RubyGems - dependabot-uv - Versions diffs - 0.299.1 → 0.301.0 - Mend

dependabot-uv 0.299.1 → 0.301.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

checksums.yaml +4 -4
data/lib/dependabot/uv/file_fetcher.rb +55 -25
data/lib/dependabot/uv/file_parser/python_requirement_parser.rb +5 -44
data/lib/dependabot/uv/file_parser.rb +77 -101
data/lib/dependabot/uv/file_updater/lock_file_updater.rb +392 -0
data/lib/dependabot/uv/file_updater/pyproject_preparer.rb +97 -77
data/lib/dependabot/uv/file_updater.rb +14 -1
data/lib/dependabot/uv/{pip_compile_file_matcher.rb → requirements_file_matcher.rb} +5 -5
data/lib/dependabot/uv/update_checker/lock_file_resolver.rb +48 -0
data/lib/dependabot/uv/update_checker.rb +12 -1
metadata +8 -7
data/lib/dependabot/uv/file_parser/pipfile_files_parser.rb +0 -192

data/lib/dependabot/uv/update_checker/lock_file_resolver.rb ADDED Viewed

@@ -0,0 +1,48 @@
+# typed: true
+# frozen_string_literal: true
+require "dependabot/uv/version"
+require "dependabot/uv/requirement"
+require "dependabot/uv/update_checker"
+module Dependabot
+  module Uv
+    class UpdateChecker
+      class LockFileResolver
+        def initialize(dependency:, dependency_files:, credentials:, repo_contents_path: nil)
+          @dependency = dependency
+          @dependency_files = dependency_files
+          @credentials = credentials
+          @repo_contents_path = repo_contents_path
+        end
+        def latest_resolvable_version(requirement:)
+          return nil unless requirement
+          req = Uv::Requirement.new(requirement)
+          # Get the version from the dependency if available
+          version_from_dependency = dependency.version && Uv::Version.new(dependency.version)
+          return version_from_dependency if version_from_dependency && req.satisfied_by?(version_from_dependency)
+          nil
+        end
+        def resolvable?(*)
+          true
+        end
+        def lowest_resolvable_security_fix_version
+          nil
+        end
+        private
+        attr_reader :dependency
+        attr_reader :dependency_files
+        attr_reader :credentials
+        attr_reader :repo_contents_path
+      end
+    end
+  end
+end

data/lib/dependabot/uv/update_checker.rb CHANGED Viewed

@@ -21,6 +21,7 @@ module Dependabot
       require_relative "update_checker/pip_version_resolver"
       require_relative "update_checker/requirements_updater"
       require_relative "update_checker/latest_version_finder"
+      require_relative "update_checker/lock_file_resolver"
       MAIN_PYPI_INDEXES = %w(
         https://pypi.python.org/simple/
@@ -118,6 +119,7 @@ module Dependabot
         case resolver_type
         when :pip_compile then pip_compile_version_resolver
         when :requirements then pip_version_resolver
+        when :lock_file then lock_file_resolver
         else raise "Unexpected resolver type #{resolver_type}"
         end
       end
@@ -134,6 +136,7 @@ module Dependabot
         # which resolver to use based on the filename of its requirements
         return :requirements if updating_pyproject?
         return :pip_compile if updating_in_file?
+        return :lock_file if updating_uv_lock?
         if dependency.version && !exact_requirement?(reqs)
           subdependency_resolver
@@ -171,6 +174,10 @@ module Dependabot
         )
       end
+      def lock_file_resolver
+        @lock_file_resolver ||= LockFileResolver.new(**resolver_args)
+      end
       def resolver_args
         {
           dependency: dependency,
@@ -187,7 +194,7 @@ module Dependabot
         requirement = reqs.find do |r|
           file = r[:file]
-          file == "Pipfile" || file == "pyproject.toml" || file.end_with?(".in") || file.end_with?(".txt")
+          file == "uv.lock" || file == "pyproject.toml" || file.end_with?(".in") || file.end_with?(".txt")
         end
         requirement&.fetch(:requirement)
@@ -267,6 +274,10 @@ module Dependabot
         requirement_files.any? { |f| f.end_with?(".in") }
       end
+      def updating_uv_lock?
+        requirement_files.any?("uv.lock")
+      end
       def requirements_text_file?
         requirement_files.any? { |f| f.end_with?("requirements.txt") }
       end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-uv
 version: !ruby/object:Gem::Version
-  version: 0.299.1
+  version: 0.301.0
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-02-28 00:00:00.000000000 Z
+date: 2025-03-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.299.1
+        version: 0.301.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.299.1
+        version: 0.301.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -252,12 +252,12 @@ files:
 - lib/dependabot/uv/authed_url_builder.rb
 - lib/dependabot/uv/file_fetcher.rb
 - lib/dependabot/uv/file_parser.rb
-- lib/dependabot/uv/file_parser/pipfile_files_parser.rb
 - lib/dependabot/uv/file_parser/pyproject_files_parser.rb
 - lib/dependabot/uv/file_parser/python_requirement_parser.rb
 - lib/dependabot/uv/file_parser/setup_file_parser.rb
 - lib/dependabot/uv/file_updater.rb
 - lib/dependabot/uv/file_updater/compile_file_updater.rb
+- lib/dependabot/uv/file_updater/lock_file_updater.rb
 - lib/dependabot/uv/file_updater/pyproject_preparer.rb
 - lib/dependabot/uv/file_updater/requirement_file_updater.rb
 - lib/dependabot/uv/file_updater/requirement_replacer.rb
@@ -267,13 +267,14 @@ files:
 - lib/dependabot/uv/name_normaliser.rb
 - lib/dependabot/uv/native_helpers.rb
 - lib/dependabot/uv/package_manager.rb
-- lib/dependabot/uv/pip_compile_file_matcher.rb
 - lib/dependabot/uv/pipenv_runner.rb
 - lib/dependabot/uv/requirement.rb
 - lib/dependabot/uv/requirement_parser.rb
+- lib/dependabot/uv/requirements_file_matcher.rb
 - lib/dependabot/uv/update_checker.rb
 - lib/dependabot/uv/update_checker/index_finder.rb
 - lib/dependabot/uv/update_checker/latest_version_finder.rb
+- lib/dependabot/uv/update_checker/lock_file_resolver.rb
 - lib/dependabot/uv/update_checker/pip_compile_version_resolver.rb
 - lib/dependabot/uv/update_checker/pip_version_resolver.rb
 - lib/dependabot/uv/update_checker/requirements_updater.rb
@@ -283,7 +284,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.299.1
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.301.0
 post_install_message:
 rdoc_options: []
 require_paths:

