RubyGems - dependabot-python - Versions diffs - 0.108.19 → 0.108.21 - Mend

dependabot-python 0.108.19 → 0.108.21

Files changed (5) hide show

checksums.yaml +4 -4
data/lib/dependabot/python/file_parser/setup_file_parser.rb +34 -15
data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb +1 -0
data/lib/dependabot/python/update_checker/latest_version_finder.rb +68 -22
metadata +4 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5e0f7ee1df3e5d469f00a05bd8b7806c2204279f97e1394f6d3be2442c26c6f0
-  data.tar.gz: b34a290ea0a8748858fdb22292961d72ad0b3eb97868c4ead1054a5aaf7ea79d
+  metadata.gz: 854e1401da6d4347a3ee43320ad1c92c6f74c54794f456722b2914453947c1ff
+  data.tar.gz: adba97d1c4efb823a34c46bea97569f09aa34bb3a3b1ec7aa9db76df93923a81
 SHA512:
-  metadata.gz: a91f8ce18580038e1e6de4d0889fa848287a1accd8c457b23568f8f0ca65be411872284af5bace3be7fcb23f4531a922d9b373fd803061442391ae4e6cc25d16
-  data.tar.gz: b83afaac5e110ebc65b60454a58bc0256100899e39571b5c165ad0fa6fe774dc0452851ee5aa86b6641d5223bdaa83a41de687d0a245c3dbac5e70e8a6c42a03
+  metadata.gz: 2afd4503cc8f06a7a445a8dc48cb67510adceda5711588c4d44434094427921665cdf76408b443b3451c2f824323cb50391b8f0fa7443026f7a74211d42878fb
+  data.tar.gz: 5720f061637253c91d2fae8408c03607b9b47e16a88365dc6f98537a120a582b08f950d0d77b509b7bbb4b6a08e696902081d59f6181157d9341bfff82fe1c34

data/lib/dependabot/python/file_parser/setup_file_parser.rb CHANGED Viewed

@@ -11,11 +11,12 @@ module Dependabot
   module Python
     class FileParser
       class SetupFileParser
-        INSTALL_REQUIRES_REGEX =
-          /install_requires\s*=\s*(\[.*?\])[,)\s]/m.freeze
-        SETUP_REQUIRES_REGEX = /setup_requires\s*=\s*(\[.*?\])[,)\s]/m.freeze
-        TESTS_REQUIRE_REGEX = /tests_require\s*=\s*(\[.*?\])[,)\s]/m.freeze
-        EXTRAS_REQUIRE_REGEX = /extras_require\s*=\s*(\{.*?\})[,)\s]/m.freeze
+        INSTALL_REQUIRES_REGEX = /install_requires\s*=\s*\[/m.freeze
+        SETUP_REQUIRES_REGEX = /setup_requires\s*=\s*\[/m.freeze
+        TESTS_REQUIRE_REGEX = /tests_require\s*=\s*\[/m.freeze
+        EXTRAS_REQUIRE_REGEX = /extras_require\s*=\s*\{/m.freeze
+        CLOSING_BRACKET = { "[" => "]", "{" => "}" }.freeze
         def initialize(dependency_files:)
           @dependency_files = dependency_files
@@ -121,16 +122,10 @@ module Dependabot
         # entries are dynamic), but it is an alternative approach to the one
         # used in parser.py which sometimes succeeds when that has failed.
         def write_sanitized_setup_file
-          original_content = setup_file.content
-          install_requires =
-            original_content.match(INSTALL_REQUIRES_REGEX)&.captures&.first
-          setup_requires =
-            original_content.match(SETUP_REQUIRES_REGEX)&.captures&.first
-          tests_require =
-            original_content.match(TESTS_REQUIRE_REGEX)&.captures&.first
-          extras_require =
-            original_content.match(EXTRAS_REQUIRE_REGEX)&.captures&.first
+          install_requires = get_regexed_req_array(INSTALL_REQUIRES_REGEX)
+          setup_requires = get_regexed_req_array(SETUP_REQUIRES_REGEX)
+          tests_require = get_regexed_req_array(TESTS_REQUIRE_REGEX)
+          extras_require = get_regexed_req_dict(EXTRAS_REQUIRE_REGEX)
           tmp = "from setuptools import setup\n\n"\
                 "setup(name=\"sanitized-package\",version=\"0.0.1\","
@@ -144,6 +139,30 @@ module Dependabot
           File.write("setup.py", tmp)
         end
+        def get_regexed_req_array(regex)
+          return unless (mch = setup_file.content.match(regex))
+          "[#{mch.post_match[0..closing_bracket_index(mch.post_match, '[')]}"
+        end
+        def get_regexed_req_dict(regex)
+          return unless (mch = setup_file.content.match(regex))
+          "{#{mch.post_match[0..closing_bracket_index(mch.post_match, '{')]}"
+        end
+        def closing_bracket_index(string, bracket)
+          closes_required = 1
+          string.chars.each_with_index do |char, index|
+            closes_required += 1 if char == bracket
+            closes_required -= 1 if char == CLOSING_BRACKET.fetch(bracket)
+            return index if closes_required.zero?
+          end
+          0
+        end
         # See https://www.python.org/dev/peps/pep-0503/#normalized-names
         def normalised_name(name)
           name.downcase.gsub(/[-_.]+/, "-")

data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb CHANGED Viewed

@@ -446,6 +446,7 @@ module Dependabot
             options << "--no-header"
           end
+          options << "--pre" if requirements_file.content.include?("--pre")
           options.join(" ")
         end

data/lib/dependabot/python/update_checker/latest_version_finder.rb CHANGED Viewed

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
+require "cgi"
 require "excon"
 require "dependabot/python/update_checker"
@@ -12,6 +13,9 @@ module Dependabot
       class LatestVersionFinder
         require_relative "index_finder"
+        PYTHON_REQUIREMENT_REGEX =
+          /data-requires-python\s*=\s*["'](?<requirement>[^"']+)["']/m.freeze
         def initialize(dependency:, dependency_files:, credentials:,
                        ignored_versions:, security_advisories:)
           @dependency          = dependency
@@ -21,17 +25,19 @@ module Dependabot
           @security_advisories = security_advisories
         end
-        def latest_version
-          @latest_version ||= fetch_latest_version
+        def latest_version(python_version: nil)
+          @latest_version ||=
+            fetch_latest_version(python_version: python_version)
         end
-        def latest_version_with_no_unlock
+        def latest_version_with_no_unlock(python_version: nil)
           @latest_version_with_no_unlock ||=
-            fetch_latest_version_with_no_unlock
+            fetch_latest_version_with_no_unlock(python_version: python_version)
         end
-        def lowest_security_fix_version
-          @lowest_security_fix_version ||= fetch_lowest_security_fix_version
+        def lowest_security_fix_version(python_version: nil)
+          @lowest_security_fix_version ||=
+            fetch_lowest_security_fix_version(python_version: python_version)
         end
         private
@@ -39,23 +45,26 @@ module Dependabot
         attr_reader :dependency, :dependency_files, :credentials,
                     :ignored_versions, :security_advisories
-        def fetch_latest_version
+        def fetch_latest_version(python_version:)
           versions = available_versions
+          versions = filter_unsupported_versions(versions, python_version)
           versions = filter_prerelease_versions(versions)
           versions = filter_ignored_versions(versions)
           versions.max
         end
-        def fetch_latest_version_with_no_unlock
+        def fetch_latest_version_with_no_unlock(python_version:)
           versions = available_versions
+          versions = filter_unsupported_versions(versions, python_version)
           versions = filter_prerelease_versions(versions)
           versions = filter_ignored_versions(versions)
           versions = filter_out_of_range_versions(versions)
           versions.max
         end
-        def fetch_lowest_security_fix_version
+        def fetch_lowest_security_fix_version(python_version:)
           versions = available_versions
+          versions = filter_unsupported_versions(versions, python_version)
           versions = filter_prerelease_versions(versions)
           versions = filter_ignored_versions(versions)
           versions = filter_vulnerable_versions(versions)
@@ -63,6 +72,17 @@ module Dependabot
           versions.min
         end
+        def filter_unsupported_versions(versions_array, python_version)
+          versions_array.map do |details|
+            python_requirement = details.fetch(:python_requirement)
+            next details.fetch(:version) unless python_version
+            next details.fetch(:version) unless python_requirement
+            next unless python_requirement.satisfied_by?(python_version)
+            details.fetch(:version)
+          end.compact
+        end
         def filter_prerelease_versions(versions_array)
           return versions_array if wants_prerelease?
@@ -118,19 +138,13 @@ module Dependabot
                 raise PrivateSourceAuthenticationFailure, sanitized_url
               end
-              index_response.body.
-                scan(%r{<a\s.*?>(.*?)</a>}m).flatten.
-                select { |n| n.match?(name_regex) }.
-                map do |filename|
-                  version =
-                    filename.
-                    gsub(/#{name_regex}-/i, "").
-                    split(/-|\.tar\.|\.zip|\.whl/).
-                    first
-                  next unless version_class.correct?(version)
-                  version_class.new(version)
-                end.compact
+              version_links = []
+              index_response.body.scan(%r{<a\s.*?>.*?</a>}m) do
+                details = version_details_from_link(Regexp.last_match.to_s)
+                version_links << details if details
+              end
+              version_links.compact
             rescue Excon::Error::Timeout, Excon::Error::Socket
               raise if MAIN_PYPI_INDEXES.include?(index_url)
@@ -138,6 +152,38 @@ module Dependabot
             end
         end
+        def version_details_from_link(link)
+          filename = link.match(%r{<a\s.*?>(.*?)</a>}).captures.first
+          return unless filename.match?(name_regex)
+          version = get_version_from_filename(filename)
+          return unless version_class.correct?(version)
+          {
+            version: version_class.new(version),
+            python_requirement: build_python_requirement_from_link(link)
+          }
+        end
+        def get_version_from_filename(filename)
+          filename.
+            gsub(/#{name_regex}-/i, "").
+            split(/-|\.tar\.|\.zip|\.whl/).
+            first
+        end
+        def build_python_requirement_from_link(link)
+          req_string = link.
+                       match(PYTHON_REQUIREMENT_REGEX)&.
+                       named_captures&.
+                       fetch("requirement")
+          return unless req_string
+          requirement_class.new(CGI.unescapeHTML(req_string))
+        rescue Gem::Requirement::BadRequirementError
+          nil
+        end
         def index_urls
           @index_urls ||=
             IndexFinder.new(

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-python
 version: !ruby/object:Gem::Version
-  version: 0.108.19
+  version: 0.108.21
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-06-18 00:00:00.000000000 Z
+date: 2019-06-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.108.19
+        version: 0.108.21
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.108.19
+        version: 0.108.21
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement