dependabot-uv 0.306.0 → 0.308.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f2ea490392f8ab11b2c8ed9697e051c2ddd16b6810138a696aaa2dd4b173d1a8
-  data.tar.gz: 5f4a5d11257479883d003a342b31d602aa351ddfacd85827790d26e6037dab7b
+  metadata.gz: 166cde06202c6055b705c288ffd218dda571c094a5b2925e4ad244e083fc0645
+  data.tar.gz: 3d449a2dc01cef614d41365ad1a5f5b752ad6ea490732f45df07b29c92b4d056
 SHA512:
-  metadata.gz: 024febe2bc6d12b9313c5c15102aa95da46e039ee22aaa40c54d16341091fe79e923bd531bf417424d30cee08ddb3b7dd11e82a0bbb45e442db1895293f48deb
-  data.tar.gz: bbb5c095c0a6fff4e55c930fa6941bdcfeb1f6c104a4997cf3c8af9c97b941a653f370fed67656dd97fd98ea90d0730eceeee1c18e01006f27df6446e1716a92
+  metadata.gz: 6818301e3d34d0591f6b2610ef24f661a0e6d5d0e9eb2a928975bc1ede96b64e6fe5a8d76dd3d1f30d6eb256e36cf0a52a81fee128c35d57b74101ec4d782193
+  data.tar.gz: 7487cfcd5eb31f0c2ab6c72fcf3fdb8a6afea73c326a2834ac95e4e022474728dcb7bdb6c130b8e2aeceff913ffa2ef91f62732e4a907e55c94823a0059f8e0e

data/lib/dependabot/uv/file_parser.rb

@@ -88,17 +88,11 @@ module Dependabot
 
       sig { returns(Ecosystem::VersionManager) }
       def package_manager
-        if Experiments.enabled?(:enable_file_parser_python_local)
-          Dependabot.logger.info("Detected package manager : #{detected_package_manager.name}")
-        end
-
         @package_manager ||= T.let(detected_package_manager, T.nilable(Ecosystem::VersionManager))
       end
 
       sig { returns(Ecosystem::VersionManager) }
       def detected_package_manager
-        setup_python_environment if Experiments.enabled?(:enable_file_parser_python_local)
-
         PackageManager.new(T.must(detect_uv_version))
       end
 
@@ -146,11 +140,6 @@ module Dependabot
 
       sig { returns(String) }
       def python_raw_version
-        if Experiments.enabled?(:enable_file_parser_python_local)
-          Dependabot.logger.info("Detected python version: #{language_version_manager.python_version}")
-          Dependabot.logger.info("Detected python major minor version: #{language_version_manager.python_major_minor}")
-        end
-
         language_version_manager.python_version
       end
 

data/lib/dependabot/uv/file_updater/lock_file_updater.rb

@@ -155,17 +155,10 @@ module Dependabot
             begin
               content = updated_pyproject_content
               content = sanitize(content)
-              content = freeze_other_dependencies(content)
               content
             end
         end
 
-        def freeze_other_dependencies(pyproject_content)
-          PyprojectPreparer
-            .new(pyproject_content: pyproject_content, lockfile: lockfile)
-            .freeze_top_level_dependencies_except(dependencies)
-        end
-
         def sanitize(pyproject_content)
           PyprojectPreparer
             .new(pyproject_content: pyproject_content)

data/lib/dependabot/uv/file_updater/pyproject_preparer.rb

@@ -1,7 +1,8 @@
-# typed: true
+# typed: strong
 # frozen_string_literal: true
 
 require "toml-rb"
+require "citrus"
 
 require "dependabot/dependency"
 require "dependabot/uv/file_parser"
@@ -14,41 +15,36 @@ module Dependabot
   module Uv
     class FileUpdater
       class PyprojectPreparer
+        extend T::Sig
+
+        Credentials = T.type_alias { T::Array[T::Hash[String, String]] }
+
+        sig { params(pyproject_content: String, lockfile: T.nilable(Dependabot::DependencyFile)).void }
         def initialize(pyproject_content:, lockfile: nil)
           @pyproject_content = pyproject_content
           @lockfile = lockfile
+          @lines = T.let(pyproject_content.split("\n"), T::Array[String])
         end
 
-        def freeze_top_level_dependencies_except(dependencies_to_update)
-          return @pyproject_content unless lockfile
-
-          pyproject_object = TomlRB.parse(@pyproject_content)
-          deps_to_update_names = dependencies_to_update.map(&:name)
-
-          if pyproject_object["project"]&.key?("dependencies")
-            locked_deps = parsed_lockfile_dependencies || {}
-
-            pyproject_object["project"]["dependencies"] =
-              pyproject_object["project"]["dependencies"].map do |dep_string|
-                freeze_dependency(dep_string, deps_to_update_names, locked_deps)
-              end
-          end
-
-          TomlRB.dump(pyproject_object)
-        end
-
+        sig { params(python_version: T.nilable(String)).returns(String) }
         def update_python_requirement(python_version)
           return @pyproject_content unless python_version
 
-          pyproject_object = TomlRB.parse(@pyproject_content)
+          in_project_table = T.let(false, T::Boolean)
+          updated_lines = @lines.map do |line|
+            in_project_table = true if line.match?(/^\[project\]/)
 
-          if pyproject_object["project"]&.key?("requires-python")
-            pyproject_object["project"]["requires-python"] = ">=#{python_version}"
+            if in_project_table && line.match?(/^requires-python\s*=/)
+              "requires-python = \">=#{python_version}\""
+            else
+              line
+            end
           end
 
-          TomlRB.dump(pyproject_object)
+          @pyproject_content = updated_lines.join("\n")
         end
 
+        sig { params(credentials: T.nilable(Credentials)).returns(T.nilable(Credentials)) }
         def add_auth_env_vars(credentials)
           return unless credentials
 
@@ -68,6 +64,7 @@ module Dependabot
           end
         end
 
+        sig { returns(String) }
         def sanitize
           # No special sanitization needed for UV files at this point
           @pyproject_content
@@ -75,67 +72,13 @@ module Dependabot
 
         private
 
+        sig { returns(T.nilable(Dependabot::DependencyFile)) }
         attr_reader :lockfile
 
-        def parsed_lockfile
-          @parsed_lockfile ||= lockfile ? parse_lockfile(lockfile.content) : {}
-        end
-
-        def parse_lockfile(content)
-          TomlRB.parse(content)
-        rescue TomlRB::ParseError
-          {} # Return empty hash if parsing fails
-        end
-
-        def parsed_lockfile_dependencies
-          return {} unless lockfile
-
-          deps = {}
-          parsed = parsed_lockfile
-
-          # Handle UV lock format (version 1)
-          if parsed["version"] == 1 && parsed["package"].is_a?(Array)
-            parsed["package"].each do |pkg|
-              next unless pkg["name"] && pkg["version"]
-
-              deps[pkg["name"]] = { "version" => pkg["version"] }
-            end
-          # Handle traditional Poetry-style lock format
-          elsif parsed["dependencies"]
-            deps = parsed["dependencies"]
-          end
-
-          deps
-        end
-
-        def locked_version_for_dep(locked_deps, dep_name)
-          locked_deps.each do |name, details|
-            next unless Uv::FileParser.normalize_dependency_name(name) == dep_name
-            return details["version"] if details.is_a?(Hash) && details["version"]
-          end
-          nil
-        end
-
+        sig { params(url: String).returns(String) }
         def sanitize_env_name(url)
           url.gsub(%r{^https?://}, "").gsub(/[^a-zA-Z0-9]/, "_").upcase
         end
-
-        def freeze_dependency(dep_string, deps_to_update_names, locked_deps)
-          dep_match = dep_string.match(/^([^\[\]=<>!]+)(?:\[([^\]]+)\])?/)
-          return dep_string unless dep_match
-
-          dep_name = dep_match[1].strip
-          dep_extra = dep_match[2]
-
-          normalized_name = Uv::FileParser.normalize_dependency_name(dep_name)
-
-          return dep_string if deps_to_update_names.include?(normalized_name)
-
-          version = locked_version_for_dep(locked_deps, normalized_name)
-          return dep_string unless version
-
-          dep_extra ? "#{dep_name}[#{dep_extra}]==#{version}" : "#{dep_name}==#{version}"
-        end
       end
     end
   end

data/lib/dependabot/uv/update_checker.rb

@@ -112,10 +112,6 @@ module Dependabot
       end
 
       def resolver
-        if Dependabot::Experiments.enabled?(:enable_file_parser_python_local)
-          Dependabot.logger.info("Python package resolver : #{resolver_type}")
-        end
-
         case resolver_type
         when :pip_compile then pip_compile_version_resolver
         when :requirements then pip_version_resolver

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-uv
 version: !ruby/object:Gem::Version
-  version: 0.306.0
+  version: 0.308.0
 platform: ruby
 authors:
 - Dependabot
-autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-04-10 00:00:00.000000000 Z
+date: 2025-04-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +15,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.306.0
+        version: 0.308.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.306.0
+        version: 0.308.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -285,8 +284,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.306.0
-post_install_message:
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.308.0
 rdoc_options: []
 require_paths:
 - lib
@@ -301,8 +299,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 3.1.0
 requirements: []
-rubygems_version: 3.5.22
-signing_key:
+rubygems_version: 3.6.3
 specification_version: 4
 summary: Provides Dependabot support for Python uv
 test_files: []