dependabot-python 0.142.1 → 0.143.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/lib/parser.py +77 -40
  3. data/helpers/requirements.txt +1 -1
  4. data/helpers/run.py +1 -1
  5. data/lib/dependabot/python/file_fetcher.rb +8 -6
  6. data/lib/dependabot/python/file_parser.rb +7 -2
  7. data/lib/dependabot/python/file_parser/setup_file_parser.rb +2 -0
  8. data/lib/dependabot/python/file_updater.rb +3 -1
  9. data/lib/dependabot/python/requirement.rb +1 -1
  10. data/lib/dependabot/python/update_checker/latest_version_finder.rb +3 -3
  11. data/lib/dependabot/python/update_checker/requirements_updater.rb +1 -1
  12. metadata +6 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6bbb1df342c09fe1bdfbefe65ae811face359bd8a76f8e6fecf21d8678dd3115
4
- data.tar.gz: 77dbea3fb94451ed98d2afbcad6368bcd116468febb7e57dae466912e2fa4d70
3
+ metadata.gz: 8c267dc7f2143181759940166e43b27fdbafae1ae296f33e526a3f1304b283c8
4
+ data.tar.gz: 1e1c15bdb03251d8582074b68af012dc7255de385b93f14c858c617258161dc6
5
5
  SHA512:
6
- metadata.gz: 12da4b5becd679ae5aa76297dc029c6d7185996916810e0e6398f12b6cc6dff43c2cfbb4f7598a45168c6b3991401b806b34af2ae82f760c371332639247fc89
7
- data.tar.gz: 4f08bf630610807b4fa8b295e7d5d84390c762627b12565cf764cc7fa6957d5087fe3e3c5facd04789103fd89d40988d5510b02fdced2e95fb6c2bfefe33267a
6
+ metadata.gz: e9aefef80e19ddced38bd983b13cb295012c1829e1a296b8734189c11135186917b45dce268e3148737f8f1bdbd8757b1229d9d2fb2ba8c30758b438cfcc74e8
7
+ data.tar.gz: f770db284ab46511979935d06ee9b7700bb4dd7ab13836f4ae58fcf722198ac718a94ec953f0db2fced3e853bbb940649668255ad82b290c0657bf9e1031b066
data/helpers/lib/parser.py CHANGED
@@ -57,38 +57,50 @@ def parse_requirements(directory):
57
57
 
58
58
 
59
59
  def parse_setup(directory):
60
- # Parse the setup.py
61
- setup_packages = []
62
- if os.path.isfile(directory + '/setup.py'):
63
- def version_from_install_req(install_req):
64
- if install_req.is_pinned:
65
- return next(iter(install_req.specifier)).version
60
+ def version_from_install_req(install_req):
61
+ if install_req.is_pinned:
62
+ return next(iter(install_req.specifier)).version
66
63
 
67
- def parse_requirement(req, req_type):
68
- install_req = install_req_from_line(req)
69
- if install_req.original_link:
70
- return
64
+ def parse_requirement(req, req_type, filename):
65
+ install_req = install_req_from_line(req)
66
+ if install_req.original_link:
67
+ return
71
68
 
72
- setup_packages.append({
69
+ setup_packages.append(
70
+ {
73
71
  "name": install_req.req.name,
74
72
  "version": version_from_install_req(install_req),
75
73
  "markers": str(install_req.markers) or None,
76
- "file": "setup.py",
74
+ "file": filename,
77
75
  "requirement": str(install_req.specifier) or None,
78
76
  "requirement_type": req_type,
79
- "extras": sorted(list(install_req.extras))
80
- })
77
+ "extras": sorted(list(install_req.extras)),
78
+ }
79
+ )
80
+
81
+ def parse_requirements(requires, req_type, filename):
82
+ for req in requires:
83
+ parse_requirement(req, req_type, filename)
84
+
85
+ # Parse the setup.py and setup.cfg
86
+ setup_py = "setup.py"
87
+ setup_py_path = os.path.join(directory, setup_py)
88
+ setup_cfg = "setup.cfg"
89
+ setup_cfg_path = os.path.join(directory, setup_cfg)
90
+ setup_packages = []
91
+
92
+ if os.path.isfile(setup_py_path):
81
93
 
