RubyGems - dependabot-conda - Versions diffs - 0.331.0 → 0.333.0 - Mend

dependabot-conda 0.331.0 → 0.333.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

checksums.yaml +4 -4
data/lib/dependabot/conda/update_checker/latest_version_finder.rb +23 -1
data/lib/dependabot/conda/update_checker.rb +12 -6
metadata +8 -8

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cc19f39b65ce06c34486f5c76beec237b6f8d0b80ec1923a9abb4f65d185fe58
-  data.tar.gz: fbc90795ea5658d1927fe5a962d6d5197d7780f14800e7522229f74cbf2b51ba
+  metadata.gz: 5c5cdc8af0c949c55d7b2f6311be2ef46a8f063ddc716e0a4b84807aa192a8e7
+  data.tar.gz: '09704ba8e8b6d9df2d8d65773f4d09e291911e8996a1203b6e1d69198a3f5588'
 SHA512:
-  metadata.gz: e03d6276d31c07caa4b3f5f78d739a5bb07ec06829dde598a509c6cf28be57a99a02593e45f6d25c11eb97ab452c9b6b1792761f7d32d40382ee28bec622c43e
-  data.tar.gz: a2b1a800a86d9c557294fa2741ccb6b618fc98e4aa7755eff791835c46672ede6458d7336155db95c366b97c3afe38e20b45b391b2b7d6b5c56de2a26ea9d1ab
+  metadata.gz: 11b5c4cc3a4a385c4d33c7501cd7878b049c2f7410acea594be63977c4076bbdefabceecb2756d308542e7199c94c2652f796394cd4139a1e39cfe7829313afa
+  data.tar.gz: 4bbff4206b04159db91acdb52985b6f606edcd389e842512747a44bd483c36c537f1037cb877067711b7ecbde2f6a7ae15560bed7a8057f5c9b9a1a72fe39324

data/lib/dependabot/conda/update_checker/latest_version_finder.rb CHANGED Viewed

@@ -54,7 +54,7 @@ module Dependabot
               credentials: credentials,
               ignored_versions: ignored_versions,
               raise_on_ignored: @raise_on_ignored,
-              security_advisories: security_advisories,
+              security_advisories: python_compatible_security_advisories,
               cooldown_options: @cooldown_options
             ),
             T.nilable(Dependabot::Python::UpdateChecker::LatestVersionFinder)
@@ -81,6 +81,28 @@ module Dependabot
           end
         end
+        sig { returns(T::Array[Dependabot::SecurityAdvisory]) }
+        def python_compatible_security_advisories
+          security_advisories.map do |advisory|
+            # Convert Conda requirements to Python requirements for pip compatibility
+            python_vulnerable_versions = advisory.vulnerable_versions.flat_map do |conda_req|
+              Dependabot::Python::Requirement.requirements_array(conda_req.to_s)
+            end
+            python_safe_versions = advisory.safe_versions.flat_map do |conda_req|
+              Dependabot::Python::Requirement.requirements_array(conda_req.to_s)
+            end
+            # Normalize security advisories to use 'pip' package manager for Python delegation
+            Dependabot::SecurityAdvisory.new(
+              dependency_name: advisory.dependency_name,
+              package_manager: "pip", # Use pip for PyPI compatibility
+              vulnerable_versions: python_vulnerable_versions,
+              safe_versions: python_safe_versions
+            )
+          end
+        end
         sig { params(conda_requirement: T.nilable(String)).returns(T.nilable(String)) }
         def convert_conda_requirement_to_pip(conda_requirement)
           RequirementTranslator.conda_to_pip(conda_requirement)

data/lib/dependabot/conda/update_checker.rb CHANGED Viewed

@@ -25,7 +25,6 @@ module Dependabot
           requirements_update_strategy: T.nilable(Dependabot::RequirementsUpdateStrategy),
           dependency_group: T.nilable(Dependabot::DependencyGroup),
           update_cooldown: T.nilable(Dependabot::Package::ReleaseCooldownOptions),
-          exclude_paths: T.nilable(T::Array[String]),
           options: T::Hash[Symbol, T.untyped]
         )
           .void
@@ -34,7 +33,7 @@ module Dependabot
                      repo_contents_path: nil, ignored_versions: [],
                      raise_on_ignored: false, security_advisories: [],
                      requirements_update_strategy: nil, dependency_group: nil,
-                     update_cooldown: nil, exclude_paths: [], options: {})
+                     update_cooldown: nil, options: {})
         super
         @latest_version = T.let(nil, T.nilable(T.any(String, Dependabot::Version)))
         @lowest_resolvable_security_fix_version = T.let(nil, T.nilable(Dependabot::Version))
@@ -135,19 +134,26 @@ module Dependabot
       def fetch_lowest_resolvable_security_fix_version
         # Delegate to latest_version_finder for security fix resolution
         # This leverages Python ecosystem's security advisory infrastructure
-        latest_version_finder.lowest_security_fix_version
+        fix_version = latest_version_finder.lowest_security_fix_version
+        # If no security fix version is found, fall back to latest_resolvable_version
+        if fix_version.nil?
+          fallback = latest_resolvable_version
+          return fallback.is_a?(String) ? Dependabot::Conda::Version.new(fallback) : fallback
+        end
+        fix_version
       end
       sig { override.returns(T::Boolean) }
       def latest_version_resolvable_with_full_unlock?
-        # For Phase 3, return false as placeholder since we're not doing full dependency resolution
+        # No lock file support for Conda
         false
       end
       sig { override.returns(T::Array[Dependabot::Dependency]) }
       def updated_dependencies_after_full_unlock
-        # For Phase 3, return empty array as placeholder
-        []
+        raise NotImplementedError
       end
       sig { params(requirement_string: String, new_version: String).returns(String) }

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-conda
 version: !ruby/object:Gem::Version
-  version: 0.331.0
+  version: 0.333.0
 platform: ruby
 authors:
 - Dependabot
@@ -15,28 +15,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.331.0
+        version: 0.333.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.331.0
+        version: 0.333.0
 - !ruby/object:Gem::Dependency
   name: dependabot-python
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.331.0
+        version: 0.333.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.331.0
+        version: 0.333.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -225,14 +225,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.18'
+        version: '3.25'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.18'
+        version: '3.25'
 - !ruby/object:Gem::Dependency
   name: webrick
   requirement: !ruby/object:Gem::Requirement
@@ -273,7 +273,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.331.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.333.0
 rdoc_options: []
 require_paths:
 - lib