dependabot-python 0.95.16 → 0.95.17

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9d94462d6a84408407b554e5a6450afca3d56c640c786d06f18862016cae86bd
-  data.tar.gz: e20064a1241685a1b8176637a798f3a728aad2d7fab103a95fe207fd4c249f7d
+  metadata.gz: e4ba4277fa8c4e2043875e82d77f9293f93a9ae4351a1bc15053b17aef75516a
+  data.tar.gz: 9a6957a4911004152fb734e0e2cea98a79f55aede9525d75e660c4249b3a3e2f
 SHA512:
-  metadata.gz: ed19845df4a41448e38a6c7e2b6b1b6f9e0594670b7498110243b6a4928699d74b7482897e97328d55f53d7a1093544ed4a8f7a28f4d12608667c219bd05af0d
-  data.tar.gz: b534a5d4e72cfe0f9bed1366884bc19cbccc8e62f258ba48479d9860c0907b36cfc829297d57f511b3768b432f9e2000aaec3c3653303464fc0f4f5a705c0a3a
+  metadata.gz: 46c7e9c56a58b5c06e12103a706a8bfc1cb3e4367cf5bfd2d553c85a2138454d5baf85be0a84925935fd71f166c4dd5c98e980cdd1a9dcec9751e8a504ff0784
+  data.tar.gz: 07277f32389ddda216a3b4e3b81a0af84c598f06dfabc7b4c79e256293523572d02504382d4e344f13c2ead434e317d8f15fb25e096a0e21ba70569ce3fb980f

data/lib/dependabot/python/metadata_finder.rb

@@ -33,32 +33,66 @@ module Dependabot
       end
 
       def source_from_description
-        github_urls = []
+        potential_source_urls = []
         desc = pypi_listing.dig("info", "description")
         return unless desc
 
         desc.scan(Source::SOURCE_REGEX) do
-          github_urls << Regexp.last_match.to_s
+          potential_source_urls << Regexp.last_match.to_s
         end
 
-        github_urls.find do |url|
+        # Looking for a source where the repo name exactly matches the
+        # dependency name
+        match_url = potential_source_urls.find do |url|
           repo = Source.from_url(url).repo
           repo.downcase.end_with?(dependency.name)
         end
+
+        return match_url if match_url
+
+        # Failing that, look for a source where the full dependency name is
+        # mentioned when the link is followed
+        @source_from_description ||=
+          potential_source_urls.find do |url|
+            full_url = Source.from_url(url).url
+            response = Excon.get(
+              full_url,
+              idempotent: true,
+              **SharedHelpers.excon_defaults
+            )
+            next unless response.status == 200
+
+            response.body.include?(dependency.name)
+          end
       end
 
       def source_from_homepage
         return unless homepage_body
 
-        github_urls = []
+        potential_source_urls = []
         homepage_body.scan(Source::SOURCE_REGEX) do
-          github_urls << Regexp.last_match.to_s
+          potential_source_urls << Regexp.last_match.to_s
         end
 
-        github_urls.find do |url|
+        match_url = potential_source_urls.find do |url|
           repo = Source.from_url(url).repo
           repo.downcase.end_with?(dependency.name)
         end
+
+        return match_url if match_url
+
+        @source_from_homepage ||=
+          potential_source_urls.find do |url|
+            full_url = Source.from_url(url).url
+            response = Excon.get(
+              full_url,
+              idempotent: true,
+              **SharedHelpers.excon_defaults
+            )
+            next unless response.status == 200
+
+            response.body.include?(dependency.name)
+          end
       end
 
       def homepage_body

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-python
 version: !ruby/object:Gem::Version
-  version: 0.95.16
+  version: 0.95.17
 platform: ruby
 authors:
 - Dependabot
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.95.16
+        version: 0.95.17
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.95.16
+        version: 0.95.17
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement