dependabot-python 0.190.1 → 0.191.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 150269043a3867fcb18117aa1d10218739fbc4c1012aac13f791aab02643d5b5
|
|
4
|
+
data.tar.gz: 0ac19e084fd83d7c6746745a4df2bedb7bb9b4e14784262559137a2bf395e29f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 642466d5f39522eb5e94c684dc577c6b2c9cfed14235ba9d9b592791c755d6164f315bffae3d0751a5f4338fe6285507eafd792cc098111d61a60f549bccb68f
|
|
7
|
+
data.tar.gz: 9cfefc6e1b85823611190fb357dac2bd29dd4b6bb523ae072293028388740919e43829adccb9a77d3215aa331098ae1d26f995bf61b84df15f2f92e6dbf7909b
|
|
@@ -105,7 +105,6 @@ module Dependabot
|
|
|
105
105
|
content = sanitize(content)
|
|
106
106
|
content = freeze_other_dependencies(content)
|
|
107
107
|
content = freeze_dependencies_being_updated(content)
|
|
108
|
-
content = add_private_sources(content)
|
|
109
108
|
content
|
|
110
109
|
end
|
|
111
110
|
end
|
|
@@ -150,12 +149,6 @@ module Dependabot
|
|
|
150
149
|
poetry_object[subdep_type][dependency.name] = dep.version
|
|
151
150
|
end
|
|
152
151
|
|
|
153
|
-
def add_private_sources(pyproject_content)
|
|
154
|
-
PyprojectPreparer.
|
|
155
|
-
new(pyproject_content: pyproject_content).
|
|
156
|
-
replace_sources(credentials)
|
|
157
|
-
end
|
|
158
|
-
|
|
159
152
|
def subdep_type
|
|
160
153
|
category =
|
|
161
154
|
TomlRB.parse(lockfile.content).fetch("package", []).
|
|
@@ -175,6 +168,7 @@ module Dependabot
|
|
|
175
168
|
SharedHelpers.in_a_temporary_directory do
|
|
176
169
|
SharedHelpers.with_git_configured(credentials: credentials) do
|
|
177
170
|
write_temporary_dependency_files(pyproject_content)
|
|
171
|
+
add_auth_env_vars
|
|
178
172
|
|
|
179
173
|
if python_version && !pre_installed_python?(python_version)
|
|
180
174
|
run_poetry_command("pyenv install -s #{python_version}")
|
|
@@ -232,6 +226,12 @@ module Dependabot
|
|
|
232
226
|
File.write("pyproject.toml", pyproject_content)
|
|
233
227
|
end
|
|
234
228
|
|
|
229
|
+
def add_auth_env_vars
|
|
230
|
+
Python::FileUpdater::PyprojectPreparer.
|
|
231
|
+
new(pyproject_content: pyproject.content).
|
|
232
|
+
add_auth_env_vars(credentials)
|
|
233
|
+
end
|
|
234
|
+
|
|
235
235
|
def python_version
|
|
236
236
|
requirements = python_requirement_parser.user_specified_requirements
|
|
237
237
|
requirements = requirements.
|
|
@@ -18,24 +18,22 @@ module Dependabot
|
|
|
18
18
|
@lockfile = lockfile
|
|
19
19
|
end
|
|
20
20
|
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
21
|
+
# For hosted Dependabot token will be nil since the credentials aren't present.
|
|
22
|
+
# This is for those running Dependabot themselves and for dry-run.
|
|
23
|
+
def add_auth_env_vars(credentials)
|
|
24
|
+
TomlRB.parse(@pyproject_content).dig("tool", "poetry", "source")&.each do |source|
|
|
25
|
+
cred = credentials&.find { |c| c["index-url"] == source["url"] }
|
|
26
|
+
next unless cred
|
|
27
|
+
|
|
28
|
+
token = cred.fetch("token", nil)
|
|
29
|
+
next unless token && token.count(":") == 1
|
|
30
|
+
|
|
31
|
+
arr = token.split(":")
|
|
32
|
+
# https://python-poetry.org/docs/configuration/#using-environment-variables
|
|
33
|
+
name = source["name"]&.upcase&.gsub(/\W/, "_")
|
|
34
|
+
ENV["POETRY_HTTP_BASIC_#{name}_USERNAME"] = arr[0]
|
|
35
|
+
ENV["POETRY_HTTP_BASIC_#{name}_PASSWORD"] = arr[1]
|
|
34
36
|
end
|
|
35
|
-
|
|
36
|
-
poetry_object["source"] = sources_hash.values unless sources_hash.empty?
|
|
37
|
-
|
|
38
|
-
TomlRB.dump(pyproject_object)
|
|
39
37
|
end
|
|
40
38
|
|
|
41
39
|
def sanitize
|
|
@@ -97,32 +95,6 @@ module Dependabot
|
|
|
97
95
|
NameNormaliser.normalise(name)
|
|
98
96
|
end
|
|
99
97
|
|
|
100
|
-
def pyproject_sources
|
|
101
|
-
return @pyproject_sources if @pyproject_sources
|
|
102
|
-
|
|
103
|
-
pyproject_sources ||=
|
|
104
|
-
TomlRB.parse(pyproject_content).
|
|
105
|
-
dig("tool", "poetry", "source")
|
|
106
|
-
|
|
107
|
-
@pyproject_sources ||=
|
|
108
|
-
(pyproject_sources || []).
|
|
109
|
-
map { |h| h.dup.merge("url" => h["url"].gsub(%r{/*$}, "") + "/") }
|
|
110
|
-
end
|
|
111
|
-
|
|
112
|
-
def config_variable_sources(credentials)
|
|
113
|
-
@config_variable_sources ||=
|
|
114
|
-
credentials.
|
|
115
|
-
select { |cred| cred["type"] == "python_index" }.
|
|
116
|
-
map do |c|
|
|
117
|
-
{
|
|
118
|
-
"original_url" => c["index-url"],
|
|
119
|
-
"url" => AuthedUrlBuilder.authed_url(credential: c),
|
|
120
|
-
"name" => SecureRandom.hex[0..3],
|
|
121
|
-
"default" => c["replaces-base"]
|
|
122
|
-
}.compact
|
|
123
|
-
end
|
|
124
|
-
end
|
|
125
|
-
|
|
126
98
|
def parsed_lockfile
|
|
127
99
|
@parsed_lockfile ||= TomlRB.parse(lockfile.content)
|
|
128
100
|
end
|
|
@@ -76,6 +76,7 @@ module Dependabot
|
|
|
76
76
|
SharedHelpers.in_a_temporary_directory do
|
|
77
77
|
SharedHelpers.with_git_configured(credentials: credentials) do
|
|
78
78
|
write_temporary_dependency_files(updated_req: requirement)
|
|
79
|
+
add_auth_env_vars
|
|
79
80
|
|
|
80
81
|
if python_version && !pre_installed_python?(python_version)
|
|
81
82
|
run_poetry_command("pyenv install -s #{python_version}")
|
|
@@ -195,6 +196,12 @@ module Dependabot
|
|
|
195
196
|
end
|
|
196
197
|
end
|
|
197
198
|
|
|
199
|
+
def add_auth_env_vars
|
|
200
|
+
Python::FileUpdater::PyprojectPreparer.
|
|
201
|
+
new(pyproject_content: pyproject.content).
|
|
202
|
+
add_auth_env_vars(credentials)
|
|
203
|
+
end
|
|
204
|
+
|
|
198
205
|
def python_version
|
|
199
206
|
requirements = python_requirement_parser.user_specified_requirements
|
|
200
207
|
requirements = requirements.
|
|
@@ -228,7 +235,6 @@ module Dependabot
|
|
|
228
235
|
def updated_pyproject_content(updated_requirement:)
|
|
229
236
|
content = pyproject.content
|
|
230
237
|
content = sanitize_pyproject_content(content)
|
|
231
|
-
content = add_private_sources(content)
|
|
232
238
|
content = freeze_other_dependencies(content)
|
|
233
239
|
content = set_target_dependency_req(content, updated_requirement)
|
|
234
240
|
content
|
|
@@ -237,7 +243,6 @@ module Dependabot
|
|
|
237
243
|
def sanitized_pyproject_content
|
|
238
244
|
content = pyproject.content
|
|
239
245
|
content = sanitize_pyproject_content(content)
|
|
240
|
-
content = add_private_sources(content)
|
|
241
246
|
content
|
|
242
247
|
end
|
|
243
248
|
|
|
@@ -247,12 +252,6 @@ module Dependabot
|
|
|
247
252
|
sanitize
|
|
248
253
|
end
|
|
249
254
|
|
|
250
|
-
def add_private_sources(pyproject_content)
|
|
251
|
-
Python::FileUpdater::PyprojectPreparer.
|
|
252
|
-
new(pyproject_content: pyproject_content).
|
|
253
|
-
replace_sources(credentials)
|
|
254
|
-
end
|
|
255
|
-
|
|
256
255
|
def freeze_other_dependencies(pyproject_content)
|
|
257
256
|
Python::FileUpdater::PyprojectPreparer.
|
|
258
257
|
new(pyproject_content: pyproject_content, lockfile: lockfile).
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-python
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.191.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-06-07 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.191.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.191.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debase
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|