dependabot-python 0.111.24 → 0.111.25
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/python.rb +6 -0
- data/lib/dependabot/python/file_parser.rb +1 -1
- data/lib/dependabot/python/file_parser/pipfile_files_parser.rb +1 -2
- data/lib/dependabot/python/file_parser/poetry_files_parser.rb +1 -2
- data/lib/dependabot/python/file_parser/setup_file_parser.rb +1 -2
- data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb +2 -2
- data/lib/dependabot/python/file_updater/pipfile_file_updater.rb +2 -2
- data/lib/dependabot/python/file_updater/pipfile_preparer.rb +2 -2
- data/lib/dependabot/python/file_updater/poetry_file_updater.rb +2 -2
- data/lib/dependabot/python/file_updater/pyproject_preparer.rb +2 -2
- data/lib/dependabot/python/file_updater/requirement_replacer.rb +2 -2
- data/lib/dependabot/python/update_checker.rb +2 -2
- data/lib/dependabot/python/update_checker/latest_version_finder.rb +11 -3
- data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb +2 -2
- data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb +2 -2
- data/lib/dependabot/python/update_checker/poetry_version_resolver.rb +2 -2
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d38ee5f205abe3d445efa70798b613ebc6fbdf984d1d7be097b15d69ca7e3bce
|
|
4
|
+
data.tar.gz: 5a6b7b801fc9f72b90b70b0d92324df3822874d98d8e87c15cb2ff1fc82c21b0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1d0489f5425c3d6deeddfbf254bf640d5b8fc0c175ef641adcd1644d837684e4970ba598ffa5b000b076e52ff187025322dd1b3f60ed392cd34113a5c8b896ee
|
|
7
|
+
data.tar.gz: 9a7109a141bdfb14f6e97ac06d004e11401832834cf08dc8e31509ede266bf7ca1082dcff46ecf6e009c646bd69359229135343cb34d4c8fdfdb7aa41f9de688
|
data/lib/dependabot/python.rb
CHANGED
|
@@ -25,3 +25,9 @@ Dependabot::Dependency.register_production_check(
|
|
|
25
25
|
groups.include?("dependencies")
|
|
26
26
|
end
|
|
27
27
|
)
|
|
28
|
+
|
|
29
|
+
# See https://www.python.org/dev/peps/pep-0503/#normalized-names
|
|
30
|
+
Dependabot::Dependency.register_name_normaliser(
|
|
31
|
+
"pip",
|
|
32
|
+
->(name) { name.downcase.gsub(/[-_.]+/, "-") }
|
|
33
|
+
)
|
|
@@ -183,7 +183,7 @@ module Dependabot
|
|
|
183
183
|
|
|
184
184
|
# See https://www.python.org/dev/peps/pep-0503/#normalized-names
|
|
185
185
|
def normalised_name(name)
|
|
186
|
-
|
|
186
|
+
Dependency.name_normaliser_for_package_manager("pip").call(name)
|
|
187
187
|
end
|
|
188
188
|
|
|
189
189
|
def check_required_files
|
|
@@ -133,9 +133,8 @@ module Dependabot
|
|
|
133
133
|
%w(git path).any? { |k| req.key?(k) }
|
|
134
134
|
end
|
|
135
135
|
|
|
136
|
-
# See https://www.python.org/dev/peps/pep-0503/#normalized-names
|
|
137
136
|
def normalised_name(name)
|
|
138
|
-
|
|
137
|
+
Dependency.name_normaliser_for_package_manager("pip").call(name)
|
|
139
138
|
end
|
|
140
139
|
|
|
141
140
|
def parsed_pipfile
|
|
@@ -97,9 +97,8 @@ module Dependabot
|
|
|
97
97
|
raise Dependabot::DependencyFileNotEvaluatable, e.message
|
|
98
98
|
end
|
|
99
99
|
|
|
100
|
-
# See https://www.python.org/dev/peps/pep-0503/#normalized-names
|
|
101
100
|
def normalise(name)
|
|
102
|
-
|
|
101
|
+
Dependency.name_normaliser_for_package_manager("pip").call(name)
|
|
103
102
|
end
|
|
104
103
|
|
|
105
104
|
def parsed_pyproject
|
|
@@ -163,9 +163,8 @@ module Dependabot
|
|
|
163
163
|
0
|
|
164
164
|
end
|
|
165
165
|
|
|
166
|
-
