dependabot-python 0.125.0 → 0.125.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 12e5bbeee4b27147a620081cd204952cb5475813db41128db555610da2ebd727
-  data.tar.gz: 9d18972622e36ed15f5975fd67fc92ed04f7dbb5a79721ca97ae30ae9acb1001
+  metadata.gz: d63cab58ba9012b42f69237f7ff203223a7658f35533da97f6260ea045631062
+  data.tar.gz: 75bb5f0e238c2bad82f6da37b60f13796dc7a5686fa9268267cbac8f5f97ffb7
 SHA512:
-  metadata.gz: 49139f1816e3937e9fd1445a451160e23470eba99eb0c3e2c9d975a93c010dbec55b9f5b95a93373ba36169ca9060abd2246f4336bacfe96d4e41ad8144a5abf
-  data.tar.gz: 6007e0425b34a13f8647843d168adcbf2dce69595ce68d8151c63283eb91db35148b7f0d25197e384b95a08a09df1ba012da9a2d65502b6b454a2d6e8aeaf86d
+  metadata.gz: 6e2afcc22f49f2e2d500704dbd94e81f0dde22ead8b4f7a60bca823843a05bcd4569d94b38922e2a927723081023496c731e2bae4b0d9b09db01c7d98f8c0eca
+  data.tar.gz: c28a5f366b7a00ac6e90fcf348e18927d88e74f5280e393da2817513e22fd72d17942c4d04f2002a9e1fdacfac2d43724137f9247fe1ba9c8da979e10df64005

data/lib/dependabot/python/file_fetcher.rb

@@ -76,9 +76,7 @@ module Dependabot
       end
 
       def check_required_files_present
-        if requirements_txt_files.any? || setup_file || pipfile || pyproject
-          return
-        end
+        return if requirements_txt_files.any? || setup_file || pipfile || pyproject
 
         path = Pathname.new(File.join(directory, "requirements.txt")).
                cleanpath.to_path
@@ -268,9 +266,7 @@ module Dependabot
           unfetchable_files << e.file_path.gsub(%r{^/}, "")
         end
 
-        if unfetchable_files.any?
-          raise Dependabot::PathDependenciesNotReachable, unfetchable_files
-        end
+        raise Dependabot::PathDependenciesNotReachable, unfetchable_files if unfetchable_files.any?
 
         path_setup_files
       end

data/lib/dependabot/python/file_parser/setup_file_parser.rb

@@ -69,9 +69,7 @@ module Dependabot
             requirements
           end
         rescue SharedHelpers::HelperSubprocessFailed => e
-          if e.message.start_with?("InstallationError")
-            raise Dependabot::DependencyFileNotEvaluatable, e.message
-          end
+          raise Dependabot::DependencyFileNotEvaluatable, e.message if e.message.start_with?("InstallationError")
 
           parsed_sanitized_setup_file
         end

data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb

@@ -78,7 +78,7 @@ module Dependabot
               run_pip_compile_command(
                 "#{SharedHelpers.escape_command(name_part)}=="\
                 "#{SharedHelpers.escape_command(version_part)}",
-                escape_command_str: false
+                allow_unsafe_shell_command: true
               )
               # Run pip-compile a second time, without an update argument, to
               # ensure it resets the right comments.
@@ -142,9 +142,13 @@ module Dependabot
           ).updated_dependency_files
         end
 
-        def run_command(cmd, env: python_env, escape_command_str: true)
+        def run_command(cmd, env: python_env, allow_unsafe_shell_command: false)
           start = Time.now
-          command = escape_command_str ? SharedHelpers.escape_command(cmd) : cmd
+          command = if allow_unsafe_shell_command
+                      cmd
+                    else
+                      SharedHelpers.escape_command(cmd)
+                    end
           stdout, process = Open3.capture2e(env, command)
           time_taken = Time.now - start
 
@@ -160,9 +164,12 @@ module Dependabot
           )
         end
 
-        def run_pip_compile_command(command, escape_command_str: true)
+        def run_pip_compile_command(command, allow_unsafe_shell_command: false)
           run_command("pyenv local #{python_version}")
-          run_command(command, escape_command_str: escape_command_str)
+          run_command(
+            command,
+            allow_unsafe_shell_command: allow_unsafe_shell_command
+          )
         rescue SharedHelpers::HelperSubprocessFailed => e
           original_error ||= e
           msg = e.message
@@ -230,9 +237,7 @@ module Dependabot
         end
 
         def install_required_python
-          if run_command("pyenv versions").include?("#{python_version}\n")
-            return
-          end
+          return if run_command("pyenv versions").include?("#{python_version}\n")
 
           run_command("pyenv install -s #{python_version}")
           run_command("pyenv exec pip install -r "\
@@ -241,9 +246,7 @@ module Dependabot
 
         def sanitized_setup_file_content(file)
           @sanitized_setup_file_content ||= {}
-          if @sanitized_setup_file_content[file.name]
-            return @sanitized_setup_file_content[file.name]
-          end
+          return @sanitized_setup_file_content[file.name] if @sanitized_setup_file_content[file.name]
 
           @sanitized_setup_file_content[file.name] =
             SetupFileSanitizer.
@@ -333,9 +336,7 @@ module Dependabot
         def remove_new_warnings(updated_content, original_content)
           content = updated_content
 
-          if content.match?(WARNINGS) && !original_content.match?(WARNINGS)
-            content = content.sub(WARNINGS, "\n")
-          end
+          content = content.sub(WARNINGS, "\n") if content.match?(WARNINGS) && !original_content.match?(WARNINGS)
 
           if content.match?(UNSAFE_NOTE) &&
              !original_content.match?(UNSAFE_NOTE)
@@ -435,25 +436,15 @@ module Dependabot
         def pip_compile_options_from_compiled_file(requirements_file)
           options = ["--output-file=#{requirements_file.name}"]
 
-          unless requirements_file.content.include?("index-url http")
-            options << "--no-index"
-          end
+          options << "--no-index" unless requirements_file.content.include?("index-url http")
 
-          if requirements_file.content.include?("--hash=sha")
-            options << "--generate-hashes"
-          end
+          options << "--generate-hashes" if requirements_file.content.include?("--hash=sha")
 
-          if includes_unsafe_packages?(requirements_file.content)
-            options << "--allow-unsafe"
-          end
+          options << "--allow-unsafe" if includes_unsafe_packages?(requirements_file.content)
 
-          unless requirements_file.content.include?("# via ")
-            options << "--no-annotate"
-          end
+          options << "--no-annotate" unless requirements_file.content.include?("# via ")
 
-          unless requirements_file.content.include?("autogenerated by pip-c")
-            options << "--no-header"
-          end
+          options << "--no-header" unless requirements_file.content.include?("autogenerated by pip-c")
 
           options << "--pre" if requirements_file.content.include?("--pre")
           options
@@ -568,9 +559,7 @@ module Dependabot
         end
 
         def user_specified_python_version
-          unless python_requirement_parser.user_specified_requirements.any?
-            return
-          end
+          return unless python_requirement_parser.user_specified_requirements.any?
 
           user_specified_requirements =
             python_requirement_parser.user_specified_requirements.

data/lib/dependabot/python/file_updater/pipfile_file_updater.rb

@@ -49,9 +49,7 @@ module Dependabot
           end
 
           if lockfile
-            if lockfile.content == updated_lockfile_content
-              raise "Expected Pipfile.lock to change!"
-            end
+            raise "Expected Pipfile.lock to change!" if lockfile.content == updated_lockfile_content
 
             updated_files <<
               updated_file(file: lockfile, content: updated_lockfile_content)
@@ -330,9 +328,7 @@ module Dependabot
             nil
           end
 
-          if run_command("pyenv versions").include?("#{python_version}\n")
-            return
-          end
+          return if run_command("pyenv versions").include?("#{python_version}\n")
 
           requirements_path = NativeHelpers.python_requirements_path
           run_command("pyenv install -s #{python_version}")
@@ -341,9 +337,7 @@ module Dependabot
 
         def sanitized_setup_file_content(file)
           @sanitized_setup_file_content ||= {}
-          if @sanitized_setup_file_content[file.name]
-            return @sanitized_setup_file_content[file.name]
-          end
+          return @sanitized_setup_file_content[file.name] if @sanitized_setup_file_content[file.name]
 
           @sanitized_setup_file_content[file.name] =
             SetupFileSanitizer.

data/lib/dependabot/python/file_updater/poetry_file_updater.rb

@@ -51,9 +51,7 @@ module Dependabot
               )
           end
 
-          if lockfile && lockfile.content == updated_lockfile_content
-            raise "Expected lockfile to change!"
-          end
+          raise "Expected lockfile to change!" if lockfile && lockfile.content == updated_lockfile_content
 
           if lockfile
             updated_files <<

data/lib/dependabot/python/file_updater/requirement_replacer.rb

@@ -30,9 +30,7 @@ module Dependabot
               updated_dependency_declaration_string
             end
 
-          if old_requirement != new_requirement && content == updated_content
-            raise "Expected content to change!"
-          end
+          raise "Expected content to change!" if old_requirement != new_requirement && content == updated_content
 
           updated_content
         end
@@ -49,9 +47,7 @@ module Dependabot
         def updated_requirement_string
           new_req_string = new_requirement
 
-          if add_space_after_commas?
-            new_req_string = new_req_string.gsub(/,\s*/, ", ")
-          end
+          new_req_string = new_req_string.gsub(/,\s*/, ", ") if add_space_after_commas?
 
           if add_space_after_operators?
             new_req_string =
@@ -75,9 +71,7 @@ module Dependabot
                 end
             end
 
-          unless update_hashes? && requirement_includes_hashes?(old_req)
-            return updated_string
-          end
+          return updated_string unless update_hashes? && requirement_includes_hashes?(old_req)
 
           updated_string.sub(
             RequirementParser::HASHES,

data/lib/dependabot/python/update_checker.rb

@@ -81,9 +81,7 @@ module Dependabot
       def lowest_resolvable_security_fix_version
         raise "Dependency not vulnerable!" unless vulnerable?
 
-        if defined?(@lowest_resolvable_security_fix_version)
-          return @lowest_resolvable_security_fix_version
-        end
+        return @lowest_resolvable_security_fix_version if defined?(@lowest_resolvable_security_fix_version)
 
         @lowest_resolvable_security_fix_version =
           fetch_lowest_resolvable_security_fix_version
@@ -100,9 +98,7 @@ module Dependabot
 
       def requirements_update_strategy
         # If passed in as an option (in the base class) honour that option
-        if @requirements_update_strategy
-          return @requirements_update_strategy.to_sym
-        end
+        return @requirements_update_strategy.to_sym if @requirements_update_strategy
 
         # Otherwise, check if this is a poetry library or not
         poetry_library? ? :widen_ranges : :bump_versions
@@ -126,9 +122,7 @@ module Dependabot
         fix_version = lowest_security_fix_version
         return latest_resolvable_version if fix_version.nil?
 
-        if resolver_type == :requirements
-          return pip_version_resolver.lowest_resolvable_security_fix_version
-        end
+        return pip_version_resolver.lowest_resolvable_security_fix_version if resolver_type == :requirements
 
         resolver =
           case resolver_type

data/lib/dependabot/python/update_checker/index_finder.rb

@@ -152,9 +152,7 @@ module Dependabot
         def clean_check_and_remove_environment_variables(url)
           url = url.strip.gsub(%r{/*$}, "") + "/"
 
-          unless url.match?(ENVIRONMENT_VARIABLE_REGEX)
-            return authed_base_url(url)
-          end
+          return authed_base_url(url) unless url.match?(ENVIRONMENT_VARIABLE_REGEX)
 
           config_variable_urls =
             [

data/lib/dependabot/python/update_checker/latest_version_finder.rb

@@ -101,9 +101,7 @@ module Dependabot
         def filter_ignored_versions(versions_array)
           filtered = versions_array.
                      reject { |v| ignore_reqs.any? { |r| r.satisfied_by?(v) } }
-          if @raise_on_ignored && filtered.empty? && versions_array.any?
-            raise Dependabot::AllVersionsIgnored
-          end
+          raise Dependabot::AllVersionsIgnored if @raise_on_ignored && filtered.empty? && versions_array.any?
 
           filtered
         end

data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb

@@ -49,20 +49,18 @@ module Dependabot
           @resolvable ||= {}
           return @resolvable[version] if @resolvable.key?(version)
 
-          if fetch_latest_resolvable_version_string(requirement: "==#{version}")
-            @resolvable[version] = true
-          else
-            @resolvable[version] = false
-          end
+          @resolvable[version] = if fetch_latest_resolvable_version_string(requirement: "==#{version}")
+                                   true
+                                 else
+                                   false
+                                 end
         end
 
         private
 
         def fetch_latest_resolvable_version_string(requirement:)
           @latest_resolvable_version_string ||= {}
-          if @latest_resolvable_version_string.key?(requirement)
-            return @latest_resolvable_version_string[requirement]
-          end
+          return @latest_resolvable_version_string[requirement] if @latest_resolvable_version_string.key?(requirement)
 
           @latest_resolvable_version_string[requirement] ||=
             SharedHelpers.in_a_temporary_directory do
@@ -244,15 +242,11 @@ module Dependabot
 
           # If the previous error was definitely due to using the wrong Python
           # version, return the new error (which can't be worse)
-          if error_certainly_bad_python_version?(previous_error.message)
-            return new_error
-          end
+          return new_error if error_certainly_bad_python_version?(previous_error.message)
 
           # Otherwise, if the new error may be due to using the wrong Python
           # version, return the old error (which can't be worse)
-          if error_suggests_bad_python_version?(new_error.message)
-            return previous_error
-          end
+          return previous_error if error_suggests_bad_python_version?(new_error.message)
 
           # Otherwise, default to the new error
           new_error
@@ -329,9 +323,7 @@ module Dependabot
         end
 
         def install_required_python
-          if run_command("pyenv versions").include?("#{python_version}\n")
-            return
-          end
+          return if run_command("pyenv versions").include?("#{python_version}\n")
 
           run_command("pyenv install -s #{python_version}")
           run_command("pyenv exec pip install -r"\
@@ -340,9 +332,7 @@ module Dependabot
 
         def sanitized_setup_file_content(file)
           @sanitized_setup_file_content ||= {}
-          if @sanitized_setup_file_content[file.name]
-            return @sanitized_setup_file_content[file.name]
-          end
+          return @sanitized_setup_file_content[file.name] if @sanitized_setup_file_content[file.name]
 
           @sanitized_setup_file_content[file.name] =
             Python::FileUpdater::SetupFileSanitizer.
@@ -361,9 +351,7 @@ module Dependabot
 
           req = dependency.requirements.find { |r| r[:file] == file.name }
 
-          unless req&.fetch(:requirement)
-            return file.content + "\n#{dependency.name} #{updated_req}"
-          end
+          return file.content + "\n#{dependency.name} #{updated_req}" unless req&.fetch(:requirement)
 
           Python::FileUpdater::RequirementReplacer.new(
             content: file.content,
@@ -492,9 +480,7 @@ module Dependabot
         end
 
         def user_specified_python_version
-          unless python_requirement_parser.user_specified_requirements.any?
-            return
-          end
+          return unless python_requirement_parser.user_specified_requirements.any?
 
           user_specified_requirements =
             python_requirement_parser.user_specified_requirements.

data/lib/dependabot/python/update_checker/pip_version_resolver.rb

@@ -57,9 +57,7 @@ module Dependabot
         end
 
         def user_specified_python_version
-          unless python_requirement_parser.user_specified_requirements.any?
-            return
-          end
+          return unless python_requirement_parser.user_specified_requirements.any?
 
           user_specified_requirements =
             python_requirement_parser.user_specified_requirements.

data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb

@@ -59,20 +59,18 @@ module Dependabot
           @resolvable ||= {}
           return @resolvable[version] if @resolvable.key?(version)
 
-          if fetch_latest_resolvable_version_string(requirement: "==#{version}")
-            @resolvable[version] = true
-          else
-            @resolvable[version] = false
-          end
+          @resolvable[version] = if fetch_latest_resolvable_version_string(requirement: "==#{version}")
+                                   true
+                                 else
+                                   false
+                                 end
         end
 
         private
 
         def fetch_latest_resolvable_version_string(requirement:)
           @latest_resolvable_version_string ||= {}
-          if @latest_resolvable_version_string.key?(requirement)
-            return @latest_resolvable_version_string[requirement]
-          end
+          return @latest_resolvable_version_string[requirement] if @latest_resolvable_version_string.key?(requirement)
 
           @latest_resolvable_version_string[requirement] ||=
             SharedHelpers.in_a_temporary_directory do
@@ -298,9 +296,7 @@ module Dependabot
             nil
           end
 
-          if run_command("pyenv versions").include?("#{python_version}\n")
-            return
-          end
+          return if run_command("pyenv versions").include?("#{python_version}\n")
 
           requirements_path = NativeHelpers.python_requirements_path
           run_command("pyenv install -s #{python_version}")

data/lib/dependabot/python/update_checker/poetry_version_resolver.rb

@@ -54,11 +54,11 @@ module Dependabot
           @resolvable ||= {}
           return @resolvable[version] if @resolvable.key?(version)
 
-          if fetch_latest_resolvable_version_string(requirement: "==#{version}")
-            @resolvable[version] = true
-          else
-            @resolvable[version] = false
-          end
+          @resolvable[version] = if fetch_latest_resolvable_version_string(requirement: "==#{version}")
+                                   true
+                                 else
+                                   false
+                                 end
         rescue SharedHelpers::HelperSubprocessFailed => e
           raise unless e.message.include?("SolverProblemError")
 
@@ -69,9 +69,7 @@ module Dependabot
 
         def fetch_latest_resolvable_version_string(requirement:)
           @latest_resolvable_version_string ||= {}
-          if @latest_resolvable_version_string.key?(requirement)
-            return @latest_resolvable_version_string[requirement]
-          end
+          return @latest_resolvable_version_string[requirement] if @latest_resolvable_version_string.key?(requirement)
 
           @latest_resolvable_version_string[requirement] ||=
             SharedHelpers.in_a_temporary_directory do

data/lib/dependabot/python/update_checker/requirements_updater.rb

@@ -79,15 +79,11 @@ module Dependabot
           return req if new_version_satisfies?(req) && !has_lockfile
 
           # If the requirement uses || syntax then we always want to widen it
-          if req.fetch(:requirement).match?(PYPROJECT_OR_SEPARATOR)
-            return widen_pyproject_requirement(req)
-          end
+          return widen_pyproject_requirement(req) if req.fetch(:requirement).match?(PYPROJECT_OR_SEPARATOR)
 
           # If the requirement is a development dependency we always want to
           # bump it
-          if req.fetch(:groups).include?("dev-dependencies")
-            return update_pyproject_version(req)
-          end
+          return update_pyproject_version(req) if req.fetch(:groups).include?("dev-dependencies")
 
           case update_strategy
           when :widen_ranges then widen_pyproject_requirement(req)

data/lib/dependabot/python/version.rb

@@ -48,9 +48,7 @@ module Dependabot
         version_comparison = old_comp(other)
         return version_comparison unless version_comparison.zero?
 
-        unless post_version_comparison(other).zero?
-          return post_version_comparison(other)
-        end
+        return post_version_comparison(other) unless post_version_comparison(other).zero?
 
         local_version_comparison(other)
       end
@@ -116,7 +114,6 @@ module Dependabot
       #
       # rubocop:disable Metrics/PerceivedComplexity
       # rubocop:disable Style/CaseEquality
-      # rubocop:disable Layout/LineLength
       # rubocop:disable Style/ParallelAssignment
       # rubocop:disable Style/RedundantReturn
       def old_comp(other)
@@ -147,7 +144,6 @@ module Dependabot
       end
       # rubocop:enable Metrics/PerceivedComplexity
       # rubocop:enable Style/CaseEquality
-      # rubocop:enable Layout/LineLength
       # rubocop:enable Style/ParallelAssignment
       # rubocop:enable Style/RedundantReturn
     end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-python
 version: !ruby/object:Gem::Version
-  version: 0.125.0
+  version: 0.125.1
 platform: ruby
 authors:
 - Dependabot
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.125.0
+        version: 0.125.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.125.0
+        version: 0.125.1
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement