dependabot-python 0.111.27 → 0.111.28

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e240917970cfdb0ebd6d48acaa79c18d613baf1f138ca6207d101910c9810069
-  data.tar.gz: 13be53930a68a1dad68ef8bad2e6485e2ce5acd2a60871b2a8d76a12db39d33e
+  metadata.gz: 9d8b6adc1f2d136a92dbf6980f1fb0e2402ee04d8671e067c017fdef952b727d
+  data.tar.gz: c05e90c49c095f40c32950ce894cf8131fea9e11708b228c455a5b6eed8fd859
 SHA512:
-  metadata.gz: 15399689e9e8baca73f44699537e5944eb111b2b78761fe0bd122216e2a31cb882c67380371f6e703c91eae962b9bfc8cd37aa320b155df37eab8847ecf47524
-  data.tar.gz: 8208b476b422d9a0f6be76c2c5b48fde1f6b61455cfa91f3c5930aff3fe8eb3ea88056a2e11cbf01368ce9ac594847ccb57ca0f4265759ec326518e172f34f49
+  metadata.gz: de00b1055f33feda4ff3f6bba2a4111f0eb1d2003dc3c058a242ac66a9cc945706ca3f4bcdbb2b6e7c180086aed3602758cef322fae5a7023551399411eb749f
+  data.tar.gz: c83b4e3756d6817cb03dfa01cd8e1aeaa3933eed558136e206725101f9aa5682776b91fe244a99879963cd568f3aee2cf52760234b61cde71d19b0a27de83ae6

data/helpers/requirements.txt

@@ -1,5 +1,5 @@
-pip==19.1.1
-pip-tools==3.9.0
+pip==19.2.1
+pip-tools==4.0.0
 hashin==0.14.5
 pipenv==2018.11.26
 pipfile==0.0.2

data/lib/dependabot/python.rb

@@ -9,6 +9,7 @@ require "dependabot/python/file_updater"
 require "dependabot/python/metadata_finder"
 require "dependabot/python/requirement"
 require "dependabot/python/version"
+require "dependabot/python/name_normaliser"
 
 require "dependabot/pull_request_creator/labeler"
 Dependabot::PullRequestCreator::Labeler.
@@ -29,5 +30,5 @@ Dependabot::Dependency.register_production_check(
 # See https://www.python.org/dev/peps/pep-0503/#normalized-names
 Dependabot::Dependency.register_name_normaliser(
   "pip",
-  ->(name) { name.downcase.gsub(/[-_.]+/, "-") }
+  ->(name) { NameNormaliser.normalise(name) }
 )

data/lib/dependabot/python/file_parser.rb

@@ -9,6 +9,7 @@ require "dependabot/shared_helpers"
 require "dependabot/python/requirement"
 require "dependabot/errors"
 require "dependabot/python/native_helpers"
+require "dependabot/python/name_normaliser"
 
 module Dependabot
   module Python
@@ -137,6 +138,9 @@ module Dependabot
         return false unless pip_compile_files.any?
         return false unless filename.end_with?(".txt")
 
+        file = dependency_files.find { |f| f.name == filename }
+        return true if file&.content&.match?(output_file_regex(filename))
+
         basename = filename.gsub(/\.txt$/, "")
         pip_compile_files.any? { |f| f.name == basename + ".in" }
       end
@@ -181,9 +185,8 @@ module Dependabot
           end
       end
 
-      # See https://www.python.org/dev/peps/pep-0503/#normalized-names
       def normalised_name(name)
-        Dependency.name_normaliser_for_package_manager("pip").call(name)
+        NameNormaliser.normalise(name)
       end
 
       def check_required_files
@@ -213,6 +216,10 @@ module Dependabot
         raise Dependabot::DependencyFileNotParseable, pyproject.path
       end
 
+      def output_file_regex(filename)
+        "--output-file[=\s]+#{Regexp.escape(filename)}(?:\s|$)"
+      end
+
       def pyproject
         @pyproject ||= get_original_file("pyproject.toml")
       end
@@ -237,5 +244,4 @@ module Dependabot
   end
 end
 
-Dependabot::FileParsers.
-  register("pip", Dependabot::Python::FileParser)
+Dependabot::FileParsers.register("pip", Dependabot::Python::FileParser)

data/lib/dependabot/python/file_parser/pipfile_files_parser.rb

@@ -6,6 +6,7 @@ require "dependabot/dependency"
 require "dependabot/file_parsers/base/dependency_set"
 require "dependabot/python/file_parser"
 require "dependabot/errors"
+require "dependabot/python/name_normaliser"
 
 module Dependabot
   module Python
@@ -134,7 +135,7 @@ module Dependabot
         end
 
         def normalised_name(name)
-          Dependency.name_normaliser_for_package_manager("pip").call(name)
+          NameNormaliser.normalise(name)
         end
 
         def parsed_pipfile

data/lib/dependabot/python/file_parser/poetry_files_parser.rb

@@ -7,6 +7,7 @@ require "dependabot/file_parsers/base/dependency_set"
 require "dependabot/python/file_parser"
 require "dependabot/python/requirement"
 require "dependabot/errors"
+require "dependabot/python/name_normaliser"
 
 module Dependabot
   module Python
@@ -98,7 +99,7 @@ module Dependabot
         end
 
         def normalise(name)
-          Dependency.name_normaliser_for_package_manager("pip").call(name)
+          NameNormaliser.normalise(name)
         end
 
         def parsed_pyproject

data/lib/dependabot/python/file_parser/setup_file_parser.rb

@@ -6,6 +6,7 @@ require "dependabot/file_parsers/base/dependency_set"
 require "dependabot/shared_helpers"
 require "dependabot/python/file_parser"
 require "dependabot/python/native_helpers"
+require "dependabot/python/name_normaliser"
 
 module Dependabot
   module Python
@@ -164,7 +165,7 @@ module Dependabot
         end
 
         def normalised_name(name)
-          Dependency.name_normaliser_for_package_manager("pip").call(name)
+          NameNormaliser.normalise(name)
         end
 
         def setup_file

data/lib/dependabot/python/file_updater.rb

@@ -143,5 +143,4 @@ module Dependabot
   end
 end
 
-Dependabot::FileUpdaters.
-  register("pip", Dependabot::Python::FileUpdater)
+Dependabot::FileUpdaters.register("pip", Dependabot::Python::FileUpdater)

data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb

@@ -9,6 +9,7 @@ require "dependabot/python/file_updater"
 require "dependabot/shared_helpers"
 require "dependabot/python/native_helpers"
 require "dependabot/python/python_versions"
+require "dependabot/python/name_normaliser"
 
 module Dependabot
   module Python
@@ -203,7 +204,8 @@ module Dependabot
         def error_suggests_bad_python_version?(message)
           return true if message.include?("not find a version that satisfies")
 
-          message.include?('Command "python setup.py egg_info" failed')
+          message.include?('Command "python setup.py egg_info" failed') ||
+            message.include?("exit status 1: python setup.py egg_info")
         end
 
         def write_updated_dependency_files
@@ -422,15 +424,13 @@ module Dependabot
         end
 
         def pip_compile_options(filename)
-          current_requirements_file_name = filename.sub(/\.in$/, ".txt")
+          requirements_file = compiled_file_for_filename(filename)
+          return "--build-isolation" unless requirements_file
 
-          requirements_file =
-            dependency_files.
-            find { |f| f.name == current_requirements_file_name }
-
-          return unless requirements_file
-
-          options = ["--build-isolation"]
+          options = [
+            "--build-isolation",
+            "--output-file=#{requirements_file.name}"
+          ]
 
           if requirements_file.content.include?("--hash=sha")
             options << "--generate-hashes"
@@ -464,8 +464,7 @@ module Dependabot
 
           files_from_compiled_files =
             pip_compile_files.map(&:name).select do |fn|
-              compiled_file = dependency_files.
-                              find { |f| f.name == fn.gsub(/\.in$/, ".txt") }
+              compiled_file = compiled_file_for_filename(fn)
               compiled_file_includes_dependency?(compiled_file)
             end
 
@@ -474,6 +473,22 @@ module Dependabot
           order_filenames_for_compilation(filenames)
         end
 
+        def compiled_file_for_filename(filename)
+          compiled_file =
+            compiled_files.
+            find { |f| f.content.match?(output_file_regex(filename)) }
+
+          compiled_file ||=
+            compiled_files.
+            find { |f| f.name == filename.gsub(/\.in$/, ".txt") }
+
+          compiled_file
+        end
+
+        def output_file_regex(filename)
+          "--output-file[=\s]+.*\s#{Regexp.escape(filename)}\s*$"
+        end
+
         def compiled_file_includes_dependency?(compiled_file)
           return false unless compiled_file
 
@@ -485,7 +500,7 @@ module Dependabot
         end
 
         def normalise(name)
-          Dependency.name_normaliser_for_package_manager("pip").call(name)
+          NameNormaliser.normalise(name)
         end
 
         # If the files we need to update require one another then we need to

data/lib/dependabot/python/file_updater/pipfile_file_updater.rb

@@ -8,6 +8,7 @@ require "dependabot/python/file_parser/python_requirement_parser"
 require "dependabot/python/file_updater"
 require "dependabot/shared_helpers"
 require "dependabot/python/native_helpers"
+require "dependabot/python/name_normaliser"
 
 module Dependabot
   module Python
@@ -290,7 +291,8 @@ module Dependabot
         def error_suggests_bad_python_version?(message)
           return true if message.include?("UnsupportedPythonVersion")
 
-          message.include?('Command "python setup.py egg_info" failed')
+          message.include?('Command "python setup.py egg_info" failed') ||
+            message.include?("exit status 1: python setup.py egg_info")
         end
 
         def write_temporary_dependency_files(pipfile_content)
@@ -421,7 +423,7 @@ module Dependabot
         end
 
         def normalise(name)
-          Dependency.name_normaliser_for_package_manager("pip").call(name)
+          NameNormaliser.normalise(name)
         end
 
         def parsed_lockfile

data/lib/dependabot/python/file_updater/pipfile_preparer.rb

@@ -6,6 +6,7 @@ require "dependabot/dependency"
 require "dependabot/python/file_parser"
 require "dependabot/python/file_updater"
 require "dependabot/python/authed_url_builder"
+require "dependabot/python/name_normaliser"
 
 module Dependabot
   module Python
@@ -104,7 +105,7 @@ module Dependabot
         end
 
         def normalise(name)
-          Dependency.name_normaliser_for_package_manager("pip").call(name)
+          NameNormaliser.normalise(name)
         end
 
         def pipfile_sources

data/lib/dependabot/python/file_updater/poetry_file_updater.rb

@@ -10,6 +10,7 @@ require "dependabot/python/python_versions"
 require "dependabot/python/file_parser/python_requirement_parser"
 require "dependabot/python/file_updater"
 require "dependabot/python/native_helpers"
+require "dependabot/python/name_normaliser"
 
 module Dependabot
   module Python
@@ -291,7 +292,7 @@ module Dependabot
         end
 
         def normalise(name)
-          Dependency.name_normaliser_for_package_manager("pip").call(name)
+          NameNormaliser.normalise(name)
         end
 
         def pyproject

data/lib/dependabot/python/file_updater/pyproject_preparer.rb

@@ -6,6 +6,7 @@ require "dependabot/dependency"
 require "dependabot/python/file_parser"
 require "dependabot/python/file_updater"
 require "dependabot/python/authed_url_builder"
+require "dependabot/python/name_normaliser"
 require "securerandom"
 
 module Dependabot
@@ -79,7 +80,7 @@ module Dependabot
         end
 
         def normalise(name)
-          Dependency.name_normaliser_for_package_manager("pip").call(name)
+          NameNormaliser.normalise(name)
         end
 
         def pyproject_sources

data/lib/dependabot/python/file_updater/requirement_replacer.rb

@@ -5,6 +5,7 @@ require "dependabot/python/requirement_parser"
 require "dependabot/python/file_updater"
 require "dependabot/shared_helpers"
 require "dependabot/python/native_helpers"
+require "dependabot/python/name_normaliser"
 
 module Dependabot
   module Python
@@ -167,7 +168,7 @@ module Dependabot
         end
 
         def normalise(name)
-          Dependency.name_normaliser_for_package_manager("pip").call(name)
+          NameNormaliser.normalise(name)
         end
 
         def requirements_match(req1, req2)

data/lib/dependabot/python/metadata_finder.rb

@@ -173,5 +173,4 @@ module Dependabot
   end
 end
 
-Dependabot::MetadataFinders.
-  register("pip", Dependabot::Python::MetadataFinder)
+Dependabot::MetadataFinders.register("pip", Dependabot::Python::MetadataFinder)

data/lib/dependabot/python/name_normaliser.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module Dependabot
+  module Python
+    module NameNormaliser
+      def self.normalise(name)
+        name.downcase.gsub(/[-_.]+/, "-")
+      end
+    end
+  end
+end

data/lib/dependabot/python/update_checker.rb

@@ -10,6 +10,7 @@ require "dependabot/shared_helpers"
 require "dependabot/errors"
 require "dependabot/python/requirement"
 require "dependabot/python/requirement_parser"
+require "dependabot/python/name_normaliser"
 
 module Dependabot
   module Python
@@ -288,7 +289,7 @@ module Dependabot
       end
 
       def normalised_name(name)
-        Dependency.name_normaliser_for_package_manager("pip").call(name)
+        NameNormaliser.normalise(name)
       end
 
       def pipfile
@@ -318,5 +319,4 @@ module Dependabot
   end
 end
 
-Dependabot::UpdateCheckers.
-  register("pip", Dependabot::Python::UpdateChecker)
+Dependabot::UpdateCheckers.register("pip", Dependabot::Python::UpdateChecker)

data/lib/dependabot/python/update_checker/latest_version_finder.rb

@@ -8,6 +8,7 @@ require "dependabot/dependency"
 require "dependabot/python/update_checker"
 require "dependabot/shared_helpers"
 require "dependabot/python/authed_url_builder"
+require "dependabot/python/name_normaliser"
 
 module Dependabot
   module Python
@@ -222,9 +223,7 @@ module Dependabot
         end
 
         def normalised_name
-          Dependency.
-            name_normaliser_for_package_manager("pip").
-            call(dependency.name)
+          NameNormaliser.normalise(dependency.name)
         end
 
         def name_regex

data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb

@@ -13,6 +13,7 @@ require "dependabot/python/version"
 require "dependabot/shared_helpers"
 require "dependabot/python/native_helpers"
 require "dependabot/python/python_versions"
+require "dependabot/python/name_normaliser"
 
 module Dependabot
   module Python
@@ -74,14 +75,15 @@ module Dependabot
                   # This is slow, as pip-compile needs to do installs.
                   run_pip_compile_command(
                     "pyenv exec pip-compile --allow-unsafe "\
-                     "--build-isolation -P #{dependency.name} #{filename}"
+                     "#{pip_compile_options(filename)} -P #{dependency.name} "\
+                     "#{filename}"
                   )
                   # Run pip-compile a second time, without an update argument,
                   # to ensure it handles markers correctly
                   write_original_manifest_files unless dependency.top_level?
                   run_pip_compile_command(
                     "pyenv exec pip-compile --allow-unsafe "\
-                     "--build-isolation #{filename}"
+                     "#{pip_compile_options(filename)} #{filename}"
                   )
                 end
 
@@ -196,6 +198,16 @@ module Dependabot
           )
         end
 
+        def pip_compile_options(filename)
+          requirements_file = compiled_file_for_filename(filename)
+          return "--build-isolation" unless requirements_file
+
+          [
+            "--build-isolation",
+            "--output-file=#{requirements_file.name}"
+          ].join(" ")
+        end
+
         def run_pip_compile_command(command)
           run_command("pyenv local #{python_version}")
           run_command(command)
@@ -250,7 +262,8 @@ module Dependabot
         end
 
         def error_certainly_bad_python_version?(message)
-          unless message.include?('Command "python setup.py egg_info" failed')
+          unless message.include?('"python setup.py egg_info" failed') ||
+                 message.include?("exit status 1: python setup.py egg_info")
             return false
           end
 
@@ -261,7 +274,8 @@ module Dependabot
           return true if message.include?("not find a version that satisfies")
           return true if message.include?("No matching distribution found")
 
-          message.include?('Command "python setup.py egg_info" failed')
+          message.include?('Command "python setup.py egg_info" failed') ||
+            message.include?("exit status 1: python setup.py egg_info")
         end
 
         def write_temporary_dependency_files(updated_req: nil,
@@ -345,7 +359,7 @@ module Dependabot
         end
 
         def normalise(name)
-          Dependency.name_normaliser_for_package_manager("pip").call(name)
+          NameNormaliser.normalise(name)
         end
 
         def clean_error_message(message)
@@ -367,8 +381,7 @@ module Dependabot
 
           files_from_compiled_files =
             pip_compile_files.map(&:name).select do |fn|
-              compiled_file = dependency_files.
-                              find { |f| f.name == fn.gsub(/\.in$/, ".txt") }
+              compiled_file = compiled_file_for_filename(fn)
               compiled_file_includes_dependency?(compiled_file)
             end
 
@@ -377,6 +390,22 @@ module Dependabot
           order_filenames_for_compilation(filenames)
         end
 
+        def compiled_file_for_filename(filename)
+          compiled_file =
+            compiled_files.
+            find { |f| f.content.match?(output_file_regex(filename)) }
+
+          compiled_file ||=
+            compiled_files.
+            find { |f| f.name == filename.gsub(/\.in$/, ".txt") }
+
+          compiled_file
+        end
+
+        def output_file_regex(filename)
+          "--output-file[=\s]+.*\s#{Regexp.escape(filename)}\s*$"
+        end
+
         def compiled_file_includes_dependency?(compiled_file)
           return false unless compiled_file
 

data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb

@@ -13,6 +13,7 @@ require "dependabot/python/file_updater/setup_file_sanitizer"
 require "dependabot/python/update_checker"
 require "dependabot/python/python_versions"
 require "dependabot/python/native_helpers"
+require "dependabot/python/name_normaliser"
 require "dependabot/python/version"
 
 # rubocop:disable Metrics/ClassLength
@@ -467,7 +468,8 @@ module Dependabot
           return true if error_message.include?("UnsupportedPythonVersion")
           return true if error_message.include?("at matches #{dependency.name}")
 
-          error_message.include?('Command "python setup.py egg_info" failed')
+          error_message.include?('Command "python setup.py egg_info" failed') ||
+            message.include?("exit status 1: python setup.py egg_info")
         end
 
         def pipenv_env_variables
@@ -481,7 +483,7 @@ module Dependabot
         end
 
         def normalise(name)
-          Dependency.name_normaliser_for_package_manager("pip").call(name)
+          NameNormaliser.normalise(name)
         end
 
         def pipfile

data/lib/dependabot/python/update_checker/poetry_version_resolver.rb

@@ -15,6 +15,7 @@ require "dependabot/python/requirement"
 require "dependabot/python/native_helpers"
 require "dependabot/python/python_versions"
 require "dependabot/python/authed_url_builder"
+require "dependabot/python/name_normaliser"
 
 module Dependabot
   module Python
@@ -326,7 +327,7 @@ module Dependabot
         end
 
         def normalise(name)
-          Dependency.name_normaliser_for_package_manager("pip").call(name)
+          NameNormaliser.normalise(name)
         end
       end
     end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-python
 version: !ruby/object:Gem::Version
-  version: 0.111.27
+  version: 0.111.28
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-07-24 00:00:00.000000000 Z
+date: 2019-07-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.111.27
+        version: 0.111.28
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.111.27
+        version: 0.111.28
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
@@ -168,6 +168,7 @@ files:
 - lib/dependabot/python/file_updater/requirement_replacer.rb
 - lib/dependabot/python/file_updater/setup_file_sanitizer.rb
 - lib/dependabot/python/metadata_finder.rb
+- lib/dependabot/python/name_normaliser.rb
 - lib/dependabot/python/native_helpers.rb
 - lib/dependabot/python/python_versions.rb
 - lib/dependabot/python/requirement.rb