dependabot-python 0.213.0 → 0.214.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/build +5 -1
- data/helpers/lib/parser.py +11 -4
- data/helpers/requirements.txt +1 -1
- data/lib/dependabot/python/file_parser/pyproject_files_parser.rb +2 -1
- data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb +2 -2
- data/lib/dependabot/python/file_updater/pipfile_file_updater.rb +10 -3
- data/lib/dependabot/python/file_updater/pipfile_preparer.rb +6 -4
- data/lib/dependabot/python/file_updater/poetry_file_updater.rb +8 -1
- data/lib/dependabot/python/file_updater/pyproject_preparer.rb +15 -0
- data/lib/dependabot/python/helpers.rb +18 -1
- data/lib/dependabot/python/python_versions.rb +11 -7
- data/lib/dependabot/python/update_checker/latest_version_finder.rb +2 -2
- data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb +2 -2
- data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb +9 -2
- data/lib/dependabot/python/update_checker/poetry_version_resolver.rb +1 -1
- metadata +8 -8
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 940ed0c4abf7f4d3a496321e4898ba9c123091d6539f86ef54d7ee74dadf3344
|
4
|
+
data.tar.gz: 802abe558f75bc2e98f1b88e93be85fc48f8b71774a1ff37b8ea16311381f587
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 523ff39717afd9636f3d2f3115d6953817ab01585e2e218233eb0439a7cc9e5ac620c4b28d429b35256530a32bff6e71a73ffdfd72587ba53c8b10b6a3070175
|
7
|
+
data.tar.gz: a3d05a60ad4d1b08dfe8fed7cdac12384aa49fbb3ad130008bf4748ab710df9b20a8297c99f66e33bd672717b52be32c17434b2ed253fe4bb6556cfc87941b05
|
data/helpers/build
CHANGED
@@ -18,4 +18,8 @@ cp -r \
|
|
18
18
|
"$install_dir"
|
19
19
|
|
20
20
|
cd "$install_dir"
|
21
|
-
PYENV_VERSION=3.
|
21
|
+
PYENV_VERSION=3.11.0 pyenv exec pip --disable-pip-version-check install --use-pep517 -r "requirements.txt"
|
22
|
+
PYENV_VERSION=3.10.8 pyenv exec pip --disable-pip-version-check install --use-pep517 -r "requirements.txt"
|
23
|
+
PYENV_VERSION=3.9.15 pyenv exec pip --disable-pip-version-check install --use-pep517 -r "requirements.txt"
|
24
|
+
PYENV_VERSION=3.8.15 pyenv exec pip --disable-pip-version-check install --use-pep517 -r "requirements.txt"
|
25
|
+
PYENV_VERSION=3.7.15 pyenv exec pip --disable-pip-version-check install --use-pep517 -r "requirements.txt"
|
data/helpers/lib/parser.py
CHANGED
@@ -49,10 +49,17 @@ def parse_pep621_dependencies(pyproject_path):
|
|
49
49
|
|
50
50
|
return requirement_packages
|
51
51
|
|
52
|
-
dependencies =
|
53
|
-
|
54
|
-
|
55
|
-
|
52
|
+
dependencies = []
|
53
|
+
|
54
|
+
if 'dependencies' in project_toml:
|
55
|
+
dependencies_toml = project_toml['dependencies']
|
56
|
+
|
57
|
+
runtime_dependencies = parse_toml_section_pep621_dependencies(
|
58
|
+
pyproject_path,
|
59
|
+
dependencies_toml
|
60
|
+
)
|
61
|
+
|
62
|
+
dependencies.extend(runtime_dependencies)
|
56
63
|
|
57
64
|
if 'optional-dependencies' in project_toml:
|
58
65
|
optional_dependencies_toml = project_toml['optional-dependencies']
|
data/helpers/requirements.txt
CHANGED
@@ -1,5 +1,5 @@
|
|
1
1
|
pip>=21.3.1,<22.4.0 # Range maintains py36 support TODO: Review python 3.6 support in April 2023 (eol ubuntu 18.04)
|
2
|
-
pip-tools>=6.4.0,<6.
|
2
|
+
pip-tools>=6.4.0,<6.10.1 # Range maintains py36 support TODO: Review python 3.6 support in April 2023 (eol ubuntu 18.04)
|
3
3
|
flake8==5.0.4
|
4
4
|
hashin==0.17.0
|
5
5
|
pipenv==2022.4.8
|
@@ -126,7 +126,8 @@ module Dependabot
|
|
126
126
|
end
|
127
127
|
|
128
128
|
def using_pep621?