# See https://www.python.org/dev/peps/pep-0503/#normalized-names
|
|
167
166
|
def normalised_name(name)
|
|
168
|
-
|
|
167
|
+
Dependency.name_normaliser_for_package_manager("pip").call(name)
|
|
169
168
|
end
|
|
170
169
|
|
|
171
170
|
def setup_file
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
3
|
require "open3"
|
|
4
|
+
require "dependabot/dependency"
|
|
4
5
|
require "dependabot/python/requirement_parser"
|
|
5
6
|
require "dependabot/python/file_fetcher"
|
|
6
7
|
require "dependabot/python/file_parser/python_requirement_parser"
|
|
@@ -483,9 +484,8 @@ module Dependabot
|
|
|
483
484
|
matches.any? { |m| normalise(m[:name]) == dependency.name }
|
|
484
485
|
end
|
|
485
486
|
|
|
486
|
-
# See https://www.python.org/dev/peps/pep-0503/#normalized-names
|
|
487
487
|
def normalise(name)
|
|
488
|
-
|
|
488
|
+
Dependency.name_normaliser_for_package_manager("pip").call(name)
|
|
489
489
|
end
|
|
490
490
|
|
|
491
491
|
# If the files we need to update require one another then we need to
|
|
@@ -2,6 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
require "toml-rb"
|
|
4
4
|
require "open3"
|
|
5
|
+
require "dependabot/dependency"
|
|
5
6
|
require "dependabot/python/requirement_parser"
|
|
6
7
|
require "dependabot/python/file_parser/python_requirement_parser"
|
|
7
8
|
require "dependabot/python/file_updater"
|
|
@@ -419,9 +420,8 @@ module Dependabot
|
|
|
419
420
|
updated_file
|
|
420
421
|
end
|
|
421
422
|
|
|
422
|
-
# See https://www.python.org/dev/peps/pep-0503/#normalized-names
|
|
423
423
|
def normalise(name)
|
|
424
|
-
|
|
424
|
+
Dependency.name_normaliser_for_package_manager("pip").call(name)
|
|
425
425
|
end
|
|
426
426
|
|
|
427
427
|
def parsed_lockfile
|
|
@@ -2,6 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
require "toml-rb"
|
|
4
4
|
|
|
5
|
+
require "dependabot/dependency"
|
|
5
6
|
require "dependabot/python/file_parser"
|
|
6
7
|
require "dependabot/python/file_updater"
|
|
7
8
|
require "dependabot/python/authed_url_builder"
|
|
@@ -102,9 +103,8 @@ module Dependabot
|
|
|
102
103
|
@parsed_lockfile ||= JSON.parse(lockfile.content)
|
|
103
104
|
end
|
|
104
105
|
|
|
105
|
-
# See https://www.python.org/dev/peps/pep-0503/#normalized-names
|
|
106
106
|
def normalise(name)
|
|
107
|
-
|
|
107
|
+
Dependency.name_normaliser_for_package_manager("pip").call(name)
|
|
108
108
|
end
|
|
109
109
|
|
|
110
110
|
def pipfile_sources
|
|
@@ -2,6 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
require "toml-rb"
|
|
4
4
|
require "open3"
|
|
5
|
+
require "dependabot/dependency"
|
|
5
6
|
require "dependabot/shared_helpers"
|
|
6
7
|
require "dependabot/python/version"
|
|
7
8
|
require "dependabot/python/requirement"
|
|
@@ -289,9 +290,8 @@ module Dependabot
|
|
|
289
290
|
updated_file
|
|
290
291
|
end
|
|
291
292
|
|
|
292
|
-
# See https://www.python.org/dev/peps/pep-0503/#normalized-names
|
|
293
293
|
def normalise(name)
|
|
294
|
-
|
|
294
|
+
Dependency.name_normaliser_for_package_manager("pip").call(name)
|
|
295
295
|
end
|
|
296
296
|
|
|
297
297
|
def pyproject
|
|
@@ -2,6 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
require "toml-rb"
|
|
4
4
|
|
|
5
|
+
require "dependabot/dependency"
|
|
5
6
|
require "dependabot/python/file_parser"
|
|
6
7
|
require "dependabot/python/file_updater"
|
|
7
8
|
require "dependabot/python/authed_url_builder"
|
|
@@ -77,9 +78,8 @@ module Dependabot
