dependabot-python 0.229.0 → 0.231.0

data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "open3"
@@ -166,8 +167,8 @@ module Dependabot
           end
 
           if error.message.match?(GIT_DEPENDENCY_UNREACHABLE_REGEX)
-            url = error.message.match(GIT_DEPENDENCY_UNREACHABLE_REGEX).
-                  named_captures.fetch("url")
+            url = error.message.match(GIT_DEPENDENCY_UNREACHABLE_REGEX)
+                       .named_captures.fetch("url")
             raise GitDependenciesNotReachable, url
           end
 
@@ -259,9 +260,9 @@ module Dependabot
         end
 
         def pip_compile_index_options
-          credentials.
-            select { |cred| cred["type"] == "python_index" }.
-            map do |cred|
+          credentials
+            .select { |cred| cred["type"] == "python_index" }
+            .map do |cred|
               authed_url = AuthedUrlBuilder.authed_url(credential: cred)
 
               if cred["replaces-base"]
@@ -337,9 +338,9 @@ module Dependabot
           return @sanitized_setup_file_content[file.name] if @sanitized_setup_file_content[file.name]
 
           @sanitized_setup_file_content[file.name] =
-            Python::FileUpdater::SetupFileSanitizer.
-            new(setup_file: file, setup_cfg: setup_cfg(file)).
-            sanitized_content
+            Python::FileUpdater::SetupFileSanitizer
+            .new(setup_file: file, setup_cfg: setup_cfg(file))
+            .sanitized_content
         end
 
         def setup_cfg(file)
@@ -373,9 +374,9 @@ module Dependabot
 
         def filenames_to_compile
           files_from_reqs =
-            dependency.requirements.
-            map { |r| r[:file] }.
-            select { |fn| fn.end_with?(".in") }
+            dependency.requirements
+                      .map { |r| r[:file] }
+                      .select { |fn| fn.end_with?(".in") }
 
           files_from_compiled_files =
             pip_compile_files.map(&:name).select do |fn|
@@ -390,12 +391,12 @@ module Dependabot
 
         def compiled_file_for_filename(filename)
           compiled_file =
-            compiled_files.
-            find { |f| f.content.match?(output_file_regex(filename)) }
+            compiled_files
+            .find { |f| f.content.match?(output_file_regex(filename)) }
 
           compiled_file ||=
-            compiled_files.
-            find { |f| f.name == filename.gsub(/\.in$/, ".txt") }
+            compiled_files
+            .find { |f| f.name == filename.gsub(/\.in$/, ".txt") }
 
           compiled_file
         end
@@ -421,8 +422,8 @@ module Dependabot
 
           while (remaining_filenames = filenames - ordered_filenames).any?
             ordered_filenames +=
-              remaining_filenames.
-              reject do |fn|
+              remaining_filenames
+              .reject do |fn|
                 unupdated_reqs = requirement_map[fn] - ordered_filenames
                 unupdated_reqs.intersect?(filenames)
               end

data/lib/dependabot/python/update_checker/pip_version_resolver.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "dependabot/python/language_version_manager"
@@ -25,13 +26,13 @@ module Dependabot
         end
 
         def latest_resolvable_version_with_no_unlock
-          latest_version_finder.
-            latest_version_with_no_unlock(python_version: language_version_manager.python_version)
+          latest_version_finder
+            .latest_version_with_no_unlock(python_version: language_version_manager.python_version)
         end
 
         def lowest_resolvable_security_fix_version
-          latest_version_finder.
-            lowest_security_fix_version(python_version: language_version_manager.python_version)
+          latest_version_finder
+            .lowest_security_fix_version(python_version: language_version_manager.python_version)
         end
 
         private

data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "excon"
@@ -100,9 +101,9 @@ module Dependabot
             deps = updated_lockfile[group] || {}
 
             version =
-              deps.transform_keys { |k| normalise(k) }.
-              dig(dependency.name, "version")&.
-              gsub(/^==/, "")
+              deps.transform_keys { |k| normalise(k) }
+                  .dig(dependency.name, "version")
+              &.gsub(/^==/, "")
 
             return version
           end
@@ -110,9 +111,9 @@ module Dependabot
           Python::FileParser::DEPENDENCY_GROUP_KEYS.each do |keys|
             deps = updated_lockfile[keys.fetch(:lockfile)] || {}
             version =
-              deps.transform_keys { |k| normalise(k) }.
-              dig(dependency.name, "version")&.
-              gsub(/^==/, "")
+              deps.transform_keys { |k| normalise(k) }
+                  .dig(dependency.name, "version")
+              &.gsub(/^==/, "")
 
             return version if version
           end
@@ -183,14 +184,14 @@ module Dependabot
           end
 
           if error.message.match?(GIT_DEPENDENCY_UNREACHABLE_REGEX)
-            url = error.message.match(GIT_DEPENDENCY_UNREACHABLE_REGEX).
-                  named_captures.fetch("url")
+            url = error.message.match(GIT_DEPENDENCY_UNREACHABLE_REGEX)
+                       .named_captures.fetch("url")
             raise GitDependenciesNotReachable, url
           end
 
           if error.message.match?(GIT_REFERENCE_NOT_FOUND_REGEX)
-            name = error.message.match(GIT_REFERENCE_NOT_FOUND_REGEX).
-                   named_captures.fetch("name")
+            name = error.message.match(GIT_REFERENCE_NOT_FOUND_REGEX)
+                        .named_captures.fetch("name")
             raise GitDependencyReferenceNotFound, name
           end
 
@@ -229,8 +230,8 @@ module Dependabot
 
           if error.message.include?("UnsupportedPythonVersion") &&
              language_version_manager.user_specified_python_version
-            msg = clean_error_message(error.message).
-                  lines.take_while { |l| !l.start_with?("File") }.join.strip
+            msg = clean_error_message(error.message)
+                  .lines.take_while { |l| !l.start_with?("File") }.join.strip
             raise if msg.empty?
 
             raise DependencyFileNotResolvable, msg
@@ -251,9 +252,9 @@ module Dependabot
           # Pipenv outputs a lot of things to STDERR, so we need to clean
           # up the error message
           msg_lines = message.lines
-          msg = msg_lines.
-                take_while { |l| !l.start_with?("During handling of") }.
-                drop_while do |l|
+          msg = msg_lines
+                .take_while { |l| !l.start_with?("During handling of") }
+                .drop_while do |l|
                   next false if l.start_with?("CRITICAL:")
                   next false if l.start_with?("ERROR:")
                   next false if l.start_with?("packaging.specifiers")
@@ -325,9 +326,9 @@ module Dependabot
         def sanitized_setup_file_content(file)
           @sanitized_setup_file_content ||= {}
           @sanitized_setup_file_content[file.name] ||=
-            Python::FileUpdater::SetupFileSanitizer.
-            new(setup_file: file, setup_cfg: setup_cfg(file)).
-            sanitized_content
+            Python::FileUpdater::SetupFileSanitizer
+            .new(setup_file: file, setup_cfg: setup_cfg(file))
+            .sanitized_content
         end
 
         def setup_cfg(file)
@@ -345,15 +346,15 @@ module Dependabot
         end
 
         def freeze_other_dependencies(pipfile_content)
-          Python::FileUpdater::PipfilePreparer.
-            new(pipfile_content: pipfile_content, lockfile: lockfile).
-            freeze_top_level_dependencies_except([dependency])
+          Python::FileUpdater::PipfilePreparer
+            .new(pipfile_content: pipfile_content, lockfile: lockfile)
+            .freeze_top_level_dependencies_except([dependency])
         end
 
         def update_python_requirement(pipfile_content)
-          Python::FileUpdater::PipfilePreparer.
-            new(pipfile_content: pipfile_content).
-            update_python_requirement(language_version_manager.python_major_minor)
+          Python::FileUpdater::PipfilePreparer
+            .new(pipfile_content: pipfile_content)
+            .update_python_requirement(language_version_manager.python_major_minor)
         end
 
         # rubocop:disable Metrics/PerceivedComplexity
@@ -382,19 +383,19 @@ module Dependabot
         def subdep_type?(type)
           return false if dependency.top_level?
 
-          lockfile_type = Python::FileParser::DEPENDENCY_GROUP_KEYS.
-                          find { |i| i.fetch(:pipfile) == type }.
-                          fetch(:lockfile)
+          lockfile_type = Python::FileParser::DEPENDENCY_GROUP_KEYS
+                          .find { |i| i.fetch(:pipfile) == type }
+                          .fetch(:lockfile)
 
-          JSON.parse(lockfile.content).
-            fetch(lockfile_type, {}).
-            keys.any? { |k| normalise(k) == dependency.name }
+          JSON.parse(lockfile.content)
+              .fetch(lockfile_type, {})
+              .keys.any? { |k| normalise(k) == dependency.name }
         end
 
         def add_private_sources(pipfile_content)
-          Python::FileUpdater::PipfilePreparer.
-            new(pipfile_content: pipfile_content).
-            replace_sources(credentials)
+          Python::FileUpdater::PipfilePreparer
+            .new(pipfile_content: pipfile_content)
+            .replace_sources(credentials)
         end
 
         def run_command(command, env: {})

data/lib/dependabot/python/update_checker/poetry_version_resolver.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "excon"
@@ -100,9 +101,9 @@ module Dependabot
 
         def fetch_version_from_parsed_lockfile(updated_lockfile)
           version =
-            updated_lockfile.fetch("package", []).
-            find { |d| d["name"] && normalise(d["name"]) == dependency.name }&.
-            fetch("version")
+            updated_lockfile.fetch("package", [])
+                            .find { |d| d["name"] && normalise(d["name"]) == dependency.name }
+            &.fetch("version")
 
           return version unless version.nil? && dependency.top_level?
 
@@ -116,15 +117,15 @@ module Dependabot
             name = if (url = match.named_captures.fetch("url"))
                      File.basename(URI.parse(url).path)
                    else
-                     message.match(GIT_REFERENCE_NOT_FOUND_REGEX).
-                       named_captures.fetch("name")
+                     message.match(GIT_REFERENCE_NOT_FOUND_REGEX)
+                            .named_captures.fetch("name")
                    end
             raise GitDependencyReferenceNotFound, name
           end
 
           if error.message.match?(GIT_DEPENDENCY_UNREACHABLE_REGEX)
-            url = error.message.match(GIT_DEPENDENCY_UNREACHABLE_REGEX).
-                  named_captures.fetch("url")
+            url = error.message.match(GIT_DEPENDENCY_UNREACHABLE_REGEX)
+                       .named_captures.fetch("url")
             raise GitDependenciesNotReachable, url
           end
 
@@ -199,9 +200,9 @@ module Dependabot
         end
 
         def add_auth_env_vars
-          Python::FileUpdater::PyprojectPreparer.
-            new(pyproject_content: pyproject.content).
-            add_auth_env_vars(credentials)
+          Python::FileUpdater::PyprojectPreparer
+            .new(pyproject_content: pyproject.content)
+            .add_auth_env_vars(credentials)
         end
 
         def updated_pyproject_content(updated_requirement:)
@@ -221,21 +222,21 @@ module Dependabot
         end
 
         def sanitize_pyproject_content(pyproject_content)
-          Python::FileUpdater::PyprojectPreparer.
-            new(pyproject_content: pyproject_content).
-            sanitize
+          Python::FileUpdater::PyprojectPreparer
+            .new(pyproject_content: pyproject_content)
+            .sanitize
         end
 
         def update_python_requirement(pyproject_content)
-          Python::FileUpdater::PyprojectPreparer.
-            new(pyproject_content: pyproject_content).
-            update_python_requirement(language_version_manager.python_version)
+          Python::FileUpdater::PyprojectPreparer
+            .new(pyproject_content: pyproject_content)
+            .update_python_requirement(language_version_manager.python_version)
         end
 
         def freeze_other_dependencies(pyproject_content)
-          Python::FileUpdater::PyprojectPreparer.
-            new(pyproject_content: pyproject_content, lockfile: lockfile).
-            freeze_top_level_dependencies_except([dependency])
+          Python::FileUpdater::PyprojectPreparer
+            .new(pyproject_content: pyproject_content, lockfile: lockfile)
+            .freeze_top_level_dependencies_except([dependency])
         end
 
         def set_target_dependency_req(pyproject_content, updated_requirement)

data/lib/dependabot/python/update_checker/requirements_updater.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "dependabot/python/requirement_parser"
@@ -142,8 +143,8 @@ module Dependabot
         end
 
         def add_new_requirement_option(req_string)
-          option_to_copy = req_string.split(PYPROJECT_OR_SEPARATOR).last.
-                           split(PYPROJECT_SEPARATOR).first.strip
+          option_to_copy = req_string.split(PYPROJECT_OR_SEPARATOR).last
+                                     .split(PYPROJECT_SEPARATOR).first.strip
           operator       = option_to_copy.gsub(/\d.*/, "").strip
 
           new_option =
@@ -174,8 +175,8 @@ module Dependabot
                 requirement_strings.any? { |r| r.include?("*") }
             # If a compatibility operator is being used, widen its
             # range to include the new version
-            v_req = requirement_strings.
-                    find { |r| r.start_with?("~", "^") || r.include?("*") }
+            v_req = requirement_strings
+                    .find { |r| r.start_with?("~", "^") || r.include?("*") }
             convert_to_range(v_req, latest_resolvable_version)
           else
             # Otherwise we have a range, and need to update the upper bound
@@ -234,25 +235,25 @@ module Dependabot
         end
 
         def new_version_satisfies?(req)
-          requirement_class.
-            requirements_array(req.fetch(:requirement)).
-            any? { |r| r.satisfied_by?(latest_resolvable_version) }
+          requirement_class
+            .requirements_array(req.fetch(:requirement))
+            .any? { |r| r.satisfied_by?(latest_resolvable_version) }
         end
 
         def find_and_update_equality_match(requirement_strings)
           if requirement_strings.any? { |r| requirement_class.new(r).exact? }
             # True equality match
-            requirement_strings.find { |r| requirement_class.new(r).exact? }.
-              sub(
-                RequirementParser::VERSION,
-                latest_resolvable_version.to_s
-              )
+            requirement_strings.find { |r| requirement_class.new(r).exact? }
+                               .sub(
+                                 RequirementParser::VERSION,
+                                 latest_resolvable_version.to_s
+                               )
           else
             # Prefix match
-            requirement_strings.find { |r| r.match?(/^(=+|\d)/) }.
-              sub(RequirementParser::VERSION) do |v|
-                at_same_precision(latest_resolvable_version.to_s, v)
-              end
+            requirement_strings.find { |r| r.match?(/^(=+|\d)/) }
+                               .sub(RequirementParser::VERSION) do |v|
+              at_same_precision(latest_resolvable_version.to_s, v)
+            end
           end
         end
 
@@ -262,11 +263,11 @@ module Dependabot
           count = old_version.split(".").count
           precision = old_version.split(".").index("*") || count
 
-          new_version.
-            split(".").
-            first(count).
-            map.with_index { |s, i| i < precision ? s : "*" }.
-            join(".")
+          new_version
+            .split(".")
+            .first(count)
+            .map.with_index { |s, i| i < precision ? s : "*" }
+            .join(".")
         end
 
         def update_requirements_range(requirement_strings)
@@ -288,16 +289,16 @@ module Dependabot
             end
           end.compact
 
-          updated_requirement_strings.
-            sort_by { |r| requirement_class.new(r).requirements.first.last }.
-            map(&:to_s).join(",").delete(" ")
+          updated_requirement_strings
+            .sort_by { |r| requirement_class.new(r).requirements.first.last }
+            .map(&:to_s).join(",").delete(" ")
         end
 
         # Updates the version in a constraint to be the given version
         def bump_version(req_string, version_to_be_permitted)
-          old_version = req_string.
-                        match(/(#{RequirementParser::VERSION})/o).
-                        captures.first
+          old_version = req_string
+                        .match(/(#{RequirementParser::VERSION})/o)
+                        .captures.first
 
           req_string.sub(
             old_version,

data/lib/dependabot/python/update_checker.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "excon"
@@ -227,12 +228,12 @@ module Dependabot
         return ">= #{dependency.version}" if dependency.version
 
         version_for_requirement =
-          requirements.filter_map { |r| r[:requirement] }.
-          reject { |req_string| req_string.start_with?("<") }.
-          select { |req_string| req_string.match?(VERSION_REGEX) }.
-          map { |req_string| req_string.match(VERSION_REGEX) }.
-          select { |version| Gem::Version.correct?(version) }.
-          max_by { |version| Gem::Version.new(version) }
+          requirements.filter_map { |r| r[:requirement] }
+                      .reject { |req_string| req_string.start_with?("<") }
+                      .select { |req_string| req_string.match?(VERSION_REGEX) }
+                      .map { |req_string| req_string.match(VERSION_REGEX) }
+                      .select { |version| Gem::Version.correct?(version) }
+                      .max_by { |version| Gem::Version.new(version) }
 
         ">= #{version_for_requirement || 0}"
       end

data/lib/dependabot/python/version.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "dependabot/version"
@@ -106,20 +107,20 @@ module Dependabot
         # Further, Python treats dashes as a separator between version
         # parts and treats the alphabetical characters in strings as the
         # start of a new version part (so 1.1a2 == 1.1.alpha.2).
-        version.
-          gsub("alpha", "a").
-          gsub("beta", "b").
-          gsub("preview", "c").
-          gsub("pre", "c").
-          gsub("post", "r").
-          gsub("rev", "r").
-          gsub(/([\d.\-_])rc([\d.\-_])?/, '\1c\2').
-          tr("-", ".").
-          gsub(/(\d)([a-z])/i, '\1.\2')
+        version
+          .gsub("alpha", "a")
+          .gsub("beta", "b")
+          .gsub("preview", "c")
+          .gsub("pre", "c")
+          .gsub("post", "r")
+          .gsub("rev", "r")
+          .gsub(/([\d.\-_])rc([\d.\-_])?/, '\1c\2')
+          .tr("-", ".")
+          .gsub(/(\d)([a-z])/i, '\1.\2')
       end
     end
   end
 end
 
-Dependabot::Utils.
-  register_version_class("pip", Dependabot::Python::Version)
+Dependabot::Utils
+  .register_version_class("pip", Dependabot::Python::Version)

data/lib/dependabot/python.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 # These all need to be required so the various classes can be registered in a
@@ -12,8 +13,8 @@ require "dependabot/python/version"
 require "dependabot/python/name_normaliser"
 
 require "dependabot/pull_request_creator/labeler"
-Dependabot::PullRequestCreator::Labeler.
-  register_label_details("pip", name: "python", colour: "2b67c6")
+Dependabot::PullRequestCreator::Labeler
+  .register_label_details("pip", name: "python", colour: "2b67c6")
 
 require "dependabot/dependency"
 Dependabot::Dependency.register_production_check(

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-python
 version: !ruby/object:Gem::Version
-  version: 0.229.0
+  version: 0.231.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-08-30 00:00:00.000000000 Z
+date: 2023-09-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.229.0
+        version: 0.231.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.229.0
+        version: 0.231.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -136,6 +136,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 1.19.0
+- !ruby/object:Gem::Dependency
+  name: rubocop-sorbet
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.7.3
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.7.3
 - !ruby/object:Gem::Dependency
   name: stackprof
   requirement: !ruby/object:Gem::Requirement
@@ -231,7 +245,7 @@ licenses:
 - Nonstandard
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.229.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.231.0
 post_install_message: 
 rdoc_options: []
 require_paths: