dependabot-python 0.248.0 → 0.249.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/helpers/lib/hasher.py +4 -3
- data/helpers/requirements.txt +3 -3
- data/lib/dependabot/python/file_parser/pyproject_files_parser.rb +3 -1
- data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb +3 -1
- data/lib/dependabot/python/file_updater/pipfile_file_updater.rb +4 -1
- data/lib/dependabot/python/file_updater/pipfile_manifest_updater.rb +2 -1
- data/lib/dependabot/python/file_updater/pipfile_preparer.rb +2 -1
- data/lib/dependabot/python/file_updater/poetry_file_updater.rb +3 -1
- data/lib/dependabot/python/file_updater/pyproject_preparer.rb +2 -1
- data/lib/dependabot/python/file_updater/requirement_file_updater.rb +3 -1
- data/lib/dependabot/python/file_updater/requirement_replacer.rb +5 -2
- data/lib/dependabot/python/file_updater/setup_file_sanitizer.rb +2 -1
- data/lib/dependabot/python/pipenv_runner.rb +3 -1
- data/lib/dependabot/python/update_checker/index_finder.rb +2 -1
- data/lib/dependabot/python/update_checker/latest_version_finder.rb +5 -2
- data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb +4 -1
- data/lib/dependabot/python/update_checker/pip_version_resolver.rb +5 -2
- data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb +4 -1
- data/lib/dependabot/python/update_checker/poetry_version_resolver.rb +4 -1
- data/lib/dependabot/python/update_checker/requirements_updater.rb +4 -2
- metadata +5 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ecba4569a39f8b421db58252a748e5b381663d08ea152f7575fd5c71df3ebdb8
|
4
|
+
data.tar.gz: adde88b59c21e6b7867fe8d4f60880043ca9d4eb7a1305d1fe1c08e6676b3fd2
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 245eefbf7638ea4da729d6e9e5412275a83fda9a25ccf1805a5e4f56b34afdd8fad49100765004f64855eec121683e7c15858af39f4055569580d3328245a6c6
|
7
|
+
data.tar.gz: 045742f071d3e7b187a02eea94a5825420d15da2b8f5a8ae9669f27ee05f42513612025b38359818da043f231cd01b3a3dc785b2661bffe4581db2cfc513dbae
|
data/helpers/lib/hasher.py
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
import hashin
|
2
2
|
import json
|
3
|
-
import
|
3
|
+
import plette
|
4
4
|
from poetry.factory import Factory
|
5
5
|
|
6
6
|
|
@@ -15,9 +15,10 @@ def get_dependency_hash(dependency_name, dependency_version, algorithm):
|
|
15
15
|
|
16
16
|
|
17
17
|
def get_pipfile_hash(directory):
|
18
|
-
|
18
|
+
with open(directory + '/Pipfile') as f:
|
19
|
+
pipfile = plette.Pipfile.load(f)
|
19
20
|
|
20
|
-
return json.dumps({"result":
|
21
|
+
return json.dumps({"result": pipfile.get_hash().value})
|
21
22
|
|
22
23
|
|
23
24
|
def get_pyproject_hash(directory):
|
data/helpers/requirements.txt
CHANGED
@@ -1,10 +1,10 @@
|
|
1
1
|
pip==23.3.2
|
2
2
|
pip-tools==7.4.1
|
3
3
|
flake8==7.0.0
|
4
|
-
hashin==0.
|
4
|
+
hashin==1.0.1
|
5
5
|
pipenv==2023.11.17
|
6
|
-
|
7
|
-
poetry==1.
|
6
|
+
plette==0.4.4
|
7
|
+
poetry==1.8.2
|
8
8
|
# TODO: Replace 3p package `toml` with 3.11's new stdlib `tomllib` once we drop support for Python 3.10.
|
9
9
|
toml==0.10.2
|
10
10
|
|
@@ -160,7 +160,9 @@ module Dependabot
|
|
160
160
|
end
|
161
161
|
|
162
162
|
def missing_poetry_keys
|
163
|
-
|
163
|
+
package_mode = poetry_root.fetch("package-mode", true)
|
164
|
+
required_keys = package_mode ? %w(name version description authors) : []
|
165
|
+
required_keys.reject { |key| poetry_root.key?(key) }
|
164
166
|
end
|
165
167
|
|
166
168
|
def using_pep621?
|
@@ -30,7 +30,9 @@ module Dependabot
|
|
30
30
|
NATIVE_COMPILATION_ERROR =
|
31
31
|
"pip._internal.exceptions.InstallationSubprocessError: Getting requirements to build wheel exited with 1"
|
32
32
|
|
33
|
-
attr_reader :dependencies
|
33
|
+
attr_reader :dependencies
|
34
|
+
attr_reader :dependency_files
|
35
|
+
attr_reader :credentials
|
34
36
|
|
35
37
|
def initialize(dependencies:, dependency_files:, credentials:)
|
36
38
|
@dependencies = dependencies
|
@@ -21,7 +21,10 @@ module Dependabot
|
|
21
21
|
|
22
22
|
DEPENDENCY_TYPES = %w(packages dev-packages).freeze
|
23
23
|
|
24
|
-
attr_reader :dependencies
|
24
|
+
attr_reader :dependencies
|
25
|
+
attr_reader :dependency_files
|
26
|
+
attr_reader :credentials
|
27
|
+
attr_reader :repo_contents_path
|
25
28
|
|
26
29
|
def initialize(dependencies:, dependency_files:, credentials:, repo_contents_path:)
|
27
30
|
@dependencies = dependencies
|
@@ -19,7 +19,9 @@ module Dependabot
|
|
19
19
|
class PoetryFileUpdater
|
20
20
|
require_relative "pyproject_preparer"
|
21
21
|
|
22
|
-
attr_reader :dependencies
|
22
|
+
attr_reader :dependencies
|
23
|
+
attr_reader :dependency_files
|
24
|
+
attr_reader :credentials
|
23
25
|
|
24
26
|
def initialize(dependencies:, dependency_files:, credentials:)
|
25
27
|
@dependencies = dependencies
|
@@ -12,7 +12,9 @@ module Dependabot
|
|
12
12
|
class RequirementFileUpdater
|
13
13
|
require_relative "requirement_replacer"
|
14
14
|
|
15
|
-
attr_reader :dependencies
|
15
|
+
attr_reader :dependencies
|
16
|
+
attr_reader :dependency_files
|
17
|
+
attr_reader :credentials
|
16
18
|
|
17
19
|
def initialize(dependencies:, dependency_files:, credentials:)
|
18
20
|
@dependencies = dependencies
|
@@ -38,8 +38,11 @@ module Dependabot
|
|
38
38
|
|
39
39
|
private
|
40
40
|
|
41
|
-
attr_reader :content
|
42
|
-
|
41
|
+
attr_reader :content
|
42
|
+
attr_reader :dependency_name
|
43
|
+
attr_reader :old_requirement
|
44
|
+
attr_reader :new_requirement
|
45
|
+
attr_reader :new_hash_version
|
43
46
|
|
44
47
|
def update_hashes?
|
45
48
|
!new_hash_version.nil?
|
@@ -41,7 +41,9 @@ module Dependabot
|
|
41
41
|
|
42
42
|
private
|
43
43
|
|
44
|
-
attr_reader :dependency
|
44
|
+
attr_reader :dependency
|
45
|
+
attr_reader :lockfile
|
46
|
+
attr_reader :language_version_manager
|
45
47
|
|
46
48
|
def fetch_version_from_parsed_lockfile(updated_lockfile)
|
47
49
|
deps = updated_lockfile[lockfile_section] || {}
|
@@ -49,8 +49,11 @@ module Dependabot
|
|
49
49
|
|
50
50
|
private
|
51
51
|
|
52
|
-
attr_reader :dependency
|
53
|
-
|
52
|
+
attr_reader :dependency
|
53
|
+
attr_reader :dependency_files
|
54
|
+
attr_reader :credentials
|
55
|
+
attr_reader :ignored_versions
|
56
|
+
attr_reader :security_advisories
|
54
57
|
|
55
58
|
def fetch_latest_version(python_version:)
|
56
59
|
versions = available_versions
|
@@ -33,7 +33,10 @@ module Dependabot
|
|
33
33
|
RESOLUTION_IMPOSSIBLE_ERROR = "ResolutionImpossible"
|
34
34
|
ERROR_REGEX = /(?<=ERROR\:\W).*$/
|
35
35
|
|
36
|
-
attr_reader :dependency
|
36
|
+
attr_reader :dependency
|
37
|
+
attr_reader :dependency_files
|
38
|
+
attr_reader :credentials
|
39
|
+
attr_reader :repo_contents_path
|
37
40
|
|
38
41
|
def initialize(dependency:, dependency_files:, credentials:, repo_contents_path:)
|
39
42
|
@dependency = dependency
|
@@ -37,8 +37,11 @@ module Dependabot
|
|
37
37
|
|
38
38
|
private
|
39
39
|
|
40
|
-
attr_reader :dependency
|
41
|
-
|
40
|
+
attr_reader :dependency
|
41
|
+
attr_reader :dependency_files
|
42
|
+
attr_reader :credentials
|
43
|
+
attr_reader :ignored_versions
|
44
|
+
attr_reader :security_advisories
|
42
45
|
|
43
46
|
def latest_version_finder
|
44
47
|
@latest_version_finder ||= LatestVersionFinder.new(
|
@@ -32,7 +32,10 @@ module Dependabot
|
|
32
32
|
|
33
33
|
PIPENV_RANGE_WARNING = /Warning:\sPython\s[<>].* was not found/
|
34
34
|
|
35
|
-
attr_reader :dependency
|
35
|
+
attr_reader :dependency
|
36
|
+
attr_reader :dependency_files
|
37
|
+
attr_reader :credentials
|
38
|
+
attr_reader :repo_contents_path
|
36
39
|
|
37
40
|
def initialize(dependency:, dependency_files:, credentials:, repo_contents_path:)
|
38
41
|
@dependency = dependency
|
@@ -38,7 +38,10 @@ module Dependabot
|
|
38
38
|
\s+check\syour\sgit\sconfiguration
|
39
39
|
/mx
|
40
40
|
|
41
|
-
attr_reader :dependency
|
41
|
+
attr_reader :dependency
|
42
|
+
attr_reader :dependency_files
|
43
|
+
attr_reader :credentials
|
44
|
+
attr_reader :repo_contents_path
|
42
45
|
|
43
46
|
def initialize(dependency:, dependency_files:, credentials:, repo_contents_path:)
|
44
47
|
@dependency = dependency
|
@@ -16,8 +16,10 @@ module Dependabot
|
|
16
16
|
|
17
17
|
class UnfixableRequirement < StandardError; end
|
18
18
|
|
19
|
-
attr_reader :requirements
|
20
|
-
|
19
|
+
attr_reader :requirements
|
20
|
+
attr_reader :update_strategy
|
21
|
+
attr_reader :has_lockfile
|
22
|
+
attr_reader :latest_resolvable_version
|
21
23
|
|
22
24
|
def initialize(requirements:, update_strategy:, has_lockfile:,
|
23
25
|
latest_resolvable_version:)
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-python
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.249.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-03-
|
11
|
+
date: 2024-03-28 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.249.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.249.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -288,7 +288,7 @@ licenses:
|
|
288
288
|
- Nonstandard
|
289
289
|
metadata:
|
290
290
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
291
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
291
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.249.0
|
292
292
|
post_install_message:
|
293
293
|
rdoc_options: []
|
294
294
|
require_paths:
|