dependabot-python 0.333.0 → 0.335.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: eb861b2b496cfd6879573eee03425670d74ec6fad92a93721b76f2d98392d8c9
-  data.tar.gz: ba2b3dbcbedb42506cbb78884340ee0f7a38a39d67f9093f27c8b45d84ffae9b
+  metadata.gz: 535cedbc5cc0a4b3594a556be6563af3afa5b354b5d9a3e2d2af9af60c30c116
+  data.tar.gz: e2bd11041a92793ca4f0eb56b63377a6346ae105400b34658dd5b146701c41ff
 SHA512:
-  metadata.gz: 9048dbfa79c5754a2ddb7fe88b72974d414155c7206fa25d1b4db274802ef10de60dd04bb9ad40fab7e5337c70becfffbff99d2487f2425524d3e26b0d4f4792
-  data.tar.gz: b039ecae109ea713a2ef2669b3841ea8cb97a9e4854d1bf69ed93c993eb2240b89af5d9993d8dac92540da348dcb6e461d3e6f492df4e6fe081f3458f6fd8998
+  metadata.gz: 133569373fc3bddac801d7a8a8e5055f2897a69add2ab8fca7d6d1af104a669c637b3ccaba895ec5765f6369a51366e4461c6d24cdc41248449a3614bfe51512
+  data.tar.gz: 07c053fce5c40ae72981acd60c67add022bbe668bf3e2b0f2410aebac52b6a2115fbd31870fa1edcaf1303689808354c5551702053bd5cfbb166fe3f23bbe89f

data/helpers/requirements.txt

@@ -4,7 +4,7 @@ flake8==7.3.0
 hashin==1.0.5
 pipenv==2024.4.1
 plette==2.1.0
-poetry==2.1.1
+poetry==2.2.0
 # TODO: Replace 3p package `tomli` with 3.11's new stdlib `tomllib` once we drop support for Python 3.10.
 tomli==2.2.1
 

data/lib/dependabot/python/file_fetcher.rb

@@ -151,16 +151,19 @@ module Dependabot
 
       sig { returns(T.nilable(Dependabot::DependencyFile)) }
       def python_version_file
-        @python_version_file ||= T.let(begin
-          file = fetch_support_file(".python-version")
-          return file if file
-          return if [".", "/"].include?(directory)
-
-          # Check the top-level for a .python-version file, too
-          reverse_path = Pathname.new(directory[0]).relative_path_from(directory)
-          fetch_support_file(File.join(reverse_path, ".python-version"))
-            &.tap { |f| f.name = ".python-version" }
-        end, T.nilable(Dependabot::DependencyFile))
+        @python_version_file ||= T.let(
+          begin
+            file = fetch_support_file(".python-version")
+            return file if file
+            return if [".", "/"].include?(directory)
+
+            # Check the top-level for a .python-version file, too
+            reverse_path = Pathname.new(directory[0]).relative_path_from(directory)
+            fetch_support_file(File.join(reverse_path, ".python-version"))
+              &.tap { |f| f.name = ".python-version" }
+          end,
+          T.nilable(Dependabot::DependencyFile)
+        )
       end
 
       sig { returns(T.nilable(Dependabot::DependencyFile)) }
@@ -240,23 +243,26 @@ module Dependabot
 
       sig { returns(T::Array[Dependabot::DependencyFile]) }
       def req_txt_and_in_files
-        @req_txt_and_in_files ||= T.let(begin
-          files = T.let([], T::Array[Dependabot::DependencyFile])
-
-          repo_contents
-            .select { |f| f.type == "file" }
-            .select { |f| f.name.end_with?(".txt", ".in") }
-            .reject { |f| f.size > 500_000 }
-            .map { |f| fetch_file_from_host(f.name) }
-            .select { |f| requirements_file?(f) }
-            .each { |f| files << f }
-
-          repo_contents
-            .select { |f| f.type == "dir" }
-            .each { |f| files.concat(req_files_for_dir(f)) }
-
-          files
-        end, T.nilable(T::Array[Dependabot::DependencyFile]))
+        @req_txt_and_in_files ||= T.let(
+          begin
+            files = T.let([], T::Array[Dependabot::DependencyFile])
+
+            repo_contents
+              .select { |f| f.type == "file" }
+              .select { |f| f.name.end_with?(".txt", ".in") }
+              .reject { |f| f.size > 500_000 }
+              .map { |f| fetch_file_from_host(f.name) }
+              .select { |f| requirements_file?(f) }
+              .each { |f| files << f }
+
+            repo_contents
+              .select { |f| f.type == "dir" }
+              .each { |f| files.concat(req_files_for_dir(f)) }
+
+            files
+          end,
+          T.nilable(T::Array[Dependabot::DependencyFile])
+        )
       end
 
       sig { params(requirements_dir: T.untyped).returns(T::Array[Dependabot::DependencyFile]) }
@@ -285,18 +291,21 @@ module Dependabot
 
