dependabot-bazel 0.346.0 → 0.347.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e57f47a06cc01ad92b9511e1e880ae7e4f2478976029ccf1047e718611f2a5e1
-  data.tar.gz: 4ae6c02d405ed3fcc3fbb22f0778d129520aadc60dffb56966fa79d682d47154
+  metadata.gz: 9852686dc5127e74b39132b06f0f0842c87072db3c49cdf6967c497f18188c0c
+  data.tar.gz: fb12ceb562835906b5b0c49240fc9f8e2e89c58b66b600795cfc25f4546cb12a
 SHA512:
-  metadata.gz: 2acd0ca2a0ace5fd91eef6edb4bfee26e6aca2e08f9fa1930102ba2d6a1a05b8ca91fe2fc367404d1c31a1d1cfc9600b19b59a78a3230fda02ee52577d064fc1
-  data.tar.gz: e9dad0b0b6985566c9c140dcbcc0f2ac338cebc2800821a0110502b660c27d7c82dd7a1b5269385300bf82dfe8bad12703c28eee3178536d6c8ce944ff897e9d
+  metadata.gz: 8a38a1c7af4b2d3f2e9eb85dd108cb7a516c2d623d7e3c4ee28908149a99d18c8f7cf0f814ddd9fdfe897469aa453b12a2e33c53633d4af74db23d2c7799ea05
+  data.tar.gz: 9d5dbe0e680f1be8ce7c3debdc133c95c30ea0ba9899f4b2fffe65cdf7da3100489ebe39138823f482e77a3b7e0730c666b95092f93fa108314c6ef60616232b

data/lib/dependabot/bazel/file_fetcher.rb

@@ -1,4 +1,4 @@
-# typed: strong
+# typed: strict
 # frozen_string_literal: true
 
 require "dependabot/file_fetchers"
@@ -10,8 +10,10 @@ module Dependabot
       extend T::Sig
 
       WORKSPACE_FILES = T.let(%w(WORKSPACE WORKSPACE.bazel).freeze, T::Array[String])
-      MODULE_FILES = T.let(%w(MODULE.bazel).freeze, T::Array[String])
-      CONFIG_FILES = T.let(%w(.bazelrc MODULE.bazel.lock .bazelversion maven_install.json).freeze, T::Array[String])
+      MODULE_FILE = T.let("MODULE.bazel", String)
+      CONFIG_FILES = T.let(
+        %w(.bazelrc MODULE.bazel.lock .bazelversion maven_install.json BUILD BUILD.bazel).freeze, T::Array[String]
+      )
       SKIP_DIRECTORIES = T.let(%w(.git .bazel-* bazel-* node_modules .github).freeze, T::Array[String])
 
       sig { override.returns(String) }
@@ -21,7 +23,7 @@ module Dependabot
 
       sig { override.params(filenames: T::Array[String]).returns(T::Boolean) }
       def self.required_files_in?(filenames)
-        filenames.any? { |name| WORKSPACE_FILES.include?(name) || MODULE_FILES.include?(name) }
+        filenames.any? { |name| WORKSPACE_FILES.include?(name) || name.end_with?(MODULE_FILE) }
       end
 
       sig { override.returns(T::Array[DependencyFile]) }
@@ -40,6 +42,7 @@ module Dependabot
         fetched_files += workspace_files
         fetched_files += module_files
         fetched_files += config_files
+        fetched_files += referenced_files_from_modules
 
         return fetched_files if fetched_files.any?
 
@@ -74,30 +77,138 @@ module Dependabot
       def module_files
         files = T.let([], T::Array[DependencyFile])
 
-        MODULE_FILES.each do |filename|
-          file = fetch_file_if_present(filename)
+        module_file_items.each do |item|
+          file = fetch_file_if_present(item.name)
           files << file if file
         end
 
         files
       end
 
+      sig { returns(T::Array[T.untyped]) }
+      def module_file_items
+        repo_contents(raise_errors: false).select { |f| f.type == "file" && f.name.end_with?(MODULE_FILE) }
+      end
+
       sig { returns(T::Array[DependencyFile]) }
       def config_files
         files = T.let([], T::Array[DependencyFile])
 
         CONFIG_FILES.map do |filename|
-          file = fetch_file_if_present(filename)
+          file = if filename == ".bazelversion"
+                   fetch_bazelversion_file
+                 else
+                   fetch_file_if_present(filename)
+                 end
           files << file if file
         end
 
         files
       end
 
+      sig { returns(T.nilable(DependencyFile)) }
+      def fetch_bazelversion_file
+        file = fetch_file_if_present(".bazelversion")
+        return file if file
+        return if [".", "/"].include?(directory)
+
+        fetch_file_from_parent_directories(".bazelversion")
+      end
+
+      sig { params(filename: String).returns(T.nilable(DependencyFile)) }
+      def fetch_file_from_parent_directories(filename)
+        (1..directory.split("/").count).each do |i|
+          candidate_path = ("../" * i) + filename
+          file = fetch_file_if_present(candidate_path)
+          if file
+            file.name = filename
+            return file
+          end
+        end
+        nil
+      end
+
       sig { params(dirname: String).returns(T::Boolean) }
       def should_skip_directory?(dirname)
         SKIP_DIRECTORIES.any? { |skip_dir| dirname.start_with?(skip_dir) }
       end
+
+      # Fetches files referenced in MODULE.bazel files via lock_file and requirements_lock attributes.
+      # Also fetches BUILD/BUILD.bazel files from directories containing referenced files, as these
+      # are required by Bazel to recognize the directories as valid packages.
+      #
+      # This method handles Bazel label syntax and converts it to filesystem paths:
+      # - "@repo//path:file.json" -> "path/file.json"
+      # - "//path:file.json" -> "path/file.json"
+      # - "@repo//:file.json" -> "file.json"
+      #
+      # @return [Array<DependencyFile>] referenced files and their associated BUILD files
+      sig { returns(T::Array[DependencyFile]) }
+      def referenced_files_from_modules
+        files = T.let([], T::Array[DependencyFile])
+        directories_with_files = T.let(Set.new, T::Set[String])
+
+        module_files.each do |module_file|
+          referenced_paths = extract_referenced_paths(module_file)
+
+          referenced_paths.each do |path|
+            fetched_file = fetch_file_if_present(path)
+            next unless fetched_file
+
+            files << fetched_file
+            # Track directories that contain referenced files so we can fetch their BUILD files.
+            # Exclude root directory (.) as BUILD files there are already handled by config_files.
+            dir = File.dirname(path)
+            directories_with_files.add(dir) unless dir == "."
+          end
+        end
+
+        # Fetch BUILD or BUILD.bazel files for directories that contain referenced files.
+        # These BUILD files are required for Bazel to recognize directories as valid packages.
+        directories_with_files.each do |dir|
+          build_file = fetch_file_if_present("#{dir}/BUILD") || fetch_file_if_present("#{dir}/BUILD.bazel")
+          files << build_file if build_file
+        end
+
+        files
+      end
+
+      # Extracts file paths from lock_file and requirements_lock attributes in MODULE.bazel content.
+      # Converts Bazel label syntax to filesystem paths.
+      #
+      # Bazel labels can have several formats:
+      # - "@repo//path:file" - external or self-referential repository with path
+      # - "//path:file" - main repository reference with path
+      # - "@repo//:file" - external or self-referential repository root file
+      # - "//:file" - main repository root file
+      #
+      # The method:
+      # 1. Strips optional @repo prefix
+      # 2. Converts colon separators to forward slashes (path:file -> path/file)
+      # 3. Removes leading slashes to create relative paths
+      #
+      # @param module_file [DependencyFile] the MODULE.bazel file to parse
+      # @return [Array<String>] unique relative file paths referenced in the module
+      sig { params(module_file: DependencyFile).returns(T::Array[String]) }
+      def extract_referenced_paths(module_file)
+        content = T.must(module_file.content)
+        paths = []
+
+        # Match lock_file attributes with optional @repo prefix: "(?:@[^"\/]+)?\/\/([^"]+)"
+        # Capture group 1: everything after // (e.g., "tools/jol:file.json" or ":file.json")
+        content.scan(%r{lock_file\s*=\s*"(?:@[^"/]+)?//([^"]+)"}) do |match|
+          path = match[0].tr(":", "/").sub(%r{^/}, "")
+          paths << path
+        end
+
+        # Match requirements_lock attributes with optional @repo prefix
+        content.scan(%r{requirements_lock\s*=\s*"(?:@[^"/]+)?//([^"]+)"}) do |match|
+          path = match[0].tr(":", "/").sub(%r{^/}, "")
+          paths << path
+        end
+
+        paths.uniq
+      end
     end
   end
 end

