dependabot · jeffwidman · Nov 23, 2022 · Nov 22, 2022 · Nov 23, 2022 · Nov 23, 2022
@@ -106,6 +106,7 @@ def prepared_pyproject
               content = sanitize(content)
               content = freeze_other_dependencies(content)
               content = freeze_dependencies_being_updated(content)
+              content = update_python_requirement(content)
               content
             end
         end
@@ -131,6 +132,12 @@ def freeze_dependencies_being_updated(pyproject_content)
           TomlRB.dump(pyproject_object)
         end
 
+        def update_python_requirement(pyproject_content)
+          PyprojectPreparer.
+            new(pyproject_content: pyproject_content).
+            update_python_requirement(Helpers.python_major_minor(python_version))
+        end
+
         def lock_declaration_to_new_version!(poetry_object, dep)
           Dependabot::Python::FileParser::PyprojectFilesParser::POETRY_DEPENDENCY_TYPES.each do |type|
             names = poetry_object[type]&.keys || []

@@ -36,6 +36,14 @@ def add_auth_env_vars(credentials)
           end
         end
 
+        def update_python_requirement(requirement)
+          pyproject_object = TomlRB.parse(@pyproject_content)
+          if pyproject_object.dig("tool", "poetry", "dependencies", "python")
+            pyproject_object["tool"]["poetry"]["dependencies"]["python"] = "~#{requirement}"
+          end
+          TomlRB.dump(pyproject_object)
+        end
+
         def sanitize
           # {{ name }} syntax not allowed
           pyproject_content.

@@ -80,11 +80,9 @@
         to start_with("8cea4ecb5b2230fbd4a33a67a4da004f1ccabad48352aaf040")
     end
 
-    # TODO: Fix flaky spec caused by an issue in poetry:
-    # https://github.com/python-poetry/poetry/issues/3010)
     context "with a specified Python version" do
-      let(:pyproject_fixture_name) { "python_2.toml" }
-      let(:lockfile_fixture_name) { "python_2.lock" }
+      let(:pyproject_fixture_name) { "python_310.toml" }
+      let(:lockfile_fixture_name) { "python_310.lock" }
 
       let(:dependency) do
         Dependabot::Dependency.new(
@@ -107,13 +105,18 @@
         )
       end
 
-      skip "updates the lockfile successfully" do
+      it "updates the lockfile successfully" do
         updated_lockfile = updated_files.find { |f| f.name == "pyproject.lock" }
 
         lockfile_obj = TomlRB.parse(updated_lockfile.content)
         requests = lockfile_obj["package"].find { |d| d["name"] == "requests" }
         expect(requests["version"]).to eq("2.19.1")
       end
+      it "does not change python version" do
+        updated_pyproj = updated_files.find { |f| f.name == "pyproject.toml" }
+        pyproj_obj = TomlRB.parse(updated_pyproj.content)
+        pyproj_obj["tool"]["poetry"]["dependencies"]["python"] == "3.10.7"
+      end
     end
 
     context "with a supported python version", :slow do

@@ -0,0 +1,12 @@
+[tool.poetry]
+name = "PythonProjects"
+version = "2.0.0"
+homepage = "https://github.com/roghu/py3_projects"
+license = "MIT"
+readme = "README.md"
+authors = ["Dependabot <support@dependabot.com>"]
+description = "Various small python projects."
+
+[tool.poetry.dependencies]
+python = "3.10.7"
+requests = "2.18.0"
@@ -0,0 +1,80 @@
+[[package]]
+name = "certifi"
+version = "2022.9.24"
+description = "Python package for providing Mozilla's CA Bundle."
+category = "main"
+optional = false
+python-versions = ">=3.6"
+
+[[package]]
+name = "chardet"
+version = "3.0.4"
+description = "Universal encoding detector for Python 2 and 3"
+category = "main"
+optional = false
+python-versions = "*"
+
+[[package]]
+name = "idna"
+version = "2.5"
+description = "Internationalized Domain Names in Applications (IDNA)"
+category = "main"
+optional = false
+python-versions = "*"
+
+[[package]]
+name = "requests"
+version = "2.18.0"
+description = "Python HTTP for Humans."
+category = "main"
+optional = false
+python-versions = "*"
+
+[package.dependencies]
+certifi = ">=2017.4.17"
+chardet = ">=3.0.2,<3.1.0"
+idna = ">=2.5,<2.6"
+urllib3 = ">=1.21.1,<1.22"
+
+[package.extras]
+security = ["cryptography (>=1.3.4)", "idna (>=2.0.0)", "pyOpenSSL (>=0.14)"]
+socks = ["PySocks (>=1.5.6,!=1.5.7)", "win-inet-pton"]
+
+[[package]]
+name = "urllib3"
+version = "1.21.1"
+description = "HTTP library with thread-safe connection pooling, file post, and more."
+category = "main"
+optional = false
+python-versions = "*"
+
+[package.extras]
+secure = ["certifi", "cryptography (>=1.3.4)", "idna (>=2.0.0)", "ipaddress", "pyOpenSSL (>=0.14)"]
+socks = ["PySocks (>=1.5.6,!=1.5.7,<2.0)"]
+
+[metadata]
+lock-version = "1.1"
+python-versions = "3.10.7"
+content-hash = "f56ecb5b0d42f75b0c0992902acd1847a2f182b4088da95353f9bfbecc3308eb"
+
+[metadata.files]
+certifi = [
+    {file = "certifi-2022.9.24-py3-none-any.whl", hash = "sha256:90c1a32f1d68f940488354e36370f6cca89f0f106db09518524c88d6ed83f382"},
+    {file = "certifi-2022.9.24.tar.gz", hash = "sha256:0d9c601124e5a6ba9712dbc60d9c53c21e34f5f641fe83002317394311bdce14"},
+]
+chardet = [
+    {file = "chardet-3.0.4-py2.py3-none-any.whl", hash = "sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691"},
+    {file = "chardet-3.0.4.tar.gz", hash = "sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae"},
+]
+idna = [
+    {file = "idna-2.5-py2.py3-none-any.whl", hash = "sha256:cc19709fd6d0cbfed39ea875d29ba6d4e22c0cebc510a76d6302a28385e8bb70"},
+    {file = "idna-2.5.tar.gz", hash = "sha256:3cb5ce08046c4e3a560fc02f138d0ac63e00f8ce5901a56b32ec8b7994082aab"},
+]
+requests = [
+    {file = "requests-2.18.0-py2.py3-none-any.whl", hash = "sha256:5e88d64aa56ac0fda54e77fb9762ebc65879e171b746d5479a33c4082519d6c6"},
+    {file = "requests-2.18.0.tar.gz", hash = "sha256:cd0189f962787284bff715fddaad478eb4d9c15aa167bd64e52ea0f661e7ea5c"},
+]
+urllib3 = [
+    {file = "urllib3-1.21.1-py2.py3-none-any.whl", hash = "sha256:8ed6d5c1ff9d6ba84677310060d6a3a78ca3072ce0684cb3c645023009c114b1"},
+    {file = "urllib3-1.21.1.tar.gz", hash = "sha256:b14486978518ca0901a76ba973d7821047409d7f726f22156b24e83fd71382a5"},
+]