dependabot-uv 0.365.0 → 0.367.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/uv/dependency_grapher.rb +11 -5
  3. data/lib/dependabot/uv/file_updater/lock_file_error_handler.rb +14 -0
  4. data/lib/dependabot/uv/file_updater/lock_file_updater.rb +16 -2
  5. metadata +6 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6240bab6f9752f6e33cac15a9334ee0af6e9dc6b0ab055970dd45dec7ecec3ce
4
- data.tar.gz: dbb9a819d19fc1aae22864f589b90384bf76e2401ec7c07bc1961cb2094c6c62
3
+ metadata.gz: 00d7a1251bbd40a2dd5f3d8722884151356bb7410e2171cacc8c962798241b2c
4
+ data.tar.gz: 413a45f364671f58c8988af786dafcf8e8e635eb8e61d510547fe6f0652e500d
5
5
  SHA512:
6
- metadata.gz: 33e3cb465420e534eb6137515ef2fa43a5fe2bbd370a99e39f24efe39bfdb81b0fc092ff8e26e2a94b6618fb5c0be99015d5a93f0c7225fc8db74885c0abfdbb
7
- data.tar.gz: 1bc5d384e74eb79a58dc5a302ed8f004b36ffbb16adf2330aa50eacd7802cdbeebeeb5c2b0c00f2b9fe95ef262d4d39c3b82a4c57d214d4f8121e94ea9f5fda0
6
+ metadata.gz: 33c2808a0d88713ffb0b5cc5c9e49c18fbef881d7a4876e5cb01be62bf39d24957f1fc91029502428029725d811a37a180e0e700cabc6d48047f527c1e030d0d
7
+ data.tar.gz: 0bd0aaff8e4528123d63b50fc65e7a32e0adf2a4f62cd6478953a0bcceec6f033b40d1935ff703c48a753fedd533261604de50ee3cfcf29035c443e05769fc0f
data/lib/dependabot/uv/dependency_grapher.rb CHANGED
@@ -6,6 +6,7 @@ require "sorbet-runtime"
6
6
  require "dependabot/dependency_graphers"
7
7
  require "dependabot/dependency_graphers/base"
8
8
  require "dependabot/uv/file_parser"
9
+ require "dependabot/uv/name_normaliser"
9
10
  require "toml-rb"
10
11
 
11
12
  module Dependabot
@@ -31,12 +32,10 @@ module Dependabot
31
32
 
32
33
  sig { override.returns(Dependabot::DependencyFile) }
33
34
  def relevant_dependency_file
34
- # This cannot realistically happen as the parser will throw a runtime error
35
- # on init without a pyproject.toml file,
36
- # but this will avoid surprises if anything changes.
37
- raise DependabotError, "No pyproject.toml present in dependency files." unless pyproject_toml
35
+ return T.must(uv_lock) if uv_lock
36
+ return T.must(pyproject_toml) if pyproject_toml
38
37
 
39
- T.must(pyproject_toml)
38
+ raise DependabotError, "No uv.lock or pyproject.toml present."
40
39
  end
41
40
 
42
41
  private
@@ -170,6 +169,13 @@ module Dependabot
170
169
  "pypi"
171
170
  end
172
171
 
172
+ # Strip extras (e.g. "[filecache]") from the dependency name for PURLs,
173
+ # since the PURL should reference the base package only.
174
+ sig { override.params(dependency: Dependabot::Dependency).returns(String) }
175
+ def purl_name_for(dependency)
176
+ NameNormaliser.normalise(dependency.name)
177
+ end
178
+
173
179
  sig { returns(T.nilable(Dependabot::DependencyFile)) }
174
180
  def pyproject_toml
175
181
  return @pyproject_toml if defined?(@pyproject_toml)
data/lib/dependabot/uv/file_updater/lock_file_error_handler.rb CHANGED
@@ -64,6 +64,11 @@ module Dependabot
64
64
  /Failed to parse:?\s*`?(?<file>[^`\n]+\.toml)`?|TOML parse error/i,
65
65
  Regexp
66
66
  )
67
+ # uv prefixes errors with interpreter info that should be stripped
68
+ USING_CPYTHON_LINE_REGEX = T.let(
69
+ /\AUsing CPython \S+ interpreter at: [^\n]+\n?/,
70
+ Regexp
71
+ )
67
72
  PYPROJECT_SCHEMA_ERROR_REGEX = T.let(
68
73
  /missing field `project`|missing.*\[project\].*table|Field `project\.name` is required/i,
69
74
  Regexp
@@ -110,6 +115,7 @@ module Dependabot
110
115
  handle_python_version_errors(message)
111
116
  handle_resource_errors(message)
112
117
  handle_package_not_found_errors(message)
118
+ handle_uv_fallback_error(message)
113
119
 
114
120
  raise error
115
121
  end
@@ -293,6 +299,13 @@ module Dependabot
293
299
  raise Dependabot::DependencyFileNotResolvable, clean_error_message(message)
294
300
  end
295
301
 
302
+ sig { params(message: String).void }
303
+ def handle_uv_fallback_error(message)
304
+ return unless message.match?(USING_CPYTHON_LINE_REGEX)
305
+
306
+ raise Dependabot::DependencyFileNotResolvable, clean_error_message(message)
307
+ end
308
+
296
309
  sig { params(match: T.untyped).returns(T.nilable(String)) }
297
310
  def extract_match_string(match)
298
311
  return nil unless match
@@ -311,6 +324,7 @@ module Dependabot
311
324
  sig { params(message: String).returns(String) }
312
325
  def clean_error_message(message)
313
326
  message
327
+ .sub(USING_CPYTHON_LINE_REGEX, "")
314
328
  .gsub(/#{Regexp.escape(Utils::BUMP_TMP_DIR_PATH)}[^\s]*/o, "")
315
329
  .lines
316
330
  .reject { |line| line.strip.empty? }
data/lib/dependabot/uv/file_updater/lock_file_updater.rb CHANGED
@@ -460,8 +460,22 @@ module Dependabot
460
460
 
461
461
  sig { params(name: T.any(String, Symbol)).returns(String) }
462
462
  def escape_package_name(name)
463
- # Per PEP 503, Python package names normalize -, _, and . to the same character
464
- Regexp.escape(name).gsub(/\\[-_.]/, "[-_.]")
463
+ name_str = name.to_s
464
+ match = name_str.match(/\A([^\[]+)\[([^\]]+)\]\z/)
465
+
466
+ # Handle extras: "pkg[extra1,extra2]" needs flexible matching for
467
+ # whitespace around commas and any ordering of extras in source file
468
+ if match
469
+ base = Regexp.escape(T.must(match[1])).gsub(/\\[-_.]/, "[-_.]")
470
+ extras = T.must(match[2]).split(",").map(&:strip)
471
+ extras_patterns = extras.map { |e| Regexp.escape(e).gsub(/\\[-_.]/, "[-_.]") }
472
+ # Use lookaheads so extras match in any order
473
+ lookaheads = extras_patterns.map { |e| "(?=[^\\]]*#{e})" }.join
474
+ "#{base}\\[#{lookaheads}[^\\]]+\\]"
475
+ else
476
+ # Per PEP 503, Python package names normalize -, _, and . to the same character
477
+ Regexp.escape(name_str).gsub(/\\[-_.]/, "[-_.]")
478
+ end
465
479
  end
466
480
 
467
481
  sig { params(file: T.nilable(DependencyFile)).returns(T::Boolean) }
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-uv
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.365.0
4
+ version: 0.367.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -15,28 +15,28 @@ dependencies:
15
15
  requirements:
16
16
  - - '='
17
17
  - !ruby/object:Gem::Version
18
- version: 0.365.0
18
+ version: 0.367.0
19
19
  type: :runtime
20
20
  prerelease: false
21
21
  version_requirements: !ruby/object:Gem::Requirement
22
22
  requirements:
23
23
  - - '='
24
24
  - !ruby/object:Gem::Version
25
- version: 0.365.0
25
+ version: 0.367.0
26
26
  - !ruby/object:Gem::Dependency
27
27
  name: dependabot-python
28
28
  requirement: !ruby/object:Gem::Requirement
29
29
  requirements:
30
30
  - - '='
31
31
  - !ruby/object:Gem::Version
32
- version: 0.365.0
32
+ version: 0.367.0
33
33
  type: :runtime
34
34
  prerelease: false
35
35
  version_requirements: !ruby/object:Gem::Requirement
36
36
  requirements:
37
37
  - - '='
38
38
  - !ruby/object:Gem::Version
39
- version: 0.365.0
39
+ version: 0.367.0
40
40
  - !ruby/object:Gem::Dependency
41
41
  name: debug
42
42
  requirement: !ruby/object:Gem::Requirement
@@ -300,7 +300,7 @@ licenses:
300
300
  - MIT
301
301
  metadata:
302
302
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
303
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.365.0
303
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.367.0
304
304
  rdoc_options: []
305
305
  require_paths:
306
306
  - lib