dependabot-python 0.98.30 → 0.98.31

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/python/authed_url_builder.rb +23 -0
  3. data/lib/dependabot/python/file_updater/pipfile_preparer.rb +2 -1
  4. data/lib/dependabot/python/file_updater/pyproject_preparer.rb +2 -1
  5. data/lib/dependabot/python/metadata_finder.rb +3 -2
  6. data/lib/dependabot/python/update_checker/latest_version_finder.rb +7 -5
  7. data/lib/dependabot/python/update_checker/pipfile_version_resolver.rb +5 -1
  8. data/lib/dependabot/python/update_checker/poetry_version_resolver.rb +5 -1
  9. metadata +4 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: de12aa5fff8598a55962c37fd73ad95554f9322f0c780d77ea7563c145ac4db8
4
- data.tar.gz: 0b942489fd3b4e6d6f7c92657d66cf26cecea1b9d16078f3082e8e0df31d8073
3
+ metadata.gz: 55f2df02a86fe3a817276864b695d703405ef351bb4bd0603d5f312ce77dfd33
4
+ data.tar.gz: c777600045af9242c35cbe00362b55fb564cb118d0eb67f6cb2ba38542a9f607
5
5
  SHA512:
6
- metadata.gz: 48592d3c0b731410126e49e3f2ed35b05b0a3e0c710034b43e267db38435891d52981fe9a7d1ce27885f04068ecdd6beade6bbb5362f16650e25713401dfdf3e
7
- data.tar.gz: c3ec892d6f85db912d4fe1e81602f06e022acb46f1879099e35a2fcb5edb2f0587a1b98ffdf20ea859fcddb2f3029ae089c931396a27ada7462202833550f308
6
+ metadata.gz: 73358ae18269988f15538f36f63816742768dacb98a134ad1cc43639aa805596144f9c5d493a97f40416bf3aa13c67dad618cf7528e59e13f158dd3e313f9280
7
+ data.tar.gz: dc1e97ab3f7427cadc635953124e15ba7cb9115ad68986855163c64ddcb67aec22f66e9a2f7d5bc7eb398e7e753198fdfa4e32d4cccad4b1b48ea9de0fbc6b91
data/lib/dependabot/python/authed_url_builder.rb ADDED
@@ -0,0 +1,23 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Dependabot
4
+ module Python
5
+ class AuthedUrlBuilder
6
+ def self.authed_url(credential:)
7
+ token = credential.fetch("token", nil)
8
+ url = credential.fetch("index-url")
9
+ return url unless token
10
+
11
+ basic_auth_details =
12
+ if token.ascii_only? && token.include?(":") then token
13
+ elsif Base64.decode64(token).ascii_only? &&
14
+ Base64.decode64(token).include?(":")
15
+ Base64.decode64(token)
16
+ else token
17
+ end
18
+
19
+ url.sub("://", "://#{basic_auth_details}@")
20
+ end
21
+ end
22
+ end
23
+ end
data/lib/dependabot/python/file_updater/pipfile_preparer.rb CHANGED
@@ -4,6 +4,7 @@ require "toml-rb"
4
4
 
5
5
  require "dependabot/python/file_parser"
6
6
  require "dependabot/python/file_updater"
7
+ require "dependabot/python/authed_url_builder"
7
8
 
8
9
  module Dependabot
9
10
  module Python
@@ -116,7 +117,7 @@ module Dependabot
116
117
  @config_variable_sources ||=
117
118
  credentials.
118
119
  select { |cred| cred["type"] == "python_index" }.
119
- map { |cred| { "url" => cred["index-url"] } }
120
+ map { |c| { "url" => AuthedUrlBuilder.authed_url(credential: c) } }
120
121
  end
121
122
  end
122
123
  end
data/lib/dependabot/python/file_updater/pyproject_preparer.rb CHANGED
@@ -4,6 +4,7 @@ require "toml-rb"
4
4
 
5
5
  require "dependabot/python/file_parser"
6
6
  require "dependabot/python/file_updater"
7
+ require "dependabot/python/authed_url_builder"
7
8
 
8
9
  module Dependabot
9
10
  module Python
@@ -96,7 +97,7 @@ module Dependabot
96
97
  @config_variable_sources ||=
97
98
  credentials.
98
99
  select { |cred| cred["type"] == "python_index" }.
99
- map { |cred| { "url" => cred["index-url"] } }
100
+ map { |c| { "url" => AuthedUrlBuilder.authed_url(credential: c) } }
100
101
  end
101
102
 
102
103
  def parsed_lockfile
data/lib/dependabot/python/metadata_finder.rb CHANGED
@@ -4,6 +4,7 @@ require "excon"
4
4
  require "dependabot/metadata_finders"
5
5
  require "dependabot/metadata_finders/base"
6
6
  require "dependabot/shared_helpers"
7
+ require "dependabot/python/authed_url_builder"
7
8
 
8
9
  module Dependabot
9
10
  module Python
@@ -149,10 +150,10 @@ module Dependabot
149
150
  credential_urls =
150
151
  credentials.
151
152
  select { |cred| cred["type"] == "python_index" }.
152
- map { |cred| cred["index-url"].gsub(%r{/$}, "") }
153
+ map { |c| AuthedUrlBuilder.authed_url(credential: c) }
153
154
 
154
155
  (credential_urls + [MAIN_PYPI_URL]).map do |base_url|
155
- base_url + "/#{dependency.name}/json"
156
+ base_url.gsub(%r{/$}, "") + "/#{dependency.name}/json"
156
157
  end
157
158
  end
158
159
  end
data/lib/dependabot/python/update_checker/latest_version_finder.rb CHANGED
@@ -4,6 +4,7 @@ require "excon"
4
4
 
5
5
  require "dependabot/python/update_checker"
6
6
  require "dependabot/shared_helpers"
7
+ require "dependabot/python/authed_url_builder"
7
8
 
8
9
  module Dependabot
9
10
  module Python
@@ -194,14 +195,15 @@ module Dependabot
194
195
 
195
196
  index_url_creds = credentials.
196
197
  select { |cred| cred["type"] == "python_index" }
197
- urls[:main] =
198
- index_url_creds.
199
- find { |cred| cred["replaces-base"] }&.
200
- fetch("index-url")
198
+
199
+ if (main_cred = index_url_creds.find { |cred| cred["replaces-base"] })
200
+ urls[:main] = AuthedUrlBuilder.authed_url(credential: main_cred)
201
+ end
202
+
201
203
  urls[:extra] =
202
204
  index_url_creds.
203
205
  reject { |cred| cred["replaces-base"] }.
204
- map { |cred| cred["index-url"] }
206
+ map { |cred| AuthedUrlBuilder.authed_url(credential: cred) }
205
207
 
206
208
  urls
207
209
  end
data/lib/dependabot/python/update_checker/pipfile_version_resolver.rb CHANGED
@@ -12,6 +12,7 @@ require "dependabot/python/update_checker"
12
12
  require "dependabot/python/python_versions"
13
13
  require "dependabot/python/native_helpers"
14
14
  require "dependabot/python/version"
15
+ require "dependabot/python/authed_url_builder"
15
16
 
16
17
  # rubocop:disable Metrics/ClassLength
17
18
  module Dependabot
@@ -555,7 +556,10 @@ module Dependabot
555
556
  @config_variable_sources ||=
556
557
  credentials.
557
558
  select { |cred| cred["type"] == "python_index" }.
558
- map { |h| { "url" => h["index-url"].gsub(%r{/*$}, "") + "/" } }
559
+ map do |h|
560
+ url = AuthedUrlBuilder.authed_url(credential: h)
561
+ { "url" => url.gsub(%r{/*$}, "") + "/" }
562
+ end
559
563
  end
560
564
 
561
565
  def pipfile_sources
data/lib/dependabot/python/update_checker/poetry_version_resolver.rb CHANGED
@@ -12,6 +12,7 @@ require "dependabot/python/version"
12
12
  require "dependabot/python/requirement"
13
13
  require "dependabot/python/native_helpers"
14
14
  require "dependabot/python/python_versions"
15
+ require "dependabot/python/authed_url_builder"
15
16
 
16
17
  # rubocop:disable Metrics/ClassLength
17
18
  module Dependabot
@@ -340,7 +341,10 @@ module Dependabot
340
341
  @config_variable_sources ||=
341
342
  credentials.
342
343
  select { |cred| cred["type"] == "python_index" }.
343
- map { |h| { "url" => h["index-url"].gsub(%r{/*$}, "") + "/" } }
344
+ map do |h|
345
+ url = AuthedUrlBuilder.authed_url(credential: h)
346
+ { "url" => url.gsub(%r{/*$}, "") + "/" }
347
+ end
344
348
  end
345
349
 
346
350
  def pyproject_sources
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.98.30
4
+ version: 0.98.31
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.98.30
19
+ version: 0.98.31
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.98.30
26
+ version: 0.98.31
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -150,6 +150,7 @@ files:
150
150
  - helpers/requirements.txt
151
151
  - helpers/run.py
152
152
  - lib/dependabot/python.rb
153
+ - lib/dependabot/python/authed_url_builder.rb
153
154
  - lib/dependabot/python/file_fetcher.rb
154
155
  - lib/dependabot/python/file_parser.rb
155
156
  - lib/dependabot/python/file_parser/pipfile_files_parser.rb