RubyGems - dependabot-bun - Versions diffs - 0.332.0 → 0.333.0 - Mend

dependabot-bun 0.332.0 → 0.333.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

checksums.yaml +4 -4
data/lib/dependabot/bun/bun_package_manager.rb +1 -0
data/lib/dependabot/bun/file_fetcher.rb +13 -1
data/lib/dependabot/bun/file_updater/bun_lockfile_updater.rb +60 -19
data/lib/dependabot/bun/file_updater/package_json_preparer.rb +16 -4
data/lib/dependabot/bun/file_updater/package_json_updater.rb +1 -1
data/lib/dependabot/bun/file_updater.rb +2 -2
data/lib/dependabot/bun/language.rb +1 -0
data/lib/dependabot/bun/metadata_finder.rb +1 -1
data/lib/dependabot/bun/native_helpers.rb +7 -1
data/lib/dependabot/bun/pnpm_package_manager.rb +1 -0
data/lib/dependabot/bun/requirement.rb +22 -8
data/lib/dependabot/bun/update_checker/conflicting_dependency_resolver.rb +29 -5
data/lib/dependabot/bun/update_checker/dependency_files_builder.rb +39 -8
data/lib/dependabot/bun/update_checker/library_detector.rb +35 -5
data/lib/dependabot/bun/update_checker/requirements_updater.rb +61 -23
data/lib/dependabot/bun/update_checker/subdependency_version_resolver.rb +57 -15
data/lib/dependabot/bun/update_checker/vulnerability_auditor.rb +60 -7
data/lib/dependabot/bun/update_checker.rb +2 -2
metadata +6 -6

data/lib/dependabot/bun/update_checker/library_detector.rb CHANGED Viewed

@@ -1,7 +1,9 @@
-# typed: true
+# typed: strict
 # frozen_string_literal: true
 require "excon"
+require "sorbet-runtime"
 require "dependabot/bun/update_checker"
 require "dependabot/shared_helpers"
@@ -9,12 +11,23 @@ module Dependabot
   module Bun
     class UpdateChecker
       class LibraryDetector
+        extend T::Sig
+        sig do
+          params(
+            package_json_file: Dependabot::DependencyFile,
+            credentials: T::Array[Dependabot::Credential],
+            dependency_files: T::Array[Dependabot::DependencyFile]
+          )
+            .void
+        end
         def initialize(package_json_file:, credentials:, dependency_files:)
           @package_json_file = package_json_file
           @credentials = credentials
           @dependency_files = dependency_files
         end
+        sig { returns(T::Boolean) }
         def library?
           return false unless package_json_may_be_for_library?
@@ -23,26 +36,36 @@ module Dependabot
         private
+        sig { returns(Dependabot::DependencyFile) }
         attr_reader :package_json_file
+        sig { returns(T::Array[Dependabot::Credential]) }
         attr_reader :credentials
+        sig { returns(T::Array[Dependabot::DependencyFile]) }
         attr_reader :dependency_files
+        sig { returns(T::Boolean) }
         def package_json_may_be_for_library?
           return false unless project_name
-          return false if project_name.match?(/\{\{.*\}\}/)
+          return false if T.must(project_name).match?(/\{\{.*\}\}/)
           return false unless parsed_package_json["version"]
           return false if parsed_package_json["private"]
           true
         end
+        sig { returns(T::Boolean) }
         def npm_response_matches_package_json?
           project_description = parsed_package_json["description"]
           return false unless project_description
           # Check if the project is listed on npm. If it is, it's a library
           url = "#{registry.chomp('/')}/#{escaped_project_name}"
-          @project_npm_response ||= Dependabot::RegistryClient.get(url: url)
+          @project_npm_response ||= T.let(
+            Dependabot::RegistryClient.get(url: url),
+            T.nilable(Excon::Response)
+          )
           return false unless @project_npm_response.status == 200
           @project_npm_response.body.dup.force_encoding("UTF-8").encode
@@ -51,24 +74,31 @@ module Dependabot
           false
         end
+        sig { returns(T.nilable(String)) }
         def project_name
           parsed_package_json.fetch("name", nil)
         end
+        sig { returns(T.nilable(String)) }
         def escaped_project_name
           project_name&.gsub("/", "%2F")
         end
+        sig { returns(T::Hash[String, T.untyped]) }
         def parsed_package_json
-          @parsed_package_json ||= JSON.parse(package_json_file.content)
+          @parsed_package_json ||= T.let(
+            JSON.parse(T.must(package_json_file.content)),
+            T.nilable(T::Hash[String, T.untyped])
+          )
         end
+        sig { returns(String) }
         def registry
           Bun::Package::RegistryFinder.new(
             dependency: nil,
             credentials: credentials,
             npmrc_file: dependency_files.find { |f| f.name.end_with?(".npmrc") }
-          ).registry_from_rc(project_name)
+          ).registry_from_rc(T.must(project_name)) || "https://registry.npmjs.org"
         end
       end
     end

data/lib/dependabot/bun/update_checker/requirements_updater.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: strict
 # frozen_string_literal: true
 ################################################################################
@@ -6,6 +6,8 @@
 # https://docs.npmjs.com/misc/semver                                           #
 ################################################################################
+require "sorbet-runtime"
 require "dependabot/bun/requirement"
 require "dependabot/bun/update_checker"
 require "dependabot/bun/version"
@@ -15,6 +17,8 @@ module Dependabot
   module Bun
     class UpdateChecker
       class RequirementsUpdater
+        extend T::Sig
         VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-_]+)*/
         SEPARATOR = /(?<=[a-zA-Z0-9*])[\s|]+(?![\s|-])/
         ALLOWED_UPDATE_STRATEGIES = T.let(
@@ -27,6 +31,15 @@ module Dependabot
           T::Array[Dependabot::RequirementsUpdateStrategy]
         )
+        sig do
+          params(
+            requirements: T::Array[T::Hash[Symbol, T.untyped]],
+            updated_source: T.nilable(T::Hash[Symbol, T.untyped]),
+            update_strategy: Dependabot::RequirementsUpdateStrategy,
+            latest_resolvable_version: T.nilable(T.any(String, Gem::Version))
+          )
+            .void
+        end
         def initialize(requirements:, updated_source:, update_strategy:,
                        latest_resolvable_version:)
           @requirements = requirements
@@ -37,10 +50,13 @@ module Dependabot
           return unless latest_resolvable_version
-          @latest_resolvable_version =
-            version_class.new(latest_resolvable_version)
+          @latest_resolvable_version = T.let(
+            version_class.new(latest_resolvable_version),
+            Bun::Version
+          )
         end
+        sig { returns(T::Array[T::Hash[Symbol, T.untyped]]) }
         def updated_requirements
           return requirements if update_strategy.lockfile_only?
@@ -62,17 +78,26 @@ module Dependabot
         private
+        sig { returns(T::Array[T::Hash[Symbol, T.untyped]]) }
         attr_reader :requirements
+        sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
         attr_reader :updated_source
+        sig { returns(Dependabot::RequirementsUpdateStrategy) }
         attr_reader :update_strategy
+        sig { returns(T.nilable(Bun::Version)) }
         attr_reader :latest_resolvable_version
+        sig { void }
         def check_update_strategy
           return if ALLOWED_UPDATE_STRATEGIES.include?(update_strategy)
           raise "Unknown update strategy: #{update_strategy}"
         end
+        sig { returns(T::Boolean) }
         def updating_from_git_to_npm?
           return false unless updated_source.nil?
@@ -80,6 +105,7 @@ module Dependabot
           original_source&.fetch(:type) == "git"
         end
+        sig { params(req: T::Hash[Symbol, T.untyped]).returns(T::Hash[Symbol, T.untyped]) }
         def initial_req_after_source_change(req)
           return req unless updating_from_git_to_npm?
           return req unless req[:requirement].nil?
@@ -87,12 +113,13 @@ module Dependabot
           req.merge(requirement: "^#{latest_resolvable_version}")
         end
+        sig { params(req: T::Hash[Symbol, T.untyped]).returns(T::Hash[Symbol, T.untyped]) }
         def update_version_requirement(req)
           current_requirement = req[:requirement]
           if current_requirement.match?(/(<|-\s)/i)
             ruby_req = ruby_requirements(current_requirement).first
-            return req if ruby_req.satisfied_by?(latest_resolvable_version)
+            return req if ruby_req&.satisfied_by?(latest_resolvable_version)
             updated_req = update_range_requirement(current_requirement)
             return req.merge(requirement: updated_req)
@@ -102,6 +129,7 @@ module Dependabot
           req.merge(requirement: update_version_string(reqs.first))
         end
+        sig { params(req: T::Hash[Symbol, T.untyped]).returns(T::Hash[Symbol, T.untyped]) }
         def update_version_requirement_if_needed(req)
           current_requirement = req[:requirement]
           version = latest_resolvable_version
@@ -113,6 +141,7 @@ module Dependabot
           update_version_requirement(req)
         end
+        sig { params(req: T::Hash[Symbol, T.untyped]).returns(T::Hash[Symbol, T.untyped]) }
