dependabot-python 0.230.0 → 0.231.0

data/lib/dependabot/python/file_updater/poetry_file_updater.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "toml-rb"
@@ -60,17 +61,17 @@ module Dependabot
         end
 
         def updated_pyproject_content
-          dependencies.
-            select { |dep| requirement_changed?(pyproject, dep) }.
-            reduce(pyproject.content.dup) do |content, dep|
+          dependencies
+            .select { |dep| requirement_changed?(pyproject, dep) }
+            .reduce(pyproject.content.dup) do |content, dep|
               updated_requirement =
-                dep.requirements.find { |r| r[:file] == pyproject.name }.
-                fetch(:requirement)
+                dep.requirements.find { |r| r[:file] == pyproject.name }
+                   .fetch(:requirement)
 
               old_req =
-                dep.previous_requirements.
-                find { |r| r[:file] == pyproject.name }.
-                fetch(:requirement)
+                dep.previous_requirements
+                   .find { |r| r[:file] == pyproject.name }
+                   .fetch(:requirement)
 
               declaration_regex = declaration_regex(dep)
               updated_content = if content.match?(declaration_regex)
@@ -122,9 +123,9 @@ module Dependabot
         end
 
         def freeze_other_dependencies(pyproject_content)
-          PyprojectPreparer.
-            new(pyproject_content: pyproject_content, lockfile: lockfile).
-            freeze_top_level_dependencies_except(dependencies)
+          PyprojectPreparer
+            .new(pyproject_content: pyproject_content, lockfile: lockfile)
+            .freeze_top_level_dependencies_except(dependencies)
         end
 
         def freeze_dependencies_being_updated(pyproject_content)
@@ -143,9 +144,9 @@ module Dependabot
         end
 
         def update_python_requirement(pyproject_content)
-          PyprojectPreparer.
-            new(pyproject_content: pyproject_content).
-            update_python_requirement(language_version_manager.python_version)
+          PyprojectPreparer
+            .new(pyproject_content: pyproject_content)
+            .update_python_requirement(language_version_manager.python_version)
         end
 
         def lock_declaration_to_new_version!(poetry_object, dep)
@@ -170,9 +171,9 @@ module Dependabot
         end
 
         def sanitize(pyproject_content)
-          PyprojectPreparer.
-            new(pyproject_content: pyproject_content).
-            sanitize
+          PyprojectPreparer
+            .new(pyproject_content: pyproject_content)
+            .sanitize
         end
 
         def updated_lockfile_content_for(pyproject_content)
@@ -221,9 +222,9 @@ module Dependabot
         end
 
         def add_auth_env_vars
-          Python::FileUpdater::PyprojectPreparer.
-            new(pyproject_content: pyproject.content).
-            add_auth_env_vars(credentials)
+          Python::FileUpdater::PyprojectPreparer
+            .new(pyproject_content: pyproject.content)
+            .add_auth_env_vars(credentials)
         end
 
         def pyproject_hash_for(pyproject_content)

data/lib/dependabot/python/file_updater/pyproject_preparer.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "toml-rb"
@@ -49,9 +50,9 @@ module Dependabot
 
         def sanitize
           # {{ name }} syntax not allowed
-          pyproject_content.
-            gsub(/\{\{.*?\}\}/, "something").
-            gsub('#{', "{")
+          pyproject_content
+            .gsub(/\{\{.*?\}\}/, "something")
+            .gsub('#{', "{")
         end
 
         # rubocop:disable Metrics/PerceivedComplexity
@@ -103,8 +104,8 @@ module Dependabot
         attr_reader :pyproject_content, :lockfile
 
         def locked_details(dep_name)
-          parsed_lockfile.fetch("package").
-            find { |d| d["name"] == normalise(dep_name) }
+          parsed_lockfile.fetch("package")
+                         .find { |d| d["name"] == normalise(dep_name) }
         end
 
         def normalise(name)

data/lib/dependabot/python/file_updater/requirement_file_updater.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "dependabot/python/requirement_parser"

data/lib/dependabot/python/file_updater/requirement_replacer.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "dependabot/dependency"
@@ -51,8 +52,8 @@ module Dependabot
 
           if add_space_after_operators?
             new_req_string =
-              new_req_string.
-              gsub(/(#{RequirementParser::COMPARISON})\s*(?=\d)/o, '\1 ')
+              new_req_string
+              .gsub(/(#{RequirementParser::COMPARISON})\s*(?=\d)/o, '\1 ')
           end
 
           new_req_string
@@ -62,11 +63,11 @@ module Dependabot
           old_req = old_requirement
           updated_string =
             if old_req
-              original_dependency_declaration_string(old_req).
-                sub(RequirementParser::REQUIREMENTS, updated_requirement_string)
+              original_dependency_declaration_string(old_req)
+                .sub(RequirementParser::REQUIREMENTS, updated_requirement_string)
             else
-              original_dependency_declaration_string(old_req).
-                sub(RequirementParser::NAME_WITH_EXTRAS) do |nm|
+              original_dependency_declaration_string(old_req)
+                .sub(RequirementParser::NAME_WITH_EXTRAS) do |nm|
                   nm + updated_requirement_string
                 end
             end
@@ -84,15 +85,15 @@ module Dependabot
         end
 
         def add_space_after_commas?
-          original_dependency_declaration_string(old_requirement).
-            match(RequirementParser::REQUIREMENTS).
-            to_s.include?(", ")
+          original_dependency_declaration_string(old_requirement)
+            .match(RequirementParser::REQUIREMENTS)
+            .to_s.include?(", ")
         end
 
         def add_space_after_operators?
-          original_dependency_declaration_string(old_requirement).
-            match(RequirementParser::REQUIREMENTS).
-            to_s.match?(/#{RequirementParser::COMPARISON}\s+\d/o)
+          original_dependency_declaration_string(old_requirement)
+            .match(RequirementParser::REQUIREMENTS)
+            .to_s.match?(/#{RequirementParser::COMPARISON}\s+\d/o)
         end
 
         def original_declaration_replacement_regex
@@ -102,16 +103,16 @@ module Dependabot
         end
 
         def requirement_includes_hashes?(requirement)
-          original_dependency_declaration_string(requirement).
-            match?(RequirementParser::HASHES)
+          original_dependency_declaration_string(requirement)
+            .match?(RequirementParser::HASHES)
         end
 
         def hash_algorithm(requirement)
           return unless requirement_includes_hashes?(requirement)
 
-          original_dependency_declaration_string(requirement).
-            match(RequirementParser::HASHES).
-            named_captures.fetch("algorithm")
+          original_dependency_declaration_string(requirement)
+            .match(RequirementParser::HASHES)
+            .named_captures.fetch("algorithm")
         end
 
         def hash_separator(requirement)
@@ -119,15 +120,15 @@ module Dependabot
 
           hash_regex = RequirementParser::HASH
           current_separator =
-            original_dependency_declaration_string(requirement).
-            match(/#{hash_regex}((?<separator>\s*\\?\s*?)#{hash_regex})*/).
-            named_captures.fetch("separator")
+            original_dependency_declaration_string(requirement)
+            .match(/#{hash_regex}((?<separator>\s*\\?\s*?)#{hash_regex})*/)
+            .named_captures.fetch("separator")
 
           default_separator =
-            original_dependency_declaration_string(requirement).
-            match(RequirementParser::HASH).
-            pre_match.match(/(?<separator>\s*\\?\s*?)\z/).
-            named_captures.fetch("separator")
+            original_dependency_declaration_string(requirement)
+            .match(RequirementParser::HASH)
+            .pre_match.match(/(?<separator>\s*\\?\s*?)\z/)
+            .named_captures.fetch("separator")
 
           current_separator || default_separator
         end
@@ -151,9 +152,9 @@ module Dependabot
             else
               regex = RequirementParser::INSTALL_REQ_WITH_REQUIREMENT
               content.scan(regex) { matches << Regexp.last_match }
-              matches.
-                select { |m| normalise(m[:name]) == dependency_name }.
-                find { |m| requirements_match(m[:requirements], old_req) }
+              matches
+                .select { |m| normalise(m[:name]) == dependency_name }
+                .find { |m| requirements_match(m[:requirements], old_req) }
             end
 
           raise "Declaration not found for #{dependency_name}!" unless dec

data/lib/dependabot/python/file_updater/setup_file_sanitizer.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "dependabot/python/file_updater"
@@ -39,8 +40,8 @@ module Dependabot
         def install_requires_array
           @install_requires_array ||=
             parsed_setup_file.dependencies.filter_map do |dep|
-              next unless dep.requirements.first[:groups].
-                          include?("install_requires")
+              next unless dep.requirements.first[:groups]
+                             .include?("install_requires")
 
               dep.name + dep.requirements.first[:requirement].to_s
             end
@@ -49,8 +50,8 @@ module Dependabot
         def setup_requires_array
           @setup_requires_array ||=
             parsed_setup_file.dependencies.filter_map do |dep|
-              next unless dep.requirements.first[:groups].
-                          include?("setup_requires")
+              next unless dep.requirements.first[:groups]
+                             .include?("setup_requires")
 
