dependabot-uv 0.301.1 → 0.303.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 26af709186ad20b222961b28c19395f53edfcab51c9fdc0e92734cd06aa2d296
-  data.tar.gz: c26d70a21a979a655c952c940c0f32a10f89e58cb1d1588238b64c252bf96c48
+  metadata.gz: 42bfabcf245ebc41ef81303c9de0c8271a0a0073af315d23b182b64901646b9d
+  data.tar.gz: 7e6a04dabc0d50c374a0e118d08b705aadca94e5952eba891b14623c99a76776
 SHA512:
-  metadata.gz: d0c2ac20cafd314d293a7a903947cd7fef9df95c5a85fae9f46e41d78920ae856949357cb4e6419c1804e95c19ba625c2a8fbd8bef43d9154d912c6aa31adb43
-  data.tar.gz: e1cb4fe17761e4f1433f9a55ae619a9271ec49359a3de0198c807f9393748633d9bfddb85002c01d782eadfc40f0a6598488fde5d9a7044e1c4e844198a26dd5
+  metadata.gz: 246aebc2e0a8d0402e8edb1754df23a4f5428156b8ebb0c0748ba55f45ae30f1056aa1ff89d17af9b6d7b16d158c97aa1c39c86d0f49e598683baaffa53f3513
+  data.tar.gz: e5eaa3c52329795b579f7041d555ebcbec0377b37e6e898e122bacffad4c3432c5bc6319acc0305dfd1dcc6a900b7d1baa576bf25e690c2178e044b342232d98

data/helpers/requirements.txt

@@ -7,7 +7,7 @@ plette==2.1.0
 poetry==1.8.5
 # TODO: Replace 3p package `tomli` with 3.11's new stdlib `tomllib` once we drop support for Python 3.10.
 tomli==2.0.1
-uv==0.6.2
+uv==0.6.8
 
 # Some dependencies will only install if Cython is present
 Cython==3.0.10

data/lib/dependabot/uv/file_fetcher.rb

@@ -50,7 +50,7 @@ module Dependabot
         # the user-specified range of versions, not the version Dependabot chose to run.
         python_requirement_parser = FileParser::PythonRequirementParser.new(dependency_files: files)
         language_version_manager = LanguageVersionManager.new(python_requirement_parser: python_requirement_parser)
-        Dependabot.logger.info("Dependabot is using Python version '#{language_version_manager.python_major_minor}'.")
+        Dependabot.logger.info("Dependabot is using Python version '#{language_version_manager.python_version}'.")
         {
           languages: {
             python: {

data/lib/dependabot/uv/file_updater/lock_file_updater.rb

@@ -19,6 +19,8 @@ module Dependabot
       class LockFileUpdater
         require_relative "pyproject_preparer"
 
+        REQUIRED_FILES = %w(pyproject.toml uv.lock).freeze # At least one of these files should be present
+
         attr_reader :dependencies
         attr_reader :dependency_files
         attr_reader :credentials
@@ -43,6 +45,8 @@ module Dependabot
         end
 
         def fetch_updated_dependency_files
+          return [] unless create_or_update_lock_file?
+
           updated_files = []
 
           if file_changed?(pyproject)
@@ -104,48 +108,36 @@ module Dependabot
               original_requires_python = original_content
                                          .match(/requires-python\s*=\s*["']([^"']+)["']/)&.captures&.first
 
