dependabot-python 0.104.6 → 0.105.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d065ba598a486126484abd062f9aef9318a5d66840259e2c92e494c361829b35
|
|
4
|
+
data.tar.gz: 652ffb3b9e08ab5f3592cb3b1468a478716b71ae7c159b505a138f202afebbb3
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a90ca099db2c454c926007e0991872b656fb12daab079a9229799053dc52432c96b1d340a8e182c15a3090de7c55da522831b27dc3d7d0924a78322de4fc127a
|
|
7
|
+
data.tar.gz: f60a63b2bb29ff09c94796ca683aa753dbc26822e888fc463e543c57bc4c2313f1aaec7867cf2a2766004edfc0194dc48719846c7a300e408f29560977095d56
|
|
@@ -6,6 +6,7 @@ require "toml-rb"
|
|
|
6
6
|
require "dependabot/update_checkers"
|
|
7
7
|
require "dependabot/update_checkers/base"
|
|
8
8
|
require "dependabot/shared_helpers"
|
|
9
|
+
require "dependabot/errors"
|
|
9
10
|
require "dependabot/python/requirement"
|
|
10
11
|
require "dependabot/python/requirement_parser"
|
|
11
12
|
|
|
@@ -76,17 +77,12 @@ module Dependabot
|
|
|
76
77
|
def lowest_resolvable_security_fix_version
|
|
77
78
|
raise "Dependency not vulnerable!" unless vulnerable?
|
|
78
79
|
|
|
79
|
-
@lowest_resolvable_security_fix_version
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
latest_version_finder.lowest_security_fix_version
|
|
83
|
-
when :pipenv, :poetry, :pip_compile
|
|
84
|
-
# TODO: Handle package managers with a resolvability concept
|
|
85
|
-
latest_resolvable_version
|
|
86
|
-
else raise "Unexpected resolver type #{resolver_type}"
|
|
87
|
-
end
|
|
80
|
+
if defined?(@lowest_resolvable_security_fix_version)
|
|
81
|
+
return @lowest_resolvable_security_fix_version
|
|
82
|
+
end
|
|
88
83
|
|
|
89
|
-
|
|
84
|
+
@lowest_resolvable_security_fix_version =
|
|
85
|
+
fetch_lowest_resolvable_security_fix_version
|
|
90
86
|
end
|
|
91
87
|
|
|
92
88
|
def updated_requirements
|
|
@@ -122,6 +118,24 @@ module Dependabot
|
|
|
122
118
|
raise NotImplementedError
|
|
123
119
|
end
|
|
124
120
|
|
|
121
|
+
def fetch_lowest_resolvable_security_fix_version
|
|
122
|
+
fix_version = latest_version_finder.lowest_security_fix_version
|
|
123
|
+
return latest_resolvable_version if fix_version.nil?
|
|
124
|
+
return fix_version if resolver_type == :requirements
|
|
125
|
+
|
|
126
|
+
resolver =
|
|
127
|
+
case resolver_type
|
|
128
|
+
when :pip_compile then pip_compile_version_resolver
|
|
129
|
+
when :pipenv then pipenv_version_resolver
|
|
130
|
+
when :poetry then poetry_version_resolver
|
|
131
|
+
else raise "Unexpected resolver type #{resolver_type}"
|
|
132
|
+
end
|
|
133
|
+
|
|
134
|
+
resolver.latest_resolvable_version(requirement: "==#{fix_version}")
|
|
135
|
+
rescue DependabotError
|
|
136
|
+
latest_resolvable_version
|
|
137
|
+
end
|
|
138
|
+
|
|
125
139
|
# rubocop:disable Metrics/PerceivedComplexity
|
|
126
140
|
def resolver_type
|
|
127
141
|
reqs = dependency.requirements
|
|
@@ -296,7 +296,11 @@ module Dependabot
|
|
|
296
296
|
return file.content unless file.name.end_with?(".in")
|
|
297
297
|
|
|
298
298
|
req = dependency.requirements.find { |r| r[:file] == file.name }
|
|
299
|
-
return file.content unless req
|
|
299
|
+
return file.content unless req
|
|
300
|
+
|
|
301
|
+
unless req.fetch(:requirement)
|
|
302
|
+
return file.content + "\n#{dependency.name} #{updated_req}"
|
|
303
|
+
end
|
|
300
304
|
|
|
301
305
|
Python::FileUpdater::RequirementReplacer.new(
|
|
302
306
|
content: file.content,
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-python
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.105.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.105.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.105.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|