dependabot-python 0.229.0 → 0.231.0

data/lib/dependabot/python/file_updater/pipfile_manifest_updater.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "dependabot/python/file_updater"
@@ -12,9 +13,9 @@ module Dependabot
         end
 
         def updated_manifest_content
-          dependencies.
-            select { |dep| requirement_changed?(dep) }.
-            reduce(manifest.content.dup) do |content, dep|
+          dependencies
+            .select { |dep| requirement_changed?(dep) }
+            .reduce(manifest.content.dup) do |content, dep|
               updated_content = content
 
               updated_content = update_requirements(
@@ -37,9 +38,9 @@ module Dependabot
 
           # The UpdateChecker ensures the order of requirements is preserved
           # when updating, so we can zip them together in new/old pairs.
-          reqs = dependency.requirements.
-                 zip(dependency.previous_requirements).
-                 reject { |new_req, old_req| new_req == old_req }
+          reqs = dependency.requirements
+                           .zip(dependency.previous_requirements)
+                           .reject { |new_req, old_req| new_req == old_req }
 
           # Loop through each changed requirement
           reqs.each do |new_req, old_req|
@@ -59,8 +60,8 @@ module Dependabot
         end
 
         def update_manifest_req(content:, dep:, old_req:, new_req:)
-          simple_declaration = content.scan(declaration_regex(dep)).
-                               find { |m| m.include?(old_req) }
+          simple_declaration = content.scan(declaration_regex(dep))
+                                      .find { |m| m.include?(old_req) }
 
           if simple_declaration
             simple_declaration_regex =
@@ -70,8 +71,8 @@ module Dependabot
             end
           elsif content.match?(table_declaration_version_regex(dep))
             content.gsub(table_declaration_version_regex(dep)) do |part|
-              line = content.match(table_declaration_version_regex(dep)).
-                     named_captures.fetch("version_declaration")
+              line = content.match(table_declaration_version_regex(dep))
+                            .named_captures.fetch("version_declaration")
               new_line = line.gsub(old_req, new_req)
               part.gsub(line, new_line)
             end

data/lib/dependabot/python/file_updater/pipfile_preparer.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "toml-rb"
@@ -116,9 +117,9 @@ module Dependabot
           if source["url"].include?("${")
             base_url = source["url"].sub(/\${.*}@/, "")
 
-            source_cred = credentials.
-                          select { |cred| cred["type"] == "python_index" }.
-                          find { |c| c["index-url"].sub(/\${.*}@/, "") == base_url }
+            source_cred = credentials
+                          .select { |cred| cred["type"] == "python_index" }
+                          .find { |c| c["index-url"].sub(/\${.*}@/, "") == base_url }
 
             return nil if source_cred.nil?
 

data/lib/dependabot/python/file_updater/poetry_file_updater.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "toml-rb"
@@ -60,17 +61,17 @@ module Dependabot
         end
 
         def updated_pyproject_content
-          dependencies.
-            select { |dep| requirement_changed?(pyproject, dep) }.
-            reduce(pyproject.content.dup) do |content, dep|
+          dependencies
+            .select { |dep| requirement_changed?(pyproject, dep) }
+            .reduce(pyproject.content.dup) do |content, dep|
               updated_requirement =
-                dep.requirements.find { |r| r[:file] == pyproject.name }.
-                fetch(:requirement)
+                dep.requirements.find { |r| r[:file] == pyproject.name }
+                   .fetch(:requirement)
 
               old_req =
-                dep.previous_requirements.
-                find { |r| r[:file] == pyproject.name }.
-                fetch(:requirement)
+                dep.previous_requirements
+                   .find { |r| r[:file] == pyproject.name }
+                   .fetch(:requirement)
 
               declaration_regex = declaration_regex(dep)
               updated_content = if content.match?(declaration_regex)
@@ -122,9 +123,9 @@ module Dependabot
         end
 
         def freeze_other_dependencies(pyproject_content)
-          PyprojectPreparer.
-            new(pyproject_content: pyproject_content, lockfile: lockfile).
-            freeze_top_level_dependencies_except(dependencies)
+          PyprojectPreparer
+            .new(pyproject_content: pyproject_content, lockfile: lockfile)
+            .freeze_top_level_dependencies_except(dependencies)
         end
 
         def freeze_dependencies_being_updated(pyproject_content)
@@ -143,9 +144,9 @@ module Dependabot
         end
 
         def update_python_requirement(pyproject_content)
-          PyprojectPreparer.
-            new(pyproject_content: pyproject_content).
-            update_python_requirement(language_version_manager.python_version)
+          PyprojectPreparer
+            .new(pyproject_content: pyproject_content)
+            .update_python_requirement(language_version_manager.python_version)
         end
 
