dependabot-python 0.98.18 → 0.98.19
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f440844cfa09bb25c9d674290a4da8bbbadb4be1c83c3ed140047a6063eea533
|
|
4
|
+
data.tar.gz: 0e8c5b8173b67f5ea300a7dec1f8a1e4515498f71d985906b2bef44426c4ef36
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8961fa161070ff3d79c7a7e61588c2b73681c80aee91b1bd4fd16c5041068a3699b1f6114b5c311af2d296334d0aa3cd8b169559c57e1649e739de5413f7a82a
|
|
7
|
+
data.tar.gz: e8e8d69945370638ecd79d0e9acb552b8970fcd926d1b0e37c46ed2b618e975d0f6ef7de03660187bc4acb61426f1ed03116f6e9e5e727ed5967f06d6d8adc53
|
|
@@ -57,6 +57,8 @@ module Dependabot
|
|
|
57
57
|
end
|
|
58
58
|
|
|
59
59
|
# rubocop:disable Metrics/MethodLength
|
|
60
|
+
# rubocop:disable Metrics/BlockLength
|
|
61
|
+
# rubocop:disable Metrics/AbcSize
|
|
60
62
|
def compile_new_requirement_files
|
|
61
63
|
SharedHelpers.in_a_temporary_directory do
|
|
62
64
|
write_updated_dependency_files
|
|
@@ -80,6 +82,8 @@ module Dependabot
|
|
|
80
82
|
["pyenv", "exec", "pip-compile", *pip_compile_options(filename),
|
|
81
83
|
filename].reject(&:empty?)
|
|
82
84
|
)
|
|
85
|
+
|
|
86
|
+
unredact_git_credentials_in_compiled_file(filename)
|
|
83
87
|
end
|
|
84
88
|
|
|
85
89
|
# Remove any .python-version file before parsing the reqs
|
|
@@ -99,6 +103,8 @@ module Dependabot
|
|
|
99
103
|
end
|
|
100
104
|
end
|
|
101
105
|
# rubocop:enable Metrics/MethodLength
|
|
106
|
+
# rubocop:enable Metrics/BlockLength
|
|
107
|
+
# rubocop:enable Metrics/AbcSize
|
|
102
108
|
|
|
103
109
|
def update_manifest_files
|
|
104
110
|
dependency_files.map do |file|
|
|
@@ -322,6 +328,40 @@ module Dependabot
|
|
|
322
328
|
content
|
|
323
329
|
end
|
|
324
330
|
|
|
331
|
+
# Pip redacts git credentials in the compiled pip-tools file. We don't
|
|
332
|
+
# want that, as it makes the compiled files unusable. (This is kind of
|
|
333
|
+
# a pip-tools bug.)
|
|
334
|
+
def unredact_git_credentials_in_compiled_file(filename)
|
|
335
|
+
compiled_name = filename.gsub(/\.in$/, ".txt")
|
|
336
|
+
original_content = dependency_files.
|
|
337
|
+
find { |f| f.name == compiled_name }.
|
|
338
|
+
content
|
|
339
|
+
|
|
340
|
+
updated_content = File.read(compiled_name)
|
|
341
|
+
new_content = updated_content
|
|
342
|
+
|
|
343
|
+
update_count = 0
|
|
344
|
+
original_content.lines.each do |original_line|
|
|
345
|
+
next unless original_line.match?(/^(-e )?git+/)
|
|
346
|
+
next unless original_line.match?(%r{(?<=:)[^/].*?(?=@)})
|
|
347
|
+
next update_count += 1 if updated_content.include?(original_line)
|
|
348
|
+
|
|
349
|
+
line_to_update =
|
|
350
|
+
updated_content.lines.
|
|
351
|
+
select { |l| l.match?(/^(-e )?git+/) && l.include?(":****@") }.
|
|
352
|
+
at(update_count)
|
|
353
|
+
raise "Mismatch in editable requirements!" unless line_to_update
|
|
354
|
+
|
|
355
|
+
auth = original_line.match(%r{(?<=:)[^/].*?(?=@)}).to_s
|
|
356
|
+
new_content =
|
|
357
|
+
new_content.
|
|
358
|
+
gsub(line_to_update, line_to_update.gsub(":****@", ":#{auth}@"))
|
|
359
|
+
update_count += 1
|
|
360
|
+
end
|
|
361
|
+
|
|
362
|
+
File.write(compiled_name, new_content)
|
|
363
|
+
end
|
|
364
|
+
|
|
325
365
|
def update_hashes_if_required(updated_content, original_content)
|
|
326
366
|
deps_to_update =
|
|
327
367
|
deps_to_augment_hashes_for(updated_content, original_content)
|
|
@@ -155,8 +155,6 @@ module Dependabot
|
|
|
155
155
|
|
|
156
156
|
if python_version && !pre_installed_python?(python_version)
|
|
157
157
|
run_poetry_command(["pyenv", "install", "-s", python_version])
|
|
158
|
-
run_poetry_command(["pyenv", "exec", "pip", "install",
|
|
159
|
-
"--upgrade", "pip"])
|
|
160
158
|
run_poetry_command(["pyenv", "exec", "pip", "install", "-r",
|
|
161
159
|
NativeHelpers.python_requirements_path])
|
|
162
160
|
end
|
|
@@ -68,6 +68,8 @@ module Dependabot
|
|
|
68
68
|
["pyenv", "exec", "pip-compile", "--allow-unsafe",
|
|
69
69
|
"--build-isolation", filename]
|
|
70
70
|
)
|
|
71
|
+
|
|
72
|
+
unredact_git_credentials_in_compiled_file(filename)
|
|
71
73
|
end
|
|
72
74
|
|
|
73
75
|
# Remove any .python-version file before parsing the reqs
|
|
@@ -115,6 +117,40 @@ module Dependabot
|
|
|
115
117
|
raise
|
|
116
118
|
end
|
|
117
119
|
|
|
120
|
+
# Pip redacts git credentials in the compiled pip-tools file. We don't
|
|
121
|
+
# want that, as it makes the compiled files unusable. (This is kind of
|
|
122
|
+
# a pip-tools bug.)
|
|
123
|
+
def unredact_git_credentials_in_compiled_file(filename)
|
|
124
|
+
compiled_name = filename.gsub(/\.in$/, ".txt")
|
|
125
|
+
original_content = dependency_files.
|
|
126
|
+
find { |f| f.name == compiled_name }.
|
|
127
|
+
content
|
|
128
|
+
|
|
129
|
+
updated_content = File.read(compiled_name)
|
|
130
|
+
new_content = updated_content
|
|
131
|
+
|
|
132
|
+
update_count = 0
|
|
133
|
+
original_content.lines.each do |original_line|
|
|
134
|
+
next unless original_line.match?(/^(-e )?git+/)
|
|
135
|
+
next unless original_line.match?(%r{(?<=:)[^/].*?(?=@)})
|
|
136
|
+
next update_count += 1 if updated_content.include?(original_line)
|
|
137
|
+
|
|
138
|
+
line_to_update =
|
|
139
|
+
updated_content.lines.
|
|
140
|
+
select { |l| l.match?(/^(-e )?git+/) && l.include?(":****@") }.
|
|
141
|
+
at(update_count)
|
|
142
|
+
raise "Mismatch in editable requirements!" unless line_to_update
|
|
143
|
+
|
|
144
|
+
auth = original_line.match(%r{(?<=:)[^/].*?(?=@)}).to_s
|
|
145
|
+
new_content =
|
|
146
|
+
new_content.
|
|
147
|
+
gsub(line_to_update, line_to_update.gsub(":****@", ":#{auth}@"))
|
|
148
|
+
update_count += 1
|
|
149
|
+
end
|
|
150
|
+
|
|
151
|
+
File.write(compiled_name, new_content)
|
|
152
|
+
end
|
|
153
|
+
|
|
118
154
|
# Needed because pip-compile's resolver isn't perfect.
|
|
119
155
|
# Note: We raise errors from this method, rather than returning a
|
|
120
156
|
# boolean, so that all deps for this repo will raise identical
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-python
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.98.
|
|
4
|
+
version: 0.98.19
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.98.
|
|
19
|
+
version: 0.98.19
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.98.
|
|
26
|
+
version: 0.98.19
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|