dependabot-python 0.345.0 → 0.346.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 319ad8d9688dde480391efca28d4419d8bf38fd4ef31d1f8adc9612843f1c2be
|
|
4
|
+
data.tar.gz: e8f43fdea9eef21a1e35fa0d954331e57430ae4d901011e7745ffcbf0625a96a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 968b89aea534fbeceb292c46662da291358fb12c4d9fd388429e55ed3178932e365bf15c83ce2c21fb66e614f6d4abe1ded5fe106495ff16c3faf7dd1f06b0f2
|
|
7
|
+
data.tar.gz: 1f6478d8f06fb0009ea89b13671f37ecbc0a3aff08d7d252493f764dc86f7580587564729a49b3afe59fa0608dd1851e3f70d54bfc69d966ee4cae7b9781628d
|
data/helpers/lib/hasher.py
CHANGED
|
@@ -1,7 +1,9 @@
|
|
|
1
1
|
import hashin
|
|
2
2
|
import json
|
|
3
3
|
import plette
|
|
4
|
+
import ssl
|
|
4
5
|
import traceback
|
|
6
|
+
from urllib.error import URLError
|
|
5
7
|
from poetry.factory import Factory
|
|
6
8
|
|
|
7
9
|
|
|
@@ -21,6 +23,17 @@ def get_dependency_hash(dependency_name, dependency_version, algorithm,
|
|
|
21
23
|
"error_class:": e.__class__.__name__,
|
|
22
24
|
"trace:": ''.join(traceback.format_stack())
|
|
23
25
|
})
|
|
26
|
+
except (URLError, ssl.SSLError) as e:
|
|
27
|
+
# Handle SSL certificate verification errors
|
|
28
|
+
error_msg = str(e)
|
|
29
|
+
if "CERTIFICATE_VERIFY_FAILED" in error_msg:
|
|
30
|
+
return json.dumps({
|
|
31
|
+
"error": "CERTIFICATE_VERIFY_FAILED: " + error_msg,
|
|
32
|
+
"error_class:": e.__class__.__name__,
|
|
33
|
+
"trace:": ''.join(traceback.format_stack())
|
|
34
|
+
})
|
|
35
|
+
# Re-raise if it's not a certificate verification error
|
|
36
|
+
raise
|
|
24
37
|
|
|
25
38
|
|
|
26
39
|
def get_pipfile_hash(directory):
|
data/helpers/lib/parser.py
CHANGED
|
@@ -32,7 +32,7 @@ def parse_pep621_pep735_dependencies(pyproject_path):
|
|
|
32
32
|
next(iter(specifier_set)).operator in {"==", "==="}):
|
|
33
33
|
return next(iter(specifier_set)).version
|
|
34
34
|
|
|
35
|
-
def parse_requirement(entry, pyproject_path):
|
|
35
|
+
def parse_requirement(entry, pyproject_path, requirement_type=None):
|
|
36
36
|
try:
|
|
37
37
|
req = Requirement(entry)
|
|
38
38
|
except InvalidRequirement as e:
|
|
@@ -46,14 +46,19 @@ def parse_pep621_pep735_dependencies(pyproject_path):
|
|
|
46
46
|
"file": pyproject_path,
|
|
47
47
|
"requirement": str(req.specifier),
|
|
48
48
|
"extras": sorted(list(req.extras)),
|
|
49
|
+
"requirement_type": requirement_type,
|
|
49
50
|
}
|
|
50
51
|
return data
|
|
51
52
|
|
|
52
|
-
def parse_toml_section_pep621_dependencies(
|
|
53
|
+
def parse_toml_section_pep621_dependencies(
|
|
54
|
+
pyproject_path, dependencies, requirement_type=None
|
|
55
|
+
):
|
|
53
56
|
requirement_packages = []
|
|
54
57
|
|
|
55
58
|
for dependency in dependencies:
|
|
56
|
-
parsed_dependency = parse_requirement(
|
|
59
|
+
parsed_dependency = parse_requirement(
|
|
60
|
+
dependency, pyproject_path, requirement_type
|
|
61
|
+
)
|
|
57
62
|
requirement_packages.append(parsed_dependency)
|
|
58
63
|
|
|
59
64
|
return requirement_packages
|
|
@@ -75,7 +80,9 @@ def parse_pep621_pep735_dependencies(pyproject_path):
|
|
|
75
80
|
for entry in dependencies:
|
|
76
81
|
# Handle direct requirement
|
|
77
82
|
if isinstance(entry, str):
|
|
78
|
-
parsed_dependency = parse_requirement(
|
|
83
|
+
parsed_dependency = parse_requirement(
|
|
84
|
+
entry, pyproject_path, group_name
|
|
85
|
+
)
|
|
79
86
|
requirement_packages.append(parsed_dependency)
|
|
80
87
|
# Handle include-group directive
|
|
81
88
|
elif isinstance(entry, dict) and "include-group" in entry:
|
|
@@ -100,7 +107,8 @@ def parse_pep621_pep735_dependencies(pyproject_path):
|
|
|
100
107
|
dependencies_toml = project_section['dependencies']
|
|
101
108
|
runtime_dependencies = parse_toml_section_pep621_dependencies(
|
|
102
109
|
pyproject_path,
|
|
103
|
-
dependencies_toml
|
|
110
|
+
dependencies_toml,
|
|
111
|
+
"dependencies"
|
|
104
112
|
)
|
|
105
113
|
dependencies.extend(runtime_dependencies)
|
|
106
114
|
|
|
@@ -111,7 +119,8 @@ def parse_pep621_pep735_dependencies(pyproject_path):
|
|
|
111
119
|
for group in optional_dependencies_toml:
|
|
112
120
|
group_dependencies = parse_toml_section_pep621_dependencies(
|
|
113
121
|
pyproject_path,
|
|
114
|
-
optional_dependencies_toml[group]
|
|
122
|
+
optional_dependencies_toml[group],
|
|
123
|
+
group
|
|
115
124
|
)
|
|
116
125
|
dependencies.extend(group_dependencies)
|
|
117
126
|
|
|
@@ -128,7 +137,8 @@ def parse_pep621_pep735_dependencies(pyproject_path):
|
|
|
128
137
|
if 'requires' in build_system_section:
|
|
129
138
|
build_system_dependencies = parse_toml_section_pep621_dependencies(
|
|
130
139
|
pyproject_path,
|
|
131
|
-
build_system_section['requires']
|
|
140
|
+
build_system_section['requires'],
|
|
141
|
+
"build-system.requires"
|
|
132
142
|
)
|
|
133
143
|
dependencies.extend(build_system_dependencies)
|
|
134
144
|
|
|
@@ -43,11 +43,16 @@ module Dependabot
|
|
|
43
43
|
|
|
44
44
|
sig { returns(Dependabot::FileParsers::Base::DependencySet) }
|
|
45
45
|
def pyproject_dependencies
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
46
|
+
dependencies = Dependabot::FileParsers::Base::DependencySet.new
|
|
47
|
+
|
|
48
|
+
# Parse Poetry dependencies if [tool.poetry] section exists
|
|
49
|
+
dependencies += poetry_dependencies if using_poetry?
|
|
50
|
+
|
|
51
|
+
# Parse PEP 621/735 dependencies if those sections exist
|
|
52
|
+
# This handles hybrid projects that have both Poetry and PEP 621 sections
|
|
53
|
+
dependencies += pep621_pep735_dependencies if using_pep621? || using_pep735?
|
|
54
|
+
|
|
55
|
+
dependencies
|
|
51
56
|
end
|
|
52
57
|
|
|
53
58
|
sig { returns(Dependabot::FileParsers::Base::DependencySet) }
|
|
@@ -84,11 +89,15 @@ module Dependabot
|
|
|
84
89
|
parse_pep621_pep735_dependencies.each do |dep|
|
|
85
90
|
# If a requirement has a `<` or `<=` marker then updating it is
|
|
86
91
|
# probably blocked. Ignore it.
|
|
87
|
-
next if dep["markers"]
|
|
92
|
+
next if dep["markers"]&.include?("<")
|
|
88
93
|
|
|
89
94
|
# If no requirement, don't add it
|
|
90
95
|
next if dep["requirement"].empty?
|
|
91
96
|
|
|
97
|
+
# Skip build-system.requires dependencies when using Poetry
|
|
98
|
+
# Poetry manages its own build system dependencies
|
|
99
|
+
next if using_poetry? && dep["requirement_type"] == "build-system.requires"
|
|
100
|
+
|
|
92
101
|
dependencies <<
|
|
93
102
|
Dependency.new(
|
|
94
103
|
name: normalised_name(dep["name"], dep["extras"]),
|
|
@@ -294,6 +294,12 @@ module Dependabot
|
|
|
294
294
|
.returns(T.nilable(Dependabot::Package::PackageRelease))
|
|
295
295
|
end
|
|
296
296
|
def format_version_release(version, release_data)
|
|
297
|
+
# Skip versions that don't conform to PEP 440
|
|
298
|
+
unless Dependabot::Python::Version.correct?(version)
|
|
299
|
+
Dependabot.logger.warn("Skipping invalid version #{version}: does not match PEP 440")
|
|
300
|
+
return nil
|
|
301
|
+
end
|
|
302
|
+
|
|
297
303
|
upload_time = release_data["upload_time"]
|
|
298
304
|
released_at = Time.parse(upload_time) if upload_time
|
|
299
305
|
yanked = release_data["yanked"] || false
|
|
@@ -306,7 +312,7 @@ module Dependabot
|
|
|
306
312
|
requires_python: release_data["requires_python"]
|
|
307
313
|
)
|
|
308
314
|
|
|
309
|
-
|
|
315
|
+
Dependabot::Package::PackageRelease.new(
|
|
310
316
|
version: Dependabot::Python::Version.new(version),
|
|
311
317
|
released_at: released_at,
|
|
312
318
|
yanked: yanked,
|
|
@@ -316,7 +322,6 @@ module Dependabot
|
|
|
316
322
|
package_type: package_type,
|
|
317
323
|
language: language
|
|
318
324
|
)
|
|
319
|
-
release
|
|
320
325
|
end
|
|
321
326
|
|
|
322
327
|
sig do
|
|
@@ -181,7 +181,10 @@ module Dependabot
|
|
|
181
181
|
|
|
182
182
|
sig { returns(Symbol) }
|
|
183
183
|
def pyproject_resolver
|
|
184
|
-
|
|
184
|
+
# For hybrid projects with both [tool.poetry] and [project] sections but no lockfile,
|
|
185
|
+
# use the requirements resolver to handle PEP 621 dependencies
|
|
186
|
+
# For pure Poetry projects, use Poetry resolver even without lockfile
|
|
187
|
+
return :poetry if poetry_based? && (poetry_lock || !standard_details)
|
|
185
188
|
|
|
186
189
|
:requirements
|
|
187
190
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-python
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.346.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.346.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.346.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: debug
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -290,7 +290,7 @@ licenses:
|
|
|
290
290
|
- MIT
|
|
291
291
|
metadata:
|
|
292
292
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
293
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
293
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.346.0
|
|
294
294
|
rdoc_options: []
|
|
295
295
|
require_paths:
|
|
296
296
|
- lib
|