dependabot-python 0.377.0 → 0.378.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/build +12 -1
  3. data/helpers/requirements-3.9.txt +15 -0
  4. data/helpers/requirements.txt +5 -5
  5. data/lib/dependabot/python/file_parser/pyproject_files_parser.rb +2 -2
  6. data/lib/dependabot/python/language.rb +10 -8
  7. data/lib/dependabot/python/update_checker/poetry_version_resolver.rb +3 -1
  8. metadata +5 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 97fc5f469b022c35a988056752d5de194bb42712a22b0841437b64b95d1979d4
4
- data.tar.gz: d294b949dda1e010b01caae6c285f979c7c9510f55e57a8f7ed48b06c141d9ba
3
+ metadata.gz: 61fc61302a50b0c01bb331b80e2ae2b02ad4a59734310cd621a4176fb86ccefb
4
+ data.tar.gz: d42a62ba72dacd9e0368aa66c3b19b9791a9896f231cf5d43da258204dfe19d4
5
5
  SHA512:
6
- metadata.gz: 2437d172ed350ebcf53af1cbf4f6086d2229d97ab1ecb9ba4729750b0b1643f6eaf1088928443e1b9f465eacf0106e3df8aaf542a401113dd3ca4efc42e468d8
7
- data.tar.gz: f923f746f74bdc91ba8a47f3a1366250a90ebc178b0ae1eb94a012cb43777fedc854b19cb427ffcad4232408cf1bfc2f60bf04aaef8e58aee28cc3d9d039e5fe
6
+ metadata.gz: cf7432b8dd7bc1d8338e11df066ca36be310215847b3508933abde9676b97cac4bc3bb724ec7b68acf137bb24b202d1de2c1117244228e36c2dc22a7cbfc86cb
7
+ data.tar.gz: 33ecc6ad4b78e6327fa28224f1b5fe7fec57da1ff1a3106cb06b97e69bf30ab7e91040a7c5f1b2622d1b522a6889f5bb9cd81207a50822ddd9fd6ec024c97238
data/helpers/build CHANGED
@@ -15,6 +15,7 @@ cp -r \
15
15
  "$helpers_dir/lib" \
16
16
  "$helpers_dir/run.py" \
17
17
  "$helpers_dir/requirements.txt" \
18
+ "$helpers_dir/requirements-3.9.txt" \
18
19
  "$install_dir"
19
20
 
20
21
  if [ -d "$helpers_dir/test" ]; then
@@ -22,7 +23,17 @@ if [ -d "$helpers_dir/test" ]; then
22
23
  fi
23
24
 
24
25
  cd "$install_dir"
25
- PYENV_VERSION=$1 pyenv exec pip3 --disable-pip-version-check install --use-pep517 -r "requirements.txt"
26
+
27
+ python_version=$1
28
+ # pip 26.x and several other packages require Python >=3.10.
29
+ # Use 3.9-compatible versions for the deprecated Python 3.9 runtime.
30
+ if [[ "$python_version" == 3.9.* ]]; then
31
+ req_file="requirements-3.9.txt"
32
+ else
33
+ req_file="requirements.txt"
34
+ fi
35
+
36
+ PYENV_VERSION=$python_version pyenv exec pip3 --disable-pip-version-check install --use-pep517 -r "$req_file"
26
37
 
27
38
  # Remove the extra objects added during the previous install. Based on
28
39
  # https://github.com/docker-library/python/blob/master/Dockerfile-linux.template
data/helpers/requirements-3.9.txt ADDED
@@ -0,0 +1,15 @@
1
+ # Python 3.9-compatible versions pinned to the last known working set before
2
+ # packages dropped 3.9 support. Python 3.9 reached end-of-life on 2025-10-31.
3
+ pip==24.2
4
+ pip-tools==7.5.3
5
+ flake8==7.3.0
6
+ hashin==1.0.5
7
+ pipenv==2024.4.1
8
+ plette==2.1.0
9
+ poetry==2.2.1
10
+ pytest==8.3.5
11
+ # tomli is required for Python <3.11 (stdlib tomllib was added in 3.11).
12
+ tomli==2.2.1
13
+
14
+ # Some dependencies will only install if Cython is present
15
+ Cython==3.2.4
data/helpers/requirements.txt CHANGED
@@ -1,13 +1,13 @@
1
- pip==24.2
1
+ pip==26.1.1
2
2
  pip-tools==7.5.3
3
3
  flake8==7.3.0
4
4
  hashin==1.0.5
5
5
  pipenv==2024.4.1
6
- plette==2.1.0
7
- poetry==2.2.1
8
- pytest==8.3.5
6
+ plette==2.2.1
7
+ poetry==2.4.1
8
+ pytest==9.0.3
9
9
  # TODO: Replace 3p package `tomli` with 3.11's new stdlib `tomllib` once we drop support for Python 3.10.
10
- tomli==2.2.1
10
+ tomli==2.4.1
11
11
 
12
12
  # Some dependencies will only install if Cython is present
13
13
  Cython==3.2.4
data/lib/dependabot/python/file_parser/pyproject_files_parser.rb CHANGED
@@ -113,12 +113,12 @@ module Dependabot
113
113
  sig do
114
114
  params(
115
115
  type: String,
116
- deps_hash: T::Hash[String,
117
- T.untyped]
116
+ deps_hash: T.nilable(T::Hash[String, T.untyped])
118
117
  ).returns(Dependabot::FileParsers::Base::DependencySet)
119
118
  end
120
119
  def parse_poetry_dependency_group(type, deps_hash)
121
120
  dependencies = Dependabot::FileParsers::Base::DependencySet.new
121
+ return dependencies if deps_hash.nil?
122
122
 
123
123
  deps_hash.each do |name, req|
124
124
  next if normalise(name) == "python"
data/lib/dependabot/python/language.rb CHANGED
@@ -13,15 +13,15 @@ module Dependabot
13
13
  extend T::Sig
14
14
 
15
15
  # This list must match the versions specified at the top of `python/Dockerfile`
16
- # ARG PY_3_13=3.13.2
16
+ # e.g. ARG PY_3_13=3.13.x
17
17
  # Note: uv ecosystem aliases this class, so updates here apply to both ecosystems.
18
18
  PRE_INSTALLED_PYTHON_VERSIONS_RAW = %w(
19
- 3.14.2
20
- 3.13.11
21
- 3.12.12
22
- 3.11.14
23
- 3.10.19
24
- 3.9.24
19
+ 3.14.5
20
+ 3.13.13
21
+ 3.12.13
22
+ 3.11.15
23
+ 3.10.20
24
+ 3.9.25
25
25
  ).freeze
26
26
 
27
27
  PRE_INSTALLED_PYTHON_VERSIONS = T.let(
@@ -47,7 +47,9 @@ module Dependabot
47
47
  T::Array[Dependabot::Python::Version]
48
48
  )
49
49
 
50
- NON_SUPPORTED_HIGHEST_VERSION = "3.8"
50
+ # The highest Python version that is no longer fully supported.
51
+ # Deprecated now (warning); unsupported once removed from PRE_INSTALLED_PYTHON_VERSIONS_RAW.
52
+ NON_SUPPORTED_HIGHEST_VERSION = "3.9"
51
53
 
52
54
  DEPRECATED_VERSIONS = T.let([Version.new(NON_SUPPORTED_HIGHEST_VERSION)].freeze, T::Array[Dependabot::Version])
53
55
 
data/lib/dependabot/python/update_checker/poetry_version_resolver.rb CHANGED
@@ -341,8 +341,10 @@ module Dependabot
341
341
  TomlRB.dump(pyproject_object)
342
342
  end
343
343
 
344
- sig { params(toml_node: T::Hash[String, T.untyped], requirement: String).void }
344
+ sig { params(toml_node: T.nilable(T::Hash[String, T.untyped]), requirement: String).void }
345
345
  def update_dependency_requirement(toml_node, requirement)
346
+ return unless toml_node
347
+
346
348
  names = toml_node.keys
347
349
  pkg_name = names.find { |nm| normalise(nm) == dependency.name }
348
350
  return unless pkg_name
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.377.0
4
+ version: 0.378.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -15,14 +15,14 @@ dependencies:
15
15
  requirements:
16
16
  - - '='
17
17
  - !ruby/object:Gem::Version
18
- version: 0.377.0
18
+ version: 0.378.0
19
19
  type: :runtime
20
20
  prerelease: false
21
21
  version_requirements: !ruby/object:Gem::Requirement
22
22
  requirements:
23
23
  - - '='
24
24
  - !ruby/object:Gem::Version
25
- version: 0.377.0
25
+ version: 0.378.0
26
26
  - !ruby/object:Gem::Dependency
27
27
  name: debug
28
28
  requirement: !ruby/object:Gem::Requirement
@@ -245,6 +245,7 @@ files:
245
245
  - helpers/lib/__init__.py
246
246
  - helpers/lib/hasher.py
247
247
  - helpers/lib/parser.py
248
+ - helpers/requirements-3.9.txt
248
249
  - helpers/requirements.txt
249
250
  - helpers/run.py
250
251
  - helpers/test/fixtures/no_dependencies.toml
@@ -322,7 +323,7 @@ licenses:
322
323
  - MIT
323
324
  metadata:
324
325
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
325
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.377.0
326
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.378.0
326
327
  rdoc_options: []
327
328
  require_paths:
328
329
  - lib