RubyGems - dependabot-python - Versions diffs - 0.110.14 → 0.110.15 - Mend

dependabot-python 0.110.14 → 0.110.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml +4 -4
data/lib/dependabot/python/file_parser/python_requirement_parser.rb +9 -19
data/lib/dependabot/python/update_checker.rb +17 -10
data/lib/dependabot/python/update_checker/pip_version_resolver.rb +89 -0
metadata +5 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ce7ac9110e4d9fad6510995f9938ccfac0ac5ce62bb7b56b6bd5be4ba3b5dc2a
-  data.tar.gz: f0205fc6e19195f880333699486db230111912b3c79dfbde3fd02eb82b91df61
+  metadata.gz: 969f78c93199f4f7e88eae9764b88b6a3a76a0860c001c4fdb015205b39cf389
+  data.tar.gz: 9ba61eb87fd7b02cc18e448805b669cac0918f9e7e7485f3db214d4065aebb1f
 SHA512:
-  metadata.gz: a51dbc2c9bf9baec3d0e7b0081a90d3022e5f5a55a80e4489407a73fdaab0518e4ab15fc5bda18a95bc1b73e68c6d255b8214ccff06481506a312b56a2874f1e
-  data.tar.gz: a37f6ba59bd5009201c3b4242c7a1f6244bcc35429c9764a291b6f392538c1d508e62bbb89ccc1ba74fe47c1ffa5eaa835c1325d086255fdf505a1ccd484babd
+  metadata.gz: 0c62bbd0a1226594028680de60f154da19915133c2d2c97f090df9422d6dde4db493bcafbf5c1c69a036c018d86760c9fa79d1c9f05e946083e687f6d8b706b9
+  data.tar.gz: b39902d947dea6a3bd912cda1faf76dee526cb68c8bf1d62d7a6a0989b892c4c01949015737a5653495f2bf918b29f9e188ec9eeeffc20a2dae883e684719ddb

data/lib/dependabot/python/file_parser/python_requirement_parser.rb CHANGED Viewed

@@ -17,12 +17,12 @@ module Dependabot
           @dependency_files = dependency_files
         end
-        # TODO: Parse setup.py and setup.cfg to get python requirement
         def user_specified_requirement
           pipfile_python_requirement ||
             pyproject_python_requirement ||
             python_version_file_version ||
-            runtime_file_python_version
+            runtime_file_python_version ||
+            setup_file_requirement
         end
         # TODO: Add better Python version detection using dependency versions
@@ -88,18 +88,12 @@ module Dependabot
           file_version
         end
-        def pipenv_python_requirement
-          pipfile_lock_python_version || pipfile_python_requirement
-        end
-        def pipfile_lock_python_version
-          return unless pipfile_lock
+        def setup_file_requirement
+          return unless setup_file
-          JSON.parse(pipfile_lock.content).dig(
-            "_meta",
-            "host-environment-markers",
-            "python_full_version"
-          )
+          setup_file.content.
+            match(/python_requires\s*=\s*['"](?<req>[^'"]+)['"]/)&.
+            named_captures&.fetch("req")&.strip
         end
         def pyenv_versions
@@ -140,12 +134,8 @@ module Dependabot
           dependency_files.find { |f| f.name == "pyproject.toml" }
         end
-        def setup_files
-          dependency_files.select { |f| f.name.end_with?("setup.py") }
-        end
-        def setup_cfg_files
-          dependency_files.select { |f| f.name.end_with?("setup.cfg") }
+        def setup_file
+          dependency_files.find { |f| f.name == "setup.py" }
         end
         def python_version_file

data/lib/dependabot/python/update_checker.rb CHANGED Viewed

@@ -16,6 +16,7 @@ module Dependabot
       require_relative "update_checker/poetry_version_resolver"
       require_relative "update_checker/pipenv_version_resolver"
       require_relative "update_checker/pip_compile_version_resolver"
+      require_relative "update_checker/pip_version_resolver"
       require_relative "update_checker/requirements_updater"
       require_relative "update_checker/latest_version_finder"
@@ -45,10 +46,7 @@ module Dependabot
               requirement: unlocked_requirement_string
             )
           when :requirements
-            # pip doesn't (yet) do any dependency resolution, so if we don't
-            # have a Pipfile or a pip-compile file, we just return the latest
-            # version.
-            latest_version
+            pip_version_resolver.latest_resolvable_version
           else raise "Unexpected resolver type #{resolver_type}"
           end
       end
@@ -69,7 +67,7 @@ module Dependabot
               requirement: current_requirement_string
             )
           when :requirements
-            latest_pip_version_with_no_unlock
+            pip_version_resolver.latest_resolvable_version_with_no_unlock
           else raise "Unexpected resolver type #{resolver_type}"
           end
       end
@@ -121,7 +119,10 @@ module Dependabot
       def fetch_lowest_resolvable_security_fix_version
         fix_version = latest_version_finder.lowest_security_fix_version
         return latest_resolvable_version if fix_version.nil?
-        return fix_version if resolver_type == :requirements
+        if resolver_type == :requirements
+          return pip_version_resolver.lowest_resolvable_security_fix_version
+        end
         resolver =
           case resolver_type
@@ -186,6 +187,16 @@ module Dependabot
         @poetry_version_resolver ||= PoetryVersionResolver.new(resolver_args)
       end
+      def pip_version_resolver
+        @pip_version_resolver ||= PipVersionResolver.new(
+          dependency: dependency,
+          dependency_files: dependency_files,
+          credentials: credentials,
+          ignored_versions: ignored_versions,
+          security_advisories: security_advisories
+        )
+      end
       def resolver_args
         {
           dependency: dependency,
@@ -243,10 +254,6 @@ module Dependabot
         latest_version_finder.latest_version
       end
-      def latest_pip_version_with_no_unlock
-        latest_version_finder.latest_version_with_no_unlock
-      end
       def latest_version_finder
         @latest_version_finder ||= LatestVersionFinder.new(
           dependency: dependency,

data/lib/dependabot/python/update_checker/pip_version_resolver.rb ADDED Viewed

@@ -0,0 +1,89 @@
+# frozen_string_literal: true
+require "dependabot/python/update_checker"
+require "dependabot/python/update_checker/latest_version_finder"
+require "dependabot/python/file_parser/python_requirement_parser"
+module Dependabot
+  module Python
+    class UpdateChecker
+      class PipVersionResolver
+        def initialize(dependency:, dependency_files:, credentials:,
+                       ignored_versions:, security_advisories:)
+          @dependency          = dependency
+          @dependency_files    = dependency_files
+          @credentials         = credentials
+          @ignored_versions    = ignored_versions
+          @security_advisories = security_advisories
+        end
+        def latest_resolvable_version
+          latest_version_finder.latest_version(python_version: python_version)
+        end
+        def latest_resolvable_version_with_no_unlock
+          latest_version_finder.
+            latest_version_with_no_unlock(python_version: python_version)
+        end
+        def lowest_resolvable_security_fix_version
+          latest_version_finder.
+            lowest_security_fix_version(python_version: python_version)
+        end
+        private
+        attr_reader :dependency, :dependency_files, :credentials,
+                    :ignored_versions, :security_advisories
+        def latest_version_finder
+          @latest_version_finder ||= LatestVersionFinder.new(
+            dependency: dependency,
+            dependency_files: dependency_files,
+            credentials: credentials,
+            ignored_versions: ignored_versions,
+            security_advisories: security_advisories
+          )
+        end
+        def python_version
+          @python_version ||=
+            user_specified_python_version ||
+            python_version_matching_imputed_requirements ||
+            PythonVersions::PRE_INSTALLED_PYTHON_VERSIONS.first
+        end
+        def user_specified_python_version
+          return unless python_requirement_parser.user_specified_requirement
+          user_specified_requirement =
+            Dependabot::Python::Requirement.new(
+              python_requirement_parser.user_specified_requirement
+            )
+          python_version_matching([user_specified_requirement])
+        end
+        def python_version_matching_imputed_requirements
+          compiled_file_python_requirement_markers =
+            python_requirement_parser.imputed_requirements.map do |r|
+              Dependabot::Python::Requirement.new(r)
+            end
+          python_version_matching(compiled_file_python_requirement_markers)
+        end
+        def python_version_matching(requirements)
+          PythonVersions::SUPPORTED_VERSIONS_TO_ITERATE.find do |version_string|
+            version = Python::Version.new(version_string)
+            requirements.all? { |req| req.satisfied_by?(version) }
+          end
+        end
+        def python_requirement_parser
+          @python_requirement_parser ||=
+            FileParser::PythonRequirementParser.
+            new(dependency_files: dependency_files)
+        end
+      end
+    end
+  end
+end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-python
 version: !ruby/object:Gem::Version
-  version: 0.110.14
+  version: 0.110.15
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-07-02 00:00:00.000000000 Z
+date: 2019-07-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.110.14
+        version: 0.110.15
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.110.14
+        version: 0.110.15
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
@@ -176,6 +176,7 @@ files:
 - lib/dependabot/python/update_checker/index_finder.rb
 - lib/dependabot/python/update_checker/latest_version_finder.rb
 - lib/dependabot/python/update_checker/pip_compile_version_resolver.rb
+- lib/dependabot/python/update_checker/pip_version_resolver.rb
 - lib/dependabot/python/update_checker/pipenv_version_resolver.rb
 - lib/dependabot/python/update_checker/poetry_version_resolver.rb
 - lib/dependabot/python/update_checker/requirements_updater.rb