Fix updating libraries support

Reuse the same logic used for detecting poetry libraries. Also for
consistency, since standard Python does not have a caret operator, change existing
poetry update checker specs to use the tilde operator instead, which
is also implemented in standard python.

python/lib/dependabot/python/update_checker.rb

@@ -100,8 +100,8 @@ def requirements_update_strategy
         # If passed in as an option (in the base class) honour that option
         return @requirements_update_strategy.to_sym if @requirements_update_strategy
 
-        # Otherwise, check if this is a poetry library or not
-        poetry_library? ? :widen_ranges : :bump_versions
+        # Otherwise, check if this is a library or not
+        library? ? :widen_ranges : :bump_versions
       end
 
       private
@@ -273,19 +273,19 @@ def poetry_based?
         pyproject && !poetry_details.nil?
       end
 
-      def poetry_library?
-        return false unless poetry_based?
+      def library?
+        return unless pyproject
 
         # Hit PyPi and check whether there are details for a library with a
         # matching name and description
         index_response = Dependabot::RegistryClient.get(
-          url: "https://pypi.org/pypi/#{normalised_name(poetry_details['name'])}/json/"
+          url: "https://pypi.org/pypi/#{normalised_name(library_details['name'])}/json/"
         )
 
         return false unless index_response.status == 200
 
         pypi_info = JSON.parse(index_response.body)["info"] || {}
-        pypi_info["summary"] == poetry_details["description"]
+        pypi_info["summary"] == library_details["description"]
       rescue URI::InvalidURIError
         false
       end
@@ -314,8 +314,20 @@ def poetry_lock
         dependency_files.find { |f| f.name == "poetry.lock" }
       end
 
+      def library_details
+        @library_details ||= poetry_details || standard_details
+      end
+
       def poetry_details
-        @poetry_details ||= TomlRB.parse(pyproject.content).dig("tool", "poetry")
+        @poetry_details ||= toml_content.dig("tool", "poetry")
+      end
+
+      def standard_details
+        @standard_details ||= toml_content["project"]
+      end
+
+      def toml_content
+        @toml_content ||= TomlRB.parse(pyproject.content)
       end
 
       def pip_compile_files

python/spec/dependabot/python/update_checker_spec.rb

@@ -532,17 +532,17 @@
       its([:requirement]) { is_expected.to eq("==2.6.0") }
     end
 
-    context "when there is a pyproject.toml file" do
+    context "when there is a pyproject.toml file with poetry dependencies" do
       let(:dependency_files) { [requirements_file, pyproject] }
-      let(:pyproject_fixture_name) { "caret_version.toml" }
+      let(:pyproject_fixture_name) { "tilde_version.toml" }
 
       let(:dependency) do
         Dependabot::Dependency.new(
           name: "requests",
           version: "1.2.3",
           requirements: [{
             file: "pyproject.toml",
-            requirement: "^1.0.0",
+            requirement: "~1.0.0",
             groups: [],
             source: nil
           }],
@@ -564,7 +564,7 @@
             )
         end
 
-        its([:requirement]) { is_expected.to eq(">=1,<3") }
+        its([:requirement]) { is_expected.to eq(">=1.0,<2.20") }
       end
 
       context "for a non-library" do
@@ -573,7 +573,52 @@
             to_return(status: 404)
         end
 
-        its([:requirement]) { is_expected.to eq("^2.19.1") }
+        its([:requirement]) { is_expected.to eq("~2.19.1") }
+      end
+    end
+
+    context "when there is a pyproject.toml file with standard python dependencies" do
+      let(:dependency_files) { [pyproject] }
+      let(:pyproject_fixture_name) { "standard_python_tilde_version.toml" }
+
+      let(:dependency) do
+        Dependabot::Dependency.new(
+          name: "requests",
+          version: "1.2.3",
+          requirements: [{
+            file: "pyproject.toml",
+            requirement: "~=1.0.0",
+            groups: [],
+            source: nil
+          }],
+          package_manager: "pip"
+        )
+      end
+
+      let(:pypi_url) { "https://pypi.org/simple/requests/" }
+      let(:pypi_response) do
+        fixture("pypi", "pypi_simple_response_requests.html")
+      end
+
+      context "for a library" do
+        before do
+          stub_request(:get, "https://pypi.org/pypi/pendulum/json/").
+            to_return(
+              status: 200,
+              body: fixture("pypi", "pypi_response_pendulum.json")
+            )
+        end
+
+        its([:requirement]) { is_expected.to eq(">=1.0,<2.20") }
+      end
+
+      context "for a non-library" do
+        before do
+          stub_request(:get, "https://pypi.org/pypi/pendulum/json/").
+            to_return(status: 404)
+        end
+
+        its([:requirement]) { is_expected.to eq("~=2.19.1") }
       end
     end
 

python/spec/fixtures/pyproject_files/standard_python_caret_version.toml

@@ -0,0 +1,13 @@
+[project]
+name = "pendulum"
+version = "2.0.0"
+homepage = "https://github.com/roghu/py3_projects"
+license = "MIT"
+readme = "README.md"
+authors = ["Dependabot <support@dependabot.com>"]
+description = "Python datetimes made easy"
+
+dependencies = [
+  "python~=3.7",
+  "requests~=1.0.0"
+]

python/spec/fixtures/pyproject_files/standard_python_tilde_version.toml

@@ -0,0 +1,12 @@
+[project]
+name = "pendulum"
+version = "2.0.0"
+homepage = "https://github.com/roghu/py3_projects"
+license = "MIT"
+readme = "README.md"
+authors = ["Dependabot <support@dependabot.com>"]
+description = "Python datetimes made easy"
+
+dependencies = [
+  "requests~=1.0.0"
+]

python/spec/fixtures/pyproject_files/tilde_version.toml

@@ -0,0 +1,11 @@
+[tool.poetry]
+name = "pendulum"
+version = "2.0.0"
+homepage = "https://github.com/roghu/py3_projects"
+license = "MIT"
+readme = "README.md"
+authors = ["Dependabot <support@dependabot.com>"]
+description = "Python datetimes made easy"
+
+[tool.poetry.dependencies]
+requests = "~1.0.0"