dependabot-python 0.291.0 → 0.292.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 10f8d7444174c21b94daa610e812d6385ed7f5f9362eedc5266cfd8cc2f88fa9
|
|
4
|
+
data.tar.gz: 668ab2dd7a6c7442427db7b69f7335746efc40cb7d236babd6d5955c6a5b0c91
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 0a09d7f8450b58a90062c21c25898d7f7768a8da79965ac20b4074fdaee39cb503096580cff83e367936dfac847790eb4c02901e1765f3233ae2e42d30468ae8
|
|
7
|
+
data.tar.gz: 92306e8facd79714d19c4d23fff9b786a1f3ab2ebca6c96478b29316266a904d3e614e34c92797a9ee9f3561c03b525c6567d4f4ffbacbb38c0e3ac6ee580873
|
|
@@ -21,6 +21,7 @@ module Dependabot
|
|
|
21
21
|
require_relative "file_parser/pipfile_files_parser"
|
|
22
22
|
require_relative "file_parser/pyproject_files_parser"
|
|
23
23
|
require_relative "file_parser/setup_file_parser"
|
|
24
|
+
require_relative "file_parser/python_requirement_parser"
|
|
24
25
|
|
|
25
26
|
DEPENDENCY_GROUP_KEYS = [
|
|
26
27
|
{
|
|
@@ -217,9 +218,17 @@ module Dependabot
|
|
|
217
218
|
language_version_manager.python_version
|
|
218
219
|
end
|
|
219
220
|
|
|
221
|
+
sig { returns(String) }
|
|
222
|
+
def python_command_version
|
|
223
|
+
language_version_manager.installed_version
|
|
224
|
+
end
|
|
225
|
+
|
|
220
226
|
sig { returns(T.nilable(Ecosystem::VersionManager)) }
|
|
221
227
|
def language
|
|
222
|
-
Language.new(
|
|
228
|
+
Language.new(
|
|
229
|
+
detected_version: python_raw_version,
|
|
230
|
+
raw_version: python_command_version
|
|
231
|
+
)
|
|
223
232
|
end
|
|
224
233
|
|
|
225
234
|
def requirement_files
|
|
@@ -293,10 +302,58 @@ module Dependabot
|
|
|
293
302
|
|
|
294
303
|
def blocking_marker?(dep)
|
|
295
304
|
return false if dep["markers"] == "None"
|
|
296
|
-
return true if dep["markers"].include?("<")
|
|
297
|
-
return false if dep["markers"].include?(">")
|
|
298
305
|
|
|
299
|
-
dep["
|
|
306
|
+
marker = dep["markers"]
|
|
307
|
+
version = python_raw_version
|
|
308
|
+
|
|
309
|
+
if marker.include?("python_version")
|
|
310
|
+
!marker_satisfied?(marker, version)
|
|
311
|
+
else
|
|
312
|
+
return true if dep["markers"].include?("<")
|
|
313
|
+
return false if dep["markers"].include?(">")
|
|
314
|
+
|
|
315
|
+
dep["requirement"]&.include?("<")
|
|
316
|
+
end
|
|
317
|
+
end
|
|
318
|
+
|
|
319
|
+
def marker_satisfied?(marker, python_version)
|
|
320
|
+
conditions = marker.split(/\s+(and|or)\s+/)
|
|
321
|
+
|
|
322
|
+
# Explicitly define the type of result as T::Boolean
|
|
323
|
+
result = T.let(evaluate_condition(conditions.shift, python_version), T::Boolean)
|
|
324
|
+
|
|
325
|
+
until conditions.empty?
|
|
326
|
+
operator = conditions.shift
|
|
327
|
+
next_condition = conditions.shift
|
|
328
|
+
next_result = evaluate_condition(next_condition, python_version)
|
|
329
|
+
|
|
330
|
+
result = if operator == "and"
|
|
331
|
+
result && next_result
|
|
332
|
+
else
|
|
333
|
+
result || next_result
|
|
334
|
+
end
|
|
335
|
+
end
|
|
336
|
+
|
|
337
|
+
result
|
|
338
|
+
end
|
|
339
|
+
|
|
340
|
+
def evaluate_condition(condition, python_version)
|
|
341
|
+
operator, version = condition.match(/([<>=!]=?)\s*"?([\d.]+)"?/).captures
|
|
342
|
+
|
|
343
|
+
case operator
|
|
344
|
+
when "<"
|
|
345
|
+
Dependabot::Python::Version.new(python_version) < Dependabot::Python::Version.new(version)
|
|
346
|
+
when "<="
|
|
347
|
+
Dependabot::Python::Version.new(python_version) <= Dependabot::Python::Version.new(version)
|
|
348
|
+
when ">"
|
|
349
|
+
Dependabot::Python::Version.new(python_version) > Dependabot::Python::Version.new(version)
|
|
350
|
+
when ">="
|
|
351
|
+
Dependabot::Python::Version.new(python_version) >= Dependabot::Python::Version.new(version)
|
|
352
|
+
when "=="
|
|
353
|
+
Dependabot::Python::Version.new(python_version) == Dependabot::Python::Version.new(version)
|
|
354
|
+
else
|
|
355
|
+
false
|
|
356
|
+
end
|
|
300
357
|
end
|
|
301
358
|
|
|
302
359
|
def setup_file_dependencies
|
|
@@ -337,7 +394,7 @@ module Dependabot
|
|
|
337
394
|
end
|
|
338
395
|
|
|
339
396
|
def pipcompile_in_file
|
|
340
|
-
requirement_files.any? { |f| f.end_with?(
|
|
397
|
+
requirement_files.any? { |f| f.name.end_with?(PipCompilePackageManager::MANIFEST_FILENAME) }
|
|
341
398
|
end
|
|
342
399
|
|
|
343
400
|
def pipenv_files
|
|
@@ -11,10 +11,67 @@ module Dependabot
|
|
|
11
11
|
|
|
12
12
|
class Language < Dependabot::Ecosystem::VersionManager
|
|
13
13
|
extend T::Sig
|
|
14
|
+
# These versions should match the versions specified at the top of `python/Dockerfile`
|
|
15
|
+
PYTHON_3_13 = "3.13"
|
|
16
|
+
PYTHON_3_12 = "3.12"
|
|
17
|
+
PYTHON_3_11 = "3.11"
|
|
18
|
+
PYTHON_3_10 = "3.10"
|
|
19
|
+
PYTHON_3_9 = "3.9"
|
|
20
|
+
PYTHON_3_8 = "3.8"
|
|
14
21
|
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
22
|
+
DEPRECATED_VERSIONS = T.let([Version.new(PYTHON_3_8)].freeze, T::Array[Dependabot::Version])
|
|
23
|
+
|
|
24
|
+
# Keep versions in ascending order
|
|
25
|
+
SUPPORTED_VERSIONS = T.let([
|
|
26
|
+
Version.new(PYTHON_3_9),
|
|
27
|
+
Version.new(PYTHON_3_10),
|
|
28
|
+
Version.new(PYTHON_3_11),
|
|
29
|
+
Version.new(PYTHON_3_12),
|
|
30
|
+
Version.new(PYTHON_3_13)
|
|
31
|
+
].freeze, T::Array[Dependabot::Version])
|
|
32
|
+
|
|
33
|
+
sig do
|
|
34
|
+
params(
|
|
35
|
+
detected_version: String,
|
|
36
|
+
raw_version: T.nilable(String),
|
|
37
|
+
requirement: T.nilable(Requirement)
|
|
38
|
+
).void
|
|
39
|
+
end
|
|
40
|
+
def initialize(detected_version:, raw_version: nil, requirement: nil)
|
|
41
|
+
super(
|
|
42
|
+
name: LANGUAGE,
|
|
43
|
+
detected_version: major_minor_version(detected_version),
|
|
44
|
+
version: raw_version ? Version.new(raw_version) : nil,
|
|
45
|
+
deprecated_versions: DEPRECATED_VERSIONS,
|
|
46
|
+
supported_versions: SUPPORTED_VERSIONS,
|
|
47
|
+
requirement: requirement,
|
|
48
|
+
)
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
sig { override.returns(T::Boolean) }
|
|
52
|
+
def deprecated?
|
|
53
|
+
return false unless detected_version
|
|
54
|
+
return false if unsupported?
|
|
55
|
+
return false unless Dependabot::Experiments.enabled?(:python_3_8_deprecation_warning)
|
|
56
|
+
|
|
57
|
+
deprecated_versions.include?(detected_version)
|
|
58
|
+
end
|
|
59
|
+
|
|
60
|
+
sig { override.returns(T::Boolean) }
|
|
61
|
+
def unsupported?
|
|
62
|
+
return false unless detected_version
|
|
63
|
+
return false unless Dependabot::Experiments.enabled?(:python_3_8_unsupported_error)
|
|
64
|
+
|
|
65
|
+
supported_versions.all? { |supported| supported > detected_version }
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
private
|
|
69
|
+
|
|
70
|
+
sig { params(version: String).returns(Dependabot::Python::Version) }
|
|
71
|
+
def major_minor_version(version)
|
|
72
|
+
major_minor = T.let(T.must(Version.new(version).segments[0..1]&.join(".")), String)
|
|
73
|
+
|
|
74
|
+
Version.new(major_minor)
|
|
18
75
|
end
|
|
19
76
|
end
|
|
20
77
|
end
|
|
@@ -9,6 +9,7 @@ module Dependabot
|
|
|
9
9
|
class LanguageVersionManager
|
|
10
10
|
# This list must match the versions specified at the top of `python/Dockerfile`
|
|
11
11
|
PRE_INSTALLED_PYTHON_VERSIONS = %w(
|
|
12
|
+
3.13.1
|
|
12
13
|
3.12.7
|
|
13
14
|
3.11.9
|
|
14
15
|
3.10.15
|
|
@@ -29,6 +30,14 @@ module Dependabot
|
|
|
29
30
|
)
|
|
30
31
|
end
|
|
31
32
|
|
|
33
|
+
def installed_version
|
|
34
|
+
# Use `pyenv exec` to query the active Python version
|
|
35
|
+
output, _status = SharedHelpers.run_shell_command("pyenv exec python --version")
|
|
36
|
+
version = output.strip.split.last # Extract the version number (e.g., "3.13.1")
|
|
37
|
+
|
|
38
|
+
version
|
|
39
|
+
end
|
|
40
|
+
|
|
32
41
|
def python_major_minor
|
|
33
42
|
@python_major_minor ||= T.must(Python::Version.new(python_version).segments[0..1]).join(".")
|
|
34
43
|
end
|
|
@@ -31,11 +31,11 @@ module Dependabot
|
|
|
31
31
|
end
|
|
32
32
|
def initialize(raw_version, requirement = nil)
|
|
33
33
|
super(
|
|
34
|
-
NAME,
|
|
35
|
-
Version.new(raw_version),
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
requirement,
|
|
34
|
+
name: NAME,
|
|
35
|
+
version: Version.new(raw_version),
|
|
36
|
+
deprecated_versions: DEPRECATED_VERSIONS,
|
|
37
|
+
supported_versions: SUPPORTED_VERSIONS,
|
|
38
|
+
requirement: requirement,
|
|
39
39
|
)
|
|
40
40
|
end
|
|
41
41
|
|
|
@@ -69,11 +69,11 @@ module Dependabot
|
|
|
69
69
|
end
|
|
70
70
|
def initialize(raw_version, requirement = nil)
|
|
71
71
|
super(
|
|
72
|
-
NAME,
|
|
73
|
-
Version.new(raw_version),
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
requirement,
|
|
72
|
+
name: NAME,
|
|
73
|
+
version: Version.new(raw_version),
|
|
74
|
+
deprecated_versions: DEPRECATED_VERSIONS,
|
|
75
|
+
supported_versions: SUPPORTED_VERSIONS,
|
|
76
|
+
requirement: requirement,
|
|
77
77
|
)
|
|
78
78
|
end
|
|
79
79
|
|
|
@@ -92,6 +92,7 @@ module Dependabot
|
|
|
92
92
|
extend T::Sig
|
|
93
93
|
|
|
94
94
|
NAME = "pip-compile"
|
|
95
|
+
MANIFEST_FILENAME = ".in"
|
|
95
96
|
|
|
96
97
|
SUPPORTED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
|
|
97
98
|
|
|
@@ -105,11 +106,11 @@ module Dependabot
|
|
|
105
106
|
end
|
|
106
107
|
def initialize(raw_version, requirement = nil)
|
|
107
108
|
super(
|
|
108
|
-
NAME,
|
|
109
|
-
Version.new(raw_version),
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
requirement,
|
|
109
|
+
name: NAME,
|
|
110
|
+
version: Version.new(raw_version),
|
|
111
|
+
deprecated_versions: DEPRECATED_VERSIONS,
|
|
112
|
+
supported_versions: SUPPORTED_VERSIONS,
|
|
113
|
+
requirement: requirement,
|
|
113
114
|
)
|
|
114
115
|
end
|
|
115
116
|
|
|
@@ -144,11 +145,11 @@ module Dependabot
|
|
|
144
145
|
end
|
|
145
146
|
def initialize(raw_version, requirement = nil)
|
|
146
147
|
super(
|
|
147
|
-
NAME,
|
|
148
|
-
Version.new(raw_version),
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
requirement,
|
|
148
|
+
name: NAME,
|
|
149
|
+
version: Version.new(raw_version),
|
|
150
|
+
deprecated_versions: DEPRECATED_VERSIONS,
|
|
151
|
+
supported_versions: SUPPORTED_VERSIONS,
|
|
152
|
+
requirement: requirement,
|
|
152
153
|
)
|
|
153
154
|
end
|
|
154
155
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-python
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.292.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2025-01-09 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.292.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.292.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -290,7 +290,7 @@ licenses:
|
|
|
290
290
|
- MIT
|
|
291
291
|
metadata:
|
|
292
292
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
293
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
293
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.292.0
|
|
294
294
|
post_install_message:
|
|
295
295
|
rdoc_options: []
|
|
296
296
|
require_paths:
|
|
@@ -306,7 +306,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
306
306
|
- !ruby/object:Gem::Version
|
|
307
307
|
version: 3.1.0
|
|
308
308
|
requirements: []
|
|
309
|
-
rubygems_version: 3.5.
|
|
309
|
+
rubygems_version: 3.5.22
|
|
310
310
|
signing_key:
|
|
311
311
|
specification_version: 4
|
|
312
312
|
summary: Provides Dependabot support for Python
|