dependabot-python 0.98.29 → 0.98.30
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: de12aa5fff8598a55962c37fd73ad95554f9322f0c780d77ea7563c145ac4db8
|
|
4
|
+
data.tar.gz: 0b942489fd3b4e6d6f7c92657d66cf26cecea1b9d16078f3082e8e0df31d8073
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 48592d3c0b731410126e49e3f2ed35b05b0a3e0c710034b43e267db38435891d52981fe9a7d1ce27885f04068ecdd6beade6bbb5362f16650e25713401dfdf3e
|
|
7
|
+
data.tar.gz: c3ec892d6f85db912d4fe1e81602f06e022acb46f1879099e35a2fcb5edb2f0587a1b98ffdf20ea859fcddb2f3029ae089c931396a27ada7462202833550f308
|
|
@@ -73,9 +73,9 @@ module Dependabot
|
|
|
73
73
|
# and *aren't* a straight lockfile for the Pipfile
|
|
74
74
|
next if included_in_pipenv_deps?(normalised_name(dep["name"]))
|
|
75
75
|
|
|
76
|
-
# If a requirement has a
|
|
76
|
+
# If a requirement has a `<`, `<=` or '==' marker then updating it is
|
|
77
77
|
# probably blocked. Ignore it.
|
|
78
|
-
next if
|
|
78
|
+
next if blocking_marker?(dep)
|
|
79
79
|
|
|
80
80
|
requirements =
|
|
81
81
|
if lockfile_for_pip_compile_file?(dep["file"]) then []
|
|
@@ -105,6 +105,14 @@ module Dependabot
|
|
|
105
105
|
pipenv_dependencies.dependencies.map(&:name).include?(dep_name)
|
|
106
106
|
end
|
|
107
107
|
|
|
108
|
+
def blocking_marker?(dep)
|
|
109
|
+
return false if dep["markers"].include?(">")
|
|
110
|
+
return true if dep["markers"].include?("<")
|
|
111
|
+
return true if dep["markers"].include?("==")
|
|
112
|
+
|
|
113
|
+
false
|
|
114
|
+
end
|
|
115
|
+
|
|
108
116
|
def setup_file_dependencies
|
|
109
117
|
@setup_file_dependencies ||=
|
|
110
118
|
SetupFileParser.
|
|
@@ -46,25 +46,23 @@ module Dependabot
|
|
|
46
46
|
|
|
47
47
|
def resolver_type
|
|
48
48
|
reqs = dependencies.flat_map(&:requirements)
|
|
49
|
-
|
|
49
|
+
changed_reqs = reqs.zip(dependencies.flat_map(&:previous_requirements)).
|
|
50
|
+
reject { |(new_req, old_req)| new_req == old_req }.
|
|
51
|
+
map(&:first)
|
|
52
|
+
changed_req_files = changed_reqs.map { |r| r.fetch(:file) }
|
|
50
53
|
|
|
51
54
|
# If there are no requirements then this is a sub-dependency. It
|
|
52
55
|
# must come from one of Pipenv, Poetry or pip-tools, and can't come
|
|
53
56
|
# from the first two unless they have a lockfile.
|
|
54
|
-
return subdependency_resolver if
|
|
57
|
+
return subdependency_resolver if changed_reqs.none?
|
|
55
58
|
|
|
56
59
|
# Otherwise, this is a top-level dependency, and we can figure out
|
|
57
60
|
# which resolver to use based on the filename of its requirements
|
|
58
|
-
return :pipfile if
|
|
59
|
-
return :poetry if
|
|
60
|
-
return :pip_compile if
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
# some requirements have changed. Otherwise, this must be a case where
|
|
64
|
-
# we have a requirements.txt *and* some other resolver of which the
|
|
65
|
-
# dependency is a sub-dependency.
|
|
66
|
-
changed_reqs = reqs - dependencies.flat_map(&:previous_requirements)
|
|
67
|
-
changed_reqs.none? ? subdependency_resolver : :requirements
|
|
61
|
+
return :pipfile if changed_req_files.any? { |f| f == "Pipfile" }
|
|
62
|
+
return :poetry if changed_req_files.any? { |f| f == "pyproject.toml" }
|
|
63
|
+
return :pip_compile if changed_req_files.any? { |f| f.end_with?(".in") }
|
|
64
|
+
|
|
65
|
+
:requirements
|
|
68
66
|
end
|
|
69
67
|
|
|
70
68
|
def subdependency_resolver
|
|
@@ -17,7 +17,7 @@ module Dependabot
|
|
|
17
17
|
INSTALL_REQ_WITH_REQUIREMENT =
|
|
18
18
|
/\s*\\?\s*(?<name>#{NAME})
|
|
19
19
|
\s*\\?\s*(\[\s*(?<extras>#{EXTRA}(\s*,\s*#{EXTRA})*)\s*\])?
|
|
20
|
-
\s*\\?\s
|
|
20
|
+
\s*\\?\s*\(?(?<requirements>#{REQUIREMENTS})\)?
|
|
21
21
|
\s*\\?\s*(?<hashes>#{HASHES})?
|
|
22
22
|
\s*#*\s*(?<comment>.+)?
|
|
23
23
|
/x.freeze
|
|
@@ -32,7 +32,7 @@ module Dependabot
|
|
|
32
32
|
VALID_REQ_TXT_REQUIREMENT =
|
|
33
33
|
/^\s*\\?\s*(?<name>#{NAME})
|
|
34
34
|
\s*\\?\s*(\[\s*(?<extras>#{EXTRA}(\s*,\s*#{EXTRA})*)\s*\])?
|
|
35
|
-
\s*\\?\s
|
|
35
|
+
\s*\\?\s*\(?(?<requirements>#{REQUIREMENTS})?\)?
|
|
36
36
|
\s*\\?\s*(?<hashes>#{HASHES})?
|
|
37
37
|
\s*(\#+\s*(?<comment>.*))?$
|
|
38
38
|
/x.freeze
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-python
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.98.
|
|
4
|
+
version: 0.98.30
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.98.
|
|
19
|
+
version: 0.98.30
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.98.
|
|
26
|
+
version: 0.98.30
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|