dependabot-uv 0.349.0 → 0.351.0

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-uv
 version: !ruby/object:Gem::Version
-  version: 0.349.0
+  version: 0.351.0
 platform: ruby
 authors:
 - Dependabot
@@ -15,14 +15,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.349.0
+        version: 0.351.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.349.0
+        version: 0.351.0
+- !ruby/object:Gem::Dependency
+  name: dependabot-python
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.351.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.351.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -253,7 +267,6 @@ files:
 - lib/dependabot/uv/file_parser.rb
 - lib/dependabot/uv/file_parser/pyproject_files_parser.rb
 - lib/dependabot/uv/file_parser/python_requirement_parser.rb
-- lib/dependabot/uv/file_parser/setup_file_parser.rb
 - lib/dependabot/uv/file_updater.rb
 - lib/dependabot/uv/file_updater/compile_file_updater.rb
 - lib/dependabot/uv/file_updater/lock_file_updater.rb
@@ -265,10 +278,8 @@ files:
 - lib/dependabot/uv/metadata_finder.rb
 - lib/dependabot/uv/name_normaliser.rb
 - lib/dependabot/uv/native_helpers.rb
-- lib/dependabot/uv/package/package_details_fetcher.rb
-- lib/dependabot/uv/package/package_registry_finder.rb
+- lib/dependabot/uv/package.rb
 - lib/dependabot/uv/package_manager.rb
-- lib/dependabot/uv/pipenv_runner.rb
 - lib/dependabot/uv/requirement.rb
 - lib/dependabot/uv/requirement_parser.rb
 - lib/dependabot/uv/requirements_file_matcher.rb
@@ -284,7 +295,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.349.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.351.0
 rdoc_options: []
 require_paths:
 - lib

data/lib/dependabot/uv/file_parser/setup_file_parser.rb

@@ -1,194 +0,0 @@
-# typed: strict
-# frozen_string_literal: true
-
-require "dependabot/dependency"
-require "dependabot/errors"
-require "dependabot/file_parsers/base/dependency_set"
-require "dependabot/shared_helpers"
-require "dependabot/uv/file_parser"
-require "dependabot/uv/native_helpers"
-require "dependabot/uv/name_normaliser"
-require "sorbet-runtime"
-
-module Dependabot
-  module Uv
-    class FileParser
-      class SetupFileParser
-        extend T::Sig
-
-        INSTALL_REQUIRES_REGEX = /install_requires\s*=\s*\[/m
-        SETUP_REQUIRES_REGEX = /setup_requires\s*=\s*\[/m
-        TESTS_REQUIRE_REGEX = /tests_require\s*=\s*\[/m
-        EXTRAS_REQUIRE_REGEX = /extras_require\s*=\s*\{/m
-
-        CLOSING_BRACKET = T.let({ "[" => "]", "{" => "}" }.freeze, T.any(T.untyped, T.untyped))
-
-        sig { params(dependency_files: T::Array[Dependabot::DependencyFile]).void }
-        def initialize(dependency_files:)
-          @dependency_files = dependency_files
-        end
-
-        sig { returns(Dependabot::FileParsers::Base::DependencySet) }
-        def dependency_set
-          dependencies = Dependabot::FileParsers::Base::DependencySet.new
-
-          parsed_setup_file.each do |dep|
-            # If a requirement has a `<` or `<=` marker then updating it is
-            # probably blocked. Ignore it.
-            next if dep["markers"].include?("<")
-
-            # If the requirement is our inserted version, ignore it
-            # (we wouldn't be able to update it)
-            next if dep["version"] == "0.0.1+dependabot"
-
-            dependencies <<
-              Dependency.new(
-                name: normalised_name(dep["name"], dep["extras"]),
-                version: dep["version"]&.include?("*") ? nil : dep["version"],
-                requirements: [{
-                  requirement: dep["requirement"],
-                  file: Pathname.new(dep["file"]).cleanpath.to_path,
-                  source: nil,
-                  groups: [dep["requirement_type"]]
-                }],
-                package_manager: "uv"
-              )
-          end
-          dependencies
-        end
-
-        private
-
-        sig { returns(T::Array[Dependabot::DependencyFile]) }
-        attr_reader :dependency_files
-
-        sig { returns(T.untyped) }
-        def parsed_setup_file
-          SharedHelpers.in_a_temporary_directory do
-            write_temporary_dependency_files
-
-            requirements = SharedHelpers.run_helper_subprocess(
-              command: "pyenv exec python3 #{NativeHelpers.python_helper_path}",
-              function: "parse_setup",
-              args: [Dir.pwd]
-            )
-
-            check_requirements(requirements)
-            requirements
-          end
-        rescue SharedHelpers::HelperSubprocessFailed => e
-          raise Dependabot::DependencyFileNotEvaluatable, e.message if e.message.start_with?("InstallationError")
-
-          return [] unless setup_file
-
-          parsed_sanitized_setup_file
-        end
-
-        sig { returns(T.nilable(T.any(T::Hash[String, T.untyped], String, T::Array[T::Hash[String, T.untyped]]))) }
-        def parsed_sanitized_setup_file
-          SharedHelpers.in_a_temporary_directory do
-            write_sanitized_setup_file
-
-            requirements = SharedHelpers.run_helper_subprocess(
-              command: "pyenv exec python3 #{NativeHelpers.python_helper_path}",
-              function: "parse_setup",
-              args: [Dir.pwd]
-            )
-
-            check_requirements(requirements)
-            requirements
-          end
-        rescue SharedHelpers::HelperSubprocessFailed
-          # Assume there are no dependencies in setup.py files that fail to
-          # parse. This isn't ideal, and we should continue to improve
-          # parsing, but there are a *lot* of things that can go wrong at
-          # the moment!
-          []
-        end
-
-        sig { params(requirements: T.untyped).returns(T.untyped) }
-        def check_requirements(requirements)
-          requirements&.each do |dep|
-            next unless dep["requirement"]
-
-            Uv::Requirement.new(dep["requirement"].split(","))
-          rescue Gem::Requirement::BadRequirementError => e
-            raise Dependabot::DependencyFileNotEvaluatable, e.message
-          end
-        end
-
-        sig { void }
-        def write_temporary_dependency_files
-          dependency_files
-            .reject { |f| f.name == ".python-version" }
-            .each do |file|
-              path = file.name
-              FileUtils.mkdir_p(Pathname.new(path).dirname)
-              File.write(path, file.content)
-            end
-        end
-
-        # Write a setup.py with only entries for the requires fields.
-        #
-        # This sanitization is far from perfect (it will fail if any of the
-        # entries are dynamic), but it is an alternative approach to the one
-        # used in parser.py which sometimes succeeds when that has failed.
-        sig { void }
-        def write_sanitized_setup_file
-          install_requires = get_regexed_req_array(INSTALL_REQUIRES_REGEX)
-          setup_requires = get_regexed_req_array(SETUP_REQUIRES_REGEX)
-          tests_require = get_regexed_req_array(TESTS_REQUIRE_REGEX)
-          extras_require = get_regexed_req_dict(EXTRAS_REQUIRE_REGEX)
-
-          tmp = "from setuptools import setup\n\n" \
-                "setup(name=\"sanitized-package\",version=\"0.0.1\","
-
-          tmp += "install_requires=#{install_requires}," if install_requires
-          tmp += "setup_requires=#{setup_requires}," if setup_requires
-          tmp += "tests_require=#{tests_require}," if tests_require
-          tmp += "extras_require=#{extras_require}," if extras_require
-          tmp += ")"
-
-          File.write("setup.py", tmp)
-        end
-
-        sig { params(regex: Regexp).returns(T.nilable(String)) }
-        def get_regexed_req_array(regex)
-          return unless (mch = setup_file.content.match(regex))
-
-          "[#{mch.post_match[0..closing_bracket_index(mch.post_match, '[')]}"
-        end
-
-        sig { params(regex: Regexp).returns(T.nilable(String)) }
-        def get_regexed_req_dict(regex)
-          return unless (mch = setup_file.content.match(regex))
-
-          "{#{mch.post_match[0..closing_bracket_index(mch.post_match, '{')]}"
-        end
-
-        sig { params(string: String, bracket: String).returns(Integer) }
-        def closing_bracket_index(string, bracket)
-          closes_required = 1
-
-          string.chars.each_with_index do |char, index|
-            closes_required += 1 if char == bracket
-            closes_required -= 1 if char == CLOSING_BRACKET.fetch(bracket)
-            return index if closes_required.zero?
-          end
-
-          0
-        end
-
-        sig { params(name: String, extras: T::Array[String]).returns(String) }
-        def normalised_name(name, extras)
-          NameNormaliser.normalise_including_extras(name, extras)
-        end
-
-        sig { returns(T.untyped) }
-        def setup_file
-          dependency_files.find { |f| f.name == "setup.py" }
-        end
-      end
-    end
-  end
-end