dependabot-uv 0.301.1 → 0.302.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/helpers/requirements.txt +1 -1
- data/lib/dependabot/uv/file_updater/lock_file_updater.rb +46 -124
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 13de7d80edd84c1e0f706821592cd4f756a2cbc418f16b33f3af2eb58be41942
|
|
4
|
+
data.tar.gz: 5e0e922260aaa77e3041abb3103501c86be7a24b57d6f1fa25a5e782ec7b5a92
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 03fac6d585a7f26b470dda56264b85f3e078b29c561e37a5df3c118298ff2c8a2fe0eb7751efc2a9c127bd6029eed0697a9f2b7dedf0a0f45fb23e597209f346
|
|
7
|
+
data.tar.gz: 2c1419e9e906e4b7b198f95ae55f032a05ee2fab815672d0c8d80e99edc1923aecbfe02506c73892b058277664bdfaa23c92c77580c2278b6cdd1bc76cda001d
|
data/helpers/requirements.txt
CHANGED
|
@@ -104,48 +104,36 @@ module Dependabot
|
|
|
104
104
|
original_requires_python = original_content
|
|
105
105
|
.match(/requires-python\s*=\s*["']([^"']+)["']/)&.captures&.first
|
|
106
106
|
|
|
107
|
-
#
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
result = original_content.sub(dependency_section_pattern) do
|
|
123
|
-
section_start = Regexp.last_match(1)
|
|
124
|
-
version_line = "version = \"#{dependency.version}\""
|
|
125
|
-
section_end = Regexp.last_match(3)
|
|
126
|
-
next_section_or_end = Regexp.last_match(4)
|
|
127
|
-
|
|
128
|
-
"#{section_start}#{version_line}#{section_end}#{next_section_or_end}"
|
|
129
|
-
end
|
|
130
|
-
|
|
131
|
-
# If the content didn't change and we expect it to, something went wrong
|
|
132
|
-
if result == original_content
|
|
133
|
-
Dependabot.logger.warn("Package section not found for #{dependency.name}, falling back to raw update")
|
|
134
|
-
result = new_lockfile
|
|
135
|
-
end
|
|
136
|
-
|
|
137
|
-
# Restore the original requires-python if it exists
|
|
138
|
-
if original_requires_python
|
|
139
|
-
result = result.gsub(/requires-python\s*=\s*["'][^"']+["']/,
|
|
140
|
-
"requires-python = \"#{original_requires_python}\"")
|
|
141
|
-
end
|
|
142
|
-
|
|
143
|
-
result
|
|
107
|
+
# Store the original Python version requirement for later use
|
|
108
|
+
@original_python_version = original_requires_python
|
|
109
|
+
|
|
110
|
+
new_lockfile = updated_lockfile_content_for(prepared_pyproject)
|
|
111
|
+
|
|
112
|
+
# Normalize line endings to ensure proper comparison
|
|
113
|
+
new_lockfile = normalize_line_endings(new_lockfile, original_content)
|
|
114
|
+
|
|
115
|
+
result = new_lockfile
|
|
116
|
+
|
|
117
|
+
# Restore the original requires-python if it exists
|
|
118
|
+
if original_requires_python
|
|
119
|
+
result = result.gsub(/requires-python\s*=\s*["'][^"']+["']/,
|
|
120
|
+
"requires-python = \"#{original_requires_python}\"")
|
|
144
121
|
end
|
|
122
|
+
|
|
123
|
+
result
|
|
145
124
|
end
|
|
146
125
|
end
|
|
147
126
|
|
|
148
|
-
# Helper method to
|
|
127
|
+
# Helper method to normalize line endings between two strings
|
|
128
|
+
def normalize_line_endings(content, reference)
|
|
129
|
+
# Check if reference has escaped newlines like "\n" +
|
|
130
|
+
if reference.include?("\\n")
|
|
131
|
+
content.gsub("\n", "\\n")
|
|
132
|
+
else
|
|
133
|
+
content
|
|
134
|
+
end
|
|
135
|
+
end
|
|
136
|
+
|
|
149
137
|
def with_original_python_version(original_requires_python)
|
|
150
138
|
if original_requires_python
|
|
151
139
|
original_python_version = @original_python_version
|
|
@@ -164,7 +152,6 @@ module Dependabot
|
|
|
164
152
|
content = updated_pyproject_content
|
|
165
153
|
content = sanitize(content)
|
|
166
154
|
content = freeze_other_dependencies(content)
|
|
167
|
-
content = update_python_requirement(content)
|
|
168
155
|
content
|
|
169
156
|
end
|
|
170
157
|
end
|
|
@@ -175,12 +162,6 @@ module Dependabot
|
|
|
175
162
|
.freeze_top_level_dependencies_except(dependencies)
|
|
176
163
|
end
|
|
177
164
|
|
|
178
|
-
def update_python_requirement(pyproject_content)
|
|
179
|
-
PyprojectPreparer
|
|
180
|
-
.new(pyproject_content: pyproject_content)
|
|
181
|
-
.update_python_requirement(language_version_manager.python_version)
|
|
182
|
-
end
|
|
183
|
-
|
|
184
165
|
def sanitize(pyproject_content)
|
|
185
166
|
PyprojectPreparer
|
|
186
167
|
.new(pyproject_content: pyproject_content)
|
|
@@ -192,14 +173,8 @@ module Dependabot
|
|
|
192
173
|
SharedHelpers.with_git_configured(credentials: credentials) do
|
|
193
174
|
write_temporary_dependency_files(pyproject_content)
|
|
194
175
|
|
|
195
|
-
#
|
|
196
|
-
|
|
197
|
-
|
|
198
|
-
# Determine the Python version to use after installation
|
|
199
|
-
python_version = determine_python_version
|
|
200
|
-
|
|
201
|
-
# Now write the .python-version file with a version we know is installed
|
|
202
|
-
File.write(".python-version", python_version)
|
|
176
|
+
# Set up Python environment using LanguageVersionManager
|
|
177
|
+
setup_python_environment
|
|
203
178
|
|
|
204
179
|
run_update_command
|
|
205
180
|
|
|
@@ -209,8 +184,9 @@ module Dependabot
|
|
|
209
184
|
end
|
|
210
185
|
|
|
211
186
|
def run_update_command
|
|
212
|
-
|
|
213
|
-
|
|
187
|
+
# Use pyenv exec to ensure we're using the correct Python environment
|
|
188
|
+
command = "pyenv exec python -m uv lock --upgrade-package #{dependency.name}"
|
|
189
|
+
fingerprint = "pyenv exec python -m uv lock --upgrade-package <dependency_name>"
|
|
214
190
|
|
|
215
191
|
run_command(command, fingerprint:)
|
|
216
192
|
end
|
|
@@ -226,82 +202,28 @@ module Dependabot
|
|
|
226
202
|
File.write(path, file.content)
|
|
227
203
|
end
|
|
228
204
|
|
|
229
|
-
# Only write the .python-version file after the language version manager has
|
|
230
|
-
# installed the required Python version to ensure it's available
|
|
231
205
|
# Overwrite the pyproject with updated content
|
|
232
206
|
File.write("pyproject.toml", pyproject_content)
|
|
233
207
|
end
|
|
234
208
|
|
|
235
|
-
def
|
|
236
|
-
#
|
|
237
|
-
|
|
238
|
-
begin
|
|
239
|
-
available_versions = SharedHelpers.run_shell_command("pyenv versions --bare")
|
|
240
|
-
.split("\n")
|
|
241
|
-
.map(&:strip)
|
|
242
|
-
.reject(&:empty?)
|
|
243
|
-
rescue StandardError => e
|
|
244
|
-
Dependabot.logger.warn("Error checking available Python versions: #{e}")
|
|
245
|
-
end
|
|
246
|
-
|
|
247
|
-
# Try to find the closest match for our priority order
|
|
248
|
-
preferred_version = find_preferred_version(available_versions)
|
|
209
|
+
def setup_python_environment
|
|
210
|
+
# Use LanguageVersionManager to determine and install the appropriate Python version
|
|
211
|
+
Dependabot.logger.info("Setting up Python environment using LanguageVersionManager")
|
|
249
212
|
|
|
250
|
-
|
|
251
|
-
#
|
|
252
|
-
|
|
253
|
-
else
|
|
254
|
-
# If all else fails, use "system" which should work with whatever Python is available
|
|
255
|
-
"system"
|
|
256
|
-
end
|
|
257
|
-
end
|
|
258
|
-
|
|
259
|
-
def find_preferred_version(available_versions)
|
|
260
|
-
return nil unless available_versions&.any?