         def lock_declaration_to_new_version!(poetry_object, dep)
@@ -170,9 +171,9 @@ module Dependabot
         end
 
         def sanitize(pyproject_content)
-          PyprojectPreparer.
-            new(pyproject_content: pyproject_content).
-            sanitize
+          PyprojectPreparer
+            .new(pyproject_content: pyproject_content)
+            .sanitize
         end
 
         def updated_lockfile_content_for(pyproject_content)
@@ -221,9 +222,9 @@ module Dependabot
         end
 
         def add_auth_env_vars
-          Python::FileUpdater::PyprojectPreparer.
-            new(pyproject_content: pyproject.content).
-            add_auth_env_vars(credentials)
+          Python::FileUpdater::PyprojectPreparer
+            .new(pyproject_content: pyproject.content)
+            .add_auth_env_vars(credentials)
         end
 
         def pyproject_hash_for(pyproject_content)
@@ -232,7 +233,7 @@ module Dependabot
               write_temporary_dependency_files(pyproject_content)
 
               SharedHelpers.run_helper_subprocess(
-                command: "pyenv exec python #{python_helper_path}",
+                command: "pyenv exec python3 #{python_helper_path}",
                 function: "get_pyproject_hash",
                 args: [dir]
               )

data/lib/dependabot/python/file_updater/pyproject_preparer.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "toml-rb"
@@ -49,9 +50,9 @@ module Dependabot
 
         def sanitize
           # {{ name }} syntax not allowed
-          pyproject_content.
-            gsub(/\{\{.*?\}\}/, "something").
-            gsub('#{', "{")
+          pyproject_content
+            .gsub(/\{\{.*?\}\}/, "something")
+            .gsub('#{', "{")
         end
 
         # rubocop:disable Metrics/PerceivedComplexity
@@ -103,8 +104,8 @@ module Dependabot
         attr_reader :pyproject_content, :lockfile
 
         def locked_details(dep_name)
-          parsed_lockfile.fetch("package").
-            find { |d| d["name"] == normalise(dep_name) }
+          parsed_lockfile.fetch("package")
+                         .find { |d| d["name"] == normalise(dep_name) }
         end
 
         def normalise(name)

data/lib/dependabot/python/file_updater/requirement_file_updater.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "dependabot/python/requirement_parser"

data/lib/dependabot/python/file_updater/requirement_replacer.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "dependabot/dependency"
@@ -51,8 +52,8 @@ module Dependabot
 
           if add_space_after_operators?
             new_req_string =
-              new_req_string.
-              gsub(/(#{RequirementParser::COMPARISON})\s*(?=\d)/o, '\1 ')
+              new_req_string
+              .gsub(/(#{RequirementParser::COMPARISON})\s*(?=\d)/o, '\1 ')
           end
 
           new_req_string
@@ -62,11 +63,11 @@ module Dependabot
           old_req = old_requirement
           updated_string =
             if old_req
-              original_dependency_declaration_string(old_req).
-                sub(RequirementParser::REQUIREMENTS, updated_requirement_string)
+              original_dependency_declaration_string(old_req)
+                .sub(RequirementParser::REQUIREMENTS, updated_requirement_string)
             else
-              original_dependency_declaration_string(old_req).
-                sub(RequirementParser::NAME_WITH_EXTRAS) do |nm|
+              original_dependency_declaration_string(old_req)
+                .sub(RequirementParser::NAME_WITH_EXTRAS) do |nm|
                   nm + updated_requirement_string
                 end
             end
@@ -84,15 +85,15 @@ module Dependabot
         end
 
         def add_space_after_commas?
-          original_dependency_declaration_string(old_requirement).
-            match(RequirementParser::REQUIREMENTS).
-            to_s.include?(", ")
+          original_dependency_declaration_string(old_requirement)
+            .match(RequirementParser::REQUIREMENTS)
+            .to_s.include?(", ")
         end
 
         def add_space_after_operators?
-          original_dependency_declaration_string(old_requirement).
-            match(RequirementParser::REQUIREMENTS).
-            to_s.match?(/#{RequirementParser::COMPARISON}\s+\d/o)
+          original_dependency_declaration_string(old_requirement)
+            .match(RequirementParser::REQUIREMENTS)
+            .to_s.match?(/#{RequirementParser::COMPARISON}\s+\d/o)
         end
 
         def original_declaration_replacement_regex
@@ -102,16 +103,16 @@ module Dependabot
         end
 
         def requirement_includes_hashes?(requirement)
-          original_dependency_declaration_string(requirement).
-            match?(RequirementParser::HASHES)
+          original_dependency_declaration_string(requirement)
+            .match?(RequirementParser::HASHES)
         end
 
         def hash_algorithm(requirement)
           return unless requirement_includes_hashes?(requirement)
 
-          original_dependency_declaration_string(requirement).
-            match(RequirementParser::HASHES).
-            named_captures.fetch("algorithm")
+          original_dependency_declaration_string(requirement)
+            .match(RequirementParser::HASHES)
+            .named_captures.fetch("algorithm")
         end
 
         def hash_separator(requirement)
@@ -119,22 +120,22 @@ module Dependabot
 
           hash_regex = RequirementParser::HASH
           current_separator =
-            original_dependency_declaration_string(requirement).
-            match(/#{hash_regex}((?<separator>\s*\\?\s*?)#{hash_regex})*/).
-            named_captures.fetch("separator")
+            original_dependency_declaration_string(requirement)
+            .match(/#{hash_regex}((?<separator>\s*\\?\s*?)#{hash_regex})*/)
+            .named_captures.fetch("separator")
 
           default_separator =
-            original_dependency_declaration_string(requirement).
-            match(RequirementParser::HASH).
-            pre_match.match(/(?<separator>\s*\\?\s*?)\z/).
-            named_captures.fetch("separator")
+            original_dependency_declaration_string(requirement)
+            .match(RequirementParser::HASH)
+            .pre_match.match(/(?<separator>\s*\\?\s*?)\z/)
+            .named_captures.fetch("separator")
 
           current_separator || default_separator
         end
 
         def package_hashes_for(name:, version:, algorithm:)
           SharedHelpers.run_helper_subprocess(
-            command: "pyenv exec python #{NativeHelpers.python_helper_path}",
+            command: "pyenv exec python3 #{NativeHelpers.python_helper_path}",
             function: "get_dependency_hash",
             args: [name, version, algorithm]
           ).map { |h| "--hash=#{algorithm}:#{h['hash']}" }
@@ -151,9 +152,9 @@ module Dependabot
             else
               regex = RequirementParser::INSTALL_REQ_WITH_REQUIREMENT
               content.scan(regex) { matches << Regexp.last_match }
-              matches.
-                select { |m| normalise(m[:name]) == dependency_name }.
-                find { |m| requirements_match(m[:requirements], old_req) }
+              matches
+                .select { |m| normalise(m[:name]) == dependency_name }
+                .find { |m| requirements_match(m[:requirements], old_req) }
             end
 
           raise "Declaration not found for #{dependency_name}!" unless dec

data/lib/dependabot/python/file_updater/setup_file_sanitizer.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "dependabot/python/file_updater"
@@ -39,8 +40,8 @@ module Dependabot
         def install_requires_array
           @install_requires_array ||=
             parsed_setup_file.dependencies.filter_map do |dep|
-              next unless dep.requirements.first[:groups].
-                          include?("install_requires")
+              next unless dep.requirements.first[:groups]
+                             .include?("install_requires")
 
               dep.name + dep.requirements.first[:requirement].to_s
             end
@@ -49,8 +50,8 @@ module Dependabot
         def setup_requires_array
           @setup_requires_array ||=
             parsed_setup_file.dependencies.filter_map do |dep|
-              next unless dep.requirements.first[:groups].
-                          include?("setup_requires")
+              next unless dep.requirements.first[:groups]
+                             .include?("setup_requires")
 
               dep.name + dep.requirements.first[:requirement].to_s
             end

data/lib/dependabot/python/file_updater.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "toml-rb"
@@ -49,9 +50,9 @@ module Dependabot
       # rubocop:disable Metrics/PerceivedComplexity
       def resolver_type
         reqs = dependencies.flat_map(&:requirements)
-        changed_reqs = reqs.zip(dependencies.flat_map(&:previous_requirements)).
-                       reject { |(new_req, old_req)| new_req == old_req }.
-                       map(&:first)
+        changed_reqs = reqs.zip(dependencies.flat_map(&:previous_requirements))
+                           .reject { |(new_req, old_req)| new_req == old_req }
+                           .map(&:first)
         changed_req_files = changed_reqs.map { |r| r.fetch(:file) }
 
         # If there are no requirements then this is a sub-dependency. It

data/lib/dependabot/python/helpers.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "time"

data/lib/dependabot/python/language_version_manager.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "dependabot/logger"
@@ -23,7 +24,7 @@ module Dependabot
         return if SharedHelpers.run_shell_command("pyenv versions").include?(" #{python_major_minor}.")
 
         SharedHelpers.run_shell_command(
-          "tar xzf /usr/local/.pyenv/#{python_major_minor}.tar.gz -C /usr/local/.pyenv/"
+          "tar -axf /usr/local/.pyenv/versions/#{python_version}.tar.zst -C /usr/local/.pyenv/versions"
         )
       end
 

data/lib/dependabot/python/metadata_finder.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "excon"
@@ -156,9 +157,9 @@ module Dependabot
 
       def possible_listing_urls
         credential_urls =
-          credentials.
-          select { |cred| cred["type"] == "python_index" }.
-          map { |c| AuthedUrlBuilder.authed_url(credential: c) }
+          credentials
+          .select { |cred| cred["type"] == "python_index" }
+          .map { |c| AuthedUrlBuilder.authed_url(credential: c) }
 
         (credential_urls + [MAIN_PYPI_URL]).map do |base_url|
           base_url.gsub(%r{/$}, "") + "/#{normalised_dependency_name}/json"

data/lib/dependabot/python/name_normaliser.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 module Dependabot

data/lib/dependabot/python/native_helpers.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 module Dependabot

data/lib/dependabot/python/requirement.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "dependabot/utils"
@@ -14,8 +15,8 @@ module Dependabot
         "===" => ->(v, r) { v.to_s == r.to_s }
       )
 
-      quoted = OPS.keys.sort_by(&:length).reverse.
-               map { |k| Regexp.quote(k) }.join("|")
+      quoted = OPS.keys.sort_by(&:length).reverse
+                  .map { |k| Regexp.quote(k) }.join("|")
       version_pattern = Python::Version::VERSION_PATTERN
 
       PATTERN_RAW = "\\s*(#{quoted})?\\s*(#{version_pattern})\\s*".freeze
@@ -133,23 +134,23 @@ module Dependabot
       def convert_wildcard(req_string)
         # NOTE: This isn't perfect. It replaces the "!= 1.0.*" case with
         # "!= 1.0.0". There's no way to model this correctly in Ruby :'(
-        quoted_ops = OPS.keys.sort_by(&:length).reverse.
-                     map { |k| Regexp.quote(k) }.join("|")
-        op = req_string.match(/\A\s*(#{quoted_ops})?/).
-             captures.first.to_s&.strip
+        quoted_ops = OPS.keys.sort_by(&:length).reverse
+                        .map { |k| Regexp.quote(k) }.join("|")
+        op = req_string.match(/\A\s*(#{quoted_ops})?/)
+                       .captures.first.to_s&.strip
         exact_op = ["", "=", "==", "==="].include?(op)
 
-        req_string.strip.
-          split(".").
-          first(req_string.split(".").index { |s| s.include?("*") } + 1).
-          join(".").
-          gsub(/\*(?!$)/, "0").
-          gsub(/\*$/, "0.a").
-          tap { |s| exact_op ? s.gsub!(/^(?<!!)=*/, "~>") : s }
+        req_string.strip
+                  .split(".")
+                  .first(req_string.split(".").index { |s| s.include?("*") } + 1)
+                  .join(".")
+                  .gsub(/\*(?!$)/, "0")
+                  .gsub(/\*$/, "0.a")
+                  .tap { |s| exact_op ? s.gsub!(/^(?<!!)=*/, "~>") : s }
       end
     end
   end
 end
 
-Dependabot::Utils.
-  register_requirement_class("pip", Dependabot::Python::Requirement)
+Dependabot::Utils
+  .register_requirement_class("pip", Dependabot::Python::Requirement)

data/lib/dependabot/python/requirement_parser.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 module Dependabot

data/lib/dependabot/python/update_checker/index_finder.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "dependabot/python/update_checker"
@@ -60,14 +61,14 @@ module Dependabot
           requirements_files.each do |file|
             if file.content.match?(/^--index-url\s+['"]?([^\s'"]+)['"]?/)
               urls[:main] =
-                file.content.match(/^--index-url\s+['"]?([^\s'"]+)['"]?/).
-                captures.first&.strip
+                file.content.match(/^--index-url\s+['"]?([^\s'"]+)['"]?/)
+                    .captures.first&.strip
             end
             urls[:extra] +=
-              file.content.
-              scan(/^--extra-index-url\s+['"]?([^\s'"]+)['"]?/).
-              flatten.
-              map(&:strip)
+              file.content
+                  .scan(/^--extra-index-url\s+['"]?([^\s'"]+)['"]?/)
+                  .flatten
+                  .map(&:strip)
           end
 
           urls
@@ -81,8 +82,8 @@ module Dependabot
           content = pip_conf.content
 
           if content.match?(/^index-url\s*=/x)
-            urls[:main] = content.match(/^index-url\s*=\s*(.+)/).
-                          captures.first
+            urls[:main] = content.match(/^index-url\s*=\s*(.+)/)
+                                 .captures.first
           end
           urls[:extra] += content.scan(/^extra-index-url\s*=(.+)/).flatten
 
@@ -137,17 +138,17 @@ module Dependabot
         def config_variable_index_urls
           urls = { main: nil, extra: [] }
 
-          index_url_creds = credentials.
-                            select { |cred| cred["type"] == "python_index" }
+          index_url_creds = credentials
+                            .select { |cred| cred["type"] == "python_index" }
 
           if (main_cred = index_url_creds.find { |cred| cred["replaces-base"] })
             urls[:main] = AuthedUrlBuilder.authed_url(credential: main_cred)
           end
 
           urls[:extra] =
-            index_url_creds.
-            reject { |cred| cred["replaces-base"] }.
-            map { |cred| AuthedUrlBuilder.authed_url(credential: cred) }
+            index_url_creds
+            .reject { |cred| cred["replaces-base"] }
+            .map { |cred| AuthedUrlBuilder.authed_url(credential: cred) }
 
           urls
         end
@@ -161,16 +162,16 @@ module Dependabot
             [
               config_variable_index_urls[:main],
               *config_variable_index_urls[:extra]
-            ].
-            compact.
-            map { |u| u.strip.gsub(%r{/*$}, "") + "/" }
-
-          regexp = url.
-                   sub(%r{(?<=://).+@}, "").
-                   sub(%r{https?://}, "").
-                   split(ENVIRONMENT_VARIABLE_REGEX).
-                   map { |part| Regexp.quote(part) }.
-                   join(".+")
+            ]
+            .compact
+            .map { |u| u.strip.gsub(%r{/*$}, "") + "/" }
+
+          regexp = url
+                   .sub(%r{(?<=://).+@}, "")
+                   .sub(%r{https?://}, "")
+                   .split(ENVIRONMENT_VARIABLE_REGEX)
+                   .map { |part| Regexp.quote(part) }
+                   .join(".+")
           authed_url = config_variable_urls.find { |u| u.match?(regexp) }
           return authed_url if authed_url
 
@@ -189,9 +190,9 @@ module Dependabot
         end
 
         def credential_for(url)
-          credentials.
-            select { |c| c["type"] == "python_index" }.
-            find do |c|
+          credentials
+            .select { |c| c["type"] == "python_index" }
+            .find do |c|
               cred_url = c.fetch("index-url").gsub(%r{/*$}, "") + "/"
               cred_url.include?(url)
             end

data/lib/dependabot/python/update_checker/latest_version_finder.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "cgi"
@@ -102,8 +103,8 @@ module Dependabot
         end
 
         def filter_ignored_versions(versions_array)
-          filtered = versions_array.
-                     reject { |v| ignore_requirements.any? { |r| r.satisfied_by?(v) } }
+          filtered = versions_array
+                     .reject { |v| ignore_requirements.any? { |r| r.satisfied_by?(v) } }
           if @raise_on_ignored && filter_lower_versions(filtered).empty? && filter_lower_versions(versions_array).any?
             raise Dependabot::AllVersionsIgnored
           end
@@ -122,8 +123,8 @@ module Dependabot
             requirement_class.requirements_array(r.fetch(:requirement))
           end
 
-          versions_array.
-            select { |v| reqs.all? { |r| r.any? { |o| o.satisfied_by?(v) } } }
+          versions_array
+            .select { |v| reqs.all? { |r| r.any? { |o| o.satisfied_by?(v) } } }
         end
 
         def wants_prerelease?
@@ -189,17 +190,17 @@ module Dependabot
         # rubocop:enable Metrics/PerceivedComplexity
 
         def get_version_from_filename(filename)
-          filename.
-            gsub(/#{name_regex}-/i, "").
-            split(/-|\.tar\.|\.zip|\.whl/).
-            first
+          filename
+            .gsub(/#{name_regex}-/i, "")
+            .split(/-|\.tar\.|\.zip|\.whl/)
+            .first
         end
 
         def build_python_requirement_from_link(link)
-          req_string = Nokogiri::XML(link).
-                       at_css("a")&.
-                       attribute("data-requires-python")&.
-                       content
+          req_string = Nokogiri::XML(link)
+                               .at_css("a")
+                       &.attribute("data-requires-python")
+                       &.content
 
           return unless req_string