dependabot-bundler 0.258.0 → 0.259.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c05e36a108ee23327e96a2d23aa12c70539d40817036e5f06d173145a7bcca22
-  data.tar.gz: a71ba498133687bec52f73cfa49047526026bbfe9dbe6d1c91b5180613c19c90
+  metadata.gz: 1cf058014268b3cfec697930e773369e1f2f1edfe1b4cd6a4c43a33af020a3a6
+  data.tar.gz: ef3f4b5ccd9bed22f52b4408d2097ee0709089db43baa21763a8093d684f69ef
 SHA512:
-  metadata.gz: 319e8308114b8d774ce11e62d85c1937e71d7f6090f0c53d01af71df2d555cbdd297a0bf02e7da8d26b2a32ca8e696fac79077882d6c7eeb20e822e34d543402
-  data.tar.gz: c60531c805a0624d8c24a105d91abfc5724482ba1f904bd5f5ea2d428d788bac09204e868daba3896ce67c55221b5319b712341ee1d07bf2555a6427a9d5b26c
+  metadata.gz: 1699556eb7cdf17c530f580620f88f14452c750e6ba426dbe192a885a0d029ad054d7304378a482deca2e09d988fee7db8f4ec17719cbadd83ceb89aede7828f
+  data.tar.gz: 70e5f1f22cb8ae1025fda30e255222daf55f69a44944217aa640b440759908ba5700f09c8049b5d1fbc82979b9db13d8a783c297408ffb886ffe97ec0708fa78

data/helpers/v1/spec/functions/conflicting_dependency_resolver_spec.rb

@@ -36,7 +36,7 @@ RSpec.describe Functions::ConflictingDependencyResolver do
       )
     end
 
-    context "with nested transitive dependencies" do
+    context "when dealing with nested transitive dependencies" do
       let(:project_name) { "transitive_blocking" }
       let(:dependency_name) { "activesupport" }
       let(:target_version) { "6.0.0" }

data/helpers/v1/spec/functions/dependency_source_spec.rb

@@ -47,7 +47,7 @@ RSpec.describe Functions::DependencySource do
       ])
     end
 
-    context "with specified as the default source" do
+    context "when specified as the default source" do
       let(:project_name) { "specified_default_source_no_lockfile" }
 
       it "returns all versions from the private source" do
@@ -59,7 +59,7 @@ RSpec.describe Functions::DependencySource do
       end
     end
 
-    context "when that we don't have authentication details for" do
+    context "when we don't have authentication details for" do
       before do
         stub_request(:get, registry_url + "versions")
           .with(basic_auth: ["SECRET_CODES", ""])
@@ -83,7 +83,7 @@ RSpec.describe Functions::DependencySource do
       end
     end
 
-    context "when that we have bad authentication details for" do
+    context "when we have bad authentication details" do
       before do
         stub_request(:get, registry_url + "versions")
           .with(basic_auth: ["SECRET_CODES", ""])
@@ -107,7 +107,7 @@ RSpec.describe Functions::DependencySource do
       end
     end
 
-    context "when that bad-requested, but was a private repo" do
+    context "when bad-requested, but is a private repo" do
       before do
         stub_request(:get, registry_url + "versions")
           .with(basic_auth: ["SECRET_CODES", ""])
@@ -130,7 +130,7 @@ RSpec.describe Functions::DependencySource do
       end
     end
 
-    context "when that doesn't have details of the gem" do
+    context "when it doesn't have details of the gem" do
       before do
         stub_request(:get, gemfury_business_url)
           .with(basic_auth: ["SECRET_CODES", ""])
@@ -152,7 +152,7 @@ RSpec.describe Functions::DependencySource do
       it { is_expected.to be_empty }
     end
 
-    context "when that only implements the old Bundler index format..." do
+    context "when it only implements the old Bundler index format" do
       let(:project_name) { "sidekiq_pro" }
       let(:dependency_name) { "sidekiq-pro" }
       let(:registry_url) { "https://gems.contribsys.com/" }

data/helpers/v1/spec/functions/file_parser_spec.rb

@@ -14,14 +14,14 @@ RSpec.describe Functions::FileParser do
   end
 
   describe "#parsed_gemfile" do
-    let(:project_name) { "gemfile" }
-
     subject(:parsed_gemfile) do
       in_tmp_folder do
         dependency_source.parsed_gemfile(gemfile_name: "Gemfile")
       end
     end
 
+    let(:project_name) { "gemfile" }
+
     it "parses gemfile" do
       parsed_gemfile = [
         {
@@ -44,14 +44,14 @@ RSpec.describe Functions::FileParser do
   end
 
   describe "#parsed_gemspec" do
-    let(:project_name) { "gemfile_exact" }
-
     subject(:parsed_gemspec) do
       in_tmp_folder do |_tmp_path|
         dependency_source.parsed_gemspec(gemspec_name: "example.gemspec")
       end
     end
 
+    let(:project_name) { "gemfile_exact" }
+
     it "parses gemspec" do
       parsed_gemspec = [
         {

data/helpers/v1/spec/functions/force_updater_spec.rb

@@ -6,7 +6,7 @@ require "shared_contexts"
 
 RSpec.describe Functions::ForceUpdater do
   include_context "when in a temporary bundler directory"
-  include_context "when stub rubygems compact index"
+  include_context "when stubbing rubygems compact index"
 
   let(:force_updater) do
     described_class.new(

data/helpers/v1/spec/functions/version_resolver_spec.rb

@@ -6,7 +6,7 @@ require "shared_contexts"
 
 RSpec.describe Functions::VersionResolver do
   include_context "when in a temporary bundler directory"
-  include_context "when stub rubygems compact index"
+  include_context "when stubbing rubygems compact index"
 
   let(:version_resolver) do
     described_class.new(
@@ -43,7 +43,7 @@ RSpec.describe Functions::VersionResolver do
     its([:fetcher]) { is_expected.to eq("Bundler::Fetcher::CompactIndex") }
 
     context "with a private gemserver source" do
-      include_context "when stub rubygems compact index"
+      include_context "when stubbing rubygems compact index"
 
       let(:project_name) { "specified_source" }
       let(:requirement_string) { ">= 0" }

data/helpers/v1/spec/shared_contexts.rb

@@ -34,7 +34,7 @@ RSpec.shared_context "without caching rubygems" do
   end
 end
 
-RSpec.shared_context "when stub rubygems compact index" do
+RSpec.shared_context "when stubbing rubygems compact index" do
   include_context "without caching rubygems"
 
   before do

data/helpers/v2/monkey_patches/definition_bundler_spec_set_patch.rb

@@ -0,0 +1,23 @@
+# typed: false
+# frozen_string_literal: true
+
+require "bundler/spec_set"
+
+# monkey patch materialized_for_all_platforms for lazy specification issue resolution
+# https://github.com/dependabot/dependabot-core/pull/9807
+module BundlerSpecSetPatch
+  def materialized_for_all_platforms
+    @specs.map do |s|
+      next s unless s.is_a?(Bundler::LazySpecification)
+
+      s.source.cached!
+      s.source.remote!
+      spec = s.materialize_for_installation
+      raise Bundler::GemNotFound, "Could not find #{s.full_name} in any of the sources" unless spec
+
+      spec
+    end
+  end
+end
+
+Bundler::SpecSet.prepend(BundlerSpecSetPatch)

data/helpers/v2/run.rb

@@ -17,6 +17,7 @@ end
 require "definition_ruby_version_patch"
 require "definition_bundler_version_patch"
 require "git_source_patch"
+require "definition_bundler_spec_set_patch"
 
 require "functions"
 

