dependabot-uv 0.299.1

data/lib/dependabot/uv/version.rb

@@ -0,0 +1,321 @@
+# typed: true
+# frozen_string_literal: true
+
+require "dependabot/version"
+require "dependabot/utils"
+
+# See https://packaging.python.org/en/latest/specifications/version-specifiers for spec details.
+
+module Dependabot
+  module Uv
+    class Version < Dependabot::Version
+      sig { returns(Integer) }
+      attr_reader :epoch
+
+      sig { returns(T::Array[Integer]) }
+      attr_reader :release_segment
+
+      sig { returns(T.nilable(T::Array[T.any(String, Integer)])) }
+      attr_reader :dev
+
+      sig { returns(T.nilable(T::Array[T.any(String, Integer)])) }
+      attr_reader :pre
+
+      sig { returns(T.nilable(T::Array[T.any(String, Integer)])) }
+      attr_reader :post
+
+      sig { returns(T.nilable(T::Array[T.any(String, Integer)])) }
+      attr_reader :local
+
+      INFINITY = 1000
+      NEGATIVE_INFINITY = -INFINITY
+
+      # See https://peps.python.org/pep-0440/#appendix-b-parsing-version-strings-with-regular-expressions
+      VERSION_PATTERN = /
+        v?
+        (?:
+          (?:(?<epoch>[0-9]+)!)?                          # epoch
+          (?<release>[0-9]+(?:\.[0-9]+)*)                 # release
+          (?<pre>                                         # prerelease
+            [-_\.]?
+            (?<pre_l>(a|b|c|rc|alpha|beta|pre|preview))
+            [-_\.]?
+            (?<pre_n>[0-9]+)?
+          )?
+          (?<post>                                        # post release
+            (?:-(?<post_n1>[0-9]+))
+            |
+            (?:
+                [-_\.]?
+                (?<post_l>post|rev|r)
+                [-_\.]?
+                (?<post_n2>[0-9]+)?
+            )
+          )?
+          (?<dev>                                          # dev release
+            [-_\.]?
+            (?<dev_l>dev)
+            [-_\.]?
+            (?<dev_n>[0-9]+)?
+          )?
+        )
+        (?:\+(?<local>[a-z0-9]+(?:[-_\.][a-z0-9]+)*))?    # local version
+      /ix
+
+      ANCHORED_VERSION_PATTERN = /\A\s*#{VERSION_PATTERN}\s*\z/
+
+      sig { override.params(version: VersionParameter).returns(T::Boolean) }
+      def self.correct?(version)
+        return false if version.nil?
+
+        version.to_s.match?(ANCHORED_VERSION_PATTERN)
+      end
+
+      sig { override.params(version: VersionParameter).void }
+      def initialize(version)
+        raise Dependabot::BadRequirementError, "Malformed version string - string is nil" if version.nil?
+
+        @version_string = version.to_s
+
+        raise Dependabot::BadRequirementError, "Malformed version string - string is empty" if @version_string.empty?
+
+        matches = ANCHORED_VERSION_PATTERN.match(@version_string.downcase)
+
+        unless matches
+          raise Dependabot::BadRequirementError,
+                "Malformed version string - #{@version_string} does not match regex"
+        end
+
+        @epoch = matches["epoch"].to_i
+        @release_segment = matches["release"]&.split(".")&.map(&:to_i) || []
+        @pre = parse_letter_version(matches["pre_l"], matches["pre_n"])
+        @post = parse_letter_version(matches["post_l"], matches["post_n1"] || matches["post_n2"])
+        @dev = parse_letter_version(matches["dev_l"], matches["dev_n"])
+        @local = parse_local_version(matches["local"])
+        super(matches["release"] || "")
+      end
+
+      sig { override.params(version: VersionParameter).returns(Dependabot::Uv::Version) }
+      def self.new(version)
+        T.cast(super, Dependabot::Uv::Version)
+      end
+
+      sig { returns(String) }
+      def to_s
+        @version_string
+      end
+
+      sig { returns(String) }
+      def inspect # :nodoc:
+        "#<#{self.class} #{@version_string}>"
+      end
+
+      sig { returns(T::Boolean) }
+      def prerelease?
+        !!(pre || dev)
+      end
+
+      sig { returns(Dependabot::Uv::Version) }
+      def release
+        Dependabot::Uv::Version.new(release_segment.join("."))
+      end
+
+      sig { params(other: VersionParameter).returns(Integer) }
+      def <=>(other)
+        other = Dependabot::Uv::Version.new(other.to_s) unless other.is_a?(Dependabot::Uv::Version)
+        other = T.cast(other, Dependabot::Uv::Version)
+
+        epoch_comparison = epoch <=> other.epoch
+        return epoch_comparison unless epoch_comparison.zero?
+
+        release_comparison = release_version_comparison(other)
+        return release_comparison unless release_comparison.zero?
+
+        pre_comparison = compare_keys(pre_cmp_key, other.pre_cmp_key)
+        return pre_comparison unless pre_comparison.zero?
+
+        post_comparison = compare_keys(post_cmp_key, other.post_cmp_key)
+        return post_comparison unless post_comparison.zero?
+
+        dev_comparison = compare_keys(dev_cmp_key, other.dev_cmp_key)
+        return dev_comparison unless dev_comparison.zero?
+
+        compare_keys(local_cmp_key, other.local_cmp_key)
+      end
+
+      sig do
+        params(
+          key: T.any(Integer, T::Array[T.any(String, Integer)]),
+          other_key: T.any(Integer, T::Array[T.any(String, Integer)])
+        ).returns(Integer)
+      end
+      def compare_keys(key, other_key)
+        if key.is_a?(Integer) && other_key.is_a?(Integer)
+          key <=> other_key
+        elsif key.is_a?(Array) && other_key.is_a?(Array)
+          key <=> other_key
+        elsif key.is_a?(Integer)
+          key == NEGATIVE_INFINITY ? -1 : 1
+        elsif other_key.is_a?(Integer)
+          other_key == NEGATIVE_INFINITY ? 1 : -1
+        end
+      end
+
+      sig { returns(T.any(Integer, T::Array[T.any(String, Integer)])) }
+      def pre_cmp_key
+        if pre.nil? && post.nil? && dev # sort 1.0.dev0 before 1.0a0
+          NEGATIVE_INFINITY
+        elsif pre.nil?
+          INFINITY # versions without a pre-release should sort after those with one.
+        else
+          T.must(pre)
+        end
+      end
+
+      sig { returns(T.any(Integer, T::Array[T.any(String, Integer)])) }
+      def local_cmp_key
+        if local.nil?
+          # Versions without a local segment should sort before those with one.
+          NEGATIVE_INFINITY
+        else
+          # According to PEP440.
+          # - Alphanumeric segments sort before numeric segments
+          # - Alphanumeric segments sort lexicographically
+          # - Numeric segments sort numerically
+          # - Shorter versions sort before longer versions when the prefixes match exactly
+          local&.map do |token|
+            if token.is_a?(Integer)
+              [token, ""]
+            else
+              [NEGATIVE_INFINITY, token]
+            end
+          end
+        end
+      end
+
+      sig { returns(T.any(Integer, T::Array[T.any(String, Integer)])) }
+      def post_cmp_key
+        # Versions without a post segment should sort before those with one.
+        return NEGATIVE_INFINITY if post.nil?
+
+        T.must(post)
+      end
+
+      sig { returns(T.any(Integer, T::Array[T.any(String, Integer)])) }
+      def dev_cmp_key
+        # Versions without a dev segment should sort after those with one.
+        return INFINITY if dev.nil?
+
+        T.must(dev)
+      end
+
+      sig { returns(String) }
+      def lowest_prerelease_suffix
+        "dev0"
+      end
+
+      sig { override.returns(T::Array[String]) }
+      def ignored_patch_versions
+        parts = release_segment # e.g [1,2,3] if version is 1.2.3-alpha3
+        version_parts = parts.fill(0, parts.length...2)
+        upper_parts = version_parts.first(1) + [version_parts[1].to_i + 1] + [lowest_prerelease_suffix]
+        lower_bound = "> #{self}"
+        upper_bound = "< #{upper_parts.join('.')}"
+
+        ["#{lower_bound}, #{upper_bound}"]
+      end
+
+      sig { override.returns(T::Array[String]) }
+      def ignored_minor_versions
+        parts = release_segment # e.g [1,2,3] if version is 1.2.3-alpha3
+        version_parts = parts.fill(0, parts.length...2)
+        lower_parts = version_parts.first(1) + [version_parts[1].to_i + 1] + [lowest_prerelease_suffix]
+        upper_parts = version_parts.first(0) + [version_parts[0].to_i + 1] + [lowest_prerelease_suffix]
+        lower_bound = ">= #{lower_parts.join('.')}"
+        upper_bound = "< #{upper_parts.join('.')}"
+
+        ["#{lower_bound}, #{upper_bound}"]
+      end
+
+      sig { override.returns(T::Array[String]) }
+      def ignored_major_versions
+        version_parts = release_segment # e.g [1,2,3] if version is 1.2.3-alpha3
+        lower_parts = [version_parts[0].to_i + 1] + [lowest_prerelease_suffix] # earliest next major version prerelease
+        lower_bound = ">= #{lower_parts.join('.')}"
+
+        [lower_bound]
+      end
+
+      private
+
+      sig { params(other: Dependabot::Uv::Version).returns(Integer) }
+      def release_version_comparison(other)
+        tokens, other_tokens = pad_for_comparison(release_segment, other.release_segment)
+        tokens <=> other_tokens
+      end
+
+      sig do
+        params(
+          tokens: T::Array[Integer],
+          other_tokens: T::Array[Integer]
+        ).returns(T::Array[T::Array[Integer]])
+      end
+      def pad_for_comparison(tokens, other_tokens)
+        tokens = tokens.dup
+        other_tokens = other_tokens.dup
+
+        longer = [tokens, other_tokens].max_by(&:count)
+        shorter = [tokens, other_tokens].min_by(&:count)
+
+        difference = T.must(longer).length - T.must(shorter).length
+
+        difference.times { T.must(shorter) << 0 }
+
+        [tokens, other_tokens]
+      end
+
+      sig { params(local: T.nilable(String)).returns(T.nilable(T::Array[T.any(String, Integer)])) }
+      def parse_local_version(local)
+        return if local.nil?
+
+        # Takes a string like abc.1.twelve and turns it into ["abc", 1, "twelve"]
+        local.split(/[\._-]/).map { |s| /^\d+$/.match?(s) ? s.to_i : s }
+      end
+
+      sig do
+        params(
+          letter: T.nilable(String), number: T.nilable(String)
+        ).returns(T.nilable(T::Array[T.any(String, Integer)]))
+      end
+      def parse_letter_version(letter = nil, number = nil)
+        return if letter.nil? && number.nil?
+
+        if letter
+          # Implicit 0 for cases where prerelease has no numeral
+          number ||= 0
+
+          # Normalize alternate spellings
+          if letter == "alpha"
+            letter = "a"
+          elsif letter == "beta"
+            letter = "b"
+          elsif %w(c pre preview).include? letter
+            letter = "rc"
+          elsif %w(rev r).include? letter
+            letter = "post"
+          end
+
+          return letter, number.to_i
+        end
+
+        # Number but no letter i.e. implicit post release syntax (e.g. 1.0-1)
+        letter = "post"
+
+        [letter, number.to_i]
+      end
+    end
+  end
+end
+
+Dependabot::Utils
+  .register_version_class("uv", Dependabot::Uv::Version)

data/lib/dependabot/uv.rb

@@ -0,0 +1,35 @@
+# typed: strict
+# frozen_string_literal: true
+
+# These all need to be required so the various classes can be registered in a
+# lookup table of package manager names to concrete classes.
+require "dependabot/uv/file_fetcher"
+require "dependabot/uv/file_parser"
+require "dependabot/uv/update_checker"
+require "dependabot/uv/file_updater"
+require "dependabot/uv/metadata_finder"
+require "dependabot/uv/requirement"
+require "dependabot/uv/version"
+require "dependabot/uv/name_normaliser"
+
+require "dependabot/pull_request_creator/labeler"
+Dependabot::PullRequestCreator::Labeler
+  .register_label_details("uv", name: "python:uv", colour: "2b67c6")
+
+require "dependabot/dependency"
+Dependabot::Dependency.register_production_check(
+  "uv",
+  lambda do |groups|
+    return true if groups.empty?
+    return true if groups.include?("default")
+    return true if groups.include?("install_requires")
+
+    groups.include?("dependencies")
+  end
+)
+
+# See https://www.python.org/dev/peps/pep-0503/#normalized-names
+Dependabot::Dependency.register_name_normaliser(
+  "uv",
+  ->(name) { Dependabot::Uv::NameNormaliser.normalise(name) }
+)

metadata

@@ -0,0 +1,306 @@
+--- !ruby/object:Gem::Specification
+name: dependabot-uv
+version: !ruby/object:Gem::Version
+  version: 0.299.1
+platform: ruby
+authors:
+- Dependabot
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2025-02-28 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: dependabot-common
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.299.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.299.1
+- !ruby/object:Gem::Dependency
+  name: debug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.9.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.9.2
+- !ruby/object:Gem::Dependency
+  name: gpgme
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.12'
+- !ruby/object:Gem::Dependency
+  name: rspec-its
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rspec-sorbet
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.9.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.9.2
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.67.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.67.0
+- !ruby/object:Gem::Dependency
+  name: rubocop-performance
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.22.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.22.1
+- !ruby/object:Gem::Dependency
+  name: rubocop-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.29.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.29.1
+- !ruby/object:Gem::Dependency
+  name: rubocop-sorbet
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.8.5
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.8.5
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.22.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.22.0
+- !ruby/object:Gem::Dependency
+  name: turbo_tests
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.2.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.2.0
+- !ruby/object:Gem::Dependency
+  name: vcr
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.1'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.18'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.18'
+- !ruby/object:Gem::Dependency
+  name: webrick
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.7'
+description: Dependabot-uv provides support for bumping Python packages via Dependabot.
+  If you want support for multiple package managers, you probably want the meta-gem
+  dependabot-omnibus.
+email: opensource@github.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- helpers/build
+- helpers/lib/__init__.py
+- helpers/lib/hasher.py
+- helpers/lib/parser.py
+- helpers/requirements.txt
+- helpers/run.py
+- lib/dependabot/uv.rb
+- lib/dependabot/uv/authed_url_builder.rb
+- lib/dependabot/uv/file_fetcher.rb
+- lib/dependabot/uv/file_parser.rb
+- lib/dependabot/uv/file_parser/pipfile_files_parser.rb
+- lib/dependabot/uv/file_parser/pyproject_files_parser.rb
+- lib/dependabot/uv/file_parser/python_requirement_parser.rb
+- lib/dependabot/uv/file_parser/setup_file_parser.rb
+- lib/dependabot/uv/file_updater.rb
+- lib/dependabot/uv/file_updater/compile_file_updater.rb
+- lib/dependabot/uv/file_updater/pyproject_preparer.rb
+- lib/dependabot/uv/file_updater/requirement_file_updater.rb
+- lib/dependabot/uv/file_updater/requirement_replacer.rb
+- lib/dependabot/uv/language.rb
+- lib/dependabot/uv/language_version_manager.rb
+- lib/dependabot/uv/metadata_finder.rb
+- lib/dependabot/uv/name_normaliser.rb
+- lib/dependabot/uv/native_helpers.rb
+- lib/dependabot/uv/package_manager.rb
+- lib/dependabot/uv/pip_compile_file_matcher.rb
+- lib/dependabot/uv/pipenv_runner.rb
+- lib/dependabot/uv/requirement.rb
+- lib/dependabot/uv/requirement_parser.rb
+- lib/dependabot/uv/update_checker.rb
+- lib/dependabot/uv/update_checker/index_finder.rb
+- lib/dependabot/uv/update_checker/latest_version_finder.rb
+- lib/dependabot/uv/update_checker/pip_compile_version_resolver.rb
+- lib/dependabot/uv/update_checker/pip_version_resolver.rb
+- lib/dependabot/uv/update_checker/requirements_updater.rb
+- lib/dependabot/uv/version.rb
+homepage: https://github.com/dependabot/dependabot-core
+licenses:
+- MIT
+metadata:
+  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.299.1
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.1.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.1.0
+requirements: []
+rubygems_version: 3.5.22
+signing_key:
+specification_version: 4
+summary: Provides Dependabot support for Python uv
+test_files: []