dependabot-python 0.95.50 → 0.95.51
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8fcb52dff0bc8603272b93a4239de32120123964c5e971b0dd339465fde68736
|
|
4
|
+
data.tar.gz: 0b7021ee525343c190dadf2fd8067dafad34cc58a442168134e3c7c2423523c6
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d909016f83d24e8548433cb7925bbd6050cfa1251b8e1621fe1f28546c7d9e62a7f363b0fde927b774b96090452ff8b3c8bbce3d4f1d02e658de856ea274b775
|
|
7
|
+
data.tar.gz: f8a825c554c068a2ebcc4cb304473fbd0f60fb6b32a9a917245f51189187fa6d00810b64bcf518689094fd30ba0d4d3442223211df065693ae649e4b3bf2cf58
|
|
@@ -151,8 +151,8 @@ module Dependabot
|
|
|
151
151
|
|
|
152
152
|
def freeze_other_dependencies(pipfile_content)
|
|
153
153
|
PipfilePreparer.
|
|
154
|
-
new(pipfile_content: pipfile_content).
|
|
155
|
-
freeze_top_level_dependencies_except(dependencies
|
|
154
|
+
new(pipfile_content: pipfile_content, lockfile: lockfile).
|
|
155
|
+
freeze_top_level_dependencies_except(dependencies)
|
|
156
156
|
end
|
|
157
157
|
|
|
158
158
|
def freeze_dependencies_being_updated(pipfile_content)
|
|
@@ -9,8 +9,9 @@ module Dependabot
|
|
|
9
9
|
module Python
|
|
10
10
|
class FileUpdater
|
|
11
11
|
class PipfilePreparer
|
|
12
|
-
def initialize(pipfile_content:)
|
|
12
|
+
def initialize(pipfile_content:, lockfile: nil)
|
|
13
13
|
@pipfile_content = pipfile_content
|
|
14
|
+
@lockfile = lockfile
|
|
14
15
|
end
|
|
15
16
|
|
|
16
17
|
def replace_sources(credentials)
|
|
@@ -23,7 +24,7 @@ module Dependabot
|
|
|
23
24
|
TomlRB.dump(pipfile_object)
|
|
24
25
|
end
|
|
25
26
|
|
|
26
|
-
def freeze_top_level_dependencies_except(dependencies
|
|
27
|
+
def freeze_top_level_dependencies_except(dependencies)
|
|
27
28
|
return pipfile_content unless lockfile
|
|
28
29
|
|
|
29
30
|
pipfile_object = TomlRB.parse(pipfile_content)
|
|
@@ -35,7 +36,7 @@ module Dependabot
|
|
|
35
36
|
pipfile_object.fetch(keys[:pipfile]).each do |dep_name, _|
|
|
36
37
|
next if excluded_names.include?(normalise(dep_name))
|
|
37
38
|
|
|
38
|
-
freeze_dependency(dep_name, pipfile_object,
|
|
39
|
+
freeze_dependency(dep_name, pipfile_object, keys)
|
|
39
40
|
end
|
|
40
41
|
end
|
|
41
42
|
|
|
@@ -43,14 +44,12 @@ module Dependabot
|
|
|
43
44
|
end
|
|
44
45
|
|
|
45
46
|
# rubocop:disable Metrics/PerceivedComplexity
|
|
46
|
-
def freeze_dependency(dep_name, pipfile_object,
|
|
47
|
+
def freeze_dependency(dep_name, pipfile_object, keys)
|
|
47
48
|
locked_version = version_from_lockfile(
|
|
48
|
-
lockfile,
|
|
49
49
|
keys[:lockfile],
|
|
50
50
|
normalise(dep_name)
|
|
51
51
|
)
|
|
52
52
|
locked_ref = ref_from_lockfile(
|
|
53
|
-
lockfile,
|
|
54
53
|
keys[:lockfile],
|
|
55
54
|
normalise(dep_name)
|
|
56
55
|
)
|
|
@@ -79,11 +78,10 @@ module Dependabot
|
|
|
79
78
|
|
|
80
79
|
private
|
|
81
80
|
|
|
82
|
-
attr_reader :pipfile_content
|
|
81
|
+
attr_reader :pipfile_content, :lockfile
|
|
83
82
|
|
|
84
|
-
def version_from_lockfile(
|
|
85
|
-
details =
|
|
86
|
-
dig(dep_type, normalise(dep_name))
|
|
83
|
+
def version_from_lockfile(dep_type, dep_name)
|
|
84
|
+
details = parsed_lockfile.dig(dep_type, normalise(dep_name))
|
|
87
85
|
|
|
88
86
|
case details
|
|
89
87
|
when String then details.gsub(/^==/, "")
|
|
@@ -91,15 +89,18 @@ module Dependabot
|
|
|
91
89
|
end
|
|
92
90
|
end
|
|
93
91
|
|
|
94
|
-
def ref_from_lockfile(
|
|
95
|
-
details =
|
|
96
|
-
dig(dep_type, normalise(dep_name))
|
|
92
|
+
def ref_from_lockfile(dep_type, dep_name)
|
|
93
|
+
details = parsed_lockfile.dig(dep_type, normalise(dep_name))
|
|
97
94
|
|
|
98
95
|
case details
|
|
99
96
|
when Hash then details["ref"]
|
|
100
97
|
end
|
|
101
98
|
end
|
|
102
99
|
|
|
100
|
+
def parsed_lockfile
|
|
101
|
+
@parsed_lockfile ||= JSON.parse(lockfile.content)
|
|
102
|
+
end
|
|
103
|
+
|
|
103
104
|
# See https://www.python.org/dev/peps/pep-0503/#normalized-names
|
|
104
105
|
def normalise(name)
|
|
105
106
|
name.downcase.gsub(/[-_.]+/, "-")
|
|
@@ -291,8 +291,8 @@ module Dependabot
|
|
|
291
291
|
|
|
292
292
|
def freeze_other_dependencies(pipfile_content)
|
|
293
293
|
Python::FileUpdater::PipfilePreparer.
|
|
294
|
-
new(pipfile_content: pipfile_content).
|
|
295
|
-
freeze_top_level_dependencies_except([dependency]
|
|
294
|
+
new(pipfile_content: pipfile_content, lockfile: lockfile).
|
|
295
|
+
freeze_top_level_dependencies_except([dependency])
|
|
296
296
|
end
|
|
297
297
|
|
|
298
298
|
def unlock_target_dependency(pipfile_content)
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-python
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.95.
|
|
4
|
+
version: 0.95.51
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.95.
|
|
19
|
+
version: 0.95.51
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.95.
|
|
26
|
+
version: 0.95.51
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|