82
94
  def setup(*args, **kwargs):
83
- for arg in ['setup_requires', 'install_requires', 'tests_require']:
84
- if not kwargs.get(arg):
85
- continue
86
- for req in kwargs.get(arg):
87
- parse_requirement(req, arg)
88
- extras_require_dict = kwargs.get('extras_require', {})
89
- for key in extras_require_dict:
90
- for req in extras_require_dict[key]:
91
- parse_requirement(req, 'extras_require:{}'.format(key))
95
+ for arg in ["setup_requires", "install_requires", "tests_require"]:
96
+ requires = kwargs.get(arg, [])
97
+ parse_requirements(requires, arg, setup_py)
98
+ extras_require_dict = kwargs.get("extras_require", {})
99
+ for key, value in extras_require_dict.items():
100
+ parse_requirements(
101
+ value, "extras_require:{}".format(key), setup_py
102
+ )
103
+
92
104
  setuptools.setup = setup
93
105
 
94
106
  def noop(*args, **kwargs):
@@ -100,17 +112,19 @@ def parse_setup(directory):
100
112
  global fake_open
101
113
 
102
114
  def fake_open(*args, **kwargs):
103
- content = ("VERSION = ('0', '0', '1+dependabot')\n"
104
- "__version__ = '0.0.1+dependabot'\n"
105
- "__author__ = 'someone'\n"
106
- "__title__ = 'something'\n"
107
- "__description__ = 'something'\n"
108
- "__author_email__ = 'something'\n"
109
- "__license__ = 'something'\n"
110
- "__url__ = 'something'\n")
115
+ content = (
116
+ "VERSION = ('0', '0', '1+dependabot')\n"
117
+ "__version__ = '0.0.1+dependabot'\n"
118
+ "__author__ = 'someone'\n"
119
+ "__title__ = 'something'\n"
120
+ "__description__ = 'something'\n"
121
+ "__author_email__ = 'something'\n"
122
+ "__license__ = 'something'\n"
123
+ "__url__ = 'something'\n"
124
+ )
111
125
  return io.StringIO(content)
112
126
 
113
- content = open(directory + '/setup.py', 'r').read()
127
+ content = open(setup_py_path, "r").read()
114
128
 
115
129
  # Remove `print`, `open`, `log` and import statements
116
130
  content = re.sub(r"print\s*\(", "noop(", content)
@@ -121,18 +135,41 @@ def parse_setup(directory):
121
135
  content = re.sub(version_re, "", content)
122
136
 
123
137
  # Set variables likely to be imported
124
- __version__ = '0.0.1+dependabot'
125
- __author__ = 'someone'
126
- __title__ = 'something'
127
- __description__ = 'something'
128
- __author_email__ = 'something'
129
- __license__ = 'something'
130
- __url__ = 'something'
138
+ __version__ = "0.0.1+dependabot"
139
+ __author__ = "someone"
140
+ __title__ = "something"
141
+ __description__ = "something"
142
+ __author_email__ = "something"
143
+ __license__ = "something"
144
+ __url__ = "something"
131
145
 
132
146
  # Run as main (since setup.py is a script)
133
- __name__ = '__main__'
147
+ __name__ = "__main__"
134
148
 
135
149
  # Exec the setup.py
136
150
  exec(content) in globals(), locals()
137
151
 
152
+ if os.path.isfile(setup_cfg_path):
153
+ try:
154
+ config = setuptools.config.read_configuration(setup_cfg_path)
155
+
156
+ for req_type in [
157
+ "setup_requires",
158
+ "install_requires",
159
+ "tests_require",
160
+ ]:
161
+ requires = config.get("options", {}).get(req_type, [])
162
+ parse_requirements(requires, req_type, setup_cfg)
163
+
164
+ extras_require = config.get("options", {}).get(
165
+ "extras_require", {}
166
+ )
167
+ for key, value in extras_require.items():
168
+ parse_requirements(
169
+ value, "extras_require:{}".format(key), setup_cfg
170
+ )
171
+ except Exception as e:
172
+ print(json.dumps({"error": repr(e)}))
173
+ exit(1)
174
+
138
175
  return json.dumps({"result": setup_packages})
data/helpers/requirements.txt CHANGED
@@ -4,7 +4,7 @@ flake8==3.9.1
4
4
  hashin==0.15.0
5
5
  pipenv==2018.11.26
6
6
  pipfile==0.0.2
7
- poetry==1.1.4
7
+ poetry==1.1.6
8
8
  wheel==0.36.2
9
9
 
10
10
  # Some dependencies will only install if Cython is present
data/helpers/run.py CHANGED
@@ -8,7 +8,7 @@ if __name__ == "__main__":
8
8
 
9
9
  if args["function"] == "parse_requirements":
10
10
  print(parser.parse_requirements(args["args"][0]))
11
- if args["function"] == "parse_setup":
11
+ elif args["function"] == "parse_setup":
12
12
  print(parser.parse_setup(args["args"][0]))
13
13
  elif args["function"] == "get_dependency_hash":
14
14
  print(hasher.get_dependency_hash(*args["args"]))
data/lib/dependabot/python/file_fetcher.rb CHANGED
@@ -25,11 +25,13 @@ module Dependabot
25
25
  # If this repo is using Poetry return true
26
26
  return true if filenames.include?("pyproject.toml")
27
27
 
28
- filenames.include?("setup.py")
28
+ return true if filenames.include?("setup.py")
29
+
30
+ filenames.include?("setup.cfg")
29
31
  end
30
32
 
31
33
  def self.required_files_message
32
- "Repo must contain a requirements.txt, setup.py, pyproject.toml, "\
34
+ "Repo must contain a requirements.txt, setup.py, setup.cfg, pyproject.toml, "\
33
35
  "or a Pipfile."
34
36
  end
35
37
 
@@ -45,7 +47,7 @@ module Dependabot
45
47
  fetched_files += requirement_files if requirements_txt_files.any?
46
48
 
47
49
  fetched_files << setup_file if setup_file
48
- fetched_files << setup_cfg if setup_cfg
50
+ fetched_files << setup_cfg_file if setup_cfg_file
49
51
  fetched_files += path_setup_files
50
52
  fetched_files << pip_conf if pip_conf
51
53
  fetched_files << python_version if python_version
@@ -77,7 +79,7 @@ module Dependabot
77
79
  end
78
80
 
79
81
  def check_required_files_present
80
- return if requirements_txt_files.any? || setup_file || pipfile || pyproject
82
+ return if requirements_txt_files.any? || setup_file || setup_cfg_file || pipfile || pyproject
81
83
 
82
84
  path = Pathname.new(File.join(directory, "requirements.txt")).
83
85
  cleanpath.to_path
@@ -88,8 +90,8 @@ module Dependabot
88
90
  @setup_file ||= fetch_file_if_present("setup.py")
89
91
  end
90
92
 
91
- def setup_cfg
92
- @setup_cfg ||= fetch_file_if_present("setup.cfg")
93
+ def setup_cfg_file
94
+ @setup_cfg_file ||= fetch_file_if_present("setup.cfg")
93
95
  end
94
96
 
95
97
  def pip_conf
data/lib/dependabot/python/file_parser.rb CHANGED
@@ -44,7 +44,7 @@ module Dependabot
44
44
  dependency_set += pipenv_dependencies if pipfile
45
45
  dependency_set += poetry_dependencies if using_poetry?
46
46
  dependency_set += requirement_dependencies if requirement_files.any?
47
- dependency_set += setup_file_dependencies if setup_file
47
+ dependency_set += setup_file_dependencies if setup_file || setup_cfg_file
48
48
 
49
49
  dependency_set.dependencies
50
50
  end
@@ -207,8 +207,9 @@ module Dependabot
207
207
  return if pipfile
208
208
  return if pyproject
209
209
  return if setup_file
210
+ return if setup_cfg_file
210
211
 
211
- raise "No requirements.txt or setup.py!"
212
+ raise "Missing required files!"
212
213
  end
213
214
 
214
215
  def pipfile
@@ -248,6 +249,10 @@ module Dependabot
248
249
  @setup_file ||= get_original_file("setup.py")
249
250
  end
250
251
 
252
+ def setup_cfg_file
253
+ @setup_cfg_file ||= get_original_file("setup.cfg")
254
+ end
255
+
251
256
  def pip_compile_files
252
257
  @pip_compile_files ||=
253
258
  dependency_files.select { |f| f.name.end_with?(".in") }
data/lib/dependabot/python/file_parser/setup_file_parser.rb CHANGED
@@ -71,6 +71,8 @@ module Dependabot
71
71
  rescue SharedHelpers::HelperSubprocessFailed => e
72
72
  raise Dependabot::DependencyFileNotEvaluatable, e.message if e.message.start_with?("InstallationError")
73
73
 
74
+ return [] unless setup_file
75
+
74
76
  parsed_sanitized_setup_file
75
77
  end
76
78
 
data/lib/dependabot/python/file_updater.rb CHANGED
@@ -19,6 +19,7 @@ module Dependabot
19
19
  /.*\.txt$/,
20
20
  /.*\.in$/,
21
21
  /^setup\.py$/,
22
+ /^setup\.cfg$/,
22
23
  /^pyproject\.toml$/,
23
24
  /^pyproject\.lock$/
24
25
  ]
@@ -113,8 +114,9 @@ module Dependabot
113
114
  return if pipfile
114
115
  return if pyproject
115
116
  return if get_original_file("setup.py")
117
+ return if get_original_file("setup.cfg")
116
118
 
117
- raise "No requirements.txt or setup.py!"
119
+ raise "Missing required files!"
118
120
  end
119
121
 
120
122
  def pipfile
data/lib/dependabot/python/requirement.rb CHANGED
@@ -50,7 +50,7 @@ module Dependabot
50
50
  requirements = requirements.flatten.flat_map do |req_string|
51
51
  next if req_string.nil?
52
52
 
53
- req_string.split(",").map do |r|
53
+ req_string.split(",").map(&:strip).map do |r|
54
54
  convert_python_constraint_to_ruby_constraint(r)
55
55
  end
56
56
  end
data/lib/dependabot/python/update_checker/latest_version_finder.rb CHANGED
@@ -100,7 +100,7 @@ module Dependabot
100
100
 
101
101
  def filter_ignored_versions(versions_array)
102
102
  filtered = versions_array.
103
- reject { |v| ignore_reqs.any? { |r| r.satisfied_by?(v) } }
103
+ reject { |v| ignore_requirements.any? { |r| r.satisfied_by?(v) } }
104
104
  raise Dependabot::AllVersionsIgnored if @raise_on_ignored && filtered.empty? && versions_array.any?
105
105
 
106
106
  filtered
@@ -226,8 +226,8 @@ module Dependabot
226
226
  )
227
227
  end
228
228
 
229
- def ignore_reqs
230
- ignored_versions.map { |req| requirement_class.new(req.split(",")) }
229
+ def ignore_requirements
230
+ ignored_versions.flat_map { |req| requirement_class.requirements_array(req) }
231
231
  end
232
232
 
233
233
  def normalised_name
data/lib/dependabot/python/update_checker/requirements_updater.rb CHANGED
@@ -32,7 +32,7 @@ module Dependabot
32
32
  def updated_requirements
33
33
  requirements.map do |req|
34
34
  case req[:file]
35
- when "setup.py" then updated_setup_requirement(req)
35
+ when /setup\.(?:py|cfg)$/ then updated_setup_requirement(req)
36
36
  when "pyproject.toml" then updated_pyproject_requirement(req)
37
37
  when "Pipfile" then updated_pipfile_requirement(req)
38
38
  when /\.txt$|\.in$/ then updated_requirement(req)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.142.1
4
+ version: 0.143.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-04-16 00:00:00.000000000 Z
11
+ date: 2021-04-21 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.142.1
19
+ version: 0.143.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.142.1
26
+ version: 0.143.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -100,14 +100,14 @@ dependencies:
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: 1.12.0
103
+ version: 1.13.0
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: 1.12.0
110
+ version: 1.13.0
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: simplecov
113
113
  requirement: !ruby/object:Gem::Requirement