|
|
261
|
-
|
|
262
|
-
# Try each strategy in order of preference
|
|
263
|
-
try_version_from_file(available_versions) ||
|
|
264
|
-
try_version_from_requires_python(available_versions) ||
|
|
265
|
-
try_highest_python3_version(available_versions)
|
|
266
|
-
end
|
|
267
|
-
|
|
268
|
-
def try_version_from_file(available_versions)
|
|
269
|
-
python_version_file = dependency_files.find { |f| f.name == ".python-version" }
|
|
270
|
-
return nil unless python_version_file && !python_version_file.content.strip.empty?
|
|
271
|
-
|
|
272
|
-
requested_version = python_version_file.content.strip
|
|
273
|
-
return requested_version if version_available?(available_versions, requested_version)
|
|
274
|
-
|
|
275
|
-
Dependabot.logger.info("Python version #{requested_version} from .python-version not available")
|
|
276
|
-
nil
|
|
277
|
-
end
|
|
278
|
-
|
|
279
|
-
def try_version_from_requires_python(available_versions)
|
|
280
|
-
return nil unless @original_python_version
|
|
281
|
-
|
|
282
|
-
version_match = @original_python_version.match(/(\d+\.\d+)/)
|
|
283
|
-
return nil unless version_match
|
|
284
|
-
|
|
285
|
-
requested_version = version_match[1]
|
|
286
|
-
return requested_version if version_available?(available_versions, requested_version)
|
|
287
|
-
|
|
288
|
-
Dependabot.logger.info("Python version #{requested_version} from requires-python not available")
|
|
289
|
-
nil
|
|
290
|
-
end
|
|
291
|
-
|
|
292
|
-
def try_highest_python3_version(available_versions)
|
|
293
|
-
python3_versions = available_versions
|
|
294
|
-
.select { |v| v.match(/^3\.\d+/) }
|
|
295
|
-
.sort_by { |v| Gem::Version.new(v.match(/^(\d+\.\d+)/)[1]) }
|
|
296
|
-
.reverse
|
|
213
|
+
begin
|
|
214
|
+
# Install the required Python version
|
|
215
|
+
language_version_manager.install_required_python
|
|
297
216
|
|
|
298
|
-
|
|
299
|
-
|
|
217
|
+
# Set the local Python version
|
|
218
|
+
python_version = language_version_manager.python_version
|
|
219
|
+
Dependabot.logger.info("Setting Python version to #{python_version}")
|
|
220
|
+
SharedHelpers.run_shell_command("pyenv local #{language_version_manager.python_major_minor}")
|
|
300
221
|
|
|
301
|
-
|
|
302
|
-
|
|
303
|
-
|
|
304
|
-
|
|
222
|
+
# We don't need to install uv as it should be available in the Docker environment
|
|
223
|
+
Dependabot.logger.info("Using pre-installed uv package")
|
|
224
|
+
rescue StandardError => e
|
|
225
|
+
Dependabot.logger.warn("Error setting up Python environment: #{e.message}")
|
|
226
|
+
Dependabot.logger.info("Falling back to system Python")
|
|
305
227
|
end
|
|
306
228
|
end
|
|
307
229
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-uv
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.302.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2025-03-
|
|
11
|
+
date: 2025-03-20 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.302.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.302.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -285,7 +285,7 @@ licenses:
|
|
|
285
285
|
- MIT
|
|
286
286
|
metadata:
|
|
287
287
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
288
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
288
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.302.0
|
|
289
289
|
post_install_message:
|
|
290
290
|
rdoc_options: []
|
|
291
291
|
require_paths:
|