data/lib/dependabot/bazel/file_parser.rb

@@ -222,6 +222,7 @@ module Dependabot
         name = func_call.arguments["name"]
         tag = func_call.arguments["tag"]
         commit = func_call.arguments["commit"]
+        remote = func_call.arguments["remote"]
 
         return nil unless name.is_a?(String)
 
@@ -236,7 +237,7 @@ module Dependabot
               file: file.name,
               requirement: version,
               groups: [],
-              source: { type: "git_repository", tag: tag, commit: commit }
+              source: { type: "git_repository", tag: tag, commit: commit, remote: remote }
             }
           ],
           package_manager: "bazel"

data/lib/dependabot/bazel/file_updater/bzlmod_file_updater.rb

@@ -10,6 +10,8 @@ module Dependabot
       class BzlmodFileUpdater
         extend T::Sig
 
+        require_relative "lockfile_updater"
+
         sig do
           params(
             dependency_files: T::Array[Dependabot::DependencyFile],
@@ -25,12 +27,27 @@ module Dependabot
 
         sig { returns(T::Array[Dependabot::DependencyFile]) }
         def updated_module_files
-          module_files.filter_map do |file|
+          updated_files = T.let([], T::Array[Dependabot::DependencyFile])
+
+          module_files.each do |file|
             updated_content = update_file_content(file)
             next if updated_content == T.must(file.content)
 
-            file.dup.tap { |f| f.content = updated_content }
+            updated_files << file.dup.tap { |f| f.content = updated_content }
+          end
+
+          if generate_lockfile?
+            lockfile_updater = LockfileUpdater.new(
+              dependency_files: dependency_files,
+              dependencies: dependencies,
+              credentials: credentials
+            )
+
+            updated_lockfile = lockfile_updater.updated_lockfile
+            updated_files << updated_lockfile if updated_lockfile
           end
+
+          updated_files
         end
 
         private
@@ -52,6 +69,11 @@ module Dependabot
           )
         end
 
+        sig { returns(T::Boolean) }
+        def generate_lockfile?
+          dependency_files.any? { |f| f.name.end_with?("MODULE.bazel.lock") }
+        end
+
         sig { params(file: Dependabot::DependencyFile).returns(String) }
         def update_file_content(file)
           content = T.must(file.content).dup

data/lib/dependabot/bazel/file_updater/lockfile_updater.rb

@@ -0,0 +1,239 @@
+# typed: strict
+# frozen_string_literal: true
+
+require "sorbet-runtime"
+require "dependabot/bazel/file_updater"
+require "dependabot/shared_helpers"
+require "pathname"
+require "fileutils"
+
+module Dependabot
+  module Bazel
+    class FileUpdater < Dependabot::FileUpdaters::Base
+      class LockfileUpdater
+        extend T::Sig
+
+        DEFAULT_BAZEL_VERSION = "8.4.2"
+
+        sig do
+          params(
+            dependency_files: T::Array[Dependabot::DependencyFile],
+            dependencies: T::Array[Dependabot::Dependency],
+            credentials: T::Array[Dependabot::Credential]
+          ).void
+        end
+        def initialize(dependency_files:, dependencies:, credentials:)
+          @dependency_files = dependency_files
+          @dependencies = dependencies
+          @credentials = credentials
+        end
+
+        sig { returns(T.nilable(Dependabot::DependencyFile)) }
+        def updated_lockfile
+          return nil unless needs_lockfile_update?
+
+          existing_lockfile = lockfile
+          updated_content = generate_lockfile_content
+
+          if existing_lockfile
+            return nil if existing_lockfile.content == updated_content
+
+            existing_lockfile.dup.tap { |f| f.content = updated_content }
+          else
+            Dependabot::DependencyFile.new(
+              name: "MODULE.bazel.lock",
+              content: updated_content,
+              directory: module_file.directory
+            )
+          end
+        rescue SharedHelpers::HelperSubprocessFailed => e
+          handle_bazel_error_for_lockfile(e)
+        end
+
+        sig { returns(String) }
+        def determine_bazel_version
+          bazelversion_file = dependency_files.find { |f| f.name == ".bazelversion" }
+          return DEFAULT_BAZEL_VERSION unless bazelversion_file
+
+          version = T.must(bazelversion_file.content).strip
+          version.empty? ? DEFAULT_BAZEL_VERSION : version
+        end
+
+        private
+
+        sig { returns(T::Array[Dependabot::DependencyFile]) }
+        attr_reader :dependency_files
+
+        sig { returns(T::Array[Dependabot::Dependency]) }
+        attr_reader :dependencies
+
+        sig { returns(T::Array[Dependabot::Credential]) }
+        attr_reader :credentials
+
+        sig { returns(T::Boolean) }
+        def needs_lockfile_update?
+          return false unless module_file?
+
+          dependencies.any? { |dep| bzlmod_dependency?(dep) }
+        end
+
+        sig { returns(T::Boolean) }
+        def module_file?
+          module_files.any?
+        end
+
+        sig { returns(T::Array[Dependabot::DependencyFile]) }
+        def module_files
+          @module_files ||= T.let(
+            dependency_files.select { |f| f.name.end_with?("MODULE.bazel") },
+            T.nilable(T::Array[Dependabot::DependencyFile])
+          )
+        end
+
+        sig { returns(Dependabot::DependencyFile) }
+        def module_file
+          T.must(module_files.first)
+        end
+
+        sig { returns(T.nilable(Dependabot::DependencyFile)) }
+        def lockfile
+          @lockfile ||= T.let(
+            dependency_files.find { |f| f.name == "MODULE.bazel.lock" },
+            T.nilable(Dependabot::DependencyFile)
+          )
+        end
+
+        sig { params(dependency: Dependabot::Dependency).returns(T::Boolean) }
+        def bzlmod_dependency?(dependency)
+          dependency.requirements.any? { |req| req[:file]&.end_with?("MODULE.bazel") }
+        end
+
+        sig { returns(String) }
+        def generate_lockfile_content
+          base_directory = module_file.directory
+
+          SharedHelpers.in_a_temporary_repo_directory(base_directory, repo_contents_path) do
+            write_temporary_dependency_files
+
+            File.write(module_file.name, updated_module_content)
+
+            run_bazel_mod_tidy_command
+
+            File.read("MODULE.bazel.lock")
+          end
+        end
+
+        sig { returns(String) }
+        def updated_module_content
+          bzlmod_updater = BzlmodFileUpdater.new(
+            dependency_files: dependency_files,
+            dependencies: dependencies,
+            credentials: credentials
+          )
+
+          bzlmod_updater.send(:update_file_content, module_file)
+        end
+
+        sig { returns(T.nilable(String)) }
+        def repo_contents_path
+          # For now, return nil. This can be enhanced later if needed.
+          nil
+        end
+
+        sig { void }
+        def write_temporary_dependency_files
+          dependency_files.each do |file|
+            path = file.name
+            FileUtils.mkdir_p(Pathname.new(path).dirname) if path.include?("/")
+            File.write(path, T.must(file.content))
+          end
+
+          write_bazelversion_if_missing
+        end
+
+        sig { void }
+        def write_bazelversion_if_missing
+          return if dependency_files.any? { |f| f.name == ".bazelversion" }
+
+          bazel_version = determine_bazel_version
+          File.write(".bazelversion", bazel_version)
+          Dependabot.logger.info("Using Bazel version: #{bazel_version}")
+        end
+
+        sig { void }
+        def run_bazel_mod_tidy_command
+          bazel_command = bazelisk_available? ? "bazelisk" : "bazel"
+
+          SharedHelpers.run_shell_command(
+            "#{bazel_command} mod tidy --lockfile_mode=update",
+            fingerprint: "#{bazel_command} mod tidy --lockfile_mode=update"
+          )
+
+          return if File.exist?("MODULE.bazel.lock")
+
+          raise SharedHelpers::HelperSubprocessFailed.new(
+            message: "MODULE.bazel.lock file was not generated",
+            error_context: {}
+          )
+        end
+
+        sig { returns(T::Boolean) }
+        def bazelisk_available?
+          !!system("which bazelisk > /dev/null 2>&1")
+        end
+
+        sig { params(error: SharedHelpers::HelperSubprocessFailed).returns(T.nilable(Dependabot::DependencyFile)) }
+        def handle_bazel_error_for_lockfile(error)
+          Dependabot.logger.warn("Bazel lockfile generation failed: #{error.message}")
+
+          case error.message
+          when /command not found/i, /bazel(isk)?\s*:\s*(command\s+)?not found/i
+            raise Dependabot::DependencyFileNotResolvable,
+                  "Bazel binary not available. Cannot generate MODULE.bazel.lock file."
+          when /module.*not.*found/i, /registry.*not.*found/i
+            raise Dependabot::DependencyFileNotResolvable,
+                  "Dependency not found in Bazel Central Registry."
+          when /network.*error/i, /timeout/i, /connection.*refused/i
+            raise Dependabot::DependencyFileNotResolvable,
+                  "Network error during lockfile generation. Please try again later."
+          when /invalid.*syntax/i, /parse.*error/i
+            raise Dependabot::DependencyFileNotParseable,
+                  "Invalid MODULE.bazel syntax prevents lockfile generation."
+          when /permission.*denied/i
+            raise Dependabot::DependencyFileNotResolvable,
+                  "Permission error during lockfile generation."
+          else
+            raise Dependabot::DependencyFileNotResolvable,
+                  "Error generating lockfile: #{error.message}"
+          end
+        end
+
+        sig { params(error: SharedHelpers::HelperSubprocessFailed).returns(String) }
+        def handle_bazel_error(error)
+          Dependabot.logger.warn("Bazel lockfile generation failed: #{error.message}")
+
+          case error.message
+          when /command not found/i, /bazel(isk)?\s*:\s*(command\s+)?not found/i
+            raise Dependabot::DependencyFileNotResolvable,
+                  "Bazel binary not available. Cannot generate MODULE.bazel.lock file."
+          when /module.*not.*found/i, /registry.*not.*found/i
+            raise Dependabot::DependencyFileNotResolvable,
+                  "Dependency not found in Bazel Central Registry."
+          when /network.*error/i, /timeout/i, /connection.*refused/i
+            raise Dependabot::DependencyFileNotResolvable,
+                  "Network error during lockfile generation. Please try again later."
+          when /invalid.*syntax/i, /parse.*error/i
+            raise Dependabot::DependencyFileNotParseable,
+                  "Invalid MODULE.bazel syntax prevents lockfile generation."
+          when /permission.*denied/i
+            raise Dependabot::DependencyFileNotResolvable,
+                  "Permission error during lockfile generation."
+          else
+            raise Dependabot::DependencyFileNotResolvable,
+                  "Error generating lockfile: #{error.message}"
+          end
+        end
+      end
+    end
+  end
+end

data/lib/dependabot/bazel/file_updater.rb

@@ -17,7 +17,9 @@ module Dependabot
       def self.updated_files_regex
         [
           /^MODULE\.bazel$/,
-          %r{^(?:.*/)?MODULE\.bazel$},
+          %r{^(?:.*/)?[^/]+\.MODULE\.bazel$},
+          /^MODULE\.bazel\.lock$/,
+          %r{^(?:.*/)?MODULE\.bazel\.lock$},
           /^WORKSPACE$/,
           %r{^(?:.*/)?WORKSPACE\.bazel$},
           %r{^(?:.*/)?BUILD$},
@@ -70,6 +72,19 @@ module Dependabot
         )
       end
 
+      sig { returns(T::Array[Dependabot::DependencyFile]) }
+      def lockfile_files
+        @lockfile_files ||= T.let(
+          dependency_files.select { |f| f.name.end_with?("MODULE.bazel.lock") },
+          T.nilable(T::Array[Dependabot::DependencyFile])
+        )
+      end
+
+      sig { returns(T::Boolean) }
+      def requires_lockfile_update?
+        dependencies.any? { |dep| bzlmod_dependency?(dep) }
+      end
+
       sig { params(dependency: Dependabot::Dependency).returns(T::Boolean) }
       def bzlmod_dependency?(dependency)
         dependency.requirements.any? { |req| req[:file]&.end_with?("MODULE.bazel") }

data/lib/dependabot/bazel/metadata_finder.rb

@@ -1,10 +1,6 @@
-# typed: strong
+# typed: strict
 # frozen_string_literal: true
 
-# NOTE: This file was scaffolded automatically but is OPTIONAL.
-# If you don't need custom metadata finding logic (changelogs, release notes, etc.),
-# you can safely delete this file and remove the require from lib/dependabot/bazel.rb
-
 require "dependabot/metadata_finders"
 require "dependabot/metadata_finders/base"
 
@@ -13,14 +9,102 @@ module Dependabot
     class MetadataFinder < Dependabot::MetadataFinders::Base
       extend T::Sig
 
+      require_relative "update_checker/registry_client"
+
+      GITHUB_URL_PATTERNS = T.let(
+        [
+          %r{github\.com/([^/]+)/([^/]+)/archive},
+          %r{github\.com/([^/]+)/([^/]+)/releases},
+          %r{github\.com/([^/]+)/([^/]+)}
+        ].freeze,
+        T::Array[Regexp]
+      )
+
       private
 
       sig { override.returns(T.nilable(Dependabot::Source)) }
       def look_up_source
-        # TODO: Implement custom source lookup logic if needed
-        # Otherwise, delete this file and the require in the main registration file
+        case source_type
+        when :bazel_dep
+          find_source_from_bcr
+        when :http_archive
+          find_source_from_http_archive
+        when :git_repository
+          find_source_from_git_repository
+        when :unknown
+          nil
+        end
+      end
+
+      sig { returns(Symbol) }
+      def source_type
+        return :bazel_dep if dependency.requirements.empty?
+        return :bazel_dep if dependency.requirements.any? { |r| r[:source].nil? }
+
+        source_details = dependency.requirements.first&.dig(:source)
+        return :bazel_dep unless source_details
+
+        case source_details[:type]
+        when "http_archive" then :http_archive
+        when "git_repository" then :git_repository
+        else :unknown
+        end
+      end
+
+      sig { returns(T.nilable(Dependabot::Source)) }
+      def find_source_from_bcr
+        version = dependency.version
+        return nil unless version
+
+        source_info = registry_client.get_source(dependency.name, version)
+        url = source_info&.dig("url")
+        return nil unless url
+
+        source_from_url(url)
+      end
+
+      sig { returns(T.nilable(Dependabot::Source)) }
+      def find_source_from_http_archive
+        url = dependency.requirements.first&.dig(:source, :url)
+        return nil unless url
+
+        source_from_url(url)
+      end
+
+      sig { returns(T.nilable(Dependabot::Source)) }
+      def find_source_from_git_repository
+        remote_url = dependency.requirements.first&.dig(:source, :remote)
+        return nil unless remote_url
+
+        Dependabot::Source.from_url(remote_url)
+      end
+
+      sig { params(url: String).returns(T.nilable(Dependabot::Source)) }
+      def source_from_url(url)
+        extract_github_source_from_url(url) || Dependabot::Source.from_url(url)
+      end
+
+      sig { params(url: String).returns(T.nilable(Dependabot::Source)) }
+      def extract_github_source_from_url(url)
+        GITHUB_URL_PATTERNS.each do |pattern|
+          match = url.match(pattern)
+          next unless match
+
+          repo_url = "https://github.com/#{match[1]}/#{match[2]}"
+          source = Dependabot::Source.from_url(repo_url)
+          return source if source
+        end
+
         nil
       end
+
+      sig { returns(Dependabot::Bazel::UpdateChecker::RegistryClient) }
+      def registry_client
+        @registry_client ||= T.let(
+          Dependabot::Bazel::UpdateChecker::RegistryClient.new(credentials: credentials),
+          T.nilable(Dependabot::Bazel::UpdateChecker::RegistryClient)
+        )
+      end
     end
   end
 end

data/lib/dependabot/bazel/update_checker/registry_client.rb

@@ -8,10 +8,11 @@ require "dependabot/shared_helpers"
 require "dependabot/clients/github_with_retries"
 require "dependabot/dependency"
 require "dependabot/errors"
+require "dependabot/bazel/update_checker"
 
 module Dependabot
   module Bazel
-    class UpdateChecker
+    class UpdateChecker < Dependabot::UpdateCheckers::Base
       class RegistryClient
         extend T::Sig
 

data/lib/dependabot/bazel/update_checker/requirements_updater.rb

@@ -1,9 +1,11 @@
 # typed: strong
 # frozen_string_literal: true
 
+require "dependabot/bazel/update_checker"
+
 module Dependabot
   module Bazel
-    class UpdateChecker
+    class UpdateChecker < Dependabot::UpdateCheckers::Base
       class RequirementsUpdater
         extend T::Sig
 

data/lib/dependabot/bazel/version.rb

@@ -1,10 +1,6 @@
 # typed: strong
 # frozen_string_literal: true
 
-# NOTE: This file was scaffolded automatically but is OPTIONAL.
-# If your ecosystem uses standard semantic versioning without special logic,
-# you can safely delete this file and remove the require from lib/dependabot/bazel.rb
-
 require "dependabot/version"
 require "dependabot/utils"
 
@@ -13,9 +9,13 @@ module Dependabot
     class Version < Dependabot::Version
       extend T::Sig
 
-      # TODO: Implement custom version comparison logic if needed
-      # Example: Handle pre-release versions, build metadata, etc.
-      # If standard semantic versioning is sufficient, delete this file
+      # Bazel uses semantic versioning with hyphens for pre-release versions (e.g., "1.7.0-rc4")
+      # Dependabot::Version normalizes these to dot notation with "pre" prefix (e.g., "1.7.0.pre.rc4")
+      # We need to preserve the original format for Bazel Central Registry compatibility
+      sig { override.returns(String) }
+      def to_s
+        @original_version
+      end
     end
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-bazel
 version: !ruby/object:Gem::Version
-  version: 0.346.0
+  version: 0.347.0
 platform: ruby
 authors:
 - Dependabot
@@ -15,14 +15,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.346.0
+        version: 0.347.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.346.0
+        version: 0.347.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -248,6 +248,7 @@ files:
 - lib/dependabot/bazel/file_updater.rb
 - lib/dependabot/bazel/file_updater/bzlmod_file_updater.rb
 - lib/dependabot/bazel/file_updater/declaration_parser.rb
+- lib/dependabot/bazel/file_updater/lockfile_updater.rb
 - lib/dependabot/bazel/file_updater/workspace_file_updater.rb
 - lib/dependabot/bazel/language.rb
 - lib/dependabot/bazel/metadata_finder.rb
@@ -262,7 +263,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.346.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.347.0
 rdoc_options: []
 require_paths:
 - lib