dependabot-python 0.381.0 → 0.383.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/helpers/build +1 -9
- data/lib/dependabot/python/dependency_grapher.rb +4 -0
- data/lib/dependabot/python/file_parser/python_requirement_parser.rb +4 -1
- data/lib/dependabot/python/language.rb +3 -3
- data/lib/dependabot/python/requirement_parser.rb +6 -6
- data/lib/dependabot/python/update_checker/requirements_updater.rb +32 -28
- data/lib/dependabot/python/update_checker.rb +7 -6
- metadata +4 -5
- data/helpers/requirements-3.9.txt +0 -15
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 26031826db5cb07c05ca33adc90a735f803008ac10fe45670311c0d77a0ba738
|
|
4
|
+
data.tar.gz: c4aa146094305a3941c3fd63360a9375cfdfbe7bd819cee61241148c5bc91f16
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: dba3705c8b0458e64b853f97ad170d8a525fae4b89c176d0236eeab2e27b7c186c6eceb92b245181f5ef6f2cee683d2d17baac298adb4061cdbbc2ca88349b96
|
|
7
|
+
data.tar.gz: 06e507ffbda36680035517f07d11aae8298f6e7b2708e8837589de0cf7d74da73e2e63618088bacee8663c9a4f625724c339a4a1dbbc641ac9d254e71ef78137
|
data/helpers/build
CHANGED
|
@@ -15,7 +15,6 @@ cp -r \
|
|
|
15
15
|
"$helpers_dir/lib" \
|
|
16
16
|
"$helpers_dir/run.py" \
|
|
17
17
|
"$helpers_dir/requirements.txt" \
|
|
18
|
-
"$helpers_dir/requirements-3.9.txt" \
|
|
19
18
|
"$install_dir"
|
|
20
19
|
|
|
21
20
|
if [ -d "$helpers_dir/test" ]; then
|
|
@@ -25,15 +24,8 @@ fi
|
|
|
25
24
|
cd "$install_dir"
|
|
26
25
|
|
|
27
26
|
python_version=$1
|
|
28
|
-
# pip 26.x and several other packages require Python >=3.10.
|
|
29
|
-
# Use 3.9-compatible versions for the deprecated Python 3.9 runtime.
|
|
30
|
-
if [[ "$python_version" == 3.9.* ]]; then
|
|
31
|
-
req_file="requirements-3.9.txt"
|
|
32
|
-
else
|
|
33
|
-
req_file="requirements.txt"
|
|
34
|
-
fi
|
|
35
27
|
|
|
36
|
-
PYENV_VERSION=$python_version pyenv exec pip3 --disable-pip-version-check install --use-pep517 -r
|
|
28
|
+
PYENV_VERSION=$python_version pyenv exec pip3 --disable-pip-version-check install --use-pep517 -r requirements.txt
|
|
37
29
|
|
|
38
30
|
# Remove the extra objects added during the previous install. Based on
|
|
39
31
|
# https://github.com/docker-library/python/blob/master/Dockerfile-linux.template
|
|
@@ -65,6 +65,10 @@ module Dependabot
|
|
|
65
65
|
sig { override.void }
|
|
66
66
|
def prepare!
|
|
67
67
|
if poetry_project_without_lockfile?
|
|
68
|
+
# Generating an ephemeral lockfile requires executing `poetry lock`. Strictly speaking, that violates our
|
|
69
|
+
# policy of refusing to run Python tooling when external code execution is disallowed, so fail fast.
|
|
70
|
+
raise Dependabot::UnexpectedExternalCode if file_parser.reject_external_code?
|
|
71
|
+
|
|
68
72
|
Dependabot.logger.info("No poetry.lock found, generating ephemeral lockfile for dependency graphing")
|
|
69
73
|
generate_ephemeral_lockfile!
|
|
70
74
|
emit_missing_lockfile_warning! if @ephemeral_lockfile_generated
|
|
@@ -209,7 +209,10 @@ module Dependabot
|
|
|
209
209
|
|
|
210
210
|
sig { returns(T::Array[DependencyFile]) }
|
|
211
211
|
def pip_compile_files
|
|
212
|
-
@pip_compile_files ||= T.let(
|
|
212
|
+
@pip_compile_files ||= T.let(
|
|
213
|
+
dependency_files.select { |f| f.name.end_with?(".in") },
|
|
214
|
+
T.nilable(T::Array[DependencyFile])
|
|
215
|
+
)
|
|
213
216
|
end
|
|
214
217
|
end
|
|
215
218
|
end
|
|
@@ -21,7 +21,6 @@ module Dependabot
|
|
|
21
21
|
3.12.13
|
|
22
22
|
3.11.15
|
|
23
23
|
3.10.20
|
|
24
|
-
3.9.25
|
|
25
24
|
).freeze
|
|
26
25
|
|
|
27
26
|
PRE_INSTALLED_PYTHON_VERSIONS = T.let(
|
|
@@ -47,8 +46,9 @@ module Dependabot
|
|
|
47
46
|
T::Array[Dependabot::Python::Version]
|
|
48
47
|
)
|
|
49
48
|
|
|
50
|
-
# The highest Python version that is no longer
|
|
51
|
-
#
|
|
49
|
+
# The highest Python version that is no longer supported.
|
|
50
|
+
# Python 3.9 reached end-of-life and was removed from PRE_INSTALLED_PYTHON_VERSIONS_RAW,
|
|
51
|
+
# so a ToolVersionNotSupported error is raised for it (and any lower version).
|
|
52
52
|
NON_SUPPORTED_HIGHEST_VERSION = "3.9"
|
|
53
53
|
|
|
54
54
|
DEPRECATED_VERSIONS = T.let([Version.new(NON_SUPPORTED_HIGHEST_VERSION)].freeze, T::Array[Dependabot::Version])
|
|
@@ -65,7 +65,7 @@ module Dependabot
|
|
|
65
65
|
# Parses a single pip requirement string (e.g. "types-requests==2.31.0.10")
|
|
66
66
|
# into a structured hash. Returns nil if the string is not a valid requirement
|
|
67
67
|
# or has no version constraint.
|
|
68
|
-
sig { params(dependency_string: String).returns(T.nilable(T::Hash[Symbol, T.
|
|
68
|
+
sig { params(dependency_string: String).returns(T.nilable(T::Hash[Symbol, T.nilable(String)])) }
|
|
69
69
|
def self.parse(dependency_string)
|
|
70
70
|
match = dependency_string.strip.match(VALID_REQ_TXT_REQUIREMENT)
|
|
71
71
|
return nil unless match
|
|
@@ -92,17 +92,17 @@ module Dependabot
|
|
|
92
92
|
sig { params(requirements_string: String).returns(T.nilable(String)) }
|
|
93
93
|
def self.extract_pinned_version(requirements_string)
|
|
94
94
|
requirement = Dependabot::Python::Requirement.new(requirements_string)
|
|
95
|
-
constraints = T.let(requirement.requirements, T::Array[
|
|
95
|
+
constraints = T.let(requirement.requirements, T::Array[[String, Gem::Version]])
|
|
96
96
|
|
|
97
97
|
exact_pin = constraints.find do |pair|
|
|
98
|
-
op =
|
|
98
|
+
op = pair[0]
|
|
99
99
|
op == "==" || op == "="
|
|
100
100
|
end
|
|
101
|
-
return
|
|
101
|
+
return exact_pin[1].to_s if exact_pin
|
|
102
102
|
|
|
103
103
|
lower_bound_operators = %w(>= > ~>).freeze
|
|
104
|
-
lower_bound = constraints.find { |pair| lower_bound_operators.include?(
|
|
105
|
-
return
|
|
104
|
+
lower_bound = constraints.find { |pair| lower_bound_operators.include?(pair[0]) }
|
|
105
|
+
return lower_bound[1].to_s if lower_bound
|
|
106
106
|
|
|
107
107
|
nil
|
|
108
108
|
rescue Gem::Requirement::BadRequirementError
|
|
@@ -2,6 +2,7 @@
|
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "sorbet-runtime"
