dependabot-python 0.104.6 → 0.105.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d065ba598a486126484abd062f9aef9318a5d66840259e2c92e494c361829b35
|
4
|
+
data.tar.gz: 652ffb3b9e08ab5f3592cb3b1468a478716b71ae7c159b505a138f202afebbb3
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a90ca099db2c454c926007e0991872b656fb12daab079a9229799053dc52432c96b1d340a8e182c15a3090de7c55da522831b27dc3d7d0924a78322de4fc127a
|
7
|
+
data.tar.gz: f60a63b2bb29ff09c94796ca683aa753dbc26822e888fc463e543c57bc4c2313f1aaec7867cf2a2766004edfc0194dc48719846c7a300e408f29560977095d56
|
@@ -6,6 +6,7 @@ require "toml-rb"
|
|
6
6
|
require "dependabot/update_checkers"
|
7
7
|
require "dependabot/update_checkers/base"
|
8
8
|
require "dependabot/shared_helpers"
|
9
|
+
require "dependabot/errors"
|
9
10
|
require "dependabot/python/requirement"
|
10
11
|
require "dependabot/python/requirement_parser"
|
11
12
|
|
@@ -76,17 +77,12 @@ module Dependabot
|
|
76
77
|
def lowest_resolvable_security_fix_version
|
77
78
|
raise "Dependency not vulnerable!" unless vulnerable?
|
78
79
|
|
79
|
-
@lowest_resolvable_security_fix_version
|
80
|
-
|
81
|
-
|
82
|
-
latest_version_finder.lowest_security_fix_version
|
83
|
-
when :pipenv, :poetry, :pip_compile
|
84
|
-
# TODO: Handle package managers with a resolvability concept
|
85
|
-
latest_resolvable_version
|
86
|
-
else raise "Unexpected resolver type #{resolver_type}"
|
87
|
-
end
|
80
|
+
if defined?(@lowest_resolvable_security_fix_version)
|
81
|
+
return @lowest_resolvable_security_fix_version
|
82
|
+
end
|
88
83
|
|
89
|
-
|
84
|
+
@lowest_resolvable_security_fix_version =
|
85
|
+
fetch_lowest_resolvable_security_fix_version
|
90
86
|
end
|
91
87
|
|
92
88
|
def updated_requirements
|
@@ -122,6 +118,24 @@ module Dependabot
|
|
122
118
|
raise NotImplementedError
|
123
119
|
end
|
124
120
|
|
121
|
+
def fetch_lowest_resolvable_security_fix_version
|
122
|
+
fix_version = latest_version_finder.lowest_security_fix_version
|
123
|
+
return latest_resolvable_version if fix_version.nil?
|
124
|
+
return fix_version if resolver_type == :requirements
|
125
|
+
|
126
|
+
resolver =
|
127
|
+
case resolver_type
|
128
|
+
when :pip_compile then pip_compile_version_resolver
|
129
|
+
when :pipenv then pipenv_version_resolver
|
130
|
+
when :poetry then poetry_version_resolver
|
131
|
+
else raise "Unexpected resolver type #{resolver_type}"
|
132
|
+
end
|
133
|
+
|
134
|
+
resolver.latest_resolvable_version(requirement: "==#{fix_version}")
|
135
|
+
rescue DependabotError
|
136
|
+
latest_resolvable_version
|
137
|
+
end
|
138
|
+
|
125
139
|
# rubocop:disable Metrics/PerceivedComplexity
|
126
140
|
def resolver_type
|
127
141
|
reqs = dependency.requirements
|
@@ -296,7 +296,11 @@ module Dependabot
|
|
296
296
|
return file.content unless file.name.end_with?(".in")
|
297
297
|
|
298
298
|
req = dependency.requirements.find { |r| r[:file] == file.name }
|
299
|
-
return file.content unless req
|
299
|
+
return file.content unless req
|
300
|
+
|
301
|
+
unless req.fetch(:requirement)
|
302
|
+
return file.content + "\n#{dependency.name} #{updated_req}"
|
303
|
+
end
|
300
304
|
|
301
305
|
Python::FileUpdater::RequirementReplacer.new(
|
302
306
|
content: file.content,
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-python
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.105.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.105.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.105.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|