dependabot-uv 0.381.0 → 0.382.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/uv/file_updater/lock_file_updater.rb +23 -16
  3. data/lib/dependabot/uv/file_updater/pyproject_preparer.rb +2 -35
  4. data/lib/dependabot/uv/update_checker.rb +9 -7
  5. metadata +6 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 34812d487d1efef68f06ec5410de289820633662674188962fce43e27a3ed169
4
- data.tar.gz: d5ae7d9564f1f64f92c3b6b1de39c28d9d5fe58c8480ced385b35b7baa56affb
3
+ metadata.gz: 4f8d39e39ce8e18f7c946928ed3a7b5cd780ce3ae7d8808dad8c96c3b8248e6b
4
+ data.tar.gz: 2747bc7341934590fb3c0d1b0af95f788e055ff7845570dc10918179c0a9a26b
5
5
  SHA512:
6
- metadata.gz: e5fa6c65e7d20b4361aeac44eba7fec0f754967d17f048ebcfa4a7612f219c2fa965384c108d766ee53cf5b1fdf918c2bdfc920061d6f953bc1e4a82e1ab43dd
7
- data.tar.gz: 523a44b91c088a6158e0d7fd11a91d35f01914233eef1709102a28a63806d7b26609bc27da53b09a2b4c4b05a96157f7a953848a1844ebcc2665f6f072f4222f
6
+ metadata.gz: 4f6677be24fdf402b476d7018f98ca323491fb6c4ea7ba5eeb4634d0e48b097e98dde9c679b9c1229dcc6343d38600e17d83a2fb931ca3a6918742d8bc88f777
7
+ data.tar.gz: f56c52f7b7d3b38d894bfa5452a6c4d68a61cf0ea995f2a26ec75a7d68c4bc4abb7a41a495ba0e699c85597bb8d74b9ddc5ee2413ba009db260102807f716d5c
data/lib/dependabot/uv/file_updater/lock_file_updater.rb CHANGED
@@ -482,27 +482,34 @@ module Dependabot
482
482
  # themselves and for dry-run.
483
483
  sig { returns(T::Hash[String, String]) }
484
484
  def pyproject_index_env_vars
485
- env_vars = {}
485
+ python_index_creds = credentials.select { |cred| cred["type"] == "python_index" }
486
+ python_index_creds.each_with_object(T.let({}, T::Hash[String, String])) do |cred, env_vars|
487
+ env_vars.merge!(index_auth_env_vars_for(cred))
488
+ end
489
+ end
490
+
491
+ sig { params(cred: Dependabot::Credential).returns(T::Hash[String, String]) }
492
+ def index_auth_env_vars_for(cred)
493
+ env_vars = T.let({}, T::Hash[String, String])
494
+ index_name = find_index_name_for_credential(cred)
486
495
 
487
- matched_credentials = credentials
488
- .select { |cred| cred["type"] == "python_index" }
489
- .filter_map do |cred|
490
- index_name = find_index_name_for_credential(cred)
491
- [cred, index_name] if index_name
492
- end
496
+ unless index_name
497
+ Dependabot.logger.debug(
498
+ "python_index credential did not match a [[tool.uv.index]] entry; skipping UV_INDEX_* env vars"
499
+ )
500
+ return env_vars
501
+ end
493
502
 
494
- matched_credentials.each do |cred, index_name|
495
- env_name = index_name.upcase.gsub(/[^A-Z0-9]/, "_")
503
+ env_name = index_name.upcase.gsub(/[^A-Z0-9]/, "_")
504
+ username = cred["username"]
505
+ password = cred["password"] || cred["token"]
496
506
 
497
- env_vars["UV_INDEX_#{env_name}_USERNAME"] = cred["username"] if cred["username"]
507
+ env_vars["UV_INDEX_#{env_name}_USERNAME"] = username if username
508
+ env_vars["UV_INDEX_#{env_name}_PASSWORD"] = password if password
498
509
 
499
- if cred["password"]
500
- env_vars["UV_INDEX_#{env_name}_PASSWORD"] = cred["password"]
501
- elsif cred["token"]
502
- env_vars["UV_INDEX_#{env_name}_PASSWORD"] = cred["token"]
503
- end
504
- end
510
+ return env_vars unless username || password
505
511
 
512
+ Dependabot.logger.debug("Configured uv auth env vars for a matched [[tool.uv.index]] entry")
506
513
  env_vars
507
514
  end
508
515
 
data/lib/dependabot/uv/file_updater/pyproject_preparer.rb CHANGED
@@ -17,12 +17,9 @@ module Dependabot
17
17
  class PyprojectPreparer
18
18
  extend T::Sig
19
19
 
20
- Credentials = T.type_alias { T::Array[T::Hash[String, String]] }
21
-
22
- sig { params(pyproject_content: String, lockfile: T.nilable(Dependabot::DependencyFile)).void }
23
- def initialize(pyproject_content:, lockfile: nil)
20
+ sig { params(pyproject_content: String).void }
21
+ def initialize(pyproject_content:)
24
22
  @pyproject_content = pyproject_content
25
- @lockfile = lockfile
26
23
  @lines = T.let(pyproject_content.split("\n"), T::Array[String])
27
24
  end
28
25
 
@@ -44,41 +41,11 @@ module Dependabot
44
41
  @pyproject_content = updated_lines.join("\n")
45
42
  end
46
43
 
47
- sig { params(credentials: T.nilable(Credentials)).returns(T.nilable(Credentials)) }
48
- def add_auth_env_vars(credentials)
49
- return unless credentials
50
-
51
- credentials.each do |credential|
52
- next unless credential["type"] == "python_index"
53
-
54
- token = credential["token"]
55
- index_url = credential["index-url"]
56
-
57
- next unless token && index_url
58
-
59
- # Set environment variables for uv auth
60
- ENV["UV_INDEX_URL_TOKEN_#{sanitize_env_name(index_url)}"] = token
61
-
62
- # Also set pip-style credentials for compatibility
63
- ENV["PIP_INDEX_URL"] ||= "https://#{token}@#{index_url.gsub(%r{^https?://}, '')}"
64
- end
65
- end
66
-
67
44
  sig { returns(String) }
68
45
  def sanitize
69
46
  # No special sanitization needed for UV files at this point
70
47
  @pyproject_content
71
48
  end
72
-
73
- private
74
-
75
- sig { returns(T.nilable(Dependabot::DependencyFile)) }
76
- attr_reader :lockfile
77
-
78
- sig { params(url: String).returns(String) }
79
- def sanitize_env_name(url)
80
- url.gsub(%r{^https?://}, "").gsub(/[^a-zA-Z0-9]/, "_").upcase
81
- end
82
49
  end
83
50
  end
84
51
  end
data/lib/dependabot/uv/update_checker.rb CHANGED
@@ -31,14 +31,16 @@ module Dependabot
31
31
  require_relative "update_checker/latest_version_finder"
32
32
  require_relative "update_checker/lock_file_resolver"
33
33
 
34
- sig { override.returns(T::Array[T::Hash[Symbol, T.untyped]]) }
34
+ sig { override.returns(T::Array[Dependabot::DependencyRequirement]) }
35
35
  def updated_requirements
36
- RequirementsUpdater.new(
37
- requirements: requirements,
38
- latest_resolvable_version: preferred_resolvable_version&.to_s,
39
- update_strategy: requirements_update_strategy,
40
- has_lockfile: requirements_text_file?
41
- ).updated_requirements
36
+ wrap_requirements(
37
+ RequirementsUpdater.new(
38
+ requirements: requirements,
39
+ latest_resolvable_version: preferred_resolvable_version&.to_s,
40
+ update_strategy: requirements_update_strategy,
41
+ has_lockfile: requirements_text_file?
42
+ ).updated_requirements
43
+ )
42
44
  end
43
45
 
44
46
  private
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-uv
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.381.0
4
+ version: 0.382.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -15,28 +15,28 @@ dependencies:
15
15
  requirements:
16
16
  - - '='
17
17
  - !ruby/object:Gem::Version
18
- version: 0.381.0
18
+ version: 0.382.0
19
19
  type: :runtime
20
20
  prerelease: false
21
21
  version_requirements: !ruby/object:Gem::Requirement
22
22
  requirements:
23
23
  - - '='
24
24
  - !ruby/object:Gem::Version
25
- version: 0.381.0
25
+ version: 0.382.0
26
26
  - !ruby/object:Gem::Dependency
27
27
  name: dependabot-python
28
28
  requirement: !ruby/object:Gem::Requirement
29
29
  requirements:
30
30
  - - '='
31
31
  - !ruby/object:Gem::Version
32
- version: 0.381.0
32
+ version: 0.382.0
33
33
  type: :runtime
34
34
  prerelease: false
35
35
  version_requirements: !ruby/object:Gem::Requirement
36
36
  requirements:
37
37
  - - '='
38
38
  - !ruby/object:Gem::Version
39
- version: 0.381.0
39
+ version: 0.382.0
40
40
  - !ruby/object:Gem::Dependency
41
41
  name: debug
42
42
  requirement: !ruby/object:Gem::Requirement
@@ -302,7 +302,7 @@ licenses:
302
302
  - MIT
303
303
  metadata:
304
304
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
305
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.381.0
305
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.382.0
306
306
  rdoc_options: []
307
307
  require_paths:
308
308
  - lib