Merge branch 'main' into kamil/update_package_manager_abstraction_for…

…_bundler_and_composer

Gemfile.lock

@@ -1,20 +1,20 @@
 PATH
   remote: bundler
   specs:
-    dependabot-bundler (0.281.0)
-      dependabot-common (= 0.281.0)
+    dependabot-bundler (0.282.0)
+      dependabot-common (= 0.282.0)
       parallel (~> 1.24)
 
 PATH
   remote: cargo
   specs:
-    dependabot-cargo (0.281.0)
-      dependabot-common (= 0.281.0)
+    dependabot-cargo (0.282.0)
+      dependabot-common (= 0.282.0)
 
 PATH
   remote: common
   specs:
-    dependabot-common (0.281.0)
+    dependabot-common (0.282.0)
       aws-sdk-codecommit (~> 1.28)
       aws-sdk-ecr (~> 1.5)
       bundler (>= 1.16, < 3.0.0)
@@ -38,107 +38,107 @@ PATH
 PATH
   remote: composer
   specs:
-    dependabot-composer (0.281.0)
-      dependabot-common (= 0.281.0)
+    dependabot-composer (0.282.0)
+      dependabot-common (= 0.282.0)
 
 PATH
   remote: devcontainers
   specs:
-    dependabot-devcontainers (0.281.0)
-      dependabot-common (= 0.281.0)
+    dependabot-devcontainers (0.282.0)
+      dependabot-common (= 0.282.0)
 
 PATH
   remote: docker
   specs:
-    dependabot-docker (0.281.0)
-      dependabot-common (= 0.281.0)
+    dependabot-docker (0.282.0)
+      dependabot-common (= 0.282.0)
 
 PATH
   remote: elm
   specs:
-    dependabot-elm (0.281.0)
-      dependabot-common (= 0.281.0)
+    dependabot-elm (0.282.0)
+      dependabot-common (= 0.282.0)
 
 PATH
   remote: git_submodules
   specs:
-    dependabot-git_submodules (0.281.0)
-      dependabot-common (= 0.281.0)
+    dependabot-git_submodules (0.282.0)
+      dependabot-common (= 0.282.0)
       parseconfig (~> 1.0, < 1.1.0)
 
 PATH
   remote: github_actions
   specs:
-    dependabot-github_actions (0.281.0)
-      dependabot-common (= 0.281.0)
+    dependabot-github_actions (0.282.0)
+      dependabot-common (= 0.282.0)
 
 PATH
   remote: go_modules
   specs:
-    dependabot-go_modules (0.281.0)
-      dependabot-common (= 0.281.0)
+    dependabot-go_modules (0.282.0)
+      dependabot-common (= 0.282.0)
 
 PATH
   remote: gradle
   specs:
-    dependabot-gradle (0.281.0)
-      dependabot-common (= 0.281.0)
-      dependabot-maven (= 0.281.0)
+    dependabot-gradle (0.282.0)
+      dependabot-common (= 0.282.0)
+      dependabot-maven (= 0.282.0)
 
 PATH
   remote: hex
   specs:
-    dependabot-hex (0.281.0)
-      dependabot-common (= 0.281.0)
+    dependabot-hex (0.282.0)
+      dependabot-common (= 0.282.0)
 
 PATH
   remote: maven
   specs:
-    dependabot-maven (0.281.0)
-      dependabot-common (= 0.281.0)
+    dependabot-maven (0.282.0)
+      dependabot-common (= 0.282.0)
 
 PATH
   remote: npm_and_yarn
   specs:
-    dependabot-npm_and_yarn (0.281.0)
-      dependabot-common (= 0.281.0)
+    dependabot-npm_and_yarn (0.282.0)
+      dependabot-common (= 0.282.0)
 
 PATH
   remote: nuget
   specs:
-    dependabot-nuget (0.281.0)
-      dependabot-common (= 0.281.0)
+    dependabot-nuget (0.282.0)
+      dependabot-common (= 0.282.0)
       rubyzip (>= 2.3.2, < 3.0)
 
 PATH
   remote: pub
   specs:
-    dependabot-pub (0.281.0)
-      dependabot-common (= 0.281.0)
+    dependabot-pub (0.282.0)
+      dependabot-common (= 0.282.0)
 
 PATH
   remote: python
   specs:
-    dependabot-python (0.281.0)
-      dependabot-common (= 0.281.0)
+    dependabot-python (0.282.0)
+      dependabot-common (= 0.282.0)
 
 PATH
   remote: silent
   specs:
-    dependabot-silent (0.281.0)
-      dependabot-common (= 0.281.0)
+    dependabot-silent (0.282.0)
+      dependabot-common (= 0.282.0)
 
 PATH
   remote: swift
   specs:
-    dependabot-swift (0.281.0)
-      dependabot-common (= 0.281.0)
+    dependabot-swift (0.282.0)
+      dependabot-common (= 0.282.0)
 
 PATH
   remote: terraform
   specs:
-    dependabot-terraform (0.281.0)
-      dependabot-common (= 0.281.0)
+    dependabot-terraform (0.282.0)
+      dependabot-common (= 0.282.0)
 
 GEM
   remote: https://rubygems.org/

common/lib/dependabot.rb

@@ -2,5 +2,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.281.0"
+  VERSION = "0.282.0"
 end

npm_and_yarn/helpers/package.json

@@ -21,7 +21,7 @@
     "patch-package": "^8.0.0"
   },
   "devDependencies": {
-    "eslint": "^9.12.0",
+    "eslint": "^9.13.0",
     "eslint-config-prettier": "^9.1.0",
     "jest": "^29.7.0",
     "prettier": "^3.3.3"

python/lib/dependabot/python/update_checker.rb

@@ -234,8 +234,8 @@ def updated_version_req_lower_bound
                       .reject { |req_string| req_string.start_with?("<") }
                       .select { |req_string| req_string.match?(VERSION_REGEX) }
                       .map { |req_string| req_string.match(VERSION_REGEX) }
-                      .select { |version| Gem::Version.correct?(version) }
-                      .max_by { |version| Gem::Version.new(version) }
+                      .select { |version| Python::Version.correct?(version) }
+                      .max_by { |version| Python::Version.new(version) }
 
         ">=#{version_for_requirement || 0}"
       end

python/lib/dependabot/python/version.rb

@@ -214,6 +214,38 @@ def lowest_prerelease_suffix
         "dev0"
       end
 
+      sig { override.returns(T::Array[String]) }
+      def ignored_patch_versions
+        parts = release_segment # e.g [1,2,3] if version is 1.2.3-alpha3
+        version_parts = parts.fill(0, parts.length...2)
+        upper_parts = version_parts.first(1) + [version_parts[1].to_i + 1] + [lowest_prerelease_suffix]
+        lower_bound = "> #{self}"
+        upper_bound = "< #{upper_parts.join('.')}"
+
+        ["#{lower_bound}, #{upper_bound}"]
+      end
+
+      sig { override.returns(T::Array[String]) }
+      def ignored_minor_versions
+        parts = release_segment # e.g [1,2,3] if version is 1.2.3-alpha3
+        version_parts = parts.fill(0, parts.length...2)
+        lower_parts = version_parts.first(1) + [version_parts[1].to_i + 1] + [lowest_prerelease_suffix]
+        upper_parts = version_parts.first(0) + [version_parts[0].to_i + 1] + [lowest_prerelease_suffix]
+        lower_bound = ">= #{lower_parts.join('.')}"
+        upper_bound = "< #{upper_parts.join('.')}"
+
+        ["#{lower_bound}, #{upper_bound}"]
+      end
+
+      sig { override.returns(T::Array[String]) }
+      def ignored_major_versions
+        version_parts = release_segment # e.g [1,2,3] if version is 1.2.3-alpha3
+        lower_parts = [version_parts[0].to_i + 1] + [lowest_prerelease_suffix] # earliest next major version prerelease
+        lower_bound = ">= #{lower_parts.join('.')}"
+
+        [lower_bound]
+      end
+
       private
 
       sig { params(other: Dependabot::Python::Version).returns(Integer) }

python/spec/dependabot/python/version_spec.rb

@@ -77,10 +77,6 @@
   describe ".new" do
     subject(:version) { described_class.new(version_string) }
 
-    before do
-      Dependabot::Experiments.register(:python_new_version, true)
-    end
-
     context "with an empty string" do
       let(:version_string) { "" }
       let(:error_msg) { "Malformed version string - string is empty" }
@@ -342,6 +338,30 @@
     it { is_expected.to eq "dev0" }
   end
 
+  describe "#ignored_major_versions" do
+    subject(:ignored_versions) { version.ignored_major_versions }
+
+    let(:version_string) { "1.2.3-alpha.1" }
+
+    it { is_expected.to eq([">= 2.dev0"]) }
+  end
+
+  describe "#ignored_minor_versions" do
+    subject(:ignored_versions) { version.ignored_minor_versions }
+
+    let(:version_string) { "1.2.3-alpha.1" }
+
+    it { is_expected.to eq([">= 1.3.dev0, < 2.dev0"]) }
+  end
+
+  describe "#ignored_patch_versions" do
+    subject(:ignored_versions) { version.ignored_patch_versions }
+
+    let(:version_string) { "1.2.3-alpha.1" }
+
+    it { is_expected.to eq(["> #{version_string}, < 1.3.dev0"]) }
+  end
+
   describe "compatibility with Gem::Requirement" do
     subject { requirement.satisfied_by?(version) }