RubyGems - dependabot-python - Versions diffs - 0.107.24 → 0.107.25 - Mend

dependabot-python 0.107.24 → 0.107.25

Files changed (5) hide show

checksums.yaml +4 -4
data/helpers/requirements.txt +1 -1
data/lib/dependabot/python/file_updater/requirement_file_updater.rb +9 -99
data/lib/dependabot/python/file_updater/requirement_replacer.rb +115 -30
metadata +4 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: faed35ee41af0652992e9c0d8aecb5e51fdca74e0984a9c19ee3edd665bd308f
-  data.tar.gz: 4910c7f45237439ca07b68a3d9510efe0f1a52ab90e74e1976120fd07eaade26
+  metadata.gz: a84de32948f79a0eb46f7c476d0699f48bca973350ef98a144d3d0d4fc3ba4da
+  data.tar.gz: 9b0b1fb0a17c600f89c468985b9dc4fbaa71cffea0d6d25b4da7a9772977ee9c
 SHA512:
-  metadata.gz: 3fc124f843703e237947a0bd7ca7a80fb54e553ac7828b8eae564d164ef714175988a56953447a53f59d15a0f3c7ce38a157c47ba3827b73034b82891d03ad19
-  data.tar.gz: 48fcefacf10fefd181b04a4294ee90123f3d713c3653ddaf9ac7db5e3d60d289640fafdca513521406c8995a6fb0387613fc3339c52b887d30d0f30e1df0238c
+  metadata.gz: 1d5bde042246a5025221ce296a8c1d8167e552fa8a85df240abbbf3e68786ccfb9c834cf69318f65676a8ebaaa5040e31e34fab470c3a8fa55e314ca5147b92b
+  data.tar.gz: c46a52051f3c8146a44dc5203beeb1a679de2f14e56df4c1918668f7311a4a369bb8c6f67a5a0b0bef218e6ba3119238864d539212ca2747f2de38a8a4d3ff53

data/helpers/requirements.txt CHANGED Viewed

@@ -6,4 +6,4 @@ pipfile==0.0.2
 poetry==0.12.16
 # Some dependencies will only install if Cython is present
-Cython==0.29.7
+Cython==0.29.9

data/lib/dependabot/python/file_updater/requirement_file_updater.rb CHANGED Viewed

@@ -9,6 +9,8 @@ module Dependabot
   module Python
     class FileUpdater
       class RequirementFileUpdater
+        require_relative "requirement_replacer"
         attr_reader :dependencies, :dependency_files, :credentials
         def initialize(dependencies:, dependency_files:, credentials:)
@@ -50,105 +52,13 @@ module Dependabot
         def updated_requirement_or_setup_file_content(new_req, old_req)
           content = get_original_file(new_req.fetch(:file)).content
-          updated_content =
-            content.gsub(
-              original_declaration_replacement_regex(old_req),
-              updated_dependency_declaration_string(new_req, old_req)
-            )
-          raise "Expected content to change!" if content == updated_content
-          updated_content
-        end
-        def original_dependency_declaration_string(requirement)
-          regex = RequirementParser::INSTALL_REQ_WITH_REQUIREMENT
-          matches = []
-          get_original_file(requirement.fetch(:file)).
-            content.scan(regex) { matches << Regexp.last_match }
-          dec = matches.
-                select { |m| normalise(m[:name]) == dependency.name }.
-                find do |m|
-                  # The FileParser can mess up a requirement's spacing so we
-                  # sanitize both requirements before comparing
-                  f_req = m[:requirements]&.gsub(/\s/, "")&.split(",")&.sort
-                  p_req = requirement.fetch(:requirement)&.
-                          gsub(/\s/, "")&.split(",")&.sort
-                  f_req == p_req
-                end
-          raise "Declaration not found for #{dependency.name}!" unless dec
-          dec.to_s.strip
-        end
-        def updated_dependency_declaration_string(new_req, old_req)
-          updated_string =
-            original_dependency_declaration_string(old_req).sub(
-              RequirementParser::REQUIREMENTS,
-              new_req.fetch(:requirement)
-            )
-          return updated_string unless requirement_includes_hashes?(old_req)
-          updated_string.sub(
-            RequirementParser::HASHES,
-            package_hashes_for(
-              name: dependency.name,
-              version: dependency.version,
-              algorithm: hash_algorithm(old_req)
-            ).join(hash_separator(old_req))
-          )
-        end
-        def original_declaration_replacement_regex(requirement)
-          original_string =
-            original_dependency_declaration_string(requirement)
-          /(?<![\-\w])#{Regexp.escape(original_string)}(?![\-\w])/
-        end
-        def requirement_includes_hashes?(requirement)
-          original_dependency_declaration_string(requirement).
-            match?(RequirementParser::HASHES)
-        end
-        def hash_algorithm(requirement)
-          return unless requirement_includes_hashes?(requirement)
-          original_dependency_declaration_string(requirement).
-            match(RequirementParser::HASHES).
-            named_captures.fetch("algorithm")
-        end
-        def hash_separator(requirement)
-          return unless requirement_includes_hashes?(requirement)
-          hash_regex = RequirementParser::HASH
-          current_separator =
-            original_dependency_declaration_string(requirement).
-            match(/#{hash_regex}((?<separator>\s*\\?\s*?)#{hash_regex})*/).
-            named_captures.fetch("separator")
-          default_separator =
-            original_dependency_declaration_string(requirement).
-            match(RequirementParser::HASH).
-            pre_match.match(/(?<separator>\s*\\?\s*?)\z/).
-            named_captures.fetch("separator")
-          current_separator || default_separator
-        end
-        def package_hashes_for(name:, version:, algorithm:)
-          SharedHelpers.run_helper_subprocess(
-            command: "pyenv exec python #{NativeHelpers.python_helper_path}",
-            function: "get_dependency_hash",
-            args: [name, version, algorithm]
-          ).map { |h| "--hash=#{algorithm}:#{h['hash']}" }
-        end
-        # See https://www.python.org/dev/peps/pep-0503/#normalized-names
-        def normalise(name)
-          name.downcase.gsub(/[-_.]+/, "-")
+          RequirementReplacer.new(
+            content: content,
+            dependency_name: dependency.name,
+            old_requirement: old_req.fetch(:requirement),
+            new_requirement: new_req.fetch(:requirement),
+            new_hash_version: dependency.version
+          ).updated_content
         end
         def get_original_file(filename)

data/lib/dependabot/python/file_updater/requirement_replacer.rb CHANGED Viewed

@@ -3,20 +3,19 @@
 require "dependabot/python/requirement_parser"
 require "dependabot/python/file_updater"
 require "dependabot/shared_helpers"
+require "dependabot/python/native_helpers"
 module Dependabot
   module Python
     class FileUpdater
       class RequirementReplacer
-        attr_reader :content, :dependency_name, :old_requirement,
-                    :new_requirement
         def initialize(content:, dependency_name:, old_requirement:,
-                       new_requirement:)
-          @content         = content
-          @dependency_name = dependency_name
-          @old_requirement = old_requirement
-          @new_requirement = new_requirement
+                       new_requirement:, new_hash_version: nil)
+          @content          = content
+          @dependency_name  = dependency_name
+          @old_requirement  = old_requirement
+          @new_requirement  = new_requirement
+          @new_hash_version = new_hash_version
         end
         def updated_content
@@ -26,10 +25,7 @@ module Dependabot
               # ignore it, since it isn't actually a declaration
               next mtch if Regexp.last_match.pre_match.match?(/--.*\z/)
-              updated_dependency_declaration_string(
-                old_requirement,
-                new_requirement
-              )
+              updated_dependency_declaration_string
             end
           raise "Expected content to change!" if content == updated_content
@@ -39,6 +35,113 @@ module Dependabot
         private
+        attr_reader :content, :dependency_name, :old_requirement,
+                    :new_requirement, :new_hash_version
+        def update_hashes?
+          !new_hash_version.nil?
+        end
+        def updated_requirement_string
+          new_req_string = new_requirement
+          if add_space_after_commas?
+            new_req_string = new_req_string.gsub(/,\s*/, ", ")
+          end
+          if add_space_after_operators?
+            new_req_string =
+              new_req_string.
+              gsub(/(#{RequirementParser::COMPARISON})\s*(?=\d)/, '\1 ')
+          end
+          new_req_string
+        end
+        def updated_dependency_declaration_string
+          old_req = old_requirement
+          updated_string =
+            if old_req
+              original_dependency_declaration_string(old_req).
+                sub(RequirementParser::REQUIREMENTS, updated_requirement_string)
+            else
+              original_dependency_declaration_string(old_req).
+                sub(RequirementParser::NAME_WITH_EXTRAS) do |nm|
+                  nm + updated_requirement_string
+                end
+            end
+          unless update_hashes? && requirement_includes_hashes?(old_req)
+            return updated_string
+          end
+          updated_string.sub(
+            RequirementParser::HASHES,
+            package_hashes_for(
+              name: dependency_name,
+              version: new_hash_version,
+              algorithm: hash_algorithm(old_req)
+            ).join(hash_separator(old_req))
+          )
+        end
+        def add_space_after_commas?
+          original_dependency_declaration_string(old_requirement).
+            match(RequirementParser::REQUIREMENTS).
+            to_s.include?(", ")
+        end
+        def add_space_after_operators?
+          original_dependency_declaration_string(old_requirement).
+            match(RequirementParser::REQUIREMENTS).
+            to_s.match?(/#{RequirementParser::COMPARISON}\s+\d/)
+        end
+        def original_declaration_replacement_regex
+          original_string =
+            original_dependency_declaration_string(old_requirement)
+          /(?<![\-\w\.\[])#{Regexp.escape(original_string)}(?![\-\w\.])/
+        end
+        def requirement_includes_hashes?(requirement)
+          original_dependency_declaration_string(requirement).
+            match?(RequirementParser::HASHES)
+        end
+        def hash_algorithm(requirement)
+          return unless requirement_includes_hashes?(requirement)
+          original_dependency_declaration_string(requirement).
+            match(RequirementParser::HASHES).
+            named_captures.fetch("algorithm")
+        end
+        def hash_separator(requirement)
+          return unless requirement_includes_hashes?(requirement)
+          hash_regex = RequirementParser::HASH
+          current_separator =
+            original_dependency_declaration_string(requirement).
+            match(/#{hash_regex}((?<separator>\s*\\?\s*?)#{hash_regex})*/).
+            named_captures.fetch("separator")
+          default_separator =
+            original_dependency_declaration_string(requirement).
+            match(RequirementParser::HASH).
+            pre_match.match(/(?<separator>\s*\\?\s*?)\z/).
+            named_captures.fetch("separator")
+          current_separator || default_separator
+        end
+        def package_hashes_for(name:, version:, algorithm:)
+          SharedHelpers.run_helper_subprocess(
+            command: "pyenv exec python #{NativeHelpers.python_helper_path}",
+            function: "get_dependency_hash",
+            args: [name, version, algorithm]
+          ).map { |h| "--hash=#{algorithm}:#{h['hash']}" }
+        end
         def original_dependency_declaration_string(old_req)
           matches = []
@@ -60,24 +163,6 @@ module Dependabot
           dec.to_s.strip
         end
-        def updated_dependency_declaration_string(old_req, new_req)
-          if old_req
-            original_dependency_declaration_string(old_req).
-              sub(RequirementParser::REQUIREMENTS, new_req)
-          else
-            original_dependency_declaration_string(old_req).
-              sub(RequirementParser::NAME_WITH_EXTRAS) do |nm|
-                nm + new_req
-              end
-          end
-        end
-        def original_declaration_replacement_regex
-          original_string =
-            original_dependency_declaration_string(old_requirement)
-          /(?<![\-\w\.\[])#{Regexp.escape(original_string)}(?![\-\w\.])/
-        end
         # See https://www.python.org/dev/peps/pep-0503/#normalized-names
         def normalise(name)
           name.downcase.gsub(/[-_.]+/, "-")

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-python
 version: !ruby/object:Gem::Version
-  version: 0.107.24
+  version: 0.107.25
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-05-28 00:00:00.000000000 Z
+date: 2019-05-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.107.24
+        version: 0.107.25
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.107.24
+        version: 0.107.25
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement