dependabot-python 0.372.0 → 0.374.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/python/dependency_grapher/lockfile_generator.rb +5 -5
- data/lib/dependabot/python/dependency_grapher.rb +2 -2
- data/lib/dependabot/python/file_updater/pyproject_preparer.rb +3 -0
- data/lib/dependabot/python/update_checker/requirements_updater.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 95da56a7f8bcaa1450ddc0a7944b96c1f92845ba2e332a05868118ec041b1a8f
|
|
4
|
+
data.tar.gz: 68aca7a7062f67514acdf3616ee543eb830727dffb3ea2001bbec07612d3d6ab
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 18740b4c76b1f1426d9e3d4039e41e6809869e37ccd68df3280588618200d2fdf7a31b9957b5f2c702285d45afe4ce1f227b1b4b52ce5ccdf0664735252bcca4
|
|
7
|
+
data.tar.gz: 2432fe5ce55b1749d2ad09b99875157a66f3a3d1797d2217772d545dd727192d5562b5deae11e70c3e6331753b60000dbb2aa46d2aad4ce6dfc0996e1f569c41
|
|
@@ -28,7 +28,7 @@ module Dependabot
|
|
|
28
28
|
@credentials = credentials
|
|
29
29
|
end
|
|
30
30
|
|
|
31
|
-
sig { returns(
|
|
31
|
+
sig { returns(Dependabot::DependencyFile) }
|
|
32
32
|
def generate
|
|
33
33
|
SharedHelpers.in_a_temporary_directory do
|
|
34
34
|
SharedHelpers.with_git_configured(credentials: credentials) do
|
|
@@ -44,7 +44,7 @@ module Dependabot
|
|
|
44
44
|
end
|
|
45
45
|
rescue SharedHelpers::HelperSubprocessFailed => e
|
|
46
46
|
handle_generation_error(e)
|
|
47
|
-
|
|
47
|
+
raise
|
|
48
48
|
end
|
|
49
49
|
|
|
50
50
|
private
|
|
@@ -77,11 +77,11 @@ module Dependabot
|
|
|
77
77
|
run_poetry_command("pyenv exec poetry lock --no-interaction")
|
|
78
78
|
end
|
|
79
79
|
|
|
80
|
-
sig { returns(
|
|
80
|
+
sig { returns(Dependabot::DependencyFile) }
|
|
81
81
|
def read_generated_lockfile
|
|
82
82
|
unless File.exist?(LOCKFILE_NAME)
|
|
83
|
-
Dependabot.logger.
|
|
84
|
-
|
|
83
|
+
Dependabot.logger.error("#{LOCKFILE_NAME} was not generated")
|
|
84
|
+
raise Dependabot::DependencyFileNotEvaluatable, "#{LOCKFILE_NAME} was not generated"
|
|
85
85
|
end
|
|
86
86
|
|
|
87
87
|
content = File.read(LOCKFILE_NAME)
|
|
@@ -88,8 +88,6 @@ module Dependabot
|
|
|
88
88
|
)
|
|
89
89
|
|
|
90
90
|
ephemeral_lockfile = generator.generate
|
|
91
|
-
return unless ephemeral_lockfile
|
|
92
|
-
|
|
93
91
|
inject_ephemeral_lockfile(ephemeral_lockfile)
|
|
94
92
|
@ephemeral_lockfile_generated = T.let(true, T.nilable(T::Boolean))
|
|
95
93
|
|
|
@@ -97,6 +95,8 @@ module Dependabot
|
|
|
97
95
|
"Successfully generated ephemeral #{ephemeral_lockfile.name} for dependency graphing"
|
|
98
96
|
)
|
|
99
97
|
rescue StandardError => e
|
|
98
|
+
errored_fetching_subdependencies!
|
|
99
|
+
@subdependency_error = e
|
|
100
100
|
Dependabot.logger.warn(
|
|
101
101
|
"Failed to generate ephemeral lockfile: #{e.message}. " \
|
|
102
102
|
"Dependency versions may not be resolved."
|
|
@@ -198,12 +198,15 @@ module Dependabot
|
|
|
198
198
|
|
|
199
199
|
sig { params(deps_hash: T::Hash[String, T.untyped], dep_name: String, details: T::Hash[String, T.untyped]).void }
|
|
200
200
|
def freeze_git_dep!(deps_hash, dep_name, details)
|
|
201
|
+
existing_extras = deps_hash[dep_name].is_a?(Hash) ? deps_hash[dep_name]["extras"] : nil
|
|
202
|
+
|
|
201
203
|
deps_hash[dep_name] = {
|
|
202
204
|
"git" => details.dig("source", "url"),
|
|
203
205
|
"rev" => details.dig("source", "reference")
|
|
204
206
|
}
|
|
205
207
|
subdirectory = details.dig("source", "subdirectory")
|
|
206
208
|
deps_hash[dep_name]["subdirectory"] = subdirectory if subdirectory
|
|
209
|
+
deps_hash[dep_name]["extras"] = existing_extras if existing_extras
|
|
207
210
|
end
|
|
208
211
|
|
|
209
212
|
sig { params(pyproject_object: T::Hash[String, T.untyped], excluded_names: T::Array[String]).void }
|
|
@@ -64,7 +64,7 @@ module Dependabot
|
|
|
64
64
|
requirements.map do |req|
|
|
65
65
|
case req[:file]
|
|
66
66
|
when /setup\.(?:py|cfg)$/ then updated_setup_requirement(req)
|
|
67
|
-
when "pyproject.toml" then updated_pyproject_requirement(req)
|
|
67
|
+
when ->(file) { file.end_with?("pyproject.toml") } then updated_pyproject_requirement(req)
|
|
68
68
|
when "Pipfile" then updated_pipfile_requirement(req)
|
|
69
69
|
when /\.txt$|\.in$/ then updated_requirement(req)
|
|
70
70
|
else raise "Unexpected filename: #{req[:file]}"
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-python
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.374.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.374.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.374.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: debug
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -322,7 +322,7 @@ licenses:
|
|
|
322
322
|
- MIT
|
|
323
323
|
metadata:
|
|
324
324
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
325
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
325
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.374.0
|
|
326
326
|
rdoc_options: []
|
|
327
327
|
require_paths:
|
|
328
328
|
- lib
|