dependabot-python 0.245.0 → 0.247.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: eb0ff72d3a7bb69adbfc0be78fce0bf085197559897dbb695434742c8c3fc342
-  data.tar.gz: 44e8e0deade08dde926de4bdc0bf87fa3f2aeb5f81443bf43ae2a757a8eff8ca
+  metadata.gz: a1c2d4b06b6d94bcd630b68c25aa77f2325b3d26251ab0ef34656ba96e00d104
+  data.tar.gz: 6d8d5767fe28c68b0c5fe6e72999db3f71ba18166d186bec70a74203b72fa9c2
 SHA512:
-  metadata.gz: b700d2173a618bea519582853a4814f9505366b5eaa9c5f800dbcc09aeacbbd8279286ae4e02fe0e41e9abc9d0119d52ea61608a9c4e7f7ddef050415733f4db
-  data.tar.gz: 9614098e559d07658c557620610c80b988f6caf0e6eefc47628c3f02aa6e47742c339c18a029bbfaa986ec644e833f0e7bdfcbe8af3dc12432ae99a72bdabf5c
+  metadata.gz: a82fe3e2a7bf8017de7bd9754565f4740a766f75d6ed522fc873e1583d3e0f6a66a0f3cb4df8606e21ef6b5e6011bca16ec08bb52a662b41891612eb45a9b42c
+  data.tar.gz: b1946c632da0864b595c10519337c8de69109695ce9f366093b3418159024567df168a378dd6ce4c0003aca1fda301b1bac2f4111737d1ec6f96a4feff37c413

data/helpers/requirements.txt

@@ -1,5 +1,5 @@
 pip==23.3.2
-pip-tools==7.3.0
+pip-tools==7.4.1
 flake8==7.0.0
 hashin==0.17.0
 pipenv==2023.11.17

data/lib/dependabot/python/update_checker/latest_version_finder.rb

@@ -4,6 +4,7 @@
 require "cgi"
 require "excon"
 require "nokogiri"
+require "sorbet-runtime"
 
 require "dependabot/dependency"
 require "dependabot/python/update_checker"
@@ -16,6 +17,8 @@ module Dependabot
   module Python
     class UpdateChecker
       class LatestVersionFinder
+        extend T::Sig
+
         require_relative "index_finder"
 
         def initialize(dependency:, dependency_files:, credentials:,
@@ -81,12 +84,21 @@ module Dependabot
           versions.min
         end
 
+        sig { params(versions_array: T::Array[T.untyped]).returns(T::Array[T.untyped]) }
         def filter_yanked_versions(versions_array)
-          versions_array.reject { |details| details.fetch(:yanked) }
+          filtered = versions_array.reject { |details| details.fetch(:yanked) }
+          if versions_array.count > filtered.count
+            Dependabot.logger.info("Filtered out #{versions_array.count - filtered.count} yanked versions")
+          end
+          filtered
         end
 
+        sig do
+          params(versions_array: T::Array[T.untyped], python_version: T.nilable(T.any(String, Version)))
+            .returns(T::Array[T.untyped])
+        end
         def filter_unsupported_versions(versions_array, python_version)
-          versions_array.filter_map do |details|
+          filtered = versions_array.filter_map do |details|
             python_requirement = details.fetch(:python_requirement)
             next details.fetch(:version) unless python_version
             next details.fetch(:version) unless python_requirement
@@ -94,14 +106,27 @@ module Dependabot
 
             details.fetch(:version)
           end
+          if versions_array.count > filtered.count
+            delta = versions_array.count - filtered.count
+            Dependabot.logger.info("Filtered out #{delta} unsupported Python #{python_version} versions")
+          end
+          filtered
         end
 
+        sig { params(versions_array: T::Array[T.untyped]).returns(T::Array[T.untyped]) }
         def filter_prerelease_versions(versions_array)
           return versions_array if wants_prerelease?
 
-          versions_array.reject(&:prerelease?)
+          filtered = versions_array.reject(&:prerelease?)
+
+          if versions_array.count > filtered.count
+            Dependabot.logger.info("Filtered out #{versions_array.count - filtered.count} pre-release versions")
+          end
+
+          filtered
         end
 
+        sig { params(versions_array: T::Array[T.untyped]).returns(T::Array[T.untyped]) }
         def filter_ignored_versions(versions_array)
           filtered = versions_array
                      .reject { |v| ignore_requirements.any? { |r| r.satisfied_by?(v) } }
@@ -109,6 +134,9 @@ module Dependabot
             raise Dependabot::AllVersionsIgnored
           end
 
+          if versions_array.count > filtered.count
+            Dependabot.logger.info("Filtered out #{versions_array.count - filtered.count} ignored versions")
+          end
           filtered
         end
 

data/lib/dependabot/python/update_checker/requirements_updater.rb

@@ -2,9 +2,10 @@
 # frozen_string_literal: true
 
 require "dependabot/python/requirement_parser"
+require "dependabot/python/requirement"
 require "dependabot/python/update_checker"
 require "dependabot/python/version"
-require "dependabot/python/requirement"
+require "dependabot/requirements_update_strategy"
 
 module Dependabot
   module Python
@@ -31,7 +32,7 @@ module Dependabot
         end
 
         def updated_requirements
-          return requirements if update_strategy == :lockfile_only
+          return requirements if update_strategy == RequirementsUpdateStrategy::LockfileOnly
 
           requirements.map do |req|
             case req[:file]
@@ -89,9 +90,9 @@ module Dependabot
           return update_pyproject_version(req) if req.fetch(:groups).include?("dev-dependencies")
 
           case update_strategy
-          when :widen_ranges then widen_pyproject_requirement(req)
-          when :bump_versions then update_pyproject_version(req)
-          when :bump_versions_if_necessary then update_pyproject_version_if_needed(req)
+          when RequirementsUpdateStrategy::WidenRanges then widen_pyproject_requirement(req)
+          when RequirementsUpdateStrategy::BumpVersions then update_pyproject_version(req)
+          when RequirementsUpdateStrategy::BumpVersionsIfNecessary then update_pyproject_version_if_needed(req)
           else raise "Unexpected update strategy: #{update_strategy}"
           end
         rescue UnfixableRequirement
@@ -190,11 +191,11 @@ module Dependabot
           return req unless req.fetch(:requirement)
 
           case update_strategy
-          when :widen_ranges
+          when RequirementsUpdateStrategy::WidenRanges
             widen_requirement(req)
-          when :bump_versions
+          when RequirementsUpdateStrategy::BumpVersions
             update_requirement(req)
-          when :bump_versions_if_necessary
+          when RequirementsUpdateStrategy::BumpVersionsIfNecessary
             update_requirement_if_needed(req)
           else
             raise "Unexpected update strategy: #{update_strategy}"

data/lib/dependabot/python/update_checker.rb

@@ -5,13 +5,14 @@ require "excon"
 require "toml-rb"
 
 require "dependabot/dependency"
-require "dependabot/update_checkers"
-require "dependabot/update_checkers/base"
-require "dependabot/registry_client"
 require "dependabot/errors"
-require "dependabot/python/requirement"
-require "dependabot/python/requirement_parser"
 require "dependabot/python/name_normaliser"
+require "dependabot/python/requirement_parser"
+require "dependabot/python/requirement"
+require "dependabot/registry_client"
+require "dependabot/requirements_update_strategy"
+require "dependabot/update_checkers"
+require "dependabot/update_checkers/base"
 
 module Dependabot
   module Python
@@ -80,15 +81,15 @@ module Dependabot
       end
 
       def requirements_unlocked_or_can_be?
-        requirements_update_strategy != :lockfile_only
+        requirements_update_strategy != RequirementsUpdateStrategy::LockfileOnly
       end
 
       def requirements_update_strategy
         # If passed in as an option (in the base class) honour that option
-        return @requirements_update_strategy.to_sym if @requirements_update_strategy
+        return @requirements_update_strategy if @requirements_update_strategy
 
         # Otherwise, check if this is a library or not
-        library? ? :widen_ranges : :bump_versions
+        library? ? RequirementsUpdateStrategy::WidenRanges : RequirementsUpdateStrategy::BumpVersions
       end
 
       private

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-python
 version: !ruby/object:Gem::Version
-  version: 0.245.0
+  version: 0.247.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-02-22 00:00:00.000000000 Z
+date: 2024-03-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.245.0
+        version: 0.247.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.245.0
+        version: 0.247.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -136,6 +136,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 1.19.0
+- !ruby/object:Gem::Dependency
+  name: rubocop-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.27.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.27.1
 - !ruby/object:Gem::Dependency
   name: rubocop-sorbet
   requirement: !ruby/object:Gem::Requirement
@@ -274,7 +288,7 @@ licenses:
 - Nonstandard
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.245.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.247.0
 post_install_message: 
 rdoc_options: []
 require_paths: