dependabot-uv 0.380.0 → 0.382.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/uv/file_parser/pyproject_files_parser.rb +8 -5
  3. data/lib/dependabot/uv/file_updater/compile_file_updater.rb +12 -8
  4. data/lib/dependabot/uv/file_updater/lock_file_updater.rb +23 -16
  5. data/lib/dependabot/uv/file_updater/pyproject_preparer.rb +2 -35
  6. data/lib/dependabot/uv/update_checker.rb +9 -7
  7. metadata +6 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f3b4c4b6a4b3763d4433341d1701c472a991315fb9cb30d6cdbc1b1401fc9232
4
- data.tar.gz: 73d2e249b54aa9c849dd4c7cf88bf1586af43122b020cc2e4f2d27ce60225356
3
+ metadata.gz: 4f8d39e39ce8e18f7c946928ed3a7b5cd780ce3ae7d8808dad8c96c3b8248e6b
4
+ data.tar.gz: 2747bc7341934590fb3c0d1b0af95f788e055ff7845570dc10918179c0a9a26b
5
5
  SHA512:
6
- metadata.gz: 7fb68d3a6c4668894905f961b7b02a9ba8e5ae26bca1d23e245cc5bd77da2e48bb3e004bfb1a3d233d5cc459f7c338ec2cf568d8f3a4019e62fde896c282e7d2
7
- data.tar.gz: 35d5bfefbcaaa09a71798e6fda30c2e26beb23c3c5e62090ed0fcc8a45b126a0f2537b56206e3565fe2e43fe31cc9e8dfc9c5ce0c372f6f392f9e47c881c34f2
6
+ metadata.gz: 4f6677be24fdf402b476d7018f98ca323491fb6c4ea7ba5eeb4634d0e48b097e98dde9c679b9c1229dcc6343d38600e17d83a2fb931ca3a6918742d8bc88f777
7
+ data.tar.gz: f56c52f7b7d3b38d894bfa5452a6c4d68a61cf0ea995f2a26ec75a7d68c4bc4abb7a41a495ba0e699c85597bb8d74b9ddc5ee2413ba009db260102807f716d5c
data/lib/dependabot/uv/file_parser/pyproject_files_parser.rb CHANGED
@@ -53,7 +53,7 @@ module Dependabot
53
53
 
54
54
  sig { returns(Dependabot::FileParsers::Base::DependencySet) }
55
55
  def poetry_dependencies
56
- @poetry_dependencies ||= T.let(parse_poetry_dependencies, T.untyped)
56
+ @poetry_dependencies ||= T.let(parse_poetry_dependencies, T.nilable(Dependabot::FileParsers::Base::DependencySet))
57
57
  end
58
58
 
59
59
  sig { returns(Dependabot::FileParsers::Base::DependencySet) }
@@ -288,16 +288,19 @@ module Dependabot
288
288
  NameNormaliser.normalise(name)
289
289
  end
290
290
 
291
- sig { returns(T.untyped) }
291
+ sig { returns(T::Hash[String, T.untyped]) }
292
292
  def parsed_pyproject
293
- @parsed_pyproject ||= T.let(TomlRB.parse(T.must(pyproject).content), T.untyped)
293
+ @parsed_pyproject ||= T.let(TomlRB.parse(T.must(pyproject).content), T.nilable(T::Hash[String, T.untyped]))
294
294
  rescue TomlRB::ParseError, TomlRB::ValueOverwriteError
295
295
  raise Dependabot::DependencyFileNotParseable, T.must(pyproject).path
296
296
  end
297
297
 
298
- sig { returns(T.untyped) }
298
+ sig { returns(T::Hash[String, T.untyped]) }
299
299
  def parsed_poetry_lock
300
- @parsed_poetry_lock ||= T.let(TomlRB.parse(T.must(poetry_lock).content), T.untyped)
300
+ @parsed_poetry_lock ||= T.let(
301
+ TomlRB.parse(T.must(poetry_lock).content),
302
+ T.nilable(T::Hash[String, T.untyped])
303
+ )
301
304
  rescue TomlRB::ParseError, TomlRB::ValueOverwriteError
302
305
  raise Dependabot::DependencyFileNotParseable, T.must(poetry_lock).path
303
306
  end
data/lib/dependabot/uv/file_updater/compile_file_updater.rb CHANGED
@@ -177,7 +177,6 @@ module Dependabot
177
177
  end
178
178
  end
179
179
 
180
- # rubocop:disable Metrics/AbcSize
181
180
  sig do
182
181
  params(updated_files: T::Array[Dependabot::DependencyFile]).returns(T::Array[Dependabot::DependencyFile])
183
182
  end
@@ -193,19 +192,24 @@ module Dependabot
193
192
  files = dependency_files
194
193
  .reject { |file| updated_filenames.include?(file.name) }
195
194
 
196
- args = T.must(dependency).to_h
197
- args = args.keys.to_h { |k| [k.to_sym, args[k]] }
198
- args[:requirements] = new_reqs
199
- args[:previous_requirements] = old_reqs
195
+ dep = T.must(dependency)
200
196
 
201
197
  RequirementFileUpdater.new(
202
- dependencies: [Dependency.new(**T.unsafe(args))],
198
+ dependencies: [Dependency.new(
199
+ name: dep.name,
200
+ version: dep.version,
201
+ requirements: new_reqs,
202
+ package_manager: dep.package_manager,
203
+ previous_version: dep.previous_version,
204
+ previous_requirements: old_reqs,
205
+ directory: dep.directory,
206
+ subdependency_metadata: dep.subdependency_metadata,
207
+ removed: dep.removed?
208
+ )],
203
209
  dependency_files: files,
204
210
  credentials: credentials
205
211
  ).updated_dependency_files
206
212
  end
207
- # rubocop:enable Metrics/AbcSize
208
-
209
213
  sig do
210
214
  params(
211
215
  cmd: String,
data/lib/dependabot/uv/file_updater/lock_file_updater.rb CHANGED
@@ -482,27 +482,34 @@ module Dependabot
482
482
  # themselves and for dry-run.
483
483
  sig { returns(T::Hash[String, String]) }
484
484
  def pyproject_index_env_vars
485
- env_vars = {}
485
+ python_index_creds = credentials.select { |cred| cred["type"] == "python_index" }
486
+ python_index_creds.each_with_object(T.let({}, T::Hash[String, String])) do |cred, env_vars|
487
+ env_vars.merge!(index_auth_env_vars_for(cred))
488
+ end
489
+ end
490
+
491
+ sig { params(cred: Dependabot::Credential).returns(T::Hash[String, String]) }
492
+ def index_auth_env_vars_for(cred)
493
+ env_vars = T.let({}, T::Hash[String, String])
494
+ index_name = find_index_name_for_credential(cred)
486
495
 
487
- matched_credentials = credentials
488
- .select { |cred| cred["type"] == "python_index" }
489
- .filter_map do |cred|
490
- index_name = find_index_name_for_credential(cred)
491
- [cred, index_name] if index_name
492
- end
496
+ unless index_name
497
+ Dependabot.logger.debug(
498
+ "python_index credential did not match a [[tool.uv.index]] entry; skipping UV_INDEX_* env vars"
499
+ )
500
+ return env_vars
501
+ end
493
502
 
494
- matched_credentials.each do |cred, index_name|
495
- env_name = index_name.upcase.gsub(/[^A-Z0-9]/, "_")
503
+ env_name = index_name.upcase.gsub(/[^A-Z0-9]/, "_")
504
+ username = cred["username"]
505
+ password = cred["password"] || cred["token"]
496
506
 
497
- env_vars["UV_INDEX_#{env_name}_USERNAME"] = cred["username"] if cred["username"]
507
+ env_vars["UV_INDEX_#{env_name}_USERNAME"] = username if username
508
+ env_vars["UV_INDEX_#{env_name}_PASSWORD"] = password if password
498
509
 
499
- if cred["password"]
500
- env_vars["UV_INDEX_#{env_name}_PASSWORD"] = cred["password"]
501
- elsif cred["token"]
502
- env_vars["UV_INDEX_#{env_name}_PASSWORD"] = cred["token"]
503
- end
504
- end
510
+ return env_vars unless username || password
505
511
 
512
+ Dependabot.logger.debug("Configured uv auth env vars for a matched [[tool.uv.index]] entry")
506
513
  env_vars
507
514
  end
508
515
 
data/lib/dependabot/uv/file_updater/pyproject_preparer.rb CHANGED
@@ -17,12 +17,9 @@ module Dependabot
17
17
  class PyprojectPreparer
18
18
  extend T::Sig
19
19
 
20
- Credentials = T.type_alias { T::Array[T::Hash[String, String]] }
21
-
22
- sig { params(pyproject_content: String, lockfile: T.nilable(Dependabot::DependencyFile)).void }
23
- def initialize(pyproject_content:, lockfile: nil)
20
+ sig { params(pyproject_content: String).void }
21
+ def initialize(pyproject_content:)
24
22
  @pyproject_content = pyproject_content
25
- @lockfile = lockfile
26
23
  @lines = T.let(pyproject_content.split("\n"), T::Array[String])
27
24
  end
28
25
 
@@ -44,41 +41,11 @@ module Dependabot
44
41
  @pyproject_content = updated_lines.join("\n")
45
42
  end
46
43
 
47
- sig { params(credentials: T.nilable(Credentials)).returns(T.nilable(Credentials)) }
48
- def add_auth_env_vars(credentials)
49
- return unless credentials
50
-
51
- credentials.each do |credential|
52
- next unless credential["type"] == "python_index"
53
-
54
- token = credential["token"]
55
- index_url = credential["index-url"]
56
-
57
- next unless token && index_url
58
-
59
- # Set environment variables for uv auth
60
- ENV["UV_INDEX_URL_TOKEN_#{sanitize_env_name(index_url)}"] = token
61
-
62
- # Also set pip-style credentials for compatibility
63
- ENV["PIP_INDEX_URL"] ||= "https://#{token}@#{index_url.gsub(%r{^https?://}, '')}"
64
- end
65
- end
66
-
67
44
  sig { returns(String) }
68
45
  def sanitize
69
46
  # No special sanitization needed for UV files at this point
70
47
  @pyproject_content
71
48
  end
72
-
73
- private
74
-
75
- sig { returns(T.nilable(Dependabot::DependencyFile)) }
76
- attr_reader :lockfile
77
-
78
- sig { params(url: String).returns(String) }
79
- def sanitize_env_name(url)
80
- url.gsub(%r{^https?://}, "").gsub(/[^a-zA-Z0-9]/, "_").upcase
81
- end
82
49
  end
83
50
  end
84
51
  end
data/lib/dependabot/uv/update_checker.rb CHANGED
@@ -31,14 +31,16 @@ module Dependabot
31
31
  require_relative "update_checker/latest_version_finder"
32
32
  require_relative "update_checker/lock_file_resolver"
33
33
 
34
- sig { override.returns(T::Array[T::Hash[Symbol, T.untyped]]) }
34
+ sig { override.returns(T::Array[Dependabot::DependencyRequirement]) }
35
35
  def updated_requirements
36
- RequirementsUpdater.new(
37
- requirements: requirements,
38
- latest_resolvable_version: preferred_resolvable_version&.to_s,
39
- update_strategy: requirements_update_strategy,
40
- has_lockfile: requirements_text_file?
41
- ).updated_requirements
36
+ wrap_requirements(
37
+ RequirementsUpdater.new(
38
+ requirements: requirements,
39
+ latest_resolvable_version: preferred_resolvable_version&.to_s,
40
+ update_strategy: requirements_update_strategy,
41
+ has_lockfile: requirements_text_file?
42
+ ).updated_requirements
43
+ )
42
44
  end
43
45
 
44
46
  private
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-uv
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.380.0
4
+ version: 0.382.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -15,28 +15,28 @@ dependencies:
15
15
  requirements:
16
16
  - - '='
17
17
  - !ruby/object:Gem::Version
18
- version: 0.380.0
18
+ version: 0.382.0
19
19
  type: :runtime
20
20
  prerelease: false
21
21
  version_requirements: !ruby/object:Gem::Requirement
22
22
  requirements:
23
23
  - - '='
24
24
  - !ruby/object:Gem::Version
25
- version: 0.380.0
25
+ version: 0.382.0
26
26
  - !ruby/object:Gem::Dependency
27
27
  name: dependabot-python
28
28
  requirement: !ruby/object:Gem::Requirement
29
29
  requirements:
30
30
  - - '='
31
31
  - !ruby/object:Gem::Version
32
- version: 0.380.0
32
+ version: 0.382.0
33
33
  type: :runtime
34
34
  prerelease: false
35
35
  version_requirements: !ruby/object:Gem::Requirement
36
36
  requirements:
37
37
  - - '='
38
38
  - !ruby/object:Gem::Version
39
- version: 0.380.0
39
+ version: 0.382.0
40
40
  - !ruby/object:Gem::Dependency
41
41
  name: debug
42
42
  requirement: !ruby/object:Gem::Requirement
@@ -302,7 +302,7 @@ licenses:
302
302
  - MIT
303
303
  metadata:
304
304
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
305
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.380.0
305
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.382.0
306
306
  rdoc_options: []
307
307
  require_paths:
308
308
  - lib