dependabot-python 0.214.0 → 0.216.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 940ed0c4abf7f4d3a496321e4898ba9c123091d6539f86ef54d7ee74dadf3344
-  data.tar.gz: 802abe558f75bc2e98f1b88e93be85fc48f8b71774a1ff37b8ea16311381f587
+  metadata.gz: 62df822653f41408461f72892b9886776c124a195af5569c6af9e3bdf044e93d
+  data.tar.gz: 8cba64f792d1be98900fe5136d549230d5156d487d07150e0356a147402c5ca3
 SHA512:
-  metadata.gz: 523ff39717afd9636f3d2f3115d6953817ab01585e2e218233eb0439a7cc9e5ac620c4b28d429b35256530a32bff6e71a73ffdfd72587ba53c8b10b6a3070175
-  data.tar.gz: a3d05a60ad4d1b08dfe8fed7cdac12384aa49fbb3ad130008bf4748ab710df9b20a8297c99f66e33bd672717b52be32c17434b2ed253fe4bb6556cfc87941b05
+  metadata.gz: d8c60892487b523ca5879fd08f188dfabcd4d9c4ca17b3317accb3558a22a7731f53129616494230cf62138503e7aece5e9b304fe53bbd525e484197fe74f110
+  data.tar.gz: d7cfe8feb5f919ec01521377366c3716954f898361cc666a1df6384afc3389b9e6db9a92dd4c91cd25fa2e043cbd1aa5a71745d7c030a9627f7c434fcfee5731

data/helpers/build

@@ -18,8 +18,8 @@ cp -r \
   "$install_dir"
 
 cd "$install_dir"
-PYENV_VERSION=3.11.0 pyenv exec pip --disable-pip-version-check install --use-pep517 -r "requirements.txt"
-PYENV_VERSION=3.10.8 pyenv exec pip --disable-pip-version-check install --use-pep517 -r "requirements.txt"
-PYENV_VERSION=3.9.15 pyenv exec pip --disable-pip-version-check install --use-pep517 -r "requirements.txt"
-PYENV_VERSION=3.8.15 pyenv exec pip --disable-pip-version-check install --use-pep517 -r "requirements.txt"
-PYENV_VERSION=3.7.15 pyenv exec pip --disable-pip-version-check install --use-pep517 -r "requirements.txt"
+PYENV_VERSION=3.11.3 pyenv exec pip --disable-pip-version-check install --use-pep517 -r "requirements.txt"
+PYENV_VERSION=3.10.11 pyenv exec pip --disable-pip-version-check install --use-pep517 -r "requirements.txt"
+PYENV_VERSION=3.9.16 pyenv exec pip --disable-pip-version-check install --use-pep517 -r "requirements.txt"
+PYENV_VERSION=3.8.16 pyenv exec pip --disable-pip-version-check install --use-pep517 -r "requirements.txt"
+PYENV_VERSION=3.7.16 pyenv exec pip --disable-pip-version-check install --use-pep517 -r "requirements.txt"

data/helpers/build_for_version

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+set -e
+
+if [ -z "$DEPENDABOT_NATIVE_HELPERS_PATH" ]; then
+  echo "Unable to build, DEPENDABOT_NATIVE_HELPERS_PATH is not set"
+  exit 1
+fi
+
+install_dir="$DEPENDABOT_NATIVE_HELPERS_PATH/python"
+mkdir -p "$install_dir"
+
+helpers_dir="$(dirname "${BASH_SOURCE[0]}")"
+cp -r \
+  "$helpers_dir/lib" \
+  "$helpers_dir/run.py" \
+  "$helpers_dir/requirements.txt" \
+  "$install_dir"
+
+cd "$install_dir"
+PYENV_VERSION=$1 pyenv exec pip --disable-pip-version-check install --use-pep517 -r "requirements.txt"

data/helpers/requirements.txt

@@ -1,11 +1,10 @@
-pip>=21.3.1,<22.4.0  # Range maintains py36 support TODO: Review python 3.6 support in April 2023 (eol ubuntu 18.04)
-pip-tools>=6.4.0,<6.10.1  # Range maintains py36 support TODO: Review python 3.6 support in April 2023 (eol ubuntu 18.04)
-flake8==5.0.4
+pip>=21.3.1,<23.1.0  # Range maintains py36 support TODO: Review python 3.6 support in April 2023 (eol ubuntu 18.04)
+pip-tools>=6.4.0,<=6.12.3  # Range maintains py36 support TODO: Review python 3.6 support in April 2023 (eol ubuntu 18.04)
 hashin==0.17.0
 pipenv==2022.4.8
 pipfile==0.0.2
-poetry>=1.1.15,<1.3.0
+poetry>=1.1.15,<1.4.0
 wheel==0.37.1
 
 # Some dependencies will only install if Cython is present
-Cython==0.29.32
+Cython==0.29.34

data/lib/dependabot/python/file_parser/pyproject_files_parser.rb

@@ -48,22 +48,13 @@ module Dependabot
 
           POETRY_DEPENDENCY_TYPES.each do |type|
             deps_hash = parsed_pyproject.dig("tool", "poetry", type) || {}
-
-            deps_hash.each do |name, req|
-              next if normalise(name) == "python"
-
-              requirements = parse_requirements_from(req, type)
-              next if requirements.empty?
-
-              dependencies << Dependency.new(
-                name: normalise(name),
-                version: version_from_lockfile(name),
-                requirements: requirements,
-                package_manager: "pip"
-              )
-            end
+            dependencies += parse_poetry_dependencies(type, deps_hash)
           end
 
+          groups = parsed_pyproject.dig("tool", "poetry", "group") || {}
+          groups.each do |group, group_spec|
+            dependencies += parse_poetry_dependencies(group, group_spec["dependencies"])
+          end
           dependencies
         end
 
@@ -101,6 +92,25 @@ module Dependabot
           dependencies
         end
 
+        def parse_poetry_dependencies(type, deps_hash)
+          dependencies = Dependabot::FileParsers::Base::DependencySet.new
+
+          deps_hash.each do |name, req|
+            next if normalise(name) == "python"
+
+            requirements = parse_requirements_from(req, type)
+            next if requirements.empty?
+
+            dependencies << Dependency.new(
+              name: normalise(name),
+              version: version_from_lockfile(name),
+              requirements: requirements,
+              package_manager: "pip"
+            )
+          end
+          dependencies
+        end
+
         def normalised_name(name, extras)
           NameNormaliser.normalise_including_extras(name, extras)
         end
@@ -108,7 +118,7 @@ module Dependabot
         # @param req can be an Array, Hash or String that represents the constraints for a dependency
         def parse_requirements_from(req, type)
           [req].flatten.compact.filter_map do |requirement|
-            next if requirement.is_a?(Hash) && (UNSUPPORTED_DEPENDENCY_TYPES & requirement.keys).any?
+            next if requirement.is_a?(Hash) && UNSUPPORTED_DEPENDENCY_TYPES.intersect?(requirement.keys)
 
             check_requirements(requirement)
 

data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb

@@ -7,7 +7,7 @@ require "dependabot/python/file_fetcher"
 require "dependabot/python/file_parser/python_requirement_parser"
 require "dependabot/python/file_updater"
 require "dependabot/shared_helpers"
-require "dependabot/python/helpers"
+require "dependabot/python/language_version_manager"
 require "dependabot/python/native_helpers"
 require "dependabot/python/python_versions"
 require "dependabot/python/name_normaliser"
@@ -26,6 +26,7 @@ module Dependabot
         INCOMPATIBLE_VERSIONS_REGEX = /There are incompatible versions in the resolved dependencies:.*\z/m
         WARNINGS = /\s*# WARNING:.*\Z/m
         UNSAFE_NOTE = /\s*# The following packages are considered to be unsafe.*\Z/m
+        RESOLVER_REGEX = /(?<=--resolver=)(\w+)/
 
         attr_reader :dependencies, :dependency_files, :credentials
 
@@ -66,20 +67,30 @@ module Dependabot
         def compile_new_requirement_files
           SharedHelpers.in_a_temporary_directory do
             write_updated_dependency_files
-            Helpers.install_required_python(python_version)
+            language_version_manager.install_required_python
 
             filenames_to_compile.each do |filename|
               # Shell out to pip-compile, generate a new set of requirements.
               # This is slow, as pip-compile needs to do installs.
+              options = pip_compile_options(filename)
+              options_fingerprint = pip_compile_options_fingerprint(options)
+
               name_part = "pyenv exec pip-compile " \
-                          "#{pip_compile_options(filename)} -P " \
+                          "#{options} -P " \
                           "#{dependency.name}"
+              fingerprint_name_part = "pyenv exec pip-compile " \
+                                      "#{options_fingerprint} -P " \
+                                      "<dependency_name>"
+
               version_part = "#{dependency.version} #{filename}"
+              fingerprint_version_part = "<dependency_version> <filename>"
+
               # Don't escape pyenv `dep-name==version` syntax
               run_pip_compile_command(
                 "#{SharedHelpers.escape_command(name_part)}==" \
                 "#{SharedHelpers.escape_command(version_part)}",
-                allow_unsafe_shell_command: true
+                allow_unsafe_shell_command: true,
+                fingerprint: "#{fingerprint_name_part}==#{fingerprint_version_part}"
               )
             end
 
@@ -137,7 +148,7 @@ module Dependabot
           ).updated_dependency_files
         end
 
-        def run_command(cmd, env: python_env, allow_unsafe_shell_command: false)
+        def run_command(cmd, env: python_env, allow_unsafe_shell_command: false, fingerprint:)
           start = Time.now
           command = if allow_unsafe_shell_command
                       cmd
@@ -149,10 +160,6 @@ module Dependabot
 
           return stdout if process.success?
 
-          handle_pip_errors(stdout, command, time_taken, process.to_s)
-        end
-
-        def handle_pip_errors(stdout, command, time_taken, exit_value)
           if stdout.match?(INCOMPATIBLE_VERSIONS_REGEX)
             raise DependencyFileNotResolvable, stdout.match(INCOMPATIBLE_VERSIONS_REGEX)
           end
@@ -161,17 +168,23 @@ module Dependabot
             message: stdout,
             error_context: {
               command: command,
+              fingerprint: fingerprint,
               time_taken: time_taken,
-              process_exit_value: exit_value
+              process_exit_value: process.to_s
             }
           )
         end
 
-        def run_pip_compile_command(command, allow_unsafe_shell_command: false)
-          run_command("pyenv local #{Helpers.python_major_minor(python_version)}")
+        def run_pip_compile_command(command, allow_unsafe_shell_command: false, fingerprint:)
+          run_command(
+            "pyenv local #{language_version_manager.python_major_minor}",
+            fingerprint: "pyenv local <python_major_minor>"
+          )
+
           run_command(
             command,
-            allow_unsafe_shell_command: allow_unsafe_shell_command
+            allow_unsafe_shell_command: allow_unsafe_shell_command,
+            fingerprint: fingerprint
           )
         end
 
@@ -198,7 +211,7 @@ module Dependabot
           end
 
           # Overwrite the .python-version with updated content
-          File.write(".python-version", Helpers.python_major_minor(python_version))
+          File.write(".python-version", language_version_manager.python_major_minor)
 
           setup_files.each do |file|
             path = file.name
@@ -391,6 +404,16 @@ module Dependabot
           current_separator || default_separator
         end
 
+        def pip_compile_options_fingerprint(options)
+          options.sub(
+            /--output-file=\S+/, "--output-file=<output_file>"
+          ).sub(
+            /--index-url=\S+/, "--index-url=<index_url>"
+          ).sub(
+            /--extra-index-url=\S+/, "--extra-index-url=<extra_index_url>"
+          )
+        end
+
         def pip_compile_options(filename)
           options = ["--build-isolation"]
           options += pip_compile_index_options
@@ -419,6 +442,10 @@ module Dependabot
 
           options << "--strip-extras" if requirements_file.content.include?("--strip-extras")
 
+          if (resolver = RESOLVER_REGEX.match(requirements_file.content))
+            options << "--resolver=#{resolver}"
+          end
+
           options
         end
 
@@ -495,9 +522,9 @@ module Dependabot
           while (remaining_filenames = filenames - ordered_filenames).any?
             ordered_filenames +=
               remaining_filenames.
-              select do |fn|
+              reject do |fn|
                 unupdated_reqs = requirement_map[fn] - ordered_filenames
-                (unupdated_reqs & filenames).empty?
+                unupdated_reqs.intersect?(filenames)
               end
           end
 
@@ -523,41 +550,6 @@ module Dependabot
             end
         end
 
-        def python_version
-          @python_version ||=
-            user_specified_python_version ||
-            python_version_matching_imputed_requirements ||
-            PythonVersions::PRE_INSTALLED_PYTHON_VERSIONS.first
-        end
-
-        def user_specified_python_version
-          return unless python_requirement_parser.user_specified_requirements.any?
-
-          user_specified_requirements =
-            python_requirement_parser.user_specified_requirements.
-            map { |r| Python::Requirement.requirements_array(r) }
-          python_version_matching(user_specified_requirements)
-        end
-
-        def python_version_matching_imputed_requirements
-          compiled_file_python_requirement_markers =
-            python_requirement_parser.imputed_requirements.map do |r|
-              Dependabot::Python::Requirement.new(r)
-            end
-          python_version_matching(compiled_file_python_requirement_markers)
-        end
-
-        def python_version_matching(requirements)
-          PythonVersions::SUPPORTED_VERSIONS_TO_ITERATE.find do |version_string|
-            version = Python::Version.new(version_string)
-            requirements.all? do |req|
-              next req.any? { |r| r.satisfied_by?(version) } if req.is_a?(Array)
-
-              req.satisfied_by?(version)
-            end
-          end
-        end
-
         def python_requirement_parser
           @python_requirement_parser ||=
             FileParser::PythonRequirementParser.new(
@@ -565,8 +557,11 @@ module Dependabot
             )
         end
 
-        def pre_installed_python?(version)
-          PythonVersions::PRE_INSTALLED_PYTHON_VERSIONS.include?(version)
+        def language_version_manager
+          @language_version_manager ||=
+            LanguageVersionManager.new(
+              python_requirement_parser: python_requirement_parser
+            )
         end
 
         def setup_files

data/lib/dependabot/python/file_updater/pipfile_file_updater.rb

@@ -6,6 +6,7 @@ require "dependabot/dependency"
 require "dependabot/python/requirement_parser"
 require "dependabot/python/file_parser/python_requirement_parser"
 require "dependabot/python/file_updater"
+require "dependabot/python/language_version_manager"
 require "dependabot/shared_helpers"
 require "dependabot/python/native_helpers"
 require "dependabot/python/name_normaliser"
@@ -146,7 +147,7 @@ module Dependabot
         def update_python_requirement(pipfile_content)
           PipfilePreparer.
             new(pipfile_content: pipfile_content).
-            update_python_requirement(Helpers.python_major_minor(python_version))
+            update_python_requirement(language_version_manager.python_major_minor)
         end
 
         # rubocop:disable Metrics/PerceivedComplexity
@@ -198,10 +199,6 @@ module Dependabot
                 write_temporary_dependency_files(prepared_pipfile_content)
                 install_required_python
 
-                # Initialize a git repo to appease pip-tools
-                command = SharedHelpers.escape_command("git init")
-                IO.popen(command, err: %i(child out)) if setup_files.any?
-
                 run_pipenv_command(
                   "pyenv exec pipenv lock"
                 )
@@ -271,7 +268,7 @@ module Dependabot
         end
 
         def run_pipenv_command(command, env: pipenv_env_variables)
-          run_command("pyenv local #{Helpers.python_major_minor(python_version)}")
+          run_command("pyenv local #{language_version_manager.python_major_minor}")
           run_command(command, env: env)
         end
 
@@ -283,7 +280,7 @@ module Dependabot
           end
 
           # Overwrite the .python-version with updated content
-          File.write(".python-version", Helpers.python_major_minor(python_version))
+          File.write(".python-version", language_version_manager.python_major_minor)
 
           setup_files.each do |file|
             path = file.name
@@ -309,7 +306,7 @@ module Dependabot
             nil
           end
 
-          Helpers.install_required_python(python_version)
+          language_version_manager.install_required_python
         end
 
         def sanitized_setup_file_content(file)
@@ -322,57 +319,6 @@ module Dependabot
             sanitized_content
         end
 
-        def python_version
-          @python_version ||= python_version_from_supported_versions
-        end
-
-        def python_version_from_supported_versions
-          requirement_string =
-            if @using_python_two then "2.7.*"
-            elsif user_specified_python_requirement
-              parts = user_specified_python_requirement.split(".")
-              parts.fill("*", (parts.length)..2).join(".")
-            else
-              PythonVersions::PRE_INSTALLED_PYTHON_VERSIONS.first
-            end
-
-          # Ideally, the requirement is satisfied by a Python version we support
-          requirement =
-            Python::Requirement.requirements_array(requirement_string).first
-          version =
-            PythonVersions::SUPPORTED_VERSIONS_TO_ITERATE.
-            find { |v| requirement.satisfied_by?(Python::Version.new(v)) }
-          return version if version
-
-          # If not, and changing the patch version would fix things, we do that
-          # as the patch version is unlikely to affect resolution
-          requirement =
-            Python::Requirement.new(requirement_string.gsub(/\.\d+$/, ".*"))
-          version =
-            PythonVersions::SUPPORTED_VERSIONS_TO_ITERATE.
-            find { |v| requirement.satisfied_by?(Python::Version.new(v)) }
-          return version if version
-
-          # Otherwise we have to raise, giving details of the Python versions
-          # that Dependabot supports
-          msg = "Dependabot detected the following Python requirement " \
-                "for your project: '#{requirement_string}'.\n\nCurrently, the " \
-                "following Python versions are supported in Dependabot: " \
-                "#{PythonVersions::SUPPORTED_VERSIONS.join(', ')}."
-          raise DependencyFileNotResolvable, msg
-        end
-
-        def user_specified_python_requirement
-          python_requirement_parser.user_specified_requirements.first
-        end
-
-        def python_requirement_parser
-          @python_requirement_parser ||=
-            FileParser::PythonRequirementParser.new(
-              dependency_files: dependency_files
-            )
-        end
-
         def setup_cfg(file)
           dependency_files.find do |f|
             f.name == file.name.sub(/\.py$/, ".cfg")
@@ -400,6 +346,20 @@ module Dependabot
           NameNormaliser.normalise(name)
         end
 
+        def python_requirement_parser
+          @python_requirement_parser ||=
+            FileParser::PythonRequirementParser.new(
+              dependency_files: dependency_files
+            )
+        end
+
+        def language_version_manager
+          @language_version_manager ||=
+            LanguageVersionManager.new(
+              python_requirement_parser: python_requirement_parser
+            )
+        end
+
         def parsed_lockfile
           @parsed_lockfile ||= JSON.parse(lockfile.content)
         end

data/lib/dependabot/python/file_updater/pipfile_preparer.rb

@@ -21,7 +21,7 @@ module Dependabot
           pipfile_object = TomlRB.parse(pipfile_content)
 
           pipfile_object["source"] =
-            pipfile_sources.reject { |h| h["url"].include?("${") } +
+            pipfile_sources.filter_map { |h| sub_auth_url(h, credentials) } +
             config_variable_sources(credentials)
 
           TomlRB.dump(pipfile_object)
@@ -114,6 +114,22 @@ module Dependabot
             map { |h| h.dup.merge("url" => h["url"].gsub(%r{/*$}, "") + "/") }
         end
 
+        def sub_auth_url(source, credentials)
+          if source["url"].include?("${")
+            base_url = source["url"].sub(/\${.*}@/, "")
+
+            source_cred = credentials.
+                          select { |cred| cred["type"] == "python_index" }.
+                          find { |c| c["index-url"].sub(/\${.*}@/, "") == base_url }
+
+            return nil if source_cred.nil?
+
+            source["url"] = AuthedUrlBuilder.authed_url(credential: source_cred)
+          end
+
+          source
+        end
+
         def config_variable_sources(credentials)
           @config_variable_sources ||=
             credentials.

data/lib/dependabot/python/file_updater/poetry_file_updater.rb

@@ -4,7 +4,7 @@ require "toml-rb"
 require "open3"
 require "dependabot/dependency"
 require "dependabot/shared_helpers"
-require "dependabot/python/helpers"
+require "dependabot/python/language_version_manager"
 require "dependabot/python/version"
 require "dependabot/python/requirement"
 require "dependabot/python/python_versions"
@@ -75,10 +75,17 @@ module Dependabot
                 find { |r| r[:file] == pyproject.name }.
                 fetch(:requirement)
 
-              updated_content =
-                content.gsub(declaration_regex(dep)) do |line|
-                  line.gsub(old_req, updated_requirement)
-                end
+              declaration_regex = declaration_regex(dep)
+              updated_content = if content.match?(declaration_regex)
+                                  content.gsub(declaration_regex(dep)) do |match|
+                                    match.gsub(old_req, updated_requirement)
+                                  end
+                                else
+                                  content.gsub(table_declaration_regex(dep)) do |match|
+                                    match.gsub(/(\s*version\s*=\s*["'])#{Regexp.escape(old_req)}/,
+                                               '\1' + updated_requirement)
+                                  end
+                                end
 
               raise "Content did not change!" if content == updated_content
 
@@ -135,7 +142,7 @@ module Dependabot
         def update_python_requirement(pyproject_content)
           PyprojectPreparer.
             new(pyproject_content: pyproject_content).
-            update_python_requirement(Helpers.python_major_minor(python_version))
+            update_python_requirement(language_version_manager.python_major_minor)
         end
 
         def lock_declaration_to_new_version!(poetry_object, dep)
@@ -178,14 +185,14 @@ module Dependabot
               write_temporary_dependency_files(pyproject_content)
               add_auth_env_vars
 
-              Helpers.install_required_python(python_version)
+              language_version_manager.install_required_python
 
               # use system git instead of the pure Python dulwich
-              unless python_version&.start_with?("3.6")
+              unless language_version_manager.python_version&.start_with?("3.6")
                 run_poetry_command("pyenv exec poetry config experimental.system-git-client true")
               end
 
-              run_poetry_command(poetry_update_command)
+              run_poetry_update_command
 
               return File.read("poetry.lock") if File.exist?("poetry.lock")
 
@@ -196,11 +203,14 @@ module Dependabot
 
         # Using `--lock` avoids doing an install.
         # Using `--no-interaction` avoids asking for passwords.
-        def poetry_update_command
-          "pyenv exec poetry update #{dependency.name} --lock --no-interaction"
+        def run_poetry_update_command
+          run_poetry_command(
+            "pyenv exec poetry update #{dependency.name} --lock --no-interaction",
+            fingerprint: "pyenv exec poetry update <dependency_name> --lock --no-interaction"
+          )
         end
 
-        def run_poetry_command(command)
+        def run_poetry_command(command, fingerprint: nil)
           start = Time.now
           command = SharedHelpers.escape_command(command)
           stdout, process = Open3.capture2e(command)
@@ -214,6 +224,7 @@ module Dependabot
             message: stdout,
             error_context: {
               command: command,
+              fingerprint: fingerprint,
               time_taken: time_taken,
               process_exit_value: process.to_s
             }
@@ -228,7 +239,7 @@ module Dependabot
           end
 
           # Overwrite the .python-version with updated content
-          File.write(".python-version", Helpers.python_major_minor(python_version)) if python_version
+          File.write(".python-version", language_version_manager.python_major_minor)
 
           # Overwrite the pyproject with updated content
           File.write("pyproject.toml", pyproject_content)
@@ -240,29 +251,6 @@ module Dependabot
             add_auth_env_vars(credentials)
         end
 
-        def python_version
-          requirements = python_requirement_parser.user_specified_requirements
-          requirements = requirements.
-                         map { |r| Python::Requirement.requirements_array(r) }
-
-          PythonVersions::SUPPORTED_VERSIONS_TO_ITERATE.find do |version|
-            requirements.all? do |reqs|
-              reqs.any? { |r| r.satisfied_by?(Python::Version.new(version)) }
-            end
-          end
-        end
-
-        def python_requirement_parser
-          @python_requirement_parser ||=
-            FileParser::PythonRequirementParser.new(
-              dependency_files: dependency_files
-            )
-        end
-
-        def pre_installed_python?(version)
-          PythonVersions::PRE_INSTALLED_PYTHON_VERSIONS.include?(version)
-        end
-
         def pyproject_hash_for(pyproject_content)
           SharedHelpers.in_a_temporary_directory do |dir|
             SharedHelpers.with_git_configured(credentials: credentials) do
@@ -278,8 +266,15 @@ module Dependabot
         end
 
         def declaration_regex(dep)
-          escaped_name = Regexp.escape(dep.name).gsub("\\-", "[-_.]")
-          /(?:^\s*|["'])#{escaped_name}["']?\s*=.*$/i
+          /(?:^\s*|["'])#{escape(dep)}["']?\s*=.*$/i
+        end
+
+        def table_declaration_regex(dep)
+          /tool\.poetry\.[^\n]+\.#{escape(dep)}\]\n.*?\s*version\s* =.*?\n/m
+        end
+
+        def escape(dep)
+          Regexp.escape(dep.name).gsub("\\-", "[-_.]")
         end
 
         def file_changed?(file)
@@ -303,6 +298,20 @@ module Dependabot
           NameNormaliser.normalise(name)
         end
 
+        def python_requirement_parser
+          @python_requirement_parser ||=
+            FileParser::PythonRequirementParser.new(
+              dependency_files: dependency_files
+            )
+        end
+
+        def language_version_manager
+          @language_version_manager ||=
+            LanguageVersionManager.new(
+              python_requirement_parser: python_requirement_parser
+            )
+        end
+
         def pyproject
           @pyproject ||=
             dependency_files.find { |f| f.name == "pyproject.toml" }