dependabot-conda 0.333.0 → 0.335.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/conda/file_fetcher.rb +8 -27
  3. data/lib/dependabot/conda/file_parser.rb +8 -4
  4. data/lib/dependabot/conda/file_updater.rb +20 -11
  5. data/lib/dependabot/conda/name_normaliser.rb +1 -1
  6. data/lib/dependabot/conda/python_package_classifier.rb +38 -35
  7. data/lib/dependabot/conda/requirement.rb +8 -5
  8. data/lib/dependabot/conda/update_checker/latest_version_finder.rb +9 -3
  9. data/lib/dependabot/conda/update_checker.rb +13 -5
  10. metadata +14 -14
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 5c5cdc8af0c949c55d7b2f6311be2ef46a8f063ddc716e0a4b84807aa192a8e7
4
- data.tar.gz: '09704ba8e8b6d9df2d8d65773f4d09e291911e8996a1203b6e1d69198a3f5588'
3
+ metadata.gz: d4952ee934ae59ce66986d93f3e9d9a1a8b8cc3543e9355ff15bc22cae46fcdd
4
+ data.tar.gz: 3790c5b4f335727d4663f341f5773ce4269b059d3a05dd9864f7763ca81a6407
5
5
  SHA512:
6
- metadata.gz: 11b5c4cc3a4a385c4d33c7501cd7878b049c2f7410acea594be63977c4076bbdefabceecb2756d308542e7199c94c2652f796394cd4139a1e39cfe7829313afa
7
- data.tar.gz: 4bbff4206b04159db91acdb52985b6f606edcd389e842512747a44bd483c36c537f1037cb877067711b7ecbde2f6a7ae15560bed7a8057f5c9b9a1a72fe39324
6
+ metadata.gz: cfe872a568f1bae282f7a0619d1fa5bbf6fda9e77931396591eb192a31e26118b7bb43ca74ffe21248cbd8660c760d2d32aff0b69fcba23f2978d37bd69d71f0
7
+ data.tar.gz: 9c04992ff29c89e02ac7284c523e1937e48ea8ce2a260e9e1c0ca3b7519724789f3b6ba29062dc83c8cbfd1e42396d1a5160bbb4823988b0b921570be68423a6
data/lib/dependabot/conda/file_fetcher.rb CHANGED
@@ -11,10 +11,13 @@ module Dependabot
11
11
  class FileFetcher < Dependabot::FileFetchers::Base
12
12
  extend T::Sig
13
13
 
14
- ENVIRONMENT_FILE_NAMES = T.let(%w(
15
- environment.yml
16
- environment.yaml
17
- ).freeze, T::Array[String])
14
+ ENVIRONMENT_FILE_NAMES = T.let(
15
+ %w(
16
+ environment.yml
17
+ environment.yaml
18
+ ).freeze,
19
+ T::Array[String]
20
+ )
18
21
 
19
22
  sig { override.params(filenames: T::Array[String]).returns(T::Boolean) }
20
23
  def self.required_files_in?(filenames)
@@ -28,29 +31,7 @@ module Dependabot
28
31
 
29
32
  sig { override.returns(T::Array[DependencyFile]) }
30
33
  def fetch_files
31
- unless allow_beta_ecosystems?
32
- raise Dependabot::DependencyFileNotFound.new(
33
- nil,
34
- "Conda support is currently in beta. Set ALLOW_BETA_ECOSYSTEMS=true to enable it."
35
- )
36
- end
37
-
38
- fetched_files = []
39
-
40
- ENVIRONMENT_FILE_NAMES.each do |filename|
41
- environment_file = fetch_file_if_present(filename)
42
- fetched_files << environment_file if environment_file
43
- end
44
-
45
- # If no environment files found, return empty (will cause appropriate error)
46
- return fetched_files if fetched_files.empty?
47
-
48
- # Validate that at least one environment file contains manageable Python packages
49
- fetched_files.each do |file|
50
- return fetched_files if environment_contains_manageable_packages?(file)
51
- end
52
-
53
- raise Dependabot::DependencyFileNotFound, unsupported_environment_message
34
+ []
54
35
  end
55
36
 
56
37
  private
data/lib/dependabot/conda/file_parser.rb CHANGED
@@ -78,8 +78,10 @@ module Dependabot
78
78
  end
79
79
 
80
80
  sig do
81
- params(dependencies: T::Array[T.untyped],
82
- file: Dependabot::DependencyFile).returns(T::Array[Dependabot::Dependency])
81
+ params(
82
+ dependencies: T::Array[T.untyped],
83
+ file: Dependabot::DependencyFile
84
+ ).returns(T::Array[Dependabot::Dependency])
83
85
  end
84
86
  def parse_conda_dependencies(dependencies, file)
85
87
  parsed_dependencies = T.let([], T::Array[Dependabot::Dependency])
@@ -201,8 +203,10 @@ module Dependabot
201
203
  end
202
204
 
203
205
  sig do
204
- params(constraint: T.nilable(String),
205
- file: Dependabot::DependencyFile).returns(T::Array[T::Hash[Symbol, T.untyped]])
206
+ params(
207
+ constraint: T.nilable(String),
208
+ file: Dependabot::DependencyFile
209
+ ).returns(T::Array[T::Hash[Symbol, T.untyped]])
206
210
  end
207
211
  def build_conda_requirements(constraint, file)
208
212
  return [] unless constraint && !constraint.empty?
data/lib/dependabot/conda/file_updater.rb CHANGED
@@ -18,17 +18,26 @@ module Dependabot
18
18
  VERSION_CONSTRAINT_PATTERN = '(\s*[=<>!~]=?\s*[^#\s]\S*(?:\s*,\s*[=<>!~]=?\s*[^#\s]\S*)*)?'
19
19
 
20
20
  # Regex patterns for dependency matching
21
- CONDA_CHANNEL_PATTERN = T.let(lambda do |name|
22
- /^(\s{2,4}-\s+[a-zA-Z0-9_.-]+::)(#{Regexp.escape(name)})#{VERSION_CONSTRAINT_PATTERN}(\s*)(#.*)?$/
23
- end, T.proc.params(arg0: T.untyped).returns(Regexp))
24
-
25
- CONDA_SIMPLE_PATTERN = T.let(lambda do |name|
26
- /^(\s{2,4}-\s+)(#{Regexp.escape(name)})#{VERSION_CONSTRAINT_PATTERN}(\s*)(#.*)?$/
27
- end, T.proc.params(arg0: T.untyped).returns(Regexp))
28
-
29
- PIP_PATTERN = T.let(lambda do |name|
30
- /^(\s{5,}-\s+)(#{Regexp.escape(name)})#{VERSION_CONSTRAINT_PATTERN}(\s*)(#.*)?$/
31
- end, T.proc.params(arg0: T.untyped).returns(Regexp))
21
+ CONDA_CHANNEL_PATTERN = T.let(
22
+ lambda do |name|
23
+ /^(\s{2,4}-\s+[a-zA-Z0-9_.-]+::)(#{Regexp.escape(name)})#{VERSION_CONSTRAINT_PATTERN}(\s*)(#.*)?$/
24
+ end,
25
+ T.proc.params(arg0: T.untyped).returns(Regexp)
26
+ )
27
+
28
+ CONDA_SIMPLE_PATTERN = T.let(
29
+ lambda do |name|
30
+ /^(\s{2,4}-\s+)(#{Regexp.escape(name)})#{VERSION_CONSTRAINT_PATTERN}(\s*)(#.*)?$/
31
+ end,
32
+ T.proc.params(arg0: T.untyped).returns(Regexp)
33
+ )
34
+
35
+ PIP_PATTERN = T.let(
36
+ lambda do |name|
37
+ /^(\s{5,}-\s+)(#{Regexp.escape(name)})#{VERSION_CONSTRAINT_PATTERN}(\s*)(#.*)?$/
38
+ end,
39
+ T.proc.params(arg0: T.untyped).returns(Regexp)
40
+ )
32
41
 
33
42
  sig { override.returns(T::Array[Regexp]) }
34
43
  def self.updated_files_regex
data/lib/dependabot/conda/name_normaliser.rb CHANGED
@@ -1,4 +1,4 @@
1
- # typed: strict
1
+ # typed: strong
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "sorbet-runtime"
data/lib/dependabot/conda/python_package_classifier.rb CHANGED
@@ -9,41 +9,44 @@ module Dependabot
9
9
  extend T::Sig
10
10
 
11
11
  # Known non-Python packages that should be ignored
12
- NON_PYTHON_PATTERNS = T.let([
13
- /^r-/i, # R packages (r-base, r-essentials, etc.)
14
- /^r$/i, # R language itself
15
- /^python$/i, # Python interpreter (conda-specific, not on PyPI)
16
- /^git$/i, # Git version control
17
- /^gcc$/i, # GCC compiler
18
- /^cmake$/i, # CMake build system
19
- /^make$/i, # Make build tool
20
- /^curl$/i, # cURL utility
21
- /^wget$/i, # Wget utility
22
- /^vim$/i, # Vim editor
23
- /^nano$/i, # Nano editor
24
- /^nodejs$/i, # Node.js runtime
25
- /^java$/i, # Java runtime
26
- /^go$/i, # Go language
27
- /^rust$/i, # Rust language
28
- /^julia$/i, # Julia language
29
- /^perl$/i, # Perl language
30
- /^ruby$/i, # Ruby language
31
- # System libraries
32
- /^openssl$/i, # OpenSSL
33
- /^zlib$/i, # zlib compression
34
- /^libffi$/i, # Foreign Function Interface library
35
- /^ncurses$/i, # Terminal control library
36
- /^readline$/i, # Command line editing
37
- # Compiler and build tools
38
- /^_libgcc_mutex$/i,
39
- /^_openmp_mutex$/i,
40
- /^binutils$/i,
41
- /^gxx_linux-64$/i,
42
- # Multimedia libraries
43
- /^ffmpeg$/i, # Video processing
44
- /^opencv$/i, # Computer vision (note: opencv-python is different)
45
- /^imageio$/i # Image I/O (note: imageio python package is different)
46
- ].freeze, T::Array[Regexp])
12
+ NON_PYTHON_PATTERNS = T.let(
13
+ [
14
+ /^r-/i, # R packages (r-base, r-essentials, etc.)
15
+ /^r$/i, # R language itself
16
+ /^python$/i, # Python interpreter (conda-specific, not on PyPI)
17
+ /^git$/i, # Git version control
18
+ /^gcc$/i, # GCC compiler
19
+ /^cmake$/i, # CMake build system
20
+ /^make$/i, # Make build tool
21
+ /^curl$/i, # cURL utility
22
+ /^wget$/i, # Wget utility
23
+ /^vim$/i, # Vim editor
24
+ /^nano$/i, # Nano editor
25
+ /^nodejs$/i, # Node.js runtime
26
+ /^java$/i, # Java runtime
27
+ /^go$/i, # Go language
28
+ /^rust$/i, # Rust language
29
+ /^julia$/i, # Julia language
30
+ /^perl$/i, # Perl language
31
+ /^ruby$/i, # Ruby language
32
+ # System libraries
33
+ /^openssl$/i, # OpenSSL
34
+ /^zlib$/i, # zlib compression
35
+ /^libffi$/i, # Foreign Function Interface library
36
+ /^ncurses$/i, # Terminal control library
37
+ /^readline$/i, # Command line editing
38
+ # Compiler and build tools
39
+ /^_libgcc_mutex$/i,
40
+ /^_openmp_mutex$/i,
41
+ /^binutils$/i,
42
+ /^gxx_linux-64$/i,
43
+ # Multimedia libraries
44
+ /^ffmpeg$/i, # Video processing
45
+ /^opencv$/i, # Computer vision (note: opencv-python is different)
46
+ /^imageio$/i # Image I/O (note: imageio python package is different)
47
+ ].freeze,
48
+ T::Array[Regexp]
49
+ )
47
50
 
48
51
  # Determine if a package name represents a Python package
49
52
  sig { params(package_name: String).returns(T::Boolean) }
data/lib/dependabot/conda/requirement.rb CHANGED
@@ -16,11 +16,14 @@ module Dependabot
16
16
  # pip: ==, >=, >, <, <=, !=, ~=
17
17
 
18
18
  # Support both conda and pip operators
19
- OPS = T.let(OPS.merge(
20
- "=" => ->(v, r) { v == r }, # conda equality
21
- "==" => ->(v, r) { v == r }, # pip equality
22
- "~=" => ->(v, r) { v >= r && v.release < r.bump } # pip compatible release
23
- ), T::Hash[String, T.proc.params(arg0: T.untyped, arg1: T.untyped).returns(T.untyped)])
19
+ OPS = T.let(
20
+ OPS.merge(
21
+ "=" => ->(v, r) { v == r }, # conda equality
22
+ "==" => ->(v, r) { v == r }, # pip equality
23
+ "~=" => ->(v, r) { v >= r && v.release < r.bump } # pip compatible release
24
+ ),
25
+ T::Hash[String, T.proc.params(arg0: T.untyped, arg1: T.untyped).returns(T.untyped)]
26
+ )
24
27
 
25
28
  quoted = OPS.keys.sort_by(&:length).reverse
26
29
  .map { |k| Regexp.quote(k) }.join("|")
data/lib/dependabot/conda/update_checker/latest_version_finder.rb CHANGED
@@ -24,9 +24,15 @@ module Dependabot
24
24
  cooldown_options: T.nilable(Dependabot::Package::ReleaseCooldownOptions)
25
25
  ).void
26
26
  end
27
- def initialize(dependency:, dependency_files:, credentials:,
28
- ignored_versions:, raise_on_ignored:, security_advisories:,
29
- cooldown_options:)
27
+ def initialize(
28
+ dependency:,
29
+ dependency_files:,
30
+ credentials:,
31
+ ignored_versions:,
32
+ raise_on_ignored:,
33
+ security_advisories:,
34
+ cooldown_options:
35
+ )
30
36
  @raise_on_ignored = T.let(raise_on_ignored, T::Boolean)
31
37
  @cooldown_options = T.let(cooldown_options, T.nilable(Dependabot::Package::ReleaseCooldownOptions))
32
38
 
data/lib/dependabot/conda/update_checker.rb CHANGED
@@ -29,11 +29,19 @@ module Dependabot
29
29
  )
30
30
  .void
31
31
  end
32
- def initialize(dependency:, dependency_files:, credentials:,
33
- repo_contents_path: nil, ignored_versions: [],
34
- raise_on_ignored: false, security_advisories: [],
35
- requirements_update_strategy: nil, dependency_group: nil,
36
- update_cooldown: nil, options: {})
32
+ def initialize(
33
+ dependency:,
34
+ dependency_files:,
35
+ credentials:,
36
+ repo_contents_path: nil,
37
+ ignored_versions: [],
38
+ raise_on_ignored: false,
39
+ security_advisories: [],
40
+ requirements_update_strategy: nil,
41
+ dependency_group: nil,
42
+ update_cooldown: nil,
43
+ options: {}
44
+ )
37
45
  super
38
46
  @latest_version = T.let(nil, T.nilable(T.any(String, Dependabot::Version)))
39
47
  @lowest_resolvable_security_fix_version = T.let(nil, T.nilable(Dependabot::Version))
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-conda
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.333.0
4
+ version: 0.335.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -15,28 +15,28 @@ dependencies:
15
15
  requirements:
16
16
  - - '='
17
17
  - !ruby/object:Gem::Version
18
- version: 0.333.0
18
+ version: 0.335.0
19
19
  type: :runtime
20
20
  prerelease: false
21
21
  version_requirements: !ruby/object:Gem::Requirement
22
22
  requirements:
23
23
  - - '='
24
24
  - !ruby/object:Gem::Version
25
- version: 0.333.0
25
+ version: 0.335.0
26
26
  - !ruby/object:Gem::Dependency
27
27
  name: dependabot-python
28
28
  requirement: !ruby/object:Gem::Requirement
29
29
  requirements:
30
30
  - - '='
31
31
  - !ruby/object:Gem::Version
32
- version: 0.333.0
32
+ version: 0.335.0
33
33
  type: :runtime
34
34
  prerelease: false
35
35
  version_requirements: !ruby/object:Gem::Requirement
36
36
  requirements:
37
37
  - - '='
38
38
  - !ruby/object:Gem::Version
39
- version: 0.333.0
39
+ version: 0.335.0
40
40
  - !ruby/object:Gem::Dependency
41
41
  name: debug
42
42
  requirement: !ruby/object:Gem::Requirement
@@ -127,56 +127,56 @@ dependencies:
127
127
  requirements:
128
128
  - - "~>"
129
129
  - !ruby/object:Gem::Version
130
- version: '1.67'
130
+ version: '1.80'
131
131
  type: :development
132
132
  prerelease: false
133
133
  version_requirements: !ruby/object:Gem::Requirement
134
134
  requirements:
135
135
  - - "~>"
136
136
  - !ruby/object:Gem::Version
137
- version: '1.67'
137
+ version: '1.80'
138
138
  - !ruby/object:Gem::Dependency
139
139
  name: rubocop-performance
140
140
  requirement: !ruby/object:Gem::Requirement
141
141
  requirements:
142
142
  - - "~>"
143
143
  - !ruby/object:Gem::Version
144
- version: '1.22'
144
+ version: '1.26'
145
145
  type: :development
146
146
  prerelease: false
147
147
  version_requirements: !ruby/object:Gem::Requirement
148
148
  requirements:
149
149
  - - "~>"
150
150
  - !ruby/object:Gem::Version
151
- version: '1.22'
151
+ version: '1.26'
152
152
  - !ruby/object:Gem::Dependency
153
153
  name: rubocop-rspec
154
154
  requirement: !ruby/object:Gem::Requirement
155
155
  requirements:
156
156
  - - "~>"
157
157
  - !ruby/object:Gem::Version
158
- version: '2.29'
158
+ version: '3.7'
159
159
  type: :development
160
160
  prerelease: false
161
161
  version_requirements: !ruby/object:Gem::Requirement
162
162
  requirements:
163
163
  - - "~>"
164
164
  - !ruby/object:Gem::Version
165
- version: '2.29'
165
+ version: '3.7'
166
166
  - !ruby/object:Gem::Dependency
167
167
  name: rubocop-sorbet
168
168
  requirement: !ruby/object:Gem::Requirement
169
169
  requirements:
170
170
  - - "~>"
171
171
  - !ruby/object:Gem::Version
172
- version: '0.8'
172
+ version: '0.10'
173
173
  type: :development
174
174
  prerelease: false
175
175
  version_requirements: !ruby/object:Gem::Requirement
176
176
  requirements:
177
177
  - - "~>"
178
178
  - !ruby/object:Gem::Version
179
- version: '0.8'
179
+ version: '0.10'
180
180
  - !ruby/object:Gem::Dependency
181
181
  name: simplecov
182
182
  requirement: !ruby/object:Gem::Requirement
@@ -273,7 +273,7 @@ licenses:
273
273
  - MIT
274
274
  metadata:
275
275
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
276
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.333.0
276
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.335.0
277
277
  rdoc_options: []
278
278
  require_paths:
279
279
  - lib