dependabot-python 0.363.0 → 0.364.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/helpers/requirements.txt +1 -1
- data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb +5 -1
- data/lib/dependabot/python/file_updater/requirement_replacer.rb +1 -1
- data/lib/dependabot/python/package/package_details_fetcher.rb +6 -6
- data/lib/dependabot/python/update_checker/requirements_updater.rb +3 -4
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ad6e1e80553f3ffd620ea7d83d9e9d6dbe3d910b069df6e970b3b0176090f024
|
|
4
|
+
data.tar.gz: 4869abdc7a7905d29c03d5e3620f7b5f8f5a5321131f035d9aa070563db6cff2
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 896f820ec9168bee0abb669b46c5ad4368d741b6a15bc3b81d22cbaeea63416043c1a81801c9df5965177c8b4681b7f9dc860b90b36b870a1e8be3700725a670
|
|
7
|
+
data.tar.gz: c4a75fcb7e5ad87522d6817a1d3cc716d11b0766f164ce7917e196a879f743761eab3eb269bebd57d4473d51f3117f9e35e4d12ced3d55e31794ed7365eab290
|
data/helpers/requirements.txt
CHANGED
|
@@ -26,7 +26,11 @@ module Dependabot
|
|
|
26
26
|
|
|
27
27
|
UNSAFE_PACKAGES = T.let(%w(setuptools distribute pip).freeze, T::Array[String])
|
|
28
28
|
INCOMPATIBLE_VERSIONS_REGEX = T.let(
|
|
29
|
-
|
|
29
|
+
Regexp.new(
|
|
30
|
+
"(?:not supported between instances of 'InstallationCandidate'" \
|
|
31
|
+
"|There are incompatible versions in the resolved dependencies).*\\z",
|
|
32
|
+
Regexp::MULTILINE
|
|
33
|
+
),
|
|
30
34
|
Regexp
|
|
31
35
|
)
|
|
32
36
|
WARNINGS = T.let(/\s*# WARNING:.*\Z/m, Regexp)
|
|
@@ -68,13 +68,13 @@ module Dependabot
|
|
|
68
68
|
package_releases = registry_urls
|
|
69
69
|
.select { |index_url| validate_index(index_url) } # Ensure only valid URLs
|
|
70
70
|
.flat_map do |index_url|
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
71
|
+
fetch_from_registry(index_url) || [] # Ensure it always returns an array
|
|
72
|
+
rescue Excon::Error::Timeout, Excon::Error::Socket
|
|
73
|
+
raise if MAIN_PYPI_INDEXES.include?(index_url)
|
|
74
74
|
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
75
|
+
raise PrivateSourceTimedOut, sanitized_url(index_url)
|
|
76
|
+
rescue URI::InvalidURIError
|
|
77
|
+
raise DependencyFileNotResolvable, "Invalid URL: #{sanitized_url(index_url)}"
|
|
78
78
|
end
|
|
79
79
|
|
|
80
80
|
Dependabot::Package::PackageDetails.new(
|
|
@@ -297,7 +297,7 @@ module Dependabot
|
|
|
297
297
|
# Prefix match
|
|
298
298
|
T.must(requirement_strings.find { |r| r.match?(/^(=+|\d)/) })
|
|
299
299
|
.sub(RequirementParser::VERSION) do |v|
|
|
300
|
-
|
|
300
|
+
at_same_precision(T.must(latest_resolvable_version).to_s, v)
|
|
301
301
|
end
|
|
302
302
|
end
|
|
303
303
|
end
|
|
@@ -321,7 +321,7 @@ module Dependabot
|
|
|
321
321
|
end
|
|
322
322
|
|
|
323
323
|
sig { params(requirement_strings: T::Array[String]).returns(String) }
|
|
324
|
-
def update_requirements_range(requirement_strings)
|
|
324
|
+
def update_requirements_range(requirement_strings)
|
|
325
325
|
ruby_requirements =
|
|
326
326
|
requirement_strings.map { |r| requirement_class.new(r) }
|
|
327
327
|
|
|
@@ -341,8 +341,7 @@ module Dependabot
|
|
|
341
341
|
end.compact
|
|
342
342
|
|
|
343
343
|
updated_requirement_strings
|
|
344
|
-
.sort_by { |r| requirement_class.new(r).requirements.first.last }
|
|
345
|
-
.map(&:to_s).join(",").delete(" ")
|
|
344
|
+
.sort_by { |r| requirement_class.new(r).requirements.first.last }.join(",").delete(" ")
|
|
346
345
|
end
|
|
347
346
|
|
|
348
347
|
# Updates the version in a constraint to be the given version
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-python
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.364.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.364.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.364.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: debug
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -291,7 +291,7 @@ licenses:
|
|
|
291
291
|
- MIT
|
|
292
292
|
metadata:
|
|
293
293
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
294
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
294
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.364.0
|
|
295
295
|
rdoc_options: []
|
|
296
296
|
require_paths:
|
|
297
297
|
- lib
|