dependabot-python 0.106.10 → 0.106.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/python/file_updater/pipfile_file_updater.rb +14 -1
- data/lib/dependabot/python/file_updater/poetry_file_updater.rb +32 -10
- data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb +14 -1
- data/lib/dependabot/python/update_checker/poetry_version_resolver.rb +17 -0
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3a5271c81524fde4ca367b1e7f1f7643b494cfcf8cca9a8bdf7794a1f521926d
|
|
4
|
+
data.tar.gz: 70aa42b7863635e7f1493b35f940d44a4c7abd73674751d78311505dd910b7de
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: aa9d21f885b05d54e550166f7381b386edd9c5daa98a5bca1ef89171936b03b5c8ca9ef2b883284ab1843c576ef791dffeee6335bca43da230cf0dbac267c747
|
|
7
|
+
data.tar.gz: 926655acc7af32cf0e44c1b03eeefb9767c123ffd5f6b8de7854a27ead7d47b61d3fe4654a22aac26a4b9bacfeaaed55b5471a15204f62e4ad3dbea8f5b03427
|
|
@@ -147,8 +147,9 @@ module Dependabot
|
|
|
147
147
|
%w(packages dev-packages).each do |type|
|
|
148
148
|
names = pipfile_object[type]&.keys || []
|
|
149
149
|
pkg_name = names.find { |nm| normalise(nm) == dep.name }
|
|
150
|
-
next unless pkg_name
|
|
150
|
+
next unless pkg_name || subdep_type?(type)
|
|
151
151
|
|
|
152
|
+
pkg_name ||= dependency.name
|
|
152
153
|
if pipfile_object[type][pkg_name].is_a?(Hash)
|
|
153
154
|
pipfile_object[type][pkg_name]["version"] =
|
|
154
155
|
"==#{dep.version}"
|
|
@@ -161,6 +162,18 @@ module Dependabot
|
|
|
161
162
|
TomlRB.dump(pipfile_object)
|
|
162
163
|
end
|
|
163
164
|
|
|
165
|
+
def subdep_type?(type)
|
|
166
|
+
return false if dependency.top_level?
|
|
167
|
+
|
|
168
|
+
lockfile_type = Python::FileParser::DEPENDENCY_GROUP_KEYS.
|
|
169
|
+
find { |i| i.fetch(:pipfile) == type }.
|
|
170
|
+
fetch(:lockfile)
|
|
171
|
+
|
|
172
|
+
JSON.parse(lockfile.content).
|
|
173
|
+
fetch(lockfile_type, {}).
|
|
174
|
+
keys.any? { |k| normalise(k) == dependency.name }
|
|
175
|
+
end
|
|
176
|
+
|
|
164
177
|
def add_private_sources(pipfile_content)
|
|
165
178
|
PipfilePreparer.
|
|
166
179
|
new(pipfile_content: pipfile_content).
|
|
@@ -120,28 +120,50 @@ module Dependabot
|
|
|
120
120
|
poetry_object = pyproject_object.fetch("tool").fetch("poetry")
|
|
121
121
|
|
|
122
122
|
dependencies.each do |dep|
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
if poetry_object[type][pkg_name].is_a?(Hash)
|
|
129
|
-
poetry_object[type][pkg_name]["version"] = dep.version
|
|
130
|
-
else
|
|
131
|
-
poetry_object[type][pkg_name] = dep.version
|
|
132
|
-
end
|
|
123
|
+
if dep.requirements.find { |r| r[:file] == pyproject.name }
|
|
124
|
+
lock_declaration_to_new_version!(poetry_object, dep)
|
|
125
|
+
else
|
|
126
|
+
create_declaration_at_new_version!(poetry_object, dep)
|
|
133
127
|
end
|
|
134
128
|
end
|
|
135
129
|
|
|
136
130
|
TomlRB.dump(pyproject_object)
|
|
137
131
|
end
|
|
138
132
|
|
|
133
|
+
def lock_declaration_to_new_version!(poetry_object, dep)
|
|
134
|
+
%w(dependencies dev-dependencies).each do |type|
|
|
135
|
+
names = poetry_object[type]&.keys || []
|
|
136
|
+
pkg_name = names.find { |nm| normalise(nm) == dep.name }
|
|
137
|
+
next unless pkg_name
|
|
138
|
+
|
|
139
|
+
if poetry_object[type][pkg_name].is_a?(Hash)
|
|
140
|
+
poetry_object[type][pkg_name]["version"] = dep.version
|
|
141
|
+
else
|
|
142
|
+
poetry_object[type][pkg_name] = dep.version
|
|
143
|
+
end
|
|
144
|
+
end
|
|
145
|
+
end
|
|
146
|
+
|
|
147
|
+
def create_declaration_at_new_version!(poetry_object, dep)
|
|
148
|
+
poetry_object[subdep_type] ||= {}
|
|
149
|
+
poetry_object[subdep_type][dependency.name] = dep.version
|
|
150
|
+
end
|
|
151
|
+
|
|
139
152
|
def add_private_sources(pyproject_content)
|
|
140
153
|
PyprojectPreparer.
|
|
141
154
|
new(pyproject_content: pyproject_content).
|
|
142
155
|
replace_sources(credentials)
|
|
143
156
|
end
|
|
144
157
|
|
|
158
|
+
def subdep_type
|
|
159
|
+
category =
|
|
160
|
+
TomlRB.parse(lockfile.content).fetch("package", []).
|
|
161
|
+
find { |dets| normalise(dets.fetch("name")) == dependency.name }.
|
|
162
|
+
fetch("category")
|
|
163
|
+
|
|
164
|
+
category == "dev" ? "dev-dependencies" : "dependencies"
|
|
165
|
+
end
|
|
166
|
+
|
|
145
167
|
def sanitize(pyproject_content)
|
|
146
168
|
PyprojectPreparer.
|
|
147
169
|
new(pyproject_content: pyproject_content).
|
|
@@ -339,8 +339,9 @@ module Dependabot
|
|
|
339
339
|
%w(packages dev-packages).each do |type|
|
|
340
340
|
names = pipfile_object[type]&.keys || []
|
|
341
341
|
pkg_name = names.find { |nm| normalise(nm) == dependency.name }
|
|
342
|
-
next unless pkg_name
|
|
342
|
+
next unless pkg_name || subdep_type?(type)
|
|
343
343
|
|
|
344
|
+
pkg_name ||= dependency.name
|
|
344
345
|
if pipfile_object.dig(type, pkg_name).is_a?(Hash)
|
|
345
346
|
pipfile_object[type][pkg_name]["version"] = updated_requirement
|
|
346
347
|
else
|
|
@@ -351,6 +352,18 @@ module Dependabot
|
|
|
351
352
|
TomlRB.dump(pipfile_object)
|
|
352
353
|
end
|
|
353
354
|
|
|
355
|
+
def subdep_type?(type)
|
|
356
|
+
return false if dependency.top_level?
|
|
357
|
+
|
|
358
|
+
lockfile_type = Python::FileParser::DEPENDENCY_GROUP_KEYS.
|
|
359
|
+
find { |i| i.fetch(:pipfile) == type }.
|
|
360
|
+
fetch(:lockfile)
|
|
361
|
+
|
|
362
|
+
JSON.parse(lockfile.content).
|
|
363
|
+
fetch(lockfile_type, {}).
|
|
364
|
+
keys.any? { |k| normalise(k) == dependency.name }
|
|
365
|
+
end
|
|
366
|
+
|
|
354
367
|
def add_private_sources(pipfile_content)
|
|
355
368
|
Python::FileUpdater::PipfilePreparer.
|
|
356
369
|
new(pipfile_content: pipfile_content).
|
|
@@ -14,6 +14,7 @@ require "dependabot/python/native_helpers"
|
|
|
14
14
|
require "dependabot/python/python_versions"
|
|
15
15
|
require "dependabot/python/authed_url_builder"
|
|
16
16
|
|
|
17
|
+
# rubocop:disable Metrics/ClassLength
|
|
17
18
|
module Dependabot
|
|
18
19
|
module Python
|
|
19
20
|
class UpdateChecker
|
|
@@ -246,9 +247,24 @@ module Dependabot
|
|
|
246
247
|
end
|
|
247
248
|
end
|
|
248
249
|
|
|
250
|
+
# If this is a sub-dependency, add the new requirement
|
|
251
|
+
unless dependency.requirements.find { |r| r[:file] == pyproject.name }
|
|
252
|
+
poetry_object[subdep_type] ||= {}
|
|
253
|
+
poetry_object[subdep_type][dependency.name] = updated_requirement
|
|
254
|
+
end
|
|
255
|
+
|
|
249
256
|
TomlRB.dump(pyproject_object)
|
|
250
257
|
end
|
|
251
258
|
|
|
259
|
+
def subdep_type
|
|
260
|
+
category =
|
|
261
|
+
TomlRB.parse(lockfile.content).fetch("package", []).
|
|
262
|
+
find { |dets| normalise(dets.fetch("name")) == dependency.name }.
|
|
263
|
+
fetch("category")
|
|
264
|
+
|
|
265
|
+
category == "dev" ? "dev-dependencies" : "dependencies"
|
|
266
|
+
end
|
|
267
|
+
|
|
252
268
|
def check_private_sources_are_reachable
|
|
253
269
|
sources_to_check =
|
|
254
270
|
pyproject_sources +
|
|
@@ -346,3 +362,4 @@ module Dependabot
|
|
|
346
362
|
end
|
|
347
363
|
end
|
|
348
364
|
end
|
|
365
|
+
# rubocop:enable Metrics/ClassLength
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-python
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.106.
|
|
4
|
+
version: 0.106.11
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.106.
|
|
19
|
+
version: 0.106.11
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.106.
|
|
26
|
+
version: 0.106.11
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|