RubyGems - dependabot-uv - Versions diffs - 0.361.1 → 0.361.2 - Mend

dependabot-uv 0.361.1 → 0.361.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/lib/dependabot/uv/file_updater/compile_file_updater.rb +8 -2
data/lib/dependabot/uv/file_updater/lock_file_error_handler.rb +125 -6
data/lib/dependabot/uv/file_updater/lock_file_updater.rb +0 -45
data/lib/dependabot/uv/update_checker/pip_compile_version_resolver.rb +28 -0
metadata +6 -6

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f865148cffa8d91b9ba83af41241852f7b98c3da1b07584e88bc5c6549f53c58
-  data.tar.gz: a28f399323f96cd94c42b9095daa1e92bc411168eb7b35ef01a7931bddc5e459
+  metadata.gz: a7e6fc7ea7c65eda2ec37cb76fc3069372232587e8bab6e0b66905d6703086c2
+  data.tar.gz: a59ef842182d8f30f194f1a7303aa55b1740753e7f64d4ccf5e07a29abd91861
 SHA512:
-  metadata.gz: d161b78f65db1f90cea84951489430a03f7f025ae5011521fa0667dd19e17f2b5b4a120831e413ece2d6e23a7129e5fdb68553cc1355de1bdc323e0e4704b964
-  data.tar.gz: f520f88f03625f96260672f413dcb42400a0e468f6015aa9074dba07cdadda29e8961e0eb87dc85f327d1ad4ec2ec9acbf34fc745fbe4ff25298cb6d6d3b0b0d
+  metadata.gz: 6d1fe91ffcd369acdcf37f8b7cdce64f8d2f1cce66a8fcf4033015ea157124d4dca96dc28fd346a1d6291aeb64fbf2bb6a4b38d9d32e674cd613558e73dcd0e5
+  data.tar.gz: 01a78ecaf7d193113aaf76bcabbbca7888ab9666ea30cae81cb40b0368f24eb3109c63e328c6e3262df1bf64c3f0502ebfed3452e759129cc78da2304edbd878

data/lib/dependabot/uv/file_updater/compile_file_updater.rb CHANGED Viewed

@@ -24,6 +24,7 @@ module Dependabot
         require_relative "requirement_replacer"
         require_relative "requirement_file_updater"
+        require_relative "lock_file_error_handler"
         UNSAFE_PACKAGES = T.let(%w(setuptools distribute pip).freeze, T::Array[String])
         INCOMPATIBLE_VERSIONS_REGEX = T.let(
@@ -154,7 +155,7 @@ module Dependabot
             retry
           end
-          raise
+          error_handler.handle_uv_error(e)
         end
         sig { params(error: SharedHelpers::HelperSubprocessFailed).returns(T::Boolean) }
@@ -228,7 +229,7 @@ module Dependabot
             raise DependencyFileNotResolvable, stdout.match(INCOMPATIBLE_VERSIONS_REGEX)
           end
-          raise
+          error_handler.handle_uv_error(e)
         end
         sig { params(command: String, fingerprint: String, allow_unsafe_shell_command: T::Boolean).returns(String) }
@@ -261,6 +262,11 @@ module Dependabot
           env
         end
+        sig { returns(LockFileErrorHandler) }
+        def error_handler
+          @error_handler ||= T.let(LockFileErrorHandler.new, T.nilable(LockFileErrorHandler))
+        end
         sig { void }
         def write_updated_dependency_files
           dependency_files.each do |file|

data/lib/dependabot/uv/file_updater/lock_file_error_handler.rb CHANGED Viewed

@@ -20,12 +20,20 @@ module Dependabot
           /Did not find branch or tag '(?<tag>[^\n"']+)'/m,
           Regexp
         )
+        GIT_CREDENTIALS_ERROR_REGEX = T.let(
+          /could not read Username for '(?<url>[^']+)'/,
+          Regexp
+        )
+        GIT_DEPENDENCY_URL_FROM_UV_REGEX = T.let(
+          %r{git\+(?<url>https?://[^\s@#]+)},
+          Regexp
+        )
         PYTHON_VERSION_ERROR_REGEX = T.let(
           /Requires-Python|requires-python|python_requires|Python version/i,
           Regexp
         )
         AUTH_ERROR_REGEX = T.let(
-          /401|403|authentication|unauthorized|forbidden|HTTP status code: 40[13]/i,
+          /authentication|unauthorized|forbidden|HTTP status code: 40[13]/i,
           Regexp
         )
         TIMEOUT_ERROR_REGEX = T.let(
@@ -33,7 +41,15 @@ module Dependabot
           Regexp
         )
         NETWORK_ERROR_REGEX = T.let(
-          /ConnectionError|NetworkError|SSLError|certificate verify failed/i,
+          Regexp.union(
+            /ConnectionError/i,
+            /NetworkError/i,
+            /SSLError/i,
+            /certificate verify failed/i,
+            /connection refused/i,
+            /dns.*failed/i,
+            /error sending request/i
+          ),
           Regexp
         )
         PACKAGE_NOT_FOUND_REGEX = T.let(
@@ -44,6 +60,36 @@ module Dependabot
           /Required uv version `(?<required>[^`]+)` does not match the running version `(?<running>[^`]+)`/,
           Regexp
         )
+        TOML_PARSE_ERROR_REGEX = T.let(
+          /Failed to parse:?\s*`?(?<file>[^`\n]+\.toml)`?|TOML parse error/i,
+          Regexp
+        )
+        PYPROJECT_SCHEMA_ERROR_REGEX = T.let(
+          /missing field `project`|missing.*\[project\].*table|Field `project\.name` is required/i,
+          Regexp
+        )
+        WORKSPACE_MEMBER_ERROR_REGEX = T.let(
+          /Failed to find workspace member|No `pyproject\.toml` found in workspace member/i,
+          Regexp
+        )
+        PATH_DEPENDENCY_ERROR_REGEX = T.let(
+          /Failed to read `(?<path>[^`]+)`|failed to read from file `(?<path>[^`]+)`/i,
+          Regexp
+        )
+        HTTP_STATUS_ERROR_REGEX = T.let(
+          /HTTP status code: (?<code>\d{3})/i,
+          Regexp
+        )
+        UV_MISCONFIGURED_REGEX = T.let(
+          Regexp.union(
+            /unknown field `[^`]+`, expected one of/i,
+            /Unrecognized.*value:/i,
+            /URL scheme `[^`]+` is not supported/i,
+            /Failed to parse URL/i,
+            /the argument '--[^']+' cannot be used/i
+          ),
+          Regexp
+        )
         # Maximum number of lines to include in cleaned error messages.
         # This limit ensures error messages remain readable while providing enough
@@ -56,6 +102,7 @@ module Dependabot
           message = error.message
           handle_required_version_errors(message)
+          handle_pyproject_errors(message)
           handle_resolution_errors(message)
           handle_git_errors(message)
           handle_authentication_errors(message)
@@ -80,6 +127,53 @@ module Dependabot
           )
         end
+        sig { params(message: String).void }
+        def handle_pyproject_errors(message)
+          handle_toml_parse_errors(message)
+          handle_pyproject_schema_errors(message)
+          handle_workspace_member_errors(message)
+          handle_path_dependency_errors(message)
+          handle_uv_misconfiguration_errors(message)
+        end
+        sig { params(message: String).void }
+        def handle_toml_parse_errors(message)
+          return unless message.match?(TOML_PARSE_ERROR_REGEX)
+          match = message.match(TOML_PARSE_ERROR_REGEX)
+          file_path = match&.named_captures&.fetch("file", nil) || "pyproject.toml"
+          raise Dependabot::DependencyFileNotParseable, file_path
+        end
+        sig { params(message: String).void }
+        def handle_pyproject_schema_errors(message)
+          return unless message.match?(PYPROJECT_SCHEMA_ERROR_REGEX)
+          raise Dependabot::DependencyFileNotParseable, "pyproject.toml"
+        end
+        sig { params(message: String).void }
+        def handle_workspace_member_errors(message)
+          return unless message.match?(WORKSPACE_MEMBER_ERROR_REGEX)
+          raise Dependabot::DependencyFileNotResolvable, clean_error_message(message)
+        end
+        sig { params(message: String).void }
+        def handle_path_dependency_errors(message)
+          return unless (match = message.match(PATH_DEPENDENCY_ERROR_REGEX))
+          path = match.named_captures.fetch("path")
+          raise Dependabot::PathDependenciesNotReachable, T.must(path)
+        end
+        sig { params(message: String).void }
+        def handle_uv_misconfiguration_errors(message)
+          return unless message.match?(UV_MISCONFIGURED_REGEX)
+          raise Dependabot::MisconfiguredTooling.new("uv", clean_error_message(message))
+        end
         sig { params(message: String).void }
         def handle_resolution_errors(message)
           return unless message.include?("No solution found when resolving dependencies") ||
@@ -103,8 +197,6 @@ module Dependabot
         sig { params(error_message: String).returns(T::Array[String]) }
         def extract_conflicting_dependencies(error_message)
-          # Extract conflicting dependency names from the error message
-          # Pattern: "Because <pkg>==<ver> depends on <dep>>=<ver> and your project depends on <dep>==<ver>"
           normalized_message = error_message.gsub(/\s+/, " ")
           conflict_pattern = /Because (\S+)==\S+ depends on (\S+)[><=!]+\S+ and your project depends on \2==\S+/
@@ -121,12 +213,26 @@ module Dependabot
             raise Dependabot::GitDependencyReferenceNotFound, "(unknown package at #{tag})"
           end
-          return unless (match = message.match(GIT_DEPENDENCY_UNREACHABLE_REGEX))
+          if (match = message.match(GIT_DEPENDENCY_UNREACHABLE_REGEX))
+            url = match.named_captures.fetch("url")
+            raise Dependabot::GitDependenciesNotReachable, T.must(url)
+          end
+          return unless message.match?(GIT_CREDENTIALS_ERROR_REGEX)
-          url = match.named_captures.fetch("url")
+          url = extract_git_url_from_message(message)
           raise Dependabot::GitDependenciesNotReachable, T.must(url)
         end
+        sig { params(message: String).returns(T.nilable(String)) }
+        def extract_git_url_from_message(message)
+          if (url_match = message.match(GIT_DEPENDENCY_URL_FROM_UV_REGEX))
+            return url_match.named_captures.fetch("url")
+          end
+          message.match(GIT_CREDENTIALS_ERROR_REGEX)&.named_captures&.fetch("url")
+        end
         sig { params(message: String).void }
         def handle_authentication_errors(message)
           return unless message.match?(AUTH_ERROR_REGEX)
@@ -137,6 +243,8 @@ module Dependabot
         sig { params(message: String).void }
         def handle_network_errors(message)
+          handle_http_status_errors(message)
           if message.match?(TIMEOUT_ERROR_REGEX)
             source = extract_source_from_message(message)
             raise Dependabot::PrivateSourceTimedOut, source
@@ -153,6 +261,17 @@ module Dependabot
                 "Network error while resolving dependencies: #{clean_error_message(message)}"
         end
+        sig { params(message: String).void }
+        def handle_http_status_errors(message)
+          return unless (match = message.match(HTTP_STATUS_ERROR_REGEX))
+          code = match.named_captures.fetch("code").to_i
+          source = extract_source_from_message(message)
+          return if code >= 400 && code < 404 # already handled by AUTH_ERROR_REGEX
+          raise Dependabot::PrivateSourceBadResponse, source if code >= 400
+        end
         sig { params(message: String).void }
         def handle_python_version_errors(message)
           return unless message.match?(PYTHON_VERSION_ERROR_REGEX)

data/lib/dependabot/uv/file_updater/lock_file_updater.rb CHANGED Viewed

@@ -27,14 +27,6 @@ module Dependabot
         REQUIRED_FILES = %w(pyproject.toml uv.lock).freeze # At least one of these files should be present
-        UV_UNRESOLVABLE_REGEX = T.let(/× No solution found when resolving dependencies.*[\s\S]*$/, Regexp)
-        RESOLUTION_IMPOSSIBLE_ERROR = T.let("ResolutionImpossible", String)
-        UV_BUILD_FAILED_REGEX = T.let(/× Failed to build.*[\s\S]*$/, Regexp)
-        UV_REQUIRED_VERSION_REGEX = T.let(
-          /Required uv version `(?<required>[^`]+)` does not match the running version `(?<running>[^`]+)`/,
-          Regexp
-        )
         sig { returns(T::Array[Dependency]) }
         attr_reader :dependencies
@@ -270,43 +262,6 @@ module Dependabot
           error_handler.handle_uv_error(e)
         end
-        sig { params(error_message: String).returns(T::Boolean) }
-        def resolution_error?(error_message)
-          ["No solution found when resolving dependencies", "Failed to build"].any? do |pattern|
-            error_message.include?(pattern)
-          end
-        end
-        sig { params(error_message: String).returns(T.noreturn) }
-        def handle_resolution_error(error_message)
-          match_unresolvable = error_message.scan(UV_UNRESOLVABLE_REGEX).last
-          match_build_failed = error_message.scan(UV_BUILD_FAILED_REGEX).last
-          if match_unresolvable
-            formatted_error = Array(match_unresolvable).join
-            conflicting_deps = extract_conflicting_dependencies(formatted_error)
-            raise Dependabot::UpdateNotPossible, conflicting_deps if conflicting_deps.any?
-            raise Dependabot::DependencyFileNotResolvable, formatted_error
-          end
-          formatted_error = match_build_failed ? Array(match_build_failed).join : error_message
-          raise Dependabot::DependencyFileNotResolvable, formatted_error
-        end
-        sig { params(error_message: String).returns(T::Array[String]) }
-        def extract_conflicting_dependencies(error_message)
-          # Extract conflicting dependency names from the error message
-          # Pattern: "Because <pkg>==<ver> depends on <dep>>=<ver> and your project depends on <dep>==<ver>"
-          normalized_message = error_message.gsub(/\s+/, " ")
-          conflict_pattern = /Because (\S+)==\S+ depends on (\S+)[><=!]+\S+ and your project depends on \2==\S+/
-          match = normalized_message.match(conflict_pattern)
-          return [] unless match
-          [T.must(match[1]), T.must(match[2])].uniq
-        end
         sig { returns(LockFileErrorHandler) }
         def error_handler
           @error_handler ||= T.let(LockFileErrorHandler.new, T.nilable(LockFileErrorHandler))

data/lib/dependabot/uv/update_checker/pip_compile_version_resolver.rb CHANGED Viewed

@@ -30,6 +30,14 @@ module Dependabot
         GIT_DEPENDENCY_UNREACHABLE_REGEX = T.let(/git clone --filter=blob:none --quiet (?<url>[^\s]+).* /, Regexp)
         GIT_REFERENCE_NOT_FOUND_REGEX = T.let(/Did not find branch or tag '(?<tag>[^\n"]+)'/m, Regexp)
+        GIT_CREDENTIALS_ERROR_REGEX = T.let(
+          /could not read Username for '(?<url>[^']+)'/,
+          Regexp
+        )
+        GIT_DEPENDENCY_URL_FROM_UV_REGEX = T.let(
+          %r{git\+(?<url>https?://[^\s@#]+)},
+          Regexp
+        )
         NATIVE_COMPILATION_ERROR = T.let(
           "pip._internal.exceptions.InstallationSubprocessError: Getting requirements to build wheel exited with 1",
           String
@@ -210,6 +218,7 @@ module Dependabot
                    .named_captures.fetch("url")
             raise GitDependenciesNotReachable, T.must(url)
           end
+          handle_git_credentials_error(message)
           raise Dependabot::OutOfDisk if message.end_with?("[Errno 28] No space left on device")
@@ -430,6 +439,25 @@ module Dependabot
           T.must(T.cast(message.scan(ERROR_REGEX), T::Array[String]).last)
         end
+        sig { params(message: String).returns(T.nilable(String)) }
+        def extract_git_url_from_message(message)
+          # Try to extract the full repository URL from UV's git dependency reference (git+https://...)
+          if (url_match = message.match(GIT_DEPENDENCY_URL_FROM_UV_REGEX))
+            return url_match.named_captures.fetch("url")
+          end
+          # Fall back to the URL from the "could not read Username" error
+          message.match(GIT_CREDENTIALS_ERROR_REGEX)&.named_captures&.fetch("url")
+        end
+        sig { params(message: String).void }
+        def handle_git_credentials_error(message)
+          return unless message.match?(GIT_CREDENTIALS_ERROR_REGEX)
+          url = extract_git_url_from_message(message)
+          raise GitDependenciesNotReachable, T.must(url)
+        end
         sig { returns(T::Array[String]) }
         def filenames_to_compile
           files_from_reqs =

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-uv
 version: !ruby/object:Gem::Version
-  version: 0.361.1
+  version: 0.361.2
 platform: ruby
 authors:
 - Dependabot
@@ -15,28 +15,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.361.1
+        version: 0.361.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.361.1
+        version: 0.361.2
 - !ruby/object:Gem::Dependency
   name: dependabot-python
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.361.1
+        version: 0.361.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.361.1
+        version: 0.361.2
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -299,7 +299,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.361.1
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.361.2
 rdoc_options: []
 require_paths:
 - lib