RubyGems - dependabot-uv - Versions diffs - 0.324.0 → 0.325.0 - Mend

dependabot-uv 0.324.0 → 0.325.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml +4 -4
data/helpers/lib/parser.py +22 -0
data/helpers/requirements.txt +1 -1
data/lib/dependabot/uv/file_fetcher.rb +19 -1
metadata +6 -6

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 92b0138b2a802482348f4d0486e9dd5f48dfa8762d32f9495e01c10bcd05cdb8
-  data.tar.gz: f60d953ad7ceb7fa06dc74d82677fd43cf7425dd763a567c8161097bb388c82d
+  metadata.gz: 53b2ddc1809666c76a5532d20555a56ce8388df59ae1c3902fe0da23ab30172f
+  data.tar.gz: 4b2171a1b30c970faa3e9f2841950f44b70358ef700cd895ac63d674a736d070
 SHA512:
-  metadata.gz: 270b22a94e3a16d3d5885ace094935c668f6a3c9608d0c185f4eb030629863efb03f6158cfaf67840e07d7011f361a0f60d04cae9bdef82397436c723fa2677b
-  data.tar.gz: 4cbc5d87ac6919a05159aca0c396b5688abbef23eb156cbfbc0380407066087b87a7a0105ad02fc1338ce18173656932e154eaf800b4c6377e9827110ebd0157
+  metadata.gz: a05a11bbc2b3a32fb29bfe74fd4f5cab2ee5cb9c1ffc9f22782f4d9fcd93004391edf1e6d3e0f5b7841bd4eb7eab4cb5bf6f6bc9688848e9b2fc31e214ead0cf
+  data.tar.gz: 17b9ec05f12a431fd6d359be5dc98c777703d9080a22d221800a5e3d5e034d964fb059bdf465efab12566b6f0d8c1e34585408a7c5aa4ea8e55bbfb50b968213

data/helpers/lib/parser.py CHANGED Viewed

@@ -132,6 +132,28 @@ def parse_pep621_pep735_dependencies(pyproject_path):
             )
             dependencies.extend(build_system_dependencies)
+    # Parse UV sources for path dependencies
+    if (
+        'tool' in project_toml
+        and 'uv' in project_toml['tool']
+        and 'sources' in project_toml['tool']['uv']
+    ):
+        uv_sources = project_toml['tool']['uv']['sources']
+        for dep_name, source_config in uv_sources.items():
+            if isinstance(source_config, dict) and 'path' in source_config:
+                # Add path dependency info
+                # but don't parse as regular dependency
+                dependencies.append({
+                    "name": dep_name,
+                    "version": None,
+                    "markers": None,
+                    "file": pyproject_path,
+                    "requirement": None,
+                    "extras": [],
+                    "path_dependency": True,
+                    "path": source_config['path']
+                })
     return json.dumps({"result": dependencies})

data/helpers/requirements.txt CHANGED Viewed

@@ -7,7 +7,7 @@ plette==2.1.0
 poetry==1.8.5
 # TODO: Replace 3p package `tomli` with 3.11's new stdlib `tomllib` once we drop support for Python 3.10.
 tomli==2.0.1
-uv==0.8.0
+uv==0.8.4
 # Some dependencies will only install if Cython is present
 Cython==3.0.10

data/lib/dependabot/uv/file_fetcher.rb CHANGED Viewed

@@ -277,7 +277,8 @@ module Dependabot
       def path_dependencies
         [
           *requirement_txt_path_dependencies,
-          *requirement_in_path_dependencies
+          *requirement_in_path_dependencies,
+          *uv_sources_path_dependencies
         ]
       end
@@ -322,6 +323,23 @@ module Dependabot
         @requirements_in_file_matcher ||= RequiremenstFileMatcher.new(requirements_in_files)
       end
+      def uv_sources_path_dependencies
+        return [] unless pyproject
+        uv_sources = parsed_pyproject.dig("tool", "uv", "sources")
+        return [] unless uv_sources
+        uv_sources.filter_map do |name, source_config|
+          if source_config.is_a?(Hash) && source_config["path"]
+            {
+              name: name,
+              path: source_config["path"],
+              file: pyproject.name
+            }
+          end
+        end
+      end
       def fetch_requirement_files_from_path(path = nil)
         contents = path ? repo_contents(dir: path) : repo_contents
         filter_requirement_files(contents, base_path: path)

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-uv
 version: !ruby/object:Gem::Version
-  version: 0.324.0
+  version: 0.325.0
 platform: ruby
 authors:
 - Dependabot
@@ -15,14 +15,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.324.0
+        version: 0.325.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.324.0
+        version: 0.325.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -183,14 +183,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.2'
+        version: 2.2.5
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.2'
+        version: 2.2.5
 - !ruby/object:Gem::Dependency
   name: vcr
   requirement: !ruby/object:Gem::Requirement
@@ -284,7 +284,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.324.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.325.0
 rdoc_options: []
 require_paths:
 - lib