Merge pull request #115 from nexB/release/v0.9.4

Prepare for release v0.9.4

Author: TG1999

CHANGELOG.rst

@@ -1,10 +1,13 @@
 Changelog
 =========
 
-next-version
-------------
+
+v0.9.4
+------
 
 - Create PyPI cache location in the home directory if a cache directory cannot be made at the project root.
+- Replace packaging with packvers.
+- Prevent duplicated package versions.
 
 
 v0.9.3

requirements.txt

@@ -8,7 +8,7 @@ commoncode==30.2.0
 dparse2==0.7.0
 idna==3.3
 importlib-metadata==4.12.0
-intbitset==3.0.1
+intbitset==3.0.2
 packageurl-python==0.10.0
 packaging==21.3
 packvers==21.5

src/python_inspector/dependencies.py

@@ -50,6 +50,11 @@ def get_extra_data_from_requirements(requirements_file="requirements.txt"):
         yield package_data.extra_data
 
 
+def is_requirement_pinned(requirement: Requirement):
+    specifiers = requirement.specifier
+    return specifiers and len(specifiers) == 1 and next(iter(specifiers)).operator in {"==", "==="}
+
+
 def get_dependency(specifier):
     """
     Return a DependentPackage given a requirement ``specifier`` string.
@@ -63,26 +68,22 @@ def get_dependency(specifier):
 
     requirement = Requirement(requirement_string=specifier)
 
-    # TODO: use new InstallRequirement.from_specifier constructor when available
-    ir = InstallRequirement(
-        req=requirement,
-        requirement_line=specifier,
-    )
-
     scope = "install"
     is_runtime = True
     is_optional = False
 
-    if ir.name:
+    if requirement.name:
         # will be None if not pinned
-        version = ir.get_pinned_version
-        purl = PackageURL(type="pypi", name=ir.name, version=version).to_string()
+        version = None
+        if is_requirement_pinned(requirement):
+            version = str(list(requirement.specifier)[0].version)
+        purl = PackageURL(type="pypi", name=requirement.name, version=version).to_string()
 
     return models.DependentPackage(
         purl=purl,
         scope=scope,
         is_runtime=is_runtime,
         is_optional=is_optional,
-        is_resolved=ir.is_pinned or False,
+        is_resolved=False or is_requirement_pinned(requirement),
         extracted_requirement=specifier,
     )

src/python_inspector/resolve_cli.py

@@ -20,7 +20,7 @@
 
 TRACE = False
 
-__version__ = "0.9.3"
+__version__ = "0.9.4"
 
 DEFAULT_PYTHON_VERSION = "38"
 PYPI_SIMPLE_URL = "https://pypi.org/simple"

tests/data/azure-devops.req-310-expected.json

@@ -2,9 +2,9 @@
   "headers": {
     "tool_name": "python-inspector",
     "tool_homepageurl": "https://github.com/nexB/python-inspector",
-    "tool_version": "0.9.3",
+    "tool_version": "0.9.4",
     "options": [
-      "--requirement /home/jono/nexb/src/python-inspector/tests/data/azure-devops.req.txt",
+      "--requirement /home/tg1999/Desktop/python-inspector-1/tests/data/azure-devops.req.txt",
       "--index-url https://pypi.org/simple",
       "--python-version 310",
       "--operating-system linux",
@@ -17,7 +17,7 @@
   "files": [
     {
       "type": "file",
-      "path": "/home/jono/nexb/src/python-inspector/tests/data/azure-devops.req.txt",
+      "path": "/home/tg1999/Desktop/python-inspector-1/tests/data/azure-devops.req.txt",
       "package_data": [
         {
           "type": "pypi",

tests/data/azure-devops.req-38-expected.json

@@ -2,9 +2,9 @@
   "headers": {
     "tool_name": "python-inspector",
     "tool_homepageurl": "https://github.com/nexB/python-inspector",
-    "tool_version": "0.9.3",
+    "tool_version": "0.9.4",
     "options": [
-      "--requirement /home/jono/nexb/src/python-inspector/tests/data/azure-devops.req.txt",
+      "--requirement /home/tg1999/Desktop/python-inspector-1/tests/data/azure-devops.req.txt",
       "--index-url https://pypi.org/simple",
       "--python-version 38",
       "--operating-system linux",
@@ -17,7 +17,7 @@
   "files": [
     {
       "type": "file",
-      "path": "/home/jono/nexb/src/python-inspector/tests/data/azure-devops.req.txt",
+      "path": "/home/tg1999/Desktop/python-inspector-1/tests/data/azure-devops.req.txt",
       "package_data": [
         {
           "type": "pypi",

tests/data/default-url-expected.json

@@ -2,7 +2,7 @@
   "headers": {
     "tool_name": "python-inspector",
     "tool_homepageurl": "https://github.com/nexB/python-inspector",
-    "tool_version": "0.9.3",
+    "tool_version": "0.9.4",
     "options": [
       "--specifier zipp==3.8.0",
       "--index-url https://pypi.org/simple",

tests/data/environment-marker-test-requirements.txt-expected.json

@@ -2,7 +2,7 @@
   "headers": {
     "tool_name": "python-inspector",
     "tool_homepageurl": "https://github.com/nexB/python-inspector",
-    "tool_version": "0.9.3",
+    "tool_version": "0.9.4",
     "options": [
       "--requirement /home/tg1999/Desktop/python-inspector-1/tests/data/environment-marker-test-requirements.txt",
       "--index-url https://pypi.org/simple",

tests/data/frozen-requirements.txt-expected.json

@@ -2,7 +2,7 @@
   "headers": {
     "tool_name": "python-inspector",
     "tool_homepageurl": "https://github.com/nexB/python-inspector",
-    "tool_version": "0.9.3",
+    "tool_version": "0.9.4",
     "options": [
       "--requirement /home/tg1999/Desktop/python-inspector-1/tests/data/frozen-requirements.txt",
       "--index-url https://pypi.org/simple",

tests/data/insecure-setup-2/setup.py-expected.json

@@ -2,7 +2,7 @@
   "headers": {
     "tool_name": "python-inspector",
     "tool_homepageurl": "https://github.com/nexB/python-inspector",
-    "tool_version": "0.9.3",
+    "tool_version": "0.9.4",
     "options": [
       "--index-url https://pypi.org/simple",
       "--python-version 27",

tests/data/insecure-setup/setup.py-expected.json

@@ -2,7 +2,7 @@
   "headers": {
     "tool_name": "python-inspector",
     "tool_homepageurl": "https://github.com/nexB/python-inspector",
-    "tool_version": "0.9.3",
+    "tool_version": "0.9.4",
     "options": [
       "--requirement /home/tg1999/Desktop/python-inspector-1/tests/data/pdt-requirements.txt",
       "--index-url https://pypi.org/simple",

tests/data/pdt-requirements.txt-expected.json

@@ -2,7 +2,7 @@
   "headers": {
     "tool_name": "python-inspector",
     "tool_homepageurl": "https://github.com/nexB/python-inspector",
-    "tool_version": "0.9.3",
+    "tool_version": "0.9.4",
     "options": [
       "--requirement /home/tg1999/Desktop/python-inspector-1/tests/data/pinned-pdt-requirements.txt",
       "--index-url https://pypi.org/simple",

tests/data/pinned-pdt-requirements.txt-expected.json

@@ -2,7 +2,7 @@
   "headers": {
     "tool_name": "python-inspector",
     "tool_homepageurl": "https://github.com/nexB/python-inspector",
-    "tool_version": "0.9.3",
+    "tool_version": "0.9.4",
     "options": [
       "--requirement /home/tg1999/Desktop/python-inspector-1/tests/data/pinned-requirements.txt",
       "--index-url https://pypi.org/simple",

tests/data/pinned-requirements.txt-expected.json

@@ -2,7 +2,7 @@
   "headers": {
     "tool_name": "python-inspector",
     "tool_homepageurl": "https://github.com/nexB/python-inspector",
-    "tool_version": "0.9.3",
+    "tool_version": "0.9.4",
     "options": [
       "--specifier zipp==3.8.0",
       "--index-url https://pypi.org/simple",

tests/data/prefer-source-expected.json

@@ -2,7 +2,7 @@
   "headers": {
     "tool_name": "python-inspector",
     "tool_homepageurl": "https://github.com/nexB/python-inspector",
-    "tool_version": "0.9.3",
+    "tool_version": "0.9.4",
     "options": [
       "--index-url https://pypi.org/simple",
       "--python-version 27",

tests/data/setup/no-direct-dependencies-setup.py-expected.json

@@ -2,7 +2,7 @@
   "headers": {
     "tool_name": "python-inspector",
     "tool_homepageurl": "https://github.com/nexB/python-inspector",
-    "tool_version": "0.9.3",
+    "tool_version": "0.9.4",
     "options": [
       "--index-url https://pypi.org/simple",
       "--python-version 27",

tests/data/setup/simple-setup.py-expected.json

@@ -2,7 +2,7 @@
   "headers": {
     "tool_name": "python-inspector",
     "tool_homepageurl": "https://github.com/nexB/python-inspector",
-    "tool_version": "0.9.3",
+    "tool_version": "0.9.4",
     "options": [
       "--index-url https://pypi.org/simple",
       "--python-version 27",

tests/data/setup/spdx-setup.py-expected.json

@@ -2,7 +2,7 @@
   "headers": {
     "tool_name": "python-inspector",
     "tool_homepageurl": "https://github.com/nexB/python-inspector",
-    "tool_version": "0.9.3",
+    "tool_version": "0.9.4",
     "options": [
       "--specifier flask",
       "--index-url https://thirdparty.aboutcode.org/pypi/simple/",

tests/data/single-url-except-simple-expected.json

@@ -2,7 +2,7 @@
   "headers": {
     "tool_name": "python-inspector",
     "tool_homepageurl": "https://github.com/nexB/python-inspector",
-    "tool_version": "0.9.3",
+    "tool_version": "0.9.4",
     "options": [
       "--specifier zipp==3.8.0",
       "--index-url https://pypi.org/simple",

tests/data/single-url-expected.json

@@ -2,7 +2,7 @@
   "headers": {
     "tool_name": "python-inspector",
     "tool_homepageurl": "https://github.com/nexB/python-inspector",
-    "tool_version": "0.9.3",
+    "tool_version": "0.9.4",
     "options": [
       "--specifier zipp~=3.8.0",
       "--index-url https://pypi.org/simple",

tests/data/tilde_req-expected.json

@@ -373,7 +373,7 @@ def test_passing_of_json_pdt_and_json_flags():
 def test_version_option():
     options = ["--version"]
     result = run_cli(options=options)
-    assert "0.9.3" in result.output
+    assert "0.9.4" in result.output
 
 
 def test_passing_of_netrc_file_that_does_not_exist():

tests/test_cli.py

@@ -150,8 +150,8 @@ def test_without_supported_wheels():
         "pkg:pypi/[email protected]",
         "pkg:pypi/[email protected]",
         "pkg:pypi/[email protected]",
-        "pkg:pypi/setuptools@65.7.0",
-        "pkg:pypi/txaio@22.2.1",
+        "pkg:pypi/setuptools@66.0.0",
+        "pkg:pypi/txaio@23.1.1",
     ]