dependabot-python 0.299.1 → 0.300.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/requirements.txt +2 -2
  3. data/lib/dependabot/python/file_updater/poetry_file_updater.rb +1 -1
  4. data/lib/dependabot/python/metadata_finder.rb +36 -10
  5. data/lib/dependabot/python/package/package_details_fetcher.rb +2 -1
  6. data/lib/dependabot/python/update_checker/latest_version_finder.rb +5 -0
  7. data/lib/dependabot/python/update_checker/pip_version_resolver.rb +4 -1
  8. data/lib/dependabot/python/update_checker/poetry_version_resolver.rb +1 -1
  9. data/lib/dependabot/python/update_checker.rb +2 -0
  10. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: acceb8fa127937d9f47961a162388d23ff9bf1c5c0c5d0ebbbe07a65273762e7
4
- data.tar.gz: 9b8f49f1c670ea8473b506fbbfff4dfe8fb570664c2ceb07fdf9b9ff5778977a
3
+ metadata.gz: c66f1ad421fbc53cea7f4eafddfb4e31c0acb69876af1b3291407176d968e2fe
4
+ data.tar.gz: f63f34f3be94781bce2e3471002b56df61b4fc8b04b0cf645f3e1d305749a302
5
5
  SHA512:
6
- metadata.gz: 42bc5d2b34edc189d8f0eb9c58db001695abcae2607dfb17281c512c43822c863460298a8384498746e5c0c372df850ae608437c1dc6e38a152030e36b103aea
7
- data.tar.gz: 05e37c59eeb041362d71b84e3cfe38c93a7e7ed90ef14a7bfa781dfa10795d7a778f4cf9c4a946817c3f6da5f6275505f09583eee5dceec2f0eebde3b72326a8
6
+ metadata.gz: 39ebf5bb262f04d910a81abbc28c48afefabd49731646289accccd9ac10d10686d180fc48ba7983ace19b06906f13eb9420202f906807d5c36a4c6caa75ea325
7
+ data.tar.gz: 1435af159a0c50873c1ddfca6d335520411a3ea8e04ecef83e0c430abe20200c3e7949182c8225d60011175d1ca5876c258a628af97ef479d85608297dbeed64
data/helpers/requirements.txt CHANGED
@@ -2,9 +2,9 @@ pip==24.0
2
2
  pip-tools==7.4.1
3
3
  flake8==7.1.0
4
4
  hashin==1.0.3
5
- pipenv==2024.0.2
5
+ pipenv==2024.4.1
6
6
  plette==2.1.0
7
- poetry==1.8.5
7
+ poetry==2.1.1
8
8
  # TODO: Replace 3p package `tomli` with 3.11's new stdlib `tomllib` once we drop support for Python 3.10.
9
9
  tomli==2.0.1
10
10
 
data/lib/dependabot/python/file_updater/poetry_file_updater.rb CHANGED
@@ -190,7 +190,7 @@ module Dependabot
190
190
  language_version_manager.install_required_python
191
191
 
192
192
  # use system git instead of the pure Python dulwich
193
- run_poetry_command("pyenv exec poetry config experimental.system-git-client true")
193
+ run_poetry_command("pyenv exec poetry config system-git-client true")
194
194
 
195
195
  run_poetry_update_command
196
196
 
data/lib/dependabot/python/metadata_finder.rb CHANGED
@@ -1,4 +1,4 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "excon"
@@ -13,8 +13,22 @@ require "dependabot/python/name_normaliser"
13
13
  module Dependabot
14
14
  module Python
15
15
  class MetadataFinder < Dependabot::MetadataFinders::Base
16
+ extend T::Sig
16
17
  MAIN_PYPI_URL = "https://pypi.org/pypi"
17
18
 
19
+ sig do
20
+ params(
21
+ dependency: Dependabot::Dependency,
22
+ credentials: T::Array[Dependabot::Credential]
23
+ )
24
+ .void
25
+ end
26
+ def initialize(dependency:, credentials:)
27
+ super
28
+ @pypi_listing = T.let(nil, T.nilable(T::Hash[String, T.untyped]))
29
+ end
30
+
31
+ sig { returns(T.nilable(String)) }
18
32
  def homepage_url
19
33
  pypi_listing.dig("info", "home_page") ||
20
34
  pypi_listing.dig("info", "project_urls", "Homepage") ||
@@ -24,6 +38,7 @@ module Dependabot
24
38
 
25
39
  private
26
40
 
41
+ sig { override.returns(T.nilable(Dependabot::Source)) }
27
42
  def look_up_source
28
43
  potential_source_urls = [
29
44
  pypi_listing.dig("info", "project_urls", "Source"),
@@ -44,6 +59,7 @@ module Dependabot
44
59
  end
45
60
 
46
61
  # rubocop:disable Metrics/PerceivedComplexity
62
+ sig { returns(T.nilable(String)) }
47
63
  def source_from_description
48
64
  potential_source_urls = []
49
65
  desc = pypi_listing.dig("info", "description")
@@ -64,7 +80,7 @@ module Dependabot
64
80
 
65
81
  # Failing that, look for a source where the full dependency name is
66
82
  # mentioned when the link is followed
67
- @source_from_description ||=
83
+ @source_from_description ||= T.let(
68
84
  potential_source_urls.find do |url|
69
85
  full_url = Source.from_url(url)&.url
70
86
  next unless full_url
@@ -73,16 +89,19 @@ module Dependabot
73
89
  next unless response.status == 200
74
90
 
75
91
  response.body.include?(normalised_dependency_name)
76
- end
92
+ end, T.nilable(String)
93
+ )
77
94
  end
78
95
  # rubocop:enable Metrics/PerceivedComplexity
79
96
 
80
97
  # rubocop:disable Metrics/PerceivedComplexity
98
+ sig { returns(T.nilable(String)) }
81
99
  def source_from_homepage
82
- return unless homepage_body
100
+ homepage_body_local = homepage_body
101
+ return unless homepage_body_local
83
102
 
84
103
  potential_source_urls = []
85
- homepage_body.scan(Source::SOURCE_REGEX) do
104
+ homepage_body_local.scan(Source::SOURCE_REGEX) do
86
105
  potential_source_urls << Regexp.last_match.to_s
87
106
  end
88
107
 
@@ -93,7 +112,7 @@ module Dependabot
93
112
 
94
113
  return match_url if match_url
95
114
 
96
- @source_from_homepage ||=
115
+ @source_from_homepage ||= T.let(
97
116
  potential_source_urls.find do |url|
98
117
  full_url = Source.from_url(url)&.url
99
118
  next unless full_url
@@ -102,10 +121,12 @@ module Dependabot
102
121
  next unless response.status == 200
103
122
 
104
123
  response.body.include?(normalised_dependency_name)
105
- end
124
+ end, T.nilable(String)
125
+ )
106
126
  end
107
127
  # rubocop:enable Metrics/PerceivedComplexity
108
128
 
129
+ sig { returns(T.nilable(String)) }
109
130
  def homepage_body
110
131
  homepage_url = pypi_listing.dig("info", "home_page")
111
132
 
@@ -115,19 +136,21 @@ module Dependabot
115
136
  "pypi.python.org"
116
137
  ].include?(URI(homepage_url).host)
117
138
 
118
- @homepage_response ||=
139
+ @homepage_response ||= T.let(
119
140
  begin
120
141
  Dependabot::RegistryClient.get(url: homepage_url)
121
142
  rescue Excon::Error::Timeout, Excon::Error::Socket,
122
143
  Excon::Error::TooManyRedirects, ArgumentError
123
144
  nil
124
- end
145
+ end, T.nilable(Excon::Response)
146
+ )
125
147
 
126
148
  return unless @homepage_response&.status == 200
127
149
 
128
- @homepage_response.body
150
+ @homepage_response&.body
129
151
  end
130
152
 
153
+ sig { returns(T::Hash[String, T.untyped]) }
131
154
  def pypi_listing
132
155
  return @pypi_listing unless @pypi_listing.nil?
133
156
  return @pypi_listing = {} if dependency.version&.include?("+")
@@ -147,6 +170,7 @@ module Dependabot
147
170
  @pypi_listing = {} # No listing found
148
171
  end
149
172
 
173
+ sig { params(url: String).returns(Excon::Response) }
150
174
  def fetch_authed_url(url)
151
175
  if url.match(%r{(.*)://(.*?):(.*)@([^@]+)$}) &&
152
176
  Regexp.last_match&.captures&.[](1)&.include?("@")
@@ -164,6 +188,7 @@ module Dependabot
164
188
  end
165
189
  end
166
190
 
191
+ sig { returns(T::Array[String]) }
167
192
  def possible_listing_urls
168
193
  credential_urls =
169
194
  credentials
@@ -176,6 +201,7 @@ module Dependabot
176
201
  end
177
202
 
178
203
  # Strip [extras] from name (dependency_name[extra_dep,other_extra])
204
+ sig { returns(String) }
179
205
  def normalised_dependency_name
180
206
  NameNormaliser.normalise(dependency.name)
181
207
  end
data/lib/dependabot/python/package/package_details_fetcher.rb CHANGED
@@ -385,8 +385,9 @@ module Dependabot
385
385
 
386
386
  sig { params(json_url: String).returns(Excon::Response) }
387
387
  def registry_json_response_for_dependency(json_url)
388
+ url = "#{json_url.chomp('/')}/#{@dependency.name}/json"
388
389
  Dependabot::RegistryClient.get(
389
- url: "#{json_url.chomp('/')}/#{@dependency.name}/json",
390
+ url: url,
390
391
  headers: { "Accept" => APPLICATION_JSON }
391
392
  )
392
393
  end
data/lib/dependabot/python/update_checker/latest_version_finder.rb CHANGED
@@ -32,6 +32,11 @@ module Dependabot
32
32
  credentials: credentials
33
33
  ).fetch
34
34
  end
35
+
36
+ sig { override.returns(T::Boolean) }
37
+ def cooldown_enabled?
38
+ Dependabot::Experiments.enabled?(:enable_cooldown_for_python)
39
+ end
35
40
  end
36
41
  end
37
42
  end
data/lib/dependabot/python/update_checker/pip_version_resolver.rb CHANGED
@@ -11,12 +11,13 @@ module Dependabot
11
11
  class UpdateChecker
12
12
  class PipVersionResolver
13
13
  def initialize(dependency:, dependency_files:, credentials:,
14
- ignored_versions:, raise_on_ignored: false,
14
+ ignored_versions:, update_cooldown: nil, raise_on_ignored: false,
15
15
  security_advisories:)
16
16
  @dependency = dependency
17
17
  @dependency_files = dependency_files
18
18
  @credentials = credentials
19
19
  @ignored_versions = ignored_versions
20
+ @update_cooldown = update_cooldown
20
21
  @raise_on_ignored = raise_on_ignored
21
22
  @security_advisories = security_advisories
22
23
  end
@@ -50,8 +51,10 @@ module Dependabot
50
51
  credentials: credentials,
51
52
  ignored_versions: ignored_versions,
52
53
  raise_on_ignored: @raise_on_ignored,
54
+ cooldown_options: @update_cooldown,
53
55
  security_advisories: security_advisories
54
56
  )
57
+ @latest_version_finder
55
58
  end
56
59
 
57
60
  def python_requirement_parser
data/lib/dependabot/python/update_checker/poetry_version_resolver.rb CHANGED
@@ -97,7 +97,7 @@ module Dependabot
97
97
  language_version_manager.install_required_python
98
98
 
99
99
  # use system git instead of the pure Python dulwich
100
- run_poetry_command("pyenv exec poetry config experimental.system-git-client true")
100
+ run_poetry_command("pyenv exec poetry config system-git-client true")
101
101
 
102
102
  # Shell out to Poetry, which handles everything for us.
103
103
  run_poetry_update_command
data/lib/dependabot/python/update_checker.rb CHANGED
@@ -187,6 +187,7 @@ module Dependabot
187
187
  dependency_files: dependency_files,
188
188
  credentials: credentials,
189
189
  ignored_versions: ignored_versions,
190
+ update_cooldown: @update_cooldown,
190
191
  raise_on_ignored: @raise_on_ignored,
191
192
  security_advisories: security_advisories
192
193
  )
@@ -255,6 +256,7 @@ module Dependabot
255
256
  credentials: credentials,
256
257
  ignored_versions: ignored_versions,
257
258
  raise_on_ignored: @raise_on_ignored,
259
+ cooldown_options: @update_cooldown,
258
260
  security_advisories: security_advisories
259
261
  )
260
262
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.299.1
4
+ version: 0.300.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2025-02-28 00:00:00.000000000 Z
11
+ date: 2025-03-06 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.299.1
19
+ version: 0.300.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.299.1
26
+ version: 0.300.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -291,7 +291,7 @@ licenses:
291
291
  - MIT
292
292
  metadata:
293
293
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
294
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.299.1
294
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.300.0
295
295
  post_install_message:
296
296
  rdoc_options: []
297
297
  require_paths: