dependabot-uv 0.334.0 → 0.336.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (19) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/uv/file_fetcher.rb +13 -7
  3. data/lib/dependabot/uv/file_parser/pyproject_files_parser.rb +24 -14
  4. data/lib/dependabot/uv/file_parser/python_requirement_parser.rb +4 -2
  5. data/lib/dependabot/uv/file_parser.rb +42 -20
  6. data/lib/dependabot/uv/file_updater/compile_file_updater.rb +4 -2
  7. data/lib/dependabot/uv/file_updater/lock_file_updater.rb +16 -8
  8. data/lib/dependabot/uv/file_updater/requirement_replacer.rb +8 -2
  9. data/lib/dependabot/uv/language.rb +6 -3
  10. data/lib/dependabot/uv/metadata_finder.rb +6 -3
  11. data/lib/dependabot/uv/name_normaliser.rb +1 -1
  12. data/lib/dependabot/uv/package/package_details_fetcher.rb +5 -5
  13. data/lib/dependabot/uv/pipenv_runner.rb +2 -0
  14. data/lib/dependabot/uv/requirement.rb +7 -4
  15. data/lib/dependabot/uv/update_checker/pip_compile_version_resolver.rb +8 -4
  16. data/lib/dependabot/uv/update_checker/pip_version_resolver.rb +9 -2
  17. data/lib/dependabot/uv/update_checker/requirements_updater.rb +18 -8
  18. data/lib/dependabot/uv/version.rb +8 -4
  19. metadata +12 -12
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d33fb6467447d471f5837f3fa4048712f316dd1f83151b6dbec06aaa0ab59443
4
- data.tar.gz: 1d6f177e73bfabbf8e7c2b109743b3e286fc6442782c36f86531a112ff57ca8a
3
+ metadata.gz: c071ace9b123eeed8c32658db6ae81bd8269326d762a405d76b88d310a445578
4
+ data.tar.gz: 8303a82e77979335f79ab94b3e5f49d1d77a425c1576e1640af28812124b9bd3
5
5
  SHA512:
6
- metadata.gz: 3b066937a53650a2de41089575327718d80b63566da805f13aba01f75cf1b940de5787873b873769b3904e664da4293d7b44e35beb891917edfa74afdbf4cb86
7
- data.tar.gz: e2e942f0af3f09b03dcb913ad2c214cfb2e9dc7f7ebe80d12407afb5b989d3535d1e0e7f90e106cfd912ac71ac3d452dead20856298a528e8c535ef65577fdf7
6
+ metadata.gz: 6ba8f522b0215bf342cd653ec8a84f3b098a7a3509c7ab533655752843bda4a629804605e23b03bce5279cbbdd29b072ea4ba29221064c2606224d26b70ca43e
7
+ data.tar.gz: d0ebaea67945d4ec2df4aa16cc6bc8f2c0c4ca77d65cef001e736e2df2137a8a64832847554cfcafbd7ecae17c618ae75c2f8d86b9e9984689a6834c18f8a6bf
data/lib/dependabot/uv/file_fetcher.rb CHANGED
@@ -24,10 +24,13 @@ module Dependabot
24
24
  CHILD_REQUIREMENT_REGEX = /^-r\s?(?<path>.*\.(?:txt|in))/
25
25
  CONSTRAINT_REGEX = /^-c\s?(?<path>.*\.(?:txt|in))/
26
26
  DEPENDENCY_TYPES = %w(packages dev-packages).freeze
27
- REQUIREMENT_FILE_PATTERNS = T.let({
28
- extensions: [".txt", ".in"],
29
- filenames: ["uv.lock"]
30
- }.freeze, T::Hash[Symbol, T::Array[String]])
27
+ REQUIREMENT_FILE_PATTERNS = T.let(
28
+ {
29
+ extensions: [".txt", ".in"],
30
+ filenames: ["uv.lock"]
31
+ }.freeze,
32
+ T::Hash[Symbol, T::Array[String]]
33
+ )
31
34
 
32
35
  MAX_FILE_SIZE = 500_000
33
36
 
@@ -217,7 +220,8 @@ module Dependabot
217
220
  fetched_files += child_files
218
221
  child_files
219
222
  end
220
- end, T.nilable(T::Array[Dependabot::DependencyFile])
223
+ end,
224
+ T.nilable(T::Array[Dependabot::DependencyFile])
221
225
  )
222
226
  end
223
227
 
@@ -404,8 +408,10 @@ module Dependabot
404
408
 
405
409
  sig { returns(Dependabot::Uv::RequiremenstFileMatcher) }
406
410
  def requirements_in_file_matcher
407
- @requirements_in_file_matcher ||= T.let(RequiremenstFileMatcher.new(requirements_in_files),
408
- T.nilable(Dependabot::Uv::RequiremenstFileMatcher))
411
+ @requirements_in_file_matcher ||= T.let(
412
+ RequiremenstFileMatcher.new(requirements_in_files),
413
+ T.nilable(Dependabot::Uv::RequiremenstFileMatcher)
414
+ )
409
415
  end
410
416
 
411
417
  sig { returns(T::Array[PathDependency]) }
data/lib/dependabot/uv/file_parser/pyproject_files_parser.rb CHANGED
@@ -86,15 +86,15 @@ module Dependabot
86
86
  # probably blocked. Ignore it.
87
87
  next if dep["markers"].include?("<")
88
88
 
89
- # If no requirement, don't add it
90
- next if dep["requirement"].empty?
89
+ # In uv no constraint means any version is acceptable
90
+ requirement_value = dep["requirement"].empty? ? "*" : dep["requirement"]
91
91
 
92
92
  dependencies <<
93
93
  Dependency.new(
94
94
  name: normalised_name(dep["name"], dep["extras"]),
95
95
  version: dep["version"]&.include?("*") ? nil : dep["version"],
96
96
  requirements: [{
97
- requirement: dep["requirement"],
97
+ requirement: requirement_value,
98
98
  file: Pathname.new(dep["file"]).cleanpath.to_path,
99
99
  source: nil,
100
100
  groups: [dep["requirement_type"]].compact
@@ -107,9 +107,11 @@ module Dependabot
107
107
  end
108
108
 
109
109
  sig do
110
- params(type: String,
111
- deps_hash: T::Hash[String,
112
- T.untyped]).returns(Dependabot::FileParsers::Base::DependencySet)
110
+ params(
111
+ type: String,
112
+ deps_hash: T::Hash[String,
113
+ T.untyped]
114
+ ).returns(Dependabot::FileParsers::Base::DependencySet)
113
115
  end
114
116
  def parse_poetry_dependency_group(type, deps_hash)
115
117
  dependencies = Dependabot::FileParsers::Base::DependencySet.new
@@ -218,8 +220,10 @@ module Dependabot
218
220
 
219
221
  sig { returns(T::Array[T.nilable(String)]) }
220
222
  def production_dependency_names
221
- @production_dependency_names ||= T.let(parse_production_dependency_names,
222
- T.nilable(T::Array[T.nilable(String)]))
223
+ @production_dependency_names ||= T.let(
224
+ parse_production_dependency_names,
225
+ T.nilable(T::Array[T.nilable(String)])
226
+ )
223
227
  end
224
228
 
225
229
  sig { returns(T::Array[T.nilable(String)]) }
@@ -283,8 +287,10 @@ module Dependabot
283
287
 
284
288
  sig { returns(T.nilable(Dependabot::DependencyFile)) }
285
289
  def pyproject
286
- @pyproject ||= T.let(dependency_files.find { |f| f.name == "pyproject.toml" },
287
- T.nilable(Dependabot::DependencyFile))
290
+ @pyproject ||= T.let(
291
+ dependency_files.find { |f| f.name == "pyproject.toml" },
292
+ T.nilable(Dependabot::DependencyFile)
293
+ )
288
294
  end
289
295
 
290
296
  sig { returns(T.untyped) }
@@ -319,14 +325,18 @@ module Dependabot
319
325
 
320
326
  sig { returns(T.nilable(Dependabot::DependencyFile)) }
321
327
  def poetry_lock
322
- @poetry_lock ||= T.let(dependency_files.find { |f| f.name == "poetry.lock" },
323
- T.nilable(Dependabot::DependencyFile))
328
+ @poetry_lock ||= T.let(
329
+ dependency_files.find { |f| f.name == "poetry.lock" },
330
+ T.nilable(Dependabot::DependencyFile)
331
+ )
324
332
  end
325
333
 
326
334
  sig { returns(T.nilable(Dependabot::DependencyFile)) }
327
335
  def pdm_lock
328
- @pdm_lock ||= T.let(dependency_files.find { |f| f.name == "pdm.lock" },
329
- T.nilable(Dependabot::DependencyFile))
336
+ @pdm_lock ||= T.let(
337
+ dependency_files.find { |f| f.name == "pdm.lock" },
338
+ T.nilable(Dependabot::DependencyFile)
339
+ )
330
340
  end
331
341
  end
332
342
  end
data/lib/dependabot/uv/file_parser/python_requirement_parser.rb CHANGED
@@ -122,8 +122,10 @@ module Dependabot
122
122
 
123
123
  sig { returns(T.nilable(RequiremenstFileMatcher)) }
124
124
  def requirements_in_file_matcher
125
- @requirements_in_file_matcher = T.let(RequiremenstFileMatcher.new(pip_compile_files),
126
- T.nilable(RequiremenstFileMatcher))
125
+ @requirements_in_file_matcher = T.let(
126
+ RequiremenstFileMatcher.new(pip_compile_files),
127
+ T.nilable(RequiremenstFileMatcher)
128
+ )
127
129
  end
128
130
 
129
131
  sig { returns(T.class_of(Dependabot::Uv::Requirement)) }
data/lib/dependabot/uv/file_parser.rb CHANGED
@@ -25,16 +25,19 @@ module Dependabot
25
25
  require_relative "file_parser/pyproject_files_parser"
26
26
  require_relative "file_parser/python_requirement_parser"
27
27
 
28
- DEPENDENCY_GROUP_KEYS = T.let([
29
- {
30
- pipfile: "packages",
31
- lockfile: "default"
32
- },
33
- {
34
- pipfile: "dev-packages",
35
- lockfile: "develop"
36
- }
37
- ].freeze, T::Array[T::Hash[Symbol, String]])
28
+ DEPENDENCY_GROUP_KEYS = T.let(
29
+ [
30
+ {
31
+ pipfile: "packages",
32
+ lockfile: "default"
33
+ },
34
+ {
35
+ pipfile: "dev-packages",
36
+ lockfile: "develop"
37
+ }
38
+ ].freeze,
39
+ T::Array[T::Hash[Symbol, String]]
40
+ )
38
41
  REQUIREMENT_FILE_EVALUATION_ERRORS = %w(
39
42
  InstallationError RequirementsFileParseError InvalidMarker
40
43
  InvalidRequirement ValueError RecursionError
@@ -78,14 +81,24 @@ module Dependabot
78
81
 
79
82
  sig { returns(LanguageVersionManager) }
80
83
  def language_version_manager
81
- @language_version_manager ||= T.let(LanguageVersionManager.new(python_requirement_parser:
82
- python_requirement_parser), T.nilable(LanguageVersionManager))
84
+ @language_version_manager ||= T.let(
85
+ LanguageVersionManager.new(
86
+ python_requirement_parser:
87
+ python_requirement_parser
88
+ ),
89
+ T.nilable(LanguageVersionManager)
90
+ )
83
91
  end
84
92
 
85
93
  sig { returns(FileParser::PythonRequirementParser) }
86
94
  def python_requirement_parser
87
- @python_requirement_parser ||= T.let(PythonRequirementParser.new(dependency_files:
88
- dependency_files), T.nilable(PythonRequirementParser))
95
+ @python_requirement_parser ||= T.let(
96
+ PythonRequirementParser.new(
97
+ dependency_files:
98
+ dependency_files
99
+ ),
100
+ T.nilable(PythonRequirementParser)
101
+ )
89
102
  end
90
103
 
91
104
  sig { returns(Ecosystem::VersionManager) }
@@ -192,8 +205,13 @@ module Dependabot
192
205
 
193
206
  sig { returns(DependencySet) }
194
207
  def pyproject_file_dependencies
195
- @pyproject_file_dependencies ||= T.let(PyprojectFilesParser.new(dependency_files:
196
- dependency_files).dependency_set, T.nilable(DependencySet))
208
+ @pyproject_file_dependencies ||= T.let(
209
+ PyprojectFilesParser.new(
210
+ dependency_files:
211
+ dependency_files
212
+ ).dependency_set,
213
+ T.nilable(DependencySet)
214
+ )
197
215
  end
198
216
 
199
217
  sig { returns(DependencySet) }
@@ -290,8 +308,10 @@ module Dependabot
290
308
  end
291
309
 
292
310
  sig do
293
- params(condition: T.untyped,
294
- python_version: T.any(String, Integer, Gem::Version)).returns(T::Boolean)
311
+ params(
312
+ condition: T.untyped,
313
+ python_version: T.any(String, Integer, Gem::Version)
314
+ ).returns(T::Boolean)
295
315
  end
296
316
  def evaluate_condition?(condition, python_version)
297
317
  operator, version = condition.match(/([<>=!]=?)\s*"?([\d.]+)"?/)&.captures
@@ -391,8 +411,10 @@ module Dependabot
391
411
 
392
412
  sig { returns(RequiremenstFileMatcher) }
393
413
  def requirements_in_file_matcher
394
- @requirements_in_file_matcher ||= T.let(RequiremenstFileMatcher.new(requirements_in_files),
395
- T.nilable(RequiremenstFileMatcher))
414
+ @requirements_in_file_matcher ||= T.let(
415
+ RequiremenstFileMatcher.new(requirements_in_files),
416
+ T.nilable(RequiremenstFileMatcher)
417
+ )
396
418
  end
397
419
  end
398
420
  end
data/lib/dependabot/uv/file_updater/compile_file_updater.rb CHANGED
@@ -26,8 +26,10 @@ module Dependabot
26
26
  require_relative "requirement_file_updater"
27
27
 
28
28
  UNSAFE_PACKAGES = T.let(%w(setuptools distribute pip).freeze, T::Array[String])
29
- INCOMPATIBLE_VERSIONS_REGEX = T.let(/There are incompatible versions in the resolved dependencies:.*\z/m,
30
- Regexp)
29
+ INCOMPATIBLE_VERSIONS_REGEX = T.let(
30
+ /There are incompatible versions in the resolved dependencies:.*\z/m,
31
+ Regexp
32
+ )
31
33
  WARNINGS = T.let(/\s*# WARNING:.*\Z/m, Regexp)
32
34
  UNSAFE_NOTE = T.let(/\s*# The following packages are considered to be unsafe.*\Z/m, Regexp)
33
35
  RESOLVER_REGEX = T.let(/(?<=--resolver=)(\w+)/, Regexp)
data/lib/dependabot/uv/file_updater/lock_file_updater.rb CHANGED
@@ -55,8 +55,10 @@ module Dependabot
55
55
 
56
56
  sig { returns(T::Array[Dependabot::DependencyFile]) }
57
57
  def updated_dependency_files
58
- @updated_dependency_files ||= T.let(fetch_updated_dependency_files,
59
- T.nilable(T::Array[Dependabot::DependencyFile]))
58
+ @updated_dependency_files ||= T.let(
59
+ fetch_updated_dependency_files,
60
+ T.nilable(T::Array[Dependabot::DependencyFile])
61
+ )
60
62
  end
61
63
 
62
64
  private
@@ -154,8 +156,10 @@ module Dependabot
154
156
 
155
157
  # Restore the original requires-python if it exists
156
158
  if original_requires_python
157
- result = result.gsub(/requires-python\s*=\s*["'][^"']+["']/,
158
- "requires-python = \"#{original_requires_python}\"")
159
+ result = result.gsub(
160
+ /requires-python\s*=\s*["'][^"']+["']/,
161
+ "requires-python = \"#{original_requires_python}\""
162
+ )
159
163
  end
160
164
 
161
165
  result
@@ -355,7 +359,8 @@ module Dependabot
355
359
  @python_requirement_parser ||= T.let(
356
360
  FileParser::PythonRequirementParser.new(
357
361
  dependency_files: dependency_files
358
- ), T.nilable(FileParser::PythonRequirementParser)
362
+ ),
363
+ T.nilable(FileParser::PythonRequirementParser)
359
364
  )
360
365
  end
361
366
 
@@ -364,14 +369,17 @@ module Dependabot
364
369
  @language_version_manager ||= T.let(
365
370
  LanguageVersionManager.new(
366
371
  python_requirement_parser: python_requirement_parser
367
- ), T.nilable(LanguageVersionManager)
372
+ ),
373
+ T.nilable(LanguageVersionManager)
368
374
  )
369
375
  end
370
376
 
371
377
  sig { returns(T.nilable(Dependabot::DependencyFile)) }
372
378
  def pyproject
373
- @pyproject ||= T.let(dependency_files.find { |f| f.name == "pyproject.toml" },
374
- T.nilable(Dependabot::DependencyFile))
379
+ @pyproject ||= T.let(
380
+ dependency_files.find { |f| f.name == "pyproject.toml" },
381
+ T.nilable(Dependabot::DependencyFile)
382
+ )
375
383
  end
376
384
 
377
385
  sig { returns(T.nilable(Dependabot::DependencyFile)) }
data/lib/dependabot/uv/file_updater/requirement_replacer.rb CHANGED
@@ -30,8 +30,14 @@ module Dependabot
30
30
  index_urls: T.nilable(T::Array[T.nilable(String)])
31
31
  ).void
32
32
  end
33
- def initialize(content:, dependency_name:, old_requirement:,
34
- new_requirement:, new_hash_version: nil, index_urls: nil)
33
+ def initialize(
34
+ content:,
35
+ dependency_name:,
36
+ old_requirement:,
37
+ new_requirement:,
38
+ new_hash_version: nil,
39
+ index_urls: nil
40
+ )
35
41
  @content = T.let(content, String)
36
42
  @dependency_name = T.let(normalise(dependency_name), String)
37
43
  @old_requirement = T.let(old_requirement, T.nilable(String))
data/lib/dependabot/uv/language.rb CHANGED
@@ -23,9 +23,12 @@ module Dependabot
23
23
  3.9.23
24
24
  ).freeze
25
25
 
26
- PRE_INSTALLED_PYTHON_VERSIONS = T.let(PRE_INSTALLED_PYTHON_VERSIONS_RAW.map do |v|
27
- Version.new(v)
28
- end.sort, T::Array[Version])
26
+ PRE_INSTALLED_PYTHON_VERSIONS = T.let(
27
+ PRE_INSTALLED_PYTHON_VERSIONS_RAW.map do |v|
28
+ Version.new(v)
29
+ end.sort,
30
+ T::Array[Version]
31
+ )
29
32
 
30
33
  PRE_INSTALLED_VERSIONS_MAP = T.let(
31
34
  PRE_INSTALLED_PYTHON_VERSIONS.to_h do |v|
data/lib/dependabot/uv/metadata_finder.rb CHANGED
@@ -94,7 +94,8 @@ module Dependabot
94
94
  next unless response.status == 200
95
95
 
96
96
  response.body.include?(normalised_dependency_name)
97
- end, T.nilable(String)
97
+ end,
98
+ T.nilable(String)
98
99
  )
99
100
  end
100
101
  # rubocop:enable Metrics/PerceivedComplexity
@@ -126,7 +127,8 @@ module Dependabot
126
127
  next unless response.status == 200
127
128
 
128
129
  response.body.include?(normalised_dependency_name)
129
- end, T.nilable(String)
130
+ end,
131
+ T.nilable(String)
130
132
  )
131
133
  end
132
134
  # rubocop:enable Metrics/PerceivedComplexity
@@ -147,7 +149,8 @@ module Dependabot
147
149
  rescue Excon::Error::Timeout, Excon::Error::Socket,
148
150
  Excon::Error::TooManyRedirects, ArgumentError
149
151
  nil
150
- end, T.nilable(Excon::Response)
152
+ end,
153
+ T.nilable(Excon::Response)
151
154
  )
152
155
 
153
156
  return unless @homepage_response&.status == 200
data/lib/dependabot/uv/name_normaliser.rb CHANGED
@@ -1,4 +1,4 @@
1
- # typed: strict
1
+ # typed: strong
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "sorbet-runtime"
data/lib/dependabot/uv/package/package_details_fetcher.rb CHANGED
@@ -69,12 +69,12 @@ module Dependabot
69
69
  .select { |index_url| validate_index(index_url) } # Ensure only valid URLs
70
70
  .flat_map do |index_url|
71
71
  fetch_from_registry(index_url) || [] # Ensure it always returns an array
72
- rescue Excon::Error::Timeout, Excon::Error::Socket
73
- raise if MAIN_PYPI_INDEXES.include?(index_url)
72
+ rescue Excon::Error::Timeout, Excon::Error::Socket
73
+ raise if MAIN_PYPI_INDEXES.include?(index_url)
74
74
 
75
- raise PrivateSourceTimedOut, sanitized_url(index_url)
76
- rescue URI::InvalidURIError
77
- raise DependencyFileNotResolvable, "Invalid URL: #{sanitized_url(index_url)}"
75
+ raise PrivateSourceTimedOut, sanitized_url(index_url)
76
+ rescue URI::InvalidURIError
77
+ raise DependencyFileNotResolvable, "Invalid URL: #{sanitized_url(index_url)}"
78
78
  end
79
79
 
80
80
  Dependabot::Package::PackageDetails.new(
data/lib/dependabot/uv/pipenv_runner.rb CHANGED
@@ -57,8 +57,10 @@ module Dependabot
57
57
 
58
58
  sig { returns(Dependabot::Dependency) }
59
59
  attr_reader :dependency
60
+
60
61
  sig { returns(T.nilable(Dependabot::DependencyFile)) }
61
62
  attr_reader :lockfile
63
+
62
64
  sig { returns(LanguageVersionManager) }
63
65
  attr_reader :language_version_manager
64
66
 
data/lib/dependabot/uv/requirement.rb CHANGED
@@ -15,10 +15,13 @@ module Dependabot
15
15
  OR_SEPARATOR = T.let(/(?<=[a-zA-Z0-9)*])\s*\|+/, Regexp)
16
16
 
17
17
  # Add equality and arbitrary-equality matchers
18
- OPS = T.let(OPS.merge(
19
- "==" => ->(v, r) { v == r },
20
- "===" => ->(v, r) { v.to_s == r.to_s }
21
- ), T::Hash[String, T.proc.params(arg0: T.untyped, arg1: T.untyped).returns(T.untyped)])
18
+ OPS = T.let(
19
+ OPS.merge(
20
+ "==" => ->(v, r) { v == r },
21
+ "===" => ->(v, r) { v.to_s == r.to_s }
22
+ ),
23
+ T::Hash[String, T.proc.params(arg0: T.untyped, arg1: T.untyped).returns(T.untyped)]
24
+ )
22
25
 
23
26
  quoted = OPS.keys.sort_by(&:length).reverse
24
27
  .map { |k| Regexp.quote(k) }.join("|")
data/lib/dependabot/uv/update_checker/pip_compile_version_resolver.rb CHANGED
@@ -365,8 +365,10 @@ module Dependabot
365
365
  sig do
366
366
  params(updated_req: T.nilable(String), update_requirement: T::Boolean).void
367
367
  end
368
- def write_temporary_dependency_files(updated_req: nil,
369
- update_requirement: true)
368
+ def write_temporary_dependency_files(
369
+ updated_req: nil,
370
+ update_requirement: true
371
+ )
370
372
  dependency_files.each do |file|
371
373
  path = file.name
372
374
  FileUtils.mkdir_p(Pathname.new(path).dirname)
@@ -526,7 +528,8 @@ module Dependabot
526
528
  @python_requirement_parser ||= T.let(
527
529
  FileParser::PythonRequirementParser.new(
528
530
  dependency_files: dependency_files
529
- ), T.nilable(FileParser::PythonRequirementParser)
531
+ ),
532
+ T.nilable(FileParser::PythonRequirementParser)
530
533
  )
531
534
  end
532
535
 
@@ -535,7 +538,8 @@ module Dependabot
535
538
  @language_version_manager ||= T.let(
536
539
  LanguageVersionManager.new(
537
540
  python_requirement_parser: python_requirement_parser
538
- ), T.nilable(LanguageVersionManager)
541
+ ),
542
+ T.nilable(LanguageVersionManager)
539
543
  )
540
544
  end
541
545
 
data/lib/dependabot/uv/update_checker/pip_version_resolver.rb CHANGED
@@ -25,8 +25,15 @@ module Dependabot
25
25
  raise_on_ignored: T::Boolean
26
26
  ).void
27
27
  end
28
- def initialize(dependency:, dependency_files:, credentials:,
29
- ignored_versions:, security_advisories:, update_cooldown: nil, raise_on_ignored: false)
28
+ def initialize(
29
+ dependency:,
30
+ dependency_files:,
31
+ credentials:,
32
+ ignored_versions:,
33
+ security_advisories:,
34
+ update_cooldown: nil,
35
+ raise_on_ignored: false
36
+ )
30
37
  @dependency = T.let(dependency, Dependabot::Dependency)
31
38
  @dependency_files = T.let(dependency_files, T::Array[Dependabot::DependencyFile])
32
39
  @credentials = T.let(credentials, T::Array[Dependabot::Credential])
data/lib/dependabot/uv/update_checker/requirements_updater.rb CHANGED
@@ -40,8 +40,12 @@ module Dependabot
40
40
  latest_resolvable_version: T.nilable(String)
41
41
  ).void
42
42
  end
43
- def initialize(requirements:, update_strategy:, has_lockfile:,
44
- latest_resolvable_version:)
43
+ def initialize(
44
+ requirements:,
45
+ update_strategy:,
46
+ has_lockfile:,
47
+ latest_resolvable_version:
48
+ )
45
49
  @requirements = T.let(requirements, T::Array[T::Hash[Symbol, T.untyped]])
46
50
  @update_strategy = T.let(update_strategy, Dependabot::RequirementsUpdateStrategy)
47
51
  @has_lockfile = T.let(has_lockfile, T::Boolean)
@@ -174,9 +178,11 @@ module Dependabot
174
178
 
175
179
  sig { params(req_string: String).returns(String) }
176
180
  def add_new_requirement_option(req_string)
177
- option_to_copy = T.must(T.must(req_string.split(PYPROJECT_OR_SEPARATOR).last)
178
- .split(PYPROJECT_SEPARATOR).first).strip
179
- operator = option_to_copy.gsub(/\d.*/, "").strip
181
+ option_to_copy = T.must(
182
+ T.must(req_string.split(PYPROJECT_OR_SEPARATOR).last)
183
+ .split(PYPROJECT_SEPARATOR).first
184
+ ).strip
185
+ operator = option_to_copy.gsub(/\d.*/, "").strip
180
186
 
181
187
  new_option =
182
188
  case operator
@@ -337,9 +343,13 @@ module Dependabot
337
343
  # Updates the version in a constraint to be the given version
338
344
  sig { params(req_string: String, version_to_be_permitted: String).returns(String) }
339
345
  def bump_version(req_string, version_to_be_permitted)
340
- old_version = T.must(T.must(req_string
341
- .match(/(#{RequirementParser::VERSION})/o))
342
- .captures.first)
346
+ old_version = T.must(
347
+ T.must(
348
+ req_string
349
+ .match(/(#{RequirementParser::VERSION})/o)
350
+ )
351
+ .captures.first
352
+ )
343
353
 
344
354
  req_string.sub(
345
355
  old_version,
data/lib/dependabot/uv/version.rb CHANGED
@@ -92,14 +92,18 @@ module Dependabot
92
92
 
93
93
  @epoch = T.let(matches["epoch"].to_i, Integer)
94
94
  @release_segment = T.let(matches["release"]&.split(".")&.map(&:to_i) || [], T::Array[Integer])
95
- @pre = T.let(parse_letter_version(matches["pre_l"], matches["pre_n"]),
96
- T.nilable(T::Array[T.any(String, Integer)]))
95
+ @pre = T.let(
96
+ parse_letter_version(matches["pre_l"], matches["pre_n"]),
97
+ T.nilable(T::Array[T.any(String, Integer)])
98
+ )
97
99
  @post = T.let(
98
100
  parse_letter_version(matches["post_l"], matches["post_n1"] || matches["post_n2"]),
99
101
  T.nilable(T::Array[T.any(String, Integer)])
100
102
  )
101
- @dev = T.let(parse_letter_version(matches["dev_l"], matches["dev_n"]),
102
- T.nilable(T::Array[T.any(String, Integer)]))
103
+ @dev = T.let(
104
+ parse_letter_version(matches["dev_l"], matches["dev_n"]),
105
+ T.nilable(T::Array[T.any(String, Integer)])
106
+ )
103
107
  @local = T.let(parse_local_version(matches["local"]), T.nilable(T::Array[T.any(String, Integer)]))
104
108
  super(matches["release"] || "")
105
109
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-uv
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.334.0
4
+ version: 0.336.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -15,14 +15,14 @@ dependencies:
15
15
  requirements:
16
16
  - - '='
17
17
  - !ruby/object:Gem::Version
18
- version: 0.334.0
18
+ version: 0.336.0
19
19
  type: :runtime
20
20
  prerelease: false
21
21
  version_requirements: !ruby/object:Gem::Requirement
22
22
  requirements:
23
23
  - - '='
24
24
  - !ruby/object:Gem::Version
25
- version: 0.334.0
25
+ version: 0.336.0
26
26
  - !ruby/object:Gem::Dependency
27
27
  name: debug
28
28
  requirement: !ruby/object:Gem::Requirement
@@ -113,56 +113,56 @@ dependencies:
113
113
  requirements:
114
114
  - - "~>"
115
115
  - !ruby/object:Gem::Version
116
- version: '1.67'
116
+ version: '1.80'
117
117
  type: :development
118
118
  prerelease: false
119
119
  version_requirements: !ruby/object:Gem::Requirement
120
120
  requirements:
121
121
  - - "~>"
122
122
  - !ruby/object:Gem::Version
123
- version: '1.67'
123
+ version: '1.80'
124
124
  - !ruby/object:Gem::Dependency
125
125
  name: rubocop-performance
126
126
  requirement: !ruby/object:Gem::Requirement
127
127
  requirements:
128
128
  - - "~>"
129
129
  - !ruby/object:Gem::Version
130
- version: '1.22'
130
+ version: '1.26'
131
131
  type: :development
132
132
  prerelease: false
133
133
  version_requirements: !ruby/object:Gem::Requirement
134
134
  requirements:
135
135
  - - "~>"
136
136
  - !ruby/object:Gem::Version
137
- version: '1.22'
137
+ version: '1.26'
138
138
  - !ruby/object:Gem::Dependency
139
139
  name: rubocop-rspec
140
140
  requirement: !ruby/object:Gem::Requirement
141
141
  requirements:
142
142
  - - "~>"
143
143
  - !ruby/object:Gem::Version
144
- version: '2.29'
144
+ version: '3.7'
145
145
  type: :development
146
146
  prerelease: false
147
147
  version_requirements: !ruby/object:Gem::Requirement
148
148
  requirements:
149
149
  - - "~>"
150
150
  - !ruby/object:Gem::Version
151
- version: '2.29'
151
+ version: '3.7'
152
152
  - !ruby/object:Gem::Dependency
153
153
  name: rubocop-sorbet
154
154
  requirement: !ruby/object:Gem::Requirement
155
155
  requirements:
156
156
  - - "~>"
157
157
  - !ruby/object:Gem::Version
158
- version: '0.8'
158
+ version: '0.10'
159
159
  type: :development
160
160
  prerelease: false
161
161
  version_requirements: !ruby/object:Gem::Requirement
162
162
  requirements:
163
163
  - - "~>"
164
164
  - !ruby/object:Gem::Version
165
- version: '0.8'
165
+ version: '0.10'
166
166
  - !ruby/object:Gem::Dependency
167
167
  name: simplecov
168
168
  requirement: !ruby/object:Gem::Requirement
@@ -284,7 +284,7 @@ licenses:
284
284
  - MIT
285
285
  metadata:
286
286
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
287
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.334.0
287
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.336.0
288
288
  rdoc_options: []
289
289
  require_paths:
290
290
  - lib