               dep.name + dep.requirements.first[:requirement].to_s
             end

data/lib/dependabot/python/file_updater.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "toml-rb"
@@ -49,9 +50,9 @@ module Dependabot
       # rubocop:disable Metrics/PerceivedComplexity
       def resolver_type
         reqs = dependencies.flat_map(&:requirements)
-        changed_reqs = reqs.zip(dependencies.flat_map(&:previous_requirements)).
-                       reject { |(new_req, old_req)| new_req == old_req }.
-                       map(&:first)
+        changed_reqs = reqs.zip(dependencies.flat_map(&:previous_requirements))
+                           .reject { |(new_req, old_req)| new_req == old_req }
+                           .map(&:first)
         changed_req_files = changed_reqs.map { |r| r.fetch(:file) }
 
         # If there are no requirements then this is a sub-dependency. It

data/lib/dependabot/python/helpers.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "time"

data/lib/dependabot/python/language_version_manager.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "dependabot/logger"

data/lib/dependabot/python/metadata_finder.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "excon"
@@ -156,9 +157,9 @@ module Dependabot
 
       def possible_listing_urls
         credential_urls =
-          credentials.
-          select { |cred| cred["type"] == "python_index" }.
-          map { |c| AuthedUrlBuilder.authed_url(credential: c) }
+          credentials
+          .select { |cred| cred["type"] == "python_index" }
+          .map { |c| AuthedUrlBuilder.authed_url(credential: c) }
 
         (credential_urls + [MAIN_PYPI_URL]).map do |base_url|
           base_url.gsub(%r{/$}, "") + "/#{normalised_dependency_name}/json"

data/lib/dependabot/python/name_normaliser.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 module Dependabot

data/lib/dependabot/python/native_helpers.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 module Dependabot

data/lib/dependabot/python/requirement.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "dependabot/utils"
@@ -14,8 +15,8 @@ module Dependabot
         "===" => ->(v, r) { v.to_s == r.to_s }
       )
 
-      quoted = OPS.keys.sort_by(&:length).reverse.
-               map { |k| Regexp.quote(k) }.join("|")
+      quoted = OPS.keys.sort_by(&:length).reverse
+                  .map { |k| Regexp.quote(k) }.join("|")
       version_pattern = Python::Version::VERSION_PATTERN
 
       PATTERN_RAW = "\\s*(#{quoted})?\\s*(#{version_pattern})\\s*".freeze
@@ -133,23 +134,23 @@ module Dependabot
       def convert_wildcard(req_string)
         # NOTE: This isn't perfect. It replaces the "!= 1.0.*" case with
         # "!= 1.0.0". There's no way to model this correctly in Ruby :'(
-        quoted_ops = OPS.keys.sort_by(&:length).reverse.
-                     map { |k| Regexp.quote(k) }.join("|")
-        op = req_string.match(/\A\s*(#{quoted_ops})?/).
-             captures.first.to_s&.strip
+        quoted_ops = OPS.keys.sort_by(&:length).reverse
+                        .map { |k| Regexp.quote(k) }.join("|")
+        op = req_string.match(/\A\s*(#{quoted_ops})?/)
+                       .captures.first.to_s&.strip
         exact_op = ["", "=", "==", "==="].include?(op)
 
-        req_string.strip.
-          split(".").
-          first(req_string.split(".").index { |s| s.include?("*") } + 1).
-          join(".").
-          gsub(/\*(?!$)/, "0").
-          gsub(/\*$/, "0.a").
-          tap { |s| exact_op ? s.gsub!(/^(?<!!)=*/, "~>") : s }
+        req_string.strip
+                  .split(".")
+                  .first(req_string.split(".").index { |s| s.include?("*") } + 1)
+                  .join(".")
+                  .gsub(/\*(?!$)/, "0")
+                  .gsub(/\*$/, "0.a")
+                  .tap { |s| exact_op ? s.gsub!(/^(?<!!)=*/, "~>") : s }
       end
     end
   end
 end
 
-Dependabot::Utils.
-  register_requirement_class("pip", Dependabot::Python::Requirement)
+Dependabot::Utils
+  .register_requirement_class("pip", Dependabot::Python::Requirement)

data/lib/dependabot/python/requirement_parser.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 module Dependabot

data/lib/dependabot/python/update_checker/index_finder.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "dependabot/python/update_checker"
@@ -60,14 +61,14 @@ module Dependabot
           requirements_files.each do |file|
             if file.content.match?(/^--index-url\s+['"]?([^\s'"]+)['"]?/)
               urls[:main] =
-                file.content.match(/^--index-url\s+['"]?([^\s'"]+)['"]?/).
-                captures.first&.strip
+                file.content.match(/^--index-url\s+['"]?([^\s'"]+)['"]?/)
+                    .captures.first&.strip
             end
             urls[:extra] +=
-              file.content.
-              scan(/^--extra-index-url\s+['"]?([^\s'"]+)['"]?/).
-              flatten.
-              map(&:strip)
+              file.content
+                  .scan(/^--extra-index-url\s+['"]?([^\s'"]+)['"]?/)
+                  .flatten
+                  .map(&:strip)
           end
 
           urls
@@ -81,8 +82,8 @@ module Dependabot
           content = pip_conf.content
 
           if content.match?(/^index-url\s*=/x)
-            urls[:main] = content.match(/^index-url\s*=\s*(.+)/).
-                          captures.first
+            urls[:main] = content.match(/^index-url\s*=\s*(.+)/)
+                                 .captures.first
           end
           urls[:extra] += content.scan(/^extra-index-url\s*=(.+)/).flatten
 
@@ -137,17 +138,17 @@ module Dependabot
         def config_variable_index_urls
           urls = { main: nil, extra: [] }
 
-          index_url_creds = credentials.
-                            select { |cred| cred["type"] == "python_index" }
+          index_url_creds = credentials
+                            .select { |cred| cred["type"] == "python_index" }
 
           if (main_cred = index_url_creds.find { |cred| cred["replaces-base"] })
             urls[:main] = AuthedUrlBuilder.authed_url(credential: main_cred)
           end
 
           urls[:extra] =
-            index_url_creds.
-            reject { |cred| cred["replaces-base"] }.
-            map { |cred| AuthedUrlBuilder.authed_url(credential: cred) }
+            index_url_creds
+            .reject { |cred| cred["replaces-base"] }
+            .map { |cred| AuthedUrlBuilder.authed_url(credential: cred) }
 
           urls
         end
@@ -161,16 +162,16 @@ module Dependabot
             [
               config_variable_index_urls[:main],
               *config_variable_index_urls[:extra]
-            ].
-            compact.
-            map { |u| u.strip.gsub(%r{/*$}, "") + "/" }
-
-          regexp = url.
-                   sub(%r{(?<=://).+@}, "").
-                   sub(%r{https?://}, "").
-                   split(ENVIRONMENT_VARIABLE_REGEX).
-                   map { |part| Regexp.quote(part) }.
-                   join(".+")
+            ]
+            .compact
+            .map { |u| u.strip.gsub(%r{/*$}, "") + "/" }
+
+          regexp = url
+                   .sub(%r{(?<=://).+@}, "")
+                   .sub(%r{https?://}, "")
+                   .split(ENVIRONMENT_VARIABLE_REGEX)
+                   .map { |part| Regexp.quote(part) }
+                   .join(".+")
           authed_url = config_variable_urls.find { |u| u.match?(regexp) }
           return authed_url if authed_url
 
@@ -189,9 +190,9 @@ module Dependabot
         end
 
         def credential_for(url)
-          credentials.
-            select { |c| c["type"] == "python_index" }.
-            find do |c|
+          credentials
+            .select { |c| c["type"] == "python_index" }
+            .find do |c|
               cred_url = c.fetch("index-url").gsub(%r{/*$}, "") + "/"
               cred_url.include?(url)
             end

data/lib/dependabot/python/update_checker/latest_version_finder.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "cgi"
@@ -102,8 +103,8 @@ module Dependabot
         end
 
         def filter_ignored_versions(versions_array)
-          filtered = versions_array.
-                     reject { |v| ignore_requirements.any? { |r| r.satisfied_by?(v) } }
+          filtered = versions_array
+                     .reject { |v| ignore_requirements.any? { |r| r.satisfied_by?(v) } }
           if @raise_on_ignored && filter_lower_versions(filtered).empty? && filter_lower_versions(versions_array).any?
             raise Dependabot::AllVersionsIgnored
           end
@@ -122,8 +123,8 @@ module Dependabot
             requirement_class.requirements_array(r.fetch(:requirement))
           end
 
-          versions_array.
-            select { |v| reqs.all? { |r| r.any? { |o| o.satisfied_by?(v) } } }
+          versions_array
+            .select { |v| reqs.all? { |r| r.any? { |o| o.satisfied_by?(v) } } }
         end
 
         def wants_prerelease?
@@ -189,17 +190,17 @@ module Dependabot
         # rubocop:enable Metrics/PerceivedComplexity
 
         def get_version_from_filename(filename)
-          filename.
-            gsub(/#{name_regex}-/i, "").
-            split(/-|\.tar\.|\.zip|\.whl/).
-            first
+          filename
+            .gsub(/#{name_regex}-/i, "")
+            .split(/-|\.tar\.|\.zip|\.whl/)
+            .first
         end
 
         def build_python_requirement_from_link(link)
-          req_string = Nokogiri::XML(link).
-                       at_css("a")&.
-                       attribute("data-requires-python")&.
-                       content
+          req_string = Nokogiri::XML(link)
+                               .at_css("a")
+                       &.attribute("data-requires-python")
+                       &.content
 
           return unless req_string
 

data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "open3"
@@ -166,8 +167,8 @@ module Dependabot
           end
 
           if error.message.match?(GIT_DEPENDENCY_UNREACHABLE_REGEX)
-            url = error.message.match(GIT_DEPENDENCY_UNREACHABLE_REGEX).
-                  named_captures.fetch("url")
+            url = error.message.match(GIT_DEPENDENCY_UNREACHABLE_REGEX)
+                       .named_captures.fetch("url")
             raise GitDependenciesNotReachable, url
           end
 
@@ -259,9 +260,9 @@ module Dependabot
         end
 
         def pip_compile_index_options
-          credentials.
-            select { |cred| cred["type"] == "python_index" }.
-            map do |cred|
+          credentials
+            .select { |cred| cred["type"] == "python_index" }
+            .map do |cred|
               authed_url = AuthedUrlBuilder.authed_url(credential: cred)
 
               if cred["replaces-base"]
@@ -337,9 +338,9 @@ module Dependabot
           return @sanitized_setup_file_content[file.name] if @sanitized_setup_file_content[file.name]
 
           @sanitized_setup_file_content[file.name] =
-            Python::FileUpdater::SetupFileSanitizer.
-            new(setup_file: file, setup_cfg: setup_cfg(file)).
-            sanitized_content
+            Python::FileUpdater::SetupFileSanitizer
+            .new(setup_file: file, setup_cfg: setup_cfg(file))
+            .sanitized_content
         end
 
         def setup_cfg(file)
@@ -373,9 +374,9 @@ module Dependabot
 
         def filenames_to_compile
           files_from_reqs =
-            dependency.requirements.
-            map { |r| r[:file] }.
-            select { |fn| fn.end_with?(".in") }
+            dependency.requirements
+                      .map { |r| r[:file] }
+                      .select { |fn| fn.end_with?(".in") }
 
           files_from_compiled_files =
             pip_compile_files.map(&:name).select do |fn|
@@ -390,12 +391,12 @@ module Dependabot
 
         def compiled_file_for_filename(filename)
           compiled_file =
-            compiled_files.
-            find { |f| f.content.match?(output_file_regex(filename)) }
+            compiled_files
+            .find { |f| f.content.match?(output_file_regex(filename)) }
 
           compiled_file ||=
-            compiled_files.
-            find { |f| f.name == filename.gsub(/\.in$/, ".txt") }
+            compiled_files
+            .find { |f| f.name == filename.gsub(/\.in$/, ".txt") }
 
           compiled_file
         end
@@ -421,8 +422,8 @@ module Dependabot
 
           while (remaining_filenames = filenames - ordered_filenames).any?
             ordered_filenames +=
-              remaining_filenames.
-              reject do |fn|
+              remaining_filenames
+              .reject do |fn|
                 unupdated_reqs = requirement_map[fn] - ordered_filenames
                 unupdated_reqs.intersect?(filenames)
               end

data/lib/dependabot/python/update_checker/pip_version_resolver.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "dependabot/python/language_version_manager"
@@ -25,13 +26,13 @@ module Dependabot
         end
 
         def latest_resolvable_version_with_no_unlock
-          latest_version_finder.
-            latest_version_with_no_unlock(python_version: language_version_manager.python_version)
+          latest_version_finder
+            .latest_version_with_no_unlock(python_version: language_version_manager.python_version)
         end
 
         def lowest_resolvable_security_fix_version
-          latest_version_finder.
-            lowest_security_fix_version(python_version: language_version_manager.python_version)
+          latest_version_finder
+            .lowest_security_fix_version(python_version: language_version_manager.python_version)
         end
 
         private