dependabot-python 0.98.20 → 0.98.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/python/file_parser.rb +1 -4
  3. data/lib/dependabot/python/file_parser/setup_file_parser.rb +2 -7
  4. data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb +25 -29
  5. data/lib/dependabot/python/file_updater/pipfile_file_updater.rb +19 -24
  6. data/lib/dependabot/python/file_updater/poetry_file_updater.rb +8 -11
  7. data/lib/dependabot/python/file_updater/requirement_file_updater.rb +1 -4
  8. data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb +16 -17
  9. data/lib/dependabot/python/update_checker/pipfile_version_resolver.rb +15 -20
  10. data/lib/dependabot/python/update_checker/poetry_version_resolver.rb +8 -9
  11. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f82010c9278c24bfcfa894e2eb3c95c030b68bcdd844eaf5edd0b3e39a4349b6
4
- data.tar.gz: 64a9ee89068002ded0cd6182386058bf3cf31044296f7a80012be58c1112b134
3
+ metadata.gz: 13e1990a53a8a437ac23ce95e0d59f3400a209da64ab5f82d6f2a432e620d721
4
+ data.tar.gz: 6284e7cb3cd180d467cab29670eca9ac804079c9bdd717ecfec29e3ff7795a94
5
5
  SHA512:
6
- metadata.gz: 18b5d0196e453fe5181381761b36a757c92bbf124ca90ad8e41dd6c3a7a418534162dcfcd8f5a4d7fdf8b1ca3aeeba9e306002831cf8822c8a55c4c8acea402e
7
- data.tar.gz: 788d1b0684eff52abd1a7c7c92355e4bd4e30571440369ceb29f59617655eaae4f11f84a5c486b4d17ce1ceb05e0f729a5b3da857b508413ff037b93350dc359
6
+ metadata.gz: 3bf815b588d9380809c4d9655da94608215e58ca286c5682f956e44070db5df492efd13e0f88bf97c7c1388513518341a240d618952bbb253fe03c6e530a7fdf
7
+ data.tar.gz: acd750d8963927eebeb48e67acd3184d4607fb9dbc8ce2fab7402cfeee0953c3d748ef7c7e27a1adaa287fcd00835efd69b906cfd5463af1919681fc6676905b
data/lib/dependabot/python/file_parser.rb CHANGED
@@ -1,7 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require "toml-rb"
4
- require "shellwords"
5
4
  require "dependabot/dependency"
6
5
  require "dependabot/file_parsers"
7
6
  require "dependabot/file_parsers/base"
@@ -125,10 +124,8 @@ module Dependabot
125
124
  SharedHelpers.in_a_temporary_directory do
126
125
  write_temporary_dependency_files
127
126
 
128
- command_parts = ["pyenv", "exec", "python",
129
- NativeHelpers.python_helper_path]
130
127
  requirements = SharedHelpers.run_helper_subprocess(
131
- command: Shellwords.join(command_parts),
128
+ command: "pyenv exec python #{NativeHelpers.python_helper_path}",
132
129
  function: "parse_requirements",
133
130
  args: [Dir.pwd]
134
131
  )
data/lib/dependabot/python/file_parser/setup_file_parser.rb CHANGED
@@ -1,6 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require "shellwords"
4
3
  require "dependabot/dependency"
5
4
  require "dependabot/errors"
6
5
  require "dependabot/file_parsers/base/dependency_set"
@@ -58,10 +57,8 @@ module Dependabot
58
57
  SharedHelpers.in_a_temporary_directory do
59
58
  write_temporary_dependency_files
60
59
 
61
- command_parts = ["pyenv", "exec", "python",
62
- NativeHelpers.python_helper_path]
63
60
  requirements = SharedHelpers.run_helper_subprocess(
64
- command: Shellwords.join(command_parts),
61
+ command: "pyenv exec python #{NativeHelpers.python_helper_path}",
65
62
  function: "parse_setup",
66
63
  args: [Dir.pwd]
67
64
  )
@@ -81,10 +78,8 @@ module Dependabot
81
78
  SharedHelpers.in_a_temporary_directory do
82
79
  write_sanitized_setup_file
83
80
 
84
- command_parts = ["pyenv", "exec", "python",
85
- NativeHelpers.python_helper_path]
86
81
  requirements = SharedHelpers.run_helper_subprocess(
87
- command: Shellwords.join(command_parts),
82
+ command: "pyenv exec python #{NativeHelpers.python_helper_path}",
88
83
  function: "parse_setup",
89
84
  args: [Dir.pwd]
90
85
  )
data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb CHANGED
@@ -1,7 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require "open3"
4
- require "shellwords"
5
4
  require "dependabot/python/requirement_parser"
6
5
  require "dependabot/python/file_fetcher"
7
6
  require "dependabot/python/file_updater"
@@ -9,10 +8,10 @@ require "dependabot/shared_helpers"
9
8
  require "dependabot/python/native_helpers"
10
9
  require "dependabot/python/python_versions"
11
10
 
12
- # rubocop:disable Metrics/ClassLength
13
11
  module Dependabot
14
12
  module Python
15
13
  class FileUpdater
14
+ # rubocop:disable Metrics/ClassLength
16
15
  class PipCompileFileUpdater
17
16
  require_relative "requirement_replacer"
18
17
  require_relative "requirement_file_updater"
@@ -58,7 +57,6 @@ module Dependabot
58
57
 
59
58
  # rubocop:disable Metrics/MethodLength
60
59
  # rubocop:disable Metrics/BlockLength
61
- # rubocop:disable Metrics/AbcSize
62
60
  def compile_new_requirement_files
63
61
  SharedHelpers.in_a_temporary_directory do
64
62
  write_updated_dependency_files
@@ -67,20 +65,21 @@ module Dependabot
67
65
  filenames_to_compile.each do |filename|
68
66
  # Shell out to pip-compile, generate a new set of requirements.
69
67
  # This is slow, as pip-compile needs to do installs.
70
- cmd_dep_name = Shellwords.join([
71
- "pyenv", "exec", "pip-compile",
72
- *pip_compile_options(filename),
73
- "-P", dependency.name
74
- ].reject(&:empty?))
75
- cmd_dep_version = Shellwords.join([dependency.version, filename])
68
+ name_part = "pyenv exec pip-compile "\
69
+ "#{pip_compile_options(filename)} -P "\
70
+ "#{dependency.name}"
71
+ version_part = "#{dependency.version} #{filename}"
76
72
  # Don't escape pyenv `dep-name==version` syntax
77
- run_pip_compile_command(["#{cmd_dep_name}==#{cmd_dep_version}"],
78
- escape: false)
73
+ run_pip_compile_command(
74
+ "#{SharedHelpers.escape_command(name_part)}=="\
75
+ "#{SharedHelpers.escape_command(version_part)}",
76
+ escape_command_str: false
77
+ )
79
78
  # Run pip-compile a second time, without an update argument, to
80
79
  # ensure it resets the right comments.
81
80
  run_pip_compile_command(
82
- ["pyenv", "exec", "pip-compile", *pip_compile_options(filename),
83
- filename].reject(&:empty?)
81
+ "pyenv exec pip-compile #{pip_compile_options(filename)} "\
82
+ "#{filename}"
84
83
  )
85
84
 
86
85
  unredact_git_credentials_in_compiled_file(filename)
@@ -104,7 +103,6 @@ module Dependabot
104
103
  end
105
104
  # rubocop:enable Metrics/MethodLength
106
105
  # rubocop:enable Metrics/BlockLength
107
- # rubocop:enable Metrics/AbcSize
108
106
 
109
107
  def update_manifest_files
110
108
  dependency_files.map do |file|
@@ -143,9 +141,9 @@ module Dependabot
143
141
  ).updated_dependency_files
144
142
  end
145
143
 
146
- def run_command(cmd_parts, env: python_env, escape: true)
144
+ def run_command(cmd, env: python_env, escape_command_str: true)
147
145
  start = Time.now
148
- command = escape ? Shellwords.join(cmd_parts) : cmd_parts.join(" ")
146
+ command = escape_command_str ? SharedHelpers.escape_command(cmd) : cmd
149
147
  stdout, process = Open3.capture2e(env, command)
150
148
  time_taken = Time.now - start
151
149
 
@@ -161,9 +159,9 @@ module Dependabot
161
159
  )
162
160
  end
163
161
 
164
- def run_pip_compile_command(command_parts, escape: true)
165
- run_command(["pyenv", "local", python_version])
166
- run_command(command_parts, escape: escape)
162
+ def run_pip_compile_command(command, escape_command_str: true)
163
+ run_command("pyenv local #{python_version}")
164
+ run_command(command, escape_command_str: escape_command_str)
167
165
  rescue SharedHelpers::HelperSubprocessFailed => error
168
166
  original_error ||= error
169
167
  msg = error.message
@@ -229,13 +227,13 @@ module Dependabot
229
227
  end
230
228
 
231
229
  def install_required_python
232
- if run_command(%w(pyenv versions)).include?("#{python_version}\n")
230
+ if run_command("pyenv versions").include?("#{python_version}\n")
233
231
  return
234
232
  end
235
233
 
236
- run_command(["pyenv", "install", "-s", python_version])
237
- run_command(["pyenv", "exec", "pip", "install", "-r",
238
- NativeHelpers.python_requirements_path])
234
+ run_command("pyenv install -s #{python_version}")
235
+ run_command("pyenv exec pip install -r "\
236
+ "#{NativeHelpers.python_requirements_path}")
239
237
  end
240
238
 
241
239
  def sanitized_setup_file_content(file)
@@ -414,10 +412,8 @@ module Dependabot
414
412
  end
415
413
 
416
414
  def package_hashes_for(name:, version:, algorithm:)
417
- command_parts = ["pyenv", "exec", "python",
418
- NativeHelpers.python_helper_path]
419
415
  SharedHelpers.run_helper_subprocess(
420
- command: Shellwords.join(command_parts),
416
+ command: "pyenv exec python #{NativeHelpers.python_helper_path}",
421
417
  function: "get_dependency_hash",
422
418
  args: [name, version, algorithm]
423
419
  ).map { |h| "--hash=#{algorithm}:#{h['hash']}" }
@@ -468,7 +464,7 @@ module Dependabot
468
464
  options << "--no-header"
469
465
  end
470
466
 
471
- options
467
+ options.join(" ")
472
468
  end
473
469
 
474
470
  def includes_unsafe_packages?(content)
@@ -562,7 +558,7 @@ module Dependabot
562
558
  end
563
559
 
564
560
  def pyenv_versions
565
- @pyenv_versions ||= run_command(["pyenv", "install", "--list"])
561
+ @pyenv_versions ||= run_command("pyenv install --list")
566
562
  end
567
563
 
568
564
  def pre_installed_python?(version)
@@ -585,7 +581,7 @@ module Dependabot
585
581
  dependency_files.find { |f| f.name == ".python-version" }
586
582
  end
587
583
  end
584
+ # rubocop:enable Metrics/ClassLength
588
585
  end
589
586
  end
590
587
  end
591
- # rubocop:enable Metrics/ClassLength
data/lib/dependabot/python/file_updater/pipfile_file_updater.rb CHANGED
@@ -2,16 +2,14 @@
2
2
 
3
3
  require "toml-rb"
4
4
  require "open3"
5
- require "shellwords"
6
5
  require "dependabot/python/requirement_parser"
7
6
  require "dependabot/python/file_updater"
8
7
  require "dependabot/shared_helpers"
9
8
  require "dependabot/python/native_helpers"
10
-
11
- # rubocop:disable Metrics/ClassLength
12
9
  module Dependabot
13
10
  module Python
14
11
  class FileUpdater
12
+ # rubocop:disable Metrics/ClassLength
15
13
  class PipfileFileUpdater
16
14
  require_relative "pipfile_preparer"
17
15
  require_relative "setup_file_sanitizer"
@@ -191,11 +189,11 @@ module Dependabot
191
189
  install_required_python
192
190
 
193
191
  # Initialize a git repo to appease pip-tools
194
- command = Shellwords.join(%w(git init))
192
+ command = SharedHelpers.escape_command("git init")
195
193
  IO.popen(command, err: %i(child out)) if setup_files.any?
196
194
 
197
195
  run_pipenv_command(
198
- %w(pyenv exec pipenv lock)
196
+ "pyenv exec pipenv lock"
199
197
  )
200
198
 
201
199
  result = { lockfile: File.read("Pipfile.lock") }
@@ -232,19 +230,19 @@ module Dependabot
232
230
 
233
231
  def generate_updated_requirements_files
234
232
  req_content = run_pipenv_command(
235
- ["pyenv", "exec", "pipenv", "lock", "-r"]
233
+ "pyenv exec pipenv lock -r"
236
234
  )
237
235
  File.write("req.txt", req_content)
238
236
 
239
237
  dev_req_content = run_pipenv_command(
240
- ["pyenv", "exec", "pipenv", "lock", "-r", "-d"]
238
+ "pyenv exec pipenv lock -r -d"
241
239
  )
242
240
  File.write("dev-req.txt", dev_req_content)
243
241
  end
244
242
 
245
- def run_command(command_parts, env: {})
243
+ def run_command(command, env: {})
246
244
  start = Time.now
247
- command = Shellwords.join(command_parts)
245
+ command = SharedHelpers.escape_command(command)
248
246
  stdout, process = Open3.capture2e(env, command)
249
247
  time_taken = Time.now - start
250
248
 
@@ -262,9 +260,9 @@ module Dependabot
262
260
  )
263
261
  end
264
262
 
265
- def run_pipenv_command(command_parts, env: pipenv_env_variables)
266
- run_command(["pyenv", "local", python_version])
267
- run_command(command_parts, env: env)
263
+ def run_pipenv_command(command, env: pipenv_env_variables)
264
+ run_command("pyenv local #{python_version}")
265
+ run_command(command, env: env)
268
266
  rescue SharedHelpers::HelperSubprocessFailed => error
269
267
  original_error ||= error
270
268
  msg = error.message
@@ -278,8 +276,8 @@ module Dependabot
278
276
  raise relevant_error if python_version.start_with?("2")
279
277
 
280
278
  # Clear the existing virtualenv, so that we use the new Python version
281
- run_command(["pyenv", "local", python_version])
282
- run_command(["pyenv", "exec", "pipenv", "--rm"])
279
+ run_command("pyenv local #{python_version}")
280
+ run_command("pyenv exec pipenv --rm")
283
281
 
284
282
  @python_version = "2.7.16"
285
283
  retry
@@ -323,19 +321,18 @@ module Dependabot
323
321
  def install_required_python
324
322
  # Initialize a git repo to appease pip-tools
325
323
  begin
326
- run_command(%w(git init)) if setup_files.any?
324
+ run_command("git init") if setup_files.any?
327
325
  rescue Dependabot::SharedHelpers::HelperSubprocessFailed
328
326
  nil
329
327
  end
330
328
 
331
- if run_command(%w(pyenv versions)).include?("#{python_version}\n")
329
+ if run_command("pyenv versions").include?("#{python_version}\n")
332
330
  return
333
331
  end
334
332
 
335
333
  requirements_path = NativeHelpers.python_requirements_path
336
- run_command(["pyenv", "install", "-s", python_version])
337
- run_command(["pyenv", "exec", "pip", "install", "-r",
338
- requirements_path])
334
+ run_command("pyenv install -s #{python_version}")
335
+ run_command("pyenv exec pip install -r #{requirements_path}")
339
336
  end
340
337
 
341
338
  def sanitized_setup_file_content(file)
@@ -406,7 +403,7 @@ module Dependabot
406
403
  end
407
404
 
408
405
  def pyenv_versions
409
- @pyenv_versions ||= run_command(["pyenv", "install", "--list"])
406
+ @pyenv_versions ||= run_command("pyenv install --list")
410
407
  end
411
408
 
412
409
  def pipfile_python_requirement
@@ -425,10 +422,8 @@ module Dependabot
425
422
  def pipfile_hash_for(pipfile_content)
426
423
  SharedHelpers.in_a_temporary_directory do |dir|
427
424
  File.write(File.join(dir, "Pipfile"), pipfile_content)
428
- command_parts = ["pyenv", "exec", "python",
429
- NativeHelpers.python_helper_path]
430
425
  SharedHelpers.run_helper_subprocess(
431
- command: Shellwords.join(command_parts),
426
+ command: "pyenv exec python #{NativeHelpers.python_helper_path}",
432
427
  function: "get_pipfile_hash",
433
428
  args: [dir]
434
429
  )
@@ -500,7 +495,7 @@ module Dependabot
500
495
  }
501
496
  end
502
497
  end
498
+ # rubocop:enable Metrics/ClassLength
503
499
  end
504
500
  end
505
501
  end
506
- # rubocop:enable Metrics/ClassLength
data/lib/dependabot/python/file_updater/poetry_file_updater.rb CHANGED
@@ -2,7 +2,6 @@
2
2
 
3
3
  require "toml-rb"
4
4
  require "open3"
5
- require "shellwords"
6
5
  require "dependabot/shared_helpers"
7
6
  require "dependabot/python/version"
8
7
  require "dependabot/python/requirement"
@@ -154,13 +153,13 @@ module Dependabot
154
153
  write_temporary_dependency_files(pyproject_content)
155
154
 
156
155
  if python_version && !pre_installed_python?(python_version)
157
- run_poetry_command(["pyenv", "install", "-s", python_version])
158
- run_poetry_command(["pyenv", "exec", "pip", "install", "-r",
159
- NativeHelpers.python_requirements_path])
156
+ run_poetry_command("pyenv install -s #{python_version}")
157
+ run_poetry_command("pyenv exec pip install -r"\
158
+ "#{NativeHelpers.python_requirements_path}")
160
159
  end
161
160
 
162
161
  run_poetry_command(
163
- ["pyenv", "exec", "poetry", "update", dependency.name, "--lock"]
162
+ "pyenv exec poetry update #{dependency.name} --lock"
164
163
  )
165
164
 
166
165
  return File.read("poetry.lock") if File.exist?("poetry.lock")
@@ -169,9 +168,9 @@ module Dependabot
169
168
  end
170
169
  end
171
170
 
172
- def run_poetry_command(command_parts)
171
+ def run_poetry_command(command)
173
172
  start = Time.now
174
- command = Shellwords.join(command_parts)
173
+ command = SharedHelpers.escape_command(command)
175
174
  stdout, process = Open3.capture2e(command)
176
175
  time_taken = Time.now - start
177
176
 
@@ -232,7 +231,7 @@ module Dependabot
232
231
  end
233
232
 
234
233
  def pyenv_versions
235
- @pyenv_versions ||= run_poetry_command(["pyenv", "install", "--list"])
234
+ @pyenv_versions ||= run_poetry_command("pyenv install --list")
236
235
  end
237
236
 
238
237
  def pre_installed_python?(version)
@@ -242,10 +241,8 @@ module Dependabot
242
241
  def pyproject_hash_for(pyproject_content)
243
242
  SharedHelpers.in_a_temporary_directory do |dir|
244
243
  File.write(File.join(dir, "pyproject.toml"), pyproject_content)
245
- command_parts = ["pyenv", "exec", "python",
246
- NativeHelpers.python_helper_path]
247
244
  SharedHelpers.run_helper_subprocess(
248
- command: Shellwords.join(command_parts),
245
+ command: "pyenv exec python #{NativeHelpers.python_helper_path}",
249
246
  function: "get_pyproject_hash",
250
247
  args: [dir]
251
248
  )
data/lib/dependabot/python/file_updater/requirement_file_updater.rb CHANGED
@@ -1,6 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require "shellwords"
4
3
  require "dependabot/python/requirement_parser"
5
4
  require "dependabot/python/file_updater"
6
5
  require "dependabot/shared_helpers"
@@ -140,10 +139,8 @@ module Dependabot
140
139
  end
141
140
 
