dependabot-python 0.95.50 → 0.95.51
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 8fcb52dff0bc8603272b93a4239de32120123964c5e971b0dd339465fde68736
|
4
|
+
data.tar.gz: 0b7021ee525343c190dadf2fd8067dafad34cc58a442168134e3c7c2423523c6
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d909016f83d24e8548433cb7925bbd6050cfa1251b8e1621fe1f28546c7d9e62a7f363b0fde927b774b96090452ff8b3c8bbce3d4f1d02e658de856ea274b775
|
7
|
+
data.tar.gz: f8a825c554c068a2ebcc4cb304473fbd0f60fb6b32a9a917245f51189187fa6d00810b64bcf518689094fd30ba0d4d3442223211df065693ae649e4b3bf2cf58
|
@@ -151,8 +151,8 @@ module Dependabot
|
|
151
151
|
|
152
152
|
def freeze_other_dependencies(pipfile_content)
|
153
153
|
PipfilePreparer.
|
154
|
-
new(pipfile_content: pipfile_content).
|
155
|
-
freeze_top_level_dependencies_except(dependencies
|
154
|
+
new(pipfile_content: pipfile_content, lockfile: lockfile).
|
155
|
+
freeze_top_level_dependencies_except(dependencies)
|
156
156
|
end
|
157
157
|
|
158
158
|
def freeze_dependencies_being_updated(pipfile_content)
|
@@ -9,8 +9,9 @@ module Dependabot
|
|
9
9
|
module Python
|
10
10
|
class FileUpdater
|
11
11
|
class PipfilePreparer
|
12
|
-
def initialize(pipfile_content:)
|
12
|
+
def initialize(pipfile_content:, lockfile: nil)
|
13
13
|
@pipfile_content = pipfile_content
|
14
|
+
@lockfile = lockfile
|
14
15
|
end
|
15
16
|
|
16
17
|
def replace_sources(credentials)
|
@@ -23,7 +24,7 @@ module Dependabot
|
|
23
24
|
TomlRB.dump(pipfile_object)
|
24
25
|
end
|
25
26
|
|
26
|
-
def freeze_top_level_dependencies_except(dependencies
|
27
|
+
def freeze_top_level_dependencies_except(dependencies)
|
27
28
|
return pipfile_content unless lockfile
|
28
29
|
|
29
30
|
pipfile_object = TomlRB.parse(pipfile_content)
|
@@ -35,7 +36,7 @@ module Dependabot
|
|
35
36
|
pipfile_object.fetch(keys[:pipfile]).each do |dep_name, _|
|
36
37
|
next if excluded_names.include?(normalise(dep_name))
|
37
38
|
|
38
|
-
freeze_dependency(dep_name, pipfile_object,
|
39
|
+
freeze_dependency(dep_name, pipfile_object, keys)
|
39
40
|
end
|
40
41
|
end
|
41
42
|
|
@@ -43,14 +44,12 @@ module Dependabot
|
|
43
44
|
end
|
44
45
|
|
45
46
|
# rubocop:disable Metrics/PerceivedComplexity
|
46
|
-
def freeze_dependency(dep_name, pipfile_object,
|
47
|
+
def freeze_dependency(dep_name, pipfile_object, keys)
|
47
48
|
locked_version = version_from_lockfile(
|
48
|
-
lockfile,
|
49
49
|
keys[:lockfile],
|
50
50
|
normalise(dep_name)
|
51
51
|
)
|
52
52
|
locked_ref = ref_from_lockfile(
|
53
|
-
lockfile,
|
54
53
|
keys[:lockfile],
|
55
54
|
normalise(dep_name)
|
56
55
|
)
|
@@ -79,11 +78,10 @@ module Dependabot
|
|
79
78
|
|
80
79
|
private
|
81
80
|
|
82
|
-
attr_reader :pipfile_content
|
81
|
+
attr_reader :pipfile_content, :lockfile
|
83
82
|
|
84
|
-
def version_from_lockfile(
|
85
|
-
details =
|
86
|
-
dig(dep_type, normalise(dep_name))
|
83
|
+
def version_from_lockfile(dep_type, dep_name)
|
84
|
+
details = parsed_lockfile.dig(dep_type, normalise(dep_name))
|
87
85
|
|
88
86
|
case details
|
89
87
|
when String then details.gsub(/^==/, "")
|
@@ -91,15 +89,18 @@ module Dependabot
|
|
91
89
|
end
|
92
90
|
end
|
93
91
|
|
94
|
-
def ref_from_lockfile(
|
95
|
-
details =
|
96
|
-
dig(dep_type, normalise(dep_name))
|
92
|
+
def ref_from_lockfile(dep_type, dep_name)
|
93
|
+
details = parsed_lockfile.dig(dep_type, normalise(dep_name))
|
97
94
|
|
98
95
|
case details
|
99
96
|
when Hash then details["ref"]
|
100
97
|
end
|
101
98
|
end
|
102
99
|
|
100
|
+
def parsed_lockfile
|
101
|
+
@parsed_lockfile ||= JSON.parse(lockfile.content)
|
102
|
+
end
|
103
|
+
|
103
104
|
# See https://www.python.org/dev/peps/pep-0503/#normalized-names
|
104
105
|
def normalise(name)
|
105
106
|
name.downcase.gsub(/[-_.]+/, "-")
|
@@ -291,8 +291,8 @@ module Dependabot
|
|
291
291
|
|
292
292
|
def freeze_other_dependencies(pipfile_content)
|
293
293
|
Python::FileUpdater::PipfilePreparer.
|
294
|
-
new(pipfile_content: pipfile_content).
|
295
|
-
freeze_top_level_dependencies_except([dependency]
|
294
|
+
new(pipfile_content: pipfile_content, lockfile: lockfile).
|
295
|
+
freeze_top_level_dependencies_except([dependency])
|
296
296
|
end
|
297
297
|
|
298
298
|
def unlock_target_dependency(pipfile_content)
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-python
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.95.
|
4
|
+
version: 0.95.51
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.95.
|
19
|
+
version: 0.95.51
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.95.
|
26
|
+
version: 0.95.51
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|