|
|
5
|
+
require "dependabot/dependency_requirement"
|
|
5
6
|
require "dependabot/python/requirement_parser"
|
|
6
7
|
require "dependabot/python/requirement"
|
|
7
8
|
require "dependabot/python/update_checker"
|
|
@@ -21,7 +22,7 @@ module Dependabot
|
|
|
21
22
|
|
|
22
23
|
class UnfixableRequirement < StandardError; end
|
|
23
24
|
|
|
24
|
-
sig { returns(T::Array[
|
|
25
|
+
sig { returns(T::Array[Dependabot::DependencyRequirement]) }
|
|
25
26
|
attr_reader :requirements
|
|
26
27
|
|
|
27
28
|
sig { returns(Dependabot::RequirementsUpdateStrategy) }
|
|
@@ -35,7 +36,7 @@ module Dependabot
|
|
|
35
36
|
|
|
36
37
|
sig do
|
|
37
38
|
params(
|
|
38
|
-
requirements: T::Array[
|
|
39
|
+
requirements: T::Array[Dependabot::DependencyRequirement],
|
|
39
40
|
update_strategy: Dependabot::RequirementsUpdateStrategy,
|
|
40
41
|
has_lockfile: T::Boolean,
|
|
41
42
|
latest_resolvable_version: T.nilable(String)
|
|
@@ -47,7 +48,10 @@ module Dependabot
|
|
|
47
48
|
has_lockfile:,
|
|
48
49
|
latest_resolvable_version:
|
|
49
50
|
)
|
|
50
|
-
@requirements = T.let(
|
|
51
|
+
@requirements = T.let(
|
|
52
|
+
requirements.map { |req| Dependabot::DependencyRequirement.create(req) },
|
|
53
|
+
T::Array[Dependabot::DependencyRequirement]
|
|
54
|
+
)
|
|
51
55
|
@update_strategy = T.let(update_strategy, Dependabot::RequirementsUpdateStrategy)
|
|
52
56
|
@has_lockfile = T.let(has_lockfile, T::Boolean)
|
|
53
57
|
@latest_resolvable_version = T.let(nil, T.nilable(Dependabot::Python::Version))
|
|
@@ -57,7 +61,7 @@ module Dependabot
|
|
|
57
61
|
@latest_resolvable_version = Python::Version.new(latest_resolvable_version)
|
|
58
62
|
end
|
|
59
63
|
|
|
60
|
-
sig { returns(T::Array[
|
|
64
|
+
sig { returns(T::Array[Dependabot::DependencyRequirement]) }
|
|
61
65
|
def updated_requirements
|
|
62
66
|
return requirements if update_strategy.lockfile_only?
|
|
63
67
|
|
|
@@ -75,7 +79,7 @@ module Dependabot
|
|
|
75
79
|
private
|
|
76
80
|
|
|
77
81
|
# rubocop:disable Metrics/PerceivedComplexity
|
|
78
|
-
sig { params(req:
|
|
82
|
+
sig { params(req: Dependabot::DependencyRequirement).returns(Dependabot::DependencyRequirement) }
|
|
79
83
|
def updated_setup_requirement(req)
|
|
80
84
|
return req unless latest_resolvable_version
|
|
81
85
|
return req unless req.fetch(:requirement)
|
|
@@ -96,20 +100,20 @@ module Dependabot
|
|
|
96
100
|
update_requirements_range(req_strings)
|
|
97
101
|
end
|
|
98
102
|
|
|
99
|
-
req.merge(requirement: new_requirement)
|
|
103
|
+
Dependabot::DependencyRequirement.create(req.merge(requirement: new_requirement))
|
|
100
104
|
rescue UnfixableRequirement
|
|
101
|
-
req.merge(requirement: :unfixable)
|
|
105
|
+
Dependabot::DependencyRequirement.create(req.merge(requirement: :unfixable))
|
|
102
106
|
end
|
|
103
107
|
# rubocop:enable Metrics/PerceivedComplexity
|
|
104
108
|
|
|
105
|
-
sig { params(req:
|
|
109
|
+
sig { params(req: Dependabot::DependencyRequirement).returns(Dependabot::DependencyRequirement) }
|
|
106
110
|
def updated_pipfile_requirement(req)
|
|
107
111
|
# For now, we just proxy to updated_requirement. In future this
|
|
108
112
|
# method may treat Pipfile requirements differently.
|
|
109
113
|
updated_requirement(req)
|
|
110
114
|
end
|
|
111
115
|
|
|
112
|
-
sig { params(req:
|
|
116
|
+
sig { params(req: Dependabot::DependencyRequirement).returns(Dependabot::DependencyRequirement) }
|
|
113
117
|
def updated_pyproject_requirement(req)
|
|
114
118
|
return req unless latest_resolvable_version
|
|
115
119
|
return req unless req.fetch(:requirement)
|
|
@@ -117,16 +121,16 @@ module Dependabot
|
|
|
117
121
|
|
|
118
122
|
pyproject_update_for_strategy(req)
|
|
119
123
|
rescue UnfixableRequirement
|
|
120
|
-
req.merge(requirement: :unfixable)
|
|
124
|
+
Dependabot::DependencyRequirement.create(req.merge(requirement: :unfixable))
|
|
121
125
|
end
|
|
122
126
|
|
|
123
|
-
sig { params(req:
|
|
127
|
+
sig { params(req: Dependabot::DependencyRequirement).returns(T::Boolean) }
|
|
124
128
|
def skip_pyproject_update?(req)
|
|
125
129
|
new_version_satisfies?(req) && !has_lockfile &&
|
|
126
130
|
update_strategy != RequirementsUpdateStrategy::BumpVersions
|
|
127
131
|
end
|
|
128
132
|
|
|
129
|
-
sig { params(req:
|
|
133
|
+
sig { params(req: Dependabot::DependencyRequirement).returns(Dependabot::DependencyRequirement) }
|
|
130
134
|
def pyproject_update_for_strategy(req)
|
|
131
135
|
# If the requirement uses || syntax then we always want to widen it
|
|
132
136
|
return widen_pyproject_requirement(req) if req.fetch(:requirement).match?(PYPROJECT_OR_SEPARATOR)
|
|
@@ -142,14 +146,14 @@ module Dependabot
|
|
|
142
146
|
end
|
|
143
147
|
end
|
|
144
148
|
|
|
145
|
-
sig { params(req:
|
|
149
|
+
sig { params(req: Dependabot::DependencyRequirement).returns(Dependabot::DependencyRequirement) }
|
|
146
150
|
def update_pyproject_version_if_needed(req)
|
|
147
151
|
return req if new_version_satisfies?(req)
|
|
148
152
|
|
|
149
153
|
update_pyproject_version_core(req, bump_lower_bound: false)
|
|
150
154
|
end
|
|
151
155
|
|
|
152
|
-
sig { params(req:
|
|
156
|
+
sig { params(req: Dependabot::DependencyRequirement).returns(Dependabot::DependencyRequirement) }
|
|
153
157
|
def update_pyproject_version(req)
|
|
154
158
|
return req if req[:requirement] == "*"
|
|
155
159
|
|
|
@@ -158,9 +162,9 @@ module Dependabot
|
|
|
158
162
|
|
|
159
163
|
sig do
|
|
160
164
|
params(
|
|
161
|
-
req:
|
|
165
|
+
req: Dependabot::DependencyRequirement,
|
|
162
166
|
bump_lower_bound: T::Boolean
|
|
163
|
-
).returns(
|
|
167
|
+
).returns(Dependabot::DependencyRequirement)
|
|
164
168
|
end
|
|
165
169
|
def update_pyproject_version_core(req, bump_lower_bound:)
|
|
166
170
|
requirement_strings = req[:requirement].split(",").map(&:strip)
|
|
@@ -177,10 +181,10 @@ module Dependabot
|
|
|
177
181
|
update_requirements_range(requirement_strings)
|
|
178
182
|
end
|
|
179
183
|
|
|
180
|
-
req.merge(requirement: new_requirement)
|
|
184
|
+
Dependabot::DependencyRequirement.create(req.merge(requirement: new_requirement))
|
|
181
185
|
end
|
|
182
186
|
|
|
183
|
-
sig { params(req:
|
|
187
|
+
sig { params(req: Dependabot::DependencyRequirement).returns(Dependabot::DependencyRequirement) }
|
|
184
188
|
def widen_pyproject_requirement(req)
|
|
185
189
|
return req if new_version_satisfies?(req)
|
|
186
190
|
|
|
@@ -191,7 +195,7 @@ module Dependabot
|
|
|
191
195
|
widen_requirement_range(req[:requirement])
|
|
192
196
|
end
|
|
193
197
|
|
|
194
|
-
req.merge(requirement: new_requirement)
|
|
198
|
+
Dependabot::DependencyRequirement.create(req.merge(requirement: new_requirement))
|
|
195
199
|
end
|
|
196
200
|
|
|
197
201
|
sig { params(req_string: String).returns(String) }
|
|
@@ -241,7 +245,7 @@ module Dependabot
|
|
|
241
245
|
end
|
|
242
246
|
# rubocop:enable Metrics/PerceivedComplexity
|
|
243
247
|
|
|
244
|
-
sig { params(req:
|
|
248
|
+
sig { params(req: Dependabot::DependencyRequirement).returns(Dependabot::DependencyRequirement) }
|
|
245
249
|
def updated_requirement(req)
|
|
246
250
|
return req unless latest_resolvable_version
|
|
247
251
|
return req unless req.fetch(:requirement)
|
|
@@ -258,22 +262,22 @@ module Dependabot
|
|
|
258
262
|
end
|
|
259
263
|
end
|
|
260
264
|
|
|
261
|
-
sig { params(req:
|
|
265
|
+
sig { params(req: Dependabot::DependencyRequirement).returns(Dependabot::DependencyRequirement) }
|
|
262
266
|
def update_requirement_if_needed(req)
|
|
263
267
|
return req if new_version_satisfies?(req)
|
|
264
268
|
|
|
265
269
|
update_requirement(req)
|
|
266
270
|
end
|
|
267
271
|
|
|
268
|
-
sig { params(req:
|
|
272
|
+
sig { params(req: Dependabot::DependencyRequirement).returns(Dependabot::DependencyRequirement) }
|
|
269
273
|
def update_requirement(req)
|
|
270
274
|
new_requirement = updated_requirement_string(req)
|
|
271
|
-
req.merge(requirement: new_requirement)
|
|
275
|
+
Dependabot::DependencyRequirement.create(req.merge(requirement: new_requirement))
|
|
272
276
|
rescue UnfixableRequirement
|
|
273
|
-
req.merge(requirement: :unfixable)
|
|
277
|
+
Dependabot::DependencyRequirement.create(req.merge(requirement: :unfixable))
|
|
274
278
|
end
|
|
275
279
|
|
|
276
|
-
sig { params(req:
|
|
280
|
+
sig { params(req: Dependabot::DependencyRequirement).returns(T.any(String, Symbol)) }
|
|
277
281
|
def updated_requirement_string(req)
|
|
278
282
|
requirement_strings = req[:requirement].split(",").map(&:strip)
|
|
279
283
|
|
|
@@ -297,16 +301,16 @@ module Dependabot
|
|
|
297
301
|
requirement_strings.any? { |r| r.strip.start_with?(">") }
|
|
298
302
|
end
|
|
299
303
|
|
|
300
|
-
sig { params(req:
|
|
304
|
+
sig { params(req: Dependabot::DependencyRequirement).returns(Dependabot::DependencyRequirement) }
|
|
301
305
|
def widen_requirement(req)
|
|
302
306
|
return req if new_version_satisfies?(req)
|
|
303
307
|
|
|
304
308
|
new_requirement = widen_requirement_range(req[:requirement])
|
|
305
309
|
|
|
306
|
-
req.merge(requirement: new_requirement)
|
|
310
|
+
Dependabot::DependencyRequirement.create(req.merge(requirement: new_requirement))
|
|
307
311
|
end
|
|
308
312
|
|
|
309
|
-
sig { params(req:
|
|
313
|
+
sig { params(req: Dependabot::DependencyRequirement).returns(T::Boolean) }
|
|
310
314
|
def new_version_satisfies?(req)
|
|
311
315
|
requirement_class
|
|
312
316
|
.requirements_array(req.fetch(:requirement))
|
|
@@ -6,6 +6,7 @@ require "toml-rb"
|
|
|
6
6
|
require "sorbet-runtime"
|
|
7
7
|
|
|
8
8
|
require "dependabot/dependency"
|
|
9
|
+
require "dependabot/dependency_requirement"
|
|
9
10
|
require "dependabot/errors"
|
|
10
11
|
require "dependabot/python/name_normaliser"
|
|
11
12
|
require "dependabot/python/requirement_parser"
|
|
@@ -93,12 +94,12 @@ module Dependabot
|
|
|
93
94
|
)
|
|
94
95
|
end
|
|
95
96
|
|
|
96
|
-
sig { override.returns(T::Array[
|
|
97
|
+
sig { override.returns(T::Array[Dependabot::DependencyRequirement]) }
|
|
97
98
|
def updated_requirements
|
|
98
99
|
return updated_git_requirements if git_dependency?
|
|
99
100
|
|
|
100
101
|
RequirementsUpdater.new(
|
|
101
|
-
requirements: requirements,
|
|
102
|
+
requirements: dependency.requirements,
|
|
102
103
|
latest_resolvable_version: preferred_resolvable_version&.to_s,
|
|
103
104
|
update_strategy: requirements_update_strategy,
|
|
104
105
|
has_lockfile: !(pipfile_lock || poetry_lock).nil?
|
|
@@ -137,13 +138,13 @@ module Dependabot
|
|
|
137
138
|
latest_version_for_git_dependency
|
|
138
139
|
end
|
|
139
140
|
|
|
140
|
-
sig { returns(T::Array[
|
|
141
|
+
sig { returns(T::Array[Dependabot::DependencyRequirement]) }
|
|
141
142
|
def updated_git_requirements
|
|
142
143
|
updated_source = updated_git_source
|
|
143
|
-
return requirements unless updated_source
|
|
144
|
+
return dependency.requirements unless updated_source
|
|
144
145
|
|
|
145
|
-
requirements.map do |req|
|
|
146
|
-
req.merge(source: updated_source)
|
|
146
|
+
dependency.requirements.map do |req|
|
|
147
|
+
Dependabot::DependencyRequirement.create(req.merge(source: updated_source))
|
|
147
148
|
end
|
|
148
149
|
end
|
|
149
150
|
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-python
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.383.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.383.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.383.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: debug
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -245,7 +245,6 @@ files:
|
|
|
245
245
|
- helpers/lib/__init__.py
|
|
246
246
|
- helpers/lib/hasher.py
|
|
247
247
|
- helpers/lib/parser.py
|
|
248
|
-
- helpers/requirements-3.9.txt
|
|
249
248
|
- helpers/requirements.txt
|
|
250
249
|
- helpers/run.py
|
|
251
250
|
- helpers/test/fixtures/no_dependencies.toml
|
|
@@ -323,7 +322,7 @@ licenses:
|
|
|
323
322
|
- MIT
|
|
324
323
|
metadata:
|
|
325
324
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
326
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
325
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.383.0
|
|
327
326
|
rdoc_options: []
|
|
328
327
|
require_paths:
|
|
329
328
|
- lib
|
|
@@ -1,15 +0,0 @@
|
|
|
1
|
-
# Python 3.9-compatible versions pinned to the last known working set before
|
|
2
|
-
# packages dropped 3.9 support. Python 3.9 reached end-of-life on 2025-10-31.
|
|
3
|
-
pip==24.2
|
|
4
|
-
pip-tools==7.5.3
|
|
5
|
-
flake8==7.3.0
|
|
6
|
-
hashin==1.0.5
|
|
7
|
-
pipenv==2024.4.1
|
|
8
|
-
plette==2.1.0
|
|
9
|
-
poetry==2.2.1
|
|
10
|
-
pytest==8.3.5
|
|
11
|
-
# tomli is required for Python <3.11 (stdlib tomllib was added in 3.11).
|
|
12
|
-
tomli==2.2.1
|
|
13
|
-
|
|
14
|
-
# Some dependencies will only install if Cython is present
|
|
15
|
-
Cython==3.2.4
|