dependabot-python 0.104.5 → 0.104.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0ecab0b693f416dd04e4cd877f89895b2e3fe5978ce1b8bb090da21982ddd199
-  data.tar.gz: 43e25134101d6934acc6c46481f4321068b7301586958514e52db0a1ef18ac26
+  metadata.gz: 86a22a74e2cfeb8d600f160d2078900565de559537249b34d6e8d31d3475f01f
+  data.tar.gz: 7a0b0874123f7decd66511a39b1ebe207c98fd8968e6194b0906ca5ef68e6d8a
 SHA512:
-  metadata.gz: f11657970a15938cd1277a1264de43202900be7b992a55e03fed6efc9681c0b0a1616ebe8d9f1f71cfb9864f361929481e09b7a605d99bbeb30e9dc9e58c8555
-  data.tar.gz: ed0cdd9468b12f6e6ec37f736a319e952791852481562218e1a4ba75671bbf984833d9de61b888a1cd64e9ed01f3ce41d6bd50e0cd730cda43f748c5880a21d4
+  metadata.gz: 30592c176e2ce1dadc2b1f4d689861fd57388377827af9d1a189cb9ae37aa790eba4ef9a727e325c6ef696b8364c93703a9116657c26840091e9de95bbfecc9e
+  data.tar.gz: cbc364db1c7a3de0b4c7643af272c424946e32b16e90742cc911d9e728eb42f97e850bd5d4c304e66fe27fa3b7fa322c4b2b25724a72134a2bb3377dfb068cb2

data/lib/dependabot/python/update_checker.rb

@@ -22,6 +22,7 @@ module Dependabot
         https://pypi.python.org/simple/
         https://pypi.org/simple/
       ).freeze
+      VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-_]+)*/.freeze
 
       def latest_version
         @latest_version ||= fetch_latest_version
@@ -31,11 +32,17 @@ module Dependabot
         @latest_resolvable_version ||=
           case resolver_type
           when :pipenv
-            pipenv_version_resolver.latest_resolvable_version
+            pipenv_version_resolver.latest_resolvable_version(
+              requirement: unlocked_requirement_string
+            )
           when :poetry
-            poetry_version_resolver.latest_resolvable_version
+            poetry_version_resolver.latest_resolvable_version(
+              requirement: unlocked_requirement_string
+            )
           when :pip_compile
-            pip_compile_version_resolver.latest_resolvable_version
+            pip_compile_version_resolver.latest_resolvable_version(
+              requirement: unlocked_requirement_string
+            )
           when :requirements
             # pip doesn't (yet) do any dependency resolution, so if we don't
             # have a Pipfile or a pip-compile file, we just return the latest
@@ -49,17 +56,17 @@ module Dependabot
         @latest_resolvable_version_with_no_unlock ||=
           case resolver_type
           when :pipenv
-            pipenv_version_resolver(
-              unlock_requirement: false
-            ).latest_resolvable_version
+            pipenv_version_resolver.latest_resolvable_version(
+              requirement: current_requirement_string
+            )
           when :poetry
-            poetry_version_resolver(
-              unlock_requirement: false
-            ).latest_resolvable_version
+            poetry_version_resolver.latest_resolvable_version(
+              requirement: current_requirement_string
+            )
           when :pip_compile
-            pip_compile_version_resolver(
-              unlock_requirement: false
-            ).latest_resolvable_version
+            pip_compile_version_resolver.latest_resolvable_version(
+              requirement: current_requirement_string
+            )
           when :requirements
             latest_pip_version_with_no_unlock
           else raise "Unexpected resolver type #{resolver_type}"
@@ -154,36 +161,72 @@ module Dependabot
         reqs.any? { |r| Python::Requirement.new(r).exact? }
       end
 
-      def pipenv_version_resolver(unlock_requirement: true)
-        @pipenv_version_resolver ||= {}
-        @pipenv_version_resolver[unlock_requirement] ||=
-          PipenvVersionResolver.
-          new(resolver_args.merge(unlock_requirement: unlock_requirement))
+      def pipenv_version_resolver
+        @pipenv_version_resolver ||= PipenvVersionResolver.new(resolver_args)
       end
 
-      def pip_compile_version_resolver(unlock_requirement: true)
-        @pip_compile_version_resolver ||= {}
-        @pip_compile_version_resolver[unlock_requirement] ||=
-          PipCompileVersionResolver.
-          new(resolver_args.merge(unlock_requirement: unlock_requirement))
+      def pip_compile_version_resolver
+        @pip_compile_version_resolver ||=
+          PipCompileVersionResolver.new(resolver_args)
       end
 
-      def poetry_version_resolver(unlock_requirement: true)
-        @poetry_version_resolver ||= {}
-        @poetry_version_resolver[unlock_requirement] ||=
-          PoetryVersionResolver.
-          new(resolver_args.merge(unlock_requirement: unlock_requirement))
+      def poetry_version_resolver
+        @poetry_version_resolver ||= PoetryVersionResolver.new(resolver_args)
       end
 
       def resolver_args
         {
           dependency: dependency,
           dependency_files: dependency_files,
-          credentials: credentials,
-          latest_allowable_version: latest_version
+          credentials: credentials
         }
       end
 
+      def current_requirement_string
+        reqs = dependency.requirements
+        return if reqs.none?
+
+        requirement =
+          case resolver_type
+          when :pipenv then reqs.find { |r| r[:file] == "Pipfile" }
+          when :poetry then reqs.find { |r| r[:file] == "pyproject.toml" }
+          when :pip_compile then reqs.find { |r| r[:file].end_with?(".in") }
+          when :requirements then reqs.find { |r| r[:file].end_with?(".txt") }
+          end
+
+        requirement.fetch(:requirement)
+      end
+
+      def unlocked_requirement_string
+        lower_bound_req = updated_version_req_lower_bound
+
+        # Add the latest_version as an upper bound. This means
+        # ignore conditions are considered when checking for the latest
+        # resolvable version.
+        #
+        # NOTE: This isn't perfect. If v2.x is ignored and v3 is out but
+        # unresolvable then the `latest_version` will be v3, and
+        # we won't be ignoring v2.x releases like we should be.
+        return lower_bound_req if latest_version.nil?
+        return lower_bound_req unless Python::Version.correct?(latest_version)
+
+        lower_bound_req + ", <= #{latest_version}"
+      end
+
+      def updated_version_req_lower_bound
+        return ">= #{dependency.version}" if dependency.version
+
+        version_for_requirement =
+          dependency.requirements.map { |r| r[:requirement] }.compact.
+          reject { |req_string| req_string.start_with?("<") }.
+          select { |req_string| req_string.match?(VERSION_REGEX) }.
+          map { |req_string| req_string.match(VERSION_REGEX) }.
+          select { |version| Gem::Version.correct?(version) }.
+          max_by { |version| Gem::Version.new(version) }
+
+        ">= #{version_for_requirement || 0}"
+      end
+
       def fetch_latest_version
         latest_version_finder.latest_version
       end

data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb

@@ -20,39 +20,34 @@ module Dependabot
       # - Run `pip-compile` and see what the result is
       # rubocop:disable Metrics/ClassLength
       class PipCompileVersionResolver
-        VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-_]+)*/.freeze
-
         attr_reader :dependency, :dependency_files, :credentials
 
-        def initialize(dependency:, dependency_files:, credentials:,
-                       unlock_requirement:, latest_allowable_version:)
+        def initialize(dependency:, dependency_files:, credentials:)
           @dependency               = dependency
           @dependency_files         = dependency_files
           @credentials              = credentials
-          @latest_allowable_version = latest_allowable_version
-          @unlock_requirement       = unlock_requirement
         end
 
-        def latest_resolvable_version
-          return @latest_resolvable_version if @resolution_already_attempted
+        def latest_resolvable_version(requirement: nil)
+          version_string =
+            fetch_latest_resolvable_version_string(requirement: requirement)
 
-          @resolution_already_attempted = true
-          @latest_resolvable_version ||= fetch_latest_resolvable_version
+          version_string.nil? ? nil : Python::Version.new(version_string)
         end
 
         private
 
-        attr_reader :latest_allowable_version
-
-        def unlock_requirement?
-          @unlock_requirement
-        end
+        # rubocop:disable Metrics/MethodLength
+        def fetch_latest_resolvable_version_string(requirement:)
+          @latest_resolvable_version_string ||= {}
+          if @latest_resolvable_version_string.key?(requirement)
+            return @latest_resolvable_version_string[requirement]
+          end
 
-        def fetch_latest_resolvable_version
-          @latest_resolvable_version_string ||=
+          @latest_resolvable_version_string[requirement] ||=
             SharedHelpers.in_a_temporary_directory do
               SharedHelpers.with_git_configured(credentials: credentials) do
-                write_temporary_dependency_files
+                write_temporary_dependency_files(updated_req: requirement)
                 install_required_python
 
                 filenames_to_compile.each do |filename|
@@ -80,10 +75,8 @@ module Dependabot
             rescue SharedHelpers::HelperSubprocessFailed => e
               handle_pip_compile_errors(e)
             end
-          return unless @latest_resolvable_version_string
-
-          Python::Version.new(@latest_resolvable_version_string)
         end
+        # rubocop:enable Metrics/MethodLength
 
         def handle_pip_compile_errors(error)
           if error.message.include?("Could not find a version")
@@ -159,7 +152,7 @@ module Dependabot
         def check_original_requirements_resolvable
           SharedHelpers.in_a_temporary_directory do
             SharedHelpers.with_git_configured(credentials: credentials) do
-              write_temporary_dependency_files(unlock_requirement: false)
+              write_temporary_dependency_files(update_requirement: false)
 
               filenames_to_compile.each do |filename|
                 run_command("pyenv exec pip-compile --allow-unsafe #{filename}")
@@ -243,14 +236,16 @@ module Dependabot
           message.include?('Command "python setup.py egg_info" failed')
         end
 
-        def write_temporary_dependency_files(unlock_requirement: true)
+        def write_temporary_dependency_files(updated_req: nil,
+                                             update_requirement: true)
           dependency_files.each do |file|
             path = file.name
             FileUtils.mkdir_p(Pathname.new(path).dirname)
-            File.write(
-              path,
-              unlock_requirement ? unlock_dependency(file) : file.content
-            )
+            updated_content =
+              if update_requirement then update_req_file(file, updated_req)
+              else file.content
+              end
+            File.write(path, updated_content)
           end
 
           # Overwrite the .python-version with updated content
@@ -297,10 +292,8 @@ module Dependabot
           end
         end
 
-        def unlock_dependency(file)
+        def update_req_file(file, updated_req)
           return file.content unless file.name.end_with?(".in")
-          return file.content unless dependency.version
-          return file.content unless unlock_requirement?
 
           req = dependency.requirements.find { |r| r[:file] == file.name }
           return file.content unless req&.fetch(:requirement)
@@ -309,44 +302,10 @@ module Dependabot
             content: file.content,
             dependency_name: dependency.name,
             old_requirement: req[:requirement],
-            new_requirement: updated_version_requirement_string
+            new_requirement: updated_req
           ).updated_content
         end
 
-        def updated_version_requirement_string
-          lower_bound_req = updated_version_req_lower_bound
-
-          # Add the latest_allowable_version as an upper bound. This means
-          # ignore conditions are considered when checking for the latest
-          # resolvable version.
-          #
-          # NOTE: This isn't perfect. If v2.x is ignored and v3 is out but
-          # unresolvable then the `latest_allowable_version` will be v3, and
-          # we won't be ignoring v2.x releases like we should be.
-          return lower_bound_req if latest_allowable_version.nil?
-          unless Python::Version.correct?(latest_allowable_version)
-            return lower_bound_req
-          end
-
-          lower_bound_req + ", <= #{latest_allowable_version}"
-        end
-
-        def updated_version_req_lower_bound
-          if dependency.version
-            ">= #{dependency.version}"
-          else
-            version_for_requirement =
-              dependency.requirements.map { |r| r[:requirement] }.compact.
-              reject { |req_string| req_string.start_with?("<") }.
-              select { |req_string| req_string.match?(VERSION_REGEX) }.
-              map { |req_string| req_string.match(VERSION_REGEX) }.
-              select { |version| Gem::Version.correct?(version) }.
-              max_by { |version| Gem::Version.new(version) }
-
-            ">= #{version_for_requirement || 0}"
-          end
-        end
-
         # See https://www.python.org/dev/peps/pep-0503/#normalized-names
         def normalise(name)
           name.downcase.gsub(/[-_.]+/, "-")

data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb

@@ -28,7 +28,6 @@ module Dependabot
       # just raise if the latest version can't be resolved. Knowing that is
       # still better than nothing, though.
       class PipenvVersionResolver
-        VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-_]+)*/.freeze
         GIT_DEPENDENCY_UNREACHABLE_REGEX =
           /Command "git clone -q (?<url>[^\s]+).*" failed/.freeze
         GIT_REFERENCE_NOT_FOUND_REGEX =
@@ -41,37 +40,33 @@ module Dependabot
 
         attr_reader :dependency, :dependency_files, :credentials
 
-        def initialize(dependency:, dependency_files:, credentials:,
-                       unlock_requirement:, latest_allowable_version:)
+        def initialize(dependency:, dependency_files:, credentials:)
           @dependency               = dependency
           @dependency_files         = dependency_files
           @credentials              = credentials
-          @latest_allowable_version = latest_allowable_version
-          @unlock_requirement       = unlock_requirement
 
           check_private_sources_are_reachable
         end
 
-        def latest_resolvable_version
-          return @latest_resolvable_version if @resolution_already_attempted
+        def latest_resolvable_version(requirement: nil)
+          version_string =
+            fetch_latest_resolvable_version_string(requirement: requirement)
 
-          @resolution_already_attempted = true
-          @latest_resolvable_version ||= fetch_latest_resolvable_version
+          version_string.nil? ? nil : Python::Version.new(version_string)
         end
 
         private
 
-        attr_reader :latest_allowable_version
-
-        def unlock_requirement?
-          @unlock_requirement
-        end
+        def fetch_latest_resolvable_version_string(requirement:)
+          @latest_resolvable_version_string ||= {}
+          if @latest_resolvable_version_string.key?(requirement)
+            return @latest_resolvable_version_string[requirement]
+          end
 
-        def fetch_latest_resolvable_version
-          @latest_resolvable_version_string ||=
+          @latest_resolvable_version_string[requirement] ||=
             SharedHelpers.in_a_temporary_directory do
               SharedHelpers.with_git_configured(credentials: credentials) do
-                write_temporary_dependency_files
+                write_temporary_dependency_files(updated_req: requirement)
                 install_required_python
 
                 # Shell out to Pipenv, which handles everything for us.
@@ -87,9 +82,6 @@ module Dependabot
             rescue SharedHelpers::HelperSubprocessFailed => e
               handle_pipenv_errors(e)
             end
-          return unless @latest_resolvable_version_string
-
-          Python::Version.new(@latest_resolvable_version_string)
         end
 
         def fetch_version_from_parsed_lockfile(updated_lockfile)
@@ -252,7 +244,8 @@ module Dependabot
           msg.gsub(/http.*?(?=\s)/, "<redacted>")
         end
 
-        def write_temporary_dependency_files(update_pipfile: true)
+        def write_temporary_dependency_files(updated_req: nil,
+                                             update_pipfile: true)
           dependency_files.each do |file|
             path = file.name
             FileUtils.mkdir_p(Pathname.new(path).dirname)
@@ -273,11 +266,12 @@ module Dependabot
             FileUtils.mkdir_p(Pathname.new(path).dirname)
             File.write(path, "[metadata]\nname = sanitized-package\n")
           end
+          return unless update_pipfile
 
           # Overwrite the pipfile with updated content
           File.write(
             "Pipfile",
-            pipfile_content(update_pipfile: update_pipfile)
+            pipfile_content(updated_requirement: updated_req)
           )
         end
 
@@ -312,12 +306,10 @@ module Dependabot
           dependency_files.find { |f| f.name == config_name }
         end
 
-        def pipfile_content(update_pipfile: true)
+        def pipfile_content(updated_requirement:)
           content = pipfile.content
-          return content unless update_pipfile
-
           content = freeze_other_dependencies(content)
-          content = unlock_target_dependency(content) if unlock_requirement?
+          content = set_target_dependency_req(content, updated_requirement)
           content = add_private_sources(content)
           content
         end
@@ -328,7 +320,9 @@ module Dependabot
             freeze_top_level_dependencies_except([dependency])
         end
 
-        def unlock_target_dependency(pipfile_content)
+        def set_target_dependency_req(pipfile_content, updated_requirement)
+          return pipfile_content unless updated_requirement
+
           pipfile_object = TomlRB.parse(pipfile_content)
 
           %w(packages dev-packages).each do |type|
@@ -337,11 +331,9 @@ module Dependabot
             next unless pkg_name
 
             if pipfile_object.dig(type, pkg_name).is_a?(Hash)
-              pipfile_object[type][pkg_name]["version"] =
-                updated_version_requirement_string
+              pipfile_object[type][pkg_name]["version"] = updated_requirement
             else
-              pipfile_object[type][pkg_name] =
-                updated_version_requirement_string
+              pipfile_object[type][pkg_name] = updated_requirement
             end
           end
 
@@ -445,40 +437,6 @@ module Dependabot
             end
         end
 
-        def updated_version_requirement_string
-          lower_bound_req = updated_version_req_lower_bound
-
-          # Add the latest_allowable_version as an upper bound. This means
-          # ignore conditions are considered when checking for the latest
-          # resolvable version.
-          #
-          # NOTE: This isn't perfect. If v2.x is ignored and v3 is out but
-          # unresolvable then the `latest_allowable_version` will be v3, and
-          # we won't be ignoring v2.x releases like we should be.
-          return lower_bound_req if latest_allowable_version.nil?
-          unless Python::Version.correct?(latest_allowable_version)
-            return lower_bound_req
-          end
-
-          lower_bound_req + ", <= #{latest_allowable_version}"
-        end
-
-        def updated_version_req_lower_bound
-          if dependency.version
-            ">= #{dependency.version}"
-          else
-            version_for_requirement =
-              dependency.requirements.map { |r| r[:requirement] }.compact.
-              reject { |req_string| req_string.start_with?("<") }.
-              select { |req_string| req_string.match?(VERSION_REGEX) }.
-              map { |req_string| req_string.match(VERSION_REGEX) }.
-              select { |version| Gem::Version.correct?(version) }.
-              max_by { |version| Gem::Version.new(version) }
-
-            ">= #{version_for_requirement || 0}"
-          end
-        end
-
         def run_command(command, env: {})
           start = Time.now
           command = SharedHelpers.escape_command(command)

data/lib/dependabot/python/update_checker/poetry_version_resolver.rb

@@ -14,46 +14,39 @@ require "dependabot/python/native_helpers"
 require "dependabot/python/python_versions"
 require "dependabot/python/authed_url_builder"
 
-# rubocop:disable Metrics/ClassLength
 module Dependabot
   module Python
     class UpdateChecker
       # This class does version resolution for pyproject.toml files.
       class PoetryVersionResolver
-        VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-_]+)*/.freeze
-
         attr_reader :dependency, :dependency_files, :credentials
 
-        def initialize(dependency:, dependency_files:, credentials:,
-                       unlock_requirement:, latest_allowable_version:)
+        def initialize(dependency:, dependency_files:, credentials:)
           @dependency               = dependency
           @dependency_files         = dependency_files
           @credentials              = credentials
-          @latest_allowable_version = latest_allowable_version
-          @unlock_requirement       = unlock_requirement
 
           check_private_sources_are_reachable
         end
 
-        def latest_resolvable_version
-          return @latest_resolvable_version if @resolution_already_attempted
+        def latest_resolvable_version(requirement: nil)
+          version_string =
+            fetch_latest_resolvable_version_string(requirement: requirement)
 
-          @resolution_already_attempted = true
-          @latest_resolvable_version ||= fetch_latest_resolvable_version
+          version_string.nil? ? nil : Python::Version.new(version_string)
         end
 
         private
 
-        attr_reader :latest_allowable_version
-
-        def unlock_requirement?
-          @unlock_requirement
-        end
+        def fetch_latest_resolvable_version_string(requirement:)
+          @latest_resolvable_version_string ||= {}
+          if @latest_resolvable_version_string.key?(requirement)
+            return @latest_resolvable_version_string[requirement]
+          end
 
-        def fetch_latest_resolvable_version
-          latest_resolvable_version_string =
+          @latest_resolvable_version_string[requirement] ||=
             SharedHelpers.in_a_temporary_directory do
-              write_temporary_dependency_files
+              write_temporary_dependency_files(updated_req: requirement)
 
               if python_version && !pre_installed_python?(python_version)
                 run_poetry_command("pyenv install -s #{python_version}")
@@ -77,9 +70,6 @@ module Dependabot
             rescue SharedHelpers::HelperSubprocessFailed => e
               handle_poetry_errors(e)
             end
-          return unless latest_resolvable_version_string
-
-          Python::Version.new(latest_resolvable_version_string)
         end
 
         def fetch_version_from_parsed_lockfile(updated_lockfile)
@@ -131,7 +121,8 @@ module Dependabot
           message.gsub(/http.*?(?=\s)/, "<redacted>")
         end
 
