dependabot-python 0.290.0 → 0.292.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6d7f37210857d6bb7086f24555720ffd7d3fb25daf8f8260f565e25d392db7d4
4
- data.tar.gz: a1d34e9de543d0267a362d758ce80069cf5c9e99407e33a01b1a29b685de59f2
3
+ metadata.gz: 10f8d7444174c21b94daa610e812d6385ed7f5f9362eedc5266cfd8cc2f88fa9
4
+ data.tar.gz: 668ab2dd7a6c7442427db7b69f7335746efc40cb7d236babd6d5955c6a5b0c91
5
5
  SHA512:
6
- metadata.gz: 0f1383aae7f0985d561d8787e09d7e2454e668e75a584620f93ecf8b006326404192fe031fd57c9986cd6bfd1dffa0160ea8b3ddfe3f02bf67bbb380a58e5f70
7
- data.tar.gz: 85c347ffc787224d1855dce66a64f4506546ed60c8a7700013bd605b9f68db15a4866655c3b790600b40af681c9d488a2d9e66862ec774edaa1fd14a1fadd4e1
6
+ metadata.gz: 0a09d7f8450b58a90062c21c25898d7f7768a8da79965ac20b4074fdaee39cb503096580cff83e367936dfac847790eb4c02901e1765f3233ae2e42d30468ae8
7
+ data.tar.gz: 92306e8facd79714d19c4d23fff9b786a1f3ab2ebca6c96478b29316266a904d3e614e34c92797a9ee9f3561c03b525c6567d4f4ffbacbb38c0e3ac6ee580873
@@ -1,10 +1,12 @@
1
1
  pip==24.0
2
2
  pip-tools==7.4.1
3
3
  flake8==7.1.0
4
- hashin==1.0.1
4
+ # TODO: Drop the conditions and use the latest version once we drop support for Python 3.8.
5
+ hashin==1.0.2; python_version < '3.9'
6
+ hashin==1.0.3; python_version >= '3.9'
5
7
  pipenv==2024.0.2
6
8
  plette==2.1.0
7
- poetry==1.8.3
9
+ poetry==1.8.5
8
10
  # TODO: Replace 3p package `toml` with 3.11's new stdlib `tomllib` once we drop support for Python 3.10.
9
11
  toml==0.10.2
10
12
 
@@ -21,6 +21,7 @@ module Dependabot
21
21
  require_relative "file_parser/pipfile_files_parser"
22
22
  require_relative "file_parser/pyproject_files_parser"
23
23
  require_relative "file_parser/setup_file_parser"
24
+ require_relative "file_parser/python_requirement_parser"
24
25
 
25
26
  DEPENDENCY_GROUP_KEYS = [
26
27
  {
@@ -217,9 +218,17 @@ module Dependabot
217
218
  language_version_manager.python_version
218
219
  end
219
220
 
221
+ sig { returns(String) }
222
+ def python_command_version
223
+ language_version_manager.installed_version
224
+ end
225
+
220
226
  sig { returns(T.nilable(Ecosystem::VersionManager)) }
221
227
  def language
222
- Language.new(python_raw_version)
228
+ Language.new(
229
+ detected_version: python_raw_version,
230
+ raw_version: python_command_version
231
+ )
223
232
  end
224
233
 
225
234
  def requirement_files
@@ -293,10 +302,58 @@ module Dependabot
293
302
 
294
303
  def blocking_marker?(dep)
295
304
  return false if dep["markers"] == "None"
296
- return true if dep["markers"].include?("<")
297
- return false if dep["markers"].include?(">")
298
305
 
299
- dep["requirement"]&.include?("<")
306
+ marker = dep["markers"]
307
+ version = python_raw_version
308
+
309
+ if marker.include?("python_version")
310
+ !marker_satisfied?(marker, version)
311
+ else
312
+ return true if dep["markers"].include?("<")
313
+ return false if dep["markers"].include?(">")
314
+
315
+ dep["requirement"]&.include?("<")
316
+ end
317
+ end
318
+
319
+ def marker_satisfied?(marker, python_version)
320
+ conditions = marker.split(/\s+(and|or)\s+/)
321
+
322
+ # Explicitly define the type of result as T::Boolean
323
+ result = T.let(evaluate_condition(conditions.shift, python_version), T::Boolean)
324
+
325
+ until conditions.empty?
326
+ operator = conditions.shift
327
+ next_condition = conditions.shift
328
+ next_result = evaluate_condition(next_condition, python_version)
329
+
330
+ result = if operator == "and"
331
+ result && next_result
332
+ else
333
+ result || next_result
334
+ end
335
+ end
336
+
337
+ result
338
+ end
339
+
340
+ def evaluate_condition(condition, python_version)
341
+ operator, version = condition.match(/([<>=!]=?)\s*"?([\d.]+)"?/).captures
342
+
343
+ case operator
344
+ when "<"
345
+ Dependabot::Python::Version.new(python_version) < Dependabot::Python::Version.new(version)
346
+ when "<="
347
+ Dependabot::Python::Version.new(python_version) <= Dependabot::Python::Version.new(version)
348
+ when ">"
349
+ Dependabot::Python::Version.new(python_version) > Dependabot::Python::Version.new(version)
350
+ when ">="
351
+ Dependabot::Python::Version.new(python_version) >= Dependabot::Python::Version.new(version)
352
+ when "=="
353
+ Dependabot::Python::Version.new(python_version) == Dependabot::Python::Version.new(version)
354
+ else
355
+ false
356
+ end
300
357
  end
301
358
 
302
359
  def setup_file_dependencies
@@ -337,7 +394,7 @@ module Dependabot
337
394
  end
338
395
 
339
396
  def pipcompile_in_file
340
- requirement_files.any? { |f| f.end_with?(".in") }
397
+ requirement_files.any? { |f| f.name.end_with?(PipCompilePackageManager::MANIFEST_FILENAME) }
341
398
  end
342
399
 
343
400
  def pipenv_files
@@ -11,10 +11,67 @@ module Dependabot
11
11
 
12
12
  class Language < Dependabot::Ecosystem::VersionManager
13
13
  extend T::Sig
14
+ # These versions should match the versions specified at the top of `python/Dockerfile`
15
+ PYTHON_3_13 = "3.13"
16
+ PYTHON_3_12 = "3.12"
17
+ PYTHON_3_11 = "3.11"
18
+ PYTHON_3_10 = "3.10"
19
+ PYTHON_3_9 = "3.9"
20
+ PYTHON_3_8 = "3.8"
14
21
 
15
- sig { params(raw_version: String, requirement: T.nilable(Requirement)).void }
16
- def initialize(raw_version, requirement = nil)
17
- super(LANGUAGE, Version.new(raw_version), [], [], requirement)
22
+ DEPRECATED_VERSIONS = T.let([Version.new(PYTHON_3_8)].freeze, T::Array[Dependabot::Version])
23
+
24
+ # Keep versions in ascending order
25
+ SUPPORTED_VERSIONS = T.let([
26
+ Version.new(PYTHON_3_9),
27
+ Version.new(PYTHON_3_10),
28
+ Version.new(PYTHON_3_11),
29
+ Version.new(PYTHON_3_12),
30
+ Version.new(PYTHON_3_13)
31
+ ].freeze, T::Array[Dependabot::Version])
32
+
33
+ sig do
34
+ params(
35
+ detected_version: String,
36
+ raw_version: T.nilable(String),
37
+ requirement: T.nilable(Requirement)
38
+ ).void
39
+ end
40
+ def initialize(detected_version:, raw_version: nil, requirement: nil)
41
+ super(
42
+ name: LANGUAGE,
43
+ detected_version: major_minor_version(detected_version),
44
+ version: raw_version ? Version.new(raw_version) : nil,
45
+ deprecated_versions: DEPRECATED_VERSIONS,
46
+ supported_versions: SUPPORTED_VERSIONS,
47
+ requirement: requirement,
48
+ )
49
+ end
50
+
51
+ sig { override.returns(T::Boolean) }
52
+ def deprecated?
53
+ return false unless detected_version
54
+ return false if unsupported?
55
+ return false unless Dependabot::Experiments.enabled?(:python_3_8_deprecation_warning)
56
+
57
+ deprecated_versions.include?(detected_version)
58
+ end
59
+
60
+ sig { override.returns(T::Boolean) }
61
+ def unsupported?
62
+ return false unless detected_version
63
+ return false unless Dependabot::Experiments.enabled?(:python_3_8_unsupported_error)
64
+
65
+ supported_versions.all? { |supported| supported > detected_version }
66
+ end
67
+
68
+ private
69
+
70
+ sig { params(version: String).returns(Dependabot::Python::Version) }
71
+ def major_minor_version(version)
72
+ major_minor = T.let(T.must(Version.new(version).segments[0..1]&.join(".")), String)
73
+
74
+ Version.new(major_minor)
18
75
  end
19
76
  end
20
77
  end
@@ -9,7 +9,8 @@ module Dependabot
9
9
  class LanguageVersionManager
10
10
  # This list must match the versions specified at the top of `python/Dockerfile`
11
11
  PRE_INSTALLED_PYTHON_VERSIONS = %w(
12
- 3.12.5
12
+ 3.13.1
13
+ 3.12.7
13
14
  3.11.9
14
15
  3.10.15
15
16
  3.9.18
@@ -29,6 +30,14 @@ module Dependabot
29
30
  )
30
31
  end
31
32
 
33
+ def installed_version
34
+ # Use `pyenv exec` to query the active Python version
35
+ output, _status = SharedHelpers.run_shell_command("pyenv exec python --version")
36
+ version = output.strip.split.last # Extract the version number (e.g., "3.13.1")
37
+
38
+ version
39
+ end
40
+
32
41
  def python_major_minor
33
42
  @python_major_minor ||= T.must(Python::Version.new(python_version).segments[0..1]).join(".")
34
43
  end
@@ -31,11 +31,11 @@ module Dependabot
31
31
  end
32
32
  def initialize(raw_version, requirement = nil)
33
33
  super(
34
- NAME,
35
- Version.new(raw_version),
36
- SUPPORTED_VERSIONS,
37
- DEPRECATED_VERSIONS,
38
- requirement,
34
+ name: NAME,
35
+ version: Version.new(raw_version),
36
+ deprecated_versions: DEPRECATED_VERSIONS,
37
+ supported_versions: SUPPORTED_VERSIONS,
38
+ requirement: requirement,
39
39
  )
40
40
  end
41
41
 
@@ -69,11 +69,11 @@ module Dependabot
69
69
  end
70
70
  def initialize(raw_version, requirement = nil)
71
71
  super(
72
- NAME,
73
- Version.new(raw_version),
74
- SUPPORTED_VERSIONS,
75
- DEPRECATED_VERSIONS,
76
- requirement,
72
+ name: NAME,
73
+ version: Version.new(raw_version),
74
+ deprecated_versions: DEPRECATED_VERSIONS,
75
+ supported_versions: SUPPORTED_VERSIONS,
76
+ requirement: requirement,
77
77
  )
78
78
  end
79
79
 
@@ -92,6 +92,7 @@ module Dependabot
92
92
  extend T::Sig
93
93
 
94
94
  NAME = "pip-compile"
95
+ MANIFEST_FILENAME = ".in"
95
96
 
96
97
  SUPPORTED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
97
98
 
@@ -105,11 +106,11 @@ module Dependabot
105
106
  end
106
107
  def initialize(raw_version, requirement = nil)
107
108
  super(
108
- NAME,
109
- Version.new(raw_version),
110
- SUPPORTED_VERSIONS,
111
- DEPRECATED_VERSIONS,
112
- requirement,
109
+ name: NAME,
110
+ version: Version.new(raw_version),
111
+ deprecated_versions: DEPRECATED_VERSIONS,
112
+ supported_versions: SUPPORTED_VERSIONS,
113
+ requirement: requirement,
113
114
  )
114
115
  end
115
116
 
@@ -144,11 +145,11 @@ module Dependabot
144
145
  end
145
146
  def initialize(raw_version, requirement = nil)
146
147
  super(
147
- NAME,
148
- Version.new(raw_version),
149
- SUPPORTED_VERSIONS,
150
- DEPRECATED_VERSIONS,
151
- requirement,
148
+ name: NAME,
149
+ version: Version.new(raw_version),
150
+ deprecated_versions: DEPRECATED_VERSIONS,
151
+ supported_versions: SUPPORTED_VERSIONS,
152
+ requirement: requirement,
152
153
  )
153
154
  end
154
155
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.290.0
4
+ version: 0.292.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-12-12 00:00:00.000000000 Z
11
+ date: 2025-01-09 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.290.0
19
+ version: 0.292.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.290.0
26
+ version: 0.292.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -290,7 +290,7 @@ licenses:
290
290
  - MIT
291
291
  metadata:
292
292
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
293
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.290.0
293
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.292.0
294
294
  post_install_message:
295
295
  rdoc_options: []
296
296
  require_paths:
@@ -306,7 +306,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
306
306
  - !ruby/object:Gem::Version
307
307
  version: 3.1.0
308
308
  requirements: []
309
- rubygems_version: 3.5.9
309
+ rubygems_version: 3.5.22
310
310
  signing_key:
311
311
  specification_version: 4
312
312
  summary: Provides Dependabot support for Python