Remove freezing dependencies in pyproject.toml

markhallen · markhallen · commit ed4fb5af57c8 · 2025-04-12T11:23:55.000Z
diff --git a/bin/dry-run.rb b/bin/dry-run.rb
@@ -853,7 +853,7 @@ def security_fix?(dependency)
 
   # rubocop:enable Style/GlobalVars
 rescue StandardError => e
-  puts "An error occurred: #{e.message}"
+  puts "An error occurred: #{e.class}, #{e.message}"
   exit 1
 end
 
diff --git a/uv/lib/dependabot/uv/file_updater/lock_file_updater.rb b/uv/lib/dependabot/uv/file_updater/lock_file_updater.rb
@@ -155,17 +155,10 @@ def prepared_pyproject
             begin
               content = updated_pyproject_content
               content = sanitize(content)
-              content = freeze_other_dependencies(content)
               content
             end
         end
 
-        def freeze_other_dependencies(pyproject_content)
-          PyprojectPreparer
-            .new(pyproject_content: pyproject_content, lockfile: lockfile)
-            .freeze_top_level_dependencies_except(dependencies)
-        end
-
         def sanitize(pyproject_content)
           PyprojectPreparer
             .new(pyproject_content: pyproject_content)
diff --git a/uv/lib/dependabot/uv/file_updater/pyproject_preparer.rb b/uv/lib/dependabot/uv/file_updater/pyproject_preparer.rb
@@ -21,54 +21,6 @@ def initialize(pyproject_content:, lockfile: nil)
           @lines = pyproject_content.split("\n")
         end
 
-        def freeze_top_level_dependencies_except(dependencies_to_update)
-          return @pyproject_content unless lockfile
-
-          deps_to_update_names = dependencies_to_update.map(&:name).map { |n| Uv::FileParser.normalize_dependency_name(n) }
-          locked_deps = parsed_lockfile_dependencies || {}
-          in_dependencies = false
-          in_dependencies_array = false
-
-          updated_lines = @lines.map do |line|
-            if line.match?(/^\[project\]/)
-              in_dependencies = true
-              in_dependencies_array = false
-              line
-            elsif line.match?(/^dependencies\s*=\s*\[/)
-              in_dependencies_array = true
-              line
-            elsif in_dependencies && in_dependencies_array && line.strip.start_with?('"')
-              # Extract the full dependency string without quotes and trailing comma
-              dep_string = line.strip.gsub(/^"|"(?:,\s*)?$/, '')
-              parsed = parse_dependency(dep_string)
-
-              if parsed[:name]
-                normalized_name = Uv::FileParser.normalize_dependency_name(parsed[:name])
-
-                if deps_to_update_names.include?(normalized_name)
-                  line
-                else
-                  version = locked_version_for_dep(locked_deps, normalized_name)
-                  if version
-                    prefix = " " * line[/^\s*/].length
-                    suffix = line.end_with?(",") ? "," : ""
-                    dep_str = parsed[:extras] ? "#{parsed[:name]}[#{parsed[:extras]}]" : parsed[:name]
-                    %Q(#{prefix}"#{dep_str}==#{version}"#{suffix})
-                  else
-                    line
-                  end
-                end
-              else
-                line
-              end
-            else
-              line
-            end
-          end
-
-          @pyproject_content = updated_lines.join("\n")
-        end
-
         def update_python_requirement(python_version)
           return @pyproject_content unless python_version
 
@@ -115,86 +67,9 @@ def sanitize
 
         attr_reader :lockfile
 
-        def parsed_lockfile
-          @parsed_lockfile ||= lockfile ? parse_lockfile(lockfile.content) : {}
-        end
-
-        def parse_lockfile(content)
-          TomlRB.parse(content)
-        rescue TomlRB::ParseError
-          {} # Return empty hash if parsing fails
-        end
-
-        def parsed_lockfile_dependencies
-          return {} unless lockfile
-
-          deps = {}
-          parsed = parsed_lockfile
-
-          # Handle UV lock format (version 1)
-          if parsed["version"] == 1 && parsed["package"].is_a?(Array)
-            parsed["package"].each do |pkg|
-              next unless pkg["name"] && pkg["version"]
-
-              deps[pkg["name"]] = { "version" => pkg["version"] }
-            end
-          # Handle traditional Poetry-style lock format
-          elsif parsed["dependencies"]
-            deps = parsed["dependencies"]
-          end
-
-          deps
-        end
-
-        def locked_version_for_dep(locked_deps, dep_name)
-          locked_deps.each do |name, details|
-            next unless Uv::FileParser.normalize_dependency_name(name) == dep_name
-            return details["version"] if details.is_a?(Hash) && details["version"]
-          end
-          nil
-        end
-
         def sanitize_env_name(url)
           url.gsub(%r{^https?://}, "").gsub(/[^a-zA-Z0-9]/, "_").upcase
         end
-
-        def freeze_dependency(dep_string, deps_to_update_names, locked_deps)
-          dep_match = dep_string.match(/^([^\[\]=<>!]+)(?:\[([^\]]+)\])?/)
-          return dep_string unless dep_match
-
-          dep_name = dep_match[1].strip
-          dep_extra = dep_match[2]
-
-          normalized_name = Uv::FileParser.normalize_dependency_name(dep_name)
-
-          return dep_string if deps_to_update_names.include?(normalized_name)
-
-          version = locked_version_for_dep(locked_deps, normalized_name)
-          return dep_string unless version
-
-          dep_extra ? "#{dep_name}[#{dep_extra}]==#{version}" : "#{dep_name}==#{version}"
-        end
-
-        def parse_dependency(dep_string)
-          # Split by common version operators
-          parts = dep_string.split(/(?=[<>=~!])/)
-          name_part = parts.first.strip
-          version_part = parts[1..]&.join&.strip
-
-          # Handle extras in name
-          if name_part.include?("[")
-            name, extras = name_part.split("[", 2)
-            extras = extras.chomp("]")
-          else
-            name = name_part
-          end
-
-          {
-            name: name.strip,
-            extras: extras,
-            version_spec: version_part
-          }
-        end
       end
     end
   end
diff --git a/uv/spec/dependabot/uv/file_updater/lock_file_updater_spec.rb b/uv/spec/dependabot/uv/file_updater/lock_file_updater_spec.rb
@@ -120,10 +120,6 @@
         allow(Dependabot::Uv::FileUpdater::PyprojectPreparer).to receive(:new)
           .and_return(pyproject_preparer)
 
-        allow(pyproject_preparer).to receive(:freeze_top_level_dependencies_except)
-          .with(dependencies)
-          .and_return("frozen content")
-
         allow(pyproject_preparer).to receive_messages(
           update_python_requirement: "python requirement updated content",
           sanitize: "sanitized content"
diff --git a/uv/spec/dependabot/uv/file_updater/pyproject_preparer_spec.rb b/uv/spec/dependabot/uv/file_updater/pyproject_preparer_spec.rb
@@ -77,190 +77,6 @@
     end
   end
 
-  describe "#freeze_top_level_dependencies_except" do
-    subject(:frozen_content) do
-      preparer.freeze_top_level_dependencies_except([dependency])
-    end
-
-    it "pins all dependencies except the updated one" do
-      expect(frozen_content).to include("requests>=2.31.0") # The original constraint
-    end
-
-    context "with multiple dependencies including one to update" do
-      let(:pyproject_content) do
-        <<~TOML
-          [project]
-          name = "sample-project"
-          version = "0.1.0"
-          requires-python = ">=3.7"
-          dependencies = [
-              "requests>=2.31.0",
-              "certifi>=2025.1.0",
-          ]
-
-          [build-system]
-          requires = ["setuptools>=42", "wheel"]
-          build-backend = "setuptools.build_meta"
-        TOML
-      end
-
-      it "pins all dependencies except the updated one" do
-        expect(frozen_content).to include("requests>=2.31.0") # Dependency to update, not pinned
-        expect(frozen_content).to include("certifi==2025.1.31") # Other dependency, pinned to lock version
-      end
-    end
-
-    context "without a lockfile" do
-      let(:lockfile) { nil }
-
-      it "returns the original content" do
-        expect(frozen_content).to eq(pyproject_content)
-      end
-    end
-
-    context "with dependencies containing extras" do
-      let(:pyproject_content) do
-        <<~TOML
-          [project]
-          name = "sample-project"
-          version = "0.1.0"
-          requires-python = ">=3.7"
-          dependencies = [
-              "django>=5.1.7",
-              "django-storages[google]>=1.14.5",
-              "whitenoise>=6.8.2",
-          ]
-        TOML
-      end
-
-      let(:lockfile_content) do
-        <<~TOML
-          version = 1
-          [[package]]
-          name = "django"
-          version = "5.1.7"
-
-          [[package]]
-          name = "django-storages"
-          version = "1.14.5"
-
-          [[package]]
-          name = "whitenoise"
-          version = "6.8.2"
-        TOML
-      end
-
-      let(:dependency) do
-        Dependabot::Dependency.new(
-          name: "django",
-          version: "5.1.8",
-          requirements: [{
-            file: "pyproject.toml",
-            requirement: ">=5.1.8",
-            groups: [],
-            source: nil
-          }],
-          previous_version: "5.1.7",
-          previous_requirements: [{
-            file: "pyproject.toml",
-            requirement: ">=5.1.7",
-            groups: [],
-            source: nil
-          }],
-          package_manager: "uv"
-        )
-      end
-
-      it "pins dependencies preserving extras correctly" do
-        expect(frozen_content).to include("django>=5.1.7") # dependency to update, not pinned
-        expect(frozen_content).to include("django-storages[google]==1.14.5") # extra preserved and pinned
-        expect(frozen_content).to include("whitenoise==6.8.2") # pinned without extras
-      end
-    end
-
-    context "with dependency goups with include-group" do
-      let(:pyproject_content) do
-        <<~TOML
-          [project]
-          name = "test-project"
-          version = "1.0.0"
-          dependencies = [
-              "requests>=2.0.0",
-              "click>=8.0.0"
-          ]
-
-          [dependency-groups]
-          test = [
-              "pytest>=7.0.0",
-              { include-group = "coverage" }
-          ]
-          coverage = [
-              "coverage>=7.0.0",
-              "pytest-cov>=4.0.0"
-          ]
-          dev = [
-              { include-group = "test" },
-              "black>=23.0.0"
-          ]
-        TOML
-      end
-      let(:lockfile_content) do
-        <<~TOML
-          version = 1
-          [[package]]
-          name = "requests"
-          version = "2.0.0"
-
-          [[package]]
-          name = "click"
-          version = "8.0.0"
-
-          [[package]]
-          name = "pytest"
-          version = "7.0.0"
-
-          [[package]]
-          name = "coverage"
-          version = "7.0.0"
-
-          [[package]]
-          name = "pytest-cov"
-          version = "4.0.0"
-
-          [[package]]
-          name = "black"
-          version = "23.0.0"
-        TOML
-      end
-      let(:dependency) do
-        Dependabot::Dependency.new(
-          name: "pytest",
-          version: "7.0.1",
-          requirements: [{
-            file: "pyproject.toml",
-            requirement: ">=7.0.1",
-            groups: ["test"],
-            source: nil
-          }],
-          previous_version: "7.0.0",
-          previous_requirements: [{
-            file: "pyproject.toml",
-            requirement: ">=7.0.0",
-            groups: ["test"],
-            source: nil
-          }],
-          package_manager: "uv"
-        )
-      end
-      it "pins dependencies preserving groups correctly" do
-        expect(frozen_content).to include("pytest>=7.0.0") # dependency to update, not pinned
-        expect(frozen_content).to include("coverage==7.0.0") # extra preserved and pinned
-        expect(frozen_content).to include("pytest-cov==4.0.0") # extra preserved and pinned
-        expect(frozen_content).to include("black==23.0.0") # pinned without extras
-      end
-    end
-  end
-
   describe "#update_python_requirement" do
     subject(:updated_content) { preparer.update_python_requirement("3.10") }
 
diff --git a/uv/spec/fixtures/pyproject_files/complex_groups.toml b/uv/spec/fixtures/pyproject_files/complex_groups.toml