|
|
|
77
78
|
find { |d| d["name"] == normalise(dep_name) }
|
|
78
79
|
end
|
|
79
80
|
|
|
80
|
-
# See https://www.python.org/dev/peps/pep-0503/#normalized-names
|
|
81
81
|
def normalise(name)
|
|
82
|
-
|
|
82
|
+
Dependency.name_normaliser_for_package_manager("pip").call(name)
|
|
83
83
|
end
|
|
84
84
|
|
|
85
85
|
def pyproject_sources
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
+
require "dependabot/dependency"
|
|
3
4
|
require "dependabot/python/requirement_parser"
|
|
4
5
|
require "dependabot/python/file_updater"
|
|
5
6
|
require "dependabot/shared_helpers"
|
|
@@ -165,9 +166,8 @@ module Dependabot
|
|
|
165
166
|
dec.to_s.strip
|
|
166
167
|
end
|
|
167
168
|
|
|
168
|
-
# See https://www.python.org/dev/peps/pep-0503/#normalized-names
|
|
169
169
|
def normalise(name)
|
|
170
|
-
|
|
170
|
+
Dependency.name_normaliser_for_package_manager("pip").call(name)
|
|
171
171
|
end
|
|
172
172
|
|
|
173
173
|
def requirements_match(req1, req2)
|
|
@@ -3,6 +3,7 @@
|
|
|
3
3
|
require "excon"
|
|
4
4
|
require "toml-rb"
|
|
5
5
|
|
|
6
|
+
require "dependabot/dependency"
|
|
6
7
|
require "dependabot/update_checkers"
|
|
7
8
|
require "dependabot/update_checkers/base"
|
|
8
9
|
require "dependabot/shared_helpers"
|
|
@@ -286,9 +287,8 @@ module Dependabot
|
|
|
286
287
|
false
|
|
287
288
|
end
|
|
288
289
|
|
|
289
|
-
# See https://www.python.org/dev/peps/pep-0503/#normalized-names
|
|
290
290
|
def normalised_name(name)
|
|
291
|
-
|
|
291
|
+
Dependency.name_normaliser_for_package_manager("pip").call(name)
|
|
292
292
|
end
|
|
293
293
|
|
|
294
294
|
def pipfile
|
|
@@ -4,6 +4,7 @@ require "cgi"
|
|
|
4
4
|
require "excon"
|
|
5
5
|
require "nokogiri"
|
|
6
6
|
|
|
7
|
+
require "dependabot/dependency"
|
|
7
8
|
require "dependabot/python/update_checker"
|
|
8
9
|
require "dependabot/shared_helpers"
|
|
9
10
|
require "dependabot/python/authed_url_builder"
|
|
@@ -45,6 +46,7 @@ module Dependabot
|
|
|
45
46
|
|
|
46
47
|
def fetch_latest_version(python_version:)
|
|
47
48
|
versions = available_versions
|
|
49
|
+
versions = filter_yanked_versions(versions)
|
|
48
50
|
versions = filter_unsupported_versions(versions, python_version)
|
|
49
51
|
versions = filter_prerelease_versions(versions)
|
|
50
52
|
versions = filter_ignored_versions(versions)
|
|
@@ -53,6 +55,7 @@ module Dependabot
|
|
|
53
55
|
|
|
54
56
|
def fetch_latest_version_with_no_unlock(python_version:)
|
|
55
57
|
versions = available_versions
|
|
58
|
+
versions = filter_yanked_versions(versions)
|
|
56
59
|
versions = filter_unsupported_versions(versions, python_version)
|
|
57
60
|
versions = filter_prerelease_versions(versions)
|
|
58
61
|
versions = filter_ignored_versions(versions)
|
|
@@ -62,6 +65,7 @@ module Dependabot
|
|
|
62
65
|
|
|
63
66
|
def fetch_lowest_security_fix_version(python_version:)
|
|
64
67
|
versions = available_versions
|
|
68
|
+
versions = filter_yanked_versions(versions)
|
|
65
69
|
versions = filter_unsupported_versions(versions, python_version)
|
|
66
70
|
versions = filter_prerelease_versions(versions)
|
|
67
71
|
versions = filter_ignored_versions(versions)
|
|
@@ -70,6 +74,10 @@ module Dependabot
|
|
|
70
74
|
versions.min
|
|
71
75
|
end
|
|
72
76
|
|
|
77
|
+
def filter_yanked_versions(versions_array)
|
|
78
|
+
versions_array.reject { |details| details.fetch(:yanked) }
|
|
79
|
+
end
|
|
80
|
+
|
|
73
81
|
def filter_unsupported_versions(versions_array, python_version)
|
|
74
82
|
versions_array.map do |details|
|
|
75
83
|
python_requirement = details.fetch(:python_requirement)
|
|
@@ -160,7 +168,8 @@ module Dependabot
|
|
|
160
168
|
|
|
161
169
|
{
|
|
162
170
|
version: version_class.new(version),
|
|
163
|
-
python_requirement: build_python_requirement_from_link(link)
|
|
171
|
+
python_requirement: build_python_requirement_from_link(link),
|
|
172
|
+
yanked: link&.include?("data-yanked")
|
|
164
173
|
}
|
|
165
174
|
end
|
|
166
175
|
|
|
@@ -212,9 +221,8 @@ module Dependabot
|
|
|
212
221
|
ignored_versions.map { |req| requirement_class.new(req.split(",")) }
|
|
213
222
|
end
|
|
214
223
|
|
|
215
|
-
# See https://www.python.org/dev/peps/pep-0503/#normalized-names
|
|
216
224
|
def normalised_name
|
|
217
|
-
|
|
225
|
+
Dependency.name_normaliser_for_package_manager("pip").call(name)
|
|
218
226
|
end
|
|
219
227
|
|
|
220
228
|
def name_regex
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
3
|
require "open3"
|
|
4
|
+
require "dependabot/dependency"
|
|
4
5
|
require "dependabot/python/requirement_parser"
|
|
5
6
|
require "dependabot/python/file_fetcher"
|
|
6
7
|
require "dependabot/python/file_parser"
|
|
@@ -343,9 +344,8 @@ module Dependabot
|
|
|
343
344
|
).updated_content
|
|
344
345
|
end
|
|
345
346
|
|
|
346
|
-
# See https://www.python.org/dev/peps/pep-0503/#normalized-names
|
|
347
347
|
def normalise(name)
|
|
348
|
-
|
|
348
|
+
Dependency.name_normaliser_for_package_manager("pip").call(name)
|
|
349
349
|
end
|
|
350
350
|
|
|
351
351
|
def clean_error_message(message)
|
|
@@ -3,6 +3,7 @@
|
|
|
3
3
|
require "excon"
|
|
4
4
|
require "toml-rb"
|
|
5
5
|
require "open3"
|
|
6
|
+
require "dependabot/dependency"
|
|
6
7
|
require "dependabot/errors"
|
|
7
8
|
require "dependabot/shared_helpers"
|
|
8
9
|
require "dependabot/python/file_parser"
|
|
@@ -479,9 +480,8 @@ module Dependabot
|
|
|
479
480
|
}
|
|
480
481
|
end
|
|
481
482
|
|
|
482
|
-
# See https://www.python.org/dev/peps/pep-0503/#normalized-names
|
|
483
483
|
def normalise(name)
|
|
484
|
-
|
|
484
|
+
Dependency.name_normaliser_for_package_manager("pip").call(name)
|
|
485
485
|
end
|
|
486
486
|
|
|
487
487
|
def pipfile
|
|
@@ -3,6 +3,7 @@
|
|
|
3
3
|
require "excon"
|
|
4
4
|
require "toml-rb"
|
|
5
5
|
require "open3"
|
|
6
|
+
require "dependabot/dependency"
|
|
6
7
|
require "dependabot/errors"
|
|
7
8
|
require "dependabot/shared_helpers"
|
|
8
9
|
require "dependabot/python/file_parser"
|
|
@@ -324,9 +325,8 @@ module Dependabot
|
|
|
324
325
|
)
|
|
325
326
|
end
|
|
326
327
|
|
|
327
|
-
# See https://www.python.org/dev/peps/pep-0503/#normalized-names
|
|
328
328
|
def normalise(name)
|
|
329
|
-
|
|
329
|
+
Dependency.name_normaliser_for_package_manager("pip").call(name)
|
|
330
330
|
end
|
|
331
331
|
end
|
|
332
332
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-python
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.111.
|
|
4
|
+
version: 0.111.25
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-07-
|
|
11
|
+
date: 2019-07-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.111.
|
|
19
|
+
version: 0.111.25
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.111.
|
|
26
|
+
version: 0.111.25
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|