dependabot-conda 0.382.0 → 0.383.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/conda/update_checker/requirements_updater.rb +29 -13
  3. data/lib/dependabot/conda/update_checker.rb +5 -7
  4. metadata +6 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e51498462a485932edbd154b6014b6a202b3a0ba82e6ed64660fc047024b8ab1
4
- data.tar.gz: c8528084a32a20de6b9e2233873f25dea6c45ddb8eeaac790af2c5d1dd1c25a8
3
+ metadata.gz: 5f9acad503f7df0d2aa6dca7c9178b12eb40f3154ecdfdbc8c5eefd8ee477f7d
4
+ data.tar.gz: ef4aad9f20ee500a81382df84c103cbea2b16f9beead32ba6cd032da992e11d5
5
5
  SHA512:
6
- metadata.gz: c5d632218a024b6523ca3e4457fffb36d4bbb862eb4523d1346f715b9188385fd381c9053311dcfcec9b33c641d6ad9905201e88d3f2420642e6f839cd1da13f
7
- data.tar.gz: 7c1b20b9e157ef896ef3956a855022c8caf6289a9da9dc77eb83f3f9fa4981d62f6beb0ff9210374881f1c6097815583e07299141a2c8ee8a1ca25c7ead5911b
6
+ metadata.gz: 1b707854c1d7d69a4a85e9e12ca15d4ebdac78e422428aaee40e70b1d07f29ff20985cbbf5fa00e83a479c5cc64dc0530bb26a9f3d87993e2c045efca53e6d77
7
+ data.tar.gz: 0c462bd7b6672c947902f031bed4001eaeea2d78fa199879cd72f4febfd28c7f40fb26ad5813377ad4fd3ec32038e2101ea6984fb8762cdd025c413105c1da20
data/lib/dependabot/conda/update_checker/requirements_updater.rb CHANGED
@@ -2,6 +2,7 @@
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "sorbet-runtime"
5
+ require "dependabot/dependency_requirement"
5
6
  require "dependabot/conda/requirement"
6
7
  require "dependabot/conda/update_checker"
7
8
  require "dependabot/conda/version"
@@ -13,7 +14,7 @@ module Dependabot
13
14
  class RequirementsUpdater
14
15
  extend T::Sig
15
16
 
16
- sig { returns(T::Array[T::Hash[Symbol, T.untyped]]) }
17
+ sig { returns(T::Array[Dependabot::DependencyRequirement]) }
17
18
  attr_reader :requirements
18
19
 
19
20
  sig { returns(Dependabot::RequirementsUpdateStrategy) }
@@ -24,13 +25,16 @@ module Dependabot
24
25
 
25
26
  sig do
26
27
  params(
27
- requirements: T::Array[T::Hash[Symbol, T.untyped]],
28
+ requirements: T::Array[Dependabot::DependencyRequirement],
28
29
  update_strategy: Dependabot::RequirementsUpdateStrategy,
29
30
  latest_resolvable_version: T.nilable(String)
30
31
  ).void
31
32
  end
32
33
  def initialize(requirements:, update_strategy:, latest_resolvable_version:)
33
- @requirements = requirements
34
+ @requirements = T.let(
35
+ requirements.map { |req| Dependabot::DependencyRequirement.create(req) },
36
+ T::Array[Dependabot::DependencyRequirement]
37
+ )
34
38
  @update_strategy = update_strategy
35
39
  @latest_resolvable_version = T.let(
36
40
  (Conda::Version.new(latest_resolvable_version) if latest_resolvable_version),
@@ -38,7 +42,7 @@ module Dependabot
38
42
  )
39
43
  end
40
44
 
41
- sig { returns(T::Array[T::Hash[Symbol, T.untyped]]) }
45
+ sig { returns(T::Array[Dependabot::DependencyRequirement]) }
42
46
  def updated_requirements
43
47
  return requirements if update_strategy.lockfile_only?
44
48
  return requirements unless latest_resolvable_version
@@ -59,14 +63,14 @@ module Dependabot
59
63
 
60
64
  private
61
65
 
62
- sig { params(req: T::Hash[Symbol, T.untyped]).returns(T::Hash[Symbol, T.untyped]) }
66
+ sig { params(req: Dependabot::DependencyRequirement).returns(Dependabot::DependencyRequirement) }
63
67
  def update_requirement_if_needed(req)
64
68
  return req if new_version_satisfies?(req)
65
69
 
66
70
  update_requirement(req)
67
71
  end
68
72
 
69
- sig { params(req: T::Hash[Symbol, T.untyped]).returns(T::Hash[Symbol, T.untyped]) }
73
+ sig { params(req: Dependabot::DependencyRequirement).returns(Dependabot::DependencyRequirement) }
70
74
  def update_requirement(req)
71
75
  return req unless req[:requirement]
72
76
  return req if ["", "*"].include?(req[:requirement])
@@ -74,10 +78,17 @@ module Dependabot
74
78
  requirement_strings = req[:requirement].split(",").map(&:strip)
75
79
  new_req = calculate_updated_requirement(req, requirement_strings)
76
80
 
77
- new_req == :unfixable ? req.merge(requirement: :unfixable) : req.merge(requirement: new_req)
81
+ Dependabot::DependencyRequirement.create(
82
+ new_req == :unfixable ? req.merge(requirement: :unfixable) : req.merge(requirement: new_req)
83
+ )
78
84
  end
79
85
 
80
- sig { params(req: T::Hash[Symbol, T.untyped], requirement_strings: T::Array[String]).returns(T.any(String, Symbol)) }
86
+ sig do
87
+ params(
88
+ req: Dependabot::DependencyRequirement,
89
+ requirement_strings: T::Array[String]
90
+ ).returns(T.any(String, Symbol))
91
+ end
81
92
  def calculate_updated_requirement(req, requirement_strings)
82
93
  # Step 1: Check for equality match first (e.g., "==1.21.0" or bare "1.21.0")
83
94
  return handle_equality_match(requirement_strings) if equality_match?(requirement_strings)
@@ -99,7 +110,12 @@ module Dependabot
99
110
  find_and_update_equality_match(requirement_strings, latest_resolvable_version)
100
111
  end
101
112
 
102
- sig { params(req: T::Hash[Symbol, T.untyped], requirement_strings: T::Array[String]).returns(T.any(String, Symbol)) }
113
+ sig do
114
+ params(
115
+ req: Dependabot::DependencyRequirement,
116
+ requirement_strings: T::Array[String]
117
+ ).returns(T.any(String, Symbol))
118
+ end
103
119
  def handle_range_requirement(req, requirement_strings)
104
120
  # Only skip update if using BumpVersionsIfNecessary strategy and version already satisfies
105
121
  # For BumpVersions strategy, always update to the new version
@@ -111,7 +127,7 @@ module Dependabot
111
127
  update_requirements_range(requirement_strings)
112
128
  end
113
129
 
114
- sig { params(req: T::Hash[Symbol, T.untyped]).returns(T.any(String, Symbol)) }
130
+ sig { params(req: Dependabot::DependencyRequirement).returns(T.any(String, Symbol)) }
115
131
  def handle_single_constraint(req)
116
132
  # Only skip update if using BumpVersionsIfNecessary strategy and version already satisfies
117
133
  # For BumpVersions strategy, always update to the new version
@@ -156,7 +172,7 @@ module Dependabot
156
172
  "#{operator}#{latest_version}"
157
173
  end
158
174
 
159
- sig { params(req: T::Hash[Symbol, T.untyped]).returns(T::Hash[Symbol, T.untyped]) }
175
+ sig { params(req: Dependabot::DependencyRequirement).returns(Dependabot::DependencyRequirement) }
160
176
  def widen_requirement(req)
161
177
  return req unless req[:requirement]
162
178
  return req if ["", "*"].include?(req[:requirement])
@@ -164,10 +180,10 @@ module Dependabot
164
180
  # For WidenRanges, always widen to ensure proper upper bounds
165
181
  # Don't return early even if version satisfies - we want to add/update bounds
166
182
  new_requirement = widen_requirement_string(req[:requirement])
167
- req.merge(requirement: new_requirement)
183
+ Dependabot::DependencyRequirement.create(req.merge(requirement: new_requirement))
168
184
  end
169
185
 
170
- sig { params(req: T::Hash[Symbol, T.untyped]).returns(T::Boolean) }
186
+ sig { params(req: Dependabot::DependencyRequirement).returns(T::Boolean) }
171
187
  def new_version_satisfies?(req)
172
188
  return false unless req[:requirement]
173
189
 
data/lib/dependabot/conda/update_checker.rb CHANGED
@@ -96,13 +96,11 @@ module Dependabot
96
96
 
97
97
  sig { override.returns(T::Array[Dependabot::DependencyRequirement]) }
98
98
  def updated_requirements
99
- wrap_requirements(
100
- RequirementsUpdater.new(
101
- requirements: dependency.requirements,
102
- update_strategy: requirements_update_strategy,
103
- latest_resolvable_version: preferred_resolvable_version&.to_s
104
- ).updated_requirements
105
- )
99
+ RequirementsUpdater.new(
100
+ requirements: dependency.requirements,
101
+ update_strategy: requirements_update_strategy,
102
+ latest_resolvable_version: preferred_resolvable_version&.to_s
103
+ ).updated_requirements
106
104
  end
107
105
 
108
106
  sig { override.returns(Dependabot::RequirementsUpdateStrategy) }
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-conda
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.382.0
4
+ version: 0.383.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -15,28 +15,28 @@ dependencies:
15
15
  requirements:
16
16
  - - '='
17
17
  - !ruby/object:Gem::Version
18
- version: 0.382.0
18
+ version: 0.383.0
19
19
  type: :runtime
20
20
  prerelease: false
21
21
  version_requirements: !ruby/object:Gem::Requirement
22
22
  requirements:
23
23
  - - '='
24
24
  - !ruby/object:Gem::Version
25
- version: 0.382.0
25
+ version: 0.383.0
26
26
  - !ruby/object:Gem::Dependency
27
27
  name: dependabot-python
28
28
  requirement: !ruby/object:Gem::Requirement
29
29
  requirements:
30
30
  - - '='
31
31
  - !ruby/object:Gem::Version
32
- version: 0.382.0
32
+ version: 0.383.0
33
33
  type: :runtime
34
34
  prerelease: false
35
35
  version_requirements: !ruby/object:Gem::Requirement
36
36
  requirements:
37
37
  - - '='
38
38
  - !ruby/object:Gem::Version
39
- version: 0.382.0
39
+ version: 0.383.0
40
40
  - !ruby/object:Gem::Dependency
41
41
  name: debug
42
42
  requirement: !ruby/object:Gem::Requirement
@@ -274,7 +274,7 @@ licenses:
274
274
  - MIT
275
275
  metadata:
276
276
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
277
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.382.0
277
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.383.0
278
278
  rdoc_options: []
279
279
  require_paths:
280
280
  - lib