|
129
|
-
!parsed_pyproject.dig("project", "dependencies").nil?
|
129
|
+
!parsed_pyproject.dig("project", "dependencies").nil? ||
|
130
|
+
!parsed_pyproject.dig("project", "optional-dependencies").nil?
|
130
131
|
end
|
131
132
|
|
132
133
|
def using_pdm?
|
@@ -168,7 +168,7 @@ module Dependabot
|
|
168
168
|
end
|
169
169
|
|
170
170
|
def run_pip_compile_command(command, allow_unsafe_shell_command: false)
|
171
|
-
run_command("pyenv local #{python_version}")
|
171
|
+
run_command("pyenv local #{Helpers.python_major_minor(python_version)}")
|
172
172
|
run_command(
|
173
173
|
command,
|
174
174
|
allow_unsafe_shell_command: allow_unsafe_shell_command
|
@@ -198,7 +198,7 @@ module Dependabot
|
|
198
198
|
end
|
199
199
|
|
200
200
|
# Overwrite the .python-version with updated content
|
201
|
-
File.write(".python-version", python_version)
|
201
|
+
File.write(".python-version", Helpers.python_major_minor(python_version))
|
202
202
|
|
203
203
|
setup_files.each do |file|
|
204
204
|
path = file.name
|
@@ -133,6 +133,7 @@ module Dependabot
|
|
133
133
|
content = freeze_other_dependencies(content)
|
134
134
|
content = freeze_dependencies_being_updated(content)
|
135
135
|
content = add_private_sources(content)
|
136
|
+
content = update_python_requirement(content)
|
136
137
|
content
|
137
138
|
end
|
138
139
|
|
@@ -142,6 +143,12 @@ module Dependabot
|
|
142
143
|
freeze_top_level_dependencies_except(dependencies)
|
143
144
|
end
|
144
145
|
|
146
|
+
def update_python_requirement(pipfile_content)
|
147
|
+
PipfilePreparer.
|
148
|
+
new(pipfile_content: pipfile_content).
|
149
|
+
update_python_requirement(Helpers.python_major_minor(python_version))
|
150
|
+
end
|
151
|
+
|
145
152
|
# rubocop:disable Metrics/PerceivedComplexity
|
146
153
|
def freeze_dependencies_being_updated(pipfile_content)
|
147
154
|
pipfile_object = TomlRB.parse(pipfile_content)
|
@@ -246,7 +253,7 @@ module Dependabot
|
|
246
253
|
def run_command(command, env: {})
|
247
254
|
start = Time.now
|
248
255
|
command = SharedHelpers.escape_command(command)
|
249
|
-
stdout, process = Open3.
|
256
|
+
stdout, _, process = Open3.capture3(env, command)
|
250
257
|
time_taken = Time.now - start
|
251
258
|
|
252
259
|
# Raise an error with the output from the shell session if Pipenv
|
@@ -264,7 +271,7 @@ module Dependabot
|
|
264
271
|
end
|
265
272
|
|
266
273
|
def run_pipenv_command(command, env: pipenv_env_variables)
|
267
|
-
run_command("pyenv local #{python_version}")
|
274
|
+
run_command("pyenv local #{Helpers.python_major_minor(python_version)}")
|
268
275
|
run_command(command, env: env)
|
269
276
|
end
|
270
277
|
|
@@ -276,7 +283,7 @@ module Dependabot
|
|
276
283
|
end
|
277
284
|
|
278
285
|
# Overwrite the .python-version with updated content
|
279
|
-
File.write(".python-version", python_version)
|
286
|
+
File.write(".python-version", Helpers.python_major_minor(python_version))
|
280
287
|
|
281
288
|
setup_files.each do |file|
|
282
289
|
path = file.name
|
@@ -70,10 +70,12 @@ module Dependabot
|
|
70
70
|
pipfile_object = TomlRB.parse(pipfile_content)
|
71
71
|
|
72
72
|
pipfile_object["requires"] ||= {}
|
73
|
-
pipfile_object
|
74
|
-
|
75
|
-
pipfile_object
|
76
|
-
|
73
|
+
if pipfile_object.dig("requires", "python_full_version") && pipfile_object.dig("requires", "python_version")
|
74
|
+
pipfile_object["requires"].delete("python_full_version")
|
75
|
+
elsif pipfile_object.dig("requires", "python_full_version")
|
76
|
+
pipfile_object["requires"].delete("python_full_version")
|
77
|
+
pipfile_object["requires"]["python_version"] = requirement
|
78
|
+
end
|
77
79
|
TomlRB.dump(pipfile_object)
|
78
80
|
end
|
79
81
|
|
@@ -106,6 +106,7 @@ module Dependabot
|
|
106
106
|
content = sanitize(content)
|
107
107
|
content = freeze_other_dependencies(content)
|
108
108
|
content = freeze_dependencies_being_updated(content)
|
109
|
+
content = update_python_requirement(content)
|
109
110
|
content
|
110
111
|
end
|
111
112
|
end
|
@@ -131,6 +132,12 @@ module Dependabot
|
|
131
132
|
TomlRB.dump(pyproject_object)
|
132
133
|
end
|
133
134
|
|
135
|
+
def update_python_requirement(pyproject_content)
|
136
|
+
PyprojectPreparer.
|
137
|
+
new(pyproject_content: pyproject_content).
|
138
|
+
update_python_requirement(Helpers.python_major_minor(python_version))
|
139
|
+
end
|
140
|
+
|
134
141
|
def lock_declaration_to_new_version!(poetry_object, dep)
|
135
142
|
Dependabot::Python::FileParser::PyprojectFilesParser::POETRY_DEPENDENCY_TYPES.each do |type|
|
136
143
|
names = poetry_object[type]&.keys || []
|
@@ -221,7 +228,7 @@ module Dependabot
|
|
221
228
|
end
|
222
229
|
|
223
230
|
# Overwrite the .python-version with updated content
|
224
|
-
File.write(".python-version", python_version) if python_version
|
231
|
+
File.write(".python-version", Helpers.python_major_minor(python_version)) if python_version
|
225
232
|
|
226
233
|
# Overwrite the pyproject with updated content
|
227
234
|
File.write("pyproject.toml", pyproject_content)
|
@@ -36,6 +36,17 @@ module Dependabot
|
|
36
36
|
end
|
37
37
|
end
|
38
38
|
|
39
|
+
def update_python_requirement(requirement)
|
40
|
+
pyproject_object = TomlRB.parse(@pyproject_content)
|
41
|
+
if (python_specification = pyproject_object.dig("tool", "poetry", "dependencies", "python"))
|
42
|
+
python_req = Python::Requirement.new(python_specification)
|
43
|
+
unless python_req.satisfied_by?(requirement)
|
44
|
+
pyproject_object["tool"]["poetry"]["dependencies"]["python"] = "~#{requirement}"
|
45
|
+
end
|
46
|
+
end
|
47
|
+
TomlRB.dump(pyproject_object)
|
48
|
+
end
|
49
|
+
|
39
50
|
def sanitize
|
40
51
|
# {{ name }} syntax not allowed
|
41
52
|
pyproject_content.
|
@@ -72,6 +83,10 @@ module Dependabot
|
|
72
83
|
}
|
73
84
|
elsif poetry_object[key][dep_name].is_a?(Hash)
|
74
85
|
poetry_object[key][dep_name]["version"] = locked_version
|
86
|
+
elsif poetry_object[key][dep_name].is_a?(Array)
|
87
|
+
# if it has multiple-constraints, locking to a single version is
|
88
|
+
# going to result in a bad lockfile, ignore
|
89
|
+
next
|
75
90
|
else
|
76
91
|
poetry_object[key][dep_name] = locked_version
|
77
92
|
end
|
@@ -1,19 +1,36 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
require "dependabot/logger"
|
4
|
+
require "dependabot/python/version"
|
4
5
|
|
5
6
|
module Dependabot
|
6
7
|
module Python
|
7
8
|
module Helpers
|
8
9
|
def self.install_required_python(python_version)
|
9
10
|
# The leading space is important in the version check
|
10
|
-
return if SharedHelpers.run_shell_command("pyenv versions").include?(" #{python_version}")
|
11
|
+
return if SharedHelpers.run_shell_command("pyenv versions").include?(" #{python_major_minor(python_version)}.")
|
12
|
+
|
13
|
+
if File.exist?("/usr/local/.pyenv/#{python_major_minor(python_version)}.tar.gz")
|
14
|
+
SharedHelpers.run_shell_command(
|
15
|
+
"tar xzf /usr/local/.pyenv/#{python_major_minor(python_version)}.tar.gz -C /usr/local/.pyenv/"
|
16
|
+
)
|
17
|
+
return if SharedHelpers.run_shell_command("pyenv versions").