142
141
  def package_hashes_for(name:, version:, algorithm:)
143
- command_parts = ["pyenv", "exec", "python",
144
- NativeHelpers.python_helper_path]
145
142
  SharedHelpers.run_helper_subprocess(
146
- command: Shellwords.join(command_parts),
143
+ command: "pyenv exec python #{NativeHelpers.python_helper_path}",
147
144
  function: "get_dependency_hash",
148
145
  args: [name, version, algorithm]
149
146
  ).map { |h| "--hash=#{algorithm}:#{h['hash']}" }
data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb CHANGED
@@ -1,7 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require "open3"
4
- require "shellwords"
5
4
  require "dependabot/python/requirement_parser"
6
5
  require "dependabot/python/file_fetcher"
7
6
  require "dependabot/python/file_parser"
@@ -12,6 +11,7 @@ require "dependabot/python/version"
12
11
  require "dependabot/shared_helpers"
13
12
  require "dependabot/python/native_helpers"
14
13
  require "dependabot/python/python_versions"
14
+
15
15
  module Dependabot
16
16
  module Python
17
17
  class UpdateChecker
@@ -59,14 +59,14 @@ module Dependabot
59
59
  # Shell out to pip-compile.
60
60
  # This is slow, as pip-compile needs to do installs.
61
61
  run_pip_compile_command(
62
- ["pyenv", "exec", "pip-compile", "--allow-unsafe",
63
- "--build-isolation", "-P", dependency.name, filename]
62
+ "pyenv exec pip-compile --allow-unsafe "\
63
+ "--build-isolation -P #{dependency.name} #{filename}"
64
64
  )
65
65
  # Run pip-compile a second time, without an update argument,
66
66
  # to ensure it handles markers correctly
67
67
  run_pip_compile_command(
68
- ["pyenv", "exec", "pip-compile", "--allow-unsafe",
69
- "--build-isolation", filename]
68
+ "pyenv exec pip-compile --allow-unsafe "\
69
+ "--build-isolation #{filename}"
70
70
  )
71
71
 
72
72
  unredact_git_credentials_in_compiled_file(filename)
@@ -162,8 +162,7 @@ module Dependabot
162
162
  write_temporary_dependency_files(unlock_requirement: false)
163
163
 
164
164
  filenames_to_compile.each do |filename|
165
- run_command(["pyenv", "exec", "pip-compile", "--allow-unsafe",
166
- filename])
165
+ run_command("pyenv exec pip-compile --allow-unsafe #{filename}")
167
166
  end
168
167
 
169
168
  true
@@ -181,9 +180,9 @@ module Dependabot
181
180
  end
182
181
  end
183
182
 
184
- def run_command(command_parts, env: python_env)
183
+ def run_command(command, env: python_env)
185
184
  start = Time.now
186
- command = Shellwords.join(command_parts)
185
+ command = SharedHelpers.escape_command(command)
187
186
  stdout, process = Open3.capture2e(env, command)
188
187
  time_taken = Time.now - start
189
188
 
@@ -199,9 +198,9 @@ module Dependabot
199
198
  )
200
199
  end
201
200
 
202
- def run_pip_compile_command(command_parts)
203
- run_command(["pyenv", "local", python_version])
204
- run_command(command_parts)
201
+ def run_pip_compile_command(command)
202
+ run_command("pyenv local #{python_version}")
203
+ run_command(command)
205
204
  rescue SharedHelpers::HelperSubprocessFailed => error
206
205
  original_error ||= error
207
206
  msg = error.message
@@ -271,13 +270,13 @@ module Dependabot
271
270
  end
272
271
 
273
272
  def install_required_python
274
- if run_command(%w(pyenv versions)).include?("#{python_version}\n")
273
+ if run_command("pyenv versions").include?("#{python_version}\n")
275
274
  return
276
275
  end
277
276
 
278
- run_command(["pyenv", "install", "-s", python_version])
279
- run_command(["pyenv", "exec", "pip", "install", "-r",
280
- NativeHelpers.python_requirements_path])
277
+ run_command("pyenv install -s #{python_version}")
278
+ run_command("pyenv exec pip install -r"\
279
+ "#{NativeHelpers.python_requirements_path}")
281
280
  end
282
281
 
283
282
  def sanitized_setup_file_content(file)
@@ -463,7 +462,7 @@ module Dependabot
463
462
  end
464
463
 
465
464
  def pyenv_versions
466
- @pyenv_versions ||= run_command(["pyenv", "install", "--list"])
465
+ @pyenv_versions ||= run_command("pyenv install --list")
467
466
  end
468
467
 
469
468
  def pre_installed_python?(version)
data/lib/dependabot/python/update_checker/pipfile_version_resolver.rb CHANGED
@@ -3,7 +3,6 @@
3
3
  require "excon"
4
4
  require "toml-rb"
5
5
  require "open3"
6
- require "shellwords"
7
6
  require "dependabot/errors"
8
7
  require "dependabot/shared_helpers"
9
8
  require "dependabot/python/file_parser"
@@ -78,9 +77,7 @@ module Dependabot
78
77
  # Whilst calling `lock` avoids doing an install as part of the
79
78
  # pipenv flow, an install is still done by pip-tools in order
80
79
  # to resolve the dependencies. That means this is slow.
81
- run_pipenv_command(
82
- %w(pyenv exec pipenv lock)
83
- )
80
+ run_pipenv_command("pyenv exec pipenv lock")
84
81
 
85
82
  updated_lockfile = JSON.parse(File.read("Pipfile.lock"))
86
83
 
@@ -195,9 +192,7 @@ module Dependabot
195
192
  SharedHelpers.with_git_configured(credentials: credentials) do
196
193
  write_temporary_dependency_files(update_pipfile: false)
197
194
 
198
- run_pipenv_command(
199
- %w(pyenv exec pipenv lock)
200
- )
195
+ run_pipenv_command("pyenv exec pipenv lock")
201
196
 
202
197
  true
203
198
  rescue SharedHelpers::HelperSubprocessFailed => error
@@ -288,19 +283,19 @@ module Dependabot
288
283
  def install_required_python
289
284
  # Initialize a git repo to appease pip-tools
290
285
  begin
291
- run_command(%w(git init)) if setup_files.any?
286
+ run_command("git init") if setup_files.any?
292
287
  rescue Dependabot::SharedHelpers::HelperSubprocessFailed
293
288
  nil
294
289
  end
295
290
 
296
- if run_command(%w(pyenv versions)).include?("#{python_version}\n")
291
+ if run_command("pyenv versions").include?("#{python_version}\n")
297
292
  return
298
293
  end
299
294
 
300
295
  requirements_path = NativeHelpers.python_requirements_path
301
- run_command(["pyenv", "install", "-s", python_version])
302
- run_command(["pyenv", "exec", "pip", "install", "-r",
303
- requirements_path])
296
+ run_command("pyenv install -s #{python_version}")
297
+ run_command("pyenv exec pip install -r "\
298
+ "#{requirements_path}")
304
299
  end
305
300
 
306
301
  def sanitized_setup_file_content(file)
@@ -414,7 +409,7 @@ module Dependabot
414
409
  end
415
410
 
416
411
  def pyenv_versions
417
- @pyenv_versions ||= run_command(["pyenv", "install", "--list"])
412
+ @pyenv_versions ||= run_command("pyenv install --list")
418
413
  end
419
414
 
420
415
  def pipfile_python_requirement
@@ -487,9 +482,9 @@ module Dependabot
487
482
  end
488
483
  end
489
484
 
490
- def run_command(command_parts, env: {})
485
+ def run_command(command, env: {})
491
486
  start = Time.now
492
- command = Shellwords.join(command_parts)
487
+ command = SharedHelpers.escape_command(command)
493
488
  stdout, process = Open3.capture2e(env, command)
494
489
  time_taken = Time.now - start
495
490
 
@@ -505,9 +500,9 @@ module Dependabot
505
500
  )
506
501
  end
507
502
 
508
- def run_pipenv_command(command_parts, env: pipenv_env_variables)
509
- run_command(["pyenv", "local", python_version])
510
- run_command(command_parts, env: env)
503
+ def run_pipenv_command(command, env: pipenv_env_variables)
504
+ run_command("pyenv local #{python_version}")
505
+ run_command(command, env: env)
511
506
  rescue SharedHelpers::HelperSubprocessFailed => error
512
507
  original_error ||= error
513
508
  msg = error.message
@@ -521,8 +516,8 @@ module Dependabot
521
516
  raise relevant_error if python_version.start_with?("2")
522
517
 
523
518
  # Clear the existing virtualenv, so that we use the new Python version
524
- run_command(["pyenv", "local", python_version])
525
- run_command(["pyenv", "exec", "pipenv", "--rm"])
519
+ run_command("pyenv local #{python_version}")
520
+ run_command("pyenv exec pipenv --rm")
526
521
 
527
522
  @python_version = "2.7.16"
528
523
  retry
data/lib/dependabot/python/update_checker/poetry_version_resolver.rb CHANGED
@@ -3,7 +3,6 @@
3
3
  require "excon"
4
4
  require "toml-rb"
5
5
  require "open3"
6
- require "shellwords"
7
6
  require "dependabot/errors"
8
7
  require "dependabot/shared_helpers"
9
8
  require "dependabot/python/file_parser"
@@ -56,15 +55,15 @@ module Dependabot
56
55
  write_temporary_dependency_files
57
56
 
58
57
  if python_version && !pre_installed_python?(python_version)
59
- run_poetry_command(["pyenv", "install", "-s", python_version])
60
- run_poetry_command(["pyenv", "exec", "pip", "install", "-r",
61
- NativeHelpers.python_requirements_path])
58
+ run_poetry_command("pyenv install -s #{python_version}")
59
+ run_poetry_command("pyenv exec pip install -r "\
60
+ "#{NativeHelpers.python_requirements_path}")
62
61
  end
63
62
 
64
63
  # Shell out to Poetry, which handles everything for us.
65
64
  # Using `--lock` avoids doing an install.
66
65
  run_poetry_command(
67
- ["pyenv", "exec", "poetry", "update", dependency.name, "--lock"]
66
+ "pyenv exec poetry update #{dependency.name} --lock"
68
67
  )
69
68
 
70
69
  updated_lockfile =
@@ -106,7 +105,7 @@ module Dependabot
106
105
  write_temporary_dependency_files(update_pyproject: false)
107
106
 
108
107
  run_poetry_command(
109
- ["pyenv", "exec", "poetry", "update", dependency.name, "--lock"]
108
+ "pyenv exec poetry update #{dependency.name} --lock"
110
109
  )
111
110
 
112
111
  true
@@ -176,7 +175,7 @@ module Dependabot
176
175
  end
177
176
 
178
177
  def pyenv_versions
179
- @pyenv_versions ||= run_poetry_command(["pyenv", "install", "--list"])
178
+ @pyenv_versions ||= run_poetry_command("pyenv install --list")
180
179
  end
181
180
 
182
181
  def pre_installed_python?(version)
@@ -312,9 +311,9 @@ module Dependabot
312
311
  dependency_files.find { |f| f.name == ".python-version" }
313
312
  end
314
313
 
315
- def run_poetry_command(command_parts)
314
+ def run_poetry_command(command)
316
315
  start = Time.now
317
- command = Shellwords.join(command_parts)
316
+ command = SharedHelpers.escape_command(command)
318
317
  stdout, process = Open3.capture2e(command)
319
318
  time_taken = Time.now - start
320
319
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.98.20
4
+ version: 0.98.21
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.98.20
19
+ version: 0.98.21
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.98.20
26
+ version: 0.98.21
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement