dependabot-uv 0.375.0 → 0.376.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/uv/file_parser.rb +25 -1
- metadata +6 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ffa5301357ed8bc41bd3e7c6340995930729bcb883ff889903799f1ea85af6d0
|
|
4
|
+
data.tar.gz: ed9478cc3ad8de5daa94fa28ecb21e251185ca8fd9343aa58b315aba7487c9c3
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8094326c0920dffde4de036f748cc3f8b5734115eaa3c4ff270f23d3d74252628d362a2f81c24921410b89569a5e32e56478b095a36c24ee6202e38684189c14
|
|
7
|
+
data.tar.gz: f7fca95aef0f444d590beb49a9cf3a7e5bf57d11e14071687e02cac1e33139f6557cd17470faf443d3b9218c57f8e495ba6d1bf76f9ed84e369e4333c1f77590
|
|
@@ -8,6 +8,7 @@ require "dependabot/file_parsers/base"
|
|
|
8
8
|
require "dependabot/file_parsers/base/dependency_set"
|
|
9
9
|
require "dependabot/shared_helpers"
|
|
10
10
|
require "dependabot/uv/requirement"
|
|
11
|
+
require "dependabot/uv/requirement_parser"
|
|
11
12
|
require "dependabot/errors"
|
|
12
13
|
require "dependabot/uv/language"
|
|
13
14
|
require "dependabot/uv/native_helpers"
|
|
@@ -82,7 +83,7 @@ module Dependabot
|
|
|
82
83
|
|
|
83
84
|
setup_python_environment
|
|
84
85
|
|
|
85
|
-
SharedHelpers.run_shell_command(command)
|
|
86
|
+
SharedHelpers.run_shell_command(command, allow_unsafe_shell_command: true)
|
|
86
87
|
end
|
|
87
88
|
end
|
|
88
89
|
|
|
@@ -382,6 +383,7 @@ module Dependabot
|
|
|
382
383
|
def write_temporary_dependency_files
|
|
383
384
|
dependency_files
|
|
384
385
|
.reject { |f| f.name == ".python-version" }
|
|
386
|
+
.reject { |f| skip_for_requirements_parsing?(f) }
|
|
385
387
|
.each do |file|
|
|
386
388
|
path = file.name
|
|
387
389
|
FileUtils.mkdir_p(Pathname.new(path).dirname)
|
|
@@ -389,6 +391,28 @@ module Dependabot
|
|
|
389
391
|
end
|
|
390
392
|
end
|
|
391
393
|
|
|
394
|
+
# The `parse_requirements` Python helper globs every `*.txt` and `*.in`
|
|
395
|
+
# file in the working directory and asks pip to parse each one. Skip
|
|
396
|
+
# writing `.txt`/`.in` support files (e.g. a `LICENSE.txt` pulled in via
|
|
397
|
+
# PEP 621 `project.license.file`) whose contents don't look like a pip
|
|
398
|
+
# requirements file, so they aren't misparsed as requirements.
|
|
399
|
+
sig { params(file: DependencyFile).returns(T::Boolean) }
|
|
400
|
+
def skip_for_requirements_parsing?(file)
|
|
401
|
+
return false unless file.support_file?
|
|
402
|
+
return false unless file.name.end_with?(".txt", ".in")
|
|
403
|
+
|
|
404
|
+
content = file.content
|
|
405
|
+
return false unless content&.valid_encoding?
|
|
406
|
+
return false if File.basename(file.name).match?(/requirements/i)
|
|
407
|
+
|
|
408
|
+
!content.lines.all? do |line|
|
|
409
|
+
stripped = line.strip
|
|
410
|
+
stripped.empty? ||
|
|
411
|
+
stripped.start_with?("#", "-r ", "-c ", "-e ", "--") ||
|
|
412
|
+
line.match?(RequirementParser::VALID_REQ_TXT_REQUIREMENT)
|
|
413
|
+
end
|
|
414
|
+
end
|
|
415
|
+
|
|
392
416
|
sig { params(file: T.untyped).returns(T.untyped) }
|
|
393
417
|
def remove_imports(file)
|
|
394
418
|
return file.content if file.path.end_with?(".tar.gz", ".whl", ".zip")
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-uv
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.376.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,28 +15,28 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.376.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.376.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: dependabot-python
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
29
29
|
requirements:
|
|
30
30
|
- - '='
|
|
31
31
|
- !ruby/object:Gem::Version
|
|
32
|
-
version: 0.
|
|
32
|
+
version: 0.376.0
|
|
33
33
|
type: :runtime
|
|
34
34
|
prerelease: false
|
|
35
35
|
version_requirements: !ruby/object:Gem::Requirement
|
|
36
36
|
requirements:
|
|
37
37
|
- - '='
|
|
38
38
|
- !ruby/object:Gem::Version
|
|
39
|
-
version: 0.
|
|
39
|
+
version: 0.376.0
|
|
40
40
|
- !ruby/object:Gem::Dependency
|
|
41
41
|
name: debug
|
|
42
42
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -301,7 +301,7 @@ licenses:
|
|
|
301
301
|
- MIT
|
|
302
302
|
metadata:
|
|
303
303
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
304
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
304
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.376.0
|
|
305
305
|
rdoc_options: []
|
|
306
306
|
require_paths:
|
|
307
307
|
- lib
|