dependabot-python 0.95.16 → 0.95.17
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/python/metadata_finder.rb +40 -6
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e4ba4277fa8c4e2043875e82d77f9293f93a9ae4351a1bc15053b17aef75516a
|
4
|
+
data.tar.gz: 9a6957a4911004152fb734e0e2cea98a79f55aede9525d75e660c4249b3a3e2f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 46c7e9c56a58b5c06e12103a706a8bfc1cb3e4367cf5bfd2d553c85a2138454d5baf85be0a84925935fd71f166c4dd5c98e980cdd1a9dcec9751e8a504ff0784
|
7
|
+
data.tar.gz: 07277f32389ddda216a3b4e3b81a0af84c598f06dfabc7b4c79e256293523572d02504382d4e344f13c2ead434e317d8f15fb25e096a0e21ba70569ce3fb980f
|
@@ -33,32 +33,66 @@ module Dependabot
|
|
33
33
|
end
|
34
34
|
|
35
35
|
def source_from_description
|
36
|
-
|
36
|
+
potential_source_urls = []
|
37
37
|
desc = pypi_listing.dig("info", "description")
|
38
38
|
return unless desc
|
39
39
|
|
40
40
|
desc.scan(Source::SOURCE_REGEX) do
|
41
|
-
|
41
|
+
potential_source_urls << Regexp.last_match.to_s
|
42
42
|
end
|
43
43
|
|
44
|
-
|
44
|
+
# Looking for a source where the repo name exactly matches the
|
45
|
+
# dependency name
|
46
|
+
match_url = potential_source_urls.find do |url|
|
45
47
|
repo = Source.from_url(url).repo
|
46
48
|
repo.downcase.end_with?(dependency.name)
|
47
49
|
end
|
50
|
+
|
51
|
+
return match_url if match_url
|
52
|
+
|
53
|
+
# Failing that, look for a source where the full dependency name is
|
54
|
+
# mentioned when the link is followed
|
55
|
+
@source_from_description ||=
|
56
|
+
potential_source_urls.find do |url|
|
57
|
+
full_url = Source.from_url(url).url
|
58
|
+
response = Excon.get(
|
59
|
+
full_url,
|
60
|
+
idempotent: true,
|
61
|
+
**SharedHelpers.excon_defaults
|
62
|
+
)
|
63
|
+
next unless response.status == 200
|
64
|
+
|
65
|
+
response.body.include?(dependency.name)
|
66
|
+
end
|
48
67
|
end
|
49
68
|
|
50
69
|
def source_from_homepage
|
51
70
|
return unless homepage_body
|
52
71
|
|
53
|
-
|
72
|
+
potential_source_urls = []
|
54
73
|
homepage_body.scan(Source::SOURCE_REGEX) do
|
55
|
-
|
74
|
+
potential_source_urls << Regexp.last_match.to_s
|
56
75
|
end
|
57
76
|
|
58
|
-
|
77
|
+
match_url = potential_source_urls.find do |url|
|
59
78
|
repo = Source.from_url(url).repo
|
60
79
|
repo.downcase.end_with?(dependency.name)
|
61
80
|
end
|
81
|
+
|
82
|
+
return match_url if match_url
|
83
|
+
|
84
|
+
@source_from_homepage ||=
|
85
|
+
potential_source_urls.find do |url|
|
86
|
+
full_url = Source.from_url(url).url
|
87
|
+
response = Excon.get(
|
88
|
+
full_url,
|
89
|
+
idempotent: true,
|
90
|
+
**SharedHelpers.excon_defaults
|
91
|
+
)
|
92
|
+
next unless response.status == 200
|
93
|
+
|
94
|
+
response.body.include?(dependency.name)
|
95
|
+
end
|
62
96
|
end
|
63
97
|
|
64
98
|
def homepage_body
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-python
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.95.
|
4
|
+
version: 0.95.17
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.95.
|
19
|
+
version: 0.95.17
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.95.
|
26
|
+
version: 0.95.17
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|