         def widen_requirement(req)
           current_requirement = req[:requirement]
           version = latest_resolvable_version
@@ -126,7 +155,7 @@ module Dependabot
           updated_requirement =
             if reqs.any? { |r| r.match?(/(<|-\s)/i) }
               update_range_requirement(current_requirement)
-            elsif current_requirement.strip.split(SEPARATOR).count == 1
+            elsif current_requirement.strip.split(SEPARATOR).one?
               update_version_string(current_requirement)
             else
               current_requirement
@@ -135,22 +164,25 @@ module Dependabot
           req.merge(requirement: updated_requirement)
         end
+        sig { params(requirement_string: String).returns(T::Array[Bun::Requirement]) }
         def ruby_requirements(requirement_string)
           Bun::Requirement
             .requirements_array(requirement_string)
         end
+        sig { params(req_string: String).returns(String) }
         def update_range_requirement(req_string)
           range_requirements =
             req_string.split(SEPARATOR).select { |r| r.match?(/<|(\s+-\s+)/) }
-          if range_requirements.count == 1
-            range_requirement = range_requirements.first
+          if range_requirements.one?
+            range_requirement = T.must(range_requirements.first)
             versions = range_requirement.scan(VERSION_REGEX)
-            upper_bound = versions.map { |v| version_class.new(v) }.max
+            version_objects = versions.map { |v| version_class.new(v.to_s) }
+            upper_bound = T.must(version_objects.max)
             new_upper_bound = update_greatest_version(
-              upper_bound,
-              latest_resolvable_version
+              upper_bound.to_s,
+              T.must(latest_resolvable_version)
             )
             req_string.sub(
@@ -162,41 +194,47 @@ module Dependabot
           end
         end
+        sig { params(req_string: String).returns(String) }
         def update_version_string(req_string)
           req_string
             .sub(VERSION_REGEX) do |old_version|
               if old_version.match?(/\d-/) ||
-                 latest_resolvable_version.to_s.match?(/\d-/)
-                latest_resolvable_version.to_s
+                 T.must(latest_resolvable_version).to_s.match?(/\d-/)
+                T.must(latest_resolvable_version).to_s
               else
                 old_parts = old_version.split(".")
-                new_parts = latest_resolvable_version.to_s.split(".")
-                                                     .first(old_parts.count)
+                new_parts = T.must(latest_resolvable_version).to_s.split(".")
+                             .first(old_parts.count)
                 new_parts.map.with_index do |part, i|
-                  old_parts[i].match?(/^x\b/) ? "x" : part
+                  old_parts[i]&.match?(/^x\b/) ? "x" : part
                 end.join(".")
               end
             end
         end
+        sig { params(old_version: String, version_to_be_permitted: Bun::Version).returns(String) }
         def update_greatest_version(old_version, version_to_be_permitted)
           version = version_class.new(old_version)
           version = version.release if version.prerelease?
           index_to_update =
-            version.segments.map.with_index { |seg, i| seg.zero? ? 0 : i }.max
+            version.segments.map.with_index { |seg, i| T.cast(seg, Integer).zero? ? 0 : i }.max || 0
           version.segments.map.with_index do |_, index|
-            if index < index_to_update
-              version_to_be_permitted.segments[index]
-            elsif index == index_to_update
-              version_to_be_permitted.segments[index] + 1
-            else
-              0
-            end
+            segment_value =
+              if index < index_to_update
+                T.cast(version_to_be_permitted.segments[index], Integer)
+              elsif index == index_to_update
+                # Cast to Integer before adding 1 to ensure correct type
+                T.cast(version_to_be_permitted.segments[index], Integer) + 1
+              else
+                0
+              end
+            segment_value.to_s
           end.join(".")
         end
+        sig { returns(T.class_of(Bun::Version)) }
         def version_class
           Bun::Version
         end

data/lib/dependabot/bun/update_checker/subdependency_version_resolver.rb CHANGED Viewed

@@ -1,6 +1,8 @@
-# typed: true
+# typed: strong
 # frozen_string_literal: true
+require "sorbet-runtime"
 require "dependabot/dependency"
 require "dependabot/errors"
 require "dependabot/logger"
@@ -17,6 +19,36 @@ module Dependabot
   module Bun
     class UpdateChecker
       class SubdependencyVersionResolver
+        extend T::Sig
+        sig { returns(Dependency) }
+        attr_reader :dependency
+        sig { returns(T::Array[Dependabot::Credential]) }
+        attr_reader :credentials
+        sig { returns(T::Array[Dependabot::DependencyFile]) }
+        attr_reader :dependency_files
+        sig { returns(T::Array[String]) }
+        attr_reader :ignored_versions
+        sig { returns(T.nilable(T.any(String, Gem::Version))) }
+        attr_reader :latest_allowable_version
+        sig { returns(T.nilable(String)) }
+        attr_reader :repo_contents_path
+        sig do
+          params(
+            dependency: Dependency,
+            credentials: T::Array[Dependabot::Credential],
+            dependency_files: T::Array[Dependabot::DependencyFile],
+            ignored_versions: T::Array[String],
+            latest_allowable_version: T.nilable(T.any(String, Gem::Version)),
+            repo_contents_path: T.nilable(String)
+          ).void
+        end
         def initialize(dependency:, credentials:, dependency_files:,
                        ignored_versions:, latest_allowable_version:, repo_contents_path:)
           @dependency = dependency
@@ -27,11 +59,12 @@ module Dependabot
           @repo_contents_path = repo_contents_path
         end
+        sig { returns(T.nilable(T.any(String, Gem::Version))) }
         def latest_resolvable_version
           raise "Not a subdependency!" if dependency.requirements.any?
           return if bundled_dependency?
-          base_dir = dependency_files.first.directory
+          base_dir = T.must(dependency_files.first).directory
           SharedHelpers.in_a_temporary_repo_directory(base_dir, repo_contents_path) do
             dependency_files_builder.write_temporary_dependency_files
@@ -53,22 +86,21 @@ module Dependabot
         private
-        attr_reader :dependency
-        attr_reader :credentials
-        attr_reader :dependency_files
-        attr_reader :ignored_versions
-        attr_reader :latest_allowable_version
-        attr_reader :repo_contents_path
+        sig { params(lockfile: Dependabot::DependencyFile).returns(String) }
         def update_subdependency_in_lockfile(lockfile)
           lockfile_name = Pathname.new(lockfile.name).basename.to_s
           path = Pathname.new(lockfile.name).dirname.to_s
-          updated_files = (run_bun_updater(path, lockfile_name) if lockfile.name.end_with?("bun.lock"))
+          updated_files = if lockfile.name.end_with?("bun.lock")
+                            run_bun_updater(path, lockfile_name)
+                          else
+                            raise "Unsupported lockfile type: #{lockfile.name}"
+                          end
           updated_files.fetch(lockfile_name)
         end
+        sig { params(updated_lockfiles: T::Array[Dependabot::DependencyFile]).returns(T.nilable(Gem::Version)) }
         def version_from_updated_lockfiles(updated_lockfiles)
           updated_files = dependency_files -
                           dependency_files_builder.lockfiles +
@@ -84,6 +116,7 @@ module Dependabot
           version_class.new(updated_version)
         end
+        sig { params(path: String, lockfile_name: String).returns(T::Hash[String, String]) }
         def run_bun_updater(path, lockfile_name)
           SharedHelpers.with_git_configured(credentials: credentials) do
             Dir.chdir(path) do
@@ -96,35 +129,43 @@ module Dependabot
           end
         end
+        sig { returns(T.class_of(Dependabot::Version)) }
         def version_class
           dependency.version_class
         end
+        sig { returns(Dependabot::Dependency) }
         def updated_dependency
           Dependabot::Dependency.new(
             name: dependency.name,
-            version: latest_allowable_version,
+            version: T.cast(latest_allowable_version, T.nilable(T.any(String, Dependabot::Version))),
             previous_version: dependency.version,
             requirements: [],
             package_manager: dependency.package_manager
           )
         end
+        sig { returns(T::Array[Dependabot::DependencyFile]) }
         def filtered_lockfiles
-          @filtered_lockfiles ||=
+          @filtered_lockfiles ||= T.let(
             SubDependencyFilesFilterer.new(
               dependency_files: dependency_files,
               updated_dependencies: [updated_dependency]
-            ).files_requiring_update
+            ).files_requiring_update,
+            T.nilable(T::Array[Dependabot::DependencyFile])
+          )
         end
+        sig { returns(Dependabot::Bun::UpdateChecker::DependencyFilesBuilder) }
         def dependency_files_builder
-          @dependency_files_builder ||=
+          @dependency_files_builder ||= T.let(
             DependencyFilesBuilder.new(
               dependency: dependency,
               dependency_files: dependency_files,
               credentials: credentials
-            )
+            ),
+            T.nilable(Dependabot::Bun::UpdateChecker::DependencyFilesBuilder)
+          )
         end
         # TODO: We should try and fix this by updating the parent that's not
@@ -143,6 +184,7 @@ module Dependabot
         # Updating the sub-dependency by deleting the entry works but it gets
         # removed from the bundled set of dependencies and moved top level
         # resulting in a bunch of package duplication which is pretty confusing.
+        sig { returns(T::Boolean) }
         def bundled_dependency?
           dependency.subdependency_metadata
                     &.any? { |h| h.fetch(:npm_bundled, false) } ||

data/lib/dependabot/bun/update_checker/vulnerability_auditor.rb CHANGED Viewed

@@ -1,7 +1,9 @@
-# typed: true
+# typed: strict
 # frozen_string_literal: true
+require "sorbet-runtime"
 require "stringio"
 require "dependabot/dependency"
 require "dependabot/errors"
 require "dependabot/logger"
@@ -16,6 +18,15 @@ module Dependabot
   module Bun
     class UpdateChecker < Dependabot::UpdateCheckers::Base
       class VulnerabilityAuditor
+        extend T::Sig
+        sig do
+          params(
+            dependency_files: T::Array[Dependabot::DependencyFile],
+            credentials: T::Array[Dependabot::Credential]
+          )
+            .void
+        end
         def initialize(dependency_files:, credentials:)
           @dependency_files = dependency_files
           @credentials = credentials
@@ -43,6 +54,13 @@ module Dependabot
         #   * :top_level_ancestors [Array<String>] the names of all top-level dependencies with a transitive
         #     dependency on the dependency
         #   * :explanation [String] an explanation for why the project failed the vulnerability auditor run
+        sig do
+          params(
+            dependency: Dependabot::Dependency,
+            security_advisories: T::Array[Dependabot::SecurityAdvisory]
+          )
+            .returns(T::Hash[String, T.untyped])
+        end
         def audit(dependency:, security_advisories:)
           Dependabot.logger.info("VulnerabilityAuditor: starting audit")
@@ -68,10 +86,13 @@ module Dependabot
               }
             end
-            audit_result = SharedHelpers.run_helper_subprocess(
-              command: NativeHelpers.helper_path,
-              function: "npm:vulnerabilityAuditor",
-              args: [Dir.pwd, vuln_versions]
+            audit_result = T.cast(
+              SharedHelpers.run_helper_subprocess(
+                command: NativeHelpers.helper_path,
+                function: "npm:vulnerabilityAuditor",
+                args: [Dir.pwd, vuln_versions]
+              ),
+              T::Hash[String, T.untyped]
             )
             validation_result = validate_audit_result(audit_result, security_advisories)
@@ -86,24 +107,36 @@ module Dependabot
           end
         rescue SharedHelpers::HelperSubprocessFailed => e
           log_helper_subprocess_failure(dependency, e)
-          fix_unavailable
+          T.must(fix_unavailable)
         end
         # rubocop:enable Metrics/MethodLength
         private
+        sig { returns(T::Array[Dependabot::DependencyFile]) }
         attr_reader :dependency_files
+        sig { returns(T::Array[Dependabot::Credential]) }
         attr_reader :credentials
+        sig { params(validation_result: Symbol, dependency: Dependabot::Dependency).returns(String) }
         def explain_fix_unavailable(validation_result, dependency)
           case validation_result
           when :fix_unavailable, :dependency_still_vulnerable, :downgrades_dependencies
             "No patched version available for #{dependency.name}"
           when :fix_incomplete
             "The lockfile might be out of sync?"
+          else
+            raise "Unexpected validation result: #{validation_result}"
           end
         end
+        sig do
+          params(
+            audit_result: T::Hash[String, T.untyped],
+            security_advisories: T::Array[Dependabot::SecurityAdvisory]
+          ).returns(Symbol)
+        end
         def validate_audit_result(audit_result, security_advisories)
           return :fix_unavailable unless audit_result["fix_available"]
           return :dependency_still_vulnerable if dependency_still_vulnerable?(audit_result, security_advisories)
@@ -113,6 +146,13 @@ module Dependabot
           :viable
         end
+        sig do
+          params(
+            audit_result: T::Hash[String, T.untyped],
+            security_advisories: T::Array[Dependabot::SecurityAdvisory]
+          )
+            .returns(T::Boolean)
+        end
         def dependency_still_vulnerable?(audit_result, security_advisories)
           # vulnerable dependency is removed if the target version is nil
           return false unless audit_result["target_version"]
@@ -121,6 +161,7 @@ module Dependabot
           security_advisories.any? { |a| a.vulnerable?(version) }
         end
+        sig { params(audit_result: T::Hash[String, T.untyped]).returns(T::Boolean) }
         def downgrades_dependencies?(audit_result)
           return true if downgrades_version?(audit_result["current_version"], audit_result["target_version"])
@@ -129,6 +170,13 @@ module Dependabot
           end
         end
+        sig do
+          params(
+            current_version: T.nilable(T.any(String, Integer, Gem::Version)),
+            target_version: T.nilable(T.any(String, Integer, Gem::Version))
+          )
+            .returns(T::Boolean)
+        end
         def downgrades_version?(current_version, target_version)
           return false unless target_version
@@ -137,14 +185,19 @@ module Dependabot
           current > target
         end
+        sig { params(audit_result: T::Hash[String, T.untyped]).returns(T::Boolean) }
         def fix_incomplete?(audit_result)
           audit_result["fix_updates"].any? { |update| !update.key?("target_version") } ||
             audit_result["fix_updates"].empty?
         end
+        sig do
+          params(dependency: Dependabot::Dependency,
+                 error: Dependabot::SharedHelpers::HelperSubprocessFailed).void
+        end
         def log_helper_subprocess_failure(dependency, error)
           # See `Dependabot::SharedHelpers.run_helper_subprocess` for details on error context
-          context = error.error_context || {}
+          context = error.error_context
           builder = ::StringIO.new
           builder << "VulnerabilityAuditor: "

data/lib/dependabot/bun/update_checker.rb CHANGED Viewed

@@ -11,6 +11,7 @@ module Dependabot
   module Bun
     class UpdateChecker < Dependabot::UpdateCheckers::Base # rubocop:disable Metrics/ClassLength
       extend T::Sig
       require_relative "update_checker/requirements_updater"
       require_relative "update_checker/library_detector"
       require_relative "update_checker/latest_version_finder"
@@ -31,7 +32,6 @@ module Dependabot
           requirements_update_strategy: T.nilable(Dependabot::RequirementsUpdateStrategy),
           dependency_group: T.nilable(Dependabot::DependencyGroup),
           update_cooldown: T.nilable(Dependabot::Package::ReleaseCooldownOptions),
-          exclude_paths: T.nilable(T::Array[String]),
           options: T::Hash[Symbol, T.untyped]
         )
           .void
@@ -40,7 +40,7 @@ module Dependabot
                      repo_contents_path: nil, ignored_versions: [],
                      raise_on_ignored: false, security_advisories: [],
                      requirements_update_strategy: nil, dependency_group: nil,
-                     update_cooldown: nil, exclude_paths: [], options: {})
+                     update_cooldown: nil, options: {})
         @latest_version = T.let(nil, T.nilable(T.any(String, Gem::Version)))
         @latest_resolvable_version = T.let(nil, T.nilable(T.any(String, Dependabot::Version)))
         @updated_requirements = T.let(nil, T.nilable(T::Array[T::Hash[Symbol, T.untyped]]))