dependabot-python 0.86.23 → 0.86.24
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b5ec7521376b21387eb9e1990dd73c482ad71edbd415cf229e8877571fa99d80
|
4
|
+
data.tar.gz: 0fe334d0091f3b79868b1635d773d51f91e2bda2ed163671683c9fb84d9f1b9d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 24e7163321e16240753a0ed50b6b7d79bec10359ac73e6acfa6f90705883b127aef587dfb45ab0f66951f10be0d4c175694729dec9c8159f514adc868ea92a00
|
7
|
+
data.tar.gz: '017241854ee3e87d026afdfe6a967c5c85d6756757b3372d0b3069962f78c22368761fc0162e0f00af232582da903ed0f42e5469bebbdd65688492f0d6ec8f3e'
|
@@ -4,6 +4,7 @@ require "dependabot/python/requirement_parser"
|
|
4
4
|
require "dependabot/python/file_fetcher"
|
5
5
|
require "dependabot/python/file_updater"
|
6
6
|
require "dependabot/shared_helpers"
|
7
|
+
require "dependabot/python/native_helpers"
|
7
8
|
|
8
9
|
# rubocop:disable Metrics/ClassLength
|
9
10
|
module Dependabot
|
@@ -266,14 +267,82 @@ module Dependabot
|
|
266
267
|
content
|
267
268
|
end
|
268
269
|
|
269
|
-
def update_hashes_if_required(updated_content,
|
270
|
-
|
271
|
-
|
272
|
-
|
273
|
-
|
274
|
-
|
275
|
-
|
276
|
-
|
270
|
+
def update_hashes_if_required(updated_content, original_content)
|
271
|
+
deps_to_update =
|
272
|
+
deps_to_augment_hashes_for(updated_content, original_content)
|
273
|
+
|
274
|
+
updated_content_with_hashes = updated_content
|
275
|
+
deps_to_update.each do |mtch|
|
276
|
+
updated_string = mtch.to_s.sub(
|
277
|
+
RequirementParser::HASHES,
|
278
|
+
package_hashes_for(
|
279
|
+
name: mtch.named_captures.fetch("name"),
|
280
|
+
version: mtch.named_captures.fetch("version"),
|
281
|
+
algorithm: mtch.named_captures.fetch("algorithm")
|
282
|
+
).join(hash_separator(mtch.to_s))
|
283
|
+
)
|
284
|
+
|
285
|
+
updated_content_with_hashes = updated_content_with_hashes.gsub(
|
286
|
+
mtch.to_s,
|
287
|
+
updated_string
|
288
|
+
)
|
289
|
+
end
|
290
|
+
updated_content_with_hashes
|
291
|
+
end
|
292
|
+
|
293
|
+
def deps_to_augment_hashes_for(updated_content, original_content)
|
294
|
+
regex = RequirementParser::INSTALL_REQ_WITH_REQUIREMENT
|
295
|
+
|
296
|
+
new_matches = []
|
297
|
+
updated_content.scan(regex) { new_matches << Regexp.last_match }
|
298
|
+
|
299
|
+
old_matches = []
|
300
|
+
original_content.scan(regex) { old_matches << Regexp.last_match }
|
301
|
+
|
302
|
+
new_deps = []
|
303
|
+
changed_hashes_deps = []
|
304
|
+
|
305
|
+
new_matches.each do |mtch|
|
306
|
+
nm = mtch.named_captures["name"]
|
307
|
+
old_match = old_matches.find { |m| m.named_captures["name"] == nm }
|
308
|
+
|
309
|
+
next new_deps << mtch unless old_match
|
310
|
+
next unless old_match.named_captures["hashes"]
|
311
|
+
|
312
|
+
old_count = old_match.named_captures["hashes"].split("--hash").count
|
313
|
+
new_count = mtch.named_captures["hashes"].split("--hash").count
|
314
|
+
changed_hashes_deps << mtch if new_count < old_count
|
315
|
+
end
|
316
|
+
|
317
|
+
return [] if changed_hashes_deps.none?
|
318
|
+
|
319
|
+
[*new_deps, *changed_hashes_deps]
|
320
|
+
end
|
321
|
+
|
322
|
+
def package_hashes_for(name:, version:, algorithm:)
|
323
|
+
SharedHelpers.run_helper_subprocess(
|
324
|
+
command: "pyenv exec python #{NativeHelpers.python_helper_path}",
|
325
|
+
function: "get_dependency_hash",
|
326
|
+
args: [name, version, algorithm]
|
327
|
+
).map { |h| "--hash=#{algorithm}:#{h['hash']}" }
|
328
|
+
end
|
329
|
+
|
330
|
+
def hash_separator(requirement_string)
|
331
|
+
hash_regex = RequirementParser::HASH
|
332
|
+
return unless requirement_string.match?(hash_regex)
|
333
|
+
|
334
|
+
current_separator =
|
335
|
+
requirement_string.
|
336
|
+
match(/#{hash_regex}((?<separator>\s*\\?\s*?)#{hash_regex})*/).
|
337
|
+
named_captures.fetch("separator")
|
338
|
+
|
339
|
+
default_separator =
|
340
|
+
requirement_string.
|
341
|
+
match(RequirementParser::HASH).
|
342
|
+
pre_match.match(/(?<separator>\s*\\?\s*?)\z/).
|
343
|
+
named_captures.fetch("separator")
|
344
|
+
|
345
|
+
current_separator || default_separator
|
277
346
|
end
|
278
347
|
|
279
348
|
def pip_compile_options(filename)
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-python
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.86.
|
4
|
+
version: 0.86.24
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.86.
|
19
|
+
version: 0.86.24
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.86.
|
26
|
+
version: 0.86.24
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -195,7 +195,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
195
195
|
- !ruby/object:Gem::Version
|
196
196
|
version: 2.5.0
|
197
197
|
requirements: []
|
198
|
-
rubygems_version: 3.0.
|
198
|
+
rubygems_version: 3.0.2
|
199
199
|
signing_key:
|
200
200
|
specification_version: 4
|
201
201
|
summary: Python support for dependabot-core
|