Dependabot doesn't update dependency in `pyproject.toml` if it already satisfies the requirement

[superlevure]

Is there an existing issue for this?

• [X] I have searched the existing issues

Package ecosystem

Python / pip

Package manager version

24.0

Language version

Python 3.10

Manifest location and content before the Dependabot update

pyproject.toml:

# [..]
dependencies = ["my-package~=6.5"]
# [..]

dependabot.yml content

# [..]
versioning-strategy: increase
# [..]

Updated dependency

my-package from 6.5.9 to 6.6.0

What you expected to see, versus what you actually saw

What I see: Dependabot doesn't update my-package What I expect: Dependabot updates my-package from my-package~=6.5 to my-package~=6.6

I've dug into the code and I think the issue comes from this line in updated_pyproject_requirement:

return req if new_version_satisfies?(req) && !has_lockfile

Here we're returning the requirement "as-is" because the new version already satisfies it, but this by-passes the setting versioning-strategy: increase. Instead, we should execute this line from the same function:

when :bump_versions then update_pyproject_version(req)

I've tested it and update_pyproject_version(req) returns the right value: {:requirement=>"~=6.6", :file=>"pyproject.toml", :source=>nil, :groups=>[nil]}

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

No response

Smallest manifest that reproduces the issue

No response