dependabot-python 0.98.25 → 0.98.26

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1aaab07a4e5df91bccc505b908fc7f37702b8edbb79737e541b757e6e34f1bc7
4
- data.tar.gz: 990d6385f400beb22a15d24d9e61831422d0eb13d801aa2f3425c6d87b933c30
3
+ metadata.gz: 934137f3ab2d41d222a9e1cefdb665a2569f8211b581e0e63a03bbd40e2cc3d7
4
+ data.tar.gz: 6072356a5ff1737059fa1f431b45bac17d06375f7832cfe4a3491b6302d07882
5
5
  SHA512:
6
- metadata.gz: 3cd9b354906ec58fd77380a1bb5f6ffb450aa01eab2c38396e7708ba23174e0696350fab6c5633a932981aa0d190789746a63c4337866d5272979e174ba47562
7
- data.tar.gz: 065ce3c0dd5afa5f01df0af0e15d6c187a89e0fa491c48bb783fe3d519736527f07e1c942d77bbe1959a3d6283edb3a935c14ead1d964f7acab6d9ad254e7bc1
6
+ metadata.gz: c56db43000d52695cddefb024874a46d6ecfa3f5f35d1ed42449e4baecc7139480ee32fb1476a9488c01259ad4e2c8bc9ee24dc3f6f35e42c35a6241232c7fe8
7
+ data.tar.gz: 3ad6b8e5f829f41724e6399b16a93b7f6621915cf9a1c578572bd2dada09c190ee8137869e03c35a7c205e71a063bdb9060fa27bfe5c2c71b19b1ac66bf419a2
@@ -1,6 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require "toml-rb"
4
3
  require "dependabot/python/file_updater"
5
4
 
6
5
  module Dependabot
@@ -16,19 +15,12 @@ module Dependabot
16
15
  dependencies.
17
16
  select { |dep| requirement_changed?(dep) }.
18
17
  reduce(manifest.content.dup) do |content, dep|
19
- updated_requirement =
20
- dep.requirements.find { |r| r[:file] == manifest.name }.
21
- fetch(:requirement)
18
+ updated_content = content
22
19
 
23
- old_req =
24
- dep.previous_requirements.
25
- find { |r| r[:file] == manifest.name }.
26
- fetch(:requirement)
27
-
28
- updated_content =
29
- content.gsub(declaration_regex(dep)) do |line|
30
- line.gsub(old_req, updated_requirement)
31
- end
20
+ updated_content = update_requirements(
21
+ content: updated_content,
22
+ dependency: dep
23
+ )
32
24
 
33
25
  raise "Content did not change!" if content == updated_content
34
26
 
@@ -40,11 +32,67 @@ module Dependabot
40
32
 
41
33
  attr_reader :dependencies, :manifest
42
34
 
35
+ def update_requirements(content:, dependency:)
36
+ updated_content = content.dup
37
+
38
+ # The UpdateChecker ensures the order of requirements is preserved
39
+ # when updating, so we can zip them together in new/old pairs.
40
+ reqs = dependency.requirements.
41
+ zip(dependency.previous_requirements).
42
+ reject { |new_req, old_req| new_req == old_req }
43
+
44
+ # Loop through each changed requirement
45
+ reqs.each do |new_req, old_req|
46
+ raise "Bad req match" unless new_req[:file] == old_req[:file]
47
+ next if new_req[:requirement] == old_req[:requirement]
48
+ next unless new_req[:file] == manifest.name
49
+
50
+ updated_content = update_manifest_req(
51
+ content: updated_content,
52
+ dep: dependency,
53
+ old_req: old_req.fetch(:requirement),
54
+ new_req: new_req.fetch(:requirement)
55
+ )
56
+ end
57
+
58
+ updated_content
59
+ end
60
+
61
+ def update_manifest_req(content:, dep:, old_req:, new_req:)
62
+ simple_declaration = content.scan(declaration_regex(dep)).
63
+ find { |m| m.include?(old_req) }
64
+
65
+ if simple_declaration
66
+ simple_declaration_regex =
67
+ /(?:^|["'])#{Regexp.escape(simple_declaration)}/
68
+ content.gsub(simple_declaration_regex) do |line|
69
+ line.gsub(old_req, new_req)
70
+ end
71
+ elsif content.match?(table_declaration_version_regex(dep))
72
+ content.gsub(table_declaration_version_regex(dep)) do |part|
73
+ line = content.match(table_declaration_version_regex(dep)).
74
+ named_captures.fetch("version_declaration")
75
+ new_line = line.gsub(old_req, new_req)
76
+ part.gsub(line, new_line)
77
+ end
78
+ else
79
+ content
80
+ end
81
+ end
82
+
43
83
  def declaration_regex(dep)
44
84
  escaped_name = Regexp.escape(dep.name).gsub("\\-", "[-_.]")
45
85
  /(?:^|["'])#{escaped_name}["']?\s*=.*$/i
46
86
  end
47
87
 
88
+ def table_declaration_version_regex(dep)
89
+ /
90
+ packages\.#{Regexp.quote(dep.name)}\]
91
+ (?:(?!^\[).)+
92
+ (?<version_declaration>version\s*=[^\[]*)$
93
+ /mx
94
+ end
95
+
48
96
  def requirement_changed?(dependency)
49
97
  changed_requirements =
50
98
  dependency.requirements - dependency.previous_requirements
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.98.25
4
+ version: 0.98.26
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.98.25
19
+ version: 0.98.26
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.98.25
26
+ version: 0.98.26
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement