dependabot-python 0.248.0 → 0.249.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 165e432faa4b40b16ac49232c58dbe9f6a1187bf063cf8c347ed683515f06577
4
- data.tar.gz: 0b22f327bbab4b6bc752b1784c02f756000aa21b043a049e34b445c820526056
3
+ metadata.gz: ecba4569a39f8b421db58252a748e5b381663d08ea152f7575fd5c71df3ebdb8
4
+ data.tar.gz: adde88b59c21e6b7867fe8d4f60880043ca9d4eb7a1305d1fe1c08e6676b3fd2
5
5
  SHA512:
6
- metadata.gz: 9dc8379104510deef1670b51c960a6a806263cfb47298447c550dd2b9d5b140f3e5f5f981e7038a0b18d3eee3e455e8ae52d3dfca63f5e3d5f9c403b3c270188
7
- data.tar.gz: d09814b8cbf11cad971a7188ae7db79772f5426bcdbaac9ccde586b5486695d251723a20430beb9f6e705cfce7622ef0c78150ee97f2648320f316ed4c5723a3
6
+ metadata.gz: 245eefbf7638ea4da729d6e9e5412275a83fda9a25ccf1805a5e4f56b34afdd8fad49100765004f64855eec121683e7c15858af39f4055569580d3328245a6c6
7
+ data.tar.gz: 045742f071d3e7b187a02eea94a5825420d15da2b8f5a8ae9669f27ee05f42513612025b38359818da043f231cd01b3a3dc785b2661bffe4581db2cfc513dbae
@@ -1,6 +1,6 @@
1
1
  import hashin
2
2
  import json
3
- import pipfile
3
+ import plette
4
4
  from poetry.factory import Factory
5
5
 
6
6
 
@@ -15,9 +15,10 @@ def get_dependency_hash(dependency_name, dependency_version, algorithm):
15
15
 
16
16
 
17
17
  def get_pipfile_hash(directory):
18
- p = pipfile.load(directory + '/Pipfile')
18
+ with open(directory + '/Pipfile') as f:
19
+ pipfile = plette.Pipfile.load(f)
19
20
 
20
- return json.dumps({"result": p.hash})
21
+ return json.dumps({"result": pipfile.get_hash().value})
21
22
 
22
23
 
23
24
  def get_pyproject_hash(directory):
@@ -1,10 +1,10 @@
1
1
  pip==23.3.2
2
2
  pip-tools==7.4.1
3
3
  flake8==7.0.0
4
- hashin==0.17.0
4
+ hashin==1.0.1
5
5
  pipenv==2023.11.17
6
- pipfile==0.0.2
7
- poetry==1.7.1
6
+ plette==0.4.4
7
+ poetry==1.8.2
8
8
  # TODO: Replace 3p package `toml` with 3.11's new stdlib `tomllib` once we drop support for Python 3.10.
9
9
  toml==0.10.2
10
10
 
@@ -160,7 +160,9 @@ module Dependabot
160
160
  end
161
161
 
162
162
  def missing_poetry_keys
163
- %w(name version description authors).reject { |key| poetry_root.key?(key) }
163
+ package_mode = poetry_root.fetch("package-mode", true)
164
+ required_keys = package_mode ? %w(name version description authors) : []
165
+ required_keys.reject { |key| poetry_root.key?(key) }
164
166
  end
165
167
 
166
168
  def using_pep621?
@@ -30,7 +30,9 @@ module Dependabot
30
30
  NATIVE_COMPILATION_ERROR =
31
31
  "pip._internal.exceptions.InstallationSubprocessError: Getting requirements to build wheel exited with 1"
32
32
 
33
- attr_reader :dependencies, :dependency_files, :credentials
33
+ attr_reader :dependencies
34
+ attr_reader :dependency_files
35
+ attr_reader :credentials
34
36
 
35
37
  def initialize(dependencies:, dependency_files:, credentials:)
36
38
  @dependencies = dependencies
@@ -21,7 +21,10 @@ module Dependabot
21
21
 
22
22
  DEPENDENCY_TYPES = %w(packages dev-packages).freeze
23
23
 
24
- attr_reader :dependencies, :dependency_files, :credentials, :repo_contents_path
24
+ attr_reader :dependencies
25
+ attr_reader :dependency_files
26
+ attr_reader :credentials
27
+ attr_reader :repo_contents_path
25
28
 
26
29
  def initialize(dependencies:, dependency_files:, credentials:, repo_contents_path:)
27
30
  @dependencies = dependencies
@@ -31,7 +31,8 @@ module Dependabot
31
31
 
32
32
  private
33
33
 
34
- attr_reader :dependencies, :manifest
34
+ attr_reader :dependencies
35
+ attr_reader :manifest
35
36
 
36
37
  def update_requirements(content:, dependency:)
37
38
  updated_content = content.dup
@@ -41,7 +41,8 @@ module Dependabot
41
41
 
42
42
  private
43
43
 
44
- attr_reader :pipfile_content, :lockfile
44
+ attr_reader :pipfile_content
45
+ attr_reader :lockfile
45
46
 
46
47
  def pipfile_sources
47
48
  @pipfile_sources ||= TomlRB.parse(pipfile_content).fetch("source", [])
@@ -19,7 +19,9 @@ module Dependabot
19
19
  class PoetryFileUpdater
20
20
  require_relative "pyproject_preparer"
21
21
 
22
- attr_reader :dependencies, :dependency_files, :credentials
22
+ attr_reader :dependencies
23
+ attr_reader :dependency_files
24
+ attr_reader :credentials
23
25
 
24
26
  def initialize(dependencies:, dependency_files:, credentials:)
25
27
  @dependencies = dependencies
@@ -103,7 +103,8 @@ module Dependabot
103
103
 
104
104
  private
105
105
 
106
- attr_reader :pyproject_content, :lockfile
106
+ attr_reader :pyproject_content
107
+ attr_reader :lockfile
107
108
 
108
109
  def locked_details(dep_name)
109
110
  parsed_lockfile.fetch("package")
@@ -12,7 +12,9 @@ module Dependabot
12
12
  class RequirementFileUpdater
13
13
  require_relative "requirement_replacer"
14
14
 
15
- attr_reader :dependencies, :dependency_files, :credentials
15
+ attr_reader :dependencies
16
+ attr_reader :dependency_files
17
+ attr_reader :credentials
16
18
 
17
19
  def initialize(dependencies:, dependency_files:, credentials:)
18
20
  @dependencies = dependencies
@@ -38,8 +38,11 @@ module Dependabot
38
38
 
39
39
  private
40
40
 
41
- attr_reader :content, :dependency_name, :old_requirement,
42
- :new_requirement, :new_hash_version
41
+ attr_reader :content
42
+ attr_reader :dependency_name
43
+ attr_reader :old_requirement
44
+ attr_reader :new_requirement
45
+ attr_reader :new_hash_version
43
46
 
44
47
  def update_hashes?
45
48
  !new_hash_version.nil?
@@ -31,7 +31,8 @@ module Dependabot
31
31
 
32
32
  private
33
33
 
34
- attr_reader :setup_file, :setup_cfg
34
+ attr_reader :setup_file
35
+ attr_reader :setup_cfg
35
36
 
36
37
  def include_pbr?
37
38
  setup_requires_array.any? { |d| d.start_with?("pbr") }
@@ -41,7 +41,9 @@ module Dependabot
41
41
 
42
42
  private
43
43
 
44
- attr_reader :dependency, :lockfile, :language_version_manager
44
+ attr_reader :dependency
45
+ attr_reader :lockfile
46
+ attr_reader :language_version_manager
45
47
 
46
48
  def fetch_version_from_parsed_lockfile(updated_lockfile)
47
49
  deps = updated_lockfile[lockfile_section] || {}
@@ -40,7 +40,8 @@ module Dependabot
40
40
 
41
41
  private
42
42
 
43
- attr_reader :dependency_files, :credentials
43
+ attr_reader :dependency_files
44
+ attr_reader :credentials
44
45
 
45
46
  def main_index_url
46
47
  url =
@@ -49,8 +49,11 @@ module Dependabot
49
49
 
50
50
  private
51
51
 
52
- attr_reader :dependency, :dependency_files, :credentials,
53
- :ignored_versions, :security_advisories
52
+ attr_reader :dependency
53
+ attr_reader :dependency_files
54
+ attr_reader :credentials
55
+ attr_reader :ignored_versions
56
+ attr_reader :security_advisories
54
57
 
55
58
  def fetch_latest_version(python_version:)
56
59
  versions = available_versions
@@ -33,7 +33,10 @@ module Dependabot
33
33
  RESOLUTION_IMPOSSIBLE_ERROR = "ResolutionImpossible"
34
34
  ERROR_REGEX = /(?<=ERROR\:\W).*$/
35
35
 
36
- attr_reader :dependency, :dependency_files, :credentials, :repo_contents_path
36
+ attr_reader :dependency
37
+ attr_reader :dependency_files
38
+ attr_reader :credentials
39
+ attr_reader :repo_contents_path
37
40
 
38
41
  def initialize(dependency:, dependency_files:, credentials:, repo_contents_path:)
39
42
  @dependency = dependency
@@ -37,8 +37,11 @@ module Dependabot
37
37
 
38
38
  private
39
39
 
40
- attr_reader :dependency, :dependency_files, :credentials,
41
- :ignored_versions, :security_advisories
40
+ attr_reader :dependency
41
+ attr_reader :dependency_files
42
+ attr_reader :credentials
43
+ attr_reader :ignored_versions
44
+ attr_reader :security_advisories
42
45
 
43
46
  def latest_version_finder
44
47
  @latest_version_finder ||= LatestVersionFinder.new(
@@ -32,7 +32,10 @@ module Dependabot
32
32
 
33
33
  PIPENV_RANGE_WARNING = /Warning:\sPython\s[<>].* was not found/
34
34
 
35
- attr_reader :dependency, :dependency_files, :credentials, :repo_contents_path
35
+ attr_reader :dependency
36
+ attr_reader :dependency_files
37
+ attr_reader :credentials
38
+ attr_reader :repo_contents_path
36
39
 
37
40
  def initialize(dependency:, dependency_files:, credentials:, repo_contents_path:)
38
41
  @dependency = dependency
@@ -38,7 +38,10 @@ module Dependabot
38
38
  \s+check\syour\sgit\sconfiguration
39
39
  /mx
40
40
 
41
- attr_reader :dependency, :dependency_files, :credentials, :repo_contents_path
41
+ attr_reader :dependency
42
+ attr_reader :dependency_files
43
+ attr_reader :credentials
44
+ attr_reader :repo_contents_path
42
45
 
43
46
  def initialize(dependency:, dependency_files:, credentials:, repo_contents_path:)
44
47
  @dependency = dependency
@@ -16,8 +16,10 @@ module Dependabot
16
16
 
17
17
  class UnfixableRequirement < StandardError; end
18
18
 
19
- attr_reader :requirements, :update_strategy, :has_lockfile,
20
- :latest_resolvable_version
19
+ attr_reader :requirements
20
+ attr_reader :update_strategy
21
+ attr_reader :has_lockfile
22
+ attr_reader :latest_resolvable_version
21
23
 
22
24
  def initialize(requirements:, update_strategy:, has_lockfile:,
23
25
  latest_resolvable_version:)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.248.0
4
+ version: 0.249.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-03-21 00:00:00.000000000 Z
11
+ date: 2024-03-28 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.248.0
19
+ version: 0.249.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.248.0
26
+ version: 0.249.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -288,7 +288,7 @@ licenses:
288
288
  - Nonstandard
289
289
  metadata:
290
290
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
291
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.248.0
291
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.249.0
292
292
  post_install_message:
293
293
  rdoc_options: []
294
294
  require_paths: