renovate 41.155.0 → 41.155.2

package/dist/modules/datasource/pypi/index.d.ts

@@ -9,6 +9,7 @@ export declare class PypiDatasource extends Datasource {
     readonly defaultRegistryUrls: string[];
     readonly defaultVersioning = "pep440";
     readonly registryStrategy = "merge";
+    readonly releaseTimestampSupport = true;
     readonly releaseTimestampNote = "The relase timestamp is determined from the `upload_time` field in the results.";
     readonly sourceUrlSupport = "release";
     readonly sourceUrlNote = "The source URL is determined from the `homepage` field if it is a github repository, else we use the `project_urls` field.";

package/dist/modules/datasource/pypi/index.js

@@ -27,6 +27,7 @@ class PypiDatasource extends datasource_1.Datasource {
     defaultRegistryUrls = [PypiDatasource.defaultURL];
     defaultVersioning = pep440.id;
     registryStrategy = 'merge';
+    releaseTimestampSupport = true;
     releaseTimestampNote = 'The relase timestamp is determined from the `upload_time` field in the results.';
     sourceUrlSupport = 'release';
     sourceUrlNote = 'The source URL is determined from the `homepage` field if it is a github repository, else we use the `project_urls` field.';

package/dist/modules/datasource/pypi/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../lib/modules/datasource/pypi/index.ts"],"names":[],"mappings":";;;;AAAA,gEAA2B;AAC3B,kEAAkC;AAClC,gGAA8D;AAC9D,4CAAyC;AACzC,+CAAkD;AAClD,2CAA2C;AAC3C,6CAA2C;AAE3C,+CAA4C;AAC5C,uDAAsD;AACtD,2CAAkE;AAClE,wEAAkD;AAClD,8CAA2C;AAE3C,kCAA6C;AAC7C,qCAAgE;AAGhE,MAAa,cAAe,SAAQ,uBAAU;IAC5C,MAAM,CAAU,EAAE,GAAG,MAAM,CAAC;IAE5B;QACE,KAAK,CAAC,cAAc,CAAC,EAAE,CAAC,CAAC;IAC3B,CAAC;IAEiB,OAAO,GAAG,IAAI,CAAC;IAEf,qBAAqB,GAAG,IAAI,CAAC;IAE/C,MAAM,CAAU,UAAU,GACxB,IAAA,YAAM,GAAE,CAAC,aAAa,IAAI,wBAAwB,CAAC;IACnC,mBAAmB,GAAG,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;IAElD,iBAAiB,GAAG,MAAM,CAAC,EAAE,CAAC;IAE9B,gBAAgB,GAAG,OAAO,CAAC;IAE3B,oBAAoB,GACpC,iFAAiF,CAAC;IAClE,gBAAgB,GAAG,SAAS,CAAC;IAC7B,aAAa,GAC7B,4HAA4H,CAAC;IAE/H,KAAK,CAAC,WAAW,CAAC,EAChB,WAAW,EACX,WAAW,GACO;QAClB,IAAI,UAAU,GAAyB,IAAI,CAAC;QAC5C,4BAA4B;QAC5B,MAAM,OAAO,GAAG,IAAA,yBAAmB,EACjC,WAAY,CAAC,OAAO,CAAC,yBAAyB,EAAE,uBAAuB,CAAC,CACzE,CAAC;QACF,MAAM,oBAAoB,GAAG,IAAA,+BAAsB,EAAC,WAAW,CAAC,CAAC;QAEjE,0DAA0D;QAC1D,IAAI,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YAClE,eAAM,CAAC,KAAK,CACV,EAAE,WAAW,EAAE,OAAO,EAAE,EACxB,mCAAmC,CACpC,CAAC;YACF,UAAU,GAAG,MAAM,IAAI,CAAC,mBAAmB,CACzC,oBAAoB,EACpB,OAAO,CACR,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,eAAM,CAAC,KAAK,CAAC,EAAE,WAAW,EAAE,OAAO,EAAE,EAAE,gCAAgC,CAAC,CAAC;YACzE,IAAI,CAAC;gBACH,yFAAyF;gBACzF,UAAU,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,oBAAoB,EAAE,OAAO,CAAC,CAAC;YACvE,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,+EAA+E;gBAC/E,eAAM,CAAC,KAAK,CACV,EAAE,WAAW,EAAE,OAAO,EAAE,GAAG,EAAE,EAC7B,gDAAgD,CACjD,CAAC;gBACF,UAAU,GAAG,MAAM,IAAI,CAAC,mBAAmB,CACzC,oBAAoB,EACpB,OAAO,CACR,CAAC;YACJ,CAAC;QACH,CAAC;QACD,OAAO,UAAU,CAAC;IACpB,CAAC;IAEO,KAAK,CAAC,cAAc,CAC1B,SAAiB;QAEjB,MAAM,SAAS,GAAG,IAAA,cAAQ,EAAC,SAAS,CAAC,CAAC;QACtC,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,eAAM,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,EAAE,qBAAqB,CAAC,CAAC;YACxD,OAAO,EAAE,CAAC;QACZ,CAAC;QACD,IAAI,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;YAC5C,MAAM,IAAI,GAAG,MAAM,IAAA,yBAAkB,GAAE,CAAC;YACxC,IAAI,IAAI,EAAE,CAAC;gBACT,OAAO,EAAE,aAAa,EAAE,SAAS,IAAI,EAAE,EAAE,CAAC;YAC5C,CAAC;YACD,eAAM,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,EAAE,mCAAmC,CAAC,CAAC;YACtE,OAAO,EAAE,CAAC;QACZ,CAAC;QACD,OAAO,EAAE,CAAC;IACZ,CAAC;IAEO,KAAK,CAAC,aAAa,CACzB,WAAmB,EACnB,OAAe;QAEf,MAAM,SAAS,GAAG,kBAAG,CAAC,OAAO,CAC3B,OAAO,EACP,GAAG,IAAA,+BAAsB,EAAC,WAAW,CAAC,OAAO,CAC9C,CAAC;QACF,MAAM,UAAU,GAAkB,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;QACnD,eAAM,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,EAAE,qBAAqB,CAAC,CAAC;QACnD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC;QACrD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAW,SAAS,EAAE;YAChE,OAAO;SACR,CAAC,CAAC;QACH,MAAM,GAAG,GAAG,GAAG,EAAE,IAAI,CAAC;QACtB,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,eAAM,CAAC,KAAK,CAAC,EAAE,UAAU,EAAE,WAAW,EAAE,EAAE,uBAAuB,CAAC,CAAC;YACnE,OAAO,IAAI,CAAC;QACd,CAAC;QACD,IAAI,GAAG,CAAC,aAAa,EAAE,CAAC;YACtB,UAAU,CAAC,SAAS,GAAG,IAAI,CAAC;QAC9B,CAAC;QACD,eAAM,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,EAAE,qBAAqB,CAAC,CAAC;QAEnD,IAAI,GAAG,CAAC,IAAI,EAAE,SAAS,EAAE,CAAC;YACxB,UAAU,CAAC,QAAQ,GAAG,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC;YACzC,IAAI,IAAA,qBAAY,EAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;gBACrC,UAAU,CAAC,SAAS,GAAG,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAC/C,SAAS,EACT,UAAU,CACX,CAAC;YACJ,CAAC;QACH,CAAC;QAED,IAAI,GAAG,CAAC,IAAI,EAAE,YAAY,EAAE,CAAC;YAC3B,KAAK,MAAM,CAAC,IAAI,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;gBACvE,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;gBAEjC,IACE,CAAC,UAAU,CAAC,SAAS;oBACrB,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC;wBACvB,KAAK,KAAK,MAAM;wBAChB,KAAK,KAAK,QAAQ;wBAClB,IAAA,qBAAY,EAAC,UAAU,CAAC,CAAC,EAC3B,CAAC;oBACD,UAAU,CAAC,SAAS,GAAG,UAAU,CAAC;gBACpC,CAAC;gBAED,IACE,CAAC,UAAU,CAAC,YAAY;oBACxB,CAAC;wBACC,WAAW;wBACX,YAAY;wBACZ,SAAS;wBACT,eAAe;wBACf,MAAM;wBACN,YAAY;qBACb,CAAC,QAAQ,CAAC,KAAK,CAAC;wBACf,kCAAsB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EACrC,CAAC;oBACD,qIAAqI;oBACrI,UAAU,CAAC,YAAY,GAAG,UAAU,CAAC;gBACvC,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;YACjB,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YAC3C,UAAU,CAAC,QAAQ,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE;gBAC7C,MAAM,QAAQ,GAAG,IAAA,mBAAW,EAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;gBACtD,MAAM,EAAE,WAAW,EAAE,gBAAgB,EAAE,GAAG,QAAQ,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;gBAC5D,MAAM,YAAY,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC;gBAC3D,MAAM,MAAM,GAAY;oBACtB,OAAO;oBACP,gBAAgB,EAAE,IAAA,uBAAW,EAAC,gBAAgB,CAAC;iBAChD,CAAC;gBACF,IAAI,YAAY,EAAE,CAAC;oBACjB,MAAM,CAAC,YAAY,GAAG,YAAY,CAAC;gBACrC,CAAC;gBACD,8FAA8F;gBAC9F,MAAM,iBAAiB,GAAG,QAAQ;qBAC/B,GAAG,CAAC,CAAC,EAAE,eAAe,EAAE,EAAE,EAAE,CAAC,eAAe,CAAC;qBAC7C,MAAM,CAAC,YAAE,CAAC,MAAM,CAAC,CAAC;gBACrB,MAAM,CAAC,WAAW,GAAG;oBACnB,MAAM,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,iBAAiB,CAAC,CAAC;iBAC/C,CAAC;gBACF,OAAO,MAAM,CAAC;YAChB,CAAC,CAAC,CAAC;QACL,CAAC;QACD,OAAO,UAAU,CAAC;IACpB,CAAC;IAEO,MAAM,CAAC,0BAA0B,CACvC,IAAY,EACZ,WAAmB;QAEnB,kBAAkB;QAClB,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QAClC,MAAM,iBAAiB,GAAG,IAAA,+BAAsB,EAAC,IAAI,CAAC,CAAC;QACvD,MAAM,SAAS,GAAG,GAAG,WAAW,GAAG,CAAC;QAEpC,0KAA0K;QAC1K,oNAAoN;QACpN,qIAAqI;QACrI,8HAA8H;QAE9H,IAAI,CAAC,iBAAiB,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YAC7C,OAAO,IAAI,CAAC;QACd,CAAC;QAED,mGAAmG;QACnG,oGAAoG;QACpG,4GAA4G;QAC5G,MAAM,oBAAoB,GAAG,MAAM,CAAC,MAAM,GAAG,iBAAiB,CAAC,MAAM,CAAC;QACtE,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,GAAG,oBAAoB,CAAC,CAAC;QAElE,sBAAsB;QACtB,MAAM,WAAW,GAAG,CAAC,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;QACvE,MAAM,SAAS,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;QACxE,IAAI,SAAS,EAAE,CAAC;YACd,8CAA8C;YAC9C,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACzC,CAAC;QAED,sBAAsB;QACtB,6FAA6F;QAC7F,MAAM,WAAW,GAAG,MAAM,CAAC;QAC3B,IAAI,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACjE,OAAO,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QAC3B,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,MAAM,CAAC,eAAe,CAAC,IAAY;QACzC,OAAO,CACL,IAAI;aACD,OAAO,CAAC,IAAA,aAAK,EAAC,UAAU,CAAC,EAAE,EAAE,CAAC;YAC/B,oEAAoE;aACnE,OAAO,CACN,IAAA,aAAK,EAAC,2CAA2C,CAAC,EAClD,iCAAiC,CAClC;aACA,OAAO,CACN,IAAA,aAAK,EAAC,2CAA2C,CAAC,EAClD,iCAAiC,CAClC,CACJ,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,mBAAmB,CAC/B,WAAmB,EACnB,OAAe;QAEf,MAAM,SAAS,GAAG,kBAAG,CAAC,OAAO,CAC3B,OAAO,EACP,IAAA,yBAAmB,EAAC,IAAA,+BAAsB,EAAC,WAAW,CAAC,CAAC,CACzD,CAAC;QACF,MAAM,UAAU,GAAkB,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;QACnD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC;QACrD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;QACjE,MAAM,GAAG,GAAG,QAAQ,EAAE,IAAI,CAAC;QAC3B,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,eAAM,CAAC,KAAK,CAAC,EAAE,UAAU,EAAE,WAAW,EAAE,EAAE,uBAAuB,CAAC,CAAC;YACnE,OAAO,IAAI,CAAC;QACd,CAAC;QACD,IAAI,QAAQ,CAAC,aAAa,EAAE,CAAC;YAC3B,UAAU,CAAC,SAAS,GAAG,IAAI,CAAC;QAC9B,CAAC;QACD,MAAM,IAAI,GAAG,IAAA,YAAK,EAAC,cAAc,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC;QACxD,MAAM,KAAK,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC;QACzC,MAAM,QAAQ,GAAa,EAAE,CAAC;QAC9B,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YACrC,MAAM,OAAO,GAAG,cAAc,CAAC,0BAA0B,CACvD,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,EACjB,WAAW,CACZ,CAAC;YACF,IAAI,OAAO,EAAE,CAAC;gBACZ,MAAM,OAAO,GAAoB;oBAC/B,MAAM,EAAE,IAAI,CAAC,YAAY,CAAC,aAAa,CAAC;iBACzC,CAAC;gBACF,MAAM,cAAc,GAAG,IAAI,CAAC,YAAY,CAAC,sBAAsB,CAAC,CAAC;gBACjE,IAAI,cAAc,EAAE,CAAC;oBACnB,OAAO,CAAC,eAAe,GAAG,cAAc,CAAC;gBAC3C,CAAC;gBACD,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;oBACvB,QAAQ,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;gBACzB,CAAC;gBACD,QAAQ,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAClC,CAAC;QACH,CAAC;QACD,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACvC,UAAU,CAAC,QAAQ,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7C,MAAM,eAAe,GAAG,IAAA,mBAAW,EAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;YACvD,MAAM,YAAY,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC;YAClE,MAAM,MAAM,GAAY,EAAE,OAAO,EAAE,CAAC;YACpC,IAAI,YAAY,EAAE,CAAC;gBACjB,MAAM,CAAC,YAAY,GAAG,YAAY,CAAC;YACrC,CAAC;YACD,8FAA8F;YAC9F,MAAM,CAAC,WAAW,GAAG;gBACnB,oCAAoC;gBACpC,MAAM,EAAE,eAAe,CAAC,GAAG,CACzB,CAAC,EAAE,eAAe,EAAE,EAAE,EAAE,CAAC,eAAe,CAClC;aACT,CAAC;YACF,OAAO,MAAM,CAAC;QAChB,CAAC,CAAC,CAAC;QACH,OAAO,UAAU,CAAC;IACpB,CAAC;;AArSH,wCAsSC","sourcesContent":["import url from 'node:url';\nimport is from '@sindresorhus/is';\nimport changelogFilenameRegex from 'changelog-filename-regex';\nimport { logger } from '../../../logger';\nimport { coerceArray } from '../../../util/array';\nimport { getEnv } from '../../../util/env';\nimport { parse } from '../../../util/html';\nimport type { OutgoingHttpHeaders } from '../../../util/http/types';\nimport { regEx } from '../../../util/regex';\nimport { asTimestamp } from '../../../util/timestamp';\nimport { ensureTrailingSlash, parseUrl } from '../../../util/url';\nimport * as pep440 from '../../versioning/pep440';\nimport { Datasource } from '../datasource';\nimport type { GetReleasesConfig, Release, ReleaseResult } from '../types';\nimport { getGoogleAuthToken } from '../util';\nimport { isGitHubRepo, normalizePythonDepName } from './common';\nimport type { PypiJSON, PypiJSONRelease, Releases } from './types';\n\nexport class PypiDatasource extends Datasource {\n  static readonly id = 'pypi';\n\n  constructor() {\n    super(PypiDatasource.id);\n  }\n\n  override readonly caching = true;\n\n  override readonly customRegistrySupport = true;\n\n  static readonly defaultURL =\n    getEnv().PIP_INDEX_URL ?? 'https://pypi.org/pypi/';\n  override readonly defaultRegistryUrls = [PypiDatasource.defaultURL];\n\n  override readonly defaultVersioning = pep440.id;\n\n  override readonly registryStrategy = 'merge';\n\n  override readonly releaseTimestampNote =\n    'The relase timestamp is determined from the `upload_time` field in the results.';\n  override readonly sourceUrlSupport = 'release';\n  override readonly sourceUrlNote =\n    'The source URL is determined from the `homepage` field if it is a github repository, else we use the `project_urls` field.';\n\n  async getReleases({\n    packageName,\n    registryUrl,\n  }: GetReleasesConfig): Promise<ReleaseResult | null> {\n    let dependency: ReleaseResult | null = null;\n    // TODO: null check (#22198)\n    const hostUrl = ensureTrailingSlash(\n      registryUrl!.replace('https://pypi.org/simple', 'https://pypi.org/pypi'),\n    );\n    const normalizedLookupName = normalizePythonDepName(packageName);\n\n    // not all simple indexes use this identifier, but most do\n    if (hostUrl.endsWith('/simple/') || hostUrl.endsWith('/+simple/')) {\n      logger.trace(\n        { packageName, hostUrl },\n        'Looking up pypi simple dependency',\n      );\n      dependency = await this.getSimpleDependency(\n        normalizedLookupName,\n        hostUrl,\n      );\n    } else {\n      logger.trace({ packageName, hostUrl }, 'Looking up pypi api dependency');\n      try {\n        // we need to resolve early here so we can catch any 404s and fallback to a simple lookup\n        dependency = await this.getDependency(normalizedLookupName, hostUrl);\n      } catch (err) {\n        // error contacting json-style api -- attempt to fallback to a simple-style api\n        logger.trace(\n          { packageName, hostUrl, err },\n          'Looking up pypi simple dependency via fallback',\n        );\n        dependency = await this.getSimpleDependency(\n          normalizedLookupName,\n          hostUrl,\n        );\n      }\n    }\n    return dependency;\n  }\n\n  private async getAuthHeaders(\n    lookupUrl: string,\n  ): Promise<OutgoingHttpHeaders> {\n    const parsedUrl = parseUrl(lookupUrl);\n    if (!parsedUrl) {\n      logger.once.debug({ lookupUrl }, 'Failed to parse URL');\n      return {};\n    }\n    if (parsedUrl.hostname.endsWith('.pkg.dev')) {\n      const auth = await getGoogleAuthToken();\n      if (auth) {\n        return { authorization: `Basic ${auth}` };\n      }\n      logger.once.debug({ lookupUrl }, 'Could not get Google access token');\n      return {};\n    }\n    return {};\n  }\n\n  private async getDependency(\n    packageName: string,\n    hostUrl: string,\n  ): Promise<ReleaseResult | null> {\n    const lookupUrl = url.resolve(\n      hostUrl,\n      `${normalizePythonDepName(packageName)}/json`,\n    );\n    const dependency: ReleaseResult = { releases: [] };\n    logger.trace({ lookupUrl }, 'Pypi api got lookup');\n    const headers = await this.getAuthHeaders(lookupUrl);\n    const rep = await this.http.getJsonUnchecked<PypiJSON>(lookupUrl, {\n      headers,\n    });\n    const dep = rep?.body;\n    if (!dep) {\n      logger.trace({ dependency: packageName }, 'pip package not found');\n      return null;\n    }\n    if (rep.authorization) {\n      dependency.isPrivate = true;\n    }\n    logger.trace({ lookupUrl }, 'Got pypi api result');\n\n    if (dep.info?.home_page) {\n      dependency.homepage = dep.info.home_page;\n      if (isGitHubRepo(dep.info.home_page)) {\n        dependency.sourceUrl = dep.info.home_page.replace(\n          'http://',\n          'https://',\n        );\n      }\n    }\n\n    if (dep.info?.project_urls) {\n      for (const [name, projectUrl] of Object.entries(dep.info.project_urls)) {\n        const lower = name.toLowerCase();\n\n        if (\n          !dependency.sourceUrl &&\n          (lower.startsWith('repo') ||\n            lower === 'code' ||\n            lower === 'source' ||\n            isGitHubRepo(projectUrl))\n        ) {\n          dependency.sourceUrl = projectUrl;\n        }\n\n        if (\n          !dependency.changelogUrl &&\n          ([\n            'changelog',\n            'change log',\n            'changes',\n            'release notes',\n            'news',\n            \"what's new\",\n          ].includes(lower) ||\n            changelogFilenameRegex.exec(lower))\n        ) {\n          // from https://github.com/pypa/warehouse/blob/418c7511dc367fb410c71be139545d0134ccb0df/warehouse/templates/packaging/detail.html#L24\n          dependency.changelogUrl = projectUrl;\n        }\n      }\n    }\n\n    if (dep.releases) {\n      const versions = Object.keys(dep.releases);\n      dependency.releases = versions.map((version) => {\n        const releases = coerceArray(dep.releases?.[version]);\n        const { upload_time: releaseTimestamp } = releases[0] || {};\n        const isDeprecated = releases.some(({ yanked }) => yanked);\n        const result: Release = {\n          version,\n          releaseTimestamp: asTimestamp(releaseTimestamp),\n        };\n        if (isDeprecated) {\n          result.isDeprecated = isDeprecated;\n        }\n        // There may be multiple releases with different requires_python, so we return all in an array\n        const pythonConstraints = releases\n          .map(({ requires_python }) => requires_python)\n          .filter(is.string);\n        result.constraints = {\n          python: Array.from(new Set(pythonConstraints)),\n        };\n        return result;\n      });\n    }\n    return dependency;\n  }\n\n  private static extractVersionFromLinkText(\n    text: string,\n    packageName: string,\n  ): string | null {\n    // source packages\n    const lcText = text.toLowerCase();\n    const normalizedSrcText = normalizePythonDepName(text);\n    const srcPrefix = `${packageName}-`;\n\n    // source distribution format: `{name}-{version}.tar.gz` (https://packaging.python.org/en/latest/specifications/source-distribution-format/#source-distribution-file-name)\n    // binary distribution: `{distribution}-{version}(-{build tag})?-{python tag}-{abi tag}-{platform tag}.whl` (https://packaging.python.org/en/latest/specifications/binary-distribution-format/#file-name-convention)\n    // officially both `name` and `distribution` should be normalized and then the - replaced with _, but in reality this is not the case\n    // We therefore normalize the name we have (replacing `_-.` with -) and then check if the text starts with the normalized name\n\n    if (!normalizedSrcText.startsWith(srcPrefix)) {\n      return null;\n    }\n\n    // strip off the prefix using the prefix length as we may have normalized the srcPrefix/packageName\n    // We assume that neither the version nor the suffix contains multiple `-` like `0.1.2---rc1.tar.gz`\n    // and use the difference in length to strip off the prefix in case the name contains double `--` characters\n    const normalizedLengthDiff = lcText.length - normalizedSrcText.length;\n    const res = lcText.slice(srcPrefix.length + normalizedLengthDiff);\n\n    // source distribution\n    const srcSuffixes = ['.tar.gz', '.tar.bz2', '.tar.xz', '.zip', '.tgz'];\n    const srcSuffix = srcSuffixes.find((suffix) => lcText.endsWith(suffix));\n    if (srcSuffix) {\n      // strip off the suffix using character length\n      return res.slice(0, -srcSuffix.length);\n    }\n\n    // binary distribution\n    // for binary distributions the version is the first part after the removed distribution name\n    const wheelSuffix = '.whl';\n    if (lcText.endsWith(wheelSuffix) && lcText.split('-').length > 2) {\n      return res.split('-')[0];\n    }\n    return null;\n  }\n\n  private static cleanSimpleHtml(html: string): string {\n    return (\n      html\n        .replace(regEx(/<\\/?pre>/), '')\n        // Certain simple repositories like artifactory don't escape > and <\n        .replace(\n          regEx(/data-requires-python=\"([^\"]*?)>([^\"]*?)\"/g),\n          'data-requires-python=\"$1&gt;$2\"',\n        )\n        .replace(\n          regEx(/data-requires-python=\"([^\"]*?)<([^\"]*?)\"/g),\n          'data-requires-python=\"$1&lt;$2\"',\n        )\n    );\n  }\n\n  private async getSimpleDependency(\n    packageName: string,\n    hostUrl: string,\n  ): Promise<ReleaseResult | null> {\n    const lookupUrl = url.resolve(\n      hostUrl,\n      ensureTrailingSlash(normalizePythonDepName(packageName)),\n    );\n    const dependency: ReleaseResult = { releases: [] };\n    const headers = await this.getAuthHeaders(lookupUrl);\n    const response = await this.http.getText(lookupUrl, { headers });\n    const dep = response?.body;\n    if (!dep) {\n      logger.trace({ dependency: packageName }, 'pip package not found');\n      return null;\n    }\n    if (response.authorization) {\n      dependency.isPrivate = true;\n    }\n    const root = parse(PypiDatasource.cleanSimpleHtml(dep));\n    const links = root.querySelectorAll('a');\n    const releases: Releases = {};\n    for (const link of Array.from(links)) {\n      const version = PypiDatasource.extractVersionFromLinkText(\n        link.text?.trim(),\n        packageName,\n      );\n      if (version) {\n        const release: PypiJSONRelease = {\n          yanked: link.hasAttribute('data-yanked'),\n        };\n        const requiresPython = link.getAttribute('data-requires-python');\n        if (requiresPython) {\n          release.requires_python = requiresPython;\n        }\n        if (!releases[version]) {\n          releases[version] = [];\n        }\n        releases[version].push(release);\n      }\n    }\n    const versions = Object.keys(releases);\n    dependency.releases = versions.map((version) => {\n      const versionReleases = coerceArray(releases[version]);\n      const isDeprecated = versionReleases.some(({ yanked }) => yanked);\n      const result: Release = { version };\n      if (isDeprecated) {\n        result.isDeprecated = isDeprecated;\n      }\n      // There may be multiple releases with different requires_python, so we return all in an array\n      result.constraints = {\n        // TODO: string[] isn't allowed here\n        python: versionReleases.map(\n          ({ requires_python }) => requires_python,\n        ) as any,\n      };\n      return result;\n    });\n    return dependency;\n  }\n}\n"]}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../lib/modules/datasource/pypi/index.ts"],"names":[],"mappings":";;;;AAAA,gEAA2B;AAC3B,kEAAkC;AAClC,gGAA8D;AAC9D,4CAAyC;AACzC,+CAAkD;AAClD,2CAA2C;AAC3C,6CAA2C;AAE3C,+CAA4C;AAC5C,uDAAsD;AACtD,2CAAkE;AAClE,wEAAkD;AAClD,8CAA2C;AAE3C,kCAA6C;AAC7C,qCAAgE;AAGhE,MAAa,cAAe,SAAQ,uBAAU;IAC5C,MAAM,CAAU,EAAE,GAAG,MAAM,CAAC;IAE5B;QACE,KAAK,CAAC,cAAc,CAAC,EAAE,CAAC,CAAC;IAC3B,CAAC;IAEiB,OAAO,GAAG,IAAI,CAAC;IAEf,qBAAqB,GAAG,IAAI,CAAC;IAE/C,MAAM,CAAU,UAAU,GACxB,IAAA,YAAM,GAAE,CAAC,aAAa,IAAI,wBAAwB,CAAC;IACnC,mBAAmB,GAAG,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;IAElD,iBAAiB,GAAG,MAAM,CAAC,EAAE,CAAC;IAE9B,gBAAgB,GAAG,OAAO,CAAC;IAE3B,uBAAuB,GAAG,IAAI,CAAC;IAC/B,oBAAoB,GACpC,iFAAiF,CAAC;IAClE,gBAAgB,GAAG,SAAS,CAAC;IAC7B,aAAa,GAC7B,4HAA4H,CAAC;IAE/H,KAAK,CAAC,WAAW,CAAC,EAChB,WAAW,EACX,WAAW,GACO;QAClB,IAAI,UAAU,GAAyB,IAAI,CAAC;QAC5C,4BAA4B;QAC5B,MAAM,OAAO,GAAG,IAAA,yBAAmB,EACjC,WAAY,CAAC,OAAO,CAAC,yBAAyB,EAAE,uBAAuB,CAAC,CACzE,CAAC;QACF,MAAM,oBAAoB,GAAG,IAAA,+BAAsB,EAAC,WAAW,CAAC,CAAC;QAEjE,0DAA0D;QAC1D,IAAI,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YAClE,eAAM,CAAC,KAAK,CACV,EAAE,WAAW,EAAE,OAAO,EAAE,EACxB,mCAAmC,CACpC,CAAC;YACF,UAAU,GAAG,MAAM,IAAI,CAAC,mBAAmB,CACzC,oBAAoB,EACpB,OAAO,CACR,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,eAAM,CAAC,KAAK,CAAC,EAAE,WAAW,EAAE,OAAO,EAAE,EAAE,gCAAgC,CAAC,CAAC;YACzE,IAAI,CAAC;gBACH,yFAAyF;gBACzF,UAAU,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,oBAAoB,EAAE,OAAO,CAAC,CAAC;YACvE,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,+EAA+E;gBAC/E,eAAM,CAAC,KAAK,CACV,EAAE,WAAW,EAAE,OAAO,EAAE,GAAG,EAAE,EAC7B,gDAAgD,CACjD,CAAC;gBACF,UAAU,GAAG,MAAM,IAAI,CAAC,mBAAmB,CACzC,oBAAoB,EACpB,OAAO,CACR,CAAC;YACJ,CAAC;QACH,CAAC;QACD,OAAO,UAAU,CAAC;IACpB,CAAC;IAEO,KAAK,CAAC,cAAc,CAC1B,SAAiB;QAEjB,MAAM,SAAS,GAAG,IAAA,cAAQ,EAAC,SAAS,CAAC,CAAC;QACtC,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,eAAM,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,EAAE,qBAAqB,CAAC,CAAC;YACxD,OAAO,EAAE,CAAC;QACZ,CAAC;QACD,IAAI,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;YAC5C,MAAM,IAAI,GAAG,MAAM,IAAA,yBAAkB,GAAE,CAAC;YACxC,IAAI,IAAI,EAAE,CAAC;gBACT,OAAO,EAAE,aAAa,EAAE,SAAS,IAAI,EAAE,EAAE,CAAC;YAC5C,CAAC;YACD,eAAM,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,EAAE,mCAAmC,CAAC,CAAC;YACtE,OAAO,EAAE,CAAC;QACZ,CAAC;QACD,OAAO,EAAE,CAAC;IACZ,CAAC;IAEO,KAAK,CAAC,aAAa,CACzB,WAAmB,EACnB,OAAe;QAEf,MAAM,SAAS,GAAG,kBAAG,CAAC,OAAO,CAC3B,OAAO,EACP,GAAG,IAAA,+BAAsB,EAAC,WAAW,CAAC,OAAO,CAC9C,CAAC;QACF,MAAM,UAAU,GAAkB,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;QACnD,eAAM,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,EAAE,qBAAqB,CAAC,CAAC;QACnD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC;QACrD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAW,SAAS,EAAE;YAChE,OAAO;SACR,CAAC,CAAC;QACH,MAAM,GAAG,GAAG,GAAG,EAAE,IAAI,CAAC;QACtB,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,eAAM,CAAC,KAAK,CAAC,EAAE,UAAU,EAAE,WAAW,EAAE,EAAE,uBAAuB,CAAC,CAAC;YACnE,OAAO,IAAI,CAAC;QACd,CAAC;QACD,IAAI,GAAG,CAAC,aAAa,EAAE,CAAC;YACtB,UAAU,CAAC,SAAS,GAAG,IAAI,CAAC;QAC9B,CAAC;QACD,eAAM,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,EAAE,qBAAqB,CAAC,CAAC;QAEnD,IAAI,GAAG,CAAC,IAAI,EAAE,SAAS,EAAE,CAAC;YACxB,UAAU,CAAC,QAAQ,GAAG,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC;YACzC,IAAI,IAAA,qBAAY,EAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;gBACrC,UAAU,CAAC,SAAS,GAAG,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAC/C,SAAS,EACT,UAAU,CACX,CAAC;YACJ,CAAC;QACH,CAAC;QAED,IAAI,GAAG,CAAC,IAAI,EAAE,YAAY,EAAE,CAAC;YAC3B,KAAK,MAAM,CAAC,IAAI,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;gBACvE,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;gBAEjC,IACE,CAAC,UAAU,CAAC,SAAS;oBACrB,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC;wBACvB,KAAK,KAAK,MAAM;wBAChB,KAAK,KAAK,QAAQ;wBAClB,IAAA,qBAAY,EAAC,UAAU,CAAC,CAAC,EAC3B,CAAC;oBACD,UAAU,CAAC,SAAS,GAAG,UAAU,CAAC;gBACpC,CAAC;gBAED,IACE,CAAC,UAAU,CAAC,YAAY;oBACxB,CAAC;wBACC,WAAW;wBACX,YAAY;wBACZ,SAAS;wBACT,eAAe;wBACf,MAAM;wBACN,YAAY;qBACb,CAAC,QAAQ,CAAC,KAAK,CAAC;wBACf,kCAAsB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EACrC,CAAC;oBACD,qIAAqI;oBACrI,UAAU,CAAC,YAAY,GAAG,UAAU,CAAC;gBACvC,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;YACjB,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YAC3C,UAAU,CAAC,QAAQ,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE;gBAC7C,MAAM,QAAQ,GAAG,IAAA,mBAAW,EAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;gBACtD,MAAM,EAAE,WAAW,EAAE,gBAAgB,EAAE,GAAG,QAAQ,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;gBAC5D,MAAM,YAAY,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC;gBAC3D,MAAM,MAAM,GAAY;oBACtB,OAAO;oBACP,gBAAgB,EAAE,IAAA,uBAAW,EAAC,gBAAgB,CAAC;iBAChD,CAAC;gBACF,IAAI,YAAY,EAAE,CAAC;oBACjB,MAAM,CAAC,YAAY,GAAG,YAAY,CAAC;gBACrC,CAAC;gBACD,8FAA8F;gBAC9F,MAAM,iBAAiB,GAAG,QAAQ;qBAC/B,GAAG,CAAC,CAAC,EAAE,eAAe,EAAE,EAAE,EAAE,CAAC,eAAe,CAAC;qBAC7C,MAAM,CAAC,YAAE,CAAC,MAAM,CAAC,CAAC;gBACrB,MAAM,CAAC,WAAW,GAAG;oBACnB,MAAM,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,iBAAiB,CAAC,CAAC;iBAC/C,CAAC;gBACF,OAAO,MAAM,CAAC;YAChB,CAAC,CAAC,CAAC;QACL,CAAC;QACD,OAAO,UAAU,CAAC;IACpB,CAAC;IAEO,MAAM,CAAC,0BAA0B,CACvC,IAAY,EACZ,WAAmB;QAEnB,kBAAkB;QAClB,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QAClC,MAAM,iBAAiB,GAAG,IAAA,+BAAsB,EAAC,IAAI,CAAC,CAAC;QACvD,MAAM,SAAS,GAAG,GAAG,WAAW,GAAG,CAAC;QAEpC,0KAA0K;QAC1K,oNAAoN;QACpN,qIAAqI;QACrI,8HAA8H;QAE9H,IAAI,CAAC,iBAAiB,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YAC7C,OAAO,IAAI,CAAC;QACd,CAAC;QAED,mGAAmG;QACnG,oGAAoG;QACpG,4GAA4G;QAC5G,MAAM,oBAAoB,GAAG,MAAM,CAAC,MAAM,GAAG,iBAAiB,CAAC,MAAM,CAAC;QACtE,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,GAAG,oBAAoB,CAAC,CAAC;QAElE,sBAAsB;QACtB,MAAM,WAAW,GAAG,CAAC,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;QACvE,MAAM,SAAS,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;QACxE,IAAI,SAAS,EAAE,CAAC;YACd,8CAA8C;YAC9C,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACzC,CAAC;QAED,sBAAsB;QACtB,6FAA6F;QAC7F,MAAM,WAAW,GAAG,MAAM,CAAC;QAC3B,IAAI,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACjE,OAAO,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QAC3B,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,MAAM,CAAC,eAAe,CAAC,IAAY;QACzC,OAAO,CACL,IAAI;aACD,OAAO,CAAC,IAAA,aAAK,EAAC,UAAU,CAAC,EAAE,EAAE,CAAC;YAC/B,oEAAoE;aACnE,OAAO,CACN,IAAA,aAAK,EAAC,2CAA2C,CAAC,EAClD,iCAAiC,CAClC;aACA,OAAO,CACN,IAAA,aAAK,EAAC,2CAA2C,CAAC,EAClD,iCAAiC,CAClC,CACJ,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,mBAAmB,CAC/B,WAAmB,EACnB,OAAe;QAEf,MAAM,SAAS,GAAG,kBAAG,CAAC,OAAO,CAC3B,OAAO,EACP,IAAA,yBAAmB,EAAC,IAAA,+BAAsB,EAAC,WAAW,CAAC,CAAC,CACzD,CAAC;QACF,MAAM,UAAU,GAAkB,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;QACnD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC;QACrD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;QACjE,MAAM,GAAG,GAAG,QAAQ,EAAE,IAAI,CAAC;QAC3B,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,eAAM,CAAC,KAAK,CAAC,EAAE,UAAU,EAAE,WAAW,EAAE,EAAE,uBAAuB,CAAC,CAAC;YACnE,OAAO,IAAI,CAAC;QACd,CAAC;QACD,IAAI,QAAQ,CAAC,aAAa,EAAE,CAAC;YAC3B,UAAU,CAAC,SAAS,GAAG,IAAI,CAAC;QAC9B,CAAC;QACD,MAAM,IAAI,GAAG,IAAA,YAAK,EAAC,cAAc,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC;QACxD,MAAM,KAAK,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC;QACzC,MAAM,QAAQ,GAAa,EAAE,CAAC;QAC9B,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YACrC,MAAM,OAAO,GAAG,cAAc,CAAC,0BAA0B,CACvD,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,EACjB,WAAW,CACZ,CAAC;YACF,IAAI,OAAO,EAAE,CAAC;gBACZ,MAAM,OAAO,GAAoB;oBAC/B,MAAM,EAAE,IAAI,CAAC,YAAY,CAAC,aAAa,CAAC;iBACzC,CAAC;gBACF,MAAM,cAAc,GAAG,IAAI,CAAC,YAAY,CAAC,sBAAsB,CAAC,CAAC;gBACjE,IAAI,cAAc,EAAE,CAAC;oBACnB,OAAO,CAAC,eAAe,GAAG,cAAc,CAAC;gBAC3C,CAAC;gBACD,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;oBACvB,QAAQ,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;gBACzB,CAAC;gBACD,QAAQ,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAClC,CAAC;QACH,CAAC;QACD,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACvC,UAAU,CAAC,QAAQ,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7C,MAAM,eAAe,GAAG,IAAA,mBAAW,EAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;YACvD,MAAM,YAAY,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC;YAClE,MAAM,MAAM,GAAY,EAAE,OAAO,EAAE,CAAC;YACpC,IAAI,YAAY,EAAE,CAAC;gBACjB,MAAM,CAAC,YAAY,GAAG,YAAY,CAAC;YACrC,CAAC;YACD,8FAA8F;YAC9F,MAAM,CAAC,WAAW,GAAG;gBACnB,oCAAoC;gBACpC,MAAM,EAAE,eAAe,CAAC,GAAG,CACzB,CAAC,EAAE,eAAe,EAAE,EAAE,EAAE,CAAC,eAAe,CAClC;aACT,CAAC;YACF,OAAO,MAAM,CAAC;QAChB,CAAC,CAAC,CAAC;QACH,OAAO,UAAU,CAAC;IACpB,CAAC;;AAtSH,wCAuSC","sourcesContent":["import url from 'node:url';\nimport is from '@sindresorhus/is';\nimport changelogFilenameRegex from 'changelog-filename-regex';\nimport { logger } from '../../../logger';\nimport { coerceArray } from '../../../util/array';\nimport { getEnv } from '../../../util/env';\nimport { parse } from '../../../util/html';\nimport type { OutgoingHttpHeaders } from '../../../util/http/types';\nimport { regEx } from '../../../util/regex';\nimport { asTimestamp } from '../../../util/timestamp';\nimport { ensureTrailingSlash, parseUrl } from '../../../util/url';\nimport * as pep440 from '../../versioning/pep440';\nimport { Datasource } from '../datasource';\nimport type { GetReleasesConfig, Release, ReleaseResult } from '../types';\nimport { getGoogleAuthToken } from '../util';\nimport { isGitHubRepo, normalizePythonDepName } from './common';\nimport type { PypiJSON, PypiJSONRelease, Releases } from './types';\n\nexport class PypiDatasource extends Datasource {\n  static readonly id = 'pypi';\n\n  constructor() {\n    super(PypiDatasource.id);\n  }\n\n  override readonly caching = true;\n\n  override readonly customRegistrySupport = true;\n\n  static readonly defaultURL =\n    getEnv().PIP_INDEX_URL ?? 'https://pypi.org/pypi/';\n  override readonly defaultRegistryUrls = [PypiDatasource.defaultURL];\n\n  override readonly defaultVersioning = pep440.id;\n\n  override readonly registryStrategy = 'merge';\n\n  override readonly releaseTimestampSupport = true;\n  override readonly releaseTimestampNote =\n    'The relase timestamp is determined from the `upload_time` field in the results.';\n  override readonly sourceUrlSupport = 'release';\n  override readonly sourceUrlNote =\n    'The source URL is determined from the `homepage` field if it is a github repository, else we use the `project_urls` field.';\n\n  async getReleases({\n    packageName,\n    registryUrl,\n  }: GetReleasesConfig): Promise<ReleaseResult | null> {\n    let dependency: ReleaseResult | null = null;\n    // TODO: null check (#22198)\n    const hostUrl = ensureTrailingSlash(\n      registryUrl!.replace('https://pypi.org/simple', 'https://pypi.org/pypi'),\n    );\n    const normalizedLookupName = normalizePythonDepName(packageName);\n\n    // not all simple indexes use this identifier, but most do\n    if (hostUrl.endsWith('/simple/') || hostUrl.endsWith('/+simple/')) {\n      logger.trace(\n        { packageName, hostUrl },\n        'Looking up pypi simple dependency',\n      );\n      dependency = await this.getSimpleDependency(\n        normalizedLookupName,\n        hostUrl,\n      );\n    } else {\n      logger.trace({ packageName, hostUrl }, 'Looking up pypi api dependency');\n      try {\n        // we need to resolve early here so we can catch any 404s and fallback to a simple lookup\n        dependency = await this.getDependency(normalizedLookupName, hostUrl);\n      } catch (err) {\n        // error contacting json-style api -- attempt to fallback to a simple-style api\n        logger.trace(\n          { packageName, hostUrl, err },\n          'Looking up pypi simple dependency via fallback',\n        );\n        dependency = await this.getSimpleDependency(\n          normalizedLookupName,\n          hostUrl,\n        );\n      }\n    }\n    return dependency;\n  }\n\n  private async getAuthHeaders(\n    lookupUrl: string,\n  ): Promise<OutgoingHttpHeaders> {\n    const parsedUrl = parseUrl(lookupUrl);\n    if (!parsedUrl) {\n      logger.once.debug({ lookupUrl }, 'Failed to parse URL');\n      return {};\n    }\n    if (parsedUrl.hostname.endsWith('.pkg.dev')) {\n      const auth = await getGoogleAuthToken();\n      if (auth) {\n        return { authorization: `Basic ${auth}` };\n      }\n      logger.once.debug({ lookupUrl }, 'Could not get Google access token');\n      return {};\n    }\n    return {};\n  }\n\n  private async getDependency(\n    packageName: string,\n    hostUrl: string,\n  ): Promise<ReleaseResult | null> {\n    const lookupUrl = url.resolve(\n      hostUrl,\n      `${normalizePythonDepName(packageName)}/json`,\n    );\n    const dependency: ReleaseResult = { releases: [] };\n    logger.trace({ lookupUrl }, 'Pypi api got lookup');\n    const headers = await this.getAuthHeaders(lookupUrl);\n    const rep = await this.http.getJsonUnchecked<PypiJSON>(lookupUrl, {\n      headers,\n    });\n    const dep = rep?.body;\n    if (!dep) {\n      logger.trace({ dependency: packageName }, 'pip package not found');\n      return null;\n    }\n    if (rep.authorization) {\n      dependency.isPrivate = true;\n    }\n    logger.trace({ lookupUrl }, 'Got pypi api result');\n\n    if (dep.info?.home_page) {\n      dependency.homepage = dep.info.home_page;\n      if (isGitHubRepo(dep.info.home_page)) {\n        dependency.sourceUrl = dep.info.home_page.replace(\n          'http://',\n          'https://',\n        );\n      }\n    }\n\n    if (dep.info?.project_urls) {\n      for (const [name, projectUrl] of Object.entries(dep.info.project_urls)) {\n        const lower = name.toLowerCase();\n\n        if (\n          !dependency.sourceUrl &&\n          (lower.startsWith('repo') ||\n            lower === 'code' ||\n            lower === 'source' ||\n            isGitHubRepo(projectUrl))\n        ) {\n          dependency.sourceUrl = projectUrl;\n        }\n\n        if (\n          !dependency.changelogUrl &&\n          ([\n            'changelog',\n            'change log',\n            'changes',\n            'release notes',\n            'news',\n            \"what's new\",\n          ].includes(lower) ||\n            changelogFilenameRegex.exec(lower))\n        ) {\n          // from https://github.com/pypa/warehouse/blob/418c7511dc367fb410c71be139545d0134ccb0df/warehouse/templates/packaging/detail.html#L24\n          dependency.changelogUrl = projectUrl;\n        }\n      }\n    }\n\n    if (dep.releases) {\n      const versions = Object.keys(dep.releases);\n      dependency.releases = versions.map((version) => {\n        const releases = coerceArray(dep.releases?.[version]);\n        const { upload_time: releaseTimestamp } = releases[0] || {};\n        const isDeprecated = releases.some(({ yanked }) => yanked);\n        const result: Release = {\n          version,\n          releaseTimestamp: asTimestamp(releaseTimestamp),\n        };\n        if (isDeprecated) {\n          result.isDeprecated = isDeprecated;\n        }\n        // There may be multiple releases with different requires_python, so we return all in an array\n        const pythonConstraints = releases\n          .map(({ requires_python }) => requires_python)\n          .filter(is.string);\n        result.constraints = {\n          python: Array.from(new Set(pythonConstraints)),\n        };\n        return result;\n      });\n    }\n    return dependency;\n  }\n\n  private static extractVersionFromLinkText(\n    text: string,\n    packageName: string,\n  ): string | null {\n    // source packages\n    const lcText = text.toLowerCase();\n    const normalizedSrcText = normalizePythonDepName(text);\n    const srcPrefix = `${packageName}-`;\n\n    // source distribution format: `{name}-{version}.tar.gz` (https://packaging.python.org/en/latest/specifications/source-distribution-format/#source-distribution-file-name)\n    // binary distribution: `{distribution}-{version}(-{build tag})?-{python tag}-{abi tag}-{platform tag}.whl` (https://packaging.python.org/en/latest/specifications/binary-distribution-format/#file-name-convention)\n    // officially both `name` and `distribution` should be normalized and then the - replaced with _, but in reality this is not the case\n    // We therefore normalize the name we have (replacing `_-.` with -) and then check if the text starts with the normalized name\n\n    if (!normalizedSrcText.startsWith(srcPrefix)) {\n      return null;\n    }\n\n    // strip off the prefix using the prefix length as we may have normalized the srcPrefix/packageName\n    // We assume that neither the version nor the suffix contains multiple `-` like `0.1.2---rc1.tar.gz`\n    // and use the difference in length to strip off the prefix in case the name contains double `--` characters\n    const normalizedLengthDiff = lcText.length - normalizedSrcText.length;\n    const res = lcText.slice(srcPrefix.length + normalizedLengthDiff);\n\n    // source distribution\n    const srcSuffixes = ['.tar.gz', '.tar.bz2', '.tar.xz', '.zip', '.tgz'];\n    const srcSuffix = srcSuffixes.find((suffix) => lcText.endsWith(suffix));\n    if (srcSuffix) {\n      // strip off the suffix using character length\n      return res.slice(0, -srcSuffix.length);\n    }\n\n    // binary distribution\n    // for binary distributions the version is the first part after the removed distribution name\n    const wheelSuffix = '.whl';\n    if (lcText.endsWith(wheelSuffix) && lcText.split('-').length > 2) {\n      return res.split('-')[0];\n    }\n    return null;\n  }\n\n  private static cleanSimpleHtml(html: string): string {\n    return (\n      html\n        .replace(regEx(/<\\/?pre>/), '')\n        // Certain simple repositories like artifactory don't escape > and <\n        .replace(\n          regEx(/data-requires-python=\"([^\"]*?)>([^\"]*?)\"/g),\n          'data-requires-python=\"$1&gt;$2\"',\n        )\n        .replace(\n          regEx(/data-requires-python=\"([^\"]*?)<([^\"]*?)\"/g),\n          'data-requires-python=\"$1&lt;$2\"',\n        )\n    );\n  }\n\n  private async getSimpleDependency(\n    packageName: string,\n    hostUrl: string,\n  ): Promise<ReleaseResult | null> {\n    const lookupUrl = url.resolve(\n      hostUrl,\n      ensureTrailingSlash(normalizePythonDepName(packageName)),\n    );\n    const dependency: ReleaseResult = { releases: [] };\n    const headers = await this.getAuthHeaders(lookupUrl);\n    const response = await this.http.getText(lookupUrl, { headers });\n    const dep = response?.body;\n    if (!dep) {\n      logger.trace({ dependency: packageName }, 'pip package not found');\n      return null;\n    }\n    if (response.authorization) {\n      dependency.isPrivate = true;\n    }\n    const root = parse(PypiDatasource.cleanSimpleHtml(dep));\n    const links = root.querySelectorAll('a');\n    const releases: Releases = {};\n    for (const link of Array.from(links)) {\n      const version = PypiDatasource.extractVersionFromLinkText(\n        link.text?.trim(),\n        packageName,\n      );\n      if (version) {\n        const release: PypiJSONRelease = {\n          yanked: link.hasAttribute('data-yanked'),\n        };\n        const requiresPython = link.getAttribute('data-requires-python');\n        if (requiresPython) {\n          release.requires_python = requiresPython;\n        }\n        if (!releases[version]) {\n          releases[version] = [];\n        }\n        releases[version].push(release);\n      }\n    }\n    const versions = Object.keys(releases);\n    dependency.releases = versions.map((version) => {\n      const versionReleases = coerceArray(releases[version]);\n      const isDeprecated = versionReleases.some(({ yanked }) => yanked);\n      const result: Release = { version };\n      if (isDeprecated) {\n        result.isDeprecated = isDeprecated;\n      }\n      // There may be multiple releases with different requires_python, so we return all in an array\n      result.constraints = {\n        // TODO: string[] isn't allowed here\n        python: versionReleases.map(\n          ({ requires_python }) => requires_python,\n        ) as any,\n      };\n      return result;\n    });\n    return dependency;\n  }\n}\n"]}

package/dist/modules/manager/npm/schema.d.ts

@@ -125,6 +125,7 @@ export declare const PackageJson: z.ZodPipeline<z.ZodEffects<z.ZodString, string
     }, string>>;
     volta: z.ZodOptional<z.ZodEffects<z.ZodRecord<z.ZodString, z.ZodAny>, Record<string, string>, Record<string, any>>>;
 }, "strip", z.ZodTypeAny, {
+    engines?: Record<string, string> | undefined;
     dependencies?: Record<string, string> | undefined;
     devDependencies?: Record<string, string> | undefined;
     peerDependencies?: Record<string, string> | undefined;
@@ -141,9 +142,9 @@ export declare const PackageJson: z.ZodPipeline<z.ZodEffects<z.ZodString, string
             version?: string | undefined;
         }[] | undefined;
     } | undefined;
-    engines?: Record<string, string> | undefined;
     volta?: Record<string, string> | undefined;
 }, {
+    engines?: Record<string, any> | undefined;
     dependencies?: Record<string, any> | undefined;
     devDependencies?: Record<string, any> | undefined;
     peerDependencies?: Record<string, any> | undefined;
@@ -157,7 +158,6 @@ export declare const PackageJson: z.ZodPipeline<z.ZodEffects<z.ZodString, string
             version?: string | undefined;
         }[] | undefined;
     } | undefined;
-    engines?: Record<string, any> | undefined;
     volta?: Record<string, any> | undefined;
 }>>;
 export type PackageJson = z.infer<typeof PackageJson>;

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "renovate",
   "description": "Automated dependency updates. Flexible so you don't need to be.",
-  "version": "41.155.0",
+  "version": "41.155.2",
   "type": "commonjs",
   "bin": {
     "renovate": "dist/renovate.js",
@@ -145,7 +145,7 @@
     "diff": "8.0.2",
     "editorconfig": "3.0.1",
     "email-addresses": "5.0.0",
-    "emoji-regex": "10.5.0",
+    "emoji-regex": "10.6.0",
     "emojibase": "16.0.0",
     "emojibase-regex": "16.0.0",
     "extract-zip": "2.0.1",
@@ -186,7 +186,7 @@
     "prettier": "3.6.2",
     "protobufjs": "7.5.4",
     "punycode": "2.3.1",
-    "redis": "4.7.1",
+    "redis": "5.8.3",
     "remark": "15.0.1",
     "remark-gfm": "4.0.1",
     "remark-github": "12.0.0",
@@ -348,7 +348,7 @@
     "test-e2e:pack": "pnpm pack",
     "test-e2e:install": "cd test/e2e && pnpm --ignore-workspace install --no-lockfile --prod",
     "test-e2e:run": "cd test/e2e && pnpm test",
-    "test-schema": "run-s create-json-schema",
+    "test-schema": "run-s create-json-schema && tsx tools/validate-schema.ts",
     "test:docs": "node --test tools/docs/test/**/*.mjs",
     "schedule-test-shards": "SCHEDULE_TEST_SHARDS=true tsx tools/test-shards.ts",
     "tsc": "tsc",

package/renovate-schema.json

@@ -1,7 +1,7 @@
 {
-  "title": "JSON schema for Renovate 41.155.0 config files (https://renovatebot.com/)",
+  "title": "JSON schema for Renovate 41.155.2 config files (https://renovatebot.com/)",
   "$schema": "http://json-schema.org/draft-04/schema#",
-  "x-renovate-version": "41.155.0",
+  "x-renovate-version": "41.155.2",
   "allowComments": true,
   "type": "object",
   "properties": {