dependabot-python 0.92.8 → 0.93.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/requirements.txt +2 -2
  3. data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb +7 -1
  4. data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb +5 -0
  5. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d55b79dbaa20b727a8338a150c6f53dd013cfcef8b2ccfa0ccc9342e617bd24f
4
- data.tar.gz: ff1621156bfca039fbc7322a355c6492158808b2151df1df96a92efedc364c1e
3
+ metadata.gz: 1920e28898b728022389686349c4c44ba9d60690daa74084a197e47c61ff5f0d
4
+ data.tar.gz: eb6801ae91bfbbcff96ee1a6c2132245ebaed5c45682f084bb0e6bb6ae1a91ef
5
5
  SHA512:
6
- metadata.gz: 2225945924464ce5b92da4322b96ab566a7aa6cc9c501641538488e961fce868689378b1975ccd02a3433bd4a214916cfa3b13c817994324b68ed5ddb502adfc
7
- data.tar.gz: 70a7f6eb71aa90d931f8ba5cc9a3d4294b2923a888356e71969872e27c1832e5aa6b7e0849b5724a70020400418f2e07290243321c4295b887dacb957249ec7f
6
+ metadata.gz: 7fe840e09879b4fd191a24f747426a2e3fee4f3261f7f028fae6ebee0f657685a841e06561faea341d25a17118b0e9d6082b154d0a695d78563ca918e72196af
7
+ data.tar.gz: d558dcca5d80e603eecaf9b5689db391a6b562c8a0f064b0dcab45abf44a000a394d84297c04834a12b7dcfa81dea5bd40e9ee230b78eada338d7caa51ed7121
data/helpers/requirements.txt CHANGED
@@ -1,5 +1,5 @@
1
- pip==18.1
2
- pip-tools==3.1.0
1
+ pip==19.0.1
2
+ pip-tools==3.3.1
3
3
  hashin==0.14.2
4
4
  pipenv==2018.11.26
5
5
  pipfile==0.0.2
data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb CHANGED
@@ -63,7 +63,13 @@ module Dependabot
63
63
  # This is slow, as pip-compile needs to do installs.
64
64
  run_command(
65
65
  "pyenv exec pip-compile #{pip_compile_options(filename)} "\
66
- "-P #{dependency.name} #{filename}"
66
+ "-P #{dependency.name}==#{dependency.version} #{filename}"
67
+ )
68
+ # Run pip-compile a second time, without an update argument, to
69
+ # ensure it resets the right comments.
70
+ run_command(
71
+ "pyenv exec pip-compile #{pip_compile_options(filename)} "\
72
+ "#{filename}"
67
73
  )
68
74
  end
69
75
 
data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb CHANGED
@@ -59,6 +59,11 @@ module Dependabot
59
59
  cmd = "pyenv exec pip-compile --allow-unsafe "\
60
60
  "-P #{dependency.name} #{filename}"
61
61
  run_command(cmd)
62
+ # Run pip-compile a second time, without an update argument,
63
+ # to ensure it handles markers correctly
64
+ run_command(
65
+ "pyenv exec pip-compile --allow-unsafe #{filename}"
66
+ )
62
67
  end
63
68
 
64
69
  # Remove any .python-version file before parsing the reqs
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.92.8
4
+ version: 0.93.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-01-24 00:00:00.000000000 Z
11
+ date: 2019-01-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-core
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.92.8
19
+ version: 0.93.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.92.8
26
+ version: 0.93.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement