dependabot-uv 0.384.0 → 0.385.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/uv/file_updater/lock_file_updater.rb +84 -13
- metadata +6 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b27887feca6e05276a0219581805762553eb6b94c300b30bac15f816ccc01011
|
|
4
|
+
data.tar.gz: 7f80bf8bcda56d65f2b05ee7800928b740ff539326c27b787572a1ef236f2117
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 17735f62633b1d8114dd41b7ac482a04347d099e7e96b8a3f9571e7c3890563eba4cfebfc58a2a8343b9aa1347201a520fe77f001624e9d5fbdca45dc09f9577
|
|
7
|
+
data.tar.gz: ae24b3cbcd20e0bafb4f7fd0a3e2e1236f3740ead9269cab2bb91282ae7c73c99fd73a7e30eff16b23dcb0574713f9342b56f17279fe644aead8da3ca16e04eb
|
|
@@ -370,14 +370,49 @@ module Dependabot
|
|
|
370
370
|
|
|
371
371
|
sig { returns(T::Array[String]) }
|
|
372
372
|
def lock_index_options
|
|
373
|
-
filtered_credentials =
|
|
374
|
-
.select { |cred| cred["type"] == "python_index" }
|
|
375
|
-
.reject do |cred|
|
|
376
|
-
cred.replaces_base? ? defined_in_pyproject?(cred) : explicit_index?(cred)
|
|
377
|
-
end
|
|
378
|
-
|
|
373
|
+
filtered_credentials = filtered_python_index_credentials
|
|
379
374
|
options = T.let([], T::Array[String])
|
|
380
375
|
used_credential_urls = T.let([], T::Array[String])
|
|
376
|
+
default_index_used = T.let(false, T::Boolean)
|
|
377
|
+
|
|
378
|
+
default_index_used = add_lockfile_registry_options(
|
|
379
|
+
filtered_credentials: filtered_credentials,
|
|
380
|
+
options: options,
|
|
381
|
+
used_credential_urls: used_credential_urls,
|
|
382
|
+
default_index_used: default_index_used
|
|
383
|
+
)
|
|
384
|
+
|
|
385
|
+
add_fallback_index_options(
|
|
386
|
+
filtered_credentials: filtered_credentials,
|
|
387
|
+
options: options,
|
|
388
|
+
used_credential_urls: used_credential_urls,
|
|
389
|
+
default_index_used: default_index_used
|
|
390
|
+
)
|
|
391
|
+
|
|
392
|
+
options.uniq
|
|
393
|
+
end
|
|
394
|
+
|
|
395
|
+
sig { returns(T::Array[Dependabot::Credential]) }
|
|
396
|
+
def filtered_python_index_credentials
|
|
397
|
+
credentials
|
|
398
|
+
.select { |cred| cred["type"] == "python_index" }
|
|
399
|
+
.reject { |cred| skip_lock_index_credential?(cred) }
|
|
400
|
+
end
|
|
401
|
+
|
|
402
|
+
sig { params(credential: Dependabot::Credential).returns(T::Boolean) }
|
|
403
|
+
def skip_lock_index_credential?(credential)
|
|
404
|
+
credential.replaces_base? ? defined_in_pyproject?(credential) : explicit_index?(credential)
|
|
405
|
+
end
|
|
406
|
+
|
|
407
|
+
sig do
|
|
408
|
+
params(
|
|
409
|
+
filtered_credentials: T::Array[Dependabot::Credential],
|
|
410
|
+
options: T::Array[String],
|
|
411
|
+
used_credential_urls: T::Array[String],
|
|
412
|
+
default_index_used: T::Boolean
|
|
413
|
+
).returns(T::Boolean)
|
|
414
|
+
end
|
|
415
|
+
def add_lockfile_registry_options(filtered_credentials:, options:, used_credential_urls:, default_index_used:)
|
|
381
416
|
credential_matcher = LockIndexCredentialMatcher.new(credentials: filtered_credentials)
|
|
382
417
|
|
|
383
418
|
uv_lock_registry_urls.each do |registry_url|
|
|
@@ -385,23 +420,59 @@ module Dependabot
|
|
|
385
420
|
next unless credential
|
|
386
421
|
|
|
387
422
|
used_credential_urls << credential["index-url"].to_s
|
|
388
|
-
|
|
423
|
+
default_index_used = add_lock_index_option(
|
|
424
|
+
credential: credential,
|
|
425
|
+
url: authed_registry_url(credential, registry_url),
|
|
426
|
+
options: options,
|
|
427
|
+
default_index_used: default_index_used
|
|
428
|
+
)
|
|
389
429
|
end
|
|
390
430
|
|
|
431
|
+
default_index_used
|
|
432
|
+
end
|
|
433
|
+
|
|
434
|
+
sig do
|
|
435
|
+
params(
|
|
436
|
+
filtered_credentials: T::Array[Dependabot::Credential],
|
|
437
|
+
options: T::Array[String],
|
|
438
|
+
used_credential_urls: T::Array[String],
|
|
439
|
+
default_index_used: T::Boolean
|
|
440
|
+
).returns(T::Boolean)
|
|
441
|
+
end
|
|
442
|
+
def add_fallback_index_options(filtered_credentials:, options:, used_credential_urls:, default_index_used:)
|
|
391
443
|
# Fall back to credential URLs for indices not represented in uv.lock.
|
|
392
444
|
filtered_credentials.each do |credential|
|
|
393
445
|
next if used_credential_urls.include?(credential["index-url"].to_s)
|
|
394
446
|
|
|
395
|
-
|
|
396
|
-
|
|
447
|
+
default_index_used = add_lock_index_option(
|
|
448
|
+
credential: credential,
|
|
449
|
+
url: AuthedUrlBuilder.authed_url(credential: credential),
|
|
450
|
+
options: options,
|
|
451
|
+
default_index_used: default_index_used
|
|
452
|
+
)
|
|
397
453
|
end
|
|
398
454
|
|
|
399
|
-
|
|
455
|
+
default_index_used
|
|
456
|
+
end
|
|
457
|
+
|
|
458
|
+
sig do
|
|
459
|
+
params(
|
|
460
|
+
credential: Dependabot::Credential,
|
|
461
|
+
url: String,
|
|
462
|
+
options: T::Array[String],
|
|
463
|
+
default_index_used: T::Boolean
|
|
464
|
+
).returns(T::Boolean)
|
|
465
|
+
end
|
|
466
|
+
def add_lock_index_option(credential:, url:, options:, default_index_used:)
|
|
467
|
+
options << option_for_credential_url(credential, url, default_index_used: default_index_used)
|
|
468
|
+
default_index_used || credential.replaces_base?
|
|
400
469
|
end
|
|
401
470
|
|
|
402
|
-
sig
|
|
403
|
-
|
|
404
|
-
|
|
471
|
+
sig do
|
|
472
|
+
params(credential: Dependabot::Credential, url: String, default_index_used: T::Boolean).returns(String)
|
|
473
|
+
end
|
|
474
|
+
def option_for_credential_url(credential, url, default_index_used:)
|
|
475
|
+
if credential.replaces_base? && !default_index_used
|
|
405
476
|
"--default-index #{url}"
|
|
406
477
|
else
|
|
407
478
|
"--index #{url}"
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-uv
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.385.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,28 +15,28 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.385.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.385.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: dependabot-python
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
29
29
|
requirements:
|
|
30
30
|
- - '='
|
|
31
31
|
- !ruby/object:Gem::Version
|
|
32
|
-
version: 0.
|
|
32
|
+
version: 0.385.0
|
|
33
33
|
type: :runtime
|
|
34
34
|
prerelease: false
|
|
35
35
|
version_requirements: !ruby/object:Gem::Requirement
|
|
36
36
|
requirements:
|
|
37
37
|
- - '='
|
|
38
38
|
- !ruby/object:Gem::Version
|
|
39
|
-
version: 0.
|
|
39
|
+
version: 0.385.0
|
|
40
40
|
- !ruby/object:Gem::Dependency
|
|
41
41
|
name: debug
|
|
42
42
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -301,7 +301,7 @@ licenses:
|
|
|
301
301
|
- MIT
|
|
302
302
|
metadata:
|
|
303
303
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
304
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
304
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.385.0
|
|
305
305
|
rdoc_options: []
|
|
306
306
|
require_paths:
|
|
307
307
|
- lib
|