dependabot-python 0.86.3 → 0.86.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/python/update_checker/latest_version_finder.rb +39 -13
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ac640bf9a47275ef209943942948251fe5e46566f1f4a05836079adee09b03c4
|
|
4
|
+
data.tar.gz: ebd52009a78d217b5a7f502060256f8e4450c7987fa1be732d963c2e9233c526
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8b8bee1cf37744d2ae01989f4b7e982f1db7fd69969c25363f587cce79a24dcaf620ce7a3271c50f5697dc02df66275c19899672dec202f89177c94457f74423
|
|
7
|
+
data.tar.gz: bca5ad20b033135a0cd5c50b4effc438a7002da5ca9350c919952dcbac7b91b0fb613b751c96e8f2f2800b78ef5f9a349cf92f9906714b1a4ac64f776f484e36
|
|
@@ -9,6 +9,8 @@ module Dependabot
|
|
|
9
9
|
module Python
|
|
10
10
|
class UpdateChecker
|
|
11
11
|
class LatestVersionFinder
|
|
12
|
+
ENVIRONMENT_VARIABLE_REGEX = /\$\{.+\}/.freeze
|
|
13
|
+
|
|
12
14
|
def initialize(dependency:, dependency_files:, credentials:,
|
|
13
15
|
ignored_versions:)
|
|
14
16
|
@dependency = dependency
|
|
@@ -95,29 +97,32 @@ module Dependabot
|
|
|
95
97
|
end
|
|
96
98
|
|
|
97
99
|
def index_urls
|
|
98
|
-
main_index_url =
|
|
99
|
-
config_variable_index_urls[:main] ||
|
|
100
|
-
pipfile_index_urls[:main] ||
|
|
101
|
-
requirement_file_index_urls[:main] ||
|
|
102
|
-
pip_conf_index_urls[:main] ||
|
|
103
|
-
"https://pypi.python.org/simple/"
|
|
104
|
-
|
|
105
|
-
if main_index_url
|
|
106
|
-
main_index_url = main_index_url.strip.gsub(%r{/*$}, "") + "/"
|
|
107
|
-
end
|
|
108
|
-
|
|
109
100
|
extra_index_urls =
|
|
110
101
|
config_variable_index_urls[:extra] +
|
|
111
102
|
pipfile_index_urls[:extra] +
|
|
112
103
|
requirement_file_index_urls[:extra] +
|
|
113
104
|
pip_conf_index_urls[:extra]
|
|
114
105
|
|
|
115
|
-
extra_index_urls =
|
|
116
|
-
|
|
106
|
+
extra_index_urls = extra_index_urls.map do |url|
|
|
107
|
+
clean_check_and_remove_environment_variables(url)
|
|
108
|
+
end
|
|
117
109
|
|
|
118
110
|
[main_index_url, *extra_index_urls].uniq
|
|
119
111
|
end
|
|
120
112
|
|
|
113
|
+
def main_index_url
|
|
114
|
+
url =
|
|
115
|
+
config_variable_index_urls[:main] ||
|
|
116
|
+
pipfile_index_urls[:main] ||
|
|
117
|
+
requirement_file_index_urls[:main] ||
|
|
118
|
+
pip_conf_index_urls[:main] ||
|
|
119
|
+
"https://pypi.python.org/simple/"
|
|
120
|
+
|
|
121
|
+
return unless url
|
|
122
|
+
|
|
123
|
+
clean_check_and_remove_environment_variables(url)
|
|
124
|
+
end
|
|
125
|
+
|
|
121
126
|
def registry_response_for_dependency(index_url)
|
|
122
127
|
Excon.get(
|
|
123
128
|
index_url + normalised_name + "/",
|
|
@@ -201,6 +206,27 @@ module Dependabot
|
|
|
201
206
|
urls
|
|
202
207
|
end
|
|
203
208
|
|
|
209
|
+
def clean_check_and_remove_environment_variables(url)
|
|
210
|
+
url = url.strip.gsub(%r{/*$}, "") + "/"
|
|
211
|
+
return url unless url.match?(ENVIRONMENT_VARIABLE_REGEX)
|
|
212
|
+
|
|
213
|
+
config_variable_urls =
|
|
214
|
+
[
|
|
215
|
+
config_variable_index_urls[:main],
|
|
216
|
+
*config_variable_index_urls[:extra]
|
|
217
|
+
].
|
|
218
|
+
compact.
|
|
219
|
+
map { |u| u.strip.gsub(%r{/*$}, "") + "/" }
|
|
220
|
+
|
|
221
|
+
regexp = url.split(ENVIRONMENT_VARIABLE_REGEX).
|
|
222
|
+
map { |part| Regexp.quote(part) }.
|
|
223
|
+
join(".+")
|
|
224
|
+
authed_url = config_variable_urls.find { |u| u.match?(regexp) }
|
|
225
|
+
return authed_url if authed_url
|
|
226
|
+
|
|
227
|
+
raise PrivateSourceAuthenticationFailure, url
|
|
228
|
+
end
|
|
229
|
+
|
|
204
230
|
def ignore_reqs
|
|
205
231
|
ignored_versions.map { |req| requirement_class.new(req.split(",")) }
|
|
206
232
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-python
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.86.
|
|
4
|
+
version: 0.86.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.86.
|
|
19
|
+
version: 0.86.4
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.86.
|
|
26
|
+
version: 0.86.4
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|