-        def write_temporary_dependency_files(update_pyproject: true)
+        def write_temporary_dependency_files(updated_req: nil,
+                                             update_pyproject: true)
           dependency_files.each do |file|
             path = file.name
             FileUtils.mkdir_p(Pathname.new(path).dirname)
@@ -143,7 +134,10 @@ module Dependabot
 
           # Overwrite the pyproject with updated content
           if update_pyproject
-            File.write("pyproject.toml", updated_pyproject_content)
+            File.write(
+              "pyproject.toml",
+              updated_pyproject_content(updated_requirement: updated_req)
+            )
           else
             File.write("pyproject.toml", sanitized_pyproject_content)
           end
@@ -191,15 +185,12 @@ module Dependabot
           PythonVersions::PRE_INSTALLED_PYTHON_VERSIONS.include?(version)
         end
 
-        def updated_pyproject_content
-          @updated_pyproject_content ||=
-            begin
-              content = pyproject.content
-              content = sanitize_pyproject_content(content)
-              content = freeze_other_dependencies(content)
-              content = unlock_target_dependency(content) if unlock_requirement?
-              content
-            end
+        def updated_pyproject_content(updated_requirement:)
+          content = pyproject.content
+          content = sanitize_pyproject_content(content)
+          content = freeze_other_dependencies(content)
+          content = set_target_dependency_req(content, updated_requirement)
+          content
         end
 
         def sanitized_pyproject_content
@@ -220,7 +211,9 @@ module Dependabot
             freeze_top_level_dependencies_except([dependency])
         end
 
-        def unlock_target_dependency(pyproject_content)
+        def set_target_dependency_req(pyproject_content, updated_requirement)
+          return pyproject_content unless updated_requirement
+
           pyproject_object = TomlRB.parse(pyproject_content)
           poetry_object = pyproject_object.dig("tool", "poetry")
 
@@ -230,11 +223,9 @@ module Dependabot
             next unless pkg_name
 
             if poetry_object.dig(type, pkg_name).is_a?(Hash)
-              poetry_object[type][pkg_name]["version"] =
-                updated_version_requirement_string
+              poetry_object[type][pkg_name]["version"] = updated_requirement
             else
-              poetry_object[type][pkg_name] =
-                updated_version_requirement_string
+              poetry_object[type][pkg_name] = updated_requirement
             end
           end
 
@@ -266,40 +257,6 @@ module Dependabot
             end
         end
 
-        def updated_version_requirement_string
-          lower_bound_req = updated_version_req_lower_bound
-
-          # Add the latest_allowable_version as an upper bound. This means
-          # ignore conditions are considered when checking for the latest
-          # resolvable version.
-          #
-          # NOTE: This isn't perfect. If v2.x is ignored and v3 is out but
-          # unresolvable then the `latest_allowable_version` will be v3, and
-          # we won't be ignoring v2.x releases like we should be.
-          return lower_bound_req if latest_allowable_version.nil?
-          unless Python::Version.correct?(latest_allowable_version)
-            return lower_bound_req
-          end
-
-          lower_bound_req + ", <= #{latest_allowable_version}"
-        end
-
-        def updated_version_req_lower_bound
-          if dependency.version
-            ">= #{dependency.version}"
-          else
-            version_for_requirement =
-              dependency.requirements.map { |r| r[:requirement] }.compact.
-              reject { |req_string| req_string.start_with?("<") }.
-              select { |req_string| req_string.match?(VERSION_REGEX) }.
-              map { |req_string| req_string.match(VERSION_REGEX) }.
-              select { |version| Gem::Version.correct?(version) }.
-              max_by { |version| Gem::Version.new(version) }
-
-            ">= #{version_for_requirement || 0}"
-          end
-        end
-
         def pyproject
           dependency_files.find { |f| f.name == "pyproject.toml" }
         end
@@ -372,4 +329,3 @@ module Dependabot
     end
   end
 end
-# rubocop:enable Metrics/ClassLength

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-python
 version: !ruby/object:Gem::Version
-  version: 0.104.5
+  version: 0.104.6
 platform: ruby
 authors:
 - Dependabot
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.104.5
+        version: 0.104.6
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.104.5
+        version: 0.104.6
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement