dependabot-uv 0.349.0 → 0.351.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 55b564d1c18b3b690b6bd6b857c47e618ec6f6350d316642ddcd33150daa8181
-  data.tar.gz: 0e5737a7ae48bd53c845c6346eccb2a74ae34a6b6a71d8a2ec885387479cca71
+  metadata.gz: f74cec4813c7f6b11b51b6f73a10db68327ca41a2737e469ba5d9ea3b4612bea
+  data.tar.gz: e17b701d94aeafdca486c2303d23ea3b423eebbddd93d347ce1224160920cab5
 SHA512:
-  metadata.gz: 60b62b77c2f49a0c1a8993cf37af124492cf17c5185478fe121fbf9ae594d5d3cda5481039487806384ca4f86f250bafd914fc3379498635140ac62eda6a493c
-  data.tar.gz: 4873f91475324508c1bb7b3fc24af31561bdef46488249c3e94d6d252ac0812d2465fdfd0563b839cd2526eafe474fcac1a4361880ee463b90e5a708df83646d
+  metadata.gz: 32c427d81b22edb5d8b145ced9080a7fca9264e371da8f4a9ff5ca57c89b58f69179b4ade15620e24bb6a5d43194d959489d0c10942b050be8fb5e0c13327121
+  data.tar.gz: 615a296656b8957f897e5b17e3f951b143579bbc08aa8e8c806928bcd3e3349e4f0e3a54f0dcf3b5449fa7c8b6a892677e9a865925ec1fb044094ee35f4de527

data/helpers/requirements.txt

@@ -7,7 +7,7 @@ plette==2.1.0
 poetry==1.8.5
 # TODO: Replace 3p package `tomli` with 3.11's new stdlib `tomllib` once we drop support for Python 3.10.
 tomli==2.0.1
-uv==0.9.8
+uv==0.9.11
 
 # Some dependencies will only install if Cython is present
 Cython==3.0.10

data/lib/dependabot/uv/authed_url_builder.rb

@@ -2,35 +2,11 @@
 # frozen_string_literal: true
 
 require "sorbet-runtime"
+require "dependabot/python/authed_url_builder"
 
 module Dependabot
   module Uv
-    class AuthedUrlBuilder
-      extend T::Sig
-
-      sig { params(credential: Credential).returns(String) }
-      def self.authed_url(credential:)
-        token = T.let(credential.fetch("token", nil), T.nilable(String))
-        url = T.let(credential.fetch("index-url", nil), T.nilable(String))
-        return "" unless url
-        return url unless token
-
-        basic_auth_details =
-          if token.ascii_only? && token.include?(":") then token
-          elsif Base64.decode64(token).ascii_only? &&
-                Base64.decode64(token).include?(":")
-            Base64.decode64(token)
-          else
-            token
-          end
-
-        if basic_auth_details.include?(":")
-          username, _, password = basic_auth_details.partition(":")
-          basic_auth_details = "#{CGI.escape(username)}:#{CGI.escape(password)}"
-        end
-
-        url.sub("://", "://#{basic_auth_details}@")
-      end
-    end
+    # UV uses the same authenticated URL building logic as Python
+    AuthedUrlBuilder = Dependabot::Python::AuthedUrlBuilder
   end
 end

data/lib/dependabot/uv/file_updater/lock_file_updater.rb

@@ -127,16 +127,39 @@ module Dependabot
         def replace_dep(dep, content, new_r, old_r)
           new_req = new_r[:requirement]
           old_req = old_r[:requirement]
+          escaped_name = Regexp.escape(dep.name)
 
-          declaration_regex = declaration_regex(dep, old_r)
-          declaration_match = content.match(declaration_regex)
-          if declaration_match
-            declaration = declaration_match[:declaration]
-            new_declaration = T.must(declaration).sub(old_req, new_req)
-            content.sub(T.must(declaration), new_declaration)
-          else
-            content
+          regex = /(["']#{escaped_name})([^"']+)(["'])/x
+
+          replaced = T.let(false, T::Boolean)
+
+          updated_content = content.gsub(regex) do
+            captured_requirement = Regexp.last_match(2)
+
+            if requirements_match?(T.must(captured_requirement), old_req)
+              replaced = true
+              "#{Regexp.last_match(1)}#{new_req}#{Regexp.last_match(3)}"
+            else
+              Regexp.last_match(0)
+            end
+          end
+
+          unless replaced
+            updated_content = content.sub(regex) do
+              "#{Regexp.last_match(1)}#{new_req}#{Regexp.last_match(3)}"
+            end
           end
+
+          updated_content
+        end
+
+        sig { params(req1: String, req2: String).returns(T::Boolean) }
+        def requirements_match?(req1, req2)
+          normalize = lambda do |req|
+            req.split(",").map(&:strip).sort.join(",")
+          end
+
+          normalize.call(req1) == normalize.call(req2)
         end
 
         sig { returns(String) }
@@ -262,7 +285,13 @@ module Dependabot
           options_fingerprint = lock_options_fingerprint(options)
 
           # Use pyenv exec to ensure we're using the correct Python environment
-          command = "pyenv exec uv lock --upgrade-package #{T.must(dependency).name} #{options}"
+          # Include the target version to respect ignore conditions and avoid upgrading
+          # to the absolute latest version (which may be blocked by ignore rules)
+          dep_name = T.must(dependency).name
+          dep_version = T.must(dependency).version
+          package_spec = dep_version ? "#{dep_name}==#{dep_version}" : dep_name
+
+          command = "pyenv exec uv lock --upgrade-package #{package_spec} #{options}"
           fingerprint = "pyenv exec uv lock --upgrade-package <dependency_name> #{options_fingerprint}"
 
           run_command(command, fingerprint:)
@@ -313,24 +342,6 @@ module Dependabot
           url.gsub(%r{^https?://}, "").gsub(/[^a-zA-Z0-9]/, "_").upcase
         end
 
-        sig { params(dep: T.untyped, old_req: T.untyped).returns(Regexp) }
-        def declaration_regex(dep, old_req)
-          escaped_name = Regexp.escape(dep.name)
-          # Extract the requirement operator and version
-          operator = old_req.fetch(:requirement).match(/^(.+?)[0-9]/)&.captures&.first
-          # Escape special regex characters in the operator
-          escaped_operator = Regexp.escape(operator) if operator
-
-          # Match various formats of dependency declarations:
-          # 1. "dependency==1.0.0" (with quotes around the entire string)
-          # 2. dependency==1.0.0 (without quotes)
-          # The declaration should only include the package name, operator, and version
-          # without the enclosing quotes
-          /
-            ["']?(?<declaration>#{escaped_name}\s*#{escaped_operator}[\d\.\*]+)["']?
-          /x
-        end
-
         sig { returns(String) }
         def lock_options
           options = lock_index_options

data/lib/dependabot/uv/language.rb

@@ -1,84 +1,14 @@
 # typed: strong
 # frozen_string_literal: true
 
-require "sorbet-runtime"
-require "dependabot/uv/version"
-require "dependabot/ecosystem"
+require "dependabot/python/language"
 
 module Dependabot
   module Uv
-    LANGUAGE = "python"
-
-    class Language < Dependabot::Ecosystem::VersionManager
-      extend T::Sig
-
-      # This list must match the versions specified at the top of `uv/Dockerfile`
-      # ARG PY_3_13=3.13.2
-      # When updating this list, also update python/lib/dependabot/python/language.rb
-      PRE_INSTALLED_PYTHON_VERSIONS_RAW = %w(
-        3.14.0
-        3.13.9
-        3.12.12
-        3.11.14
-        3.10.19
-        3.9.24
-      ).freeze
-
-      PRE_INSTALLED_PYTHON_VERSIONS = T.let(
-        PRE_INSTALLED_PYTHON_VERSIONS_RAW.map do |v|
-          Version.new(v)
-        end.sort,
-        T::Array[Version]
-      )
-
-      PRE_INSTALLED_VERSIONS_MAP = T.let(
-        PRE_INSTALLED_PYTHON_VERSIONS.to_h do |v|
-          [Version.new(T.must(v.segments[0..1]).join(".")), v]
-        end,
-        T::Hash[Version, Version]
-      )
-
-      PRE_INSTALLED_HIGHEST_VERSION = T.let(T.must(PRE_INSTALLED_PYTHON_VERSIONS.max), Version)
-
-      SUPPORTED_VERSIONS = T.let(
-        PRE_INSTALLED_PYTHON_VERSIONS.map do |v|
-          Version.new(T.must(v.segments[0..1]&.join(".")))
-        end,
-        T::Array[Version]
-      )
-
-      NON_SUPPORTED_HIGHEST_VERSION = "3.8"
-
-      DEPRECATED_VERSIONS = T.let([Version.new(NON_SUPPORTED_HIGHEST_VERSION)].freeze, T::Array[Dependabot::Version])
-
-      sig do
-        params(
-          detected_version: T.nilable(String),
-          raw_version: T.nilable(String),
-          requirement: T.nilable(Requirement)
-        ).void
-      end
-      def initialize(detected_version:, raw_version: nil, requirement: nil)
-        super(
-          name: LANGUAGE,
-          detected_version: detected_version ? major_minor_version(detected_version) : nil,
-          version: raw_version ? Version.new(raw_version) : nil,
-          deprecated_versions: DEPRECATED_VERSIONS,
-          supported_versions: SUPPORTED_VERSIONS,
-          requirement: requirement,
-       )
-      end
-
-      private
-
-      sig { params(version: String).returns(T.nilable(Version)) }
-      def major_minor_version(version)
-        return nil if version.empty?
-
-        major_minor = T.let(T.must(Version.new(version).segments[0..1]&.join(".")), String)
-
-        Version.new(major_minor)
-      end
-    end
+    # Both uv and Python ecosystems use the same Python language versions.
+    # The Python version list is maintained in python/lib/dependabot/python/language.rb
+    # and shared via this alias to avoid dual-maintenance.
+    LANGUAGE = Python::LANGUAGE
+    Language = Python::Language
   end
 end

data/lib/dependabot/uv/language_version_manager.rb

@@ -1,138 +1,13 @@
-# typed: strict
+# typed: strong
 # frozen_string_literal: true
 
-require "dependabot/logger"
-require "dependabot/uv/version"
-require "sorbet-runtime"
+require "dependabot/python/language_version_manager"
 
 module Dependabot
   module Uv
-    class LanguageVersionManager
-      extend T::Sig
-
-      sig { params(python_requirement_parser: T.untyped).void }
-      def initialize(python_requirement_parser:)
-        @python_requirement_parser = python_requirement_parser
-      end
-
-      sig { returns(T.nilable(String)) }
-      def install_required_python
-        # The leading space is important in the version check
-        return if SharedHelpers.run_shell_command("pyenv versions").include?(" #{python_major_minor}.")
-
-        SharedHelpers.run_shell_command(
-          "tar -axf /usr/local/.pyenv/versions/#{python_version}.tar.zst -C /usr/local/.pyenv/versions"
-        )
-      end
-
-      sig { returns(String) }
-      def installed_version
-        # Use `pyenv exec` to query the active Python version
-        output, _status = SharedHelpers.run_shell_command("pyenv exec python --version")
-        version = output.strip.split.last # Extract the version number (e.g., "3.13.1")
-
-        T.must(version)
-      end
-
-      sig { returns(T.untyped) }
-      def python_major_minor
-        @python_major_minor ||= T.let(T.must(Version.new(python_version).segments[0..1]).join("."), T.untyped)
-      end
-
-      sig { returns(String) }
-      def python_version
-        @python_version ||= T.let(python_version_from_supported_versions, T.nilable(String))
-      end
-
-      sig { returns(String) }
-      def python_requirement_string
-        if user_specified_python_version
-          if user_specified_python_version.start_with?(/\d/)
-            parts = user_specified_python_version.split(".")
-            parts.fill("*", (parts.length)..2).join(".")
-          else
-            user_specified_python_version
-          end
-        else
-          python_version_matching_imputed_requirements || Language::PRE_INSTALLED_HIGHEST_VERSION.to_s
-        end
-      end
-
-      sig { params(requirement_string: T.nilable(String)).returns(T.nilable(String)) }
-      def normalize_python_exact_version(requirement_string)
-        return requirement_string if requirement_string.nil? || requirement_string.strip.empty?
-
-        requirement_string = requirement_string.strip
-
-        # If the requirement already has a wildcard, return nil
-        return nil if requirement_string == "*"
-
-        # If the requirement is not an exact version such as not X.Y.Z, =X.Y.Z, ==X.Y.Z, ===X.Y.Z
-        # then return the requirement as is
-        return requirement_string unless requirement_string.match?(/^=?={0,2}\s*\d+\.\d+(\.\d+)?(-[a-z0-9.-]+)?$/i)
-
-        parts = requirement_string.gsub(/^=+/, "").split(".")
-
-        case parts.length
-        when 1 # Only major version (X)
-          ">= #{parts[0]}.0.0 < #{parts[0].to_i + 1}.0.0" # Ensure only major version range
-        when 2 # Major.Minor (X.Y)
-          ">= #{parts[0]}.#{parts[1]}.0 < #{parts[0].to_i}.#{parts[1].to_i + 1}.0" # Ensure only minor version range
-        when 3 # Major.Minor.Patch (X.Y.Z)
-          ">= #{parts[0]}.#{parts[1]}.0 < #{parts[0].to_i}.#{parts[1].to_i + 1}.0" # Convert to >= X.Y.0
-        else
-          requirement_string
-        end
-      end
-
-      sig { returns(String) }
-      def python_version_from_supported_versions
-        requirement_string = python_requirement_string
-
-        # If the requirement string isn't already a range (eg ">3.10"), coerce it to "major.minor.*".
-        # The patch version is ignored because a non-matching patch version is unlikely to affect resolution.
-        requirement_string = requirement_string.gsub(/\.\d+$/, ".*") if /^\d/.match?(requirement_string)
-
-        requirement_string = normalize_python_exact_version(requirement_string)
-
-        if requirement_string.nil? || requirement_string.strip.empty?
-          return Language::PRE_INSTALLED_HIGHEST_VERSION.to_s
-        end
-
-        # Try to match one of our pre-installed Python versions
-        requirement = T.must(Requirement.requirements_array(requirement_string).first)
-        version = Language::PRE_INSTALLED_PYTHON_VERSIONS.find { |v| requirement.satisfied_by?(v) }
-        return version.to_s if version
-
-        # Otherwise we have to raise an error
-        supported_versions = Language::SUPPORTED_VERSIONS.map { |v| "#{v}.*" }.join(", ")
-        raise ToolVersionNotSupported.new("Python", python_requirement_string, supported_versions)
-      end
-
-      sig { returns(T.untyped) }
-      def user_specified_python_version
-        @python_requirement_parser.user_specified_requirements.first
-      end
-
-      sig { returns(T.nilable(String)) }
-      def python_version_matching_imputed_requirements
-        compiled_file_python_requirement_markers =
-          @python_requirement_parser.imputed_requirements.map do |r|
-            Requirement.new(r)
-          end
-        python_version_matching(compiled_file_python_requirement_markers)
-      end
-
-      sig { params(requirements: T.untyped).returns(T.nilable(String)) }
-      def python_version_matching(requirements)
-        Language::PRE_INSTALLED_PYTHON_VERSIONS.find do |version|
-          requirements.all? do |req|
-            next req.any? { |r| r.satisfied_by?(version) } if req.is_a?(Array)
-
-            req.satisfied_by?(version)
-          end
-        end.to_s
-      end
-    end
+    # Uv and Python ecosystems share the same Python version management logic.
+    # This alias ensures uv benefits from improvements in Python's implementation,
+    # including bug fixes like the guard clause in python_version_matching_imputed_requirements.
+    LanguageVersionManager = Python::LanguageVersionManager
   end
 end

data/lib/dependabot/uv/metadata_finder.rb

@@ -1,220 +1,16 @@
-# typed: strict
+# typed: strong
 # frozen_string_literal: true
 
-require "excon"
 require "sorbet-runtime"
-require "uri"
-
+require "dependabot/python/metadata_finder"
 require "dependabot/metadata_finders"
-require "dependabot/metadata_finders/base"
-require "dependabot/registry_client"
-require "dependabot/uv/authed_url_builder"
-require "dependabot/uv/name_normaliser"
 
 module Dependabot
   module Uv
-    class MetadataFinder < Dependabot::MetadataFinders::Base
-      extend T::Sig
-
-      MAIN_PYPI_URL = "https://pypi.org/pypi"
-
-      sig do
-        params(
-          dependency: Dependabot::Dependency,
-          credentials: T::Array[Dependabot::Credential]
-        )
-          .void
-      end
-      def initialize(dependency:, credentials:)
-        super
-        @pypi_listing = T.let(nil, T.nilable(T::Hash[String, T.untyped]))
-        @source_from_description = T.let(nil, T.nilable(String))
-        @source_from_homepage = T.let(nil, T.nilable(String))
-        @homepage_response = T.let(nil, T.nilable(Excon::Response))
-      end
-
-      sig { returns(T.nilable(String)) }
-      def homepage_url
-        pypi_listing.dig("info", "home_page") ||
-          pypi_listing.dig("info", "project_urls", "Homepage") ||
-          pypi_listing.dig("info", "project_urls", "homepage") ||
-          super
-      end
-
-      private
-
-      sig { override.returns(T.nilable(Dependabot::Source)) }
-      def look_up_source
-        potential_source_urls = [
-          pypi_listing.dig("info", "project_urls", "Source"),
-          pypi_listing.dig("info", "project_urls", "Repository"),
-          pypi_listing.dig("info", "home_page"),
-          pypi_listing.dig("info", "download_url"),
-          pypi_listing.dig("info", "docs_url")
-        ].compact
-
-        potential_source_urls +=
-          (pypi_listing.dig("info", "project_urls") || {}).values
-
-        source_url = potential_source_urls.find { |url| Source.from_url(url) }
-        source_url ||= source_from_description
-        source_url ||= source_from_homepage
-
-        Source.from_url(source_url)
-      end
-
-      # rubocop:disable Metrics/PerceivedComplexity
-      sig { returns(T.nilable(String)) }
-      def source_from_description
-        potential_source_urls = []
-        desc = pypi_listing.dig("info", "description")
-        return unless desc
-
-        desc.scan(Source::SOURCE_REGEX) do
-          potential_source_urls << Regexp.last_match.to_s
-        end
-
-        # Looking for a source where the repo name exactly matches the
-        # dependency name
-        match_url = potential_source_urls.find do |url|
-          repo = Source.from_url(url)&.repo
-          repo&.downcase&.end_with?(normalised_dependency_name)
-        end
-
-        return match_url if match_url
-
-        # Failing that, look for a source where the full dependency name is
-        # mentioned when the link is followed
-        @source_from_description ||= T.let(
-          potential_source_urls.find do |url|
-            full_url = Source.from_url(url)&.url
-            next unless full_url
-
-            response = Dependabot::RegistryClient.get(url: full_url)
-            next unless response.status == 200
-
-            response.body.include?(normalised_dependency_name)
-          end,
-          T.nilable(String)
-        )
-      end
-      # rubocop:enable Metrics/PerceivedComplexity
-
-      # rubocop:disable Metrics/PerceivedComplexity
-      sig { returns(T.nilable(String)) }
-      def source_from_homepage
-        homepage_body_local = homepage_body
-        return unless homepage_body_local
-
-        potential_source_urls = []
-        homepage_body_local.scan(Source::SOURCE_REGEX) do
-          potential_source_urls << Regexp.last_match.to_s
-        end
-
-        match_url = potential_source_urls.find do |url|
-          repo = Source.from_url(url)&.repo
-          repo&.downcase&.end_with?(normalised_dependency_name)
-        end
-
-        return match_url if match_url
-
-        @source_from_homepage ||= T.let(
-          potential_source_urls.find do |url|
-            full_url = Source.from_url(url)&.url
-            next unless full_url
-
-            response = Dependabot::RegistryClient.get(url: full_url)
-            next unless response.status == 200
-
-            response.body.include?(normalised_dependency_name)
-          end,
-          T.nilable(String)
-        )
-      end
-      # rubocop:enable Metrics/PerceivedComplexity
-
-      sig { returns(T.nilable(String)) }
-      def homepage_body
-        homepage_url = pypi_listing.dig("info", "home_page")
-
-        return unless homepage_url
-        return if [
-          "pypi.org",
-          "pypi.python.org"
-        ].include?(URI(homepage_url).host)
-
-        @homepage_response ||= T.let(
-          begin
-            Dependabot::RegistryClient.get(url: homepage_url)
-          rescue Excon::Error::Timeout, Excon::Error::Socket,
-                 Excon::Error::TooManyRedirects, ArgumentError
-            nil
-          end,
-          T.nilable(Excon::Response)
-        )
-
-        return unless @homepage_response&.status == 200
-
-        @homepage_response&.body
-      end
-
-      sig { returns(T::Hash[String, T.untyped]) }
-      def pypi_listing
-        return @pypi_listing unless @pypi_listing.nil?
-        return @pypi_listing = {} if dependency.version&.include?("+")
-
-        possible_listing_urls.each do |url|
-          response = fetch_authed_url(url)
-          next unless response.status == 200
-
-          @pypi_listing = JSON.parse(response.body)
-          return @pypi_listing
-        rescue JSON::ParserError
-          next
-        rescue Excon::Error::Timeout
-          next
-        end
-
-        @pypi_listing = {} # No listing found
-      end
-
-      sig { params(url: String).returns(Excon::Response) }
-      def fetch_authed_url(url)
-        if url.match(%r{(.*)://(.*?):(.*)@([^@]+)$}) &&
-           Regexp.last_match&.captures&.[](1)&.include?("@")
-          protocol, user, pass, url = T.must(Regexp.last_match).captures
-
-          Dependabot::RegistryClient.get(
-            url: "#{protocol}://#{url}",
-            options: {
-              user: user,
-              password: pass
-            }
-          )
-        else
-          Dependabot::RegistryClient.get(url: url)
-        end
-      end
-
-      sig { returns(T::Array[String]) }
-      def possible_listing_urls
-        credential_urls =
-          credentials
-          .select { |cred| cred["type"] == "python_index" }
-          .map { |c| AuthedUrlBuilder.authed_url(credential: c) }
-
-        (credential_urls + [MAIN_PYPI_URL]).map do |base_url|
-          base_url.gsub(%r{/$}, "") + "/#{normalised_dependency_name}/json"
-        end
-      end
-
-      # Strip [extras] from name (dependency_name[extra_dep,other_extra])
-      sig { returns(String) }
-      def normalised_dependency_name
-        NameNormaliser.normalise(dependency.name)
-      end
-    end
+    # UV uses Python's PyPI metadata lookup, so we delegate to Python::MetadataFinder
+    MetadataFinder = Dependabot::Python::MetadataFinder
   end
 end
 
-Dependabot::MetadataFinders.register("uv", Dependabot::Uv::MetadataFinder)
+Dependabot::MetadataFinders
+  .register("uv", Dependabot::Uv::MetadataFinder)

data/lib/dependabot/uv/name_normaliser.rb

@@ -2,25 +2,11 @@
 # frozen_string_literal: true
 
 require "sorbet-runtime"
+require "dependabot/python/name_normaliser"
 
 module Dependabot
   module Uv
-    module NameNormaliser
-      extend T::Sig
-
-      sig { params(name: String).returns(String) }
-      def self.normalise(name)
-        extras_regex = /\[.+\]/
-        name.downcase.gsub(/[-_.]+/, "-").gsub(extras_regex, "")
-      end
-
-      sig { params(name: String, extras: T::Array[String]).returns(String) }
-      def self.normalise_including_extras(name, extras)
-        normalised_name = normalise(name)
-        return normalised_name if extras.empty?
-
-        normalised_name + "[" + extras.join(",") + "]"
-      end
-    end
+    # UV uses the same Python package name normalization (PEP 503)
+    NameNormaliser = Dependabot::Python::NameNormaliser
   end
 end

data/lib/dependabot/uv/native_helpers.rb

@@ -1,38 +1,12 @@
 # typed: strong
 # frozen_string_literal: true
 
-require "sorbet-runtime"
+require "dependabot/python/native_helpers"
 
 module Dependabot
   module Uv
-    module NativeHelpers
-      extend T::Sig
-
-      sig { returns(String) }
-      def self.python_helper_path
-        clean_path(File.join(python_helpers_dir, "run.py"))
-      end
-
-      sig { returns(String) }
-      def self.python_requirements_path
-        clean_path(File.join(python_helpers_dir, "requirements.txt"))
-      end
-
-      sig { returns(String) }
-      def self.python_helpers_dir
-        File.join(native_helpers_root, "python")
-      end
-
-      sig { returns(String) }
-      def self.native_helpers_root
-        default_path = File.join(__dir__, "../../../..")
-        ENV.fetch("DEPENDABOT_NATIVE_HELPERS_PATH", default_path)
-      end
-
-      sig { params(path: T.nilable(String)).returns(String) }
-      def self.clean_path(path)
-        Pathname.new(path).cleanpath.to_path
-      end
-    end
+    # Uv and Python ecosystems share the same native Python helpers.
+    # Both point to the same helpers/python directory.
+    NativeHelpers = Python::NativeHelpers
   end
 end