dependabot-uv 0.323.0 → 0.324.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/lib/parser.py +66 -20
  3. data/helpers/run.py +2 -2
  4. data/lib/dependabot/uv/file_parser/pyproject_files_parser.rb +11 -6
  5. data/lib/dependabot/uv/language.rb +5 -5
  6. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 22aed0a62e5ca457d4119f57d745684dd1a34c59b8a43221f129b47df14e22ab
4
- data.tar.gz: 58820ea5f761e188d8ab2dd46fc392b4425bfc2600e55be0ff02457416c59323
3
+ metadata.gz: 92b0138b2a802482348f4d0486e9dd5f48dfa8762d32f9495e01c10bcd05cdb8
4
+ data.tar.gz: f60d953ad7ceb7fa06dc74d82677fd43cf7425dd763a567c8161097bb388c82d
5
5
  SHA512:
6
- metadata.gz: 9974793010858cfd8d63aaf413b32ed50cd3c5d3fc4e2190c82b5d355b1e798878e254782c2b2217e0d1344a4336d7dc74826227ae07fd3d6898611ce00461f7
7
- data.tar.gz: 308081d1c876304cf522a4c09db5f13bb9b05182dbcb846adb0480cc370a9d864fe4695dc33683b8eca3c89003e4a003f45cab364439d064290ae601fa4c3763
6
+ metadata.gz: 270b22a94e3a16d3d5885ace094935c668f6a3c9608d0c185f4eb030629863efb03f6158cfaf67840e07d7011f361a0f60d04cae9bdef82397436c723fa2677b
7
+ data.tar.gz: 4cbc5d87ac6919a05159aca0c396b5688abbef23eb156cbfbc0380407066087b87a7a0105ad02fc1338ce18173656932e154eaf800b4c6377e9827110ebd0157
data/helpers/lib/parser.py CHANGED
@@ -23,33 +23,71 @@ import tomli
23
23
  COMMENT_RE = re.compile(r'(^|\s+)#.*$')
24
24
 
25
25
 
26
- def parse_pep621_dependencies(pyproject_path):
26
+ def parse_pep621_pep735_dependencies(pyproject_path):
27
27
  with open(pyproject_path, "rb") as file:
28
28
  project_toml = tomli.load(file)
29
29
 
30
+ def version_from_req(specifier_set):
31
+ if (len(specifier_set) == 1 and
32
+ next(iter(specifier_set)).operator in {"==", "==="}):
33
+ return next(iter(specifier_set)).version
34
+
35
+ def parse_requirement(entry, pyproject_path):
36
+ try:
37
+ req = Requirement(entry)
38
+ except InvalidRequirement as e:
39
+ print(json.dumps({"error": repr(e)}))
40
+ exit(1)
41
+ else:
42
+ data = {
43
+ "name": req.name,
44
+ "version": version_from_req(req.specifier),
45
+ "markers": str(req.marker) or None,
46
+ "file": pyproject_path,
47
+ "requirement": str(req.specifier),
48
+ "extras": sorted(list(req.extras)),
49
+ }
50
+ return data
51
+
30
52
  def parse_toml_section_pep621_dependencies(pyproject_path, dependencies):
31
53
  requirement_packages = []
32
54
 
33
- def version_from_req(specifier_set):
34
- if (len(specifier_set) == 1 and
35
- next(iter(specifier_set)).operator in {"==", "==="}):
36
- return next(iter(specifier_set)).version
37
-
38
55
  for dependency in dependencies:
39
- try:
40
- req = Requirement(dependency)
41
- except InvalidRequirement as e:
42
- print(json.dumps({"error": repr(e)}))
43
- exit(1)
44
- else:
45
- requirement_packages.append({
46
- "name": req.name,
47
- "version": version_from_req(req.specifier),
48
- "markers": str(req.marker) or None,
49
- "file": pyproject_path,
50
- "requirement": str(req.specifier),
51
- "extras": sorted(list(req.extras))
52
- })
56
+ parsed_dependency = parse_requirement(dependency, pyproject_path)
57
+ requirement_packages.append(parsed_dependency)
58
+
59
+ return requirement_packages
60
+
61
+ def parse_toml_section_pep735_dependencies(
62
+ pyproject_path,
63
+ dependency_groups,
64
+ group_name,
65
+ visited=None,
66
+ ):
67
+ requirement_packages = []
68
+ visited = visited or set()
69
+
70
+ if group_name in visited:
71
+ return requirement_packages
72
+
73
+ visited.add(group_name)
74
+ dependencies = dependency_groups.get(group_name, [])
75
+ for entry in dependencies:
76
+ # Handle direct requirement
77
+ if isinstance(entry, str):
78
+ parsed_dependency = parse_requirement(entry, pyproject_path)
79
+ requirement_packages.append(parsed_dependency)
80
+ # Handle include-group directive
81
+ elif isinstance(entry, dict) and "include-group" in entry:
82
+ included_group = entry["include-group"]
83
+ requirement_packages.extend(
84
+ parse_toml_section_pep735_dependencies(
85
+ pyproject_path,
86
+ dependency_groups,
87
+ included_group,
88
+ visited
89
+ )
90
+ )
53
91
 
54
92
  return requirement_packages
55
93
 
@@ -77,6 +115,14 @@ def parse_pep621_dependencies(pyproject_path):
77
115
  )
78
116
  dependencies.extend(group_dependencies)
79
117
 
118
+ if 'dependency-groups' in project_toml:
119
+ dependency_groups = project_toml['dependency-groups']
120
+ for group_name in dependency_groups:
121
+ group_dependencies = parse_toml_section_pep735_dependencies(
122
+ pyproject_path, dependency_groups, group_name
123
+ )
124
+ dependencies.extend(group_dependencies)
125
+
80
126
  if 'build-system' in project_toml:
81
127
  build_system_section = project_toml['build-system']
82
128
  if 'requires' in build_system_section:
data/helpers/run.py CHANGED
@@ -12,8 +12,8 @@ if __name__ == "__main__":
12
12
  print(parser.parse_requirements(args["args"][0]))
13
13
  elif args["function"] == "parse_setup":
14
14
  print(parser.parse_setup(args["args"][0]))
15
- elif args["function"] == "parse_pep621_dependencies":
16
- print(parser.parse_pep621_dependencies(args["args"][0]))
15
+ elif args["function"] == "parse_pep621_pep735_dependencies":
16
+ print(parser.parse_pep621_pep735_dependencies(args["args"][0]))
17
17
  elif args["function"] == "get_dependency_hash":
18
18
  print(hasher.get_dependency_hash(*args["args"]))
19
19
  elif args["function"] == "get_pipfile_hash":
data/lib/dependabot/uv/file_parser/pyproject_files_parser.rb CHANGED
@@ -29,7 +29,7 @@ module Dependabot
29
29
  def dependency_set
30
30
  dependency_set = Dependabot::FileParsers::Base::DependencySet.new
31
31
 
32
- dependency_set += pyproject_dependencies if using_poetry? || using_pep621?
32
+ dependency_set += pyproject_dependencies if using_poetry? || using_pep621? || using_pep735?
33
33
  dependency_set += lockfile_dependencies if using_poetry? && lockfile
34
34
 
35
35
  dependency_set
@@ -45,7 +45,7 @@ module Dependabot
45
45
  if using_poetry?
46
46
  poetry_dependencies
47
47
  else
48
- pep621_dependencies
48
+ pep621_pep735_dependencies
49
49
  end
50
50
  end
51
51
 
@@ -71,7 +71,7 @@ module Dependabot
71
71
  end
72
72
 
73
73
  sig { returns(Dependabot::FileParsers::Base::DependencySet) }
74
- def pep621_dependencies
74
+ def pep621_pep735_dependencies
75
75
  dependencies = Dependabot::FileParsers::Base::DependencySet.new
76
76
 
77
77
  # PDM is not yet supported, so we want to ignore it for now because in
@@ -80,7 +80,7 @@ module Dependabot
80
80
  # undesirable. Leave PDM alone until properly supported
81
81
  return dependencies if using_pdm?
82
82
 
83
- parsed_pep621_dependencies.each do |dep|
83
+ parse_pep621_pep735_dependencies.each do |dep|
84
84
  # If a requirement has a `<` or `<=` marker then updating it is
85
85
  # probably blocked. Ignore it.
86
86
  next if dep["markers"].include?("<")
@@ -177,6 +177,11 @@ module Dependabot
177
177
  parsed_pyproject.dig("tool", "poetry")
178
178
  end
179
179
 
180
+ sig { returns(T::Boolean) }
181
+ def using_pep735?
182
+ parsed_pyproject.key?("dependency-groups")
183
+ end
184
+
180
185
  sig { returns(T.untyped) }
181
186
  def using_pdm?
182
187
  using_pep621? && pdm_lock
@@ -287,13 +292,13 @@ module Dependabot
287
292
  end
288
293
 
289
294
  sig { returns(T.untyped) }
290
- def parsed_pep621_dependencies
295
+ def parse_pep621_pep735_dependencies
291
296
  SharedHelpers.in_a_temporary_directory do
292
297
  write_temporary_pyproject
293
298
 
294
299
  SharedHelpers.run_helper_subprocess(
295
300
  command: "pyenv exec python3 #{NativeHelpers.python_helper_path}",
296
- function: "parse_pep621_dependencies",
301
+ function: "parse_pep621_pep735_dependencies",
297
302
  args: [T.must(pyproject).name]
298
303
  )
299
304
  end
data/lib/dependabot/uv/language.rb CHANGED
@@ -15,11 +15,11 @@ module Dependabot
15
15
  # ARG PY_3_13=3.13.2
16
16
  # When updating this list, also update python/lib/dependabot/python/language.rb
17
17
  PRE_INSTALLED_PYTHON_VERSIONS_RAW = %w(
18
- 3.13.3
19
- 3.12.10
20
- 3.11.12
21
- 3.10.17
22
- 3.9.22
18
+ 3.13.5
19
+ 3.12.11
20
+ 3.11.13
21
+ 3.10.18
22
+ 3.9.23
23
23
  ).freeze
24
24
 
25
25
  PRE_INSTALLED_PYTHON_VERSIONS = T.let(PRE_INSTALLED_PYTHON_VERSIONS_RAW.map do |v|
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-uv
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.323.0
4
+ version: 0.324.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -15,14 +15,14 @@ dependencies:
15
15
  requirements:
16
16
  - - '='
17
17
  - !ruby/object:Gem::Version
18
- version: 0.323.0
18
+ version: 0.324.0
19
19
  type: :runtime
20
20
  prerelease: false
21
21
  version_requirements: !ruby/object:Gem::Requirement
22
22
  requirements:
23
23
  - - '='
24
24
  - !ruby/object:Gem::Version
25
- version: 0.323.0
25
+ version: 0.324.0
26
26
  - !ruby/object:Gem::Dependency
27
27
  name: debug
28
28
  requirement: !ruby/object:Gem::Requirement
@@ -284,7 +284,7 @@ licenses:
284
284
  - MIT
285
285
  metadata:
286
286
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
287
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.323.0
287
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.324.0
288
288
  rdoc_options: []
289
289
  require_paths:
290
290
  - lib