dependabot-python 0.199.0 → 0.200.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fa2efdb728ace10c8f93f21234b1b43cf9e911816f38027da3dbc1db112da69f
-  data.tar.gz: 8b50a54ab4f43fc40ec8967b522505f65791c4b645ac3e3fd9d039ca26ebc7b0
+  metadata.gz: 9be24501fe52b0392c0b01241a514cd91e507c3173fe52684560c018992100a8
+  data.tar.gz: 7dc9b31ded1ceb87f26fed68a3afa0ccda7afda77c7ddb778e15336cd5bba18d
 SHA512:
-  metadata.gz: 7672806dbc6115cd90f8e831d07da9bb4c626b15abc4df427e7d318ddfa2031a36e978fad9933c5300977b762f6e508f5a7241fa077e1cfb0bbe2860f5703aea
-  data.tar.gz: 1519ff9d9bbc684aaee4ae681598896a094206cf2700c901f2c50a2a60f9b45636c263d2b0ad999e91c41e91cb61488873e05b2efa8803d328b3f26db01fd318
+  metadata.gz: da30f75f6048e430cbd8054f33ebcc20c25927d9a67cafaee4c41ad53abea47628aa122cf4b371c2a8a6eacf2449ca5e20d5ef0b71711a45f56ace8e36077100
+  data.tar.gz: 172b3a2777c5e04a984570e74b012d0da5a84ee5fc594a2b2649f9ceb1d65ef8f3cbf5d978f3b1afac67ba38bcb63ae45d52cf3e4bf1de01013f5e812f26faf5

data/lib/dependabot/python/file_fetcher.rb

@@ -290,7 +290,10 @@ module Dependabot
               fetch_submodules: true
             ).tap { |f| f.support_file = true }
           rescue Dependabot::DependencyFileNotFound
-            raise unless allow_pyproject
+            # For Poetry projects attempt to fetch a pyproject.toml at the
+            # given path instead of a setup.py. We do not require a
+            # setup.py to be present, so if none can be found, simply return
+            return [] unless allow_pyproject
 
             fetch_file_from_host(
               path.gsub("setup.py", "pyproject.toml"),

data/lib/dependabot/python/metadata_finder.rb

@@ -5,7 +5,7 @@ require "uri"
 
 require "dependabot/metadata_finders"
 require "dependabot/metadata_finders/base"
-require "dependabot/shared_helpers"
+require "dependabot/registry_client"
 require "dependabot/python/authed_url_builder"
 require "dependabot/python/name_normaliser"
 
@@ -65,11 +65,7 @@ module Dependabot
         @source_from_description ||=
           potential_source_urls.find do |url|
             full_url = Source.from_url(url).url
-            response = Excon.get(
-              full_url,
-              idempotent: true,
-              **SharedHelpers.excon_defaults
-            )
+            response = Dependabot::RegistryClient.get(url: full_url)
             next unless response.status == 200
 
             response.body.include?(normalised_dependency_name)
@@ -94,11 +90,7 @@ module Dependabot
         @source_from_homepage ||=
           potential_source_urls.find do |url|
             full_url = Source.from_url(url).url
-            response = Excon.get(
-              full_url,
-              idempotent: true,
-              **SharedHelpers.excon_defaults
-            )
+            response = Dependabot::RegistryClient.get(url: full_url)
             next unless response.status == 200
 
             response.body.include?(normalised_dependency_name)
@@ -116,11 +108,7 @@ module Dependabot
 
         @homepage_response ||=
           begin
-            Excon.get(
-              homepage_url,
-              idempotent: true,
-              **SharedHelpers.excon_defaults
-            )
+            Dependabot::RegistryClient.get(url: homepage_url)
           rescue Excon::Error::Timeout, Excon::Error::Socket,
                  Excon::Error::TooManyRedirects, ArgumentError
             nil
@@ -153,15 +141,15 @@ module Dependabot
            Regexp.last_match.captures[1].include?("@")
           protocol, user, pass, url = Regexp.last_match.captures
 
-          Excon.get(
-            "#{protocol}://#{url}",
-            user: user,
-            password: pass,
-            idempotent: true,
-            **SharedHelpers.excon_defaults
+          Dependabot::RegistryClient.get(
+            url: "#{protocol}://#{url}",
+            options: {
+              user: user,
+              password: pass
+            }
           )
         else
-          Excon.get(url, idempotent: true, **SharedHelpers.excon_defaults)
+          Dependabot::RegistryClient.get(url: url)
         end
       end
 

data/lib/dependabot/python/update_checker/latest_version_finder.rb

@@ -7,7 +7,7 @@ require "nokogiri"
 require "dependabot/dependency"
 require "dependabot/python/update_checker"
 require "dependabot/update_checkers/version_filters"
-require "dependabot/shared_helpers"
+require "dependabot/registry_client"
 require "dependabot/python/authed_url_builder"
 require "dependabot/python/name_normaliser"
 
@@ -214,18 +214,16 @@ module Dependabot
         end
 
         def registry_response_for_dependency(index_url)
-          Excon.get(
-            index_url + normalised_name + "/",
-            idempotent: true,
-            **SharedHelpers.excon_defaults(headers: { "Accept" => "text/html" })
+          Dependabot::RegistryClient.get(
+            url: index_url + normalised_name + "/",
+            headers: { "Accept" => "text/html" }
           )
         end
 
         def registry_index_response(index_url)
-          Excon.get(
-            index_url,
-            idempotent: true,
-            **SharedHelpers.excon_defaults(headers: { "Accept" => "text/html" })
+          Dependabot::RegistryClient.get(
+            url: index_url,
+            headers: { "Accept" => "text/html" }
           )
         end
 

data/lib/dependabot/python/update_checker.rb

@@ -6,7 +6,7 @@ require "toml-rb"
 require "dependabot/dependency"
 require "dependabot/update_checkers"
 require "dependabot/update_checkers/base"
-require "dependabot/shared_helpers"
+require "dependabot/registry_client"
 require "dependabot/errors"
 require "dependabot/python/requirement"
 require "dependabot/python/requirement_parser"
@@ -274,10 +274,8 @@ module Dependabot
         details = TomlRB.parse(pyproject.content).dig("tool", "poetry")
         return false unless details
 
-        index_response = Excon.get(
-          "https://pypi.org/pypi/#{normalised_name(details['name'])}/json/",
-          idempotent: true,
-          **SharedHelpers.excon_defaults
+        index_response = Dependabot::RegistryClient.get(
+          url: "https://pypi.org/pypi/#{normalised_name(details['name'])}/json/"
         )
 
         return false unless index_response.status == 200

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-python
 version: !ruby/object:Gem::Version
-  version: 0.199.0
+  version: 0.200.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-07-19 00:00:00.000000000 Z
+date: 2022-07-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.199.0
+        version: 0.200.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.199.0
+        version: 0.200.0
 - !ruby/object:Gem::Dependency
   name: debase
   requirement: !ruby/object:Gem::Requirement