dependabot-python 0.384.0 → 0.385.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b6405520b155dd8840d410c10903c72346fa6f9f6ffc5ee8fe4cf127966b8731
4
- data.tar.gz: f989de684c9667c74b10752a9e13e1f8c5b0af20dc174a4ef912579bc92ebe67
3
+ metadata.gz: edc98d373ce3e27a5db1080f1ddc5f2a7a60c8be26a734ac889abf8e2298ede0
4
+ data.tar.gz: fd9d7507adb7b29b972c2f318a785eea5efd4150e12e2a6a3fe5707463d38f8a
5
5
  SHA512:
6
- metadata.gz: 2e8efe8bf43595044ee3985ff7fb48a2016be8bec469a449de97f12e0997041f8f5461c283c270544d64cd8e9e11af55a24d45ad0e26562bd9c9e3f03744679b
7
- data.tar.gz: 0d40183b2f6ff7d1ec31d2807de7023db173b2f6d699b22c18faeea4d81cf582293c4812f07d3bf508f442ef8f86169295003d8a30f240ee88f821943219aa67
6
+ metadata.gz: 9d328bd3c10cb36152a63a2c3975303e111a540367ec6e464ef7ab8208bd2ee642c12561f72928116069160a39cf1b9aa0527b4efb7411966714ff6e41032cdf
7
+ data.tar.gz: 2a00eef7b5ac804ee7389022190c84a933e9ae2afa89e37852ffb68729a591ceba986587f823ac1a0df460d6d42e72587979328104af12b2d53a05f99c16b150
@@ -73,15 +73,20 @@ module Dependabot
73
73
 
74
74
  pyproject_object = TomlRB.parse(T.must(pyproject).content)
75
75
 
76
- # Check for PEP621 requires-python
77
- pep621_python = pyproject_object.dig("project", "requires-python")
78
- return pep621_python if pep621_python
79
-
80
- # Fallback to Poetry configuration
76
+ # Check for PEP621 requires-python, falling back to Poetry configuration.
81
77
  poetry_object = pyproject_object.dig("tool", "poetry")
82
-
83
- poetry_object&.dig("dependencies", "python") ||
78
+ value =
79
+ pyproject_object.dig("project", "requires-python") ||
80
+ poetry_object&.dig("dependencies", "python") ||
84
81
  poetry_object&.dig("dev-dependencies", "python")
82
+
83
+ # A manifest can declare the python constraint as a non-string (e.g. an
84
+ # unquoted TOML float `3.12`, or an array/inline-table for multiple
85
+ # constraints). Coerce scalars to a String and ignore unsupported shapes.
86
+ case value
87
+ when String then value
88
+ when Numeric then value.to_s
89
+ end
85
90
  end
86
91
 
87
92
  sig { returns(T.nilable(String)) }
@@ -94,7 +94,7 @@ module Dependabot
94
94
  dependencies: dependencies,
95
95
  dependency_files: dependency_files,
96
96
  credentials: credentials,
97
- cooldown: options[:update_cooldown]
97
+ cooldown: T.cast(options[:update_cooldown], T.nilable(Dependabot::Package::ReleaseCooldownOptions))
98
98
  ).updated_dependency_files
99
99
  end
100
100
 
@@ -416,6 +416,7 @@ module Dependabot
416
416
  sig { params(filename: String).returns(T.nilable(String)) }
417
417
  def get_version_from_filename(filename)
418
418
  filename
419
+ .strip
419
420
  .gsub(/#{name_regex}-/i, "")
420
421
  .split(/-|\.tar\.|\.zip|\.whl/)
421
422
  .first
@@ -1,4 +1,4 @@
1
- # typed: strict
1
+ # typed: strong
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "excon"
@@ -6,9 +6,7 @@ require "nokogiri"
6
6
  require "sorbet-runtime"
7
7
 
8
8
  require "dependabot/dependency"
9
- require "dependabot/git_commit_checker"
10
9
  require "dependabot/python/update_checker"
11
- require "dependabot/update_checkers/cooldown_calculation"
12
10
  require "dependabot/update_checkers/version_filters"
13
11
  require "dependabot/registry_client"
14
12
  require "dependabot/python/authed_url_builder"
@@ -23,38 +21,6 @@ module Dependabot
23
21
  class LatestVersionFinder < Dependabot::Package::PackageLatestVersionFinder
24
22
  extend T::Sig
25
23
 
26
- sig do
27
- params(git_commit_checker: Dependabot::GitCommitChecker)
28
- .returns(T.nilable(T::Hash[Symbol, T.untyped]))
29
- end
30
- def latest_version_tag(git_commit_checker:)
31
- return git_commit_checker.local_tag_for_latest_version unless cooldown_enabled?
32
-
33
- allowed_version_tags = git_commit_checker.local_tags_for_allowed_versions
34
- tags_in_cooldown = select_version_tags_in_cooldown_period(git_commit_checker)
35
-
36
- return max_version_from_tags(allowed_version_tags) if tags_in_cooldown.empty?
37
-
38
- filtered_tags = allowed_version_tags.reject do |tag|
39
- tags_in_cooldown.include?(tag[:tag])
40
- end
41
-
42
- if filtered_tags.empty?
43
- Dependabot.logger.info("All git tags filtered by cooldown for #{dependency.name}, returning nil")
44
- return nil
45
- end
46
-
47
- filtered_count = allowed_version_tags.count - filtered_tags.count
48
- if filtered_count.positive?
49
- Dependabot.logger.info("Filtered #{filtered_count} git tags due to cooldown for #{dependency.name}")
50
- end
51
-
52
- max_version_from_tags(filtered_tags)
53
- rescue StandardError => e
54
- Dependabot.logger.error("Error fetching latest version tag: #{e.message}")
55
- git_commit_checker.local_tag_for_latest_version
56
- end
57
-
58
24
  sig do
59
25
  override.returns(T.nilable(Dependabot::Package::PackageDetails))
60
26
  end
@@ -76,87 +42,6 @@ module Dependabot
76
42
  cooldown.semver_minor_days.to_i.positive? ||
77
43
  cooldown.semver_patch_days.to_i.positive?
78
44
  end
79
-
80
- private
81
-
82
- sig { params(tags: T::Array[T::Hash[Symbol, T.untyped]]).returns(T.nilable(T::Hash[Symbol, T.untyped])) }
83
- def max_version_from_tags(tags)
84
- tags.max_by { |t| t[:version] }
85
- end
86
-
87
- sig { params(git_commit_checker: Dependabot::GitCommitChecker).returns(T::Array[String]) }
88
- def select_version_tags_in_cooldown_period(git_commit_checker)
89
- version_tags_in_cooldown_period = T.let([], T::Array[String])
90
-
91
- git_commit_checker.refs_for_tag_with_detail.each do |git_tag_with_detail|
92
- if check_if_version_in_cooldown_period?(git_tag_with_detail)
93
- version_tags_in_cooldown_period << git_tag_with_detail.tag
94
- end
95
- end
96
- version_tags_in_cooldown_period
97
- rescue StandardError => e
98
- Dependabot.logger.error("Error checking if version is in cooldown: #{e.message}")
99
- []
100
- end
101
-
102
- sig { params(tag_with_detail: Dependabot::GitTagWithDetail).returns(T::Boolean) }
103
- def check_if_version_in_cooldown_period?(tag_with_detail)
104
- return false unless tag_with_detail.release_date
105
-
106
- current_version = version_class.correct?(dependency.version) ? version_class.new(dependency.version) : nil
107
- tag_version_str = tag_with_detail.tag.delete_prefix("v")
108
- return false unless version_class.correct?(tag_version_str)
109
-
110
- new_version = version_class.new(tag_version_str)
111
- days = cooldown_days_for(current_version, new_version)
112
-
113
- release_time = Time.at(release_date_to_seconds(tag_with_detail.release_date))
114
- Dependabot::UpdateCheckers::CooldownCalculation
115
- .within_cooldown_window?(release_time, days)
116
- end
117
-
118
- sig do
119
- params(
120
- current_version: T.nilable(Dependabot::Version),
121
- new_version: Dependabot::Version
122
- ).returns(Integer)
123
- end
124
- def cooldown_days_for(current_version, new_version)
125
- return 0 unless cooldown_enabled?
126
-
127
- cooldown = T.must(cooldown_options)
128
- return 0 unless cooldown.included?(dependency.name)
129
- return cooldown.default_days if current_version.nil?
130
-
131
- current_version_semver = current_version.semver_parts
132
- new_version_semver = new_version.semver_parts
133
-
134
- return cooldown.default_days if current_version_semver.nil? || new_version_semver.nil?
135
-
136
- current_major, current_minor, current_patch = current_version_semver
137
- new_major, new_minor, new_patch = new_version_semver
138
-
139
- return cooldown.semver_major_days if new_major > current_major
140
- return cooldown.semver_minor_days if new_minor > current_minor
141
- return cooldown.semver_patch_days if new_patch > current_patch
142
-
143
- cooldown.default_days
144
- end
145
-
146
- sig { returns(T.class_of(Dependabot::Version)) }
147
- def version_class
148
- dependency.version_class
149
- end
150
-
151
- sig { params(release_date: T.nilable(String)).returns(Integer) }
152
- def release_date_to_seconds(release_date)
153
- return 0 unless release_date
154
-
155
- Time.parse(release_date).to_i
156
- rescue ArgumentError => e
157
- Dependabot.logger.error("Invalid release date format: #{release_date} and error: #{e.message}")
158
- 0
159
- end
160
45
  end
161
46
  end
162
47
  end
@@ -85,8 +85,10 @@ module Dependabot
85
85
  version_string.nil? ? nil : Python::Version.new(version_string)
86
86
  end
87
87
 
88
- sig { params(version: Gem::Version).returns(T::Boolean) }
88
+ sig { params(version: T.nilable(Gem::Version)).returns(T::Boolean) }
89
89
  def resolvable?(version:)
90
+ return false if version.nil?
91
+
90
92
  @resolvable ||= T.let({}, T.nilable(T::Hash[Gem::Version, T::Boolean]))
91
93
  return T.must(@resolvable[version]) if @resolvable.key?(version)
92
94
 
@@ -164,7 +164,7 @@ module Dependabot
164
164
  sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
165
165
  def latest_git_version_details
166
166
  @latest_git_version_details ||= T.let(
167
- latest_version_finder.latest_version_tag(git_commit_checker: git_commit_checker),
167
+ git_commit_checker.local_tag_for_latest_version(@update_cooldown),
168
168
  T.nilable(T::Hash[Symbol, T.untyped])
169
169
  )
170
170
  end
@@ -78,7 +78,7 @@ module Dependabot
78
78
  def initialize(version) # rubocop:disable Metrics/AbcSize
79
79
  raise Dependabot::BadRequirementError, "Malformed version string - string is nil" if version.nil?
80
80
 
81
- @version_string = T.let(version.to_s, String)
81
+ @version_string = T.let(version.to_s.strip, String)
82
82
 
83
83
  raise Dependabot::BadRequirementError, "Malformed version string - string is empty" if @version_string.empty?
84
84
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.384.0
4
+ version: 0.385.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -15,14 +15,14 @@ dependencies:
15
15
  requirements:
16
16
  - - '='
17
17
  - !ruby/object:Gem::Version
18
- version: 0.384.0
18
+ version: 0.385.0
19
19
  type: :runtime
20
20
  prerelease: false
21
21
  version_requirements: !ruby/object:Gem::Requirement
22
22
  requirements:
23
23
  - - '='
24
24
  - !ruby/object:Gem::Version
25
- version: 0.384.0
25
+ version: 0.385.0
26
26
  - !ruby/object:Gem::Dependency
27
27
  name: debug
28
28
  requirement: !ruby/object:Gem::Requirement
@@ -322,7 +322,7 @@ licenses:
322
322
  - MIT
323
323
  metadata:
324
324
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
325
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.384.0
325
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.385.0
326
326
  rdoc_options: []
327
327
  require_paths:
328
328
  - lib