dependabot-python 0.98.20 → 0.98.21

Sign up to get free protection for your applications and to get access to all the features.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/python/file_parser.rb +1 -4
  3. data/lib/dependabot/python/file_parser/setup_file_parser.rb +2 -7
  4. data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb +25 -29
  5. data/lib/dependabot/python/file_updater/pipfile_file_updater.rb +19 -24
  6. data/lib/dependabot/python/file_updater/poetry_file_updater.rb +8 -11
  7. data/lib/dependabot/python/file_updater/requirement_file_updater.rb +1 -4
  8. data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb +16 -17
  9. data/lib/dependabot/python/update_checker/pipfile_version_resolver.rb +15 -20
  10. data/lib/dependabot/python/update_checker/poetry_version_resolver.rb +8 -9
  11. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f82010c9278c24bfcfa894e2eb3c95c030b68bcdd844eaf5edd0b3e39a4349b6
4
- data.tar.gz: 64a9ee89068002ded0cd6182386058bf3cf31044296f7a80012be58c1112b134
3
+ metadata.gz: 13e1990a53a8a437ac23ce95e0d59f3400a209da64ab5f82d6f2a432e620d721
4
+ data.tar.gz: 6284e7cb3cd180d467cab29670eca9ac804079c9bdd717ecfec29e3ff7795a94
5
5
  SHA512:
6
- metadata.gz: 18b5d0196e453fe5181381761b36a757c92bbf124ca90ad8e41dd6c3a7a418534162dcfcd8f5a4d7fdf8b1ca3aeeba9e306002831cf8822c8a55c4c8acea402e
7
- data.tar.gz: 788d1b0684eff52abd1a7c7c92355e4bd4e30571440369ceb29f59617655eaae4f11f84a5c486b4d17ce1ceb05e0f729a5b3da857b508413ff037b93350dc359
6
+ metadata.gz: 3bf815b588d9380809c4d9655da94608215e58ca286c5682f956e44070db5df492efd13e0f88bf97c7c1388513518341a240d618952bbb253fe03c6e530a7fdf
7
+ data.tar.gz: acd750d8963927eebeb48e67acd3184d4607fb9dbc8ce2fab7402cfeee0953c3d748ef7c7e27a1adaa287fcd00835efd69b906cfd5463af1919681fc6676905b
data/lib/dependabot/python/file_parser.rb CHANGED
@@ -1,7 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require "toml-rb"
4
- require "shellwords"
5
4
  require "dependabot/dependency"
6
5
  require "dependabot/file_parsers"
7
6
  require "dependabot/file_parsers/base"
@@ -125,10 +124,8 @@ module Dependabot
125
124
  SharedHelpers.in_a_temporary_directory do
126
125
  write_temporary_dependency_files
127
126
 
128
- command_parts = ["pyenv", "exec", "python",
129
- NativeHelpers.python_helper_path]
130
127
  requirements = SharedHelpers.run_helper_subprocess(
131
- command: Shellwords.join(command_parts),
128
+ command: "pyenv exec python #{NativeHelpers.python_helper_path}",
132
129
  function: "parse_requirements",
133
130
  args: [Dir.pwd]
134
131
  )
data/lib/dependabot/python/file_parser/setup_file_parser.rb CHANGED
@@ -1,6 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require "shellwords"
4
3
  require "dependabot/dependency"
5
4
  require "dependabot/errors"
6
5
  require "dependabot/file_parsers/base/dependency_set"
@@ -58,10 +57,8 @@ module Dependabot
58
57
  SharedHelpers.in_a_temporary_directory do
59
58
  write_temporary_dependency_files
60
59
 
61
- command_parts = ["pyenv", "exec", "python",
62
- NativeHelpers.python_helper_path]
63
60
  requirements = SharedHelpers.run_helper_subprocess(
64
- command: Shellwords.join(command_parts),
61
+ command: "pyenv exec python #{NativeHelpers.python_helper_path}",
65
62
  function: "parse_setup",
66
63
  args: [Dir.pwd]
67
64
  )
@@ -81,10 +78,8 @@ module Dependabot
81
78
  SharedHelpers.in_a_temporary_directory do
82
79
  write_sanitized_setup_file
83
80
 
84
- command_parts = ["pyenv", "exec", "python",
85
- NativeHelpers.python_helper_path]
86
81
  requirements = SharedHelpers.run_helper_subprocess(
87
- command: Shellwords.join(command_parts),
82
+ command: "pyenv exec python #{NativeHelpers.python_helper_path}",
88
83
  function: "parse_setup",
89
84
  args: [Dir.pwd]
90
85
  )
data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb CHANGED
@@ -1,7 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require "open3"
4
- require "shellwords"
5
4
  require "dependabot/python/requirement_parser"
6
5
  require "dependabot/python/file_fetcher"
7
6
  require "dependabot/python/file_updater"
@@ -9,10 +8,10 @@ require "dependabot/shared_helpers"
9
8
  require "dependabot/python/native_helpers"
10
9
  require "dependabot/python/python_versions"
11
10
 
12
- # rubocop:disable Metrics/ClassLength
13
11
  module Dependabot
14
12
  module Python
15
13
  class FileUpdater
14
+ # rubocop:disable Metrics/ClassLength
16
15
  class PipCompileFileUpdater
17
16
  require_relative "requirement_replacer"
18
17
  require_relative "requirement_file_updater"
@@ -58,7 +57,6 @@ module Dependabot
58
57
 
59
58
  # rubocop:disable Metrics/MethodLength
60
59
  # rubocop:disable Metrics/BlockLength
61
- # rubocop:disable Metrics/AbcSize
62
60
  def compile_new_requirement_files
63
61
  SharedHelpers.in_a_temporary_directory do
64
62
  write_updated_dependency_files
@@ -67,20 +65,21 @@ module Dependabot
67
65
  filenames_to_compile.each do |filename|
68
66
  # Shell out to pip-compile, generate a new set of requirements.
69
67
  # This is slow, as pip-compile needs to do installs.
70
- cmd_dep_name = Shellwords.join([
71
- "pyenv", "exec", "pip-compile",
72
- *pip_compile_options(filename),
73
- "-P", dependency.name
74
- ].reject(&:empty?))
75
- cmd_dep_version = Shellwords.join([dependency.version, filename])
68
+ name_part = "pyenv exec pip-compile "\
69
+ "#{pip_compile_options(filename)} -P "\
70
+ "#{dependency.name}"
71
+ version_part = "#{dependency.version} #{filename}"
76
72
  # Don't escape pyenv `dep-name==version` syntax
77
- run_pip_compile_command(["#{cmd_dep_name}==#{cmd_dep_version}"],
78
- escape: false)
73
+ run_pip_compile_command(
74
+ "#{SharedHelpers.escape_command(name_part)}=="\
75
+ "#{SharedHelpers.escape_command(version_part)}",
76
+ escape_command_str: false
77
+ )
79
78
  # Run pip-compile a second time, without an update argument, to
80
79
  # ensure it resets the right comments.
81
80
  run_pip_compile_command(
82
- ["pyenv", "exec", "pip-compile", *pip_compile_options(filename),
83
- filename].reject(&:empty?)
81
+ "pyenv exec pip-compile #{pip_compile_options(filename)} "\
82
+ "#{filename}"
84
83
  )
85
84
 
86
85
  unredact_git_credentials_in_compiled_file(filename)
@@ -104,7 +103,6 @@ module Dependabot
104
103
  end
105
104
  # rubocop:enable Metrics/MethodLength
106
105
  # rubocop:enable Metrics/BlockLength
107
- # rubocop:enable Metrics/AbcSize
108
106
 
109
107
  def update_manifest_files
110
108
  dependency_files.map do |file|
@@ -143,9 +141,9 @@ module Dependabot
143
141
  ).updated_dependency_files
144
142
  end
145
143
 
146
- def run_command(cmd_parts, env: python_env, escape: true)
144
+ def run_command(cmd, env: python_env, escape_command_str: true)
147
145
  start = Time.now
148
- command = escape ? Shellwords.join(cmd_parts) : cmd_parts.join(" ")
146
+ command = escape_command_str ? SharedHelpers.escape_command(cmd) : cmd
149
147
  stdout, process = Open3.capture2e(env, command)
150
148
  time_taken = Time.now - start
151
149
 
@@ -161,9 +159,9 @@ module Dependabot
161
159
  )
162
160
  end
163
161
 
164
- def run_pip_compile_command(command_parts, escape: true)
165
- run_command(["pyenv", "local", python_version])
166
- run_command(command_parts, escape: escape)
162
+ def run_pip_compile_command(command, escape_command_str: true)
163
+ run_command("pyenv local #{python_version}")
164
+ run_command(command, escape_command_str: escape_command_str)
167
165
  rescue SharedHelpers::HelperSubprocessFailed => error
168
166
  original_error ||= error
169
167
  msg = error.message
@@ -229,13 +227,13 @@ module Dependabot
229
227
  end
230
228
 
231
229
  def install_required_python
232
- if run_command(%w(pyenv versions)).include?("#{python_version}\n")
230
+ if run_command("pyenv versions").include?("#{python_version}\n")
233
231
  return
234
232
  end
235
233
 
236
- run_command(["pyenv", "install", "-s", python_version])
237
- run_command(["pyenv", "exec", "pip", "install", "-r",
238
- NativeHelpers.python_requirements_path])
234
+ run_command("pyenv install -s #{python_version}")
235
+ run_command("pyenv exec pip install -r "\
236
+ "#{NativeHelpers.python_requirements_path}")
239
237
  end
240
238
 
241
239
  def sanitized_setup_file_content(file)
@@ -414,10 +412,8 @@ module Dependabot
414
412
  end
415
413
 
416
414
  def package_hashes_for(name:, version:, algorithm:)
417
- command_parts = ["pyenv", "exec", "python",
418
- NativeHelpers.python_helper_path]
419
415
  SharedHelpers.run_helper_subprocess(
420
- command: Shellwords.join(command_parts),
416
+ command: "pyenv exec python #{NativeHelpers.python_helper_path}",
421
417
  function: "get_dependency_hash",
422
418
  args: [name, version, algorithm]
423
419
  ).map { |h| "--hash=#{algorithm}:#{h['hash']}" }
@@ -468,7 +464,7 @@ module Dependabot
468
464
  options << "--no-header"
469
465
  end
470
466
 
471
- options
467
+ options.join(" ")
472
468
  end
473
469
 
474
470
  def includes_unsafe_packages?(content)
@@ -562,7 +558,7 @@ module Dependabot
562
558
  end
563
559
 
564
560
  def pyenv_versions
565
- @pyenv_versions ||= run_command(["pyenv", "install", "--list"])
561
+ @pyenv_versions ||= run_command("pyenv install --list")
566
562
  end
567
563
 
568
564
  def pre_installed_python?(version)
@@ -585,7 +581,7 @@ module Dependabot
585
581
  dependency_files.find { |f| f.name == ".python-version" }
586
582
  end
587
583
  end
584
+ # rubocop:enable Metrics/ClassLength
588
585
  end
589
586
  end
590
587
  end
591
- # rubocop:enable Metrics/ClassLength
data/lib/dependabot/python/file_updater/pipfile_file_updater.rb CHANGED
@@ -2,16 +2,14 @@
2
2
 
3
3
  require "toml-rb"
4
4
  require "open3"
5
- require "shellwords"
6
5
  require "dependabot/python/requirement_parser"
7
6
  require "dependabot/python/file_updater"
8
7
  require "dependabot/shared_helpers"
9
8
  require "dependabot/python/native_helpers"
10
-
11
- # rubocop:disable Metrics/ClassLength
12
9
  module Dependabot
13
10
  module Python
14
11
  class FileUpdater
12
+ # rubocop:disable Metrics/ClassLength
15
13
  class PipfileFileUpdater
16
14
  require_relative "pipfile_preparer"
17
15
  require_relative "setup_file_sanitizer"
@@ -191,11 +189,11 @@ module Dependabot
191
189
  install_required_python
192
190
 
193
191
  # Initialize a git repo to appease pip-tools
194
- command = Shellwords.join(%w(git init))
192
+ command = SharedHelpers.escape_command("git init")
195
193
  IO.popen(command, err: %i(child out)) if setup_files.any?
196
194
 
197
195
  run_pipenv_command(
198
- %w(pyenv exec pipenv lock)
196
+ "pyenv exec pipenv lock"
199
197
  )
200
198
 
201
199
  result = { lockfile: File.read("Pipfile.lock") }
@@ -232,19 +230,19 @@ module Dependabot
232
230
 
233
231
  def generate_updated_requirements_files
234
232
  req_content = run_pipenv_command(
235
- ["pyenv", "exec", "pipenv", "lock", "-r"]
233
+ "pyenv exec pipenv lock -r"
236
234
  )
237
235
  File.write("req.txt", req_content)
238
236
 
239
237
  dev_req_content = run_pipenv_command(
240
- ["pyenv", "exec", "pipenv", "lock", "-r", "-d"]
238
+ "pyenv exec pipenv lock -r -d"
241
239
  )
242
240
  File.write("dev-req.txt", dev_req_content)
243
241
  end
244
242
 
245
- def run_command(command_parts, env: {})
243
+ def run_command(command, env: {})
246
244
  start = Time.now
247
- command = Shellwords.join(command_parts)
245
+ command = SharedHelpers.escape_command(command)
248
246
  stdout, process = Open3.capture2e(env, command)
249
247
  time_taken = Time.now - start
250
248
 
@@ -262,9 +260,9 @@ module Dependabot
262
260
  )
263
261
  end
264
262
 
265
- def run_pipenv_command(command_parts, env: pipenv_env_variables)
266
- run_command(["pyenv", "local", python_version])
267
- run_command(command_parts, env: env)
263
+ def run_pipenv_command(command, env: pipenv_env_variables)
264
+ run_command("pyenv local #{python_version}")
265
+ run_command(command, env: env)
268
266
  rescue SharedHelpers::HelperSubprocessFailed => error
269
267
  original_error ||= error
270
268
  msg = error.message
@@ -278,8 +276,8 @@ module Dependabot
278
276
  raise relevant_error if python_version.start_with?("2")
279
277
 
280
278
  # Clear the existing virtualenv, so that we use the new Python version
281
- run_command(["pyenv", "local", python_version])
282
- run_command(["pyenv", "exec", "pipenv", "--rm"])
279
+ run_command("pyenv local #{python_version}")
280
+ run_command("pyenv exec pipenv --rm")
283
281
 
284
282
  @python_version = "2.7.16"
285
283
  retry
@@ -323,19 +321,18 @@ module Dependabot
323
321
  def install_required_python
324
322
  # Initialize a git repo to appease pip-tools
325
323
  begin
326
- run_command(%w(git init)) if setup_files.any?
324
+ run_command("git init") if setup_files.any?
327
325
  rescue Dependabot::SharedHelpers::HelperSubprocessFailed
328
326
  nil
329
327
  end
330
328
 
331
- if run_command(%w(pyenv versions)).include?("#{python_version}\n")
329
+ if run_command("pyenv versions").include?("#{python_version}\n")
332
330
  return
333
331
  end
334
332
 
335
333
  requirements_path = NativeHelpers.python_requirements_path
336
- run_command(["pyenv", "install", "-s", python_version])
337
- run_command(["pyenv", "exec", "pip", "install", "-r",
338
- requirements_path])
334
+ run_command("pyenv install -s #{python_version}")
335
+ run_command("pyenv exec pip install -r #{requirements_path}")
339
336
  end
340
337
 
341
338
  def sanitized_setup_file_content(file)
@@ -406,7 +403,7 @@ module Dependabot
406
403
  end
407
404
 
408
405
  def pyenv_versions
409
- @pyenv_versions ||= run_command(["pyenv", "install", "--list"])
406
+ @pyenv_versions ||= run_command("pyenv install --list")
410
407
  end
411
408
 
412
409
  def pipfile_python_requirement
@@ -425,10 +422,8 @@ module Dependabot
425
422
  def pipfile_hash_for(pipfile_content)
426
423
  SharedHelpers.in_a_temporary_directory do |dir|
427
424
  File.write(File.join(dir, "Pipfile"), pipfile_content)
428
- command_parts = ["pyenv", "exec", "python",
429
- NativeHelpers.python_helper_path]
430
425
  SharedHelpers.run_helper_subprocess(
431
- command: Shellwords.join(command_parts),
426
+ command: "pyenv exec python #{NativeHelpers.python_helper_path}",
432
427
  function: "get_pipfile_hash",
433
428
  args: [dir]
434
429
  )
@@ -500,7 +495,7 @@ module Dependabot
500
495
  }
501
496
  end
502
497
  end
498
+ # rubocop:enable Metrics/ClassLength
503
499
  end
504
500
  end
505
501
  end
506
- # rubocop:enable Metrics/ClassLength
data/lib/dependabot/python/file_updater/poetry_file_updater.rb CHANGED
@@ -2,7 +2,6 @@
2
2
 
3
3
  require "toml-rb"
4
4
  require "open3"
5
- require "shellwords"
6
5
  require "dependabot/shared_helpers"
7
6
  require "dependabot/python/version"
8
7
  require "dependabot/python/requirement"
@@ -154,13 +153,13 @@ module Dependabot
154
153
  write_temporary_dependency_files(pyproject_content)
155
154
 
156
155
  if python_version && !pre_installed_python?(python_version)
157
- run_poetry_command(["pyenv", "install", "-s", python_version])
158
- run_poetry_command(["pyenv", "exec", "pip", "install", "-r",
159
- NativeHelpers.python_requirements_path])
156
+ run_poetry_command("pyenv install -s #{python_version}")
157
+ run_poetry_command("pyenv exec pip install -r"\
158
+ "#{NativeHelpers.python_requirements_path}")
160
159
  end
161
160
 
162
161
  run_poetry_command(
163
- ["pyenv", "exec", "poetry", "update", dependency.name, "--lock"]
162
+ "pyenv exec poetry update #{dependency.name} --lock"
164
163
  )
165
164
 
166
165
  return File.read("poetry.lock") if File.exist?("poetry.lock")
@@ -169,9 +168,9 @@ module Dependabot
169
168
  end
170
169
  end
171
170
 
172
- def run_poetry_command(command_parts)
171
+ def run_poetry_command(command)
173
172
  start = Time.now
174
- command = Shellwords.join(command_parts)
173
+ command = SharedHelpers.escape_command(command)
175
174
  stdout, process = Open3.capture2e(command)
176
175
  time_taken = Time.now - start
177
176
 
@@ -232,7 +231,7 @@ module Dependabot
232
231
  end
233
232
 
234
233
  def pyenv_versions
235
- @pyenv_versions ||= run_poetry_command(["pyenv", "install", "--list"])
234
+ @pyenv_versions ||= run_poetry_command("pyenv install --list")
236
235
  end
237
236
 
238
237
  def pre_installed_python?(version)
@@ -242,10 +241,8 @@ module Dependabot
242
241
  def pyproject_hash_for(pyproject_content)
243
242
  SharedHelpers.in_a_temporary_directory do |dir|
244
243
  File.write(File.join(dir, "pyproject.toml"), pyproject_content)
245
- command_parts = ["pyenv", "exec", "python",
246
- NativeHelpers.python_helper_path]
247
244
  SharedHelpers.run_helper_subprocess(
248
- command: Shellwords.join(command_parts),
245
+ command: "pyenv exec python #{NativeHelpers.python_helper_path}",
249
246
  function: "get_pyproject_hash",
250
247
  args: [dir]
251
248
  )
data/lib/dependabot/python/file_updater/requirement_file_updater.rb CHANGED
@@ -1,6 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require "shellwords"
4
3
  require "dependabot/python/requirement_parser"
5
4
  require "dependabot/python/file_updater"
6
5
  require "dependabot/shared_helpers"
@@ -140,10 +139,8 @@ module Dependabot
140
139
  end
141
140
 
