dependabot-uv 0.383.0 → 0.385.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/uv/file_updater/lock_file_updater.rb +90 -14
- metadata +7 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b27887feca6e05276a0219581805762553eb6b94c300b30bac15f816ccc01011
|
|
4
|
+
data.tar.gz: 7f80bf8bcda56d65f2b05ee7800928b740ff539326c27b787572a1ef236f2117
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 17735f62633b1d8114dd41b7ac482a04347d099e7e96b8a3f9571e7c3890563eba4cfebfc58a2a8343b9aa1347201a520fe77f001624e9d5fbdca45dc09f9577
|
|
7
|
+
data.tar.gz: ae24b3cbcd20e0bafb4f7fd0a3e2e1236f3740ead9269cab2bb91282ae7c73c99fd73a7e30eff16b23dcb0574713f9342b56f17279fe644aead8da3ca16e04eb
|
|
@@ -96,10 +96,15 @@ module Dependabot
|
|
|
96
96
|
updated_files = pyproject_files.filter_map do |file|
|
|
97
97
|
next unless file_changed?(file)
|
|
98
98
|
|
|
99
|
-
updated_file(
|
|
99
|
+
updated = updated_file(
|
|
100
100
|
file: file,
|
|
101
101
|
content: T.must(updated_pyproject_content_for(file))
|
|
102
102
|
)
|
|
103
|
+
# support_file must be false to prevent DependencyChangeBuilder from discarding the inner TOML,
|
|
104
|
+
# since doing so causes a conflict between the updated lock file and the committed TOML
|
|
105
|
+
# and breaks `uv sync --locked` in CI.
|
|
106
|
+
updated.support_file = false
|
|
107
|
+
updated
|
|
103
108
|
end
|
|
104
109
|
|
|
105
110
|
if lockfile && !build_system_only_dependency?
|
|
@@ -365,14 +370,49 @@ module Dependabot
|
|
|
365
370
|
|
|
366
371
|
sig { returns(T::Array[String]) }
|
|
367
372
|
def lock_index_options
|
|
368
|
-
filtered_credentials =
|
|
369
|
-
.select { |cred| cred["type"] == "python_index" }
|
|
370
|
-
.reject do |cred|
|
|
371
|
-
cred.replaces_base? ? defined_in_pyproject?(cred) : explicit_index?(cred)
|
|
372
|
-
end
|
|
373
|
-
|
|
373
|
+
filtered_credentials = filtered_python_index_credentials
|
|
374
374
|
options = T.let([], T::Array[String])
|
|
375
375
|
used_credential_urls = T.let([], T::Array[String])
|
|
376
|
+
default_index_used = T.let(false, T::Boolean)
|
|
377
|
+
|
|
378
|
+
default_index_used = add_lockfile_registry_options(
|
|
379
|
+
filtered_credentials: filtered_credentials,
|
|
380
|
+
options: options,
|
|
381
|
+
used_credential_urls: used_credential_urls,
|
|
382
|
+
default_index_used: default_index_used
|
|
383
|
+
)
|
|
384
|
+
|
|
385
|
+
add_fallback_index_options(
|
|
386
|
+
filtered_credentials: filtered_credentials,
|
|
387
|
+
options: options,
|
|
388
|
+
used_credential_urls: used_credential_urls,
|
|
389
|
+
default_index_used: default_index_used
|
|
390
|
+
)
|
|
391
|
+
|
|
392
|
+
options.uniq
|
|
393
|
+
end
|
|
394
|
+
|
|
395
|
+
sig { returns(T::Array[Dependabot::Credential]) }
|
|
396
|
+
def filtered_python_index_credentials
|
|
397
|
+
credentials
|
|
398
|
+
.select { |cred| cred["type"] == "python_index" }
|
|
399
|
+
.reject { |cred| skip_lock_index_credential?(cred) }
|
|
400
|
+
end
|
|
401
|
+
|
|
402
|
+
sig { params(credential: Dependabot::Credential).returns(T::Boolean) }
|
|
403
|
+
def skip_lock_index_credential?(credential)
|
|
404
|
+
credential.replaces_base? ? defined_in_pyproject?(credential) : explicit_index?(credential)
|
|
405
|
+
end
|
|
406
|
+
|
|
407
|
+
sig do
|
|
408
|
+
params(
|
|
409
|
+
filtered_credentials: T::Array[Dependabot::Credential],
|
|
410
|
+
options: T::Array[String],
|
|
411
|
+
used_credential_urls: T::Array[String],
|
|
412
|
+
default_index_used: T::Boolean
|
|
413
|
+
).returns(T::Boolean)
|
|
414
|
+
end
|
|
415
|
+
def add_lockfile_registry_options(filtered_credentials:, options:, used_credential_urls:, default_index_used:)
|
|
376
416
|
credential_matcher = LockIndexCredentialMatcher.new(credentials: filtered_credentials)
|
|
377
417
|
|
|
378
418
|
uv_lock_registry_urls.each do |registry_url|
|
|
@@ -380,23 +420,59 @@ module Dependabot
|
|
|
380
420
|
next unless credential
|
|
381
421
|
|
|
382
422
|
used_credential_urls << credential["index-url"].to_s
|
|
383
|
-
|
|
423
|
+
default_index_used = add_lock_index_option(
|
|
424
|
+
credential: credential,
|
|
425
|
+
url: authed_registry_url(credential, registry_url),
|
|
426
|
+
options: options,
|
|
427
|
+
default_index_used: default_index_used
|
|
428
|
+
)
|
|
384
429
|
end
|
|
385
430
|
|
|
431
|
+
default_index_used
|
|
432
|
+
end
|
|
433
|
+
|
|
434
|
+
sig do
|
|
435
|
+
params(
|
|
436
|
+
filtered_credentials: T::Array[Dependabot::Credential],
|
|
437
|
+
options: T::Array[String],
|
|
438
|
+
used_credential_urls: T::Array[String],
|
|
439
|
+
default_index_used: T::Boolean
|
|
440
|
+
).returns(T::Boolean)
|
|
441
|
+
end
|
|
442
|
+
def add_fallback_index_options(filtered_credentials:, options:, used_credential_urls:, default_index_used:)
|
|
386
443
|
# Fall back to credential URLs for indices not represented in uv.lock.
|
|
387
444
|
filtered_credentials.each do |credential|
|
|
388
445
|
next if used_credential_urls.include?(credential["index-url"].to_s)
|
|
389
446
|
|
|
390
|
-
|
|
391
|
-
|
|
447
|
+
default_index_used = add_lock_index_option(
|
|
448
|
+
credential: credential,
|
|
449
|
+
url: AuthedUrlBuilder.authed_url(credential: credential),
|
|
450
|
+
options: options,
|
|
451
|
+
default_index_used: default_index_used
|
|
452
|
+
)
|
|
392
453
|
end
|
|
393
454
|
|
|
394
|
-
|
|
455
|
+
default_index_used
|
|
456
|
+
end
|
|
457
|
+
|
|
458
|
+
sig do
|
|
459
|
+
params(
|
|
460
|
+
credential: Dependabot::Credential,
|
|
461
|
+
url: String,
|
|
462
|
+
options: T::Array[String],
|
|
463
|
+
default_index_used: T::Boolean
|
|
464
|
+
).returns(T::Boolean)
|
|
465
|
+
end
|
|
466
|
+
def add_lock_index_option(credential:, url:, options:, default_index_used:)
|
|
467
|
+
options << option_for_credential_url(credential, url, default_index_used: default_index_used)
|
|
468
|
+
default_index_used || credential.replaces_base?
|
|
395
469
|
end
|
|
396
470
|
|
|
397
|
-
sig
|
|
398
|
-
|
|
399
|
-
|
|
471
|
+
sig do
|
|
472
|
+
params(credential: Dependabot::Credential, url: String, default_index_used: T::Boolean).returns(String)
|
|
473
|
+
end
|
|
474
|
+
def option_for_credential_url(credential, url, default_index_used:)
|
|
475
|
+
if credential.replaces_base? && !default_index_used
|
|
400
476
|
"--default-index #{url}"
|
|
401
477
|
else
|
|
402
478
|
"--index #{url}"
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-uv
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.385.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,28 +15,28 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.385.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.385.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: dependabot-python
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
29
29
|
requirements:
|
|
30
30
|
- - '='
|
|
31
31
|
- !ruby/object:Gem::Version
|
|
32
|
-
version: 0.
|
|
32
|
+
version: 0.385.0
|
|
33
33
|
type: :runtime
|
|
34
34
|
prerelease: false
|
|
35
35
|
version_requirements: !ruby/object:Gem::Requirement
|
|
36
36
|
requirements:
|
|
37
37
|
- - '='
|
|
38
38
|
- !ruby/object:Gem::Version
|
|
39
|
-
version: 0.
|
|
39
|
+
version: 0.385.0
|
|
40
40
|
- !ruby/object:Gem::Dependency
|
|
41
41
|
name: debug
|
|
42
42
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -301,7 +301,7 @@ licenses:
|
|
|
301
301
|
- MIT
|
|
302
302
|
metadata:
|
|
303
303
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
304
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
304
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.385.0
|
|
305
305
|
rdoc_options: []
|
|
306
306
|
require_paths:
|
|
307
307
|
- lib
|
|
@@ -316,7 +316,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
316
316
|
- !ruby/object:Gem::Version
|
|
317
317
|
version: 3.3.0
|
|
318
318
|
requirements: []
|
|
319
|
-
rubygems_version:
|
|
319
|
+
rubygems_version: 4.0.14
|
|
320
320
|
specification_version: 4
|
|
321
321
|
summary: Provides Dependabot support for Python uv
|
|
322
322
|
test_files: []
|