RubyGems - dependabot-python - Versions diffs - 0.108.19 → 0.108.21 - Mend

dependabot-python 0.108.19 → 0.108.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml +4 -4
data/lib/dependabot/python/file_parser/setup_file_parser.rb +34 -15
data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb +1 -0
data/lib/dependabot/python/update_checker/latest_version_finder.rb +68 -22
metadata +4 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5e0f7ee1df3e5d469f00a05bd8b7806c2204279f97e1394f6d3be2442c26c6f0
-  data.tar.gz: b34a290ea0a8748858fdb22292961d72ad0b3eb97868c4ead1054a5aaf7ea79d
+  metadata.gz: 854e1401da6d4347a3ee43320ad1c92c6f74c54794f456722b2914453947c1ff
+  data.tar.gz: adba97d1c4efb823a34c46bea97569f09aa34bb3a3b1ec7aa9db76df93923a81
 SHA512:
-  metadata.gz: a91f8ce18580038e1e6de4d0889fa848287a1accd8c457b23568f8f0ca65be411872284af5bace3be7fcb23f4531a922d9b373fd803061442391ae4e6cc25d16
-  data.tar.gz: b83afaac5e110ebc65b60454a58bc0256100899e39571b5c165ad0fa6fe774dc0452851ee5aa86b6641d5223bdaa83a41de687d0a245c3dbac5e70e8a6c42a03
+  metadata.gz: 2afd4503cc8f06a7a445a8dc48cb67510adceda5711588c4d44434094427921665cdf76408b443b3451c2f824323cb50391b8f0fa7443026f7a74211d42878fb
+  data.tar.gz: 5720f061637253c91d2fae8408c03607b9b47e16a88365dc6f98537a120a582b08f950d0d77b509b7bbb4b6a08e696902081d59f6181157d9341bfff82fe1c34

data/lib/dependabot/python/file_parser/setup_file_parser.rb CHANGED Viewed

@@ -11,11 +11,12 @@ module Dependabot
   module Python
     class FileParser
       class SetupFileParser
-        INSTALL_REQUIRES_REGEX =
-          /install_requires\s*=\s*(\[.*?\])[,)\s]/m.freeze
-        SETUP_REQUIRES_REGEX = /setup_requires\s*=\s*(\[.*?\])[,)\s]/m.freeze
-        TESTS_REQUIRE_REGEX = /tests_require\s*=\s*(\[.*?\])[,)\s]/m.freeze
-        EXTRAS_REQUIRE_REGEX = /extras_require\s*=\s*(\{.*?\})[,)\s]/m.freeze
+        INSTALL_REQUIRES_REGEX = /install_requires\s*=\s*\[/m.freeze
+        SETUP_REQUIRES_REGEX = /setup_requires\s*=\s*\[/m.freeze
+        TESTS_REQUIRE_REGEX = /tests_require\s*=\s*\[/m.freeze
+        EXTRAS_REQUIRE_REGEX = /extras_require\s*=\s*\{/m.freeze
+        CLOSING_BRACKET = { "[" => "]", "{" => "}" }.freeze
         def initialize(dependency_files:)
           @dependency_files = dependency_files
@@ -121,16 +122,10 @@ module Dependabot
         # entries are dynamic), but it is an alternative approach to the one
         # used in parser.py which sometimes succeeds when that has failed.
         def write_sanitized_setup_file
-          original_content = setup_file.content
-          install_requires =
-            original_content.match(INSTALL_REQUIRES_REGEX)&.captures&.first
-          setup_requires =
-            original_content.match(SETUP_REQUIRES_REGEX)&.captures&.first
-          tests_require =
-            original_content.match(TESTS_REQUIRE_REGEX)&.captures&.first
-          extras_require =
-            original_content.match(EXTRAS_REQUIRE_REGEX)&.captures&.first
+          install_requires = get_regexed_req_array(INSTALL_REQUIRES_REGEX)
+          setup_requires = get_regexed_req_array(SETUP_REQUIRES_REGEX)
+          tests_require = get_regexed_req_array(TESTS_REQUIRE_REGEX)
+          extras_require = get_regexed_req_dict(EXTRAS_REQUIRE_REGEX)
           tmp = "from setuptools import setup\n\n"\
                 "setup(name=\"sanitized-package\",version=\"0.0.1\","
@@ -144,6 +139,30 @@ module Dependabot
           File.write("setup.py", tmp)
         end
+        def get_regexed_req_array(regex)
+          return unless (mch = setup_file.content.match(regex))
+          "[#{mch.post_match[0..closing_bracket_index(mch.post_match, '[')]}"
+        end
+        def get_regexed_req_dict(regex)
+          return unless (mch = setup_file.content.match(regex))
+          "{#{mch.post_match[0..closing_bracket_index(mch.post_match, '{')]}"
+        end
+        def closing_bracket_index(string, bracket)
+          closes_required = 1
+          string.chars.each_with_index do |char, index|
+            closes_required += 1 if char == bracket
+            closes_required -= 1 if char == CLOSING_BRACKET.fetch(bracket)
+            return index if closes_required.zero?
+          end
+          0
+        end
         # See https://www.python.org/dev/peps/pep-0503/#normalized-names
         def normalised_name(name)
           name.downcase.gsub(/[-_.]+/, "-")

data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb CHANGED Viewed

@@ -446,6 +446,7 @@ module Dependabot
             options << "--no-header"
           end
+          options << "--pre" if requirements_file.content.include?("--pre")
           options.join(" ")
         end

data/lib/dependabot/python/update_checker/latest_version_finder.rb CHANGED Viewed

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
+require "cgi"
 require "excon"
 require "dependabot/python/update_checker"
@@ -12,6 +13,9 @@ module Dependabot
       class LatestVersionFinder
         require_relative "index_finder"
+        PYTHON_REQUIREMENT_REGEX =
+          /data-requires-python\s*=\s*["'](?<requirement>[^"']+)["']/m.freeze
         def initialize(dependency:, dependency_files:, credentials:,
                        ignored_versions:, security_advisories:)
           @dependency          = dependency
@@ -21,17 +25,19 @@ module Dependabot
           @security_advisories = security_advisories
         end
-        def latest_version
-          @latest_version ||= fetch_latest_version
+        def latest_version(python_version: nil)
+          @latest_version ||=
+            fetch_latest_version(python_version: python_version)
         end
-        def latest_version_with_no_unlock
+        def latest_version_with_no_unlock(python_version: nil)
           @latest_version_with_no_unlock ||=
-            fetch_latest_version_with_no_unlock
+            fetch_latest_version_with_no_unlock(python_version: python_version)
         end
-        def lowest_security_fix_version
-          @lowest_security_fix_version ||= fetch_lowest_security_fix_version
+        def lowest_security_fix_version(python_version: nil)
+          @lowest_security_fix_version ||=
+            fetch_lowest_security_fix_version(python_version: python_version)
         end
         private
@@ -39,23 +45,26 @@ module Dependabot
         attr_reader :dependency, :dependency_files, :credentials,
                     :ignored_versions, :security_advisories
-        def fetch_latest_version
+        def fetch_latest_version(python_version:)
           versions = available_versions
+          versions = filter_unsupported_versions(versions, python_version)
           versions = filter_prerelease_versions(versions)
           versions = filter_ignored_versions(versions)
           versions.max
         end
-        def fetch_latest_version_with_no_unlock
+        def fetch_latest_version_with_no_unlock(python_version:)
           versions = available_versions
+          versions = filter_unsupported_versions(versions, python_version)
           versions = filter_prerelease_versions(versions)
           versions = filter_ignored_versions(versions)
           versions = filter_out_of_range_versions(versions)
           versions.max
         end
-        def fetch_lowest_security_fix_version
+        def fetch_lowest_security_fix_version(python_version:)
           versions = available_versions
+          versions = filter_unsupported_versions(versions, python_version)
           versions = filter_prerelease_versions(versions)
           versions = filter_ignored_versions(versions)
           versions = filter_vulnerable_versions(versions)
@@ -63,6 +72,17 @@ module Dependabot
           versions.min
         end
+        def filter_unsupported_versions(versions_array, python_version)
+          versions_array.map do |details|
+            python_requirement = details.fetch(:python_requirement)
+            next details.fetch(:version) unless python_version
+            next details.fetch(:version) unless python_requirement
+            next unless python_requirement.satisfied_by?(python_version)
+            details.fetch(:version)
+          end.compact
+        end
         def filter_prerelease_versions(versions_array)
           return versions_array if wants_prerelease?
@@ -118,19 +138,13 @@ module Dependabot
                 raise PrivateSourceAuthenticationFailure, sanitized_url
               end
-              index_response.body.
-                scan(%r{<a\s.*?>(.*?)</a>}m).flatten.
-                select { |n| n.match?(name_regex) }.
-                map do |filename|
-                  version =
-                    filename.
-                    gsub(/#{name_regex}-/i, "").
-                    split(/-|\.tar\.|\.zip|\.whl/).
-                    first
-                  next unless version_class.correct?(version)
-                  version_class.new(version)
-                end.compact
+              version_links = []
+              index_response.body.scan(%r{<a\s.*?>.*?</a>}m) do
+                details = version_details_from_link(Regexp.last_match.to_s)
+                version_links << details if details
+              end
+              version_links.compact
             rescue Excon::Error::Timeout, Excon::Error::Socket
               raise if MAIN_PYPI_INDEXES.include?(index_url)
@@ -138,6 +152,38 @@ module Dependabot
             end
         end
+        def version_details_from_link(link)
+          filename = link.match(%r{<a\s.*?>(.*?)</a>}).captures.first
+          return unless filename.match?(name_regex)
+          version = get_version_from_filename(filename)
+          return unless version_class.correct?(version)
+          {
+            version: version_class.new(version),
+            python_requirement: build_python_requirement_from_link(link)
+          }
+        end
+        def get_version_from_filename(filename)
+          filename.
+            gsub(/#{name_regex}-/i, "").
+            split(/-|\.tar\.|\.zip|\.whl/).
+            first
+        end
+        def build_python_requirement_from_link(link)
+          req_string = link.
+                       match(PYTHON_REQUIREMENT_REGEX)&.
+                       named_captures&.
+                       fetch("requirement")
+          return unless req_string
+          requirement_class.new(CGI.unescapeHTML(req_string))
+        rescue Gem::Requirement::BadRequirementError
+          nil
+        end
         def index_urls
           @index_urls ||=
             IndexFinder.new(

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-python
 version: !ruby/object:Gem::Version
-  version: 0.108.19
+  version: 0.108.21
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-06-18 00:00:00.000000000 Z
+date: 2019-06-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.108.19
+        version: 0.108.21
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.108.19
+        version: 0.108.21
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement