RubyGems - dependabot-python - Versions diffs - 0.281.0 → 0.282.0 - Mend

dependabot-python 0.281.0 → 0.282.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/lib/dependabot/python/language_version_manager.rb +2 -2
data/lib/dependabot/python/requirement.rb +4 -14
data/lib/dependabot/python/update_checker/latest_version_finder.rb +1 -4
data/lib/dependabot/python/version.rb +29 -128
metadata +9 -9

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1273f0793f6c0432a5a66468ec19a460c854eda211c935c45af189d1c7b11e9d
-  data.tar.gz: c938f342ad448550e12036631ecefe4623d5d16afebf21aa01bfe85a0c048ab2
+  metadata.gz: cb78159e578c1979c167b0539aef17d508c9a07b17b257c05a7d177a3c543d56
+  data.tar.gz: 31e6e4a5c352927c54cca8ef0a9b69265737d1739e9d85622aab8fba4b9e5ac3
 SHA512:
-  metadata.gz: a2ae4f68e9cdba267b00989165544e24384d8cd10b58c99802066214fb0b354a9c331af03e8b611a0195eda2d6d760c8cb354584b29b3a7b0d7f42e8e14067a7
-  data.tar.gz: 39a45d259c975b32debd5f3d21edd53622fb863630da7fe0bdafb6170f6adde5e3f556c36896cac357475b14797ac878855c4b9d171f7d29799bc8bd8ac20854
+  metadata.gz: 4a15a3f16e2e68aa7c35d2fc3c011e88210a483cc13b7676e6412a035b8dac2abc831f395074185ca21e4bc020aa0cc775bb8d4b8efb3dda2be0332612bdf3f7
+  data.tar.gz: a241cbe9a4b2bab87b9daa50ad2e3ff357b2890f4ecb3f540a97350d44e7a24bd39dcfa660f9d2777d950834ab114ff54183255e35e8edfb22b1daeea92c74ae

data/lib/dependabot/python/language_version_manager.rb CHANGED Viewed

@@ -11,9 +11,9 @@ module Dependabot
       PRE_INSTALLED_PYTHON_VERSIONS = %w(
         3.12.5
         3.11.9
-        3.10.13
+        3.10.15
         3.9.18
-        3.8.18
+        3.8.20
       ).freeze
       def initialize(python_requirement_parser:)

data/lib/dependabot/python/requirement.rb CHANGED Viewed

@@ -24,7 +24,7 @@ module Dependabot
                   .map { |k| Regexp.quote(k) }.join("|")
       version_pattern = Python::Version::VERSION_PATTERN
-      PATTERN_RAW = "\\s*(#{quoted})?\\s*(#{version_pattern})\\s*".freeze
+      PATTERN_RAW = "\\s*(?<op>#{quoted})?\\s*(?<version>#{version_pattern})\\s*".freeze
       PATTERN = /\A#{PATTERN_RAW}\z/
       PARENS_PATTERN = /\A\(([^)]+)\)\z/
@@ -36,24 +36,14 @@ module Dependabot
           line = matches[1]
         end
-        pattern = PATTERN
-        if Dependabot::Experiments.enabled?(:python_new_version)
-          quoted = OPS.keys.sort_by(&:length).reverse
-                      .map { |k| Regexp.quote(k) }.join("|")
-          version_pattern = Python::Version::NEW_VERSION_PATTERN
-          pattern_raw = "\\s*(?<op>#{quoted})?\\s*(?<version>#{version_pattern})\\s*".freeze
-          pattern = /\A#{pattern_raw}\z/
-        end
-        unless (matches = pattern.match(line))
+        unless (matches = PATTERN.match(line))
           msg = "Illformed requirement [#{obj.inspect}]"
           raise BadRequirementError, msg
         end
-        return DefaultRequirement if matches[1] == ">=" && matches[2] == "0"
+        return DefaultRequirement if matches[:op] == ">=" && matches[:version] == "0"
-        [matches[1] || "=", Python::Version.new(T.must(matches[2]))]
+        [matches[:op] || "=", Python::Version.new(T.must(matches[:version]))]
       end
       # Returns an array of requirements. At least one requirement from the

data/lib/dependabot/python/update_checker/latest_version_finder.rb CHANGED Viewed

@@ -159,10 +159,7 @@ module Dependabot
         end
         def wants_prerelease?
-          if dependency.version
-            version = version_class.new(dependency.version.tr("+", "."))
-            return version.prerelease?
-          end
+          return version_class.new(dependency.version).prerelease? if dependency.version
           dependency.requirements.any? do |req|
             reqs = (req.fetch(:requirement) || "").split(",").map(&:strip)

data/lib/dependabot/python/version.rb CHANGED Viewed

@@ -27,14 +27,11 @@ module Dependabot
       sig { returns(T.nilable(T::Array[T.any(String, Integer)])) }
       attr_reader :local
-      attr_reader :local_version
-      attr_reader :post_release_version
       INFINITY = 1000
       NEGATIVE_INFINITY = -INFINITY
       # See https://peps.python.org/pep-0440/#appendix-b-parsing-version-strings-with-regular-expressions
-      NEW_VERSION_PATTERN = /
+      VERSION_PATTERN = /
         v?
         (?:
           (?:(?<epoch>[0-9]+)!)?                          # epoch
@@ -65,62 +62,37 @@ module Dependabot
         (?:\+(?<local>[a-z0-9]+(?:[-_\.][a-z0-9]+)*))?    # local version
       /ix
-      VERSION_PATTERN = 'v?([1-9][0-9]*!)?[0-9]+[0-9a-zA-Z]*(?>\.[0-9a-zA-Z]+)*' \
-                        '(-[0-9A-Za-z]+(\.[0-9a-zA-Z]+)*)?' \
-                        '(\+[0-9a-zA-Z]+(\.[0-9a-zA-Z]+)*)?'
       ANCHORED_VERSION_PATTERN = /\A\s*#{VERSION_PATTERN}\s*\z/
       sig { override.params(version: VersionParameter).returns(T::Boolean) }
       def self.correct?(version)
         return false if version.nil?
-        if Dependabot::Experiments.enabled?(:python_new_version)
-          version.to_s.match?(/\A\s*#{NEW_VERSION_PATTERN}\s*\z/o)
-        else
-          version.to_s.match?(ANCHORED_VERSION_PATTERN)
-        end
+        version.to_s.match?(ANCHORED_VERSION_PATTERN)
       end
       sig { override.params(version: VersionParameter).void }
-      def initialize(version) # rubocop:disable Metrics/AbcSize,Metrics/PerceivedComplexity
+      def initialize(version)
         raise Dependabot::BadRequirementError, "Malformed version string - string is nil" if version.nil?
         @version_string = version.to_s
         raise Dependabot::BadRequirementError, "Malformed version string - string is empty" if @version_string.empty?
-        matches = anchored_version_pattern.match(@version_string.downcase)
+        matches = ANCHORED_VERSION_PATTERN.match(@version_string.downcase)
         unless matches
           raise Dependabot::BadRequirementError,
                 "Malformed version string - #{@version_string} does not match regex"
         end
-        if Dependabot::Experiments.enabled?(:python_new_version)
-          @epoch = matches["epoch"].to_i
-          @release_segment = matches["release"]&.split(".")&.map(&:to_i) || []
-          @pre = parse_letter_version(matches["pre_l"], matches["pre_n"])
-          @post = parse_letter_version(matches["post_l"], matches["post_n1"] || matches["post_n2"])
-          @dev = parse_letter_version(matches["dev_l"], matches["dev_n"])
-          @local = parse_local_version(matches["local"])
-          super(matches["release"] || "")
-        else
-          version, @local_version = @version_string.split("+")
-          version ||= ""
-          version = version.gsub(/^v/, "")
-          if version.include?("!")
-            epoch, version = version.split("!")
-            @epoch = epoch.to_i
-          else
-            @epoch = 0
-          end
-          version = normalise_prerelease(version)
-          version, @post_release_version = version.split(/\.r(?=\d)/)
-          version ||= ""
-          @local_version = normalise_prerelease(@local_version) if @local_version
-          super
-        end
+        @epoch = matches["epoch"].to_i
+        @release_segment = matches["release"]&.split(".")&.map(&:to_i) || []
+        @pre = parse_letter_version(matches["pre_l"], matches["pre_n"])
+        @post = parse_letter_version(matches["post_l"], matches["post_n1"] || matches["post_n2"])
+        @dev = parse_letter_version(matches["dev_l"], matches["dev_n"])
+        @local = parse_local_version(matches["local"])
+        super(matches["release"] || "")
       end
       sig { override.params(version: VersionParameter).returns(Dependabot::Python::Version) }
@@ -140,52 +112,35 @@ module Dependabot
       sig { returns(T::Boolean) }
       def prerelease?
-        return super unless Dependabot::Experiments.enabled?(:python_new_version)
         !!(pre || dev)
       end
-      sig { returns(T.any(Gem::Version, Dependabot::Python::Version)) }
+      sig { returns(Dependabot::Python::Version) }
       def release
-        return super unless Dependabot::Experiments.enabled?(:python_new_version)
         Dependabot::Python::Version.new(release_segment.join("."))
       end
       sig { params(other: VersionParameter).returns(Integer) }
-      def <=>(other) # rubocop:disable Metrics/AbcSize,Metrics/PerceivedComplexity
+      def <=>(other)
         other = Dependabot::Python::Version.new(other.to_s) unless other.is_a?(Dependabot::Python::Version)
         other = T.cast(other, Dependabot::Python::Version)
-        if Dependabot::Experiments.enabled?(:python_new_version)
-          epoch_comparison = epoch <=> other.epoch
-          return epoch_comparison unless epoch_comparison.zero?
+        epoch_comparison = epoch <=> other.epoch
+        return epoch_comparison unless epoch_comparison.zero?
-          release_comparison = release_version_comparison(other)
-          return release_comparison unless release_comparison.zero?
+        release_comparison = release_version_comparison(other)
+        return release_comparison unless release_comparison.zero?
-          pre_comparison = compare_keys(pre_cmp_key, other.pre_cmp_key)
-          return pre_comparison unless pre_comparison.zero?
+        pre_comparison = compare_keys(pre_cmp_key, other.pre_cmp_key)
+        return pre_comparison unless pre_comparison.zero?
-          post_comparison = compare_keys(post_cmp_key, other.post_cmp_key)
-          return post_comparison unless post_comparison.zero?
+        post_comparison = compare_keys(post_cmp_key, other.post_cmp_key)
+        return post_comparison unless post_comparison.zero?
-          dev_comparison = compare_keys(dev_cmp_key, other.dev_cmp_key)
-          return dev_comparison unless dev_comparison.zero?
+        dev_comparison = compare_keys(dev_cmp_key, other.dev_cmp_key)
+        return dev_comparison unless dev_comparison.zero?
-          compare_keys(local_cmp_key, other.local_cmp_key)
-        else
-          epoch_comparison = epoch_comparison(other)
-          return epoch_comparison unless epoch_comparison.zero?
-          version_comparison = super
-          return T.must(version_comparison) unless version_comparison&.zero?
-          post_version_comparison = post_version_comparison(other)
-          return post_version_comparison unless post_version_comparison.zero?
-          local_version_comparison(other)
-        end
+        compare_keys(local_cmp_key, other.local_cmp_key)
       end
       sig do
@@ -254,6 +209,11 @@ module Dependabot
         T.must(dev)
       end
+      sig { returns(String) }
+      def lowest_prerelease_suffix
+        "dev0"
+      end
       private
       sig { params(other: Dependabot::Python::Version).returns(Integer) }
@@ -321,65 +281,6 @@ module Dependabot
         [letter, number.to_i]
       end
-      sig { returns(Regexp) }
-      def anchored_version_pattern
-        if Dependabot::Experiments.enabled?(:python_new_version)
-          /\A\s*#{NEW_VERSION_PATTERN}\s*\z/o
-        else
-          ANCHORED_VERSION_PATTERN
-        end
-      end
-      def epoch_comparison(other)
-        epoch.to_i <=> other.epoch.to_i
-      end
-      def post_version_comparison(other)
-        unless other.post_release_version
-          return post_release_version.nil? ? 0 : 1
-        end
-        return -1 if post_release_version.nil?
-        post_release_version.to_i <=> other.post_release_version.to_i
-      end
-      def local_version_comparison(other)
-        # Local version comparison works differently in Python: `1.0.beta`
-        # compares as greater than `1.0`. To accommodate, we make the
-        # strings the same length before comparing.
-        lhsegments = local_version.to_s.split(".").map(&:downcase)
-        rhsegments = other.local_version.to_s.split(".").map(&:downcase)
-        limit = [lhsegments.count, rhsegments.count].min
-        lhs = ["1", *lhsegments.first(limit)].join(".")
-        rhs = ["1", *rhsegments.first(limit)].join(".")
-        local_comparison = Gem::Version.new(lhs) <=> Gem::Version.new(rhs)
-        return local_comparison unless local_comparison&.zero?
-        lhsegments.count <=> rhsegments.count
-      end
-      def normalise_prerelease(version)
-        # Python has reserved words for release states, which are treated
-        # as equal (e.g., preview, pre and rc).
-        # Further, Python treats dashes as a separator between version
-        # parts and treats the alphabetical characters in strings as the
-        # start of a new version part (so 1.1a2 == 1.1.alpha.2).
-        version
-          .gsub("alpha", "a")
-          .gsub("beta", "b")
-          .gsub("preview", "c")
-          .gsub("pre", "c")
-          .gsub("post", "r")
-          .gsub("rev", "r")
-          .gsub(/([\d.\-_])rc([\d.\-_])?/, '\1c\2')
-          .tr("-", ".")
-          .gsub(/(\d)([a-z])/i, '\1.\2')
-      end
     end
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-python
 version: !ruby/object:Gem::Version
-  version: 0.281.0
+  version: 0.282.0
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-10-17 00:00:00.000000000 Z
+date: 2024-10-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.281.0
+        version: 0.282.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.281.0
+        version: 0.282.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -114,28 +114,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.65.0
+        version: 1.67.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.65.0
+        version: 1.67.0
 - !ruby/object:Gem::Dependency
   name: rubocop-performance
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.21.0
+        version: 1.22.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.21.0
+        version: 1.22.1
 - !ruby/object:Gem::Dependency
   name: rubocop-rspec
   requirement: !ruby/object:Gem::Requirement
@@ -288,7 +288,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.281.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.282.0
 post_install_message:
 rdoc_options: []
 require_paths: