dependabot-python 0.300.0 → 0.301.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c66f1ad421fbc53cea7f4eafddfb4e31c0acb69876af1b3291407176d968e2fe
-  data.tar.gz: f63f34f3be94781bce2e3471002b56df61b4fc8b04b0cf645f3e1d305749a302
+  metadata.gz: 28b4e62ed88202c96564365886f0ffe07f5554d10f77b965030e2285e7e3f63e
+  data.tar.gz: fed3c7384673233019c27016bac8b786b3ab54b6f0ef8abf7e9a1dee63ba7992
 SHA512:
-  metadata.gz: 39ebf5bb262f04d910a81abbc28c48afefabd49731646289accccd9ac10d10686d180fc48ba7983ace19b06906f13eb9420202f906807d5c36a4c6caa75ea325
-  data.tar.gz: 1435af159a0c50873c1ddfca6d335520411a3ea8e04ecef83e0c430abe20200c3e7949182c8225d60011175d1ca5876c258a628af97ef479d85608297dbeed64
+  metadata.gz: fdb559ea1b46ed73f5951c537b809efd9f27c5b740b15186641cc579a906a8e5f80a8779a00d09991b0e12f6d396ab37697ce0c046d0b7b2d530260ba1b0da37
+  data.tar.gz: 402608f1f8a90234938f732a821fff9729a20c6d4ce3b26aa4ee44fca2794c4c028eb4a8036518a7d0387430dd473cf52fe9f370b132492f3ffef8e2776a3a1c

data/lib/dependabot/python/file_parser/python_requirement_parser.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: strict
 # frozen_string_literal: true
 
 require "toml-rb"
@@ -13,12 +13,17 @@ module Dependabot
   module Python
     class FileParser
       class PythonRequirementParser
+        extend T::Sig
+
+        sig { returns(T::Array[Dependabot::DependencyFile]) }
         attr_reader :dependency_files
 
+        sig { params(dependency_files: T::Array[Dependabot::DependencyFile]).void }
         def initialize(dependency_files:)
           @dependency_files = dependency_files
         end
 
+        sig { returns(T::Array[String]) }
         def user_specified_requirements
           [
             pipfile_python_requirement,
@@ -32,22 +37,28 @@ module Dependabot
 
         # TODO: Add better Python version detection using dependency versions
         # (e.g., Django 2.x implies Python 3)
+        sig { returns(T::Array[String]) }
         def imputed_requirements
           requirement_files.flat_map do |file|
-            file.content.lines
-                .select { |l| l.include?(";") && l.include?("python") }
-                .filter_map { |l| l.match(/python_version(?<req>.*?["'].*?['"])/) }
-                .map { |re| re.named_captures.fetch("req").gsub(/['"]/, "") }
-                .select { |r| valid_requirement?(r) }
+            T.must(file.content).lines
+             .select { |l| l.include?(";") && l.include?("python") }
+             .filter_map { |l| l.match(/python_version(?<req>.*?["'].*?['"])/) }
+             .map { |re| T.must(re.named_captures.fetch("req")).gsub(/['"]/, "") }
+             .select { |r| valid_requirement?(r) }
           end
         end
 
         private
 
+        # Parses the Pipfile content to extract the Python version requirement.
+        #
+        # @return [String, nil] the Python version requirement if specified in the Pipfile,
+        #   or nil if the requirement is not present or does not start with a digit.
+        sig { returns(T.nilable(String)) }
         def pipfile_python_requirement
           return unless pipfile
 
-          parsed_pipfile = TomlRB.parse(pipfile.content)
+          parsed_pipfile = TomlRB.parse(T.must(pipfile).content)
           requirement =
             parsed_pipfile.dig("requires", "python_full_version") ||
             parsed_pipfile.dig("requires", "python_version")
@@ -56,10 +67,11 @@ module Dependabot
           requirement
         end
 
+        sig { returns(T.nilable(String)) }
         def pyproject_python_requirement
           return unless pyproject
 
-          pyproject_object = TomlRB.parse(pyproject.content)
+          pyproject_object = TomlRB.parse(T.must(pyproject).content)
 
           # Check for PEP621 requires-python
           pep621_python = pyproject_object.dig("project", "requires-python")
@@ -72,9 +84,10 @@ module Dependabot
             poetry_object&.dig("dev-dependencies", "python")
         end
 
+        sig { returns(T.nilable(String)) }
         def pip_compile_python_requirement
           requirement_files.each do |file|
-            next unless pip_compile_file_matcher.lockfile_for_pip_compile_file?(file)
+            next unless T.must(pip_compile_file_matcher).lockfile_for_pip_compile_file?(file)
 
             marker = /^# This file is autogenerated by pip-compile with [pP]ython (?<version>\d+.\d+)$/m
             match = marker.match(file.content)
@@ -86,38 +99,41 @@ module Dependabot
           nil
         end
 
+        sig { returns(T.nilable(String)) }
         def python_version_file_version
           return unless python_version_file
 
           # read the content, split into lines and remove any lines with '#'
-          content_lines = python_version_file.content.each_line.map do |line|
+          content_lines = T.must(T.must(python_version_file).content).each_line.map do |line|
             line.sub(/#.*$/, " ").strip
           end.reject(&:empty?)
 
           file_version = content_lines.first
           return if file_version&.empty?
-          return unless pyenv_versions.include?("#{file_version}\n")
+          return unless T.must(pyenv_versions).include?("#{file_version}\n")
 
           file_version
         end
 
+        sig { returns(T.nilable(String)) }
         def runtime_file_python_version
           return unless runtime_file
 
-          file_version = runtime_file.content
-                                     .match(/(?<=python-).*/)&.to_s&.strip
+          file_version = T.must(T.must(runtime_file).content)
+                          .match(/(?<=python-).*/)&.to_s&.strip
           return if file_version&.empty?
-          return unless pyenv_versions.include?("#{file_version}\n")
+          return unless T.must(pyenv_versions).include?("#{file_version}\n")
 
           file_version
         end
 
+        sig { returns(T.nilable(String)) }
         def setup_file_requirement
           return unless setup_file
 
-          req = setup_file.content
-                          .match(/python_requires\s*=\s*['"](?<req>[^'"]+)['"]/)
-                          &.named_captures&.fetch("req")&.strip
+          req = T.must(T.must(setup_file).content)
+                 .match(/python_requires\s*=\s*['"](?<req>[^'"]+)['"]/)
+                 &.named_captures&.fetch("req")&.strip
 
           requirement_class.new(req)
           req
@@ -125,22 +141,28 @@ module Dependabot
           nil
         end
 
+        sig { returns(T.nilable(String)) }
         def pyenv_versions
-          @pyenv_versions ||= run_command("pyenv install --list")
+          @pyenv_versions = T.let(run_command("pyenv install --list"), T.nilable(String))
         end
 
+        sig { params(command: String, env: T::Hash[String, String]).returns(String) }
         def run_command(command, env: {})
           SharedHelpers.run_shell_command(command, env: env, stderr_to_stdout: true)
         end
 
+        sig { returns(T.nilable(PipCompileFileMatcher)) }
         def pip_compile_file_matcher
-          @pip_compile_file_matcher ||= PipCompileFileMatcher.new(pip_compile_files)
+          @pip_compile_file_matcher = T.let(PipCompileFileMatcher.new(pip_compile_files),
+                                            T.nilable(PipCompileFileMatcher))
         end
 
+        sig { returns(T.class_of(Dependabot::Python::Requirement)) }
         def requirement_class
           Dependabot::Python::Requirement
         end
 
+        sig { params(req_string: String).returns(T::Boolean) }
         def valid_requirement?(req_string)
           requirement_class.new(req_string)
           true
@@ -148,36 +170,44 @@ module Dependabot
           false
         end
 
+        sig { returns(T.nilable(Dependabot::DependencyFile)) }
         def pipfile
           dependency_files.find { |f| f.name == "Pipfile" }
         end
 
+        sig { returns(T.nilable(Dependabot::DependencyFile)) }
         def pipfile_lock
           dependency_files.find { |f| f.name == "Pipfile.lock" }
         end
 
+        sig { returns(T.nilable(Dependabot::DependencyFile)) }
         def pyproject
           dependency_files.find { |f| f.name == "pyproject.toml" }
         end
 
+        sig { returns(T.nilable(Dependabot::DependencyFile)) }
         def setup_file
           dependency_files.find { |f| f.name == "setup.py" }
         end
 
+        sig { returns(T.nilable(Dependabot::DependencyFile)) }
         def python_version_file
           dependency_files.find { |f| f.name == ".python-version" }
         end
 
+        sig { returns(T.nilable(Dependabot::DependencyFile)) }
         def runtime_file
           dependency_files.find { |f| f.name.end_with?("runtime.txt") }
         end
 
+        sig { returns(T::Array[Dependabot::DependencyFile]) }
         def requirement_files
           dependency_files.select { |f| f.name.end_with?(".txt") }
         end
 
+        sig { returns(T::Array[DependencyFile]) }
         def pip_compile_files
-          dependency_files.select { |f| f.name.end_with?(".in") }
+          @pip_compile_files ||= T.let(dependency_files.select { |f| f.name.end_with?(".in") }, T.untyped)
         end
       end
     end

data/lib/dependabot/python/file_parser.rb

@@ -489,7 +489,7 @@ module Dependabot
         @setup_cfg_file ||= T.let(get_original_file("setup.cfg"), T.nilable(Dependabot::DependencyFile))
       end
 
-      sig { returns(T::Array[Dependabot::Python::Requirement]) }
+      sig { returns(T::Array[Dependabot::DependencyFile]) }
       def pip_compile_files
         @pip_compile_files ||= T.let(dependency_files.select { |f| f.name.end_with?(".in") }, T.untyped)
       end

data/lib/dependabot/python/package/package_details_fetcher.rb

@@ -268,11 +268,13 @@ module Dependabot
 
         sig do
           params(
-            releases_json: T::Hash[String, T::Array[T::Hash[String, T.untyped]]]
+            releases_json: T.nilable(T::Hash[String, T::Array[T::Hash[String, T.untyped]]])
           )
             .returns(T::Array[Dependabot::Package::PackageRelease])
         end
         def format_version_releases(releases_json)
+          return [] unless releases_json
+
           releases_json.each_with_object([]) do |(version, release_data_array), versions|
             release_data = release_data_array.last
 

data/lib/dependabot/python/pip_compile_file_matcher.rb

@@ -6,7 +6,7 @@ module Dependabot
     class PipCompileFileMatcher
       extend T::Sig
 
-      sig { params(requirements_in_files: T::Array[Dependabot::Python::Requirement]).void }
+      sig { params(requirements_in_files: T::Array[DependencyFile]).void }
       def initialize(requirements_in_files)
         @requirements_in_files = requirements_in_files
       end
@@ -26,7 +26,7 @@ module Dependabot
 
       private
 
-      sig { returns(T::Array[Dependabot::Python::Requirement]) }
+      sig { returns(T::Array[DependencyFile]) }
       attr_reader :requirements_in_files
 
       sig { params(filename: T.any(String, Symbol)).returns(String) }

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-python
 version: !ruby/object:Gem::Version
-  version: 0.300.0
+  version: 0.301.1
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-03-06 00:00:00.000000000 Z
+date: 2025-03-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.300.0
+        version: 0.301.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.300.0
+        version: 0.301.1
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -291,7 +291,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.300.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.301.1
 post_install_message:
 rdoc_options: []
 require_paths: