dependabot-python 0.346.0 → 0.347.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb +2 -0
- data/lib/dependabot/python/file_updater/poetry_file_updater.rb +32 -9
- data/lib/dependabot/python/file_updater/pyproject_preparer.rb +6 -1
- data/lib/dependabot/python/file_updater.rb +8 -1
- data/lib/dependabot/python/update_checker/requirements_updater.rb +5 -2
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3318bd6183c48be4d1747cb8918393cd51a68db3c282d94fdd6a22359b187ecc
|
|
4
|
+
data.tar.gz: 9e9eac099f7b9dede87c73159720df01d4459aac2e93c4f5f31477384c5fcdc7
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: eededd5aa20a1b07409cb8712af2f6caf8ee3f53cd7f8bbdb229fd041f346c24bc714bcb8c4f48192930098a6403c3a61a2a96d5ab59907273313384809e12cb
|
|
7
|
+
data.tar.gz: '099b7724f914246e3c95557b633feb6015466f3fe6e156cdb53237763c6ac3c68e35476d8fbe130b7a4d061d3df24e0728d687bbf8121581db694bf27fa20183'
|
|
@@ -123,15 +123,30 @@ module Dependabot
|
|
|
123
123
|
if declaration_match
|
|
124
124
|
declaration = declaration_match[:declaration]
|
|
125
125
|
new_declaration = T.must(declaration).sub(old_req, new_req)
|
|
126
|
-
content.sub(T.must(declaration), new_declaration)
|
|
127
|
-
|
|
128
|
-
|
|
126
|
+
return content.sub(T.must(declaration), new_declaration)
|
|
127
|
+
end
|
|
128
|
+
|
|
129
|
+
# Try Poetry table format
|
|
130
|
+
table_match = content.match(table_declaration_regex(dep, new_r))
|
|
131
|
+
if table_match
|
|
132
|
+
return content.gsub(table_declaration_regex(dep, new_r)) do |match|
|
|
129
133
|
match.gsub(
|
|
130
134
|
/(\s*version\s*=\s*["'])#{Regexp.escape(old_req)}/,
|
|
131
135
|
'\1' + new_req
|
|
132
136
|
)
|
|
133
137
|
end
|
|
134
138
|
end
|
|
139
|
+
|
|
140
|
+
# Try PEP 621 array format (e.g., dependencies = ["django==5.0.0"])
|
|
141
|
+
pep621_regex = pep621_declaration_regex(dep, old_req)
|
|
142
|
+
pep621_match = content.match(pep621_regex)
|
|
143
|
+
if pep621_match
|
|
144
|
+
declaration = pep621_match[:declaration]
|
|
145
|
+
new_declaration = T.must(declaration).sub(old_req, new_req)
|
|
146
|
+
return content.sub(T.must(declaration), new_declaration)
|
|
147
|
+
end
|
|
148
|
+
|
|
149
|
+
content
|
|
135
150
|
end
|
|
136
151
|
|
|
137
152
|
sig { returns(String) }
|
|
@@ -177,13 +192,16 @@ module Dependabot
|
|
|
177
192
|
sig { params(pyproject_content: String).returns(String) }
|
|
178
193
|
def freeze_dependencies_being_updated(pyproject_content)
|
|
179
194
|
pyproject_object = TomlRB.parse(pyproject_content)
|
|
180
|
-
poetry_object = pyproject_object.fetch("tool").fetch("poetry")
|
|
181
195
|
|
|
182
|
-
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
196
|
+
poetry_object = pyproject_object.dig("tool", "poetry")
|
|
197
|
+
|
|
198
|
+
if poetry_object
|
|
199
|
+
dependencies.each do |dep|
|
|
200
|
+
if dep.requirements.find { |r| r[:file] == pyproject&.name }
|
|
201
|
+
lock_declaration_to_new_version!(poetry_object, dep)
|
|
202
|
+
else
|
|
203
|
+
create_declaration_at_new_version!(poetry_object, dep)
|
|
204
|
+
end
|
|
187
205
|
end
|
|
188
206
|
end
|
|
189
207
|
|
|
@@ -321,6 +339,11 @@ module Dependabot
|
|
|
321
339
|
/tool\.poetry\.#{old_req[:groups].first}\.#{escape(dep)}\]\n.*?\s*version\s* =.*?\n/m
|
|
322
340
|
end
|
|
323
341
|
|
|
342
|
+
sig { params(dep: Dependabot::Dependency, old_req: String).returns(Regexp) }
|
|
343
|
+
def pep621_declaration_regex(dep, old_req)
|
|
344
|
+
/(?<declaration>["']#{escape(dep)}#{Regexp.escape(old_req)}["'])/mi
|
|
345
|
+
end
|
|
346
|
+
|
|
324
347
|
sig { params(dep: Dependency).returns(String) }
|
|
325
348
|
def escape(dep)
|
|
326
349
|
Regexp.escape(dep.name).gsub("\\-", "[-_.]")
|
|
@@ -45,12 +45,14 @@ module Dependabot
|
|
|
45
45
|
sig { params(requirement: String).returns(String) }
|
|
46
46
|
def update_python_requirement(requirement)
|
|
47
47
|
pyproject_object = TomlRB.parse(@pyproject_content)
|
|
48
|
+
|
|
48
49
|
if (python_specification = pyproject_object.dig("tool", "poetry", "dependencies", "python"))
|
|
49
50
|
python_req = Python::Requirement.new(python_specification)
|
|
50
51
|
unless python_req.satisfied_by?(requirement)
|
|
51
52
|
pyproject_object["tool"]["poetry"]["dependencies"]["python"] = "~#{requirement}"
|
|
52
53
|
end
|
|
53
54
|
end
|
|
55
|
+
|
|
54
56
|
TomlRB.dump(pyproject_object)
|
|
55
57
|
end
|
|
56
58
|
|
|
@@ -69,7 +71,10 @@ module Dependabot
|
|
|
69
71
|
return pyproject_content unless lockfile
|
|
70
72
|
|
|
71
73
|
pyproject_object = TomlRB.parse(pyproject_content)
|
|
72
|
-
poetry_object = pyproject_object
|
|
74
|
+
poetry_object = pyproject_object.dig("tool", "poetry")
|
|
75
|
+
|
|
76
|
+
return pyproject_content unless poetry_object
|
|
77
|
+
|
|
73
78
|
excluded_names = dependencies.map(&:name) + ["python"]
|
|
74
79
|
|
|
75
80
|
Dependabot::Python::FileParser::PyprojectFilesParser::POETRY_DEPENDENCY_TYPES.each do |key|
|
|
@@ -147,7 +147,14 @@ module Dependabot
|
|
|
147
147
|
def poetry_based?
|
|
148
148
|
return false unless pyproject
|
|
149
149
|
|
|
150
|
-
|
|
150
|
+
parsed_pyproject = TomlRB.parse(pyproject&.content)
|
|
151
|
+
|
|
152
|
+
return true unless parsed_pyproject.dig("tool", "poetry").nil?
|
|
153
|
+
|
|
154
|
+
return false unless poetry_lock
|
|
155
|
+
|
|
156
|
+
build_backend = parsed_pyproject.dig("build-system", "build-backend")
|
|
157
|
+
!build_backend.nil? && build_backend.start_with?("poetry.core")
|
|
151
158
|
end
|
|
152
159
|
|
|
153
160
|
sig { returns(T.nilable(Dependabot::DependencyFile)) }
|
|
@@ -84,8 +84,11 @@ module Dependabot
|
|
|
84
84
|
new_requirement =
|
|
85
85
|
if req_strings.any? { |r| requirement_class.new(r).exact? }
|
|
86
86
|
find_and_update_equality_match(req_strings)
|
|
87
|
-
elsif req_strings.any? { |r| r.start_with?("~="
|
|
88
|
-
tw_req = req_strings.find { |r| r.start_with?("~="
|
|
87
|
+
elsif req_strings.any? { |r| r.start_with?("~=") }
|
|
88
|
+
tw_req = req_strings.find { |r| r.start_with?("~=") }
|
|
89
|
+
bump_version(tw_req, latest_resolvable_version.to_s)
|
|
90
|
+
elsif req_strings.any? { |r| r.start_with?("==") }
|
|
91
|
+
tw_req = req_strings.find { |r| r.start_with?("==") }
|
|
89
92
|
convert_to_range(tw_req, T.must(latest_resolvable_version))
|
|
90
93
|
else
|
|
91
94
|
update_requirements_range(req_strings)
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-python
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.347.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.347.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.347.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: debug
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -290,7 +290,7 @@ licenses:
|
|
|
290
290
|
- MIT
|
|
291
291
|
metadata:
|
|
292
292
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
293
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
293
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.347.0
|
|
294
294
|
rdoc_options: []
|
|
295
295
|
require_paths:
|
|
296
296
|
- lib
|