RubyGems - dependabot-python - Versions diffs - 0.107.24 → 0.107.25 - Mend

dependabot-python 0.107.24 → 0.107.25

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml +4 -4
data/helpers/requirements.txt +1 -1
data/lib/dependabot/python/file_updater/requirement_file_updater.rb +9 -99
data/lib/dependabot/python/file_updater/requirement_replacer.rb +115 -30
metadata +4 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: faed35ee41af0652992e9c0d8aecb5e51fdca74e0984a9c19ee3edd665bd308f
-  data.tar.gz: 4910c7f45237439ca07b68a3d9510efe0f1a52ab90e74e1976120fd07eaade26
+  metadata.gz: a84de32948f79a0eb46f7c476d0699f48bca973350ef98a144d3d0d4fc3ba4da
+  data.tar.gz: 9b0b1fb0a17c600f89c468985b9dc4fbaa71cffea0d6d25b4da7a9772977ee9c
 SHA512:
-  metadata.gz: 3fc124f843703e237947a0bd7ca7a80fb54e553ac7828b8eae564d164ef714175988a56953447a53f59d15a0f3c7ce38a157c47ba3827b73034b82891d03ad19
-  data.tar.gz: 48fcefacf10fefd181b04a4294ee90123f3d713c3653ddaf9ac7db5e3d60d289640fafdca513521406c8995a6fb0387613fc3339c52b887d30d0f30e1df0238c
+  metadata.gz: 1d5bde042246a5025221ce296a8c1d8167e552fa8a85df240abbbf3e68786ccfb9c834cf69318f65676a8ebaaa5040e31e34fab470c3a8fa55e314ca5147b92b
+  data.tar.gz: c46a52051f3c8146a44dc5203beeb1a679de2f14e56df4c1918668f7311a4a369bb8c6f67a5a0b0bef218e6ba3119238864d539212ca2747f2de38a8a4d3ff53

data/helpers/requirements.txt CHANGED Viewed

@@ -6,4 +6,4 @@ pipfile==0.0.2
 poetry==0.12.16
 # Some dependencies will only install if Cython is present
-Cython==0.29.7
+Cython==0.29.9

data/lib/dependabot/python/file_updater/requirement_file_updater.rb CHANGED Viewed

@@ -9,6 +9,8 @@ module Dependabot
   module Python
     class FileUpdater
       class RequirementFileUpdater
+        require_relative "requirement_replacer"
         attr_reader :dependencies, :dependency_files, :credentials
         def initialize(dependencies:, dependency_files:, credentials:)
@@ -50,105 +52,13 @@ module Dependabot
         def updated_requirement_or_setup_file_content(new_req, old_req)
           content = get_original_file(new_req.fetch(:file)).content
-          updated_content =
-            content.gsub(
-              original_declaration_replacement_regex(old_req),
-              updated_dependency_declaration_string(new_req, old_req)
-            )
-          raise "Expected content to change!" if content == updated_content
-          updated_content
-        end
-        def original_dependency_declaration_string(requirement)
-          regex = RequirementParser::INSTALL_REQ_WITH_REQUIREMENT
-          matches = []
-          get_original_file(requirement.fetch(:file)).
-            content.scan(regex) { matches << Regexp.last_match }
-          dec = matches.
-                select { |m| normalise(m[:name]) == dependency.name }.
-                find do |m|
-                  # The FileParser can mess up a requirement's spacing so we
-                  # sanitize both requirements before comparing
-                  f_req = m[:requirements]&.gsub(/\s/, "")&.split(",")&.sort
-                  p_req = requirement.fetch(:requirement)&.
-                          gsub(/\s/, "")&.split(",")&.sort
-                  f_req == p_req
-                end
-          raise "Declaration not found for #{dependency.name}!" unless dec
-          dec.to_s.strip
-        end
-        def updated_dependency_declaration_string(new_req, old_req)
-          updated_string =
-            original_dependency_declaration_string(old_req).sub(
-              RequirementParser::REQUIREMENTS,
-              new_req.fetch(:requirement)
-            )
-          return updated_string unless requirement_includes_hashes?(old_req)
-          updated_string.sub(
-            RequirementParser::HASHES,
-            package_hashes_for(
-              name: dependency.name,
-              version: dependency.version,
-              algorithm: hash_algorithm(old_req)
-            ).join(hash_separator(old_req))
-          )
-        end
-        def original_declaration_replacement_regex(requirement)
-          original_string =
-            original_dependency_declaration_string(requirement)
-          /(?<![\-\w])#{Regexp.escape(original_string)}(?![\-\w])/
-        end
-        def requirement_includes_hashes?(requirement)
-          original_dependency_declaration_string(requirement).
-            match?(RequirementParser::HASHES)
-        end
-        def hash_algorithm(requirement)
-          return unless requirement_includes_hashes?(requirement)
-          original_dependency_declaration_string(requirement).
-            match(RequirementParser::HASHES).
-            named_captures.fetch("algorithm")
-        end
-        def hash_separator(requirement)
-          return unless requirement_includes_hashes?(requirement)
-          hash_regex = RequirementParser::HASH
-          current_separator =
-            original_dependency_declaration_string(requirement).
-            match(/#{hash_regex}((?<separator>\s*\\?\s*?)#{hash_regex})*/).
-            named_captures.fetch("separator")
-          default_separator =
-            original_dependency_declaration_string(requirement).
-            match(RequirementParser::HASH).
-            pre_match.match(/(?<separator>\s*\\?\s*?)\z/).
-            named_captures.fetch("separator")
-          current_separator || default_separator
-        end
-        def package_hashes_for(name:, version:, algorithm:)
-          SharedHelpers.run_helper_subprocess(
-            command: "pyenv exec python #{NativeHelpers.python_helper_path}",
-            function: "get_dependency_hash",
-            args: [name, version, algorithm]
-          ).map { |h| "--hash=#{algorithm}:#{h['hash']}" }
-        end
-        # See https://www.python.org/dev/peps/pep-0503/#normalized-names
-        def normalise(name)
-          name.downcase.gsub(/[-_.]+/, "-")
+          RequirementReplacer.new(
+            content: content,
+            dependency_name: dependency.name,
+            old_requirement: old_req.fetch(:requirement),
+            new_requirement: new_req.fetch(:requirement),
+            new_hash_version: dependency.version
+          ).updated_content
         end
         def get_original_file(filename)

data/lib/dependabot/python/file_updater/requirement_replacer.rb CHANGED Viewed

@@ -3,20 +3,19 @@
 require "dependabot/python/requirement_parser"
 require "dependabot/python/file_updater"
 require "dependabot/shared_helpers"
+require "dependabot/python/native_helpers"
 module Dependabot
   module Python
     class FileUpdater
       class RequirementReplacer
-        attr_reader :content, :dependency_name, :old_requirement,
-                    :new_requirement
         def initialize(content:, dependency_name:, old_requirement:,
-                       new_requirement:)
-          @content         = content
-          @dependency_name = dependency_name
-          @old_requirement = old_requirement
-          @new_requirement = new_requirement
+                       new_requirement:, new_hash_version: nil)
+          @content          = content
+          @dependency_name  = dependency_name
+          @old_requirement  = old_requirement
+          @new_requirement  = new_requirement
+          @new_hash_version = new_hash_version
         end
         def updated_content
@@ -26,10 +25,7 @@ module Dependabot
               # ignore it, since it isn't actually a declaration
               next mtch if Regexp.last_match.pre_match.match?(/--.*\z/)
-              updated_dependency_declaration_string(
-                old_requirement,
-                new_requirement
-              )
+              updated_dependency_declaration_string
             end
           raise "Expected content to change!" if content == updated_content
@@ -39,6 +35,113 @@ module Dependabot
         private
+        attr_reader :content, :dependency_name, :old_requirement,
+                    :new_requirement, :new_hash_version
+        def update_hashes?
+          !new_hash_version.nil?
+        end
+        def updated_requirement_string
+          new_req_string = new_requirement
+          if add_space_after_commas?
+            new_req_string = new_req_string.gsub(/,\s*/, ", ")
+          end
+          if add_space_after_operators?
+            new_req_string =
+              new_req_string.
+              gsub(/(#{RequirementParser::COMPARISON})\s*(?=\d)/, '\1 ')
+          end
+          new_req_string
+        end
+        def updated_dependency_declaration_string
+          old_req = old_requirement
+          updated_string =
+            if old_req
+              original_dependency_declaration_string(old_req).
+                sub(RequirementParser::REQUIREMENTS, updated_requirement_string)
+            else
+              original_dependency_declaration_string(old_req).
+                sub(RequirementParser::NAME_WITH_EXTRAS) do |nm|
+                  nm + updated_requirement_string
+                end
+            end
+          unless update_hashes? && requirement_includes_hashes?(old_req)
+            return updated_string
+          end
+          updated_string.sub(
+            RequirementParser::HASHES,
+            package_hashes_for(
+              name: dependency_name,
+              version: new_hash_version,
+              algorithm: hash_algorithm(old_req)
+            ).join(hash_separator(old_req))
+          )
+        end
+        def add_space_after_commas?
+          original_dependency_declaration_string(old_requirement).
+            match(RequirementParser::REQUIREMENTS).
+            to_s.include?(", ")
+        end
+        def add_space_after_operators?
+          original_dependency_declaration_string(old_requirement).
+            match(RequirementParser::REQUIREMENTS).
+            to_s.match?(/#{RequirementParser::COMPARISON}\s+\d/)
+        end
+        def original_declaration_replacement_regex
+          original_string =
+            original_dependency_declaration_string(old_requirement)
+          /(?<![\-\w\.\[])#{Regexp.escape(original_string)}(?![\-\w\.])/
+        end
+        def requirement_includes_hashes?(requirement)
+          original_dependency_declaration_string(requirement).
+            match?(RequirementParser::HASHES)
+        end
+        def hash_algorithm(requirement)
+          return unless requirement_includes_hashes?(requirement)
+          original_dependency_declaration_string(requirement).
+            match(RequirementParser::HASHES).
+            named_captures.fetch("algorithm")
+        end
+        def hash_separator(requirement)
+          return unless requirement_includes_hashes?(requirement)
+          hash_regex = RequirementParser::HASH
+          current_separator =
+            original_dependency_declaration_string(requirement).
+            match(/#{hash_regex}((?<separator>\s*\\?\s*?)#{hash_regex})*/).
+            named_captures.fetch("separator")
+          default_separator =
+            original_dependency_declaration_string(requirement).
+            match(RequirementParser::HASH).
+            pre_match.match(/(?<separator>\s*\\?\s*?)\z/).
+            named_captures.fetch("separator")
+          current_separator || default_separator
+        end
+        def package_hashes_for(name:, version:, algorithm:)
+          SharedHelpers.run_helper_subprocess(
+            command: "pyenv exec python #{NativeHelpers.python_helper_path}",
+            function: "get_dependency_hash",
+            args: [name, version, algorithm]
+          ).map { |h| "--hash=#{algorithm}:#{h['hash']}" }
+        end
         def original_dependency_declaration_string(old_req)
           matches = []
@@ -60,24 +163,6 @@ module Dependabot
           dec.to_s.strip
         end
-        def updated_dependency_declaration_string(old_req, new_req)
-          if old_req
-            original_dependency_declaration_string(old_req).
-              sub(RequirementParser::REQUIREMENTS, new_req)
-          else
-            original_dependency_declaration_string(old_req).
-              sub(RequirementParser::NAME_WITH_EXTRAS) do |nm|
-                nm + new_req
-              end
-          end
-        end
-        def original_declaration_replacement_regex
-          original_string =
-            original_dependency_declaration_string(old_requirement)
-          /(?<![\-\w\.\[])#{Regexp.escape(original_string)}(?![\-\w\.])/
-        end
         # See https://www.python.org/dev/peps/pep-0503/#normalized-names
         def normalise(name)
           name.downcase.gsub(/[-_.]+/, "-")

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-python
 version: !ruby/object:Gem::Version
-  version: 0.107.24
+  version: 0.107.25
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-05-28 00:00:00.000000000 Z
+date: 2019-05-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.107.24
+        version: 0.107.25
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.107.24
+        version: 0.107.25
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement