dependabot-uv 0.299.1 → 0.300.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 37479ebd370ef17d7a56b2e53b0f9e94d93608fcbafdfb98a588d23f3f61c8f7
-  data.tar.gz: d3ff78147e58cf5fe353773c9bdf6c7f920c6ae73140de722827ce3f335ba30d
+  metadata.gz: 3e306a8d52bca54571baf167605279980eeb625a9dcfbad1128a13de55270936
+  data.tar.gz: 7bd9b6a85cf4e76675eaf401ed285acad0e6e518920e3cd344ae0074fa8a3a2a
 SHA512:
-  metadata.gz: 413470f2e052517d9a689131997e6425bf253e13cf558a1a217b4f7322ba4cfc28e9d78436a8249e3373ef9d7531fb8b6f5480b19401fcfc61be134c334986fd
-  data.tar.gz: a8edce98cdf17c759619019ab9406c4120c67129d884da7cc7111b2d247ba426ee865e53523b75c3ecd9c5fd93eaf9944071732f37ff59111e1955ead835d556
+  metadata.gz: 8a4fb9a0de4405de4e3130e78e917fc41480770e9b2053d7b368bbcfe397d202f12fde5db46edc563047322354abe87ff65a14190560f960b0c93f56e1d7a6fb
+  data.tar.gz: 0f5f35583b805d8a5047bbea2c69db49636759c63f7afc50f0957368d99f5ae874b742ade653f6983e8c5401b34cd0d966b092c14a0ea836993a704fde5f0e63

data/lib/dependabot/uv/file_fetcher.rb

@@ -7,7 +7,7 @@ require "sorbet-runtime"
 require "dependabot/file_fetchers"
 require "dependabot/file_fetchers/base"
 require "dependabot/uv/language_version_manager"
-require "dependabot/uv/pip_compile_file_matcher"
+require "dependabot/uv/requirements_file_matcher"
 require "dependabot/uv/requirement_parser"
 require "dependabot/uv/file_parser/pyproject_files_parser"
 require "dependabot/uv/file_parser/python_requirement_parser"
@@ -295,7 +295,7 @@ module Dependabot
 
       def parse_requirement_path_dependencies(req_file)
         # If this is a pip-compile lockfile, rely on whatever path dependencies we found in the main manifest
-        return [] if pip_compile_file_matcher.lockfile_for_pip_compile_file?(req_file)
+        return [] if requirements_in_file_matcher.compiled_file?(req_file)
 
         uneditable_reqs =
           req_file.content
@@ -318,8 +318,8 @@ module Dependabot
         Pathname.new(path).cleanpath.to_path
       end
 
-      def pip_compile_file_matcher
-        @pip_compile_file_matcher ||= PipCompileFileMatcher.new(requirements_in_files)
+      def requirements_in_file_matcher
+        @requirements_in_file_matcher ||= RequiremenstFileMatcher.new(requirements_in_files)
       end
     end
   end

data/lib/dependabot/uv/file_parser/python_requirement_parser.rb

@@ -6,7 +6,7 @@ require "open3"
 require "dependabot/errors"
 require "dependabot/shared_helpers"
 require "dependabot/uv/file_parser"
-require "dependabot/uv/pip_compile_file_matcher"
+require "dependabot/uv/requirements_file_matcher"
 require "dependabot/uv/requirement"
 
 module Dependabot
@@ -21,12 +21,10 @@ module Dependabot
 
         def user_specified_requirements
           [
-            pipfile_python_requirement,
             pyproject_python_requirement,
             pip_compile_python_requirement,
             python_version_file_version,
-            runtime_file_python_version,
-            setup_file_requirement
+            runtime_file_python_version
           ].compact
         end
 
@@ -44,18 +42,6 @@ module Dependabot
 
         private
 
-        def pipfile_python_requirement
-          return unless pipfile
-
-          parsed_pipfile = TomlRB.parse(pipfile.content)
-          requirement =
-            parsed_pipfile.dig("requires", "python_full_version") ||
-            parsed_pipfile.dig("requires", "python_version")
-          return unless requirement&.match?(/^\d/)
-
-          requirement
-        end
-
         def pyproject_python_requirement
           return unless pyproject
 
@@ -74,7 +60,7 @@ module Dependabot
 
         def pip_compile_python_requirement
           requirement_files.each do |file|
-            next unless pip_compile_file_matcher.lockfile_for_pip_compile_file?(file)
+            next unless requirements_in_file_matcher.compiled_file?(file)
 
             marker = /^# This file is autogenerated by pip-compile with [pP]ython (?<version>\d+.\d+)$/m
             match = marker.match(file.content)
@@ -112,19 +98,6 @@ module Dependabot
           file_version
         end
 
-        def setup_file_requirement
-          return unless setup_file
-
-          req = setup_file.content
-                          .match(/python_requires\s*=\s*['"](?<req>[^'"]+)['"]/)
-                          &.named_captures&.fetch("req")&.strip
-
-          requirement_class.new(req)
-          req
-        rescue Gem::Requirement::BadRequirementError
-          nil
-        end
-
         def pyenv_versions
           @pyenv_versions ||= run_command("pyenv install --list")
         end
@@ -133,8 +106,8 @@ module Dependabot
           SharedHelpers.run_shell_command(command, env: env, stderr_to_stdout: true)
         end
 
-        def pip_compile_file_matcher
-          @pip_compile_file_matcher ||= PipCompileFileMatcher.new(pip_compile_files)
+        def requirements_in_file_matcher
+          @requirements_in_file_matcher ||= RequiremenstFileMatcher.new(pip_compile_files)
         end
 
         def requirement_class
@@ -148,22 +121,10 @@ module Dependabot
           false
         end
 
-        def pipfile
-          dependency_files.find { |f| f.name == "Pipfile" }
-        end
-
-        def pipfile_lock
-          dependency_files.find { |f| f.name == "Pipfile.lock" }
-        end
-
         def pyproject
           dependency_files.find { |f| f.name == "pyproject.toml" }
         end
 
-        def setup_file
-          dependency_files.find { |f| f.name == "setup.py" }
-        end
-
         def python_version_file
           dependency_files.find { |f| f.name == ".python-version" }
         end

data/lib/dependabot/uv/file_parser.rb

@@ -11,7 +11,7 @@ require "dependabot/errors"
 require "dependabot/uv/language"
 require "dependabot/uv/native_helpers"
 require "dependabot/uv/name_normaliser"
-require "dependabot/uv/pip_compile_file_matcher"
+require "dependabot/uv/requirements_file_matcher"
 require "dependabot/uv/language_version_manager"
 require "dependabot/uv/package_manager"
 
@@ -19,9 +19,7 @@ module Dependabot
   module Uv
     class FileParser < Dependabot::FileParsers::Base
       extend T::Sig
-      require_relative "file_parser/pipfile_files_parser"
       require_relative "file_parser/pyproject_files_parser"
-      require_relative "file_parser/setup_file_parser"
       require_relative "file_parser/python_requirement_parser"
 
       DEPENDENCY_GROUP_KEYS = T.let([
@@ -40,15 +38,12 @@ module Dependabot
       ).freeze
 
       # we use this placeholder version in case we are not able to detect any
-      # PIP version from shell, we are ensuring that the actual update is not blocked
+      # uv version from shell, we are ensuring that the actual update is not blocked
       # in any way if any metric collection exception start happening
       UNDETECTED_PACKAGE_MANAGER_VERSION = "0.0"
 
-      sig { override.returns(T::Array[Dependabot::Dependency]) }
+      sig { override.returns(T::Array[Dependency]) }
       def parse
-        # TODO: setup.py from external dependencies is evaluated. Provide guards before removing this.
-        raise Dependabot::UnexpectedExternalCode if @reject_external_code
-
         dependency_set = DependencySet.new
 
         dependency_set += pyproject_file_dependencies if pyproject
@@ -71,56 +66,49 @@ module Dependabot
 
       private
 
-      sig { returns(Dependabot::Uv::LanguageVersionManager) }
+      sig { returns(LanguageVersionManager) }
       def language_version_manager
         @language_version_manager ||= T.let(LanguageVersionManager.new(python_requirement_parser:
                                         python_requirement_parser), T.nilable(LanguageVersionManager))
       end
 
-      sig { returns(Dependabot::Uv::FileParser::PythonRequirementParser) }
+      sig { returns(FileParser::PythonRequirementParser) }
       def python_requirement_parser
-        @python_requirement_parser ||= T.let(FileParser::PythonRequirementParser.new(dependency_files:
-                                         dependency_files), T.nilable(FileParser::PythonRequirementParser))
+        @python_requirement_parser ||= T.let(PythonRequirementParser.new(dependency_files:
+                                         dependency_files), T.nilable(PythonRequirementParser))
       end
 
       sig { returns(Ecosystem::VersionManager) }
       def package_manager
-        if Dependabot::Experiments.enabled?(:enable_file_parser_python_local)
+        if Experiments.enabled?(:enable_file_parser_python_local)
           Dependabot.logger.info("Detected package manager : #{detected_package_manager.name}")
         end
 
-        @package_manager ||= T.let(detected_package_manager, T.nilable(Dependabot::Ecosystem::VersionManager))
+        @package_manager ||= T.let(detected_package_manager, T.nilable(Ecosystem::VersionManager))
       end
 
       sig { returns(Ecosystem::VersionManager) }
       def detected_package_manager
-        setup_python_environment if Dependabot::Experiments.enabled?(:enable_file_parser_python_local)
+        setup_python_environment if Experiments.enabled?(:enable_file_parser_python_local)
 
-        PackageManager.new(T.must(detect_pipcompile_version))
+        PackageManager.new(T.must(detect_uv_version))
       end
 
-      # Detects the version of pip-compile. If the version cannot be detected, it returns nil
       sig { returns(T.nilable(String)) }
-      def detect_pipcompile_version
-        if pipcompile_in_file
-          package_manager = PackageManager::NAME
-
-          version = package_manager_version(package_manager)
-                    .to_s.split("version ").last&.split(")")&.first
+      def detect_uv_version
+        version = uv_version.to_s.split("version ").last&.split(")")&.first
 
-          log_if_version_malformed(package_manager, version)
+        log_if_version_malformed("uv", version)
 
-          # makes sure we have correct version format returned
-          version if version&.match?(/^\d+(?:\.\d+)*$/)
-        end
+        version if version&.match?(/^\d+(?:\.\d+)*$/)
       rescue StandardError
         nil
       end
 
-      sig { params(package_manager: String).returns(T.any(String, T.untyped)) }
-      def package_manager_version(package_manager)
-        version_info = SharedHelpers.run_shell_command("pyenv exec #{package_manager} --version")
-        Dependabot.logger.info("Package manager #{package_manager}, Info : #{version_info}")
+      sig { returns(T.any(String, T.untyped)) }
+      def uv_version
+        version_info = SharedHelpers.run_shell_command("pyenv exec uv --version")
+        Dependabot.logger.info("Package manager uv, Info : #{version_info}")
 
         version_info.match(/\d+(?:\.\d+)*/)&.to_s
       rescue StandardError => e
@@ -128,7 +116,6 @@ module Dependabot
         nil
       end
 
-      # setup python local setup on file parser stage
       sig { returns(T.nilable(String)) }
       def setup_python_environment
         language_version_manager.install_required_python
@@ -141,7 +128,6 @@ module Dependabot
 
       sig { params(package_manager: String, version: String).returns(T::Boolean) }
       def log_if_version_malformed(package_manager, version)
-        # logs warning if malformed version is found
         if version.match?(/^\d+(?:\.\d+)*$/)
           true
         else
@@ -152,7 +138,7 @@ module Dependabot
 
       sig { returns(String) }
       def python_raw_version
-        if Dependabot::Experiments.enabled?(:enable_file_parser_python_local)
+        if Experiments.enabled?(:enable_file_parser_python_local)
           Dependabot.logger.info("Detected python version: #{language_version_manager.python_version}")
           Dependabot.logger.info("Detected python major minor version: #{language_version_manager.python_major_minor}")
         end
@@ -173,17 +159,11 @@ module Dependabot
         )
       end
 
-      sig { returns(T::Array[Dependabot::DependencyFile]) }
+      sig { returns(T::Array[DependencyFile]) }
       def requirement_files
         dependency_files.select { |f| f.name.end_with?(".txt", ".in") }
       end
 
-      sig { returns(DependencySet) }
-      def pipenv_dependencies
-        @pipenv_dependencies ||= T.let(PipfileFilesParser.new(dependency_files:
-                                    dependency_files).dependency_set, T.nilable(DependencySet))
-      end
-
       sig { returns(DependencySet) }
       def pyproject_file_dependencies
         @pyproject_file_dependencies ||= T.let(PyprojectFilesParser.new(dependency_files:
@@ -194,8 +174,6 @@ module Dependabot
       def requirement_dependencies
         dependencies = DependencySet.new
         parsed_requirement_files.each do |dep|
-          # If a requirement has a `<`, `<=` or '==' marker then updating it is
-          # probably blocked. Ignore it.
           next if blocking_marker?(dep)
 
           name = dep["name"]
@@ -204,7 +182,7 @@ module Dependabot
           original_file = get_original_file(file)
 
           requirements =
-            if original_file && pip_compile_file_matcher.lockfile_for_pip_compile_file?(original_file) then []
+            if original_file && requirements_in_file_matcher.compiled_file?(original_file) then []
             else
               [{
                 requirement: dep["requirement"],
@@ -214,7 +192,7 @@ module Dependabot
               }]
             end
 
-          # PyYAML < 6.0 will cause `pip-compile` to fail due to incompatibility with Cython 3. Workaround it.
+          # PyYAML < 6.0 will cause `pip-compile` to fail due to incompatibility with Cython 3. Workaround it. PR #8189
           SharedHelpers.run_shell_command("pyenv exec pip install cython<3.0") if old_pyyaml?(name, version)
 
           dependencies <<
@@ -268,7 +246,6 @@ module Dependabot
       def marker_satisfied?(marker, python_version)
         conditions = marker.split(/\s+(and|or)\s+/)
 
-        # Explicitly define the type of result as T::Boolean
         result = T.let(evaluate_condition(conditions.shift, python_version), T::Boolean)
 
         until conditions.empty?
@@ -295,26 +272,20 @@ module Dependabot
 
         case operator
         when "<"
-          Dependabot::Uv::Version.new(python_version) < Dependabot::Uv::Version.new(version)
+          Version.new(python_version) < Version.new(version)
         when "<="
-          Dependabot::Uv::Version.new(python_version) <= Dependabot::Uv::Version.new(version)
+          Version.new(python_version) <= Version.new(version)
         when ">"
-          Dependabot::Uv::Version.new(python_version) > Dependabot::Uv::Version.new(version)
+          Version.new(python_version) > Version.new(version)
         when ">="
-          Dependabot::Uv::Version.new(python_version) >= Dependabot::Uv::Version.new(version)
+          Version.new(python_version) >= Version.new(version)
         when "=="
-          Dependabot::Uv::Version.new(python_version) == Dependabot::Uv::Version.new(version)
+          Version.new(python_version) == Version.new(version)
         else
           false
         end
       end
 
-      sig { returns(DependencySet) }
-      def setup_file_dependencies
-        @setup_file_dependencies ||= T.let(SetupFileParser.new(dependency_files: dependency_files)
-                                    .dependency_set, T.nilable(DependencySet))
-      end
-
       sig { returns(T.untyped) }
       def parsed_requirement_files
         SharedHelpers.in_a_temporary_directory do
@@ -333,7 +304,7 @@ module Dependabot
         evaluation_errors = REQUIREMENT_FILE_EVALUATION_ERRORS
         raise unless e.message.start_with?(*evaluation_errors)
 
-        raise Dependabot::DependencyFileNotEvaluatable, e.message
+        raise DependencyFileNotEvaluatable, e.message
       end
 
       sig { params(requirements: T.untyped).returns(T.untyped) }
@@ -341,18 +312,13 @@ module Dependabot
         requirements.each do |dep|
           next unless dep["requirement"]
 
-          Uv::Requirement.new(dep["requirement"].split(","))
+          Requirement.new(dep["requirement"].split(","))
         rescue Gem::Requirement::BadRequirementError => e
-          raise Dependabot::DependencyFileNotEvaluatable, e.message
+          raise DependencyFileNotEvaluatable, e.message
         end
       end
 
-      sig { returns(T::Boolean) }
-      def pipcompile_in_file
-        requirement_files.any? { |f| f.name.end_with?(PackageManager::MANIFEST_FILENAME) }
-      end
-
-      sig { returns(T::Array[Dependabot::DependencyFile]) }
+      sig { returns(T::Array[DependencyFile]) }
       def write_temporary_dependency_files
         dependency_files
           .reject { |f| f.name == ".python-version" }
@@ -382,53 +348,25 @@ module Dependabot
       def check_required_files
         filenames = dependency_files.map(&:name)
         return if filenames.any? { |name| name.end_with?(".txt", ".in") }
-        return if pipfile
         return if pyproject
-        return if setup_file
-        return if setup_cfg_file
 
         raise "Missing required files!"
       end
 
-      sig { returns(T.nilable(Dependabot::DependencyFile)) }
-      def pipfile
-        @pipfile ||= T.let(get_original_file("Pipfile"), T.nilable(Dependabot::DependencyFile))
-      end
-
-      sig { returns(T.nilable(Dependabot::DependencyFile)) }
-      def pipfile_lock
-        @pipfile_lock ||= T.let(get_original_file("Pipfile.lock"), T.nilable(Dependabot::DependencyFile))
-      end
-
-      sig { returns(T.nilable(Dependabot::DependencyFile)) }
+      sig { returns(T.nilable(DependencyFile)) }
       def pyproject
-        @pyproject ||= T.let(get_original_file("pyproject.toml"), T.nilable(Dependabot::DependencyFile))
-      end
-
-      sig { returns(T.nilable(Dependabot::DependencyFile)) }
-      def poetry_lock
-        @poetry_lock ||= T.let(get_original_file("poetry.lock"), T.nilable(Dependabot::DependencyFile))
-      end
-
-      sig { returns(T.nilable(Dependabot::DependencyFile)) }
-      def setup_file
-        @setup_file ||= T.let(get_original_file("setup.py"), T.nilable(Dependabot::DependencyFile))
-      end
-
-      sig { returns(T.nilable(Dependabot::DependencyFile)) }
-      def setup_cfg_file
-        @setup_cfg_file ||= T.let(get_original_file("setup.cfg"), T.nilable(Dependabot::DependencyFile))
+        @pyproject ||= T.let(get_original_file("pyproject.toml"), T.nilable(DependencyFile))
       end
 
-      sig { returns(T::Array[Dependabot::Uv::Requirement]) }
-      def pip_compile_files
-        @pip_compile_files ||= T.let(dependency_files.select { |f| f.name.end_with?(".in") }, T.untyped)
+      sig { returns(T::Array[Requirement]) }
+      def requirements_in_files
+        @requirements_in_files ||= T.let(dependency_files.select { |f| f.name.end_with?(".in") }, T.untyped)
       end
 
-      sig { returns(Dependabot::Uv::PipCompileFileMatcher) }
-      def pip_compile_file_matcher
-        @pip_compile_file_matcher ||= T.let(PipCompileFileMatcher.new(pip_compile_files),
-                                            T.nilable(Dependabot::Uv::PipCompileFileMatcher))
+      sig { returns(RequiremenstFileMatcher) }
+      def requirements_in_file_matcher
+        @requirements_in_file_matcher ||= T.let(RequiremenstFileMatcher.new(requirements_in_files),
+                                                T.nilable(RequiremenstFileMatcher))
       end
     end
   end

data/lib/dependabot/uv/{pip_compile_file_matcher.rb → requirements_file_matcher.rb}

@@ -3,16 +3,16 @@
 
 module Dependabot
   module Uv
-    class PipCompileFileMatcher
+    class RequiremenstFileMatcher
       extend T::Sig
 
-      sig { params(requirements_in_files: T::Array[Dependabot::Uv::Requirement]).void }
+      sig { params(requirements_in_files: T::Array[Requirement]).void }
       def initialize(requirements_in_files)
         @requirements_in_files = requirements_in_files
       end
 
-      sig { params(file: Dependabot::DependencyFile).returns(T::Boolean) }
-      def lockfile_for_pip_compile_file?(file)
+      sig { params(file: DependencyFile).returns(T::Boolean) }
+      def compiled_file?(file)
         return false unless requirements_in_files.any?
 
         name = file.name
@@ -26,7 +26,7 @@ module Dependabot
 
       private
 
-      sig { returns(T::Array[Dependabot::Uv::Requirement]) }
+      sig { returns(T::Array[Requirement]) }
       attr_reader :requirements_in_files
 
       sig { params(filename: T.any(String, Symbol)).returns(String) }

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-uv
 version: !ruby/object:Gem::Version
-  version: 0.299.1
+  version: 0.300.0
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-02-28 00:00:00.000000000 Z
+date: 2025-03-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.299.1
+        version: 0.300.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.299.1
+        version: 0.300.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -252,7 +252,6 @@ files:
 - lib/dependabot/uv/authed_url_builder.rb
 - lib/dependabot/uv/file_fetcher.rb
 - lib/dependabot/uv/file_parser.rb
-- lib/dependabot/uv/file_parser/pipfile_files_parser.rb
 - lib/dependabot/uv/file_parser/pyproject_files_parser.rb
 - lib/dependabot/uv/file_parser/python_requirement_parser.rb
 - lib/dependabot/uv/file_parser/setup_file_parser.rb
@@ -267,10 +266,10 @@ files:
 - lib/dependabot/uv/name_normaliser.rb
 - lib/dependabot/uv/native_helpers.rb
 - lib/dependabot/uv/package_manager.rb
-- lib/dependabot/uv/pip_compile_file_matcher.rb
 - lib/dependabot/uv/pipenv_runner.rb
 - lib/dependabot/uv/requirement.rb
 - lib/dependabot/uv/requirement_parser.rb
+- lib/dependabot/uv/requirements_file_matcher.rb
 - lib/dependabot/uv/update_checker.rb
 - lib/dependabot/uv/update_checker/index_finder.rb
 - lib/dependabot/uv/update_checker/latest_version_finder.rb
@@ -283,7 +282,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.299.1
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.300.0
 post_install_message:
 rdoc_options: []
 require_paths:

data/lib/dependabot/uv/file_parser/pipfile_files_parser.rb

@@ -1,192 +0,0 @@
-# typed: strict
-# frozen_string_literal: true
-
-require "toml-rb"
-
-require "dependabot/dependency"
-require "dependabot/file_parsers/base/dependency_set"
-require "dependabot/uv/file_parser"
-require "dependabot/errors"
-require "dependabot/uv/name_normaliser"
-
-module Dependabot
-  module Uv
-    class FileParser
-      class PipfileFilesParser
-        extend T::Sig
-        DEPENDENCY_GROUP_KEYS = T.let([
-          {
-            pipfile: "packages",
-            lockfile: "default"
-          },
-          {
-            pipfile: "dev-packages",
-            lockfile: "develop"
-          }
-        ].freeze, T::Array[T::Hash[Symbol, String]])
-
-        sig { params(dependency_files: T::Array[Dependabot::DependencyFile]).void }
-        def initialize(dependency_files:)
-          @dependency_files = dependency_files
-        end
-
-        sig { returns(Dependabot::FileParsers::Base::DependencySet) }
-        def dependency_set
-          dependency_set = Dependabot::FileParsers::Base::DependencySet.new
-
-          dependency_set += pipfile_dependencies
-          dependency_set += pipfile_lock_dependencies
-
-          dependency_set
-        end
-
-        private
-
-        sig { returns(T::Array[Dependabot::DependencyFile]) }
-        attr_reader :dependency_files
-
-        sig { returns(Dependabot::FileParsers::Base::DependencySet) }
-        def pipfile_dependencies
-          dependencies = Dependabot::FileParsers::Base::DependencySet.new
-
-          DEPENDENCY_GROUP_KEYS.each do |keys|
-            next unless parsed_pipfile[T.must(keys[:pipfile])]
-
-            parsed_pipfile[T.must(keys[:pipfile])].map do |dep_name, req|
-              group = keys[:lockfile]
-              next unless specifies_version?(req)
-              next if git_or_path_requirement?(req)
-              next if pipfile_lock && !dependency_version(dep_name, req, T.must(group))
-
-              # Empty requirements are not allowed in Dependabot::Dependency and
-              # equivalent to "*" (latest available version)
-              req = "*" if req == ""
-
-              dependencies <<
-                Dependency.new(
-                  name: normalised_name(dep_name),
-                  version: dependency_version(dep_name, req, T.must(group)),
-                  requirements: [{
-                    requirement: req.is_a?(String) ? req : req["version"],
-                    file: T.must(pipfile).name,
-                    source: nil,
-                    groups: [group]
-                  }],
-                  package_manager: "uv",
-                  metadata: { original_name: dep_name }
-                )
-            end
-          end
-
-          dependencies
-        end
-
-        # Create a DependencySet where each element has no requirement. Any
-        # requirements will be added when combining the DependencySet with
-        # other DependencySets.
-        sig { returns(Dependabot::FileParsers::Base::DependencySet) }
-        def pipfile_lock_dependencies
-          dependencies = Dependabot::FileParsers::Base::DependencySet.new
-          return dependencies unless pipfile_lock
-
-          DEPENDENCY_GROUP_KEYS.map { |h| h.fetch(:lockfile) }.each do |key|
-            next unless parsed_pipfile_lock[key]
-
-            parsed_pipfile_lock[key].each do |dep_name, details|
-              version = case details
-                        when String then details
-                        when Hash then details["version"]
-                        end
-              next unless version
-              next if git_or_path_requirement?(details)
-
-              dependencies <<
-                Dependency.new(
-                  name: dep_name,
-                  version: version&.gsub(/^===?/, ""),
-                  requirements: [],
-                  package_manager: "uv",
-                  subdependency_metadata: [{ production: key != "develop" }]
-                )
-            end
-          end
-
-          dependencies
-        end
-
-        sig do
-          params(dep_name: String, requirement: T.any(String, T::Hash[String, T.untyped]),
-                 group: String).returns(T.nilable(String))
-        end
-        def dependency_version(dep_name, requirement, group)
-          req = version_from_hash_or_string(requirement)
-
-          if pipfile_lock
-            details = parsed_pipfile_lock
-                      .dig(group, normalised_name(dep_name))
-
-            version = version_from_hash_or_string(details)
-            version&.gsub(/^===?/, "")
-          elsif T.must(req).start_with?("==") && !T.must(req).include?("*")
-            T.must(req).strip.gsub(/^===?/, "")
-          end
-        end
-
-        sig do
-          params(obj: T.any(String, NilClass, T::Array[String], T::Hash[String, T.untyped])).returns(T.nilable(String))
-        end
-        def version_from_hash_or_string(obj)
-          case obj
-          when String then obj.strip
-          when Hash then obj["version"]
-          end
-        end
-
-        sig { params(req: T.any(String, T::Hash[String, T.untyped])).returns(T.any(T::Boolean, NilClass, String)) }
-        def specifies_version?(req)
-          return true if req.is_a?(String)
-
-          req["version"]
-        end
-
-        sig { params(req: T.any(String, T::Hash[String, T.untyped])).returns(T::Boolean) }
-        def git_or_path_requirement?(req)
-          return false unless req.is_a?(Hash)
-
-          %w(git path).any? { |k| req.key?(k) }
-        end
-
-        sig { params(name: String, extras: T::Array[String]).returns(String) }
-        def normalised_name(name, extras = [])
-          NameNormaliser.normalise_including_extras(name, extras)
-        end
-
-        sig { returns(T::Hash[String, T.untyped]) }
-        def parsed_pipfile
-          @parsed_pipfile ||= T.let(TomlRB.parse(T.must(pipfile).content), T.nilable(T::Hash[String, T.untyped]))
-        rescue TomlRB::ParseError, TomlRB::ValueOverwriteError
-          raise Dependabot::DependencyFileNotParseable, T.must(pipfile).path
-        end
-
-        sig { returns(T::Hash[String, T.untyped]) }
-        def parsed_pipfile_lock
-          @parsed_pipfile_lock ||= T.let(JSON.parse(T.must(T.must(pipfile_lock).content)),
-                                         T.nilable(T::Hash[String, T.untyped]))
-        rescue JSON::ParserError
-          raise Dependabot::DependencyFileNotParseable, T.must(pipfile_lock).path
-        end
-
-        sig { returns(T.nilable(Dependabot::DependencyFile)) }
-        def pipfile
-          @pipfile ||= T.let(dependency_files.find { |f| f.name == "Pipfile" }, T.nilable(Dependabot::DependencyFile))
-        end
-
-        sig { returns(T.nilable(Dependabot::DependencyFile)) }
-        def pipfile_lock
-          @pipfile_lock ||= T.let(dependency_files.find { |f| f.name == "Pipfile.lock" },
-                                  T.nilable(Dependabot::DependencyFile))
-        end
-      end
-    end
-  end
-end