op>#{quoted})?\\s*(?<version>#{version_pattern})\\s*".freeze
|
|
28
28
|
PATTERN = /\A#{PATTERN_RAW}\z/
|
|
29
29
|
PARENS_PATTERN = /\A\(([^)]+)\)\z/
|
|
30
30
|
|
|
@@ -36,24 +36,14 @@ module Dependabot
|
|
|
36
36
|
line = matches[1]
|
|
37
37
|
end
|
|
38
38
|
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
if Dependabot::Experiments.enabled?(:python_new_version)
|
|
42
|
-
quoted = OPS.keys.sort_by(&:length).reverse
|
|
43
|
-
.map { |k| Regexp.quote(k) }.join("|")
|
|
44
|
-
version_pattern = Python::Version::NEW_VERSION_PATTERN
|
|
45
|
-
pattern_raw = "\\s*(?<op>#{quoted})?\\s*(?<version>#{version_pattern})\\s*".freeze
|
|
46
|
-
pattern = /\A#{pattern_raw}\z/
|
|
47
|
-
end
|
|
48
|
-
|
|
49
|
-
unless (matches = pattern.match(line))
|
|
39
|
+
unless (matches = PATTERN.match(line))
|
|
50
40
|
msg = "Illformed requirement [#{obj.inspect}]"
|
|
51
41
|
raise BadRequirementError, msg
|
|
52
42
|
end
|
|
53
43
|
|
|
54
|
-
return DefaultRequirement if matches[
|
|
44
|
+
return DefaultRequirement if matches[:op] == ">=" && matches[:version] == "0"
|
|
55
45
|
|
|
56
|
-
[matches[
|
|
46
|
+
[matches[:op] || "=", Python::Version.new(T.must(matches[:version]))]
|
|
57
47
|
end
|
|
58
48
|
|
|
59
49
|
# Returns an array of requirements. At least one requirement from the
|
|
@@ -159,10 +159,7 @@ module Dependabot
|
|
|
159
159
|
end
|
|
160
160
|
|
|
161
161
|
def wants_prerelease?
|
|
162
|
-
if dependency.version
|
|
163
|
-
version = version_class.new(dependency.version.tr("+", "."))
|
|
164
|
-
return version.prerelease?
|
|
165
|
-
end
|
|
162
|
+
return version_class.new(dependency.version).prerelease? if dependency.version
|
|
166
163
|
|
|
167
164
|
dependency.requirements.any? do |req|
|
|
168
165
|
reqs = (req.fetch(:requirement) || "").split(",").map(&:strip)
|
|
@@ -27,14 +27,11 @@ module Dependabot
|
|
|
27
27
|
sig { returns(T.nilable(T::Array[T.any(String, Integer)])) }
|
|
28
28
|
attr_reader :local
|
|
29
29
|
|
|
30
|
-
attr_reader :local_version
|
|
31
|
-
attr_reader :post_release_version
|
|
32
|
-
|
|
33
30
|
INFINITY = 1000
|
|
34
31
|
NEGATIVE_INFINITY = -INFINITY
|
|
35
32
|
|
|
36
33
|
# See https://peps.python.org/pep-0440/#appendix-b-parsing-version-strings-with-regular-expressions
|
|
37
|
-
|
|
34
|
+
VERSION_PATTERN = /
|
|
38
35
|
v?
|
|
39
36
|
(?:
|
|
40
37
|
(?:(?<epoch>[0-9]+)!)? # epoch
|
|
@@ -65,62 +62,37 @@ module Dependabot
|
|
|
65
62
|
(?:\+(?<local>[a-z0-9]+(?:[-_\.][a-z0-9]+)*))? # local version
|
|
66
63
|
/ix
|
|
67
64
|
|
|
68
|
-
VERSION_PATTERN = 'v?([1-9][0-9]*!)?[0-9]+[0-9a-zA-Z]*(?>\.[0-9a-zA-Z]+)*' \
|
|
69
|
-
'(-[0-9A-Za-z]+(\.[0-9a-zA-Z]+)*)?' \
|
|
70
|
-
'(\+[0-9a-zA-Z]+(\.[0-9a-zA-Z]+)*)?'
|
|
71
|
-
|
|
72
65
|
ANCHORED_VERSION_PATTERN = /\A\s*#{VERSION_PATTERN}\s*\z/
|
|
73
66
|
|
|
74
67
|
sig { override.params(version: VersionParameter).returns(T::Boolean) }
|
|
75
68
|
def self.correct?(version)
|
|
76
69
|
return false if version.nil?
|
|
77
70
|
|
|
78
|
-
|
|
79
|
-
version.to_s.match?(/\A\s*#{NEW_VERSION_PATTERN}\s*\z/o)
|
|
80
|
-
else
|
|
81
|
-
version.to_s.match?(ANCHORED_VERSION_PATTERN)
|
|
82
|
-
end
|
|
71
|
+
version.to_s.match?(ANCHORED_VERSION_PATTERN)
|
|
83
72
|
end
|
|
84
73
|
|
|
85
74
|
sig { override.params(version: VersionParameter).void }
|
|
86
|
-
def initialize(version)
|
|
75
|
+
def initialize(version)
|
|
87
76
|
raise Dependabot::BadRequirementError, "Malformed version string - string is nil" if version.nil?
|
|
88
77
|
|
|
89
78
|
@version_string = version.to_s
|
|
90
79
|
|
|
91
80
|
raise Dependabot::BadRequirementError, "Malformed version string - string is empty" if @version_string.empty?
|
|
92
81
|
|
|
93
|
-
matches =
|
|
82
|
+
matches = ANCHORED_VERSION_PATTERN.match(@version_string.downcase)
|
|
94
83
|
|
|
95
84
|
unless matches
|
|
96
85
|
raise Dependabot::BadRequirementError,
|
|
97
86
|
"Malformed version string - #{@version_string} does not match regex"
|
|
98
87
|
end
|
|
99
88
|
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
super(matches["release"] || "")
|
|
108
|
-
else
|
|
109
|
-
version, @local_version = @version_string.split("+")
|
|
110
|
-
version ||= ""
|
|
111
|
-
version = version.gsub(/^v/, "")
|
|
112
|
-
if version.include?("!")
|
|
113
|
-
epoch, version = version.split("!")
|
|
114
|
-
@epoch = epoch.to_i
|
|
115
|
-
else
|
|
116
|
-
@epoch = 0
|
|
117
|
-
end
|
|
118
|
-
version = normalise_prerelease(version)
|
|
119
|
-
version, @post_release_version = version.split(/\.r(?=\d)/)
|
|
120
|
-
version ||= ""
|
|
121
|
-
@local_version = normalise_prerelease(@local_version) if @local_version
|
|
122
|
-
super
|
|
123
|
-
end
|
|
89
|
+
@epoch = matches["epoch"].to_i
|
|
90
|
+
@release_segment = matches["release"]&.split(".")&.map(&:to_i) || []
|
|
91
|
+
@pre = parse_letter_version(matches["pre_l"], matches["pre_n"])
|
|
92
|
+
@post = parse_letter_version(matches["post_l"], matches["post_n1"] || matches["post_n2"])
|
|
93
|
+
@dev = parse_letter_version(matches["dev_l"], matches["dev_n"])
|
|
94
|
+
@local = parse_local_version(matches["local"])
|
|
95
|
+
super(matches["release"] || "")
|
|
124
96
|
end
|
|
125
97
|
|
|
126
98
|
sig { override.params(version: VersionParameter).returns(Dependabot::Python::Version) }
|
|
@@ -140,52 +112,35 @@ module Dependabot
|
|
|
140
112
|
|
|
141
113
|
sig { returns(T::Boolean) }
|
|
142
114
|
def prerelease?
|
|
143
|
-
return super unless Dependabot::Experiments.enabled?(:python_new_version)
|
|
144
|
-
|
|
145
115
|
!!(pre || dev)
|
|
146
116
|
end
|
|
147
117
|
|
|
148
|
-
sig { returns(
|
|
118
|
+
sig { returns(Dependabot::Python::Version) }
|
|
149
119
|
def release
|
|
150
|
-
return super unless Dependabot::Experiments.enabled?(:python_new_version)
|
|
151
|
-
|
|
152
120
|
Dependabot::Python::Version.new(release_segment.join("."))
|
|
153
121
|
end
|
|
154
122
|
|
|
155
123
|
sig { params(other: VersionParameter).returns(Integer) }
|
|
156
|
-
def <=>(other)
|
|
124
|
+
def <=>(other)
|
|
157
125
|
other = Dependabot::Python::Version.new(other.to_s) unless other.is_a?(Dependabot::Python::Version)
|
|
158
126
|
other = T.cast(other, Dependabot::Python::Version)
|
|
159
127
|
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
return epoch_comparison unless epoch_comparison.zero?
|
|
128
|
+
epoch_comparison = epoch <=> other.epoch
|
|
129
|
+
return epoch_comparison unless epoch_comparison.zero?
|
|
163
130
|
|
|
164
|
-
|
|
165
|
-
|
|
131
|
+
release_comparison = release_version_comparison(other)
|
|
132
|
+
return release_comparison unless release_comparison.zero?
|
|
166
133
|
|
|
167
|
-
|
|
168
|
-
|
|
134
|
+
pre_comparison = compare_keys(pre_cmp_key, other.pre_cmp_key)
|
|
135
|
+
return pre_comparison unless pre_comparison.zero?
|
|
169
136
|
|
|
170
|
-
|
|
171
|
-
|
|
137
|
+
post_comparison = compare_keys(post_cmp_key, other.post_cmp_key)
|
|
138
|
+
return post_comparison unless post_comparison.zero?
|
|
172
139
|
|
|
173
|
-
|
|
174
|
-
|
|
140
|
+
dev_comparison = compare_keys(dev_cmp_key, other.dev_cmp_key)
|
|
141
|
+
return dev_comparison unless dev_comparison.zero?
|
|
175
142
|
|
|
176
|
-
|
|
177
|
-
else
|
|
178
|
-
epoch_comparison = epoch_comparison(other)
|
|
179
|
-
return epoch_comparison unless epoch_comparison.zero?
|
|
180
|
-
|
|
181
|
-
version_comparison = super
|
|
182
|
-
return T.must(version_comparison) unless version_comparison&.zero?
|
|
183
|
-
|
|
184
|
-
post_version_comparison = post_version_comparison(other)
|
|
185
|
-
return post_version_comparison unless post_version_comparison.zero?
|
|
186
|
-
|
|
187
|
-
local_version_comparison(other)
|
|
188
|
-
end
|
|
143
|
+
compare_keys(local_cmp_key, other.local_cmp_key)
|
|
189
144
|
end
|
|
190
145
|
|
|
191
146
|
sig do
|
|
@@ -254,6 +209,11 @@ module Dependabot
|
|
|
254
209
|
T.must(dev)
|
|
255
210
|
end
|
|
256
211
|
|
|
212
|
+
sig { returns(String) }
|
|
213
|
+
def lowest_prerelease_suffix
|
|
214
|
+
"dev0"
|
|
215
|
+
end
|
|
216
|
+
|
|
257
217
|
private
|
|
258
218
|
|
|
259
219
|
sig { params(other: Dependabot::Python::Version).returns(Integer) }
|
|
@@ -321,65 +281,6 @@ module Dependabot
|
|
|
321
281
|
|
|
322
282
|
[letter, number.to_i]
|
|
323
283
|
end
|
|
324
|
-
|
|
325
|
-
sig { returns(Regexp) }
|
|
326
|
-
def anchored_version_pattern
|
|
327
|
-
if Dependabot::Experiments.enabled?(:python_new_version)
|
|
328
|
-
/\A\s*#{NEW_VERSION_PATTERN}\s*\z/o
|
|
329
|
-
else
|
|
330
|
-
ANCHORED_VERSION_PATTERN
|
|
331
|
-
end
|
|
332
|
-
end
|
|
333
|
-
|
|
334
|
-
def epoch_comparison(other)
|
|
335
|
-
epoch.to_i <=> other.epoch.to_i
|
|
336
|
-
end
|
|
337
|
-
|
|
338
|
-
def post_version_comparison(other)
|
|
339
|
-
unless other.post_release_version
|
|
340
|
-
return post_release_version.nil? ? 0 : 1
|
|
341
|
-
end
|
|
342
|
-
|
|
343
|
-
return -1 if post_release_version.nil?
|
|
344
|
-
|
|
345
|
-
post_release_version.to_i <=> other.post_release_version.to_i
|
|
346
|
-
end
|
|
347
|
-
|
|
348
|
-
def local_version_comparison(other)
|
|
349
|
-
# Local version comparison works differently in Python: `1.0.beta`
|
|
350
|
-
# compares as greater than `1.0`. To accommodate, we make the
|
|
351
|
-
# strings the same length before comparing.
|
|
352
|
-
lhsegments = local_version.to_s.split(".").map(&:downcase)
|
|
353
|
-
rhsegments = other.local_version.to_s.split(".").map(&:downcase)
|
|
354
|
-
limit = [lhsegments.count, rhsegments.count].min
|
|
355
|
-
|
|
356
|
-
lhs = ["1", *lhsegments.first(limit)].join(".")
|
|
357
|
-
rhs = ["1", *rhsegments.first(limit)].join(".")
|
|
358
|
-
|
|
359
|
-
local_comparison = Gem::Version.new(lhs) <=> Gem::Version.new(rhs)
|
|
360
|
-
|
|
361
|
-
return local_comparison unless local_comparison&.zero?
|
|
362
|
-
|
|
363
|
-
lhsegments.count <=> rhsegments.count
|
|
364
|
-
end
|
|
365
|
-
|
|
366
|
-
def normalise_prerelease(version)
|
|
367
|
-
# Python has reserved words for release states, which are treated
|
|
368
|
-
# as equal (e.g., preview, pre and rc).
|
|
369
|
-
# Further, Python treats dashes as a separator between version
|
|
370
|
-
# parts and treats the alphabetical characters in strings as the
|
|
371
|
-
# start of a new version part (so 1.1a2 == 1.1.alpha.2).
|
|
372
|
-
version
|
|
373
|
-
.gsub("alpha", "a")
|
|
374
|
-
.gsub("beta", "b")
|
|
375
|
-
.gsub("preview", "c")
|
|
376
|
-
.gsub("pre", "c")
|
|
377
|
-
.gsub("post", "r")
|
|
378
|
-
.gsub("rev", "r")
|
|
379
|
-
.gsub(/([\d.\-_])rc([\d.\-_])?/, '\1c\2')
|
|
380
|
-
.tr("-", ".")
|
|
381
|
-
.gsub(/(\d)([a-z])/i, '\1.\2')
|
|
382
|
-
end
|
|
383
284
|
end
|
|
384
285
|
end
|
|
385
286
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-python
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.282.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-10-
|
|
11
|
+
date: 2024-10-24 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.282.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.282.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -114,28 +114,28 @@ dependencies:
|
|
|
114
114
|
requirements:
|
|
115
115
|
- - "~>"
|
|
116
116
|
- !ruby/object:Gem::Version
|
|
117
|
-
version: 1.
|
|
117
|
+
version: 1.67.0
|
|
118
118
|
type: :development
|
|
119
119
|
prerelease: false
|
|
120
120
|
version_requirements: !ruby/object:Gem::Requirement
|
|
121
121
|
requirements:
|
|
122
122
|
- - "~>"
|
|
123
123
|
- !ruby/object:Gem::Version
|
|
124
|
-
version: 1.
|
|
124
|
+
version: 1.67.0
|
|
125
125
|
- !ruby/object:Gem::Dependency
|
|
126
126
|
name: rubocop-performance
|
|
127
127
|
requirement: !ruby/object:Gem::Requirement
|
|
128
128
|
requirements:
|
|
129
129
|
- - "~>"
|
|
130
130
|
- !ruby/object:Gem::Version
|
|
131
|
-
version: 1.
|
|
131
|
+
version: 1.22.1
|
|
132
132
|
type: :development
|
|
133
133
|
prerelease: false
|
|
134
134
|
version_requirements: !ruby/object:Gem::Requirement
|
|
135
135
|
requirements:
|
|
136
136
|
- - "~>"
|
|
137
137
|
- !ruby/object:Gem::Version
|
|
138
|
-
version: 1.
|
|
138
|
+
version: 1.22.1
|
|
139
139
|
- !ruby/object:Gem::Dependency
|
|
140
140
|
name: rubocop-rspec
|
|
141
141
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -288,7 +288,7 @@ licenses:
|
|
|
288
288
|
- MIT
|
|
289
289
|
metadata:
|
|
290
290
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
291
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
291
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.282.0
|
|
292
292
|
post_install_message:
|
|
293
293
|
rdoc_options: []
|
|
294
294
|
require_paths:
|