data/lib/dependabot/uv/file_parser/pipfile_files_parser.rb DELETED Viewed

@@ -1,192 +0,0 @@
-# typed: strict
-# frozen_string_literal: true
-require "toml-rb"
-require "dependabot/dependency"
-require "dependabot/file_parsers/base/dependency_set"
-require "dependabot/uv/file_parser"
-require "dependabot/errors"
-require "dependabot/uv/name_normaliser"
-module Dependabot
-  module Uv
-    class FileParser
-      class PipfileFilesParser
-        extend T::Sig
-        DEPENDENCY_GROUP_KEYS = T.let([
-          {
-            pipfile: "packages",
-            lockfile: "default"
-          },
-          {
-            pipfile: "dev-packages",
-            lockfile: "develop"
-          }
-        ].freeze, T::Array[T::Hash[Symbol, String]])
-        sig { params(dependency_files: T::Array[Dependabot::DependencyFile]).void }
-        def initialize(dependency_files:)
-          @dependency_files = dependency_files
-        end
-        sig { returns(Dependabot::FileParsers::Base::DependencySet) }
-        def dependency_set
-          dependency_set = Dependabot::FileParsers::Base::DependencySet.new
-          dependency_set += pipfile_dependencies
-          dependency_set += pipfile_lock_dependencies
-          dependency_set
-        end
-        private
-        sig { returns(T::Array[Dependabot::DependencyFile]) }
-        attr_reader :dependency_files
-        sig { returns(Dependabot::FileParsers::Base::DependencySet) }
-        def pipfile_dependencies
-          dependencies = Dependabot::FileParsers::Base::DependencySet.new
-          DEPENDENCY_GROUP_KEYS.each do |keys|
-            next unless parsed_pipfile[T.must(keys[:pipfile])]
-            parsed_pipfile[T.must(keys[:pipfile])].map do |dep_name, req|
-              group = keys[:lockfile]
-              next unless specifies_version?(req)
-              next if git_or_path_requirement?(req)
-              next if pipfile_lock && !dependency_version(dep_name, req, T.must(group))
-              # Empty requirements are not allowed in Dependabot::Dependency and
-              # equivalent to "*" (latest available version)
-              req = "*" if req == ""
-              dependencies <<
-                Dependency.new(
-                  name: normalised_name(dep_name),
-                  version: dependency_version(dep_name, req, T.must(group)),
-                  requirements: [{
-                    requirement: req.is_a?(String) ? req : req["version"],
-                    file: T.must(pipfile).name,
-                    source: nil,
-                    groups: [group]
-                  }],
-                  package_manager: "uv",
-                  metadata: { original_name: dep_name }
-                )
-            end
-          end
-          dependencies
-        end
-        # Create a DependencySet where each element has no requirement. Any
-        # requirements will be added when combining the DependencySet with
-        # other DependencySets.
-        sig { returns(Dependabot::FileParsers::Base::DependencySet) }
-        def pipfile_lock_dependencies
-          dependencies = Dependabot::FileParsers::Base::DependencySet.new
-          return dependencies unless pipfile_lock
-          DEPENDENCY_GROUP_KEYS.map { |h| h.fetch(:lockfile) }.each do |key|
-            next unless parsed_pipfile_lock[key]
-            parsed_pipfile_lock[key].each do |dep_name, details|
-              version = case details
-                        when String then details
-                        when Hash then details["version"]
-                        end
-              next unless version
-              next if git_or_path_requirement?(details)
-              dependencies <<
-                Dependency.new(
-                  name: dep_name,
-                  version: version&.gsub(/^===?/, ""),
-                  requirements: [],
-                  package_manager: "uv",
-                  subdependency_metadata: [{ production: key != "develop" }]
-                )
-            end
-          end
-          dependencies
-        end
-        sig do
-          params(dep_name: String, requirement: T.any(String, T::Hash[String, T.untyped]),
-                 group: String).returns(T.nilable(String))
-        end
-        def dependency_version(dep_name, requirement, group)
-          req = version_from_hash_or_string(requirement)
-          if pipfile_lock
-            details = parsed_pipfile_lock
-                      .dig(group, normalised_name(dep_name))
-            version = version_from_hash_or_string(details)
-            version&.gsub(/^===?/, "")
-          elsif T.must(req).start_with?("==") && !T.must(req).include?("*")
-            T.must(req).strip.gsub(/^===?/, "")
-          end
-        end
-        sig do
-          params(obj: T.any(String, NilClass, T::Array[String], T::Hash[String, T.untyped])).returns(T.nilable(String))
-        end
-        def version_from_hash_or_string(obj)
-          case obj
-          when String then obj.strip
-          when Hash then obj["version"]
-          end
-        end
-        sig { params(req: T.any(String, T::Hash[String, T.untyped])).returns(T.any(T::Boolean, NilClass, String)) }
-        def specifies_version?(req)
-          return true if req.is_a?(String)
-          req["version"]
-        end
-        sig { params(req: T.any(String, T::Hash[String, T.untyped])).returns(T::Boolean) }
-        def git_or_path_requirement?(req)
-          return false unless req.is_a?(Hash)
-          %w(git path).any? { |k| req.key?(k) }
-        end
-        sig { params(name: String, extras: T::Array[String]).returns(String) }
-        def normalised_name(name, extras = [])
-          NameNormaliser.normalise_including_extras(name, extras)
-        end
-        sig { returns(T::Hash[String, T.untyped]) }
-        def parsed_pipfile
-          @parsed_pipfile ||= T.let(TomlRB.parse(T.must(pipfile).content), T.nilable(T::Hash[String, T.untyped]))
-        rescue TomlRB::ParseError, TomlRB::ValueOverwriteError
-          raise Dependabot::DependencyFileNotParseable, T.must(pipfile).path
-        end
-        sig { returns(T::Hash[String, T.untyped]) }
-        def parsed_pipfile_lock
-          @parsed_pipfile_lock ||= T.let(JSON.parse(T.must(T.must(pipfile_lock).content)),
-                                         T.nilable(T::Hash[String, T.untyped]))
-        rescue JSON::ParserError
-          raise Dependabot::DependencyFileNotParseable, T.must(pipfile_lock).path
-        end
-        sig { returns(T.nilable(Dependabot::DependencyFile)) }
-        def pipfile
-          @pipfile ||= T.let(dependency_files.find { |f| f.name == "Pipfile" }, T.nilable(Dependabot::DependencyFile))
-        end
-        sig { returns(T.nilable(Dependabot::DependencyFile)) }
-        def pipfile_lock
-          @pipfile_lock ||= T.let(dependency_files.find { |f| f.name == "Pipfile.lock" },
-                                  T.nilable(Dependabot::DependencyFile))
-        end
-      end
-    end
-  end
-end