dependabot-python 0.386.0 → 0.387.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4dd911b71806301c46844a3a9ae15edf17258c808c1b23365bd8825a0d335a77
|
|
4
|
+
data.tar.gz: a687d86e8937f4f4f71d917150a672e75e8ff46b6ed338ecc960be70bc9c72c5
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a2feda4fb8b37dc8379ebdeb1c52591ed364779db787a2b6114b4d7c3ab25d5158dc33d9309150792dea9971f12415fa8d5ee3138bfe04563e99a2ef7074faa4
|
|
7
|
+
data.tar.gz: 35ac8d62a443709c4bc21cf4ed6ae797d2c6c00447cf8a8d14531be3e1e473edd46131e26157a963512cb064563fb593b22d908a33a0064a05b3a12174ab8300
|
|
@@ -44,7 +44,7 @@ module Dependabot
|
|
|
44
44
|
|
|
45
45
|
# More lenient: matches "depend" / "depends" at the start of the filename or after a hyphen/period/
|
|
46
46
|
# underscore/slash delimiter, with an optional hyphen/underscore/slash suffix. The leading delimiter
|
|
47
|
-
# prevents matching "depend" as a substring of another word (e.g. "
|
|
47
|
+
# prevents matching "depend" as a substring of another word (e.g. "codependent.txt").
|
|
48
48
|
# Examples: depend.txt, depends.txt, depend-test.txt, py3-depends.txt
|
|
49
49
|
DEPEND_TXT_REGEX = T.let(%r{(?:[-._]|^|/)depend(?:s)?(?:[-_/][^\s.]*)?\.txt$}i, Regexp)
|
|
50
50
|
|
|
@@ -128,7 +128,8 @@ module Dependabot
|
|
|
128
128
|
f != primary && requirements_stem(f.name) == stem
|
|
129
129
|
end
|
|
130
130
|
|
|
131
|
-
|
|
131
|
+
# When the primary is a compiled `.txt`, the `-r`/`-c` directives live in the paired `.in` files.
|
|
132
|
+
referenced = referenced_requirement_files([primary] + paired)
|
|
132
133
|
|
|
133
134
|
support = (paired + referenced + constraints_files).uniq.map do |f|
|
|
134
135
|
as_support_file(f)
|
|
@@ -150,15 +151,18 @@ module Dependabot
|
|
|
150
151
|
requirement_family_files.select { |f| File.basename(f.name).include?("constraint") }
|
|
151
152
|
end
|
|
152
153
|
|
|
153
|
-
#
|
|
154
|
+
# Collects sibling files referenced via `-r`/`-c`, walking the chain transitively. Returns only newly
|
|
155
|
+
# discovered files; the seed files are excluded (they are already in the layer).
|
|
154
156
|
#
|
|
155
|
-
#
|
|
156
|
-
#
|
|
157
|
-
|
|
158
|
-
|
|
157
|
+
# - Seeded from every file in the layer (primary + paired `.in`/`.txt`): a compiled `.txt` primary has
|
|
158
|
+
# no live `-r`/`-c` directives, so they must be read from the paired `.in`.
|
|
159
|
+
# - Walks the full closure: a referenced file can reference more (e.g. `develop.in` -> `test.in` ->
|
|
160
|
+
# `base.in`), and the layer needs every sibling on disk to parse in isolation.
|
|
161
|
+
sig { params(seeds: T::Array[Dependabot::DependencyFile]).returns(T::Array[Dependabot::DependencyFile]) }
|
|
162
|
+
def referenced_requirement_files(seeds)
|
|
159
163
|
by_name = requirement_family_files.to_h { |f| [f.name, f] }
|
|
160
|
-
seen = T.let(Set.new, T::Set[String])
|
|
161
|
-
queue = [
|
|
164
|
+
seen = T.let(Set.new(seeds.map(&:name)), T::Set[String])
|
|
165
|
+
queue = T.let(seeds.dup, T::Array[Dependabot::DependencyFile])
|
|
162
166
|
collected = T.let([], T::Array[Dependabot::DependencyFile])
|
|
163
167
|
|
|
164
168
|
until queue.empty?
|
|
@@ -62,7 +62,7 @@ module Dependabot
|
|
|
62
62
|
@constraints_files = T.let(nil, T.nilable(T::Array[String]))
|
|
63
63
|
@constraints_file_basenames = T.let(nil, T.nilable(T::Array[String]))
|
|
64
64
|
@requirement_file_directories = T.let(nil, T.nilable(T::Array[String]))
|
|
65
|
-
@pyproject_content_cache = T.let({}, T::Hash[String, T::Hash[String,
|
|
65
|
+
@pyproject_content_cache = T.let({}, T::Hash[String, T::Hash[String, Object]])
|
|
66
66
|
end
|
|
67
67
|
|
|
68
68
|
sig { returns(T.nilable(Dependabot::Version)) }
|
|
@@ -200,7 +200,7 @@ module Dependabot
|
|
|
200
200
|
sig { params(pyproject: Dependabot::DependencyFile).returns(T::Array[[String, String]]) }
|
|
201
201
|
def pinned_pyproject_dependencies_for(pyproject)
|
|
202
202
|
pyproject_content = pyproject_content_for(pyproject)
|
|
203
|
-
project_obj =
|
|
203
|
+
project_obj = pyproject_content["project"]
|
|
204
204
|
return [] unless project_obj.is_a?(Hash)
|
|
205
205
|
|
|
206
206
|
project_hash = project_obj
|
|
@@ -431,7 +431,7 @@ module Dependabot
|
|
|
431
431
|
sig { params(pyproject: Dependabot::DependencyFile).returns(T::Array[String]) }
|
|
432
432
|
def constraints_for_pyproject(pyproject)
|
|
433
433
|
pyproject_content = pyproject_content_for(pyproject)
|
|
434
|
-
tool_obj =
|
|
434
|
+
tool_obj = pyproject_content["tool"]
|
|
435
435
|
return [] unless tool_obj.is_a?(Hash)
|
|
436
436
|
|
|
437
437
|
pip_obj = T.cast(tool_obj["pip"], T.nilable(Object))
|
|
@@ -507,8 +507,8 @@ module Dependabot
|
|
|
507
507
|
|
|
508
508
|
sig { params(response: Excon::Response).returns(T.nilable(T::Array[String])) }
|
|
509
509
|
def requires_dist_from_response(response)
|
|
510
|
-
body = T.cast(JSON.parse(response.body), T::Hash[String,
|
|
511
|
-
info_obj =
|
|
510
|
+
body = T.cast(JSON.parse(response.body), T::Hash[String, Object])
|
|
511
|
+
info_obj = body["info"]
|
|
512
512
|
return nil unless info_obj.is_a?(Hash)
|
|
513
513
|
|
|
514
514
|
requires_dist_obj = T.cast(info_obj["requires_dist"], T.nilable(Object))
|
|
@@ -554,16 +554,16 @@ module Dependabot
|
|
|
554
554
|
marker_evaluator.marker_satisfied?(marker: marker, python_version: python_version)
|
|
555
555
|
end
|
|
556
556
|
|
|
557
|
-
sig { params(pyproject: Dependabot::DependencyFile).returns(T::Hash[String,
|
|
557
|
+
sig { params(pyproject: Dependabot::DependencyFile).returns(T::Hash[String, Object]) }
|
|
558
558
|
def pyproject_content_for(pyproject)
|
|
559
559
|
cache_key = pyproject.name
|
|
560
560
|
return T.must(@pyproject_content_cache[cache_key]) if @pyproject_content_cache.key?(cache_key)
|
|
561
561
|
|
|
562
562
|
content =
|
|
563
563
|
if pyproject.content
|
|
564
|
-
T.let(TomlRB.parse(pyproject.content), T::Hash[String,
|
|
564
|
+
T.let(TomlRB.parse(pyproject.content), T::Hash[String, Object])
|
|
565
565
|
else
|
|
566
|
-
T.let({}, T::Hash[String,
|
|
566
|
+
T.let({}, T::Hash[String, Object])
|
|
567
567
|
end
|
|
568
568
|
|
|
569
569
|
@pyproject_content_cache[cache_key] = content
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-python
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.387.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.387.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.387.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: debug
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -323,7 +323,7 @@ licenses:
|
|
|
323
323
|
- MIT
|
|
324
324
|
metadata:
|
|
325
325
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
326
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
326
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.387.0
|
|
327
327
|
rdoc_options: []
|
|
328
328
|
require_paths:
|
|
329
329
|
- lib
|