dependabot-python 0.384.0 → 0.385.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/python/file_parser/python_requirement_parser.rb +12 -7
- data/lib/dependabot/python/file_updater.rb +1 -1
- data/lib/dependabot/python/package/package_details_fetcher.rb +1 -0
- data/lib/dependabot/python/update_checker/latest_version_finder.rb +1 -116
- data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb +3 -1
- data/lib/dependabot/python/update_checker.rb +1 -1
- data/lib/dependabot/python/version.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: edc98d373ce3e27a5db1080f1ddc5f2a7a60c8be26a734ac889abf8e2298ede0
|
|
4
|
+
data.tar.gz: fd9d7507adb7b29b972c2f318a785eea5efd4150e12e2a6a3fe5707463d38f8a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9d328bd3c10cb36152a63a2c3975303e111a540367ec6e464ef7ab8208bd2ee642c12561f72928116069160a39cf1b9aa0527b4efb7411966714ff6e41032cdf
|
|
7
|
+
data.tar.gz: 2a00eef7b5ac804ee7389022190c84a933e9ae2afa89e37852ffb68729a591ceba986587f823ac1a0df460d6d42e72587979328104af12b2d53a05f99c16b150
|
|
@@ -73,15 +73,20 @@ module Dependabot
|
|
|
73
73
|
|
|
74
74
|
pyproject_object = TomlRB.parse(T.must(pyproject).content)
|
|
75
75
|
|
|
76
|
-
# Check for PEP621 requires-python
|
|
77
|
-
pep621_python = pyproject_object.dig("project", "requires-python")
|
|
78
|
-
return pep621_python if pep621_python
|
|
79
|
-
|
|
80
|
-
# Fallback to Poetry configuration
|
|
76
|
+
# Check for PEP621 requires-python, falling back to Poetry configuration.
|
|
81
77
|
poetry_object = pyproject_object.dig("tool", "poetry")
|
|
82
|
-
|
|
83
|
-
|
|
78
|
+
value =
|
|
79
|
+
pyproject_object.dig("project", "requires-python") ||
|
|
80
|
+
poetry_object&.dig("dependencies", "python") ||
|
|
84
81
|
poetry_object&.dig("dev-dependencies", "python")
|
|
82
|
+
|
|
83
|
+
# A manifest can declare the python constraint as a non-string (e.g. an
|
|
84
|
+
# unquoted TOML float `3.12`, or an array/inline-table for multiple
|
|
85
|
+
# constraints). Coerce scalars to a String and ignore unsupported shapes.
|
|
86
|
+
case value
|
|
87
|
+
when String then value
|
|
88
|
+
when Numeric then value.to_s
|
|
89
|
+
end
|
|
85
90
|
end
|
|
86
91
|
|
|
87
92
|
sig { returns(T.nilable(String)) }
|
|
@@ -94,7 +94,7 @@ module Dependabot
|
|
|
94
94
|
dependencies: dependencies,
|
|
95
95
|
dependency_files: dependency_files,
|
|
96
96
|
credentials: credentials,
|
|
97
|
-
cooldown: options[:update_cooldown]
|
|
97
|
+
cooldown: T.cast(options[:update_cooldown], T.nilable(Dependabot::Package::ReleaseCooldownOptions))
|
|
98
98
|
).updated_dependency_files
|
|
99
99
|
end
|
|
100
100
|
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strong
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "excon"
|
|
@@ -6,9 +6,7 @@ require "nokogiri"
|
|
|
6
6
|
require "sorbet-runtime"
|
|
7
7
|
|
|
8
8
|
require "dependabot/dependency"
|
|
9
|
-
require "dependabot/git_commit_checker"
|
|
10
9
|
require "dependabot/python/update_checker"
|
|
11
|
-
require "dependabot/update_checkers/cooldown_calculation"
|
|
12
10
|
require "dependabot/update_checkers/version_filters"
|
|
13
11
|
require "dependabot/registry_client"
|
|
14
12
|
require "dependabot/python/authed_url_builder"
|
|
@@ -23,38 +21,6 @@ module Dependabot
|
|
|
23
21
|
class LatestVersionFinder < Dependabot::Package::PackageLatestVersionFinder
|
|
24
22
|
extend T::Sig
|
|
25
23
|
|
|
26
|
-
sig do
|
|
27
|
-
params(git_commit_checker: Dependabot::GitCommitChecker)
|
|
28
|
-
.returns(T.nilable(T::Hash[Symbol, T.untyped]))
|
|
29
|
-
end
|
|
30
|
-
def latest_version_tag(git_commit_checker:)
|
|
31
|
-
return git_commit_checker.local_tag_for_latest_version unless cooldown_enabled?
|
|
32
|
-
|
|
33
|
-
allowed_version_tags = git_commit_checker.local_tags_for_allowed_versions
|
|
34
|
-
tags_in_cooldown = select_version_tags_in_cooldown_period(git_commit_checker)
|
|
35
|
-
|
|
36
|
-
return max_version_from_tags(allowed_version_tags) if tags_in_cooldown.empty?
|
|
37
|
-
|
|
38
|
-
filtered_tags = allowed_version_tags.reject do |tag|
|
|
39
|
-
tags_in_cooldown.include?(tag[:tag])
|
|
40
|
-
end
|
|
41
|
-
|
|
42
|
-
if filtered_tags.empty?
|
|
43
|
-
Dependabot.logger.info("All git tags filtered by cooldown for #{dependency.name}, returning nil")
|
|
44
|
-
return nil
|
|
45
|
-
end
|
|
46
|
-
|
|
47
|
-
filtered_count = allowed_version_tags.count - filtered_tags.count
|
|
48
|
-
if filtered_count.positive?
|
|
49
|
-
Dependabot.logger.info("Filtered #{filtered_count} git tags due to cooldown for #{dependency.name}")
|
|
50
|
-
end
|
|
51
|
-
|
|
52
|
-
max_version_from_tags(filtered_tags)
|
|
53
|
-
rescue StandardError => e
|
|
54
|
-
Dependabot.logger.error("Error fetching latest version tag: #{e.message}")
|
|
55
|
-
git_commit_checker.local_tag_for_latest_version
|
|
56
|
-
end
|
|
57
|
-
|
|
58
24
|
sig do
|
|
59
25
|
override.returns(T.nilable(Dependabot::Package::PackageDetails))
|
|
60
26
|
end
|
|
@@ -76,87 +42,6 @@ module Dependabot
|
|
|
76
42
|
cooldown.semver_minor_days.to_i.positive? ||
|
|
77
43
|
cooldown.semver_patch_days.to_i.positive?
|
|
78
44
|
end
|
|
79
|
-
|
|
80
|
-
private
|
|
81
|
-
|
|
82
|
-
sig { params(tags: T::Array[T::Hash[Symbol, T.untyped]]).returns(T.nilable(T::Hash[Symbol, T.untyped])) }
|
|
83
|
-
def max_version_from_tags(tags)
|
|
84
|
-
tags.max_by { |t| t[:version] }
|
|
85
|
-
end
|
|
86
|
-
|
|
87
|
-
sig { params(git_commit_checker: Dependabot::GitCommitChecker).returns(T::Array[String]) }
|
|
88
|
-
def select_version_tags_in_cooldown_period(git_commit_checker)
|
|
89
|
-
version_tags_in_cooldown_period = T.let([], T::Array[String])
|
|
90
|
-
|
|
91
|
-
git_commit_checker.refs_for_tag_with_detail.each do |git_tag_with_detail|
|
|
92
|
-
if check_if_version_in_cooldown_period?(git_tag_with_detail)
|
|
93
|
-
version_tags_in_cooldown_period << git_tag_with_detail.tag
|
|
94
|
-
end
|
|
95
|
-
end
|
|
96
|
-
version_tags_in_cooldown_period
|
|
97
|
-
rescue StandardError => e
|
|
98
|
-
Dependabot.logger.error("Error checking if version is in cooldown: #{e.message}")
|
|
99
|
-
[]
|
|
100
|
-
end
|
|
101
|
-
|
|
102
|
-
sig { params(tag_with_detail: Dependabot::GitTagWithDetail).returns(T::Boolean) }
|
|
103
|
-
def check_if_version_in_cooldown_period?(tag_with_detail)
|
|
104
|
-
return false unless tag_with_detail.release_date
|
|
105
|
-
|
|
106
|
-
current_version = version_class.correct?(dependency.version) ? version_class.new(dependency.version) : nil
|
|
107
|
-
tag_version_str = tag_with_detail.tag.delete_prefix("v")
|
|
108
|
-
return false unless version_class.correct?(tag_version_str)
|
|
109
|
-
|
|
110
|
-
new_version = version_class.new(tag_version_str)
|
|
111
|
-
days = cooldown_days_for(current_version, new_version)
|
|
112
|
-
|
|
113
|
-
release_time = Time.at(release_date_to_seconds(tag_with_detail.release_date))
|
|
114
|
-
Dependabot::UpdateCheckers::CooldownCalculation
|
|
115
|
-
.within_cooldown_window?(release_time, days)
|
|
116
|
-
end
|
|
117
|
-
|
|
118
|
-
sig do
|
|
119
|
-
params(
|
|
120
|
-
current_version: T.nilable(Dependabot::Version),
|
|
121
|
-
new_version: Dependabot::Version
|
|
122
|
-
).returns(Integer)
|
|
123
|
-
end
|
|
124
|
-
def cooldown_days_for(current_version, new_version)
|
|
125
|
-
return 0 unless cooldown_enabled?
|
|
126
|
-
|
|
127
|
-
cooldown = T.must(cooldown_options)
|
|
128
|
-
return 0 unless cooldown.included?(dependency.name)
|
|
129
|
-
return cooldown.default_days if current_version.nil?
|
|
130
|
-
|
|
131
|
-
current_version_semver = current_version.semver_parts
|
|
132
|
-
new_version_semver = new_version.semver_parts
|
|
133
|
-
|
|
134
|
-
return cooldown.default_days if current_version_semver.nil? || new_version_semver.nil?
|
|
135
|
-
|
|
136
|
-
current_major, current_minor, current_patch = current_version_semver
|
|
137
|
-
new_major, new_minor, new_patch = new_version_semver
|
|
138
|
-
|
|
139
|
-
return cooldown.semver_major_days if new_major > current_major
|
|
140
|
-
return cooldown.semver_minor_days if new_minor > current_minor
|
|
141
|
-
return cooldown.semver_patch_days if new_patch > current_patch
|
|
142
|
-
|
|
143
|
-
cooldown.default_days
|
|
144
|
-
end
|
|
145
|
-
|
|
146
|
-
sig { returns(T.class_of(Dependabot::Version)) }
|
|
147
|
-
def version_class
|
|
148
|
-
dependency.version_class
|
|
149
|
-
end
|
|
150
|
-
|
|
151
|
-
sig { params(release_date: T.nilable(String)).returns(Integer) }
|
|
152
|
-
def release_date_to_seconds(release_date)
|
|
153
|
-
return 0 unless release_date
|
|
154
|
-
|
|
155
|
-
Time.parse(release_date).to_i
|
|
156
|
-
rescue ArgumentError => e
|
|
157
|
-
Dependabot.logger.error("Invalid release date format: #{release_date} and error: #{e.message}")
|
|
158
|
-
0
|
|
159
|
-
end
|
|
160
45
|
end
|
|
161
46
|
end
|
|
162
47
|
end
|
|
@@ -85,8 +85,10 @@ module Dependabot
|
|
|
85
85
|
version_string.nil? ? nil : Python::Version.new(version_string)
|
|
86
86
|
end
|
|
87
87
|
|
|
88
|
-
sig { params(version: Gem::Version).returns(T::Boolean) }
|
|
88
|
+
sig { params(version: T.nilable(Gem::Version)).returns(T::Boolean) }
|
|
89
89
|
def resolvable?(version:)
|
|
90
|
+
return false if version.nil?
|
|
91
|
+
|
|
90
92
|
@resolvable ||= T.let({}, T.nilable(T::Hash[Gem::Version, T::Boolean]))
|
|
91
93
|
return T.must(@resolvable[version]) if @resolvable.key?(version)
|
|
92
94
|
|
|
@@ -164,7 +164,7 @@ module Dependabot
|
|
|
164
164
|
sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
|
|
165
165
|
def latest_git_version_details
|
|
166
166
|
@latest_git_version_details ||= T.let(
|
|
167
|
-
|
|
167
|
+
git_commit_checker.local_tag_for_latest_version(@update_cooldown),
|
|
168
168
|
T.nilable(T::Hash[Symbol, T.untyped])
|
|
169
169
|
)
|
|
170
170
|
end
|
|
@@ -78,7 +78,7 @@ module Dependabot
|
|
|
78
78
|
def initialize(version) # rubocop:disable Metrics/AbcSize
|
|
79
79
|
raise Dependabot::BadRequirementError, "Malformed version string - string is nil" if version.nil?
|
|
80
80
|
|
|
81
|
-
@version_string = T.let(version.to_s, String)
|
|
81
|
+
@version_string = T.let(version.to_s.strip, String)
|
|
82
82
|
|
|
83
83
|
raise Dependabot::BadRequirementError, "Malformed version string - string is empty" if @version_string.empty?
|
|
84
84
|
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-python
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.385.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.385.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.385.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: debug
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -322,7 +322,7 @@ licenses:
|
|
|
322
322
|
- MIT
|
|
323
323
|
metadata:
|
|
324
324
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
325
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
325
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.385.0
|
|
326
326
|
rdoc_options: []
|
|
327
327
|
require_paths:
|
|
328
328
|
- lib
|