dependabot-python 0.383.0 → 0.385.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 26031826db5cb07c05ca33adc90a735f803008ac10fe45670311c0d77a0ba738
4
- data.tar.gz: c4aa146094305a3941c3fd63360a9375cfdfbe7bd819cee61241148c5bc91f16
3
+ metadata.gz: edc98d373ce3e27a5db1080f1ddc5f2a7a60c8be26a734ac889abf8e2298ede0
4
+ data.tar.gz: fd9d7507adb7b29b972c2f318a785eea5efd4150e12e2a6a3fe5707463d38f8a
5
5
  SHA512:
6
- metadata.gz: dba3705c8b0458e64b853f97ad170d8a525fae4b89c176d0236eeab2e27b7c186c6eceb92b245181f5ef6f2cee683d2d17baac298adb4061cdbbc2ca88349b96
7
- data.tar.gz: 06e507ffbda36680035517f07d11aae8298f6e7b2708e8837589de0cf7d74da73e2e63618088bacee8663c9a4f625724c339a4a1dbbc641ac9d254e71ef78137
6
+ metadata.gz: 9d328bd3c10cb36152a63a2c3975303e111a540367ec6e464ef7ab8208bd2ee642c12561f72928116069160a39cf1b9aa0527b4efb7411966714ff6e41032cdf
7
+ data.tar.gz: 2a00eef7b5ac804ee7389022190c84a933e9ae2afa89e37852ffb68729a591ceba986587f823ac1a0df460d6d42e72587979328104af12b2d53a05f99c16b150
@@ -1,6 +1,7 @@
1
1
  # typed: strong
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "cgi/escape"
4
5
  require "sorbet-runtime"
5
6
 
6
7
  module Dependabot
@@ -73,15 +73,20 @@ module Dependabot
73
73
 
74
74
  pyproject_object = TomlRB.parse(T.must(pyproject).content)
75
75
 
76
- # Check for PEP621 requires-python
77
- pep621_python = pyproject_object.dig("project", "requires-python")
78
- return pep621_python if pep621_python
79
-
80
- # Fallback to Poetry configuration
76
+ # Check for PEP621 requires-python, falling back to Poetry configuration.
81
77
  poetry_object = pyproject_object.dig("tool", "poetry")
82
-
83
- poetry_object&.dig("dependencies", "python") ||
78
+ value =
79
+ pyproject_object.dig("project", "requires-python") ||
80
+ poetry_object&.dig("dependencies", "python") ||
84
81
  poetry_object&.dig("dev-dependencies", "python")
82
+
83
+ # A manifest can declare the python constraint as a non-string (e.g. an
84
+ # unquoted TOML float `3.12`, or an array/inline-table for multiple
85
+ # constraints). Coerce scalars to a String and ignore unsupported shapes.
86
+ case value
87
+ when String then value
88
+ when Numeric then value.to_s
89
+ end
85
90
  end
86
91
 
87
92
  sig { returns(T.nilable(String)) }
@@ -94,7 +94,7 @@ module Dependabot
94
94
  dependencies: dependencies,
95
95
  dependency_files: dependency_files,
96
96
  credentials: credentials,
97
- cooldown: options[:update_cooldown]
97
+ cooldown: T.cast(options[:update_cooldown], T.nilable(Dependabot::Package::ReleaseCooldownOptions))
98
98
  ).updated_dependency_files
99
99
  end
100
100
 
@@ -3,7 +3,7 @@
3
3
 
4
4
  require "json"
5
5
  require "time"
6
- require "cgi"
6
+ require "cgi/escape"
7
7
  require "excon"
8
8
  require "nokogiri"
9
9
  require "sorbet-runtime"
@@ -416,6 +416,7 @@ module Dependabot
416
416
  sig { params(filename: String).returns(T.nilable(String)) }
417
417
  def get_version_from_filename(filename)
418
418
  filename
419
+ .strip
419
420
  .gsub(/#{name_regex}-/i, "")
420
421
  .split(/-|\.tar\.|\.zip|\.whl/)
421
422
  .first
@@ -1,15 +1,12 @@
1
- # typed: strict
1
+ # typed: strong
2
2
  # frozen_string_literal: true
3
3
 
4
- require "cgi"
5
4
  require "excon"
6
5
  require "nokogiri"
7
6
  require "sorbet-runtime"
8
7
 
9
8
  require "dependabot/dependency"
10
- require "dependabot/git_commit_checker"
11
9
  require "dependabot/python/update_checker"
12
- require "dependabot/update_checkers/cooldown_calculation"
13
10
  require "dependabot/update_checkers/version_filters"
14
11
  require "dependabot/registry_client"
15
12
  require "dependabot/python/authed_url_builder"
@@ -24,38 +21,6 @@ module Dependabot
24
21
  class LatestVersionFinder < Dependabot::Package::PackageLatestVersionFinder
25
22
  extend T::Sig
26
23
 
27
- sig do
28
- params(git_commit_checker: Dependabot::GitCommitChecker)
29
- .returns(T.nilable(T::Hash[Symbol, T.untyped]))
30
- end
31
- def latest_version_tag(git_commit_checker:)
32
- return git_commit_checker.local_tag_for_latest_version unless cooldown_enabled?
33
-
34
- allowed_version_tags = git_commit_checker.local_tags_for_allowed_versions
35
- tags_in_cooldown = select_version_tags_in_cooldown_period(git_commit_checker)
36
-
37
- return max_version_from_tags(allowed_version_tags) if tags_in_cooldown.empty?
38
-
39
- filtered_tags = allowed_version_tags.reject do |tag|
40
- tags_in_cooldown.include?(tag[:tag])
41
- end
42
-
43
- if filtered_tags.empty?
44
- Dependabot.logger.info("All git tags filtered by cooldown for #{dependency.name}, returning nil")
45
- return nil
46
- end
47
-
48
- filtered_count = allowed_version_tags.count - filtered_tags.count
49
- if filtered_count.positive?
50
- Dependabot.logger.info("Filtered #{filtered_count} git tags due to cooldown for #{dependency.name}")
51
- end
52
-
53
- max_version_from_tags(filtered_tags)
54
- rescue StandardError => e
55
- Dependabot.logger.error("Error fetching latest version tag: #{e.message}")
56
- git_commit_checker.local_tag_for_latest_version
57
- end
58
-
59
24
  sig do
60
25
  override.returns(T.nilable(Dependabot::Package::PackageDetails))
61
26
  end
@@ -77,87 +42,6 @@ module Dependabot
77
42
  cooldown.semver_minor_days.to_i.positive? ||
78
43
  cooldown.semver_patch_days.to_i.positive?
79
44
  end
80
-
81
- private
82
-
83
- sig { params(tags: T::Array[T::Hash[Symbol, T.untyped]]).returns(T.nilable(T::Hash[Symbol, T.untyped])) }
84
- def max_version_from_tags(tags)
85
- tags.max_by { |t| t[:version] }
86
- end
87
-
88
- sig { params(git_commit_checker: Dependabot::GitCommitChecker).returns(T::Array[String]) }
89
- def select_version_tags_in_cooldown_period(git_commit_checker)
90
- version_tags_in_cooldown_period = T.let([], T::Array[String])
91
-
92
- git_commit_checker.refs_for_tag_with_detail.each do |git_tag_with_detail|
93
- if check_if_version_in_cooldown_period?(git_tag_with_detail)
94
- version_tags_in_cooldown_period << git_tag_with_detail.tag
95
- end
96
- end
97
- version_tags_in_cooldown_period
98
- rescue StandardError => e
99
- Dependabot.logger.error("Error checking if version is in cooldown: #{e.message}")
100
- []
101
- end
102
-
103
- sig { params(tag_with_detail: Dependabot::GitTagWithDetail).returns(T::Boolean) }
104
- def check_if_version_in_cooldown_period?(tag_with_detail)
105
- return false unless tag_with_detail.release_date
106
-
107
- current_version = version_class.correct?(dependency.version) ? version_class.new(dependency.version) : nil
108
- tag_version_str = tag_with_detail.tag.delete_prefix("v")
109
- return false unless version_class.correct?(tag_version_str)
110
-
111
- new_version = version_class.new(tag_version_str)
112
- days = cooldown_days_for(current_version, new_version)
113
-
114
- release_time = Time.at(release_date_to_seconds(tag_with_detail.release_date))
115
- Dependabot::UpdateCheckers::CooldownCalculation
116
- .within_cooldown_window?(release_time, days)
117
- end
118
-
119
- sig do
120
- params(
121
- current_version: T.nilable(Dependabot::Version),
122
- new_version: Dependabot::Version
123
- ).returns(Integer)
124
- end
125
- def cooldown_days_for(current_version, new_version)
126
- return 0 unless cooldown_enabled?
127
-
128
- cooldown = T.must(cooldown_options)
129
- return 0 unless cooldown.included?(dependency.name)
130
- return cooldown.default_days if current_version.nil?
131
-
132
- current_version_semver = current_version.semver_parts
133
- new_version_semver = new_version.semver_parts
134
-
135
- return cooldown.default_days if current_version_semver.nil? || new_version_semver.nil?
136
-
137
- current_major, current_minor, current_patch = current_version_semver
138
- new_major, new_minor, new_patch = new_version_semver
139
-
140
- return cooldown.semver_major_days if new_major > current_major
141
- return cooldown.semver_minor_days if new_minor > current_minor
142
- return cooldown.semver_patch_days if new_patch > current_patch
143
-
144
- cooldown.default_days
145
- end
146
-
147
- sig { returns(T.class_of(Dependabot::Version)) }
148
- def version_class
149
- dependency.version_class
150
- end
151
-
152
- sig { params(release_date: T.nilable(String)).returns(Integer) }
153
- def release_date_to_seconds(release_date)
154
- return 0 unless release_date
155
-
156
- Time.parse(release_date).to_i
157
- rescue ArgumentError => e
158
- Dependabot.logger.error("Invalid release date format: #{release_date} and error: #{e.message}")
159
- 0
160
- end
161
45
  end
162
46
  end
163
47
  end
@@ -85,8 +85,10 @@ module Dependabot
85
85
  version_string.nil? ? nil : Python::Version.new(version_string)
86
86
  end
87
87
 
88
- sig { params(version: Gem::Version).returns(T::Boolean) }
88
+ sig { params(version: T.nilable(Gem::Version)).returns(T::Boolean) }
89
89
  def resolvable?(version:)
90
+ return false if version.nil?
91
+
90
92
  @resolvable ||= T.let({}, T.nilable(T::Hash[Gem::Version, T::Boolean]))
91
93
  return T.must(@resolvable[version]) if @resolvable.key?(version)
92
94
 
@@ -164,7 +164,7 @@ module Dependabot
164
164
  sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
165
165
  def latest_git_version_details
166
166
  @latest_git_version_details ||= T.let(
167
- latest_version_finder.latest_version_tag(git_commit_checker: git_commit_checker),
167
+ git_commit_checker.local_tag_for_latest_version(@update_cooldown),
168
168
  T.nilable(T::Hash[Symbol, T.untyped])
169
169
  )
170
170
  end
@@ -78,7 +78,7 @@ module Dependabot
78
78
  def initialize(version) # rubocop:disable Metrics/AbcSize
79
79
  raise Dependabot::BadRequirementError, "Malformed version string - string is nil" if version.nil?
80
80
 
81
- @version_string = T.let(version.to_s, String)
81
+ @version_string = T.let(version.to_s.strip, String)
82
82
 
83
83
  raise Dependabot::BadRequirementError, "Malformed version string - string is empty" if @version_string.empty?
84
84
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.383.0
4
+ version: 0.385.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -15,14 +15,14 @@ dependencies:
15
15
  requirements:
16
16
  - - '='
17
17
  - !ruby/object:Gem::Version
18
- version: 0.383.0
18
+ version: 0.385.0
19
19
  type: :runtime
20
20
  prerelease: false
21
21
  version_requirements: !ruby/object:Gem::Requirement
22
22
  requirements:
23
23
  - - '='
24
24
  - !ruby/object:Gem::Version
25
- version: 0.383.0
25
+ version: 0.385.0
26
26
  - !ruby/object:Gem::Dependency
27
27
  name: debug
28
28
  requirement: !ruby/object:Gem::Requirement
@@ -322,7 +322,7 @@ licenses:
322
322
  - MIT
323
323
  metadata:
324
324
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
325
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.383.0
325
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.385.0
326
326
  rdoc_options: []
327
327
  require_paths:
328
328
  - lib
@@ -337,7 +337,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
337
337
  - !ruby/object:Gem::Version
338
338
  version: 3.3.0
339
339
  requirements: []
340
- rubygems_version: 3.7.2
340
+ rubygems_version: 4.0.14
341
341
  specification_version: 4
342
342
  summary: Provides Dependabot support for Python
343
343
  test_files: []