|
18
|
+
include?(" #{python_major_minor(python_version)}.")
|
19
|
+
end
|
11
20
|
|
12
21
|
Dependabot.logger.info("Installing required Python #{python_version}.")
|
22
|
+
start = Time.now
|
13
23
|
SharedHelpers.run_shell_command("pyenv install -s #{python_version}")
|
14
24
|
SharedHelpers.run_shell_command("pyenv exec pip install --upgrade pip")
|
15
25
|
SharedHelpers.run_shell_command("pyenv exec pip install -r" \
|
16
26
|
"#{NativeHelpers.python_requirements_path}")
|
27
|
+
time_taken = Time.now - start
|
28
|
+
Dependabot.logger.info("Installing Python #{python_version} took #{time_taken}s.")
|
29
|
+
end
|
30
|
+
|
31
|
+
def self.python_major_minor(python_version)
|
32
|
+
python = Python::Version.new(python_version)
|
33
|
+
"#{python.segments[0]}.#{python.segments[1]}"
|
17
34
|
end
|
18
35
|
end
|
19
36
|
end
|
@@ -4,18 +4,22 @@ module Dependabot
|
|
4
4
|
module Python
|
5
5
|
module PythonVersions
|
6
6
|
PRE_INSTALLED_PYTHON_VERSIONS = %w(
|
7
|
-
3.
|
7
|
+
3.11.0
|
8
8
|
).freeze
|
9
9
|
|
10
10
|
# Due to an OpenSSL issue we can only install the following versions in
|
11
11
|
# the Dependabot container.
|
12
|
+
# NOTE: When adding one version, always doublecheck for additional releases: https://www.python.org/downloads/
|
13
|
+
#
|
14
|
+
# WARNING: 3.9.3 is purposefully omitted as it was recalled: https://www.python.org/downloads/release/python-393/
|
12
15
|
SUPPORTED_VERSIONS = %w(
|
13
|
-
3.
|
14
|
-
3.
|
15
|
-
3.
|
16
|
-
3.
|
17
|
-
3.
|
18
|
-
3.6.
|
16
|
+
3.11.0
|
17
|
+
3.10.8 3.10.7 3.10.6 3.10.5 3.10.4 3.10.3 3.10.2 3.10.1 3.10.0
|
18
|
+
3.9.15 3.9.14 3.9.13 3.9.12 3.9.11 3.9.10 3.9.9 3.9.8 3.9.7 3.9.6 3.9.5 3.9.4 3.9.2 3.9.1 3.9.0
|
19
|
+
3.8.15 3.8.14 3.8.13 3.8.12 3.8.11 3.8.10 3.8.9 3.8.8 3.8.7 3.8.6 3.8.5 3.8.4 3.8.3 3.8.2 3.8.1 3.8.0
|
20
|
+
3.7.15 3.7.14 3.7.13 3.7.12 3.7.11 3.7.10 3.7.9 3.7.8 3.7.7 3.7.6 3.7.5 3.7.4 3.7.3 3.7.2 3.7.1 3.7.0
|
21
|
+
3.6.15 3.6.14 3.6.13 3.6.12 3.6.11 3.6.10 3.6.9 3.6.8 3.6.7 3.6.6 3.6.5 3.6.4 3.6.3 3.6.2 3.6.1 3.6.0
|
22
|
+
3.5.10 3.5.8 3.5.7 3.5.6 3.5.5 3.5.4 3.5.3
|
19
23
|
).freeze
|
20
24
|
|
21
25
|
# This list gets iterated through to find a valid version, so we have
|
@@ -112,9 +112,9 @@ module Dependabot
|
|
112
112
|
end
|
113
113
|
|
114
114
|
def filter_lower_versions(versions_array)
|
115
|
-
return versions_array unless dependency.
|
115
|
+
return versions_array unless dependency.numeric_version
|
116
116
|
|
117
|
-
versions_array.select { |version| version >
|
117
|
+
versions_array.select { |version| version > dependency.numeric_version }
|
118
118
|
end
|
119
119
|
|
120
120
|
def filter_out_of_range_versions(versions_array)
|
@@ -254,7 +254,7 @@ module Dependabot
|
|
254
254
|
end
|
255
255
|
|
256
256
|
def run_pip_compile_command(command)
|
257
|
-
run_command("pyenv local #{python_version}")
|
257
|
+
run_command("pyenv local #{Helpers.python_major_minor(python_version)}")
|
258
258
|
run_command(command)
|
259
259
|
end
|
260
260
|
|
@@ -298,7 +298,7 @@ module Dependabot
|
|
298
298
|
end
|
299
299
|
|
300
300
|
# Overwrite the .python-version with updated content
|
301
|
-
File.write(".python-version", python_version)
|
301
|
+
File.write(".python-version", Helpers.python_major_minor(python_version))
|
302
302
|
|
303
303
|
setup_files.each do |file|
|
304
304
|
path = file.name
|
@@ -290,7 +290,7 @@ module Dependabot
|
|
290
290
|
end
|
291
291
|
|
292
292
|
# Overwrite the .python-version with updated content
|
293
|
-
File.write(".python-version", python_version)
|
293
|
+
File.write(".python-version", Helpers.python_major_minor(python_version))
|
294
294
|
|
295
295
|
setup_files.each do |file|
|
296
296
|
path = file.name
|
@@ -341,6 +341,7 @@ module Dependabot
|
|
341
341
|
content = freeze_other_dependencies(content)
|
342
342
|
content = set_target_dependency_req(content, updated_requirement)
|
343
343
|
content = add_private_sources(content)
|
344
|
+
content = update_python_requirement(content)
|
344
345
|
content
|
345
346
|
end
|
346
347
|
|
@@ -350,6 +351,12 @@ module Dependabot
|
|
350
351
|
freeze_top_level_dependencies_except([dependency])
|
351
352
|
end
|
352
353
|
|
354
|
+
def update_python_requirement(pipfile_content)
|
355
|
+
Python::FileUpdater::PipfilePreparer.
|
356
|
+
new(pipfile_content: pipfile_content).
|
357
|
+
update_python_requirement(Helpers.python_major_minor(python_version))
|
358
|
+
end
|
359
|
+
|
353
360
|
# rubocop:disable Metrics/PerceivedComplexity
|
354
361
|
def set_target_dependency_req(pipfile_content, updated_requirement)
|
355
362
|
return pipfile_content unless updated_requirement
|
@@ -461,7 +468,7 @@ module Dependabot
|
|
461
468
|
end
|
462
469
|
|
463
470
|
def run_pipenv_command(command, env: pipenv_env_variables)
|
464
|
-
run_command("pyenv local #{python_version}")
|
471
|
+
run_command("pyenv local #{Helpers.python_major_minor(python_version)}")
|
465
472
|
run_command(command, env: env)
|
466
473
|
end
|
467
474
|
|
@@ -202,7 +202,7 @@ module Dependabot
|
|
202
202
|
end
|
203
203
|
|
204
204
|
# Overwrite the .python-version with updated content
|
205
|
-
File.write(".python-version", python_version) if python_version
|
205
|
+
File.write(".python-version", Helpers.python_major_minor(python_version)) if python_version
|
206
206
|
|
207
207
|
# Overwrite the pyproject with updated content
|
208
208
|
if update_pyproject
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-python
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.214.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-12-01 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.214.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.214.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -58,14 +58,14 @@ dependencies:
|
|
58
58
|
requirements:
|
59
59
|
- - "~>"
|
60
60
|
- !ruby/object:Gem::Version
|
61
|
-
version:
|
61
|
+
version: 4.0.0
|
62
62
|
type: :development
|
63
63
|
prerelease: false
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
65
65
|
requirements:
|
66
66
|
- - "~>"
|
67
67
|
- !ruby/object:Gem::Version
|
68
|
-
version:
|
68
|
+
version: 4.0.0
|
69
69
|
- !ruby/object:Gem::Dependency
|
70
70
|
name: rake
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|
@@ -114,14 +114,14 @@ dependencies:
|
|
114
114
|
requirements:
|
115
115
|
- - "~>"
|
116
116
|
- !ruby/object:Gem::Version
|
117
|
-
version: 1.
|
117
|
+
version: 1.39.0
|
118
118
|
type: :development
|
119
119
|
prerelease: false
|
120
120
|
version_requirements: !ruby/object:Gem::Requirement
|
121
121
|
requirements:
|
122
122
|
- - "~>"
|
123
123
|
- !ruby/object:Gem::Version
|
124
|
-
version: 1.
|
124
|
+
version: 1.39.0
|
125
125
|
- !ruby/object:Gem::Dependency
|
126
126
|
name: rubocop-performance
|
127
127
|
requirement: !ruby/object:Gem::Requirement
|