dependabot-python 0.214.0 → 0.215.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/requirements.txt +1 -1
- data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb +33 -11
- data/lib/dependabot/python/file_updater/poetry_file_updater.rb +8 -4
- data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb +31 -7
- data/lib/dependabot/python/update_checker/poetry_version_resolver.rb +9 -5
- data/lib/dependabot/python/update_checker.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: bb146c09fb17142425be804da23abdf95e938a9c8e70c8b95697ebdbc55f89c3
|
4
|
+
data.tar.gz: d0b61ca9973b582448c78edecb798b500806b6eb5805f7236ae87703255ad953
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e023894b96f723c3cf3d812a959b35f9a1d9de5b33981c2090af0b0ba259376e83f5dc728cd3e06c5f3aceb39c6ce1181e6ed8eb10d8d1d0a9e0e216698a24fa
|
7
|
+
data.tar.gz: bfeafe03ba027242f9a1327f1aee036768ea693cffb08e485062879829109f956dcd8b77b7a24c3bde2eb289b50d9b57717216a199e107df221c8a391de8ecea
|
data/helpers/requirements.txt
CHANGED
@@ -1,5 +1,5 @@
|
|
1
1
|
pip>=21.3.1,<22.4.0 # Range maintains py36 support TODO: Review python 3.6 support in April 2023 (eol ubuntu 18.04)
|
2
|
-
pip-tools>=6.4.0,<6.
|
2
|
+
pip-tools>=6.4.0,<6.11.1 # Range maintains py36 support TODO: Review python 3.6 support in April 2023 (eol ubuntu 18.04)
|
3
3
|
flake8==5.0.4
|
4
4
|
hashin==0.17.0
|
5
5
|
pipenv==2022.4.8
|
@@ -71,15 +71,25 @@ module Dependabot
|
|
71
71
|
filenames_to_compile.each do |filename|
|
72
72
|
# Shell out to pip-compile, generate a new set of requirements.
|
73
73
|
# This is slow, as pip-compile needs to do installs.
|
74
|
+
options = pip_compile_options(filename)
|
75
|
+
options_fingerprint = pip_compile_options_fingerprint(options)
|
76
|
+
|
74
77
|
name_part = "pyenv exec pip-compile " \
|
75
|
-
"#{
|
78
|
+
"#{options} -P " \
|
76
79
|
"#{dependency.name}"
|
80
|
+
fingerprint_name_part = "pyenv exec pip-compile " \
|
81
|
+
"#{options_fingerprint} -P " \
|
82
|
+
"<dependency_name>"
|
83
|
+
|
77
84
|
version_part = "#{dependency.version} #{filename}"
|
85
|
+
fingerprint_version_part = "<dependency_version> <filename>"
|
86
|
+
|
78
87
|
# Don't escape pyenv `dep-name==version` syntax
|
79
88
|
run_pip_compile_command(
|
80
89
|
"#{SharedHelpers.escape_command(name_part)}==" \
|
81
90
|
"#{SharedHelpers.escape_command(version_part)}",
|
82
|
-
allow_unsafe_shell_command: true
|
91
|
+
allow_unsafe_shell_command: true,
|
92
|
+
fingerprint: "#{fingerprint_name_part}==#{fingerprint_version_part}"
|
83
93
|
)
|
84
94
|
end
|
85
95
|
|
@@ -137,7 +147,7 @@ module Dependabot
|
|
137
147
|
).updated_dependency_files
|
138
148
|
end
|
139
149
|
|
140
|
-
def run_command(cmd, env: python_env, allow_unsafe_shell_command: false)
|
150
|
+
def run_command(cmd, env: python_env, allow_unsafe_shell_command: false, fingerprint:)
|
141
151
|
start = Time.now
|
142
152
|
command = if allow_unsafe_shell_command
|
143
153
|
cmd
|
@@ -149,10 +159,6 @@ module Dependabot
|
|
149
159
|
|
150
160
|
return stdout if process.success?
|
151
161
|
|
152
|
-
handle_pip_errors(stdout, command, time_taken, process.to_s)
|
153
|
-
end
|
154
|
-
|
155
|
-
def handle_pip_errors(stdout, command, time_taken, exit_value)
|
156
162
|
if stdout.match?(INCOMPATIBLE_VERSIONS_REGEX)
|
157
163
|
raise DependencyFileNotResolvable, stdout.match(INCOMPATIBLE_VERSIONS_REGEX)
|
158
164
|
end
|
@@ -161,17 +167,23 @@ module Dependabot
|
|
161
167
|
message: stdout,
|
162
168
|
error_context: {
|
163
169
|
command: command,
|
170
|
+
fingerprint: fingerprint,
|
164
171
|
time_taken: time_taken,
|
165
|
-
process_exit_value:
|
172
|
+
process_exit_value: process.to_s
|
166
173
|
}
|
167
174
|
)
|
168
175
|
end
|
169
176
|
|
170
|
-
def run_pip_compile_command(command, allow_unsafe_shell_command: false)
|
171
|
-
run_command(
|
177
|
+
def run_pip_compile_command(command, allow_unsafe_shell_command: false, fingerprint:)
|
178
|
+
run_command(
|
179
|
+
"pyenv local #{Helpers.python_major_minor(python_version)}",
|
180
|
+
fingerprint: "pyenv local <python_major_minor>"
|
181
|
+
)
|
182
|
+
|
172
183
|
run_command(
|
173
184
|
command,
|
174
|
-
allow_unsafe_shell_command: allow_unsafe_shell_command
|
185
|
+
allow_unsafe_shell_command: allow_unsafe_shell_command,
|
186
|
+
fingerprint: fingerprint
|
175
187
|
)
|
176
188
|
end
|
177
189
|
|
@@ -391,6 +403,16 @@ module Dependabot
|
|
391
403
|
current_separator || default_separator
|
392
404
|
end
|
393
405
|
|
406
|
+
def pip_compile_options_fingerprint(options)
|
407
|
+
options.sub(
|
408
|
+
/--output-file=\S+/, "--output-file=<output_file>"
|
409
|
+
).sub(
|
410
|
+
/--index-url=\S+/, "--index-url=<index_url>"
|
411
|
+
).sub(
|
412
|
+
/--extra-index-url=\S+/, "--extra-index-url=<extra_index_url>"
|
413
|
+
)
|
414
|
+
end
|
415
|
+
|
394
416
|
def pip_compile_options(filename)
|
395
417
|
options = ["--build-isolation"]
|
396
418
|
options += pip_compile_index_options
|
@@ -185,7 +185,7 @@ module Dependabot
|
|
185
185
|
run_poetry_command("pyenv exec poetry config experimental.system-git-client true")
|
186
186
|
end
|
187
187
|
|
188
|
-
|
188
|
+
run_poetry_update_command
|
189
189
|
|
190
190
|
return File.read("poetry.lock") if File.exist?("poetry.lock")
|
191
191
|
|
@@ -196,11 +196,14 @@ module Dependabot
|
|
196
196
|
|
197
197
|
# Using `--lock` avoids doing an install.
|
198
198
|
# Using `--no-interaction` avoids asking for passwords.
|
199
|
-
def
|
200
|
-
|
199
|
+
def run_poetry_update_command
|
200
|
+
run_poetry_command(
|
201
|
+
"pyenv exec poetry update #{dependency.name} --lock --no-interaction",
|
202
|
+
fingerprint: "pyenv exec poetry update <dependency_name> --lock --no-interaction"
|
203
|
+
)
|
201
204
|
end
|
202
205
|
|
203
|
-
def run_poetry_command(command)
|
206
|
+
def run_poetry_command(command, fingerprint: nil)
|
204
207
|
start = Time.now
|
205
208
|
command = SharedHelpers.escape_command(command)
|
206
209
|
stdout, process = Open3.capture2e(command)
|
@@ -214,6 +217,7 @@ module Dependabot
|
|
214
217
|
message: stdout,
|
215
218
|
error_context: {
|
216
219
|
command: command,
|
220
|
+
fingerprint: fingerprint,
|
217
221
|
time_taken: time_taken,
|
218
222
|
process_exit_value: process.to_s
|
219
223
|
}
|
@@ -76,8 +76,12 @@ module Dependabot
|
|
76
76
|
filenames_to_compile.each do |filename|
|
77
77
|
# Shell out to pip-compile.
|
78
78
|
# This is slow, as pip-compile needs to do installs.
|
79
|
+
options = pip_compile_options(filename)
|
80
|
+
options_fingerprint = pip_compile_options_fingerprint(options)
|
81
|
+
|
79
82
|
run_pip_compile_command(
|
80
|
-
"pyenv exec pip-compile -v #{
|
83
|
+
"pyenv exec pip-compile -v #{options} -P #{dependency.name} #{filename}",
|
84
|
+
fingerprint: "pyenv exec pip-compile -v #{options_fingerprint} -P <dependency_name> <filename>"
|
81
85
|
)
|
82
86
|
|
83
87
|
next if dependency.top_level?
|
@@ -91,7 +95,8 @@ module Dependabot
|
|
91
95
|
# update_not_possible.
|
92
96
|
write_original_manifest_files
|
93
97
|
run_pip_compile_command(
|
94
|
-
"pyenv exec pip-compile #{
|
98
|
+
"pyenv exec pip-compile #{options} #{filename}",
|
99
|
+
fingerprint: "pyenv exec pip-compile #{options_fingerprint} <filename>"
|
95
100
|
)
|
96
101
|
end
|
97
102
|
|
@@ -183,8 +188,12 @@ module Dependabot
|
|
183
188
|
write_temporary_dependency_files(update_requirement: false)
|
184
189
|
|
185
190
|
filenames_to_compile.each do |filename|
|
191
|
+
options = pip_compile_options(filename)
|
192
|
+
options_fingerprint = pip_compile_options_fingerprint(options)
|
193
|
+
|
186
194
|
run_pip_compile_command(
|
187
|
-
"pyenv exec pip-compile #{
|
195
|
+
"pyenv exec pip-compile #{options} #{filename}",
|
196
|
+
fingerprint: "pyenv exec pip-compile #{options_fingerprint} <filename>"
|
188
197
|
)
|
189
198
|
end
|
190
199
|
|
@@ -204,7 +213,7 @@ module Dependabot
|
|
204
213
|
end
|
205
214
|
end
|
206
215
|
|
207
|
-
def run_command(command, env: python_env)
|
216
|
+
def run_command(command, env: python_env, fingerprint:)
|
208
217
|
start = Time.now
|
209
218
|
command = SharedHelpers.escape_command(command)
|
210
219
|
stdout, process = Open3.capture2e(env, command)
|
@@ -216,6 +225,7 @@ module Dependabot
|
|
216
225
|
message: stdout,
|
217
226
|
error_context: {
|
218
227
|
command: command,
|
228
|
+
fingerprint: fingerprint,
|
219
229
|
time_taken: time_taken,
|
220
230
|
process_exit_value: process.to_s
|
221
231
|
}
|
@@ -226,6 +236,16 @@ module Dependabot
|
|
226
236
|
python_version >= Python::Version.new("3.7")
|
227
237
|
end
|
228
238
|
|
239
|
+
def pip_compile_options_fingerprint(options)
|
240
|
+
options.sub(
|
241
|
+
/--output-file=\S+/, "--output-file=<output_file>"
|
242
|
+
).sub(
|
243
|
+
/--index-url=\S+/, "--index-url=<index_url>"
|
244
|
+
).sub(
|
245
|
+
/--extra-index-url=\S+/, "--extra-index-url=<extra_index_url>"
|
246
|
+
)
|
247
|
+
end
|
248
|
+
|
229
249
|
def pip_compile_options(filename)
|
230
250
|
options = @build_isolation ? ["--build-isolation"] : ["--no-build-isolation"]
|
231
251
|
options += pip_compile_index_options
|
@@ -253,9 +273,13 @@ module Dependabot
|
|
253
273
|
end
|
254
274
|
end
|
255
275
|
|
256
|
-
def run_pip_compile_command(command)
|
257
|
-
run_command(
|
258
|
-
|
276
|
+
def run_pip_compile_command(command, fingerprint:)
|
277
|
+
run_command(
|
278
|
+
"pyenv local #{Helpers.python_major_minor(python_version)}",
|
279
|
+
fingerprint: "pyenv local <python_major_minor>"
|
280
|
+
)
|
281
|
+
|
282
|
+
run_command(command, fingerprint: fingerprint)
|
259
283
|
end
|
260
284
|
|
261
285
|
def python_env
|
@@ -100,7 +100,7 @@ module Dependabot
|
|
100
100
|
end
|
101
101
|
|
102
102
|
# Shell out to Poetry, which handles everything for us.
|
103
|
-
|
103
|
+
run_poetry_update_command
|
104
104
|
|
105
105
|
updated_lockfile =
|
106
106
|
if File.exist?("poetry.lock") then File.read("poetry.lock")
|
@@ -163,8 +163,11 @@ module Dependabot
|
|
163
163
|
|
164
164
|
# Using `--lock` avoids doing an install.
|
165
165
|
# Using `--no-interaction` avoids asking for passwords.
|
166
|
-
def
|
167
|
-
|
166
|
+
def run_poetry_update_command
|
167
|
+
run_poetry_command(
|
168
|
+
"pyenv exec poetry update #{dependency.name} --lock --no-interaction",
|
169
|
+
fingerprint: "pyenv exec poetry update <dependency_name> --lock --no-interaction"
|
170
|
+
)
|
168
171
|
end
|
169
172
|
|
170
173
|
def check_original_requirements_resolvable
|
@@ -174,7 +177,7 @@ module Dependabot
|
|
174
177
|
SharedHelpers.with_git_configured(credentials: credentials) do
|
175
178
|
write_temporary_dependency_files(update_pyproject: false)
|
176
179
|
|
177
|
-
|
180
|
+
run_poetry_update_command
|
178
181
|
|
179
182
|
@original_reqs_resolvable = true
|
180
183
|
rescue SharedHelpers::HelperSubprocessFailed => e
|
@@ -331,7 +334,7 @@ module Dependabot
|
|
331
334
|
poetry_lock || pyproject_lock
|
332
335
|
end
|
333
336
|
|
334
|
-
def run_poetry_command(command)
|
337
|
+
def run_poetry_command(command, fingerprint: nil)
|
335
338
|
start = Time.now
|
336
339
|
command = SharedHelpers.escape_command(command)
|
337
340
|
stdout, process = Open3.capture2e(command)
|
@@ -345,6 +348,7 @@ module Dependabot
|
|
345
348
|
message: stdout,
|
346
349
|
error_context: {
|
347
350
|
command: command,
|
351
|
+
fingerprint: fingerprint,
|
348
352
|
time_taken: time_taken,
|
349
353
|
process_exit_value: process.to_s
|
350
354
|
}
|
@@ -292,7 +292,7 @@ module Dependabot
|
|
292
292
|
|
293
293
|
pypi_info = JSON.parse(index_response.body)["info"] || {}
|
294
294
|
pypi_info["summary"] == library_details["description"]
|
295
|
-
rescue Excon::Error::Timeout
|
295
|
+
rescue Excon::Error::Timeout, Excon::Error::Socket
|
296
296
|
false
|
297
297
|
rescue URI::InvalidURIError
|
298
298
|
false
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-python
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.215.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-12-
|
11
|
+
date: 2022-12-07 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.215.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.215.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|