dependabot-uv 0.355.0 → 0.356.0

data/lib/dependabot/uv/file_updater/requirement_file_updater.rb

@@ -1,96 +1,16 @@
-# typed: strict
+# typed: strong
 # frozen_string_literal: true
 
-require "dependabot/uv/requirement_parser"
+require "dependabot/python/file_updater/requirement_file_updater"
 require "dependabot/uv/file_updater"
-require "dependabot/shared_helpers"
-require "dependabot/uv/native_helpers"
-require "sorbet-runtime"
 
 module Dependabot
   module Uv
     class FileUpdater
-      class RequirementFileUpdater
-        extend T::Sig
-
-        require_relative "requirement_replacer"
-
-        sig { returns(T::Array[Dependency]) }
-        attr_reader :dependencies
-
-        sig { returns(T::Array[DependencyFile]) }
-        attr_reader :dependency_files
-
-        sig { returns(T::Array[Dependabot::Credential]) }
-        attr_reader :credentials
-
-        sig do
-          params(
-            dependencies: T::Array[Dependency],
-            dependency_files: T::Array[DependencyFile],
-            credentials: T::Array[Dependabot::Credential],
-            index_urls: T.nilable(T::Array[T.nilable(String)])
-          ).void
-        end
-        def initialize(dependencies:, dependency_files:, credentials:, index_urls: nil)
-          @dependencies = dependencies
-          @dependency_files = dependency_files
-          @credentials = credentials
-          @index_urls = index_urls
-          @updated_dependency_files = T.let(nil, T.nilable(T::Array[DependencyFile]))
-        end
-
-        sig { returns(T::Array[Dependabot::DependencyFile]) }
-        def updated_dependency_files
-          @updated_dependency_files ||= fetch_updated_dependency_files
-        end
-
-        private
-
-        sig { returns(Dependency) }
-        def dependency
-          # For now, we'll only ever be updating a single dependency
-          T.must(dependencies.first)
-        end
-
-        sig { returns(T::Array[DependencyFile]) }
-        def fetch_updated_dependency_files
-          previous_requirements = dependency.previous_requirements || []
-          reqs = dependency.requirements.zip(previous_requirements)
-
-          reqs.filter_map do |(new_req, old_req)|
-            next if new_req == old_req
-
-            file = get_original_file(new_req.fetch(:file)).dup
-            updated_content =
-              updated_requirement_or_setup_file_content(new_req, T.must(old_req))
-            next if updated_content == file&.content
-
-            file&.content = updated_content
-            file
-          end
-        end
-
-        sig { params(new_req: T::Hash[Symbol, T.untyped], old_req: T::Hash[Symbol, T.untyped]).returns(String) }
-        def updated_requirement_or_setup_file_content(new_req, old_req)
-          original_file = get_original_file(new_req.fetch(:file))
-          raise "Could not find a dependency file for #{new_req}" unless original_file
-
-          RequirementReplacer.new(
-            content: T.must(original_file.content),
-            dependency_name: dependency.name,
-            old_requirement: old_req.fetch(:requirement),
-            new_requirement: new_req.fetch(:requirement),
-            new_hash_version: dependency.version,
-            index_urls: @index_urls
-          ).updated_content
-        end
-
-        sig { params(filename: String).returns(T.nilable(DependencyFile)) }
-        def get_original_file(filename)
-          dependency_files.find { |f| f.name == filename }
-        end
-      end
+      # UV uses the same requirement file update logic as Python.
+      # Both ecosystems share RequirementReplacer and NativeHelpers
+      # via aliases, so we reuse Python's implementation.
+      RequirementFileUpdater = Dependabot::Python::FileUpdater::RequirementFileUpdater
     end
   end
 end

data/lib/dependabot/uv/file_updater/requirement_replacer.rb

@@ -1,257 +1,16 @@
-# typed: strict
+# typed: strong
 # frozen_string_literal: true
 
-require "sorbet-runtime"
-
-require "dependabot/dependency"
-require "dependabot/uv/requirement_parser"
+require "dependabot/python/file_updater/requirement_replacer"
 require "dependabot/uv/file_updater"
-require "dependabot/shared_helpers"
-require "dependabot/uv/native_helpers"
-require "dependabot/uv/name_normaliser"
 
 module Dependabot
   module Uv
     class FileUpdater
-      class RequirementReplacer
-        extend T::Sig
-
-        PACKAGE_NOT_FOUND_ERROR = "PackageNotFoundError"
-
-        CERTIFICATE_VERIFY_FAILED = /CERTIFICATE_VERIFY_FAILED/
-
-        sig do
-          params(
-            content: String,
-            dependency_name: String,
-            old_requirement: T.nilable(String),
-            new_requirement: T.nilable(String),
-            new_hash_version: T.nilable(String),
-            index_urls: T.nilable(T::Array[T.nilable(String)])
-          ).void
-        end
-        def initialize(
-          content:,
-          dependency_name:,
-          old_requirement:,
-          new_requirement:,
-          new_hash_version: nil,
-          index_urls: nil
-        )
-          @content = T.let(content, String)
-          @dependency_name = T.let(normalise(dependency_name), String)
-          @old_requirement = T.let(old_requirement, T.nilable(String))
-          @new_requirement = T.let(new_requirement, T.nilable(String))
-          @new_hash_version = T.let(new_hash_version, T.nilable(String))
-          @index_urls = T.let(index_urls, T.nilable(T::Array[T.nilable(String)]))
-        end
-
-        sig { returns(String) }
-        def updated_content
-          updated_content =
-            content.gsub(original_declaration_replacement_regex) do |mtch|
-              # If the "declaration" is setting an option (e.g., no-binary)
-              # ignore it, since it isn't actually a declaration
-              next mtch if Regexp.last_match&.pre_match&.match?(/--.*\z/)
-
-              updated_dependency_declaration_string
-            end
-
-          raise "Expected content to change!" if old_requirement != new_requirement && content == updated_content
-
-          updated_content
-        end
-
-        private
-
-        sig { returns(String) }
-        attr_reader :content
-
-        sig { returns(String) }
-        attr_reader :dependency_name
-
-        sig { returns(T.nilable(String)) }
-        attr_reader :old_requirement
-
-        sig { returns(T.nilable(String)) }
-        attr_reader :new_requirement
-
-        sig { returns(T.nilable(String)) }
-        attr_reader :new_hash_version
-
-        sig { returns(T::Boolean) }
-        def update_hashes?
-          !new_hash_version.nil?
-        end
-
-        sig { returns(T.nilable(String)) }
-        def updated_requirement_string
-          new_req_string = new_requirement
-
-          new_req_string = new_req_string&.gsub(/,\s*/, ", ") if add_space_after_commas?
-
-          if add_space_after_operators?
-            new_req_string =
-              new_req_string
-              &.gsub(/(#{RequirementParser::COMPARISON})\s*(?=\d)/o, '\1 ')
-          end
-
-          new_req_string
-        end
-
-        sig { returns(String) }
-        def updated_dependency_declaration_string
-          old_req = old_requirement
-          updated_string =
-            if old_req
-              original_dependency_declaration_string(old_req)
-                .sub(RequirementParser::REQUIREMENTS, updated_requirement_string || "")
-            else
-              original_dependency_declaration_string(old_req)
-                .sub(RequirementParser::NAME_WITH_EXTRAS) do |nm|
-                  nm + (updated_requirement_string || "")
-                end
-            end
-
-          return updated_string unless update_hashes? && requirement_includes_hashes?(old_req)
-
-          updated_string.sub(
-            RequirementParser::HASHES,
-            package_hashes_for(
-              name: dependency_name,
-              version: new_hash_version,
-              algorithm: hash_algorithm(old_req)
-            ).join(hash_separator(old_req) || "")
-          )
-        end
-
-        sig { returns(T::Boolean) }
-        def add_space_after_commas?
-          original_dependency_declaration_string(old_requirement)
-            .match(RequirementParser::REQUIREMENTS)
-            .to_s.include?(", ")
-        end
-
-        sig { returns(T::Boolean) }
-        def add_space_after_operators?
-          original_dependency_declaration_string(old_requirement)
-            .match(RequirementParser::REQUIREMENTS)
-            .to_s.match?(/#{RequirementParser::COMPARISON}\s+\d/o)
-        end
-
-        sig { returns(Regexp) }
-        def original_declaration_replacement_regex
-          original_string =
-            original_dependency_declaration_string(old_requirement)
-          /(?<![\-\w\.\[])#{Regexp.escape(original_string)}(?![\-\w\.])/
-        end
-
-        sig { params(requirement: T.nilable(String)).returns(T::Boolean) }
-        def requirement_includes_hashes?(requirement)
-          original_dependency_declaration_string(requirement)
-            .match?(RequirementParser::HASHES)
-        end
-
-        sig { params(requirement: T.nilable(String)).returns(T.nilable(String)) }
-        def hash_algorithm(requirement)
-          return unless requirement_includes_hashes?(requirement)
-
-          matches = original_dependency_declaration_string(requirement).match(RequirementParser::HASHES)
-          return unless matches
-
-          matches.named_captures.fetch("algorithm")
-        end
-
-        sig { params(requirement: T.nilable(String)).returns(T.nilable(String)) }
-        def hash_separator(requirement)
-          return unless requirement_includes_hashes?(requirement)
-
-          hash_regex = RequirementParser::HASH
-          match_result = original_dependency_declaration_string(requirement)
-                         .match(/#{hash_regex}((?<separator>\s*\\?\s*?)#{hash_regex})*/)
-          current_separator = match_result&.named_captures&.fetch("separator", nil)
-
-          default_match = original_dependency_declaration_string(requirement)
-                          .match(RequirementParser::HASH)
-          default_separator = default_match&.pre_match&.match(/(?<separator>\s*\\?\s*?)\z/)
-                                           &.named_captures&.fetch("separator", nil)
-
-          current_separator || default_separator
-        end
-
-        sig { params(name: String, version: T.nilable(String), algorithm: T.nilable(String)).returns(T::Array[String]) }
-        def package_hashes_for(name:, version:, algorithm:)
-          index_urls = @index_urls || [nil]
-
-          index_urls.map do |index_url|
-            args = [name, version, algorithm]
-            args << index_url unless index_url.nil?
-
-            begin
-              result = SharedHelpers.run_helper_subprocess(
-                command: "pyenv exec python3 #{NativeHelpers.python_helper_path}",
-                function: "get_dependency_hash",
-                args: args
-              )
-            rescue SharedHelpers::HelperSubprocessFailed => e
-              requirement_error_handler(e)
-
-              raise unless e.message.include?("PackageNotFoundError")
-
-              next
-            end
-
-            return result.map { |h| "--hash=#{algorithm}:#{h['hash']}" } if result.is_a?(Array)
-          end
-
-          raise Dependabot::DependencyFileNotResolvable, "Unable to find hashes for package #{name}"
-        end
-
-        sig { params(old_req: T.nilable(String)).returns(String) }
-        def original_dependency_declaration_string(old_req)
-          matches = []
-
-          dec =
-            if old_req.nil?
-              regex = RequirementParser::INSTALL_REQ_WITHOUT_REQUIREMENT
-              content.scan(regex) { matches << Regexp.last_match }
-              matches.find { |m| normalise(m[:name]) == dependency_name }
-            else
-              regex = RequirementParser::INSTALL_REQ_WITH_REQUIREMENT
-              content.scan(regex) { matches << Regexp.last_match }
-              matches
-                .select { |m| normalise(m[:name]) == dependency_name }
-                .find { |m| requirements_match(m[:requirements], old_req) }
-            end
-
-          raise "Declaration not found for #{dependency_name}!" unless dec
-
-          dec.to_s.strip
-        end
-
-        sig { params(name: String).returns(String) }
-        def normalise(name)
-          NameNormaliser.normalise(name)
-        end
-
-        sig { params(req1: T.nilable(String), req2: T.nilable(String)).returns(T::Boolean) }
-        def requirements_match(req1, req2)
-          req1&.split(",")&.map { |r| r.gsub(/\s/, "") }&.sort ==
-            req2&.split(",")&.map { |r| r.gsub(/\s/, "") }&.sort
-        end
-
-        public
-
-        sig { params(error: Exception).void }
-        def requirement_error_handler(error)
-          Dependabot.logger.warn(error.message)
-
-          return unless error.message.match?(CERTIFICATE_VERIFY_FAILED)
-
-          msg = "Error resolving dependency."
-          raise DependencyFileNotResolvable, msg
-        end
-      end
+      # UV uses the same requirement replacement logic as Python.
+      # Both ecosystems share RequirementParser, NativeHelpers, and NameNormaliser
+      # via aliases, so we reuse Python's implementation.
+      RequirementReplacer = Dependabot::Python::FileUpdater::RequirementReplacer
     end
   end
 end

data/lib/dependabot/uv/update_checker/latest_version_finder.rb

@@ -1,37 +1,16 @@
 # typed: strong
 # frozen_string_literal: true
 
-require "sorbet-runtime"
+require "dependabot/python/update_checker/latest_version_finder"
 require "dependabot/uv/update_checker"
-require "dependabot/uv/package"
-require "dependabot/package/package_latest_version_finder"
 
 module Dependabot
   module Uv
     class UpdateChecker
-      # UV uses the same PyPI registry for package lookups as Python
-      class LatestVersionFinder < Dependabot::Package::PackageLatestVersionFinder
-        extend T::Sig
-
-        sig do
-          override.returns(T.nilable(Dependabot::Package::PackageDetails))
-        end
-        def package_details
-          @package_details ||= T.let(
-            Package::PackageDetailsFetcher.new(
-              dependency: dependency,
-              dependency_files: dependency_files,
-              credentials: credentials
-            ).fetch,
-            T.nilable(Dependabot::Package::PackageDetails)
-          )
-        end
-
-        sig { override.returns(T::Boolean) }
-        def cooldown_enabled?
-          true
-        end
-      end
+      # UV uses the same PyPI registry for package lookups as Python.
+      # Both ecosystems use the same PackageDetailsFetcher (via Uv::Package alias)
+      # and identical LatestVersionFinder logic, so we reuse Python's implementation.
+      LatestVersionFinder = Dependabot::Python::UpdateChecker::LatestVersionFinder
     end
   end
 end

data/lib/dependabot/uv/update_checker/pip_compile_version_resolver.rb

@@ -497,7 +497,7 @@ module Dependabot
 
         sig { returns(T::Hash[String, T::Array[String]]) }
         def requirement_map
-          child_req_regex = Uv::FileFetcher::CHILD_REQUIREMENT_REGEX
+          child_req_regex = Python::SharedFileFetcher::CHILD_REQUIREMENT_REGEX
           @requirement_map ||= T.let(
             pip_compile_files.each_with_object({}) do |file, req_map|
               paths = T.must(file.content).scan(child_req_regex).flatten

data/lib/dependabot/uv/update_checker/pip_version_resolver.rb

@@ -1,118 +1,16 @@
 # typed: strong
 # frozen_string_literal: true
 
-require "sorbet-runtime"
-
-require "dependabot/uv/language_version_manager"
+require "dependabot/python/update_checker/pip_version_resolver"
 require "dependabot/uv/update_checker"
-require "dependabot/uv/update_checker/latest_version_finder"
-require "dependabot/uv/file_parser/python_requirement_parser"
 
 module Dependabot
   module Uv
     class UpdateChecker
-      class PipVersionResolver
-        extend T::Sig
-
-        sig do
-          params(
-            dependency: Dependabot::Dependency,
-            dependency_files: T::Array[Dependabot::DependencyFile],
-            credentials: T::Array[Dependabot::Credential],
-            ignored_versions: T::Array[String],
-            security_advisories: T::Array[Dependabot::SecurityAdvisory],
-            update_cooldown: T.nilable(Dependabot::Package::ReleaseCooldownOptions),
-            raise_on_ignored: T::Boolean
-          ).void
-        end
-        def initialize(
-          dependency:,
-          dependency_files:,
-          credentials:,
-          ignored_versions:,
-          security_advisories:,
-          update_cooldown: nil,
-          raise_on_ignored: false
-        )
-          @dependency = T.let(dependency, Dependabot::Dependency)
-          @dependency_files    = T.let(dependency_files, T::Array[Dependabot::DependencyFile])
-          @credentials         = T.let(credentials, T::Array[Dependabot::Credential])
-          @ignored_versions    = T.let(ignored_versions, T::Array[String])
-          @update_cooldown = T.let(update_cooldown, T.nilable(Dependabot::Package::ReleaseCooldownOptions))
-          @raise_on_ignored    = T.let(raise_on_ignored, T::Boolean)
-          @security_advisories = T.let(security_advisories, T::Array[Dependabot::SecurityAdvisory])
-        end
-
-        sig { returns(T.nilable(Dependabot::Version)) }
-        def latest_resolvable_version
-          latest_version_finder.latest_version(language_version: language_version_manager.python_version)
-        end
-
-        sig { returns(T.nilable(Dependabot::Version)) }
-        def latest_resolvable_version_with_no_unlock
-          latest_version_finder
-            .latest_version_with_no_unlock(language_version: language_version_manager.python_version)
-        end
-
-        sig { returns(T.nilable(Dependabot::Version)) }
-        def lowest_resolvable_security_fix_version
-          latest_version_finder
-            .lowest_security_fix_version(language_version: language_version_manager.python_version)
-        end
-
-        private
-
-        sig { returns(Dependabot::Dependency) }
-        attr_reader :dependency
-
-        sig { returns(T::Array[Dependabot::DependencyFile]) }
-        attr_reader :dependency_files
-
-        sig { returns(T::Array[Dependabot::Credential]) }
-        attr_reader :credentials
-
-        sig { returns(T::Array[String]) }
-        attr_reader :ignored_versions
-
-        sig { returns(T::Array[Dependabot::SecurityAdvisory]) }
-        attr_reader :security_advisories
-
-        sig { returns(LatestVersionFinder) }
-        def latest_version_finder
-          @latest_version_finder ||= T.let(
-            LatestVersionFinder.new(
-              dependency: dependency,
-              dependency_files: dependency_files,
-              credentials: credentials,
-              ignored_versions: ignored_versions,
-              raise_on_ignored: @raise_on_ignored,
-              cooldown_options: @update_cooldown,
-              security_advisories: security_advisories
-            ),
-            T.nilable(LatestVersionFinder)
-          )
-        end
-
-        sig { returns(FileParser::PythonRequirementParser) }
-        def python_requirement_parser
-          @python_requirement_parser ||= T.let(
-            FileParser::PythonRequirementParser.new(
-              dependency_files: dependency_files
-            ),
-            T.nilable(FileParser::PythonRequirementParser)
-          )
-        end
-
-        sig { returns(LanguageVersionManager) }
-        def language_version_manager
-          @language_version_manager ||= T.let(
-            LanguageVersionManager.new(
-              python_requirement_parser: python_requirement_parser
-            ),
-            T.nilable(LanguageVersionManager)
-          )
-        end
-      end
+      # UV uses the same pip version resolution logic as Python.
+      # Both ecosystems share LanguageVersionManager, LatestVersionFinder,
+      # and PythonRequirementParser via aliases, so we reuse Python's implementation.
+      PipVersionResolver = Dependabot::Python::UpdateChecker::PipVersionResolver
     end
   end
 end