142
141
  def package_hashes_for(name:, version:, algorithm:)
143
- command_parts = ["pyenv", "exec", "python",
144
- NativeHelpers.python_helper_path]
145
142
  SharedHelpers.run_helper_subprocess(
146
- command: Shellwords.join(command_parts),
143
+ command: "pyenv exec python #{NativeHelpers.python_helper_path}",
147
144
  function: "get_dependency_hash",
148
145
  args: [name, version, algorithm]
149
146
  ).map { |h| "--hash=#{algorithm}:#{h['hash']}" }
data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb CHANGED
@@ -1,7 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require "open3"
4
- require "shellwords"
5
4
  require "dependabot/python/requirement_parser"
6
5
  require "dependabot/python/file_fetcher"
7
6
  require "dependabot/python/file_parser"
@@ -12,6 +11,7 @@ require "dependabot/python/version"
12
11
  require "dependabot/shared_helpers"
13
12
  require "dependabot/python/native_helpers"
14
13
  require "dependabot/python/python_versions"
14
+
15
15
  module Dependabot
16
16
  module Python
17
17
  class UpdateChecker
@@ -59,14 +59,14 @@ module Dependabot
59
59
  # Shell out to pip-compile.
60
60
  # This is slow, as pip-compile needs to do installs.
61
61
  run_pip_compile_command(
62
- ["pyenv", "exec", "pip-compile", "--allow-unsafe",
63
- "--build-isolation", "-P", dependency.name, filename]
62
+ "pyenv exec pip-compile --allow-unsafe "\
63
+ "--build-isolation -P #{dependency.name} #{filename}"
64
64
  )
65
65
  # Run pip-compile a second time, without an update argument,
66
66
  # to ensure it handles markers correctly
67
67
  run_pip_compile_command(
68
- ["pyenv", "exec", "pip-compile", "--allow-unsafe",
69
- "--build-isolation", filename]
68
+ "pyenv exec pip-compile --allow-unsafe "\
69
+ "--build-isolation #{filename}"
70
70
  )
71
71
 
72
72
  unredact_git_credentials_in_compiled_file(filename)
@@ -162,8 +162,7 @@ module Dependabot
162
162
  write_temporary_dependency_files(unlock_requirement: false)
163
163
 
164
164
  filenames_to_compile.each do |filename|
165
- run_command(["pyenv", "exec", "pip-compile", "--allow-unsafe",
166
- filename])
165
+ run_command("pyenv exec pip-compile --allow-unsafe #{filename}")
167
166
  end
168
167
 
169
168
  true
@@ -181,9 +180,9 @@ module Dependabot
181
180
  end
182
181
  end
183
182
 
184
- def run_command(command_parts, env: python_env)
183
+ def run_command(command, env: python_env)
185
184
  start = Time.now
186
- command = Shellwords.join(command_parts)
185
+ command = SharedHelpers.escape_command(command)
187
186
  stdout, process = Open3.capture2e(env, command)
188
187
  time_taken = Time.now - start
189
188
 
@@ -199,9 +198,9 @@ module Dependabot
199
198
  )
200
199
  end
201
200
 
202
- def run_pip_compile_command(command_parts)
203
- run_command(["pyenv", "local", python_version])
204
- run_command(command_parts)
201
+ def run_pip_compile_command(command)
202
+ run_command("pyenv local #{python_version}")
203
+ run_command(command)
205
204
  rescue SharedHelpers::HelperSubprocessFailed => error
206
205
  original_error ||= error
207
206
  msg = error.message
@@ -271,13 +270,13 @@ module Dependabot
271
270
  end
272
271
 
273
272
  def install_required_python
274
- if run_command(%w(pyenv versions)).include?("#{python_version}\n")
273
+ if run_command("pyenv versions").include?("#{python_version}\n")
275
274
  return
276
275
  end
277
276
 
278
- run_command(["pyenv", "install", "-s", python_version])
279
- run_command(["pyenv", "exec", "pip", "install", "-r",
280
- NativeHelpers.python_requirements_path])
277
+ run_command("pyenv install -s #{python_version}")
278
+ run_command("pyenv exec pip install -r"\
279
+ "#{NativeHelpers.python_requirements_path}")
281
280
  end
282
281
 
283
282
  def sanitized_setup_file_content(file)
@@ -463,7 +462,7 @@ module Dependabot
463
462
  end
464
463
 
465
464
  def pyenv_versions
466
- @pyenv_versions ||= run_command(["pyenv", "install", "--list"])
465
+ @pyenv_versions ||= run_command("pyenv install --list")
467
466
  end
468
467
 
469
468
  def pre_installed_python?(version)
data/lib/dependabot/python/update_checker/pipfile_version_resolver.rb CHANGED
@@ -3,7 +3,6 @@
3
3
  require "excon"
4
4
  require "toml-rb"
5
5
  require "open3"
6
- require "shellwords"
7
6
  require "dependabot/errors"
8
7
  require "dependabot/shared_helpers"
9
8
  require "dependabot/python/file_parser"
@@ -78,9 +77,7 @@ module Dependabot
78
77
  # Whilst calling `lock` avoids doing an install as part of the
79
78
  # pipenv flow, an install is still done by pip-tools in order
80
79
  # to resolve the dependencies. That means this is slow.
81
- run_pipenv_command(
82
- %w(pyenv exec pipenv lock)
83
- )
80
+ run_pipenv_command("pyenv exec pipenv lock")
84
81
 
85
82
  updated_lockfile = JSON.parse(File.read("Pipfile.lock"))
86
83
 
@@ -195,9 +192,7 @@ module Dependabot
195
192
  SharedHelpers.with_git_configured(credentials: credentials) do
196
193
  write_temporary_dependency_files(update_pipfile: false)
197
194
 
198
- run_pipenv_command(
199
- %w(pyenv exec pipenv lock)
200
- )
195
+ run_pipenv_command("pyenv exec pipenv lock")
201
196
 
202
197
  true
203
198
  rescue SharedHelpers::HelperSubprocessFailed => error
@@ -288,19 +283,19 @@ module Dependabot
288
283
  def install_required_python
289
284
  # Initialize a git repo to appease pip-tools
290
285
  begin
291
- run_command(%w(git init)) if setup_files.any?
286
+ run_command("git init") if setup_files.any?
292
287
  rescue Dependabot::SharedHelpers::HelperSubprocessFailed
293
288
  nil
294
289
  end
295
290
 
296
- if run_command(%w(pyenv versions)).include?("#{python_version}\n")
291
+ if run_command("pyenv versions").include?("#{python_version}\n")
297
292
  return
298
293
  end
299
294
 
300
295
  requirements_path = NativeHelpers.python_requirements_path
301
- run_command(["pyenv", "install", "-s", python_version])
302
- run_command(["pyenv", "exec", "pip", "install", "-r",
303
- requirements_path])
296
+ run_command("pyenv install -s #{python_version}")
297
+ run_command("pyenv exec pip install -r "\
298
+ "#{requirements_path}")
304
299
  end
305
300
 
306
301
  def sanitized_setup_file_content(file)
@@ -414,7 +409,7 @@ module Dependabot
414
409
  end
415
410
 
416
411
  def pyenv_versions
417
- @pyenv_versions ||= run_command(["pyenv", "install", "--list"])
412
+ @pyenv_versions ||= run_command("pyenv install --list")
418
413
  end
419
414
 
420
415
  def pipfile_python_requirement
@@ -487,9 +482,9 @@ module Dependabot
487
482
  end
488
483
  end
489
484
 
490
- def run_command(command_parts, env: {})
485
+ def run_command(command, env: {})
491
486
  start = Time.now
492
- command = Shellwords.join(command_parts)
487
+ command = SharedHelpers.escape_command(command)
493
488
  stdout, process = Open3.capture2e(env, command)
494
489
  time_taken = Time.now - start
495
490
 
@@ -505,9 +500,9 @@ module Dependabot
505
500
  )
506
501
  end
507
502
 
508
- def run_pipenv_command(command_parts, env: pipenv_env_variables)
509
- run_command(["pyenv", "local", python_version])
510
- run_command(command_parts, env: env)
503
+ def run_pipenv_command(command, env: pipenv_env_variables)
504
+ run_command("pyenv local #{python_version}")
505
+ run_command(command, env: env)
511
506
  rescue SharedHelpers::HelperSubprocessFailed => error
512
507
  original_error ||= error
513
508
  msg = error.message
@@ -521,8 +516,8 @@ module Dependabot
521
516
  raise relevant_error if python_version.start_with?("2")
522
517
 
523
518
  # Clear the existing virtualenv, so that we use the new Python version
524
- run_command(["pyenv", "local", python_version])
525
- run_command(["pyenv", "exec", "pipenv", "--rm"])
519
+ run_command("pyenv local #{python_version}")
520
+ run_command("pyenv exec pipenv --rm")
526
521
 
527
522
  @python_version = "2.7.16"
528
523
  retry
data/lib/dependabot/python/update_checker/poetry_version_resolver.rb CHANGED
@@ -3,7 +3,6 @@
3
3
  require "excon"
4
4
  require "toml-rb"
5
5
  require "open3"
6
- require "shellwords"
7
6
  require "dependabot/errors"
8
7
  require "dependabot/shared_helpers"
9
8
  require "dependabot/python/file_parser"
@@ -56,15 +55,15 @@ module Dependabot
56
55
  write_temporary_dependency_files
57
56
 
58
57
  if python_version && !pre_installed_python?(python_version)
59
- run_poetry_command(["pyenv", "install", "-s", python_version])
60
- run_poetry_command(["pyenv", "exec", "pip", "install", "-r",
61
- NativeHelpers.python_requirements_path])
58
+ run_poetry_command("pyenv install -s #{python_version}")
59
+ run_poetry_command("pyenv exec pip install -r "\
60
+ "#{NativeHelpers.python_requirements_path}")
62
61
  end
63
62
 
64
63
  # Shell out to Poetry, which handles everything for us.
65
64
  # Using `--lock` avoids doing an install.
66
65
  run_poetry_command(
67
- ["pyenv", "exec", "poetry", "update", dependency.name, "--lock"]
66
+ "pyenv exec poetry update #{dependency.name} --lock"
68
67
  )
69
68
 
70
69
  updated_lockfile =
@@ -106,7 +105,7 @@ module Dependabot
106
105
  write_temporary_dependency_files(update_pyproject: false)
107
106
 
108
107
  run_poetry_command(
109
- ["pyenv", "exec", "poetry", "update", dependency.name, "--lock"]
108
+ "pyenv exec poetry update #{dependency.name} --lock"
110
109
  )
111
110
 
112
111
  true
@@ -176,7 +175,7 @@ module Dependabot
176
175
  end
177
176
 
178
177
  def pyenv_versions
179
- @pyenv_versions ||= run_poetry_command(["pyenv", "install", "--list"])
178
+ @pyenv_versions ||= run_poetry_command("pyenv install --list")
180
179
  end
181
180
 
182
181
  def pre_installed_python?(version)
@@ -312,9 +311,9 @@ module Dependabot
312
311
  dependency_files.find { |f| f.name == ".python-version" }
313
312
  end
314
313
 
315
- def run_poetry_command(command_parts)
314
+ def run_poetry_command(command)
316
315
  start = Time.now
317
- command = Shellwords.join(command_parts)
316
+ command = SharedHelpers.escape_command(command)
318
317
  stdout, process = Open3.capture2e(command)
319
318
  time_taken = Time.now - start
320
319
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.98.20
4
+ version: 0.98.21
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.98.20
19
+ version: 0.98.21
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.98.20
26
+ version: 0.98.21
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement