dependabot-uv 0.383.0 → 0.385.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ec6b2f2a71183f96ba54935778ae0881d4e54de983b0185651871b5582f43527
4
- data.tar.gz: 6d52e75689a7a2b202deded8bb158f6e882e682a77b03738c6af717ce6a7b37e
3
+ metadata.gz: b27887feca6e05276a0219581805762553eb6b94c300b30bac15f816ccc01011
4
+ data.tar.gz: 7f80bf8bcda56d65f2b05ee7800928b740ff539326c27b787572a1ef236f2117
5
5
  SHA512:
6
- metadata.gz: d193574d174b6266342042d95e59ba99b0a89b90ef4878e4735c9dfd27c0fb76be68a54ff85c9d5876e9ebbed85d505909f0cd9f598eb7dae8e443d7fb8d8bc4
7
- data.tar.gz: fc9b36d7a7482e8642cb8bb6ecc348496972ccb938139c645cf5a96d7f6b0239b8ec1219f0d8cb497bb82eed12fca7336c86febd3f2d1a6aafc3920e985a9c4d
6
+ metadata.gz: 17735f62633b1d8114dd41b7ac482a04347d099e7e96b8a3f9571e7c3890563eba4cfebfc58a2a8343b9aa1347201a520fe77f001624e9d5fbdca45dc09f9577
7
+ data.tar.gz: ae24b3cbcd20e0bafb4f7fd0a3e2e1236f3740ead9269cab2bb91282ae7c73c99fd73a7e30eff16b23dcb0574713f9342b56f17279fe644aead8da3ca16e04eb
@@ -96,10 +96,15 @@ module Dependabot
96
96
  updated_files = pyproject_files.filter_map do |file|
97
97
  next unless file_changed?(file)
98
98
 
99
- updated_file(
99
+ updated = updated_file(
100
100
  file: file,
101
101
  content: T.must(updated_pyproject_content_for(file))
102
102
  )
103
+ # support_file must be false to prevent DependencyChangeBuilder from discarding the inner TOML,
104
+ # since doing so causes a conflict between the updated lock file and the committed TOML
105
+ # and breaks `uv sync --locked` in CI.
106
+ updated.support_file = false
107
+ updated
103
108
  end
104
109
 
105
110
  if lockfile && !build_system_only_dependency?
@@ -365,14 +370,49 @@ module Dependabot
365
370
 
366
371
  sig { returns(T::Array[String]) }
367
372
  def lock_index_options
368
- filtered_credentials = credentials
369
- .select { |cred| cred["type"] == "python_index" }
370
- .reject do |cred|
371
- cred.replaces_base? ? defined_in_pyproject?(cred) : explicit_index?(cred)
372
- end
373
-
373
+ filtered_credentials = filtered_python_index_credentials
374
374
  options = T.let([], T::Array[String])
375
375
  used_credential_urls = T.let([], T::Array[String])
376
+ default_index_used = T.let(false, T::Boolean)
377
+
378
+ default_index_used = add_lockfile_registry_options(
379
+ filtered_credentials: filtered_credentials,
380
+ options: options,
381
+ used_credential_urls: used_credential_urls,
382
+ default_index_used: default_index_used
383
+ )
384
+
385
+ add_fallback_index_options(
386
+ filtered_credentials: filtered_credentials,
387
+ options: options,
388
+ used_credential_urls: used_credential_urls,
389
+ default_index_used: default_index_used
390
+ )
391
+
392
+ options.uniq
393
+ end
394
+
395
+ sig { returns(T::Array[Dependabot::Credential]) }
396
+ def filtered_python_index_credentials
397
+ credentials
398
+ .select { |cred| cred["type"] == "python_index" }
399
+ .reject { |cred| skip_lock_index_credential?(cred) }
400
+ end
401
+
402
+ sig { params(credential: Dependabot::Credential).returns(T::Boolean) }
403
+ def skip_lock_index_credential?(credential)
404
+ credential.replaces_base? ? defined_in_pyproject?(credential) : explicit_index?(credential)
405
+ end
406
+
407
+ sig do
408
+ params(
409
+ filtered_credentials: T::Array[Dependabot::Credential],
410
+ options: T::Array[String],
411
+ used_credential_urls: T::Array[String],
412
+ default_index_used: T::Boolean
413
+ ).returns(T::Boolean)
414
+ end
415
+ def add_lockfile_registry_options(filtered_credentials:, options:, used_credential_urls:, default_index_used:)
376
416
  credential_matcher = LockIndexCredentialMatcher.new(credentials: filtered_credentials)
377
417
 
378
418
  uv_lock_registry_urls.each do |registry_url|
@@ -380,23 +420,59 @@ module Dependabot
380
420
  next unless credential
381
421
 
382
422
  used_credential_urls << credential["index-url"].to_s
383
- options << option_for_credential_url(credential, authed_registry_url(credential, registry_url))
423
+ default_index_used = add_lock_index_option(
424
+ credential: credential,
425
+ url: authed_registry_url(credential, registry_url),
426
+ options: options,
427
+ default_index_used: default_index_used
428
+ )
384
429
  end
385
430
 
431
+ default_index_used
432
+ end
433
+
434
+ sig do
435
+ params(
436
+ filtered_credentials: T::Array[Dependabot::Credential],
437
+ options: T::Array[String],
438
+ used_credential_urls: T::Array[String],
439
+ default_index_used: T::Boolean
440
+ ).returns(T::Boolean)
441
+ end
442
+ def add_fallback_index_options(filtered_credentials:, options:, used_credential_urls:, default_index_used:)
386
443
  # Fall back to credential URLs for indices not represented in uv.lock.
387
444
  filtered_credentials.each do |credential|
388
445
  next if used_credential_urls.include?(credential["index-url"].to_s)
389
446
 
390
- authed_url = AuthedUrlBuilder.authed_url(credential: credential)
391
- options << option_for_credential_url(credential, authed_url)
447
+ default_index_used = add_lock_index_option(
448
+ credential: credential,
449
+ url: AuthedUrlBuilder.authed_url(credential: credential),
450
+ options: options,
451
+ default_index_used: default_index_used
452
+ )
392
453
  end
393
454
 
394
- options.uniq
455
+ default_index_used
456
+ end
457
+
458
+ sig do
459
+ params(
460
+ credential: Dependabot::Credential,
461
+ url: String,
462
+ options: T::Array[String],
463
+ default_index_used: T::Boolean
464
+ ).returns(T::Boolean)
465
+ end
466
+ def add_lock_index_option(credential:, url:, options:, default_index_used:)
467
+ options << option_for_credential_url(credential, url, default_index_used: default_index_used)
468
+ default_index_used || credential.replaces_base?
395
469
  end
396
470
 
397
- sig { params(credential: Dependabot::Credential, url: String).returns(String) }
398
- def option_for_credential_url(credential, url)
399
- if credential.replaces_base?
471
+ sig do
472
+ params(credential: Dependabot::Credential, url: String, default_index_used: T::Boolean).returns(String)
473
+ end
474
+ def option_for_credential_url(credential, url, default_index_used:)
475
+ if credential.replaces_base? && !default_index_used
400
476
  "--default-index #{url}"
401
477
  else
402
478
  "--index #{url}"
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-uv
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.383.0
4
+ version: 0.385.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -15,28 +15,28 @@ dependencies:
15
15
  requirements:
16
16
  - - '='
17
17
  - !ruby/object:Gem::Version
18
- version: 0.383.0
18
+ version: 0.385.0
19
19
  type: :runtime
20
20
  prerelease: false
21
21
  version_requirements: !ruby/object:Gem::Requirement
22
22
  requirements:
23
23
  - - '='
24
24
  - !ruby/object:Gem::Version
25
- version: 0.383.0
25
+ version: 0.385.0
26
26
  - !ruby/object:Gem::Dependency
27
27
  name: dependabot-python
28
28
  requirement: !ruby/object:Gem::Requirement
29
29
  requirements:
30
30
  - - '='
31
31
  - !ruby/object:Gem::Version
32
- version: 0.383.0
32
+ version: 0.385.0
33
33
  type: :runtime
34
34
  prerelease: false
35
35
  version_requirements: !ruby/object:Gem::Requirement
36
36
  requirements:
37
37
  - - '='
38
38
  - !ruby/object:Gem::Version
39
- version: 0.383.0
39
+ version: 0.385.0
40
40
  - !ruby/object:Gem::Dependency
41
41
  name: debug
42
42
  requirement: !ruby/object:Gem::Requirement
@@ -301,7 +301,7 @@ licenses:
301
301
  - MIT
302
302
  metadata:
303
303
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
304
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.383.0
304
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.385.0
305
305
  rdoc_options: []
306
306
  require_paths:
307
307
  - lib
@@ -316,7 +316,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
316
316
  - !ruby/object:Gem::Version
317
317
  version: 3.3.0
318
318
  requirements: []
319
- rubygems_version: 3.7.2
319
+ rubygems_version: 4.0.14
320
320
  specification_version: 4
321
321
  summary: Provides Dependabot support for Python uv
322
322
  test_files: []