Merge branch 'main' into kamil/add_cooldown_to_configuration

dependabot · Feb 28, 2025 · b013bf0 · b013bf0
2 parents 0442dc4 + b9ea83b
commit b013bf0
Show file tree

Hide file tree

Showing 472 changed files with 48,432 additions and 104 deletions.
diff --git a/.github/ci-filters.yml b/.github/ci-filters.yml
@@ -72,3 +72,6 @@ swift:
 terraform:
   - *shared
   - 'terraform/**'
+uv:
+  - *shared
+  - 'uv/**'
diff --git a/.github/issue-labeler.yml b/.github/issue-labeler.yml
@@ -47,7 +47,10 @@
     - '(dart|pub)'
 
 "L: python":
-    - '(python|pip|poetry)'
+    - '(python|pip|poetry|uv)'
+
+"L: python:uv":
+    - '(uv)'
 
 "L: terraform":
     - '(terraform)'

diff --git a/.github/labeler.yml b/.github/labeler.yml
@@ -72,6 +72,10 @@
 - changed-files:
   - any-glob-to-any-file: python/**
 
+"L: python:uv":
+- changed-files:
+  - any-glob-to-any-file: uv/**
+
 "L: terraform":
 - changed-files:
   - any-glob-to-any-file: terraform/**

diff --git a/.github/smoke-filters.yml b/.github/smoke-filters.yml
@@ -65,3 +65,6 @@ swift:
 terraform:
   - *common
   - 'terraform/**'
+uv:
+  - *common
+  - 'uv/**'
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -38,6 +38,7 @@ jobs:
           - { path: devcontainers, name: devcontainers, ecosystem: devcontainers }
           - { path: terraform, name: terraform, ecosystem: terraform }
           - { path: bun, name: bun, ecosystem: bun }
+          - { path: uv, name: uv, ecosystem: uv }
 
     steps:
       - name: Checkout code

diff --git a/.github/workflows/images-branch.yml b/.github/workflows/images-branch.yml
@@ -78,6 +78,7 @@ jobs:
           - { name: devcontainers, ecosystem: devcontainers }
           - { name: terraform, ecosystem: terraform }
           - { name: bun, ecosystem: bun }
+          - { name: uv, ecosystem: uv }
     permissions:
       contents: read
       id-token: write

diff --git a/.github/workflows/images-latest.yml b/.github/workflows/images-latest.yml
@@ -55,6 +55,7 @@ jobs:
           - { name: swift, ecosystem: swift }
           - { name: devcontainers, ecosystem: devcontainers }
           - { name: terraform, ecosystem: terraform }
+          - { name: uv, ecosystem: uv }
     env:
       COMMIT_SHA: ${{ github.sha }}
       NAME: ${{ matrix.suite.name }}

diff --git a/Dockerfile.updater-core b/Dockerfile.updater-core
@@ -106,9 +106,10 @@ COPY --chown=dependabot:dependabot python/.bundle python/dependabot-python.gemsp
 COPY --chown=dependabot:dependabot silent/.bundle silent/dependabot-silent.gemspec silent/
 COPY --chown=dependabot:dependabot swift/.bundle swift/dependabot-swift.gemspec swift/
 COPY --chown=dependabot:dependabot terraform/.bundle terraform/dependabot-terraform.gemspec terraform/
+COPY --chown=dependabot:dependabot uv/.bundle uv/dependabot-uv.gemspec uv/
 
 # prevent having all the source in every ecosystem image
-RUN for ecosystem in git_submodules terraform github_actions hex elm docker docker_compose nuget maven gradle cargo composer go_modules python pub npm_and_yarn bundler silent swift devcontainers dotnet_sdk bun; do \
+RUN for ecosystem in git_submodules terraform github_actions hex elm docker docker_compose nuget maven gradle cargo composer go_modules python pub npm_and_yarn bundler silent swift devcontainers dotnet_sdk bun uv; do \
     mkdir -p $ecosystem/lib/dependabot; \
     touch $ecosystem/lib/dependabot/$ecosystem.rb; \
   done

diff --git a/Gemfile b/Gemfile
@@ -25,6 +25,7 @@ gem "dependabot-python", path: "python"
 gem "dependabot-silent", path: "silent"
 gem "dependabot-swift", path: "swift"
 gem "dependabot-terraform", path: "terraform"
+gem "dependabot-uv", path: "uv"
 
 # Sorbet
 gem "sorbet", "0.5.11630", group: :development

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -1,26 +1,26 @@
 PATH
   remote: bun
   specs:
-    dependabot-bun (0.298.0)
-      dependabot-common (= 0.298.0)
+    dependabot-bun (0.299.1)
+      dependabot-common (= 0.299.1)
 
 PATH
   remote: bundler
   specs:
-    dependabot-bundler (0.298.0)
-      dependabot-common (= 0.298.0)
+    dependabot-bundler (0.299.1)
+      dependabot-common (= 0.299.1)
       parallel (~> 1.24)
 
 PATH
   remote: cargo
   specs:
-    dependabot-cargo (0.298.0)
-      dependabot-common (= 0.298.0)
+    dependabot-cargo (0.299.1)
+      dependabot-common (= 0.299.1)
 
 PATH
   remote: common
   specs:
-    dependabot-common (0.298.0)
+    dependabot-common (0.299.1)
       aws-sdk-codecommit (~> 1.28)
       aws-sdk-ecr (~> 1.5)
       bundler (>= 1.16, < 3.0.0)
@@ -44,120 +44,126 @@ PATH
 PATH
   remote: composer
   specs:
-    dependabot-composer (0.298.0)
-      dependabot-common (= 0.298.0)
+    dependabot-composer (0.299.1)
+      dependabot-common (= 0.299.1)
 
 PATH
   remote: devcontainers
   specs:
-    dependabot-devcontainers (0.298.0)
-      dependabot-common (= 0.298.0)
+    dependabot-devcontainers (0.299.1)
+      dependabot-common (= 0.299.1)
 
 PATH
   remote: docker_compose
   specs:
-    dependabot-docker_compose (0.298.0)
-      dependabot-common (= 0.298.0)
-      dependabot-docker (= 0.298.0)
+    dependabot-docker_compose (0.299.1)
+      dependabot-common (= 0.299.1)
+      dependabot-docker (= 0.299.1)
 
 PATH
   remote: docker
   specs:
-    dependabot-docker (0.298.0)
-      dependabot-common (= 0.298.0)
+    dependabot-docker (0.299.1)
+      dependabot-common (= 0.299.1)
 
 PATH
   remote: dotnet_sdk
   specs:
-    dependabot-dotnet_sdk (0.298.0)
-      dependabot-common (= 0.298.0)
+    dependabot-dotnet_sdk (0.299.1)
+      dependabot-common (= 0.299.1)
 
 PATH
   remote: elm
   specs:
-    dependabot-elm (0.298.0)
-      dependabot-common (= 0.298.0)
+    dependabot-elm (0.299.1)
+      dependabot-common (= 0.299.1)
 
 PATH
   remote: git_submodules
   specs:
-    dependabot-git_submodules (0.298.0)
-      dependabot-common (= 0.298.0)
+    dependabot-git_submodules (0.299.1)
+      dependabot-common (= 0.299.1)
       parseconfig (~> 1.0, < 1.1.0)
 
 PATH
   remote: github_actions
   specs:
-    dependabot-github_actions (0.298.0)
-      dependabot-common (= 0.298.0)
+    dependabot-github_actions (0.299.1)
+      dependabot-common (= 0.299.1)
 
 PATH
   remote: go_modules
   specs:
-    dependabot-go_modules (0.298.0)
-      dependabot-common (= 0.298.0)
+    dependabot-go_modules (0.299.1)
+      dependabot-common (= 0.299.1)
 
 PATH
   remote: gradle
   specs:
-    dependabot-gradle (0.298.0)
-      dependabot-common (= 0.298.0)
-      dependabot-maven (= 0.298.0)
+    dependabot-gradle (0.299.1)
+      dependabot-common (= 0.299.1)
+      dependabot-maven (= 0.299.1)
 
 PATH
   remote: hex
   specs:
-    dependabot-hex (0.298.0)
-      dependabot-common (= 0.298.0)
+    dependabot-hex (0.299.1)
+      dependabot-common (= 0.299.1)
 
 PATH
   remote: maven
   specs:
-    dependabot-maven (0.298.0)
-      dependabot-common (= 0.298.0)
+    dependabot-maven (0.299.1)
+      dependabot-common (= 0.299.1)
 
 PATH
   remote: npm_and_yarn
   specs:
-    dependabot-npm_and_yarn (0.298.0)
-      dependabot-common (= 0.298.0)
+    dependabot-npm_and_yarn (0.299.1)
+      dependabot-common (= 0.299.1)
 
 PATH
   remote: nuget
   specs:
-    dependabot-nuget (0.298.0)
-      dependabot-common (= 0.298.0)
+    dependabot-nuget (0.299.1)
+      dependabot-common (= 0.299.1)
       rubyzip (>= 2.3.2, < 3.0)
 
 PATH
   remote: pub
   specs:
-    dependabot-pub (0.298.0)
-      dependabot-common (= 0.298.0)
+    dependabot-pub (0.299.1)
+      dependabot-common (= 0.299.1)
 
 PATH
   remote: python
   specs:
-    dependabot-python (0.298.0)
-      dependabot-common (= 0.298.0)
+    dependabot-python (0.299.1)
+      dependabot-common (= 0.299.1)
 
 PATH
   remote: silent
   specs:
-    dependabot-silent (0.298.0)
-      dependabot-common (= 0.298.0)
+    dependabot-silent (0.299.1)
+      dependabot-common (= 0.299.1)
 
 PATH
   remote: swift
   specs:
-    dependabot-swift (0.298.0)
-      dependabot-common (= 0.298.0)
+    dependabot-swift (0.299.1)
+      dependabot-common (= 0.299.1)
 
 PATH
   remote: terraform
   specs:
-    dependabot-terraform (0.298.0)
-      dependabot-common (= 0.298.0)
+    dependabot-terraform (0.299.1)
+      dependabot-common (= 0.299.1)
+
+PATH
+  remote: uv
+  specs:
+    dependabot-uv (0.299.1)
+      dependabot-common (= 0.299.1)
 
 GEM
   remote: https://rubygems.org/
@@ -414,6 +420,7 @@ DEPENDENCIES
   dependabot-silent!
   dependabot-swift!
   dependabot-terraform!
+  dependabot-uv!
   gpgme (~> 2.0)
   rake (~> 13)
   rspec-its (~> 1.3)

diff --git a/Rakefile b/Rakefile
@@ -37,6 +37,7 @@ GEMSPECS = %w(
   dotnet_sdk/dependabot-dotnet_sdk.gemspec
   bun/dependabot-bun.gemspec
   docker_compose/dependabot-docker_compose.gemspec
+  uv/dependabot-uv.gemspec
 ).freeze
 
 def run_command(command)

diff --git a/bin/docker-dev-shell b/bin/docker-dev-shell
@@ -244,6 +244,12 @@ docker run --rm -ti \
   -v "$(pwd)/terraform/lib:$CODE_DIR/terraform/lib" \
   -v "$(pwd)/terraform/script:$CODE_DIR/terraform/script" \
   -v "$(pwd)/terraform/spec:$CODE_DIR/terraform/spec" \
+  -v "$(pwd)/uv/.rubocop.yml:$CODE_DIR/uv/.rubocop.yml" \
+  -v "$(pwd)/uv/dependabot-uv.gemspec:$CODE_DIR/uv/dependabot-uv.gemspec" \
+  -v "$(pwd)/uv/helpers:$CODE_DIR/uv/helpers" \
+  -v "$(pwd)/uv/lib:$CODE_DIR/uv/lib" \
+  -v "$(pwd)/uv/script:$CODE_DIR/uv/script" \
+  -v "$(pwd)/uv/spec:$CODE_DIR/uv/spec" \
   -v "$(pwd)/tmp:/$CODE_DIR/tmp" \
   -v "$(pwd)/updater/.rubocop.yml:$CODE_DIR/dependabot-updater/.rubocop.yml" \
   -v "$(pwd)/updater/bin:$CODE_DIR/dependabot-updater/bin" \

diff --git a/bin/dry-run.rb b/bin/dry-run.rb
@@ -74,6 +74,7 @@
 $LOAD_PATH << "./pub/lib"
 $LOAD_PATH << "./swift/lib"
 $LOAD_PATH << "./terraform/lib"
+$LOAD_PATH << "./uv/lib"
 
 updater_image_gemfile = File.expand_path("../dependabot-updater/Gemfile", __dir__)
 updater_repo_gemfile = File.expand_path("../updater/Gemfile", __dir__)
@@ -122,6 +123,7 @@
 require "dependabot/pub"
 require "dependabot/swift"
 require "dependabot/terraform"
+require "dependabot/uv"
 
 # GitHub credentials with write permission to the repo you want to update
 # (so that you can create a new branch, commit and pull request).

diff --git a/cargo/Dockerfile b/cargo/Dockerfile
@@ -1,4 +1,4 @@
-FROM docker.io/library/rust:1.82.0-bookworm AS rust
+FROM docker.io/library/rust:1.85.0-bookworm AS rust
 
 FROM ghcr.io/dependabot/dependabot-updater-core
 

diff --git a/cargo/spec/dependabot/cargo/file_parser_spec.rb b/cargo/spec/dependabot/cargo/file_parser_spec.rb
@@ -868,7 +868,6 @@
       it "returns the correct package manager" do
         expect(package_manager.name).to eq "cargo"
         expect(package_manager.requirement).to be_nil
-        expect(package_manager.version.to_s).to eq "1.82.0"
       end
     end
 
@@ -878,7 +877,6 @@
       it "returns the correct language" do
         expect(language.name).to eq "rust"
         expect(language.requirement).to be_nil
-        expect(language.version.to_s).to eq "1.82.0"
       end
     end
   end

diff --git a/common/lib/dependabot.rb b/common/lib/dependabot.rb
@@ -2,5 +2,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.298.0"
+  VERSION = "0.299.1"
 end
diff --git a/common/lib/dependabot/config/file.rb b/common/lib/dependabot/config/file.rb
@@ -78,7 +78,8 @@ def self.parse(config)
         "pip" => "pip",
         "pub" => "pub",
         "swift" => "swift",
-        "terraform" => "terraform"
+        "terraform" => "terraform",
+        "uv" => "uv"
       }.freeze, T::Hash[String, String])
 
       sig { params(cfg: T.nilable(T::Hash[Symbol, T.untyped])).returns(T::Array[IgnoreCondition]) }

diff --git a/go_modules/lib/dependabot/go_modules/file_updater/go_mod_updater.rb b/go_modules/lib/dependabot/go_modules/file_updater/go_mod_updater.rb
@@ -207,7 +207,11 @@ def run_go_mod_tidy
           # updating versions because there are some edge cases where it's OK to fail
           # (such as generated files not available yet to us).
           _, stderr, status = Open3.capture3(environment, command)
-          Dependabot.logger.info "Failed to `go mod tidy`: #{stderr}" unless status.success?
+          if status.success?
+            Dependabot.logger.info "`go mod tidy` succeeded"
+          else
+            Dependabot.logger.info "Failed to `go mod tidy`: #{stderr}"
+          end
         end
 
         sig { void }

diff --git a/nuget/lib/dependabot/nuget/nuget_config_credential_helpers.rb b/nuget/lib/dependabot/nuget/nuget_config_credential_helpers.rb
@@ -28,7 +28,7 @@ def self.add_credentials_to_nuget_config(credentials)
 
         File.rename(user_nuget_config_path, temporary_nuget_config_path)
 
-        package_sources = []
+        package_sources = ["    <add key=\"nuget.org\" value=\"https://api.nuget.org/v3/index.json\" />"]
         package_source_credentials = []
         nuget_credentials.each_with_index do |c, i|
           source_name = "nuget_source_#{i + 1}"

diff --git a/nuget/spec/dependabot/nuget/nuget_config_credential_helpers_spec.rb b/nuget/spec/dependabot/nuget/nuget_config_credential_helpers_spec.rb
@@ -47,6 +47,7 @@
               <?xml version="1.0" encoding="utf-8"?>
               <configuration>
                 <packageSources>
+                  <add key="nuget.org" value="https://api.nuget.org/v3/index.json" />
                   <add key="nuget_source_1" value="https://private.nuget.example.com/index.json" />
                   <add key="nuget_source_2" value="https://public.nuget.example.com/index.json" />
                 </packageSources>
-Original file line number
+Diff line change
@@ Expand Up / @@ -72,3 +72,6 @@ swift: @@
     terraform:
       - *shared
       - 'terraform/**'
+    uv:
+      - *shared
+      - 'uv/**'