-              # Use the original Python version requirement for the update if one exists
-              with_original_python_version(original_requires_python) do
-                new_lockfile = updated_lockfile_content_for(prepared_pyproject)
-
-                # Use direct string replacement to preserve the exact format
-                # Match the dependency section and update only the version
-                dependency_section_pattern = /
-                  (\[\[package\]\]\s*\n
-                   .*?name\s*=\s*["']#{Regexp.escape(dependency.name)}["']\s*\n
-                   .*?)
-                  (version\s*=\s*["'][^"']+["'])
-                  (.*?)
-                  (\[\[package\]\]|\z)
-                /xm
-
-                result = original_content.sub(dependency_section_pattern) do
-                  section_start = Regexp.last_match(1)
-                  version_line = "version = \"#{dependency.version}\""
-                  section_end = Regexp.last_match(3)
-                  next_section_or_end = Regexp.last_match(4)
-
-                  "#{section_start}#{version_line}#{section_end}#{next_section_or_end}"
-                end
-
-                # If the content didn't change and we expect it to, something went wrong
-                if result == original_content
-                  Dependabot.logger.warn("Package section not found for #{dependency.name}, falling back to raw update")
-                  result = new_lockfile
-                end
-
-                # Restore the original requires-python if it exists
-                if original_requires_python
-                  result = result.gsub(/requires-python\s*=\s*["'][^"']+["']/,
-                                       "requires-python = \"#{original_requires_python}\"")
-                end
-
-                result
+              # Store the original Python version requirement for later use
+              @original_python_version = original_requires_python
+
+              new_lockfile = updated_lockfile_content_for(prepared_pyproject)
+
+              # Normalize line endings to ensure proper comparison
+              new_lockfile = normalize_line_endings(new_lockfile, original_content)
+
+              result = new_lockfile
+
+              # Restore the original requires-python if it exists
+              if original_requires_python
+                result = result.gsub(/requires-python\s*=\s*["'][^"']+["']/,
+                                     "requires-python = \"#{original_requires_python}\"")
               end
+
+              result
             end
         end
 
-        # Helper method to temporarily override Python version during operations
+        # Helper method to normalize line endings between two strings
+        def normalize_line_endings(content, reference)
+          # Check if reference has escaped newlines like "\n" +
+          if reference.include?("\\n")
+            content.gsub("\n", "\\n")
+          else
+            content
+          end
+        end
+
         def with_original_python_version(original_requires_python)
           if original_requires_python
             original_python_version = @original_python_version
@@ -164,7 +156,6 @@ module Dependabot
               content = updated_pyproject_content
               content = sanitize(content)
               content = freeze_other_dependencies(content)
-              content = update_python_requirement(content)
               content
             end
         end
@@ -175,12 +166,6 @@ module Dependabot
             .freeze_top_level_dependencies_except(dependencies)
         end
 
-        def update_python_requirement(pyproject_content)
-          PyprojectPreparer
-            .new(pyproject_content: pyproject_content)
-            .update_python_requirement(language_version_manager.python_version)
-        end
-
         def sanitize(pyproject_content)
           PyprojectPreparer
             .new(pyproject_content: pyproject_content)
@@ -192,14 +177,8 @@ module Dependabot
             SharedHelpers.with_git_configured(credentials: credentials) do
               write_temporary_dependency_files(pyproject_content)
 
-              # Install Python before writing .python-version to make sure we use a version that's available
-              language_version_manager.install_required_python
-
-              # Determine the Python version to use after installation
-              python_version = determine_python_version
-
-              # Now write the .python-version file with a version we know is installed
-              File.write(".python-version", python_version)
+              # Set up Python environment using LanguageVersionManager
+              setup_python_environment
 
               run_update_command
 
@@ -209,6 +188,7 @@ module Dependabot
         end
 
         def run_update_command
+          # Use pyenv exec to ensure we're using the correct Python environment
           command = "pyenv exec uv lock --upgrade-package #{dependency.name}"
           fingerprint = "pyenv exec uv lock --upgrade-package <dependency_name>"
 
@@ -216,6 +196,7 @@ module Dependabot
         end
 
         def run_command(command, fingerprint: nil)
+          Dependabot.logger.info("Running command: #{command}")
           SharedHelpers.run_shell_command(command, fingerprint: fingerprint)
         end
 
@@ -226,82 +207,28 @@ module Dependabot
             File.write(path, file.content)
           end
 
-          # Only write the .python-version file after the language version manager has
-          # installed the required Python version to ensure it's available
           # Overwrite the pyproject with updated content
           File.write("pyproject.toml", pyproject_content)
         end
 
-        def determine_python_version
-          # Check available Python versions through pyenv
-          available_versions = nil
-          begin
-            available_versions = SharedHelpers.run_shell_command("pyenv versions --bare")
-                                              .split("\n")
-                                              .map(&:strip)
-                                              .reject(&:empty?)
-          rescue StandardError => e
-            Dependabot.logger.warn("Error checking available Python versions: #{e}")
-          end
-
-          # Try to find the closest match for our priority order
-          preferred_version = find_preferred_version(available_versions)
+        def setup_python_environment
+          # Use LanguageVersionManager to determine and install the appropriate Python version
+          Dependabot.logger.info("Setting up Python environment using LanguageVersionManager")
 
-          if preferred_version
-            # Just return the major.minor version string
-            preferred_version.match(/^(\d+\.\d+)/)[1]
-          else
-            # If all else fails, use "system" which should work with whatever Python is available
-            "system"
-          end
-        end
-
-        def find_preferred_version(available_versions)
-          return nil unless available_versions&.any?
-
-          # Try each strategy in order of preference
-          try_version_from_file(available_versions) ||
-            try_version_from_requires_python(available_versions) ||
-            try_highest_python3_version(available_versions)
-        end
-
-        def try_version_from_file(available_versions)
-          python_version_file = dependency_files.find { |f| f.name == ".python-version" }
-          return nil unless python_version_file && !python_version_file.content.strip.empty?
-
-          requested_version = python_version_file.content.strip
-          return requested_version if version_available?(available_versions, requested_version)
-
-          Dependabot.logger.info("Python version #{requested_version} from .python-version not available")
-          nil
-        end
-
-        def try_version_from_requires_python(available_versions)
-          return nil unless @original_python_version
-
-          version_match = @original_python_version.match(/(\d+\.\d+)/)
-          return nil unless version_match
-
-          requested_version = version_match[1]
-          return requested_version if version_available?(available_versions, requested_version)
-
-          Dependabot.logger.info("Python version #{requested_version} from requires-python not available")
-          nil
-        end
-
-        def try_highest_python3_version(available_versions)
-          python3_versions = available_versions
-                             .select { |v| v.match(/^3\.\d+/) }
-                             .sort_by { |v| Gem::Version.new(v.match(/^(\d+\.\d+)/)[1]) }
-                             .reverse
+          begin
+            # Install the required Python version
+            language_version_manager.install_required_python
 
-          python3_versions.first # returns nil if array is empty
-        end
+            # Set the local Python version
+            python_version = language_version_manager.python_version
+            Dependabot.logger.info("Setting Python version to #{python_version}")
+            SharedHelpers.run_shell_command("pyenv local #{python_version}")
 
-        def version_available?(available_versions, requested_version)
-          # Check if the exact version or a version with the same major.minor is available
-          available_versions.any? do |v|
-            v == requested_version || v.start_with?("#{requested_version}.")
+            # We don't need to install uv as it should be available in the Docker environment
+            Dependabot.logger.info("Using pre-installed uv package")
+          rescue StandardError => e
+            Dependabot.logger.warn("Error setting up Python environment: #{e.message}")
+            Dependabot.logger.info("Falling back to system Python")
           end
         end
 
@@ -386,6 +313,10 @@ module Dependabot
         def uv_lock
           dependency_files.find { |f| f.name == "uv.lock" }
         end
+
+        def create_or_update_lock_file?
+          dependency.requirements.select { _1[:file].end_with?(*REQUIRED_FILES) }.any?
+        end
       end
     end
   end

data/lib/dependabot/uv/file_updater/requirement_file_updater.rb

@@ -1,69 +1,92 @@
-# typed: true
+# typed: strict
 # frozen_string_literal: true
 
 require "dependabot/uv/requirement_parser"
 require "dependabot/uv/file_updater"
 require "dependabot/shared_helpers"
 require "dependabot/uv/native_helpers"
+require "sorbet-runtime"
 
 module Dependabot
   module Uv
     class FileUpdater
       class RequirementFileUpdater
+        extend T::Sig
+
         require_relative "requirement_replacer"
 
+        sig { returns(T::Array[Dependency]) }
         attr_reader :dependencies
+
+        sig { returns(T::Array[DependencyFile]) }
         attr_reader :dependency_files
+
+        sig { returns(T::Array[Dependabot::Credential]) }
         attr_reader :credentials
 
+        sig do
+          params(
+            dependencies: T::Array[Dependency],
+            dependency_files: T::Array[DependencyFile],
+            credentials: T::Array[Dependabot::Credential],
+            index_urls: T.nilable(T::Array[String])
+          ).void
+        end
         def initialize(dependencies:, dependency_files:, credentials:, index_urls: nil)
           @dependencies = dependencies
           @dependency_files = dependency_files
           @credentials = credentials
           @index_urls = index_urls
+          @updated_dependency_files = T.let(nil, T.nilable(T::Array[DependencyFile]))
         end
 
+        sig { returns(T::Array[Dependabot::DependencyFile]) }
         def updated_dependency_files
           @updated_dependency_files ||= fetch_updated_dependency_files
         end
 
         private
 
+        sig { returns(T.nilable(Dependency)) }
         def dependency
           # For now, we'll only ever be updating a single dependency
           dependencies.first
         end
 
+        sig { returns(T::Array[DependencyFile]) }
         def fetch_updated_dependency_files
-          reqs = dependency.requirements.zip(dependency.previous_requirements)
+          previous_requirements = dependency&.previous_requirements || []
+          reqs = T.must(dependency).requirements.zip(previous_requirements)
 
           reqs.filter_map do |(new_req, old_req)|
             next if new_req == old_req
 
             file = get_original_file(new_req.fetch(:file)).dup
             updated_content =
-              updated_requirement_or_setup_file_content(new_req, old_req)
-            next if updated_content == file.content
+              updated_requirement_or_setup_file_content(new_req, T.must(old_req))
+            next if updated_content == file&.content
 
-            file.content = updated_content
+            file&.content = updated_content
             file
           end
         end
 
+        sig { params(new_req: T::Hash[Symbol, T.untyped], old_req: T::Hash[Symbol, T.untyped]).returns(String) }
         def updated_requirement_or_setup_file_content(new_req, old_req)
           original_file = get_original_file(new_req.fetch(:file))
           raise "Could not find a dependency file for #{new_req}" unless original_file
 
           RequirementReplacer.new(
             content: original_file.content,
-            dependency_name: dependency.name,
+            dependency_name: dependency&.name,
             old_requirement: old_req.fetch(:requirement),
             new_requirement: new_req.fetch(:requirement),
-            new_hash_version: dependency.version,
+            new_hash_version: dependency&.version,
             index_urls: @index_urls
           ).updated_content
         end
 
+        sig { params(filename: String).returns(T.nilable(DependencyFile)) }
         def get_original_file(filename)
           dependency_files.find { |f| f.name == filename }
         end

data/lib/dependabot/uv/language.rb

@@ -11,28 +11,43 @@ module Dependabot
 
     class Language < Dependabot::Ecosystem::VersionManager
       extend T::Sig
-      # These versions should match the versions specified at the top of `python/Dockerfile`
-      PYTHON_3_13 = "3.13"
-      PYTHON_3_12 = "3.12"
-      PYTHON_3_11 = "3.11"
-      PYTHON_3_10 = "3.10"
-      PYTHON_3_9  = "3.9"
-      PYTHON_3_8  = "3.8"
+      # This list must match the versions specified at the top of `python/Dockerfile`
+      # ARG PY_3_13=3.13.2
+      PRE_INSTALLED_PYTHON_VERSIONS_RAW = %w(
+        3.13.2
+        3.12.9
+        3.11.11
+        3.10.16
+        3.9.21
+      ).freeze
 
-      DEPRECATED_VERSIONS = T.let([Version.new(PYTHON_3_8)].freeze, T::Array[Dependabot::Version])
+      PRE_INSTALLED_PYTHON_VERSIONS = T.let(PRE_INSTALLED_PYTHON_VERSIONS_RAW.map do |v|
+        Version.new(v)
+      end.sort, T::Array[Version])
 
-      # Keep versions in ascending order
-      SUPPORTED_VERSIONS = T.let([
-        Version.new(PYTHON_3_9),
-        Version.new(PYTHON_3_10),
-        Version.new(PYTHON_3_11),
-        Version.new(PYTHON_3_12),
-        Version.new(PYTHON_3_13)
-      ].freeze, T::Array[Dependabot::Version])
+      PRE_INSTALLED_VERSIONS_MAP = T.let(
+        PRE_INSTALLED_PYTHON_VERSIONS.to_h do |v|
+          [Version.new(T.must(v.segments[0..1]).join(".")), v]
+        end,
+        T::Hash[Version, Version]
+      )
+
+      PRE_INSTALLED_HIGHEST_VERSION = T.let(T.must(PRE_INSTALLED_PYTHON_VERSIONS.max), Version)
+
+      SUPPORTED_VERSIONS = T.let(
+        PRE_INSTALLED_PYTHON_VERSIONS.map do |v|
+          Version.new(T.must(v.segments[0..1]&.join(".")))
+        end,
+        T::Array[Version]
+      )
+
+      NON_SUPPORTED_HIGHEST_VERSION = "3.8"
+
+      DEPRECATED_VERSIONS = T.let([Version.new(NON_SUPPORTED_HIGHEST_VERSION)].freeze, T::Array[Dependabot::Version])
 
       sig do
         params(
-          detected_version: String,
+          detected_version: T.nilable(String),
           raw_version: T.nilable(String),
           requirement: T.nilable(Requirement)
         ).void
@@ -40,7 +55,7 @@ module Dependabot
       def initialize(detected_version:, raw_version: nil, requirement: nil)
         super(
           name: LANGUAGE,
-          detected_version: major_minor_version(detected_version),
+          detected_version: detected_version ? major_minor_version(detected_version) : nil,
           version: raw_version ? Version.new(raw_version) : nil,
           deprecated_versions: DEPRECATED_VERSIONS,
           supported_versions: SUPPORTED_VERSIONS,
@@ -48,25 +63,12 @@ module Dependabot
        )
       end
 
-      sig { override.returns(T::Boolean) }
-      def deprecated?
-        return false unless detected_version
-        return false if unsupported?
-
-        deprecated_versions.include?(detected_version)
-      end
-
-      sig { override.returns(T::Boolean) }
-      def unsupported?
-        return false unless detected_version
-
-        supported_versions.all? { |supported| supported > detected_version }
-      end
-
       private
 
-      sig { params(version: String).returns(Dependabot::Uv::Version) }
+      sig { params(version: String).returns(T.nilable(Version)) }
       def major_minor_version(version)
+        return nil if version.empty?
+
         major_minor = T.let(T.must(Version.new(version).segments[0..1]&.join(".")), String)
 
         Version.new(major_minor)

data/lib/dependabot/uv/language_version_manager.rb

@@ -9,14 +9,6 @@ module Dependabot
   module Uv
     class LanguageVersionManager
       extend T::Sig
-      # This list must match the versions specified at the top of `python/Dockerfile`
-      PRE_INSTALLED_PYTHON_VERSIONS = %w(
-        3.13.2
-        3.12.9
-        3.11.11
-        3.10.16
-        3.9.21
-      ).freeze
 
       sig { params(python_requirement_parser: T.untyped).void }
       def initialize(python_requirement_parser:)
@@ -44,7 +36,7 @@ module Dependabot
 
       sig { returns(T.untyped) }
       def python_major_minor
-        @python_major_minor ||= T.let(T.must(Uv::Version.new(python_version).segments[0..1]).join("."), T.untyped)
+        @python_major_minor ||= T.let(T.must(Version.new(python_version).segments[0..1]).join("."), T.untyped)
       end
 
       sig { returns(String) }
@@ -62,7 +54,34 @@ module Dependabot
             user_specified_python_version
           end
         else
-          python_version_matching_imputed_requirements || PRE_INSTALLED_PYTHON_VERSIONS.first
+          python_version_matching_imputed_requirements || Language::PRE_INSTALLED_HIGHEST_VERSION.to_s
+        end
+      end
+
+      sig { params(requirement_string: T.nilable(String)).returns(T.nilable(String)) }
+      def normalize_python_exact_version(requirement_string)
+        return requirement_string if requirement_string.nil? || requirement_string.strip.empty?
+
+        requirement_string = requirement_string.strip
+
+        # If the requirement already has a wildcard, return nil
+        return nil if requirement_string == "*"
+
+        # If the requirement is not an exact version such as not X.Y.Z, =X.Y.Z, ==X.Y.Z, ===X.Y.Z
+        # then return the requirement as is
+        return requirement_string unless requirement_string.match?(/^=?={0,2}\s*\d+\.\d+(\.\d+)?(-[a-z0-9.-]+)?$/i)
+
+        parts = requirement_string.gsub(/^=+/, "").split(".")
+
+        case parts.length
+        when 1 # Only major version (X)
+          ">= #{parts[0]}.0.0 < #{parts[0].to_i + 1}.0.0" # Ensure only major version range
+        when 2 # Major.Minor (X.Y)
+          ">= #{parts[0]}.#{parts[1]}.0 < #{parts[0].to_i}.#{parts[1].to_i + 1}.0" # Ensure only minor version range
+        when 3 # Major.Minor.Patch (X.Y.Z)
+          ">= #{parts[0]}.#{parts[1]}.0 < #{parts[0].to_i}.#{parts[1].to_i + 1}.0" # Convert to >= X.Y.0
+        else
+          requirement_string
         end
       end
 
@@ -72,15 +91,21 @@ module Dependabot
 
         # If the requirement string isn't already a range (eg ">3.10"), coerce it to "major.minor.*".
         # The patch version is ignored because a non-matching patch version is unlikely to affect resolution.
-        requirement_string = requirement_string.gsub(/\.\d+$/, ".*") if requirement_string.start_with?(/\d/)
+        requirement_string = requirement_string.gsub(/\.\d+$/, ".*") if /^\d/.match?(requirement_string)
+
+        requirement_string = normalize_python_exact_version(requirement_string)
+
+        if requirement_string.nil? || requirement_string.strip.empty?
+          return Language::PRE_INSTALLED_HIGHEST_VERSION.to_s
+        end
 
         # Try to match one of our pre-installed Python versions
-        requirement = T.must(Uv::Requirement.requirements_array(requirement_string).first)
-        version = PRE_INSTALLED_PYTHON_VERSIONS.find { |v| requirement.satisfied_by?(Uv::Version.new(v)) }
-        return version if version
+        requirement = T.must(Requirement.requirements_array(requirement_string).first)
+        version = Language::PRE_INSTALLED_PYTHON_VERSIONS.find { |v| requirement.satisfied_by?(v) }
+        return version.to_s if version
 
-        # Otherwise we have to raise
-        supported_versions = PRE_INSTALLED_PYTHON_VERSIONS.map { |x| x.gsub(/\.\d+$/, ".*") }.join(", ")
+        # Otherwise we have to raise an error
+        supported_versions = Language::SUPPORTED_VERSIONS.map { |v| "#{v}.*" }.join(", ")
         raise ToolVersionNotSupported.new("Python", python_requirement_string, supported_versions)
       end
 
@@ -93,21 +118,20 @@ module Dependabot
       def python_version_matching_imputed_requirements
         compiled_file_python_requirement_markers =
           @python_requirement_parser.imputed_requirements.map do |r|
-            Dependabot::Uv::Requirement.new(r)
+            Requirement.new(r)
           end
         python_version_matching(compiled_file_python_requirement_markers)
       end
 
       sig { params(requirements: T.untyped).returns(T.nilable(String)) }
       def python_version_matching(requirements)
-        PRE_INSTALLED_PYTHON_VERSIONS.find do |version_string|
-          version = Uv::Version.new(version_string)
+        Language::PRE_INSTALLED_PYTHON_VERSIONS.find do |version|
           requirements.all? do |req|
             next req.any? { |r| r.satisfied_by?(version) } if req.is_a?(Array)
 
             req.satisfied_by?(version)
           end
-        end
+        end.to_s
       end
     end
   end

data/lib/dependabot/uv/requirement.rb

@@ -93,7 +93,7 @@ module Dependabot
       private
 
       def convert_python_constraint_to_ruby_constraint(req_string)
-        return nil if req_string.nil?
+        return nil if req_string.nil? || req_string.strip.empty?
         return nil if req_string == "*"
 
         req_string = req_string.gsub("~=", "~>")
@@ -101,6 +101,8 @@ module Dependabot
 
         if req_string.match?(/~[^>]/) then convert_tilde_req(req_string)
         elsif req_string.start_with?("^") then convert_caret_req(req_string)
+        elsif req_string.match?(/^=?={0,2}\s*\d+\.\d+(\.\d+)?(-[a-z0-9.-]+)?(\.\*)?$/i)
+          convert_exact(req_string)
         elsif req_string.include?(".*") then convert_wildcard(req_string)
         else
           req_string
@@ -155,6 +157,37 @@ module Dependabot
                   .gsub(/\*$/, "0.dev")
                   .tap { |s| exact_op ? s.gsub!(/^(?<!!)=*/, "~>") : s }
       end
+
+      def convert_exact(req_string)
+        arbitrary_equality = req_string.start_with?("===")
+        cleaned_version = req_string.gsub(/^=+/, "").strip
+
+        return ["=== #{cleaned_version}"] if arbitrary_equality
+
+        # Handle versions wildcarded with .*, e.g. 1.0.*
+        if cleaned_version.include?(".*")
+          # Remove all characters after the first .*, and the .*
+          cleaned_version = cleaned_version.split(".*").first
+          version = Version.new(cleaned_version)
+          # Get the release segment parts [major, minor, patch]
+          version_parts = version.release_segment
+
+          if version_parts.length == 1
+            major = T.must(version_parts[0])
+            [">= #{major}.0.0.dev", "< #{major + 1}.0.0"]
+          elsif version_parts.length == 2
+            major, minor = version_parts
+            "~> #{major}.#{minor}.0.dev"
+          elsif version_parts.length == 3
+            major, minor, patch = version_parts
+            "~> #{major}.#{minor}.#{patch}.dev"
+          else
+            "= #{cleaned_version}"
+          end
+        else
+          "= #{cleaned_version}"
+        end
+      end
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-uv
 version: !ruby/object:Gem::Version
-  version: 0.301.1
+  version: 0.303.0
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-03-14 00:00:00.000000000 Z
+date: 2025-03-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.301.1
+        version: 0.303.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.301.1
+        version: 0.303.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -156,14 +156,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.8.5
+        version: 0.8.7
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.8.5
+        version: 0.8.7
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -285,7 +285,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.301.1
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.303.0
 post_install_message:
 rdoc_options: []
 require_paths: