RubyGems - dependabot-uv - Versions diffs - 0.359.0 → 0.360.0 - Mend

dependabot-uv 0.359.0 → 0.360.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/lib/dependabot/uv/file_fetcher/workspace_fetcher.rb +1 -1
data/lib/dependabot/uv/file_fetcher.rb +3 -3
data/lib/dependabot/uv/file_updater/lock_file_error_handler.rb +205 -0
data/lib/dependabot/uv/file_updater/lock_file_updater.rb +12 -21
metadata +7 -6

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8bc8c19bc20841bbc8a91cdae65e58197a771c23668ac5907539369007671015
-  data.tar.gz: 5cd07c0084c8d303ffa2354338b378ae0fd180d89a0970b52b37d66d9b8775c8
+  metadata.gz: 9ac9ccc655f8d74cd2b9ffc95c37a012bd74815ddc749117a241b1e200bfd4e7
+  data.tar.gz: a28f399323f96cd94c42b9095daa1e92bc411168eb7b35ef01a7931bddc5e459
 SHA512:
-  metadata.gz: 4c5648e2680e9020e88e446ea53d96d27ebbe664ded8c689c1174c72c694ede6510bad040b2a27c3e831662d4e5edf2956cd6a11ab2c2aedfabc379c6c59b083
-  data.tar.gz: d4e86f346d77bca9ebc40a729cab00822647880b4ffe2c18eadeb9a6be7e064b9b50aca14baf69e1c8cb13c0aec30598c5eb5ce1b7e1de084c779dfab242c150
+  metadata.gz: c434e3666e41e2f75cb4be56e13a9f005c8594a16e288405b0c0f234f95b4ce4a95a75d1abae351dfd5f28802ed856fdfccabecc564c94ea1bdadb29c8e4d23f
+  data.tar.gz: f520f88f03625f96260672f413dcb42400a0e468f6015aa9074dba07cdadda29e8961e0eb87dc85f327d1ad4ec2ec9acbf34fc745fbe4ff25298cb6d6d3b0b0d

data/lib/dependabot/uv/file_fetcher/workspace_fetcher.rb CHANGED Viewed

@@ -321,7 +321,7 @@ module Dependabot
           params(
             dir: T.nilable(String),
             raise_errors: T::Boolean
-          ).returns(T::Array[OpenStruct])
+          ).returns(T::Array[Dependabot::FileFetchers::RepositoryContent])
         end
         def repo_contents(dir: nil, raise_errors: true)
           @file_fetcher.send(:repo_contents, dir: dir, raise_errors: raise_errors)

data/lib/dependabot/uv/file_fetcher.rb CHANGED Viewed

@@ -272,11 +272,11 @@ module Dependabot
         @req_txt_and_in_files
       end
-      sig { params(requirements_dir: OpenStruct).returns(T::Array[Dependabot::DependencyFile]) }
+      sig { params(requirements_dir: Dependabot::FileFetchers::RepositoryContent).returns(T::Array[Dependabot::DependencyFile]) }
       def req_files_for_dir(requirements_dir)
         dir = directory.gsub(%r{(^/|/$)}, "")
         relative_reqs_dir =
-          T.unsafe(requirements_dir).path.gsub(%r{^/?#{Regexp.escape(dir)}/?}, "")
+          requirements_dir.path&.gsub(%r{^/?#{Regexp.escape(dir)}/?}, "")
         fetch_requirement_files_from_path(relative_reqs_dir)
       end
@@ -327,7 +327,7 @@ module Dependabot
       sig do
         params(
-          contents: T::Array[OpenStruct],
+          contents: T::Array[Dependabot::FileFetchers::RepositoryContent],
           base_path: T.nilable(T.any(Pathname, String))
         ).returns(T::Array[Dependabot::DependencyFile])
       end

data/lib/dependabot/uv/file_updater/lock_file_error_handler.rb ADDED Viewed

@@ -0,0 +1,205 @@
+# typed: strict
+# frozen_string_literal: true
+require "dependabot/errors"
+require "dependabot/utils"
+require "dependabot/uv/file_updater"
+module Dependabot
+  module Uv
+    class FileUpdater < Dependabot::FileUpdaters::Base
+      class LockFileErrorHandler
+        extend T::Sig
+        UV_UNRESOLVABLE_REGEX = T.let(/× No solution found when resolving dependencies.*[\s\S]*$/, Regexp)
+        UV_BUILD_FAILED_REGEX = T.let(/× Failed to build.*[\s\S]*$/, Regexp)
+        RESOLUTION_IMPOSSIBLE_ERROR = T.let("ResolutionImpossible", String)
+        GIT_DEPENDENCY_UNREACHABLE_REGEX = T.let(%r{git clone.*(?<url>https?://[^\s]+)}, Regexp)
+        GIT_REFERENCE_NOT_FOUND_REGEX = T.let(
+          /Did not find branch or tag '(?<tag>[^\n"']+)'/m,
+          Regexp
+        )
+        PYTHON_VERSION_ERROR_REGEX = T.let(
+          /Requires-Python|requires-python|python_requires|Python version/i,
+          Regexp
+        )
+        AUTH_ERROR_REGEX = T.let(
+          /401|403|authentication|unauthorized|forbidden|HTTP status code: 40[13]/i,
+          Regexp
+        )
+        TIMEOUT_ERROR_REGEX = T.let(
+          /timed?\s*out|connection.*reset|read timeout|connect timeout/i,
+          Regexp
+        )
+        NETWORK_ERROR_REGEX = T.let(
+          /ConnectionError|NetworkError|SSLError|certificate verify failed/i,
+          Regexp
+        )
+        PACKAGE_NOT_FOUND_REGEX = T.let(
+          /No matching distribution found|package.*not found|No versions found/i,
+          Regexp
+        )
+        UV_REQUIRED_VERSION_REGEX = T.let(
+          /Required uv version `(?<required>[^`]+)` does not match the running version `(?<running>[^`]+)`/,
+          Regexp
+        )
+        # Maximum number of lines to include in cleaned error messages.
+        # This limit ensures error messages remain readable while providing enough
+        # context for debugging. Most uv error messages convey the key information
+        # within the first few lines.
+        MAX_ERROR_LINES = T.let(10, Integer)
+        sig { params(error: SharedHelpers::HelperSubprocessFailed).returns(T.noreturn) }
+        def handle_uv_error(error)
+          message = error.message
+          handle_required_version_errors(message)
+          handle_resolution_errors(message)
+          handle_git_errors(message)
+          handle_authentication_errors(message)
+          handle_network_errors(message)
+          handle_python_version_errors(message)
+          handle_resource_errors(message)
+          handle_package_not_found_errors(message)
+          raise error
+        end
+        private
+        sig { params(message: String).void }
+        def handle_required_version_errors(message)
+          return unless (version_match = message.match(UV_REQUIRED_VERSION_REGEX))
+          raise Dependabot::ToolVersionNotSupported.new(
+            "uv",
+            T.must(version_match[:required]),
+            T.must(version_match[:running])
+          )
+        end
+        sig { params(message: String).void }
+        def handle_resolution_errors(message)
+          return unless message.include?("No solution found when resolving dependencies") ||
+                        message.include?("Failed to build") ||
+                        message.include?(RESOLUTION_IMPOSSIBLE_ERROR)
+          match_unresolvable = message.scan(UV_UNRESOLVABLE_REGEX).last
+          match_build_failed = message.scan(UV_BUILD_FAILED_REGEX).last
+          if match_unresolvable
+            formatted_error = extract_match_string(match_unresolvable) || message
+            conflicting_deps = extract_conflicting_dependencies(formatted_error)
+            raise Dependabot::UpdateNotPossible, conflicting_deps if conflicting_deps.any?
+            raise Dependabot::DependencyFileNotResolvable, formatted_error
+          end
+          formatted_error = extract_match_string(match_build_failed) || message
+          raise Dependabot::DependencyFileNotResolvable, formatted_error
+        end
+        sig { params(error_message: String).returns(T::Array[String]) }
+        def extract_conflicting_dependencies(error_message)
+          # Extract conflicting dependency names from the error message
+          # Pattern: "Because <pkg>==<ver> depends on <dep>>=<ver> and your project depends on <dep>==<ver>"
+          normalized_message = error_message.gsub(/\s+/, " ")
+          conflict_pattern = /Because (\S+)==\S+ depends on (\S+)[><=!]+\S+ and your project depends on \2==\S+/
+          match = normalized_message.match(conflict_pattern)
+          return [] unless match
+          [T.must(match[1]), T.must(match[2])].uniq
+        end
+        sig { params(message: String).void }
+        def handle_git_errors(message)
+          if (match = message.match(GIT_REFERENCE_NOT_FOUND_REGEX))
+            tag = match.named_captures.fetch("tag")
+            raise Dependabot::GitDependencyReferenceNotFound, "(unknown package at #{tag})"
+          end
+          return unless (match = message.match(GIT_DEPENDENCY_UNREACHABLE_REGEX))
+          url = match.named_captures.fetch("url")
+          raise Dependabot::GitDependenciesNotReachable, T.must(url)
+        end
+        sig { params(message: String).void }
+        def handle_authentication_errors(message)
+          return unless message.match?(AUTH_ERROR_REGEX)
+          source = extract_source_from_message(message)
+          raise Dependabot::PrivateSourceAuthenticationFailure, source
+        end
+        sig { params(message: String).void }
+        def handle_network_errors(message)
+          if message.match?(TIMEOUT_ERROR_REGEX)
+            source = extract_source_from_message(message)
+            raise Dependabot::PrivateSourceTimedOut, source
+          end
+          return unless message.match?(NETWORK_ERROR_REGEX)
+          source = extract_source_from_message(message)
+          if message.include?("certificate verify failed") || message.include?("SSLError")
+            raise Dependabot::PrivateSourceCertificateFailure, source
+          end
+          raise Dependabot::DependencyFileNotResolvable,
+                "Network error while resolving dependencies: #{clean_error_message(message)}"
+        end
+        sig { params(message: String).void }
+        def handle_python_version_errors(message)
+          return unless message.match?(PYTHON_VERSION_ERROR_REGEX)
+          raise Dependabot::DependencyFileNotResolvable,
+                "Python version incompatibility: #{clean_error_message(message)}"
+        end
+        sig { params(message: String).void }
+        def handle_resource_errors(message)
+          raise Dependabot::OutOfDisk if message.include?("[Errno 28] No space left on device")
+          raise Dependabot::OutOfMemory if message.include?("MemoryError")
+        end
+        sig { params(message: String).void }
+        def handle_package_not_found_errors(message)
+          return unless message.match?(PACKAGE_NOT_FOUND_REGEX)
+          raise Dependabot::DependencyFileNotResolvable, clean_error_message(message)
+        end
+        sig { params(match: T.untyped).returns(T.nilable(String)) }
+        def extract_match_string(match)
+          return nil unless match
+          match.is_a?(Array) ? match.join : match.to_s
+        end
+        sig { params(message: String).returns(String) }
+        def extract_source_from_message(message)
+          urls = URI.extract(message, %w(http https))
+          return T.must(urls.first).gsub(%r{/$}, "") if urls.any?
+          "private source"
+        end
+        sig { params(message: String).returns(String) }
+        def clean_error_message(message)
+          message
+            .gsub(/#{Regexp.escape(Utils::BUMP_TMP_DIR_PATH)}[^\s]*/o, "")
+            .lines
+            .reject { |line| line.strip.empty? }
+            .first(MAX_ERROR_LINES)
+            .join
+            .strip
+        end
+      end
+    end
+  end
+end

data/lib/dependabot/uv/file_updater/lock_file_updater.rb CHANGED Viewed

@@ -23,12 +23,17 @@ module Dependabot
         require_relative "pyproject_preparer"
         require_relative "version_config_parser"
+        require_relative "lock_file_error_handler"
         REQUIRED_FILES = %w(pyproject.toml uv.lock).freeze # At least one of these files should be present
         UV_UNRESOLVABLE_REGEX = T.let(/× No solution found when resolving dependencies.*[\s\S]*$/, Regexp)
         RESOLUTION_IMPOSSIBLE_ERROR = T.let("ResolutionImpossible", String)
         UV_BUILD_FAILED_REGEX = T.let(/× Failed to build.*[\s\S]*$/, Regexp)
+        UV_REQUIRED_VERSION_REGEX = T.let(
+          /Required uv version `(?<required>[^`]+)` does not match the running version `(?<running>[^`]+)`/,
+          Regexp
+        )
         sig { returns(T::Array[Dependency]) }
         attr_reader :dependencies
@@ -262,25 +267,7 @@ module Dependabot
             end
           end
         rescue SharedHelpers::HelperSubprocessFailed => e
-          handle_uv_error(e)
-        end
-        sig do
-          params(
-            error: SharedHelpers::HelperSubprocessFailed
-          )
-            .returns(T.noreturn)
-        end
-        def handle_uv_error(error)
-          error_message = error.message
-          if resolution_error?(error_message)
-            handle_resolution_error(error_message)
-          elsif error_message.include?(RESOLUTION_IMPOSSIBLE_ERROR)
-            raise Dependabot::DependencyFileNotResolvable, error_message
-          else
-            raise error
-          end
+          error_handler.handle_uv_error(e)
         end
         sig { params(error_message: String).returns(T::Boolean) }
@@ -317,8 +304,12 @@ module Dependabot
           match = normalized_message.match(conflict_pattern)
           return [] unless match
-          # Return both the package being updated and the blocking dependency
-          [match[1], match[2]].compact
+          [T.must(match[1]), T.must(match[2])].uniq
+        end
+        sig { returns(LockFileErrorHandler) }
+        def error_handler
+          @error_handler ||= T.let(LockFileErrorHandler.new, T.nilable(LockFileErrorHandler))
         end
         sig { returns(T.nilable(String)) }

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-uv
 version: !ruby/object:Gem::Version
-  version: 0.359.0
+  version: 0.360.0
 platform: ruby
 authors:
 - Dependabot
@@ -15,28 +15,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.359.0
+        version: 0.360.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.359.0
+        version: 0.360.0
 - !ruby/object:Gem::Dependency
   name: dependabot-python
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.359.0
+        version: 0.360.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.359.0
+        version: 0.360.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -270,6 +270,7 @@ files:
 - lib/dependabot/uv/file_parser/python_requirement_parser.rb
 - lib/dependabot/uv/file_updater.rb
 - lib/dependabot/uv/file_updater/compile_file_updater.rb
+- lib/dependabot/uv/file_updater/lock_file_error_handler.rb
 - lib/dependabot/uv/file_updater/lock_file_updater.rb
 - lib/dependabot/uv/file_updater/pyproject_preparer.rb
 - lib/dependabot/uv/file_updater/requirement_file_updater.rb
@@ -298,7 +299,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.359.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.360.0
 rdoc_options: []
 require_paths:
 - lib