dependabot-python 0.361.1 → 0.361.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/python/requirement_parser.rb +56 -0
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: eda91deb53bd92a9f843c3c06cfbc4cc31eefdca820b40dbc7a54925096255a6
|
|
4
|
+
data.tar.gz: 279aa5702150e0fabae033d6050023a91c0aae715cef14dae31aa4686410645e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 5e10a113617879b8b484a08f1b6627824d2d6fafa3bfafec30c896a2ec8b4b166f6a7abed5c8edd0495b37b1ac418ab7963091a254256dc5f95934d3e38bfe3a
|
|
7
|
+
data.tar.gz: bf71087e14538101af044f780b3de22c37f679bce0e0bf13e292b5c690c2ed9b08275b76186ca1582c3fab3226e4f8fcc720a21d7599b92952557563caeb2dad
|
|
@@ -1,9 +1,15 @@
|
|
|
1
1
|
# typed: strong
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require "sorbet-runtime"
|
|
5
|
+
require "dependabot/python/name_normaliser"
|
|
6
|
+
require "dependabot/python/requirement"
|
|
7
|
+
|
|
4
8
|
module Dependabot
|
|
5
9
|
module Python
|
|
6
10
|
class RequirementParser
|
|
11
|
+
extend T::Sig
|
|
12
|
+
|
|
7
13
|
NAME = /[a-zA-Z0-9](?:[a-zA-Z0-9\-_\.]*[a-zA-Z0-9])?/
|
|
8
14
|
EXTRA = /[a-zA-Z0-9\-_\.]+/
|
|
9
15
|
COMPARISON = /===|==|>=|<=|<|>|~=|!=/
|
|
@@ -55,6 +61,56 @@ module Dependabot
|
|
|
55
61
|
/\s*\\?\s*(?<name>#{NAME})
|
|
56
62
|
(\s*\\?\s*\[\s*(?<extras>#{EXTRA}(\s*,\s*#{EXTRA})*)\s*\])?
|
|
57
63
|
/x
|
|
64
|
+
|
|
65
|
+
# Parses a single pip requirement string (e.g. "types-requests==2.31.0.10")
|
|
66
|
+
# into a structured hash. Returns nil if the string is not a valid requirement
|
|
67
|
+
# or has no version constraint.
|
|
68
|
+
sig { params(dependency_string: String).returns(T.nilable(T::Hash[Symbol, T.untyped])) }
|
|
69
|
+
def self.parse(dependency_string)
|
|
70
|
+
match = dependency_string.strip.match(VALID_REQ_TXT_REQUIREMENT)
|
|
71
|
+
return nil unless match
|
|
72
|
+
|
|
73
|
+
name = T.must(match[:name])
|
|
74
|
+
requirements_string = match[:requirements]
|
|
75
|
+
return nil if requirements_string.nil? || requirements_string.strip.empty?
|
|
76
|
+
|
|
77
|
+
version = extract_pinned_version(requirements_string)
|
|
78
|
+
return nil unless version
|
|
79
|
+
|
|
80
|
+
{
|
|
81
|
+
name: name,
|
|
82
|
+
normalised_name: NameNormaliser.normalise(name),
|
|
83
|
+
version: version,
|
|
84
|
+
requirement: requirements_string,
|
|
85
|
+
extras: match[:extras],
|
|
86
|
+
markers: match[:markers]
|
|
87
|
+
}
|
|
88
|
+
end
|
|
89
|
+
|
|
90
|
+
# Extracts the pinned or lower-bound version from a requirement string.
|
|
91
|
+
# For "==2.31.0" returns "2.31.0", for ">=1.0,<2.0" returns "1.0".
|
|
92
|
+
sig { params(requirements_string: String).returns(T.nilable(String)) }
|
|
93
|
+
def self.extract_pinned_version(requirements_string)
|
|
94
|
+
requirement = Dependabot::Python::Requirement.new(requirements_string)
|
|
95
|
+
constraints = T.let(requirement.requirements, T::Array[T::Array[T.untyped]])
|
|
96
|
+
|
|
97
|
+
exact_pin = constraints.find do |pair|
|
|
98
|
+
op = T.cast(pair[0], String)
|
|
99
|
+
op == "==" || op == "="
|
|
100
|
+
end
|
|
101
|
+
return T.cast(exact_pin[1], Gem::Version).to_s if exact_pin
|
|
102
|
+
|
|
103
|
+
lower_bound_operators = %w(>= > ~>).freeze
|
|
104
|
+
lower_bound = constraints.find { |pair| lower_bound_operators.include?(T.cast(pair[0], String)) }
|
|
105
|
+
return T.cast(lower_bound[1], Gem::Version).to_s if lower_bound
|
|
106
|
+
|
|
107
|
+
nil
|
|
108
|
+
rescue Gem::Requirement::BadRequirementError
|
|
109
|
+
fallback = requirements_string.match(/(?:==|>=|~=)\s*(?<version>[^\s,<>!=]+)/)
|
|
110
|
+
fallback ? fallback[:version] : nil
|
|
111
|
+
end
|
|
112
|
+
|
|
113
|
+
private_class_method :extract_pinned_version
|
|
58
114
|
end
|
|
59
115
|
end
|
|
60
116
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-python
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.361.
|
|
4
|
+
version: 0.361.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.361.
|
|
18
|
+
version: 0.361.2
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.361.
|
|
25
|
+
version: 0.361.2
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: debug
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -291,7 +291,7 @@ licenses:
|
|
|
291
291
|
- MIT
|
|
292
292
|
metadata:
|
|
293
293
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
294
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.361.
|
|
294
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.361.2
|
|
295
295
|
rdoc_options: []
|
|
296
296
|
require_paths:
|
|
297
297
|
- lib
|