       sig { returns(T::Array[Dependabot::DependencyFile]) }
       def child_requirement_files
-        @child_requirement_files ||= T.let(begin
-          fetched_files = req_txt_and_in_files.dup
-          req_txt_and_in_files.flat_map do |requirement_file|
-            child_files = fetch_child_requirement_files(
-              file: requirement_file,
-              previously_fetched_files: fetched_files
-            )
-
-            fetched_files += child_files
-            child_files
-          end
-        end, T.nilable(T::Array[Dependabot::DependencyFile]))
+        @child_requirement_files ||= T.let(
+          begin
+            fetched_files = req_txt_and_in_files.dup
+            req_txt_and_in_files.flat_map do |requirement_file|
+              child_files = fetch_child_requirement_files(
+                file: requirement_file,
+                previously_fetched_files: fetched_files
+              )
+
+              fetched_files += child_files
+              child_files
+            end
+          end,
+          T.nilable(T::Array[Dependabot::DependencyFile])
+        )
       end
 
       sig do

data/lib/dependabot/python/file_parser/pipfile_files_parser.rb

@@ -15,16 +15,19 @@ module Dependabot
       class PipfileFilesParser
         extend T::Sig
 
-        DEPENDENCY_GROUP_KEYS = T.let([
-          {
-            pipfile: "packages",
-            lockfile: "default"
-          },
-          {
-            pipfile: "dev-packages",
-            lockfile: "develop"
-          }
-        ].freeze, T::Array[T::Hash[Symbol, String]])
+        DEPENDENCY_GROUP_KEYS = T.let(
+          [
+            {
+              pipfile: "packages",
+              lockfile: "default"
+            },
+            {
+              pipfile: "dev-packages",
+              lockfile: "develop"
+            }
+          ].freeze,
+          T::Array[T::Hash[Symbol, String]]
+        )
 
         sig { params(dependency_files: T::Array[Dependabot::DependencyFile]).void }
         def initialize(dependency_files:)
@@ -116,8 +119,11 @@ module Dependabot
         end
 
         sig do
-          params(dep_name: String, requirement: T.any(String, T::Hash[String, T.untyped]),
-                 group: String).returns(T.nilable(String))
+          params(
+            dep_name: String,
+            requirement: T.any(String, T::Hash[String, T.untyped]),
+            group: String
+          ).returns(T.nilable(String))
         end
         def dependency_version(dep_name, requirement, group)
           req = version_from_hash_or_string(requirement)
@@ -171,8 +177,10 @@ module Dependabot
 
         sig { returns(T::Hash[String, T.untyped]) }
         def parsed_pipfile_lock
-          @parsed_pipfile_lock ||= T.let(JSON.parse(T.must(T.must(pipfile_lock).content)),
-                                         T.nilable(T::Hash[String, T.untyped]))
+          @parsed_pipfile_lock ||= T.let(
+            JSON.parse(T.must(T.must(pipfile_lock).content)),
+            T.nilable(T::Hash[String, T.untyped])
+          )
         rescue JSON::ParserError
           raise Dependabot::DependencyFileNotParseable, T.must(pipfile_lock).path
         end
@@ -184,8 +192,10 @@ module Dependabot
 
         sig { returns(T.nilable(Dependabot::DependencyFile)) }
         def pipfile_lock
-          @pipfile_lock ||= T.let(dependency_files.find { |f| f.name == "Pipfile.lock" },
-                                  T.nilable(Dependabot::DependencyFile))
+          @pipfile_lock ||= T.let(
+            dependency_files.find { |f| f.name == "Pipfile.lock" },
+            T.nilable(Dependabot::DependencyFile)
+          )
         end
       end
     end

data/lib/dependabot/python/file_parser/pyproject_files_parser.rb

@@ -107,9 +107,11 @@ module Dependabot
         end
 
         sig do
-          params(type: String,
-                 deps_hash: T::Hash[String,
-                                    T.untyped]).returns(Dependabot::FileParsers::Base::DependencySet)
+          params(
+            type: String,
+            deps_hash: T::Hash[String,
+                               T.untyped]
+          ).returns(Dependabot::FileParsers::Base::DependencySet)
         end
         def parse_poetry_dependency_group(type, deps_hash)
           dependencies = Dependabot::FileParsers::Base::DependencySet.new
@@ -218,8 +220,10 @@ module Dependabot
 
         sig { returns(T::Array[T.nilable(String)]) }
         def production_dependency_names
-          @production_dependency_names ||= T.let(parse_production_dependency_names,
-                                                 T.nilable(T::Array[T.nilable(String)]))
+          @production_dependency_names ||= T.let(
+            parse_production_dependency_names,
+            T.nilable(T::Array[T.nilable(String)])
+          )
         end
 
         sig { returns(T::Array[T.nilable(String)]) }
@@ -283,8 +287,10 @@ module Dependabot
 
         sig { returns(T.nilable(Dependabot::DependencyFile)) }
         def pyproject
-          @pyproject ||= T.let(dependency_files.find { |f| f.name == "pyproject.toml" },
-                               T.nilable(Dependabot::DependencyFile))
+          @pyproject ||= T.let(
+            dependency_files.find { |f| f.name == "pyproject.toml" },
+            T.nilable(Dependabot::DependencyFile)
+          )
         end
 
         sig { returns(T.untyped) }
@@ -319,14 +325,18 @@ module Dependabot
 
         sig { returns(T.nilable(Dependabot::DependencyFile)) }
         def poetry_lock
-          @poetry_lock ||= T.let(dependency_files.find { |f| f.name == "poetry.lock" },
-                                 T.nilable(Dependabot::DependencyFile))
+          @poetry_lock ||= T.let(
+            dependency_files.find { |f| f.name == "poetry.lock" },
+            T.nilable(Dependabot::DependencyFile)
+          )
         end
 
         sig { returns(T.nilable(Dependabot::DependencyFile)) }
         def pdm_lock
-          @pdm_lock ||= T.let(dependency_files.find { |f| f.name == "pdm.lock" },
-                              T.nilable(Dependabot::DependencyFile))
+          @pdm_lock ||= T.let(
+            dependency_files.find { |f| f.name == "pdm.lock" },
+            T.nilable(Dependabot::DependencyFile)
+          )
         end
       end
     end

data/lib/dependabot/python/file_parser/python_requirement_parser.rb

@@ -153,8 +153,10 @@ module Dependabot
 
         sig { returns(T.nilable(PipCompileFileMatcher)) }
         def pip_compile_file_matcher
-          @pip_compile_file_matcher = T.let(PipCompileFileMatcher.new(pip_compile_files),
-                                            T.nilable(PipCompileFileMatcher))
+          @pip_compile_file_matcher = T.let(
+            PipCompileFileMatcher.new(pip_compile_files),
+            T.nilable(PipCompileFileMatcher)
+          )
         end
 
         sig { returns(T.class_of(Dependabot::Python::Requirement)) }

data/lib/dependabot/python/file_parser.rb

@@ -25,16 +25,19 @@ module Dependabot
       require_relative "file_parser/setup_file_parser"
       require_relative "file_parser/python_requirement_parser"
 
-      DEPENDENCY_GROUP_KEYS = T.let([
-        {
-          pipfile: "packages",
-          lockfile: "default"
-        },
-        {
-          pipfile: "dev-packages",
-          lockfile: "develop"
-        }
-      ].freeze, T::Array[T::Hash[Symbol, String]])
+      DEPENDENCY_GROUP_KEYS = T.let(
+        [
+          {
+            pipfile: "packages",
+            lockfile: "default"
+          },
+          {
+            pipfile: "dev-packages",
+            lockfile: "develop"
+          }
+        ].freeze,
+        T::Array[T::Hash[Symbol, String]]
+      )
       REQUIREMENT_FILE_EVALUATION_ERRORS = %w(
         InstallationError RequirementsFileParseError InvalidMarker
         InvalidRequirement ValueError RecursionError
@@ -76,14 +79,24 @@ module Dependabot
 
       sig { returns(Dependabot::Python::LanguageVersionManager) }
       def language_version_manager
-        @language_version_manager ||= T.let(LanguageVersionManager.new(python_requirement_parser:
-                                        python_requirement_parser), T.nilable(LanguageVersionManager))
+        @language_version_manager ||= T.let(
+          LanguageVersionManager.new(
+            python_requirement_parser:
+                                                    python_requirement_parser
+          ),
+          T.nilable(LanguageVersionManager)
+        )
       end
 
       sig { returns(Dependabot::Python::FileParser::PythonRequirementParser) }
       def python_requirement_parser
-        @python_requirement_parser ||= T.let(FileParser::PythonRequirementParser.new(dependency_files:
-                                         dependency_files), T.nilable(FileParser::PythonRequirementParser))
+        @python_requirement_parser ||= T.let(
+          FileParser::PythonRequirementParser.new(
+            dependency_files:
+                                                     dependency_files
+          ),
+          T.nilable(FileParser::PythonRequirementParser)
+        )
       end
 
       sig { returns(Ecosystem::VersionManager) }
@@ -240,14 +253,24 @@ module Dependabot
 
       sig { returns(DependencySet) }
       def pipenv_dependencies
-        @pipenv_dependencies ||= T.let(PipfileFilesParser.new(dependency_files:
-                                    dependency_files).dependency_set, T.nilable(DependencySet))
+        @pipenv_dependencies ||= T.let(
+          PipfileFilesParser.new(
+            dependency_files:
+                                                dependency_files
+          ).dependency_set,
+          T.nilable(DependencySet)
+        )
       end
 
       sig { returns(DependencySet) }
       def pyproject_file_dependencies
-        @pyproject_file_dependencies ||= T.let(PyprojectFilesParser.new(dependency_files:
-                                          dependency_files).dependency_set, T.nilable(DependencySet))
+        @pyproject_file_dependencies ||= T.let(
+          PyprojectFilesParser.new(
+            dependency_files:
+                                                      dependency_files
+          ).dependency_set,
+          T.nilable(DependencySet)
+        )
       end
 
       sig { returns(DependencySet) }
@@ -347,8 +370,10 @@ module Dependabot
       end
 
       sig do
-        params(condition: T.untyped,
-               python_version: T.any(String, Integer, Gem::Version)).returns(T::Boolean)
+        params(
+          condition: T.untyped,
+          python_version: T.any(String, Integer, Gem::Version)
+        ).returns(T::Boolean)
       end
       def evaluate_condition(condition, python_version)
         operator, version = condition.match(/([<>=!]=?)\s*"?([\d.]+)"?/)&.captures
@@ -371,8 +396,11 @@ module Dependabot
 
       sig { returns(DependencySet) }
       def setup_file_dependencies
-        @setup_file_dependencies ||= T.let(SetupFileParser.new(dependency_files: dependency_files)
-                                    .dependency_set, T.nilable(DependencySet))
+        @setup_file_dependencies ||= T.let(
+          SetupFileParser.new(dependency_files: dependency_files)
+                                              .dependency_set,
+          T.nilable(DependencySet)
+        )
       end
 
       sig { returns(T.untyped) }
@@ -497,8 +525,10 @@ module Dependabot
 
       sig { returns(Dependabot::Python::PipCompileFileMatcher) }
       def pip_compile_file_matcher
-        @pip_compile_file_matcher ||= T.let(PipCompileFileMatcher.new(pip_compile_files),
-                                            T.nilable(Dependabot::Python::PipCompileFileMatcher))
+        @pip_compile_file_matcher ||= T.let(
+          PipCompileFileMatcher.new(pip_compile_files),
+          T.nilable(Dependabot::Python::PipCompileFileMatcher)
+        )
       end
     end
   end

data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb

@@ -25,8 +25,10 @@ module Dependabot
         require_relative "setup_file_sanitizer"
 
         UNSAFE_PACKAGES = T.let(%w(setuptools distribute pip).freeze, T::Array[String])
-        INCOMPATIBLE_VERSIONS_REGEX = T.let(/not supported between instances of 'InstallationCandidate'.*\z/m,
-                                            Regexp)
+        INCOMPATIBLE_VERSIONS_REGEX = T.let(
+          /not supported between instances of 'InstallationCandidate'.*\z/m,
+          Regexp
+        )
         WARNINGS = T.let(/\s*# WARNING:.*\Z/m, Regexp)
         UNSAFE_NOTE = T.let(/\s*# The following packages are considered to be unsafe.*\Z/m, Regexp)
         RESOLVER_REGEX = T.let(/(?<=--resolver=)(\w+)/, Regexp)
@@ -70,8 +72,10 @@ module Dependabot
 
         sig { returns(T.nilable(T::Array[Dependabot::DependencyFile])) }
         def updated_dependency_files
-          @updated_dependency_files = T.let(fetch_updated_dependency_files,
-                                            T.nilable(T::Array[Dependabot::DependencyFile]))
+          @updated_dependency_files = T.let(
+            fetch_updated_dependency_files,
+            T.nilable(T::Array[Dependabot::DependencyFile])
+          )
         end
 
         private
@@ -488,8 +492,12 @@ module Dependabot
             T.must(requirement_string.match(/#{hash_regex}((?<separator>\s*\\?\s*?)#{hash_regex})*/)).named_captures.fetch("separator")
 
           default_separator =
-            T.must(T.must(requirement_string
-            .match(RequirementParser::HASH)).pre_match.match(/(?<separator>\s*\\?\s*?)\z/)).named_captures.fetch("separator")
+            T.must(
+              T.must(
+                requirement_string
+                            .match(RequirementParser::HASH)
+              ).pre_match.match(/(?<separator>\s*\\?\s*?)\z/)
+            ).named_captures.fetch("separator")
 
           # rubocop:enable Layout/LineLength
           current_separator || default_separator

data/lib/dependabot/python/file_updater/pipfile_file_updater.rb

@@ -334,9 +334,11 @@ module Dependabot
             pipfile_content: String
           ).returns(
             T.nilable(
-              T.any(T::Hash[String, T.untyped],
-                    String,
-                    T::Array[T::Hash[String, T.untyped]])
+              T.any(
+                T::Hash[String, T.untyped],
+                String,
+                T::Array[T::Hash[String, T.untyped]]
+              )
             )
           )
         end

data/lib/dependabot/python/file_updater/pipfile_manifest_updater.rb

@@ -37,6 +37,7 @@ module Dependabot
 
         sig { returns(T::Array[Dependency]) }
         attr_reader :dependencies
+
         sig { returns(DependencyFile) }
         attr_reader :manifest
 

data/lib/dependabot/python/file_updater/pipfile_preparer.rb

@@ -70,13 +70,17 @@ module Dependabot
 
         sig { returns(T::Array[T::Hash[String, String]]) }
         def pipfile_sources
-          @pipfile_sources ||= T.let(TomlRB.parse(pipfile_content).fetch("source", []),
-                                     T.nilable(T::Array[T::Hash[String, String]]))
+          @pipfile_sources ||= T.let(
+            TomlRB.parse(pipfile_content).fetch("source", []),
+            T.nilable(T::Array[T::Hash[String, String]])
+          )
         end
 
         sig do
-          params(source: T::Hash[String, String],
-                 credentials: T::Array[Dependabot::Credential]).returns(T.nilable(T::Hash[String, String]))
+          params(
+            source: T::Hash[String, String],
+            credentials: T::Array[Dependabot::Credential]
+          ).returns(T.nilable(T::Hash[String, String]))
         end
         def sub_auth_url(source, credentials)
           if source["url"]&.include?("${")

data/lib/dependabot/python/file_updater/poetry_file_updater.rb

@@ -126,8 +126,10 @@ module Dependabot
             content.sub(T.must(declaration), new_declaration)
           else
             content.gsub(table_declaration_regex(dep, new_r)) do |match|
-              match.gsub(/(\s*version\s*=\s*["'])#{Regexp.escape(old_req)}/,
-                         '\1' + new_req)
+              match.gsub(
+                /(\s*version\s*=\s*["'])#{Regexp.escape(old_req)}/,
+                '\1' + new_req
+              )
             end
           end
         end
@@ -284,11 +286,13 @@ module Dependabot
         sig do
           params(
             pyproject_content: String
-          ).returns(T.nilable(T.any(
-                                T::Hash[String, T.untyped],
-                                String,
-                                T::Array[T::Hash[String, T.untyped]]
-                              )))
+          ).returns(T.nilable(
+                      T.any(
+                        T::Hash[String, T.untyped],
+                        String,
+                        T::Array[T::Hash[String, T.untyped]]
+                      )
+                    ))
         end
         def pyproject_hash_for(pyproject_content)
           SharedHelpers.in_a_temporary_directory do |dir|

data/lib/dependabot/python/file_updater/pyproject_preparer.rb

@@ -113,6 +113,7 @@ module Dependabot
 
         sig { returns(String) }
         attr_reader :pyproject_content
+
         sig { returns(T.nilable(Dependabot::DependencyFile)) }
         attr_reader :lockfile
 

data/lib/dependabot/python/file_updater/requirement_replacer.rb

@@ -29,8 +29,14 @@ module Dependabot
             index_urls: T.nilable(T::Array[T.nilable(String)])
           ).void
         end
-        def initialize(content:, dependency_name:, old_requirement:,
-                       new_requirement:, new_hash_version: nil, index_urls: nil)
+        def initialize(
+          content:,
+          dependency_name:,
+          old_requirement:,
+          new_requirement:,
+          new_hash_version: nil,
+          index_urls: nil
+        )
           @content = T.let(content, String)
           @dependency_name = T.let(normalise(dependency_name), String)
           @old_requirement = T.let(old_requirement, T.nilable(String))
@@ -158,12 +164,18 @@ module Dependabot
           return "" unless requirement_includes_hashes?(requirement)
 
           hash_regex = RequirementParser::HASH
-          matches = T.must(original_dependency_declaration_string(requirement)
-            .match(/#{hash_regex}((?<separator>\s*\\?\s*?)#{hash_regex})*/))
+          matches = T.must(
+            original_dependency_declaration_string(requirement)
+                        .match(/#{hash_regex}((?<separator>\s*\\?\s*?)#{hash_regex})*/)
+          )
           current_separator = matches.named_captures.fetch("separator")
 
-          hash_matches = T.must(T.must(original_dependency_declaration_string(requirement)
-            .match(RequirementParser::HASH)).pre_match.match(/(?<separator>\s*\\?\s*?)\z/))
+          hash_matches = T.must(
+            T.must(
+              original_dependency_declaration_string(requirement)
+                          .match(RequirementParser::HASH)
+            ).pre_match.match(/(?<separator>\s*\\?\s*?)\z/)
+          )
           default_separator = hash_matches
                               .named_captures.fetch("separator")
 

data/lib/dependabot/python/file_updater.rb

@@ -114,12 +114,14 @@ module Dependabot
 
       sig { returns(T::Array[DependencyFile]) }
       def updated_pip_compile_based_files
-        T.must(PipCompileFileUpdater.new(
-          dependencies: dependencies,
-          dependency_files: dependency_files,
-          credentials: credentials,
-          index_urls: pip_compile_index_urls
-        ).updated_dependency_files)
+        T.must(
+          PipCompileFileUpdater.new(
+            dependencies: dependencies,
+            dependency_files: dependency_files,
+            credentials: credentials,
+            index_urls: pip_compile_index_urls
+          ).updated_dependency_files
+        )
       end
 
       sig { returns(T::Array[DependencyFile]) }

data/lib/dependabot/python/language.rb

@@ -23,9 +23,12 @@ module Dependabot
         3.9.23
       ).freeze
 
-      PRE_INSTALLED_PYTHON_VERSIONS = T.let(PRE_INSTALLED_PYTHON_VERSIONS_RAW.map do |v|
-        Version.new(v)
-      end.sort, T::Array[Dependabot::Python::Version])
+      PRE_INSTALLED_PYTHON_VERSIONS = T.let(
+        PRE_INSTALLED_PYTHON_VERSIONS_RAW.map do |v|
+          Version.new(v)
+        end.sort,
+        T::Array[Dependabot::Python::Version]
+      )
 
       PRE_INSTALLED_VERSIONS_MAP = T.let(
         PRE_INSTALLED_PYTHON_VERSIONS.to_h do |v|

data/lib/dependabot/python/metadata_finder.rb

@@ -90,7 +90,8 @@ module Dependabot
             next unless response.status == 200
 
             response.body.include?(normalised_dependency_name)
-          end, T.nilable(String)
+          end,
+          T.nilable(String)
         )
       end
       # rubocop:enable Metrics/PerceivedComplexity
@@ -122,7 +123,8 @@ module Dependabot
             next unless response.status == 200
 
             response.body.include?(normalised_dependency_name)
-          end, T.nilable(String)
+          end,
+          T.nilable(String)
         )
       end
       # rubocop:enable Metrics/PerceivedComplexity
@@ -143,7 +145,8 @@ module Dependabot
           rescue Excon::Error::Timeout, Excon::Error::Socket,
                  Excon::Error::TooManyRedirects, ArgumentError
             nil
-          end, T.nilable(Excon::Response)
+          end,
+          T.nilable(Excon::Response)
         )
 
         return unless @homepage_response&.status == 200

data/lib/dependabot/python/name_normaliser.rb

@@ -1,4 +1,4 @@
-# typed: strict
+# typed: strong
 # frozen_string_literal: true
 
 require "sorbet-runtime"

data/lib/dependabot/python/package/package_details_fetcher.rb

@@ -69,12 +69,12 @@ module Dependabot
                              .select { |index_url| validate_index(index_url) } # Ensure only valid URLs
                              .flat_map do |index_url|
             fetch_from_registry(index_url) || [] # Ensure it always returns an array
-            rescue Excon::Error::Timeout, Excon::Error::Socket
-              raise if MAIN_PYPI_INDEXES.include?(index_url)
+          rescue Excon::Error::Timeout, Excon::Error::Socket
+            raise if MAIN_PYPI_INDEXES.include?(index_url)
 
-              raise PrivateSourceTimedOut, sanitized_url(index_url)
-            rescue URI::InvalidURIError
-              raise DependencyFileNotResolvable, "Invalid URL: #{sanitized_url(index_url)}"
+            raise PrivateSourceTimedOut, sanitized_url(index_url)
+          rescue URI::InvalidURIError
+            raise DependencyFileNotResolvable, "Invalid URL: #{sanitized_url(index_url)}"
           end
 
           Dependabot::Package::PackageDetails.new(

data/lib/dependabot/python/pipenv_runner.rb

@@ -57,8 +57,10 @@ module Dependabot
 
       sig { returns(Dependabot::Dependency) }
       attr_reader :dependency
+
       sig { returns(T.nilable(Dependabot::DependencyFile)) }
       attr_reader :lockfile
+
       sig { returns(LanguageVersionManager) }
       attr_reader :language_version_manager
 

data/lib/dependabot/python/requirement.rb

@@ -15,10 +15,13 @@ module Dependabot
       OR_SEPARATOR = T.let(/(?<=[a-zA-Z0-9)*])\s*\|+/, Regexp)
 
       # Add equality and arbitrary-equality matchers
-      OPS = T.let(OPS.merge(
-                    "==" => ->(v, r) { v == r },
-                    "===" => ->(v, r) { v.to_s == r.to_s }
-                  ), T::Hash[String, T.proc.params(arg0: T.untyped, arg1: T.untyped).returns(T.untyped)])
+      OPS = T.let(
+        OPS.merge(
+          "==" => ->(v, r) { v == r },
+          "===" => ->(v, r) { v.to_s == r.to_s }
+        ),
+        T::Hash[String, T.proc.params(arg0: T.untyped, arg1: T.untyped).returns(T.untyped)]
+      )
 
       quoted = OPS.keys.sort_by(&:length).reverse
                   .map { |k| Regexp.quote(k) }.join("|")

data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb

@@ -532,7 +532,8 @@ module Dependabot
           @python_requirement_parser ||= T.let(
             FileParser::PythonRequirementParser.new(
               dependency_files: dependency_files
-            ), T.nilable(FileParser::PythonRequirementParser)
+            ),
+            T.nilable(FileParser::PythonRequirementParser)
           )
         end
 
@@ -541,7 +542,8 @@ module Dependabot
           @language_version_manager ||= T.let(
             LanguageVersionManager.new(
               python_requirement_parser: python_requirement_parser
-            ), T.nilable(LanguageVersionManager)
+            ),
+            T.nilable(LanguageVersionManager)
           )
         end
 

data/lib/dependabot/python/update_checker/pip_version_resolver.rb

@@ -24,8 +24,15 @@ module Dependabot
             raise_on_ignored: T::Boolean
           ).void
         end
-        def initialize(dependency:, dependency_files:, credentials:,
-                       ignored_versions:, security_advisories:, update_cooldown: nil, raise_on_ignored: false)
+        def initialize(
+          dependency:,
+          dependency_files:,
+          credentials:,
+          ignored_versions:,
+          security_advisories:,
+          update_cooldown: nil,
+          raise_on_ignored: false
+        )
           @dependency          = T.let(dependency, Dependabot::Dependency)
           @dependency_files    = T.let(dependency_files, T::Array[Dependabot::DependencyFile])
           @credentials         = T.let(credentials, T::Array[Dependabot::Credential])

data/lib/dependabot/python/update_checker/poetry_version_resolver.rb

@@ -44,11 +44,14 @@ module Dependabot
 
         INCOMPATIBLE_CONSTRAINTS = /Incompatible constraints in requirements of (?<dep>.+?) ((?<ver>.+?)):/
 
-        PACKAGE_RESOLVER_ERRORS = T.let({
-          package_info_error: /Unable to determine package info/,
-          self_dep_error: /Package '(?<path>.*)' is listed as a dependency of itself./,
-          incompatible_constraints: /Incompatible constraints in requirements/
-        }.freeze, T::Hash[T.nilable(String), Regexp])
+        PACKAGE_RESOLVER_ERRORS = T.let(
+          {
+            package_info_error: /Unable to determine package info/,
+            self_dep_error: /Package '(?<path>.*)' is listed as a dependency of itself./,
+            incompatible_constraints: /Incompatible constraints in requirements/
+          }.freeze,
+          T::Hash[T.nilable(String), Regexp]
+        )
 
         sig { returns(Dependabot::Dependency) }
         attr_reader :dependency
@@ -78,8 +81,10 @@ module Dependabot
           @dependency_files         = T.let(dependency_files, T::Array[Dependabot::DependencyFile])
           @credentials              = T.let(credentials, T::Array[Dependabot::Credential])
           @repo_contents_path       = T.let(repo_contents_path, T.nilable(String))
-          @error_handler = T.let(PoetryErrorHandler.new(dependencies: dependency, dependency_files: dependency_files),
-                                 Dependabot::Python::PoetryErrorHandler)
+          @error_handler = T.let(
+            PoetryErrorHandler.new(dependencies: dependency, dependency_files: dependency_files),
+            Dependabot::Python::PoetryErrorHandler
+          )
           @resolvable = T.let({}, T::Hash[Gem::Version, T::Boolean])
           @latest_resolvable_version_string = T.let({}, T::Hash[T.nilable(String), T.nilable(String)])
           @original_reqs_resolvable = T.let(nil, T.nilable(T::Boolean))
@@ -233,8 +238,10 @@ module Dependabot
             update_pyproject: T::Boolean
           ).void
         end
-        def write_temporary_dependency_files(updated_req: nil,
-                                             update_pyproject: true)
+        def write_temporary_dependency_files(
+          updated_req: nil,
+          update_pyproject: true
+        )
           dependency_files.each do |file|
             path = file.name
             FileUtils.mkdir_p(Pathname.new(path).dirname)
@@ -409,21 +416,27 @@ module Dependabot
       PACKAGE_NOT_FOUND = /Package (?<pkg>.*) ((?<req_ver>.*)) not found./
 
       # client access error codes while accessing package index
-      CLIENT_ERROR_CODES = T.let({
-        error401: /401 Client Error/,
-        error403: /403 Client Error/,
-        error404: /404 Client Error/,
-        http403: /HTTP error 403/,
-        http404: /HTTP error 404/
-      }.freeze, T::Hash[T.nilable(String), Regexp])
+      CLIENT_ERROR_CODES = T.let(
+        {
+          error401: /401 Client Error/,
+          error403: /403 Client Error/,
+          error404: /404 Client Error/,
+          http403: /HTTP error 403/,
+          http404: /HTTP error 404/
+        }.freeze,
+        T::Hash[T.nilable(String), Regexp]
+      )
 
       # server response error codes while accessing package index
-      SERVER_ERROR_CODES = T.let({
-        server500: /500 Server Error/,
-        server502: /502 Server Error/,
-        server503: /503 Server Error/,
-        server504: /504 Server Error/
-      }.freeze, T::Hash[T.nilable(String), Regexp])
+      SERVER_ERROR_CODES = T.let(
+        {
+          server500: /500 Server Error/,
+          server502: /502 Server Error/,
+          server503: /503 Server Error/,
+          server504: /504 Server Error/
+        }.freeze,
+        T::Hash[T.nilable(String), Regexp]
+      )
 
       # invalid configuration in pyproject.toml
       POETRY_VIRTUAL_ENV_CONFIG = %r{pypoetry/virtualenvs(.|\n)*list index out of range}
@@ -431,17 +444,23 @@ module Dependabot
       # error related to local project as dependency in pyproject.toml
       ERR_LOCAL_PROJECT_PATH = /Path (?<path>.*) for (?<dep>.*) does not exist/
 
-      TIME_OUT_ERRORS = T.let({
-        time_out_max_retries: /Max retries exceeded/,
-        time_out_read_timed_out: /Read timed out/,
-        time_out_inactivity: /Timed out due to inactivity/
-      }.freeze, T::Hash[T.nilable(String), Regexp])
-
-      PACKAGE_RESOLVER_ERRORS = T.let({
-        package_info_error: /Unable to determine package info/,
-        self_dep_error: /Package '(?<path>.*)' is listed as a dependency of itself./,
-        incompatible_constraints: /Incompatible constraints in requirements/
-      }.freeze, T::Hash[T.nilable(String), Regexp])
+      TIME_OUT_ERRORS = T.let(
+        {
+          time_out_max_retries: /Max retries exceeded/,
+          time_out_read_timed_out: /Read timed out/,
+          time_out_inactivity: /Timed out due to inactivity/
+        }.freeze,
+        T::Hash[T.nilable(String), Regexp]
+      )
+
+      PACKAGE_RESOLVER_ERRORS = T.let(
+        {
+          package_info_error: /Unable to determine package info/,
+          self_dep_error: /Package '(?<path>.*)' is listed as a dependency of itself./,
+          incompatible_constraints: /Incompatible constraints in requirements/
+        }.freeze,
+        T::Hash[T.nilable(String), Regexp]
+      )
 
       sig do
         params(
@@ -502,7 +521,7 @@ module Dependabot
         SERVER_ERROR_CODES.each do |(_error_codes, error_regex)|
           next unless error.message.match?(error_regex)
 
-          index_url = URI.extract(error.message.to_s).last .then { sanitize_url(_1) }
+          index_url = URI.extract(error.message.to_s).last.then { sanitize_url(_1) }
           raise InconsistentRegistryResponse, index_url
         end
 
@@ -515,7 +534,7 @@ module Dependabot
         CLIENT_ERROR_CODES.each do |(_error_codes, error_regex)|
           next unless error.message.match?(error_regex)
 
-          index_url = URI.extract(error.message.to_s).last .then { sanitize_url(_1) }
+          index_url = URI.extract(error.message.to_s).last.then { sanitize_url(_1) }
           raise PrivateSourceAuthenticationFailure, index_url
         end
 

data/lib/dependabot/python/update_checker/requirements_updater.rb

@@ -39,8 +39,12 @@ module Dependabot
             latest_resolvable_version: T.nilable(String)
           ).void
         end
-        def initialize(requirements:, update_strategy:, has_lockfile:,
-                       latest_resolvable_version:)
+        def initialize(
+          requirements:,
+          update_strategy:,
+          has_lockfile:,
+          latest_resolvable_version:
+        )
           @requirements = T.let(requirements, T::Array[T::Hash[Symbol, T.untyped]])
           @update_strategy = T.let(update_strategy, Dependabot::RequirementsUpdateStrategy)
           @has_lockfile = T.let(has_lockfile, T::Boolean)
@@ -172,9 +176,11 @@ module Dependabot
 
         sig { params(req_string: String).returns(String) }
         def add_new_requirement_option(req_string)
-          option_to_copy = T.must(T.must(req_string.split(PYPROJECT_OR_SEPARATOR).last)
-                                     .split(PYPROJECT_SEPARATOR).first).strip
-          operator       = option_to_copy.gsub(/\d.*/, "").strip
+          option_to_copy = T.must(
+            T.must(req_string.split(PYPROJECT_OR_SEPARATOR).last)
+                                                 .split(PYPROJECT_SEPARATOR).first
+          ).strip
+          operator = option_to_copy.gsub(/\d.*/, "").strip
 
           new_option =
             case operator
@@ -335,9 +341,13 @@ module Dependabot
         # Updates the version in a constraint to be the given version
         sig { params(req_string: String, version_to_be_permitted: String).returns(String) }
         def bump_version(req_string, version_to_be_permitted)
-          old_version = T.must(T.must(req_string
-                        .match(/(#{RequirementParser::VERSION})/o))
-                        .captures.first)
+          old_version = T.must(
+            T.must(
+              req_string
+                                      .match(/(#{RequirementParser::VERSION})/o)
+            )
+                                    .captures.first
+          )
 
           req_string.sub(
             old_version,

data/lib/dependabot/python/version.rb

@@ -91,14 +91,18 @@ module Dependabot
 
         @epoch = T.let(matches["epoch"].to_i, Integer)
         @release_segment = T.let(matches["release"]&.split(".")&.map(&:to_i) || [], T::Array[Integer])
-        @pre = T.let(parse_letter_version(matches["pre_l"], matches["pre_n"]),
-                     T.nilable(T::Array[T.any(String, Integer)]))
+        @pre = T.let(
+          parse_letter_version(matches["pre_l"], matches["pre_n"]),
+          T.nilable(T::Array[T.any(String, Integer)])
+        )
         @post = T.let(
           parse_letter_version(matches["post_l"], matches["post_n1"] || matches["post_n2"]),
           T.nilable(T::Array[T.any(String, Integer)])
         )
-        @dev = T.let(parse_letter_version(matches["dev_l"], matches["dev_n"]),
-                     T.nilable(T::Array[T.any(String, Integer)]))
+        @dev = T.let(
+          parse_letter_version(matches["dev_l"], matches["dev_n"]),
+          T.nilable(T::Array[T.any(String, Integer)])
+        )
         @local = T.let(parse_local_version(matches["local"]), T.nilable(T::Array[T.any(String, Integer)]))
         super(matches["release"] || "")
       end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-python
 version: !ruby/object:Gem::Version
-  version: 0.333.0
+  version: 0.335.0
 platform: ruby
 authors:
 - Dependabot
@@ -15,14 +15,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.333.0
+        version: 0.335.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.333.0
+        version: 0.335.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -113,56 +113,56 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.67'
+        version: '1.80'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.67'
+        version: '1.80'
 - !ruby/object:Gem::Dependency
   name: rubocop-performance
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.22'
+        version: '1.26'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.22'
+        version: '1.26'
 - !ruby/object:Gem::Dependency
   name: rubocop-rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.29'
+        version: '3.7'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.29'
+        version: '3.7'
 - !ruby/object:Gem::Dependency
   name: rubocop-sorbet
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.8'
+        version: '0.10'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.8'
+        version: '0.10'
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -290,7 +290,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.333.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.335.0
 rdoc_options: []
 require_paths:
 - lib