dependabot-python 0.110.16 → 0.110.17

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 81218b4f113548c19d097c51e0a0a2d7176b06cae1a395ae5ba59c0d5aa1f5ac
-  data.tar.gz: 3a01854f6401e1a759c67d5c73786a039069d9de1e0de491ad86b1f71ef5c379
+  metadata.gz: 92b0bdc62cbfd3cbef19f87843e133359f893c29f27b0abbc59d3d570ebc4b92
+  data.tar.gz: b8256f11710fa5c15b5254a455ef66241db66aeae53a724febcd0fcf1a34efc3
 SHA512:
-  metadata.gz: 56be2eefcd3e3c39349c65ce9949ca1df0a6faf96cca11d8398897544b7c53520ad0cad63c4e5cd8b9ec1cda87d670387b522282b61e6730bd8cf17d4de4882c
-  data.tar.gz: eb1625b1b81c87fdf13abbe4707e0e97de4f05343c8bd0debe4707995cb500034f01a30d4d294482e811e073a6235268655320c44fb448c54819866bfaca8a94
+  metadata.gz: 391c44dc7177193877550bb2bf80ed36f65e8b6da3ab43b61a609a8e3c55e0731f7443ea00cf98d8fe078dbdfeaa4b56fb793fb4b536af541b235e720a34dcef
+  data.tar.gz: 56600829da49450e9bd34b9039c015d1f82d113b51e6578587b2579c1d935f3927eaa101762edc9e54e4d559b596e45726c480b50b28426ab550e15751d90456

data/lib/dependabot/python/file_parser/python_requirement_parser.rb

@@ -17,12 +17,14 @@ module Dependabot
           @dependency_files = dependency_files
         end
 
-        def user_specified_requirement
-          pipfile_python_requirement ||
-            pyproject_python_requirement ||
-            python_version_file_version ||
-            runtime_file_python_version ||
+        def user_specified_requirements
+          [
+            pipfile_python_requirement,
+            pyproject_python_requirement,
+            python_version_file_version,
+            runtime_file_python_version,
             setup_file_requirement
+          ].compact
         end
 
         # TODO: Add better Python version detection using dependency versions
@@ -91,9 +93,14 @@ module Dependabot
         def setup_file_requirement
           return unless setup_file
 
-          setup_file.content.
-            match(/python_requires\s*=\s*['"](?<req>[^'"]+)['"]/)&.
-            named_captures&.fetch("req")&.strip
+          req = setup_file.content.
+                match(/python_requires\s*=\s*['"](?<req>[^'"]+)['"]/)&.
+                named_captures&.fetch("req")&.strip
+
+          requirement_class.new(req)
+          req
+        rescue Gem::Requirement::BadRequirementError
+          nil
         end
 
         def pyenv_versions

data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb

@@ -532,13 +532,14 @@ module Dependabot
         end
 
         def user_specified_python_version
-          return unless python_requirement_parser.user_specified_requirement
+          unless python_requirement_parser.user_specified_requirements.any?
+            return
+          end
 
-          user_specified_requirement =
-            Dependabot::Python::Requirement.new(
-              python_requirement_parser.user_specified_requirement
-            )
-          python_version_matching([user_specified_requirement])
+          user_specified_requirements =
+            python_requirement_parser.user_specified_requirements.
+            map { |r| Python::Requirement.requirements_array(r) }
+          python_version_matching(user_specified_requirements)
         end
 
         def python_version_matching_imputed_requirements
@@ -552,7 +553,11 @@ module Dependabot
         def python_version_matching(requirements)
           PythonVersions::SUPPORTED_VERSIONS_TO_ITERATE.find do |version_string|
             version = Python::Version.new(version_string)
-            requirements.all? { |req| req.satisfied_by?(version) }
+            requirements.all? do |req|
+              next req.any? { |r| r.satisfied_by?(version) } if req.is_a?(Array)
+
+              req.satisfied_by?(version)
+            end
           end
         end
 

data/lib/dependabot/python/file_updater/pipfile_file_updater.rb

@@ -386,7 +386,7 @@ module Dependabot
         end
 
         def user_specified_python_requirement
-          python_requirement_parser.user_specified_requirement
+          python_requirement_parser.user_specified_requirements.first
         end
 
         def python_requirement_parser

data/lib/dependabot/python/file_updater/poetry_file_updater.rb

@@ -232,20 +232,17 @@ module Dependabot
         end
 
         def python_version
-          requirement = user_specified_python_requirement
-          requirements = Python::Requirement.requirements_array(requirement)
+          requirements = python_requirement_parser.user_specified_requirements
+          requirements = requirements.
+                         map { |r| Python::Requirement.requirements_array(r) }
 
           PythonVersions::SUPPORTED_VERSIONS_TO_ITERATE.find do |version|
-            requirements.any? do |r|
-              r.satisfied_by?(Python::Version.new(version))
+            requirements.all? do |reqs|
+              reqs.any? { |r| r.satisfied_by?(Python::Version.new(version)) }
             end
           end
         end
 
-        def user_specified_python_requirement
-          python_requirement_parser.user_specified_requirement
-        end
-
         def python_requirement_parser
           @python_requirement_parser ||=
             FileParser::PythonRequirementParser.new(

data/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb

@@ -448,13 +448,14 @@ module Dependabot
         end
 
         def user_specified_python_version
-          return unless python_requirement_parser.user_specified_requirement
+          unless python_requirement_parser.user_specified_requirements.any?
+            return
+          end
 
-          user_specified_requirement =
-            Dependabot::Python::Requirement.new(
-              python_requirement_parser.user_specified_requirement
-            )
-          python_version_matching([user_specified_requirement])
+          user_specified_requirements =
+            python_requirement_parser.user_specified_requirements.
+            map { |r| Python::Requirement.requirements_array(r) }
+          python_version_matching(user_specified_requirements)
         end
 
         def python_version_matching_imputed_requirements
@@ -468,7 +469,11 @@ module Dependabot
         def python_version_matching(requirements)
           PythonVersions::SUPPORTED_VERSIONS_TO_ITERATE.find do |version_string|
             version = Python::Version.new(version_string)
-            requirements.all? { |req| req.satisfied_by?(version) }
+            requirements.all? do |req|
+              next req.any? { |r| r.satisfied_by?(version) } if req.is_a?(Array)
+
+              req.satisfied_by?(version)
+            end
           end
         end
 

data/lib/dependabot/python/update_checker/pip_version_resolver.rb

@@ -54,13 +54,14 @@ module Dependabot
         end
 
         def user_specified_python_version
-          return unless python_requirement_parser.user_specified_requirement
+          unless python_requirement_parser.user_specified_requirements.any?
+            return
+          end
 
-          user_specified_requirement =
-            Dependabot::Python::Requirement.new(
-              python_requirement_parser.user_specified_requirement
-            )
-          python_version_matching([user_specified_requirement])
+          user_specified_requirements =
+            python_requirement_parser.user_specified_requirements.
+            map { |r| Python::Requirement.requirements_array(r) }
+          python_version_matching(user_specified_requirements)
         end
 
         def python_version_matching_imputed_requirements
@@ -74,7 +75,11 @@ module Dependabot
         def python_version_matching(requirements)
           PythonVersions::SUPPORTED_VERSIONS_TO_ITERATE.find do |version_string|
             version = Python::Version.new(version_string)
-            requirements.all? { |req| req.satisfied_by?(version) }
+            requirements.all? do |req|
+              next req.any? { |r| r.satisfied_by?(version) } if req.is_a?(Array)
+
+              req.satisfied_by?(version)
+            end
           end
         end
 

data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb

@@ -407,7 +407,7 @@ module Dependabot
         end
 
         def user_specified_python_requirement
-          python_requirement_parser.user_specified_requirement
+          python_requirement_parser.user_specified_requirements.first
         end
 
         def python_requirement_parser

data/lib/dependabot/python/update_checker/poetry_version_resolver.rb

@@ -189,11 +189,14 @@ module Dependabot
         end
 
         def python_version
-          requirement = user_specified_python_requirement
-          requirements = Python::Requirement.requirements_array(requirement)
+          requirements = python_requirement_parser.user_specified_requirements
+          requirements = requirements.
+                         map { |r| Python::Requirement.requirements_array(r) }
 
           version = PythonVersions::SUPPORTED_VERSIONS_TO_ITERATE.find do |v|
-            requirements.any? { |r| r.satisfied_by?(Python::Version.new(v)) }
+            requirements.all? do |reqs|
+              reqs.any? { |r| r.satisfied_by?(Python::Version.new(v)) }
+            end
           end
           return version if version
 
@@ -204,10 +207,6 @@ module Dependabot
           raise DependencyFileNotResolvable, msg
         end
 
-        def user_specified_python_requirement
-          python_requirement_parser.user_specified_requirement
-        end
-
         def python_requirement_parser
           @python_requirement_parser ||=
             FileParser::PythonRequirementParser.new(

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-python
 version: !ruby/object:Gem::Version
-  version: 0.110.16
+  version: 0.110.17
 platform: ruby
 authors:
 - Dependabot
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.110.16
+        version: 0.110.17
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.110.16
+        version: 0.110.17
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement