dependabot-python 0.98.31 → 0.98.32

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/python/file_updater/pipfile_preparer.rb +2 -0
  3. data/lib/dependabot/python/file_updater/pyproject_preparer.rb +2 -0
  4. data/lib/dependabot/python/metadata_finder.rb +2 -0
  5. data/lib/dependabot/python/update_checker/latest_version_finder.rb +2 -0
  6. data/lib/dependabot/python/update_checker/pipfile_version_resolver.rb +2 -22
  7. data/lib/dependabot/python/update_checker/poetry_version_resolver.rb +2 -0
  8. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 55f2df02a86fe3a817276864b695d703405ef351bb4bd0603d5f312ce77dfd33
4
- data.tar.gz: c777600045af9242c35cbe00362b55fb564cb118d0eb67f6cb2ba38542a9f607
3
+ metadata.gz: 57ad32ac040184b8acacabaead63e2e477fad8692627037488964aedc4df6091
4
+ data.tar.gz: 4d940ffdff07e26f8910675777e8047e045d70c75663d69ac71231dc863a390d
5
5
  SHA512:
6
- metadata.gz: 73358ae18269988f15538f36f63816742768dacb98a134ad1cc43639aa805596144f9c5d493a97f40416bf3aa13c67dad618cf7528e59e13f158dd3e313f9280
7
- data.tar.gz: dc1e97ab3f7427cadc635953124e15ba7cb9115ad68986855163c64ddcb67aec22f66e9a2f7d5bc7eb398e7e753198fdfa4e32d4cccad4b1b48ea9de0fbc6b91
6
+ metadata.gz: 204c3fd077c46b617c2a81390f771452a8acdc3aa7cbb137bb69584a517cb7c9efe70a0eaf49bb612bf6036cbca0fb093ee00e0832943b54eb44c89b68164673
7
+ data.tar.gz: d9851b78fe7c2b639237c3378c1437bb0a4deb461c7291d1f4b4a0ec1a1f2c6570d3c300dc5c2e6432736e017b6ba9815ee93e79ef21f384b96b91d24d857852
data/lib/dependabot/python/file_updater/pipfile_preparer.rb CHANGED
@@ -113,6 +113,8 @@ module Dependabot
113
113
  map { |h| h.dup.merge("url" => h["url"].gsub(%r{/*$}, "") + "/") }
114
114
  end
115
115
 
116
+ # Has test that it works without username / password.
117
+ # TODO: Test with proxy
116
118
  def config_variable_sources(credentials)
117
119
  @config_variable_sources ||=
118
120
  credentials.
data/lib/dependabot/python/file_updater/pyproject_preparer.rb CHANGED
@@ -93,6 +93,8 @@ module Dependabot
93
93
  map { |h| h.dup.merge("url" => h["url"].gsub(%r{/*$}, "") + "/") }
94
94
  end
95
95
 
96
+ # Has test that it works without username / password.
97
+ # TODO: Test with proxy
96
98
  def config_variable_sources(credentials)
97
99
  @config_variable_sources ||=
98
100
  credentials.
data/lib/dependabot/python/metadata_finder.rb CHANGED
@@ -146,6 +146,8 @@ module Dependabot
146
146
  @pypi_listing = {} # No listing found
147
147
  end
148
148
 
149
+ # Has test that it works without username / password.
150
+ # TODO: Test with proxy
149
151
  def possible_listing_urls
150
152
  credential_urls =
151
153
  credentials.
data/lib/dependabot/python/update_checker/latest_version_finder.rb CHANGED
@@ -190,6 +190,8 @@ module Dependabot
190
190
  urls
191
191
  end
192
192
 
193
+ # Has test that it works without username / password.
194
+ # TODO: Test with proxy
193
195
  def config_variable_index_urls
194
196
  urls = { main: nil, extra: [] }
195
197
 
data/lib/dependabot/python/update_checker/pipfile_version_resolver.rb CHANGED
@@ -421,10 +421,6 @@ module Dependabot
421
421
  end
422
422
 
423
423
  def check_private_sources_are_reachable
424
- env_sources = pipfile_sources.select { |h| h["url"].include?("${") }
425
-
426
- check_env_sources_included_in_config_variables(env_sources)
427
-
428
424
  sources_to_check =
429
425
  pipfile_sources.reject { |h| h["url"].include?("${") } +
430
426
  config_variable_sources
@@ -534,24 +530,8 @@ module Dependabot
534
530
  error_message.include?('Command "python setup.py egg_info" failed')
535
531
  end
536
532
 
537
- def check_env_sources_included_in_config_variables(env_sources)
538
- config_variable_source_urls =
539
- config_variable_sources.map { |s| s["url"] }
540
-
541
- env_sources.each do |source|
542
- url = source["url"]
543
- known_parts = url.split(/\$\{.*?\}/).reject(&:empty?).compact
544
-
545
- # If the whole URL is an environment variable we can't do a check
546
- next if known_parts.none?
547
-
548
- regex = known_parts.map { |p| Regexp.quote(p) }.join(".*?")
549
- next if config_variable_source_urls.any? { |s| s.match?(regex) }
550
-
551
- raise PrivateSourceAuthenticationFailure, url
552
- end
553
- end
554
-
533
+ # Has test that it works without username / password.
534
+ # TODO: Test with proxy
555
535
  def config_variable_sources
556
536
  @config_variable_sources ||=
557
537
  credentials.
data/lib/dependabot/python/update_checker/poetry_version_resolver.rb CHANGED
@@ -337,6 +337,8 @@ module Dependabot
337
337
  name.downcase.gsub(/[-_.]+/, "-")
338
338
  end
339
339
 
340
+ # Has test that it works without username / password.
341
+ # TODO: Test with proxy
340
342
  def config_variable_sources
341
343
  @config_variable_sources ||=
342
344
  credentials.
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.98.31
4
+ version: 0.98.32
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-03-22 00:00:00.000000000 Z
11
+ date: 2019-03-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.98.31
19
+ version: 0.98.32
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.98.31
26
+ version: 0.98.32
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement