dependabot-python 0.106.43 → 0.106.44
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: cd1a46f1c5248dfcba2577238675c4aac25ac050cacb2a431f512cfb5c5f66ac
|
4
|
+
data.tar.gz: 9ada331e6948ceecb2cd2579ee40d01085122ae33db6dba0534cc0d31752eef3
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1132abea1402fb8d7e14d111c348df1f488e1b57f2cf50d0948202269cb30226709ed6b260881beb1786ef03a0f63eb9d38a80577cd455ad68c218108b23d028
|
7
|
+
data.tar.gz: c376f11c0f122bfd9ed94e4f277047f2ad373d8249cf9290d19838a0b7cc2f6281b4bc47c60e2e59d24ff4312df085806bf93b71b18438bf798dd30f28f9697b
|
data/helpers/requirements.txt
CHANGED
@@ -81,8 +81,6 @@ module Dependabot
|
|
81
81
|
"pyenv exec pip-compile #{pip_compile_options(filename)} "\
|
82
82
|
"#{filename}"
|
83
83
|
)
|
84
|
-
|
85
|
-
unredact_git_credentials_in_compiled_file(filename)
|
86
84
|
end
|
87
85
|
|
88
86
|
# Remove any .python-version file before parsing the reqs
|
@@ -326,41 +324,6 @@ module Dependabot
|
|
326
324
|
content
|
327
325
|
end
|
328
326
|
|
329
|
-
# Pip redacts git credentials in the compiled pip-tools file. We don't
|
330
|
-
# want that, as it makes the compiled files unusable. (This is kind of
|
331
|
-
# a pip-tools bug.)
|
332
|
-
def unredact_git_credentials_in_compiled_file(filename)
|
333
|
-
compiled_name = filename.gsub(/\.in$/, ".txt")
|
334
|
-
original_content = dependency_files.
|
335
|
-
find { |f| f.name == compiled_name }&.content ||
|
336
|
-
dependency_files.
|
337
|
-
find { |f| f.name == filename }.content
|
338
|
-
|
339
|
-
updated_content = File.read(compiled_name)
|
340
|
-
new_content = updated_content
|
341
|
-
|
342
|
-
update_count = 0
|
343
|
-
original_content.lines.each do |original_line|
|
344
|
-
next unless original_line.match?(/^(-e )?git+/)
|
345
|
-
next unless original_line.match?(%r{(?<=:)[^/].*?(?=@)})
|
346
|
-
next update_count += 1 if updated_content.include?(original_line)
|
347
|
-
|
348
|
-
line_to_update =
|
349
|
-
updated_content.lines.
|
350
|
-
select { |l| l.match?(/^(-e )?git+/) && l.include?(":****@") }.
|
351
|
-
at(update_count)
|
352
|
-
raise "Mismatch in editable requirements!" unless line_to_update
|
353
|
-
|
354
|
-
auth = original_line.match(%r{(?<=:)[^/].*?(?=@)}).to_s
|
355
|
-
new_content =
|
356
|
-
new_content.
|
357
|
-
gsub(line_to_update, line_to_update.gsub(":****@", ":#{auth}@"))
|
358
|
-
update_count += 1
|
359
|
-
end
|
360
|
-
|
361
|
-
File.write(compiled_name, new_content)
|
362
|
-
end
|
363
|
-
|
364
327
|
def update_hashes_if_required(updated_content, original_content)
|
365
328
|
deps_to_update =
|
366
329
|
deps_to_augment_hashes_for(updated_content, original_content)
|
@@ -75,8 +75,6 @@ module Dependabot
|
|
75
75
|
"pyenv exec pip-compile --allow-unsafe "\
|
76
76
|
"--build-isolation #{filename}"
|
77
77
|
)
|
78
|
-
|
79
|
-
unredact_git_credentials_in_compiled_file(filename)
|
80
78
|
end
|
81
79
|
|
82
80
|
# Remove any .python-version file before parsing the reqs
|
@@ -122,41 +120,6 @@ module Dependabot
|
|
122
120
|
raise
|
123
121
|
end
|
124
122
|
|
125
|
-
# Pip redacts git credentials in the compiled pip-tools file. We don't
|
126
|
-
# want that, as it makes the compiled files unusable. (This is kind of
|
127
|
-
# a pip-tools bug.)
|
128
|
-
def unredact_git_credentials_in_compiled_file(filename)
|
129
|
-
compiled_name = filename.gsub(/\.in$/, ".txt")
|
130
|
-
original_content = dependency_files.
|
131
|
-
find { |f| f.name == compiled_name }&.content ||
|
132
|
-
dependency_files.
|
133
|
-
find { |f| f.name == filename }.content
|
134
|
-
|
135
|
-
updated_content = File.read(compiled_name)
|
136
|
-
new_content = updated_content
|
137
|
-
|
138
|
-
update_count = 0
|
139
|
-
original_content.lines.each do |original_line|
|
140
|
-
next unless original_line.match?(/^(-e )?git+/)
|
141
|
-
next unless original_line.match?(%r{(?<=:)[^/].*?(?=@)})
|
142
|
-
next update_count += 1 if updated_content.include?(original_line)
|
143
|
-
|
144
|
-
line_to_update =
|
145
|
-
updated_content.lines.
|
146
|
-
select { |l| l.match?(/^(-e )?git+/) && l.include?(":****@") }.
|
147
|
-
at(update_count)
|
148
|
-
raise "Mismatch in editable requirements!" unless line_to_update
|
149
|
-
|
150
|
-
auth = original_line.match(%r{(?<=:)[^/].*?(?=@)}).to_s
|
151
|
-
new_content =
|
152
|
-
new_content.
|
153
|
-
gsub(line_to_update, line_to_update.gsub(":****@", ":#{auth}@"))
|
154
|
-
update_count += 1
|
155
|
-
end
|
156
|
-
|
157
|
-
File.write(compiled_name, new_content)
|
158
|
-
end
|
159
|
-
|
160
123
|
# Needed because pip-compile's resolver isn't perfect.
|
161
124
|
# Note: We raise errors from this method, rather than returning a
|
162
125
|
# boolean, so that all deps for this repo will raise identical
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-python
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.106.
|
4
|
+
version: 0.106.44
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-05-
|
11
|
+
date: 2019-05-10 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.106.
|
19
|
+
version: 0.106.44
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.106.
|
26
|
+
version: 0.106.44
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|