dependabot-python 0.98.23 → 0.98.24
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 00bf7e7eced86d3d9da04d2e30bcbb92f0525364864d3629c595c4e5cd56af8c
|
4
|
+
data.tar.gz: 0d47ebf51e6ace9e70d129854fc5675e1df23b635374b99449eb4f9238409d6e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: bc2d0b454b81d1068e18cfa9602a915a883924605d6931475eac9c1eda66d9671b1bf0cc1aa9f1a739a5965f4ba87565926a89657fd8294ff88fca70fb5324ee
|
7
|
+
data.tar.gz: a8af71c1908e76f26e6b5cd550810557398f2982058734ef6a23c19f527086d49b6413ee9bb9841e6e113fadf000ef2b11abfe7a3c721486cf489c51ef752ee3
|
@@ -37,12 +37,12 @@ module Dependabot
|
|
37
37
|
deps_hash = parsed_pyproject.dig("tool", "poetry", type) || {}
|
38
38
|
|
39
39
|
deps_hash.each do |name, req|
|
40
|
-
next if
|
40
|
+
next if normalise(name) == "python"
|
41
41
|
next if req.is_a?(Hash) && req.key?("git")
|
42
42
|
|
43
43
|
dependencies <<
|
44
44
|
Dependency.new(
|
45
|
-
name:
|
45
|
+
name: normalise(name),
|
46
46
|
version: version_from_lockfile(name),
|
47
47
|
requirements: [{
|
48
48
|
requirement: req.is_a?(String) ? req : req["version"],
|
@@ -69,7 +69,7 @@ module Dependabot
|
|
69
69
|
|
70
70
|
dependencies <<
|
71
71
|
Dependency.new(
|
72
|
-
name: details.fetch("name"),
|
72
|
+
name: normalise(details.fetch("name")),
|
73
73
|
version: details.fetch("version"),
|
74
74
|
requirements: [],
|
75
75
|
package_manager: "pip"
|
@@ -83,12 +83,12 @@ module Dependabot
|
|
83
83
|
return unless parsed_lockfile
|
84
84
|
|
85
85
|
parsed_lockfile.fetch("package", []).
|
86
|
-
find { |p| p.fetch("name") ==
|
86
|
+
find { |p| normalise(p.fetch("name")) == normalise(dep_name) }&.
|
87
87
|
fetch("verison", nil)
|
88
88
|
end
|
89
89
|
|
90
90
|
# See https://www.python.org/dev/peps/pep-0503/#normalized-names
|
91
|
-
def
|
91
|
+
def normalise(name)
|
92
92
|
name.downcase.gsub(/[-_.]+/, "-")
|
93
93
|
end
|
94
94
|
|
@@ -84,7 +84,7 @@ module Dependabot
|
|
84
84
|
def fetch_version_from_parsed_lockfile(updated_lockfile)
|
85
85
|
version =
|
86
86
|
updated_lockfile.fetch("package", []).
|
87
|
-
find { |d| d["name"] == dependency.name }&.
|
87
|
+
find { |d| d["name"] && normalise(d["name"]) == dependency.name }&.
|
88
88
|
fetch("version")
|
89
89
|
|
90
90
|
return version unless version.nil? && dependency.top_level?
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-python
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.98.
|
4
|
+
version: 0.98.24
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.98.
|
19
|
+
version: 0.98.24
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.98.
|
26
|
+
version: 0.98.24
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|