dependabot-python 0.367.0 → 0.369.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5e54cc0660ba9d6007661da639e66151ac7cdab9dafb2ea460ee544b825e7790
-  data.tar.gz: eaaec236cd949ffa2a446b5056a56378a2bcf954eb32da78e0ec0cb9f7b0bb4c
+  metadata.gz: 64cdd01e07bc2f6472a1027884006af4c7df3648168f04135c7b91cdf5530f14
+  data.tar.gz: b5610dc0420858f42cb23a8462abcd7ebd4b9b1aab8be3ca28233a99c239982c
 SHA512:
-  metadata.gz: 88f0d4fc4032adab9165c2d0187ef56660ebc219472723ad97c61c128e764cfeac49d4a49abfa4999f05ac85f9ccee3189dec442fc5701bf1afd41d18d706fba
-  data.tar.gz: 931b2880cdfda0184098b61416963e02542a13993752f83e8682f3c25b7de3e2f6c45affe5a80e231a331fc6bcd4b62b0eec3bab33aae065a92d70932e31c844
+  metadata.gz: f4cb556708bba8d54dc3d04495d021e4808cf5651184ed9fe2d1b65d6b1114c688f92d9be8ab8fae6e96d818643ce4c4824db5971dc2fabf55370b6ffff26f39
+  data.tar.gz: 64514c6fad289e34af6bdbaeecc25f8ff815ba193d77088a86fa3399c9379ab1cad740ff0f18ae0ac176e85375714e15f36ceae638b96d6e2714f425ce86cd96

data/helpers/build

@@ -17,6 +17,10 @@ cp -r \
   "$helpers_dir/requirements.txt" \
   "$install_dir"
 
+if [ -d "$helpers_dir/test" ]; then
+  cp -r "$helpers_dir/test" "$install_dir"
+fi
+
 cd "$install_dir"
 PYENV_VERSION=$1 pyenv exec pip3 --disable-pip-version-check install --use-pep517 -r "requirements.txt"
 

data/helpers/requirements.txt

@@ -5,6 +5,7 @@ hashin==1.0.5
 pipenv==2024.4.1
 plette==2.1.0
 poetry==2.2.1
+pytest==8.3.5
 # TODO: Replace 3p package `tomli` with 3.11's new stdlib `tomllib` once we drop support for Python 3.10.
 tomli==2.2.1
 

data/helpers/test/fixtures/no_dependencies.toml

@@ -0,0 +1,3 @@
+[project]
+name = "myapp"
+version = "1.0.0"

data/helpers/test/fixtures/pep621_arbitrary_equality.toml

@@ -0,0 +1,7 @@
+[project]
+name = "myapp"
+version = "1.0.0"
+
+dependencies = [
+    "numpy===1.24.0rc1",
+]

data/helpers/test/fixtures/pep621_dependencies.toml

@@ -0,0 +1,21 @@
+[project]
+name = "myapp"
+version = "1.0.0"
+requires-python = ">=3.10"
+
+dependencies = [
+    "requests>=2.13.0,<3.0",
+    "urllib3==1.26.0",
+]
+
+[project.optional-dependencies]
+socks = [
+    "PySocks >= 1.5.6, != 1.5.7, < 2",
+]
+tests = [
+    "pytest >= 7.0, < 8",
+]
+
+[build-system]
+requires = ["setuptools>=68.0"]
+build-backend = "setuptools.build_meta"

data/helpers/test/fixtures/pep621_empty_deps.toml

@@ -0,0 +1,8 @@
+[project]
+name = "myapp"
+version = "1.0.0"
+
+dependencies = []
+
+[project.optional-dependencies]
+dev = []

data/helpers/test/fixtures/pep621_extras.toml

@@ -0,0 +1,8 @@
+[project]
+name = "myapp"
+version = "1.0.0"
+requires-python = ">=3.10"
+
+dependencies = [
+    "cachecontrol[filecache]>=0.14.0",
+]

data/helpers/test/fixtures/pep621_markers.toml

@@ -0,0 +1,7 @@
+[project]
+name = "myapp"
+version = "1.0.0"
+
+dependencies = [
+    "requests>=2.13.0; python_version >= '3.8'",
+]

data/helpers/test/fixtures/pep621_multiple_extras.toml

@@ -0,0 +1,7 @@
+[project]
+name = "myapp"
+version = "1.0.0"
+
+dependencies = [
+    "boto3[crt,s3]>=1.28.0",
+]

data/helpers/test/fixtures/pep621_no_version.toml

@@ -0,0 +1,8 @@
+[project]
+name = "myapp"
+version = "1.0.0"
+
+dependencies = [
+    "requests",
+    "flask",
+]

data/helpers/test/fixtures/pep621_only_build_system.toml

@@ -0,0 +1,3 @@
+[build-system]
+requires = ["setuptools>=68.0", "wheel"]
+build-backend = "setuptools.build_meta"

data/helpers/test/fixtures/pep735_cycle.toml

@@ -0,0 +1,13 @@
+[project]
+name = "myapp"
+version = "1.0.0"
+
+[dependency-groups]
+a = [
+    {include-group = "b"},
+    "requests>=2.0",
+]
+b = [
+    {include-group = "a"},
+    "flask>=2.0",
+]

data/helpers/test/fixtures/pep735_dependency_groups.toml

@@ -0,0 +1,18 @@
+[project]
+name = "myapp"
+version = "1.0.0"
+requires-python = ">=3.10"
+
+dependencies = [
+    "requests>=2.13.0",
+]
+
+[dependency-groups]
+dev = [
+    "pytest==7.1.3",
+    "black==22.10.0",
+]
+lint = [
+    {include-group = "dev"},
+    "flake8>=5.0",
+]

data/helpers/test/fixtures/requirements/constraints.txt

@@ -0,0 +1 @@
+requests<3.0

data/helpers/test/fixtures/requirements/markers.txt

@@ -0,0 +1 @@
+pywin32>=1.0; sys_platform == "win32"

data/helpers/test/fixtures/requirements/requirements-dev.txt

@@ -0,0 +1,2 @@
+pytest>=7.0
+black==22.10.0

data/helpers/test/fixtures/requirements/requirements.txt

@@ -0,0 +1,5 @@
+# Basic requirements file
+requests>=2.13.0,<3.0
+urllib3==1.26.0
+Flask[async]>=2.0
+boto3  # AWS SDK

data/helpers/test/fixtures/requirements/with_constraints.txt

@@ -0,0 +1,2 @@
+-c constraints.txt
+requests>=2.13.0

data/helpers/test/fixtures/setup_cfg/setup.cfg

@@ -0,0 +1,16 @@
+[metadata]
+name = myapp
+version = 1.0.0
+
+[options]
+install_requires =
+    requests>=2.13.0
+    urllib3==1.26.0
+setup_requires =
+    setuptools>=68.0
+tests_require =
+    pytest>=7.0
+
+[options.extras_require]
+socks =
+    PySocks>=1.5.6

data/helpers/test/fixtures/setup_py/setup.py

@@ -0,0 +1,20 @@
+from setuptools import setup
+
+setup(
+    name="myapp",
+    version="1.0.0",
+    install_requires=[
+        "requests>=2.13.0",
+        "urllib3==1.26.0",
+    ],
+    setup_requires=[
+        "setuptools>=68.0",
+    ],
+    tests_require=[
+        "pytest>=7.0",
+    ],
+    extras_require={
+        "socks": ["PySocks>=1.5.6"],
+        "dev": ["black==22.10.0"],
+    },
+)

data/helpers/test/fixtures/setup_py_comments/setup.py

@@ -0,0 +1,9 @@
+from setuptools import setup
+
+setup(
+    name="myapp",
+    version="1.0.0",
+    install_requires=[
+        "requests>=2.13.0  # HTTP library",
+    ],
+)

data/helpers/test/test_hasher.py

@@ -0,0 +1,114 @@
+import json
+import os
+import ssl
+import sys
+from unittest.mock import MagicMock, patch
+from urllib.error import URLError
+
+sys.path.insert(
+    0, os.path.join(os.path.dirname(__file__), os.pardir, "lib")
+)
+
+import hasher  # noqa: E402
+import hashin as hashin_mod  # noqa: E402
+
+
+class TestGetDependencyHash:
+    @patch("hasher.hashin.get_package_hashes")
+    def test_returns_hashes(self, mock_get):
+        mock_get.return_value = {
+            "hashes": [
+                {"hash": "abc123", "platform": "linux"},
+                {"hash": "def456", "platform": "macos"},
+            ]
+        }
+
+        result = json.loads(hasher.get_dependency_hash(
+            "requests", "2.28.0", "sha256"
+        ))
+
+        assert "result" in result
+        assert len(result["result"]) == 2
+        assert result["result"][0]["hash"] == "abc123"
+        mock_get.assert_called_once()
+
+    @patch("hasher.hashin.get_package_hashes")
+    def test_custom_index_url(self, mock_get):
+        mock_get.return_value = {"hashes": []}
+
+        hasher.get_dependency_hash(
+            "requests", "2.28.0", "sha256",
+            index_url="https://custom.registry/simple/"
+        )
+
+        mock_get.assert_called_once_with(
+            "requests",
+            version="2.28.0",
+            algorithm="sha256",
+            index_url="https://custom.registry/simple/"
+        )
+
+    @patch("hasher.hashin.get_package_hashes")
+    def test_package_not_found(self, mock_get):
+        mock_get.side_effect = hashin_mod.PackageNotFoundError(
+            "no-such-package"
+        )
+
+        result = json.loads(hasher.get_dependency_hash(
+            "no-such-package", "1.0.0", "sha256"
+        ))
+
+        assert "error" in result
+
+    @patch("hasher.hashin.get_package_hashes")
+    def test_ssl_certificate_error(self, mock_get):
+        ssl_error = ssl.SSLError(
+            "CERTIFICATE_VERIFY_FAILED: unable to get local issuer"
+        )
+        mock_get.side_effect = URLError(ssl_error)
+
+        result = json.loads(hasher.get_dependency_hash(
+            "requests", "2.28.0", "sha256"
+        ))
+
+        assert "error" in result
+        assert "CERTIFICATE_VERIFY_FAILED" in result["error"]
+
+    @patch("hasher.hashin.get_package_hashes")
+    def test_non_ssl_url_error_raises(self, mock_get):
+        mock_get.side_effect = URLError("Connection refused")
+
+        try:
+            hasher.get_dependency_hash("requests", "2.28.0", "sha256")
+            assert False, "Expected URLError to be raised"
+        except URLError:
+            pass  # expected
+
+
+class TestGetPipfileHash:
+    @patch("builtins.open")
+    @patch("hasher.plette")
+    def test_returns_hash(self, mock_plette, mock_open):
+        mock_pipfile = MagicMock()
+        mock_pipfile.get_hash.return_value.value = "abc123hash"
+        mock_plette.Pipfile.load.return_value = mock_pipfile
+
+        result = json.loads(hasher.get_pipfile_hash("/tmp/project"))
+
+        assert result["result"] == "abc123hash"
+        mock_open.assert_called_once_with("/tmp/project/Pipfile")
+
+
+class TestGetPyprojectHash:
+    @patch("hasher.Factory")
+    def test_returns_hash(self, mock_factory_cls):
+        mock_poetry = MagicMock()
+        mock_poetry.locker._get_content_hash.return_value = "xyz789hash"
+        mock_factory_cls.return_value.create_poetry.return_value = mock_poetry
+
+        result = json.loads(hasher.get_pyproject_hash("/tmp/project"))
+
+        assert result["result"] == "xyz789hash"
+        mock_factory_cls.return_value.create_poetry.assert_called_once_with(
+            "/tmp/project"
+        )

data/helpers/test/test_parse_requirements.py

@@ -0,0 +1,103 @@
+import json
+import os
+import sys
+
+sys.path.insert(
+    0, os.path.join(os.path.dirname(__file__), os.pardir, "lib")
+)
+
+from parser import parse_requirements  # noqa: E402
+
+FIXTURES = os.path.join(os.path.dirname(__file__), "fixtures")
+
+
+def parse(fixture_dir):
+    path = os.path.join(FIXTURES, fixture_dir)
+    result = json.loads(parse_requirements(path))
+    return result
+
+
+def find_dep(deps, name):
+    return next((d for d in deps if d["name"] == name), None)
+
+
+def find_dep_in_file(deps, name, file_substring):
+    return next(
+        (d for d in deps
+         if d["name"] == name and file_substring in d["file"]),
+        None
+    )
+
+
+class TestParseRequirementsTxt:
+    def test_parses_basic_requirements(self):
+        result = parse("requirements")
+        deps = result["result"]
+        requests = find_dep_in_file(deps, "requests", "requirements.txt")
+        assert requests is not None
+        assert requests["requirement"] == "<3.0,>=2.13.0"
+
+    def test_parses_pinned_version(self):
+        result = parse("requirements")
+        deps = result["result"]
+        urllib3 = find_dep(deps, "urllib3")
+        assert urllib3 is not None
+        assert urllib3["version"] == "1.26.0"
+        assert urllib3["requirement"] == "==1.26.0"
+
+    def test_parses_extras(self):
+        result = parse("requirements")
+        deps = result["result"]
+        flask = find_dep(deps, "Flask")
+        assert flask is not None
+        assert flask["extras"] == ["async"]
+
+    def test_strips_inline_comments(self):
+        result = parse("requirements")
+        deps = result["result"]
+        boto3 = find_dep(deps, "boto3")
+        assert boto3 is not None
+        # boto3 has no version specifier, just a comment
+        assert boto3["requirement"] is None or boto3["requirement"] == ""
+
+    def test_file_path_is_relative(self):
+        result = parse("requirements")
+        deps = result["result"]
+        for dep in deps:
+            assert not os.path.isabs(dep["file"])
+
+    def test_parses_dev_requirements(self):
+        result = parse("requirements")
+        deps = result["result"]
+        black = find_dep(deps, "black")
+        assert black is not None
+        assert black["version"] == "22.10.0"
+        assert "requirements-dev.txt" in black["file"]
+
+    def test_parses_markers(self):
+        result = parse("requirements")
+        deps = result["result"]
+        pywin32 = find_dep(deps, "pywin32")
+        assert pywin32 is not None
+        assert pywin32["markers"] == 'sys_platform == "win32"'
+
+    def test_empty_directory_returns_empty(self):
+        result = parse("requirements_empty")
+        deps = result["result"]
+        assert deps == []
+
+    def test_constraint_file_deps(self):
+        """Requirements with -c constraints should still parse the deps."""
+        result = parse("requirements")
+        deps = result["result"]
+        # with_constraints.txt has requests
+        req_files = [d["file"] for d in deps if d["name"] == "requests"]
+        assert any("with_constraints" in f for f in req_files)
+
+    def test_multiple_files_parsed(self):
+        """All .txt files in the directory are parsed."""
+        result = parse("requirements")
+        deps = result["result"]
+        files = {d["file"] for d in deps}
+        assert any("requirements.txt" in f for f in files)
+        assert any("requirements-dev.txt" in f for f in files)

data/helpers/test/test_parse_setup.py

@@ -0,0 +1,127 @@
+import json
+import os
+import sys
+
+sys.path.insert(
+    0, os.path.join(os.path.dirname(__file__), os.pardir, "lib")
+)
+
+from parser import parse_setup  # noqa: E402
+
+FIXTURES = os.path.join(os.path.dirname(__file__), "fixtures")
+
+
+def parse(fixture_dir):
+    path = os.path.join(FIXTURES, fixture_dir)
+    result = json.loads(parse_setup(path))
+    return result
+
+
+def find_dep(deps, name):
+    return next((d for d in deps if d["name"] == name), None)
+
+
+# ---------------------------------------------------------------------------
+# setup.py parsing
+# ---------------------------------------------------------------------------
+class TestSetupPy:
+    def test_parses_install_requires(self):
+        result = parse("setup_py")
+        deps = result["result"]
+        requests = find_dep(deps, "requests")
+        assert requests is not None
+        assert requests["requirement"] == ">=2.13.0"
+        assert requests["requirement_type"] == "install_requires"
+        assert requests["file"] == "setup.py"
+
+    def test_parses_pinned_version(self):
+        result = parse("setup_py")
+        deps = result["result"]
+        urllib3 = find_dep(deps, "urllib3")
+        assert urllib3 is not None
+        assert urllib3["version"] == "1.26.0"
+
+    def test_parses_setup_requires(self):
+        result = parse("setup_py")
+        deps = result["result"]
+        setuptools = find_dep(deps, "setuptools")
+        assert setuptools is not None
+        assert setuptools["requirement_type"] == "setup_requires"
+
+    def test_parses_tests_require(self):
+        result = parse("setup_py")
+        deps = result["result"]
+        pytest = find_dep(deps, "pytest")
+        assert pytest is not None
+        assert pytest["requirement_type"] == "tests_require"
+
+    def test_parses_extras_require(self):
+        result = parse("setup_py")
+        deps = result["result"]
+        pysocks = find_dep(deps, "PySocks")
+        assert pysocks is not None
+        assert pysocks["requirement_type"] == "extras_require:socks"
+
+    def test_parses_multiple_extras_groups(self):
+        result = parse("setup_py")
+        deps = result["result"]
+        extras = [d for d in deps if d["requirement_type"].startswith(
+            "extras_require:"
+        )]
+        groups = {d["requirement_type"] for d in extras}
+        assert "extras_require:socks" in groups
+        assert "extras_require:dev" in groups
+
+    def test_strips_comments(self):
+        result = parse("setup_py_comments")
+        deps = result["result"]
+        requests = find_dep(deps, "requests")
+        assert requests is not None
+        assert requests["requirement"] == ">=2.13.0"
+
+
+# ---------------------------------------------------------------------------
+# setup.cfg parsing
+# ---------------------------------------------------------------------------
+class TestSetupCfg:
+    def test_parses_install_requires(self):
+        result = parse("setup_cfg")
+        deps = result["result"]
+        requests = find_dep(deps, "requests")
+        assert requests is not None
+        assert requests["requirement"] == ">=2.13.0"
+        assert requests["requirement_type"] == "install_requires"
+        assert requests["file"] == "setup.cfg"
+
+    def test_parses_pinned_version(self):
+        result = parse("setup_cfg")
+        deps = result["result"]
+        urllib3 = find_dep(deps, "urllib3")
+        assert urllib3 is not None
+        assert urllib3["version"] == "1.26.0"
+
+    def test_parses_setup_requires(self):
+        result = parse("setup_cfg")
+        deps = result["result"]
+        setuptools = find_dep(deps, "setuptools")
+        assert setuptools is not None
+        assert setuptools["requirement_type"] == "setup_requires"
+
+    def test_parses_tests_require(self):
+        result = parse("setup_cfg")
+        deps = result["result"]
+        pytest = find_dep(deps, "pytest")
+        assert pytest is not None
+        assert pytest["requirement_type"] == "tests_require"
+
+    def test_parses_extras_require(self):
+        result = parse("setup_cfg")
+        deps = result["result"]
+        pysocks = find_dep(deps, "PySocks")
+        assert pysocks is not None
+        assert pysocks["requirement_type"] == "extras_require:socks"
+
+    def test_empty_directory_returns_empty(self):
+        result = parse("requirements_empty")
+        deps = result["result"]
+        assert deps == []