data/helpers/v2/spec/definition_bundler_spec_set_patch_spec.rb

@@ -0,0 +1,68 @@
+# typed: false
+# frozen_string_literal: true
+
+# rubocop:disable RSpec/FilePath
+# rubocop:disable RSpec/SpecFilePathFormat
+
+require "native_spec_helper"
+require "shared_contexts"
+require "bundler/spec_set"
+
+RSpec.describe Bundler::SpecSet do
+  let(:primary_source) { instance_double(Bundler::Source::Git) }
+  let(:secondary_source) { instance_double(Bundler::Source::Path) }
+  let(:primary_spec_set) do
+    instance_double(Bundler::LazySpecification, full_name: "foo-1.0.0-x86_64-linux", source: primary_source)
+  end
+  let(:secondary_spec_set) do
+    instance_double(Bundler::LazySpecification, full_name: "foo-1.0.0-arm64-darwin", source: secondary_source)
+  end
+
+  before do
+    allow(primary_spec_set).to receive(:is_a?).with(Bundler::LazySpecification).and_return(true)
+    allow(secondary_spec_set).to receive(:is_a?).with(Bundler::LazySpecification).and_return(true)
+
+    allow(primary_source).to receive(:cached!)
+    allow(primary_source).to receive(:remote!)
+    allow(secondary_source).to receive(:cached!)
+    allow(secondary_source).to receive(:remote!)
+
+    allow(primary_spec_set).to receive(:materialize_for_installation).and_return(primary_spec_set)
+    allow(secondary_spec_set).to receive(:materialize_for_installation).and_return(secondary_spec_set)
+  end
+
+  describe "#materialized_for_all_platforms" do
+    context "when cache_all_platforms is enabled" do
+      let(:spec_set) { described_class.new([primary_spec_set, secondary_spec_set]) }
+
+      before do
+        described_class.prepend(BundlerSpecSetPatch)
+      end
+
+      it "uses cached gems for secondary sources" do
+        expect(primary_spec_set.source).to receive(:cached!).ordered
+        expect(primary_spec_set.source).to receive(:remote!).ordered
+        expect(primary_spec_set).to receive(:materialize_for_installation).and_return(primary_spec_set).ordered
+
+        expect(secondary_spec_set.source).to receive(:cached!).ordered
+        expect(secondary_spec_set.source).to receive(:remote!).ordered
+        expect(secondary_spec_set).to receive(:materialize_for_installation).and_return(secondary_spec_set).ordered
+
+        result = spec_set.materialized_for_all_platforms
+        expect(result).to include(primary_spec_set, secondary_spec_set)
+      end
+
+      it "raises an error if a gem cannot be found in any of the sources" do
+        allow(primary_spec_set).to receive(:materialize_for_installation).and_return(nil)
+
+        expect do
+          spec_set.materialized_for_all_platforms
+        end.to raise_error(Bundler::GemNotFound,
+                           "Could not find foo-1.0.0-x86_64-linux in any of the sources")
+      end
+    end
+  end
+end
+
+# rubocop:enable RSpec/FilePath
+# rubocop:enable RSpec/SpecFilePathFormat

data/helpers/v2/spec/functions/conflicting_dependency_resolver_spec.rb

@@ -36,7 +36,7 @@ RSpec.describe Functions::ConflictingDependencyResolver do
       )
     end
 
-    context "with nested transitive dependencies" do
+    context "when dealing with nested transitive dependencies" do
       let(:project_name) { "transitive_blocking" }
       let(:dependency_name) { "activesupport" }
       let(:target_version) { "6.0.0" }

data/helpers/v2/spec/functions/dependency_source_spec.rb

@@ -47,7 +47,7 @@ RSpec.describe Functions::DependencySource do
       ])
     end
 
-    context "with specified as the default source" do
+    context "when specified as the default source" do
       let(:project_name) { "specified_default_source_no_lockfile" }
 
       it "returns all versions from the private source" do
@@ -59,7 +59,7 @@ RSpec.describe Functions::DependencySource do
       end
     end
 
-    context "when that we don't have authentication details for" do
+    context "when we don't have authentication details" do
       before do
         stub_request(:get, registry_url + "versions")
           .with(basic_auth: ["SECRET_CODES", ""])
@@ -82,7 +82,7 @@ RSpec.describe Functions::DependencySource do
       end
     end
 
-    context "when that we have bad authentication details for" do
+    context "when we have bad authentication details" do
       before do
         stub_request(:get, registry_url + "versions")
           .with(basic_auth: ["SECRET_CODES", ""])
@@ -105,7 +105,7 @@ RSpec.describe Functions::DependencySource do
       end
     end
 
-    context "when that bad-requested, but was a private repo" do
+    context "when there is a bad request but it's a private repo" do
       before do
         stub_request(:get, registry_url + "versions")
           .with(basic_auth: ["SECRET_CODES", ""])
@@ -131,7 +131,7 @@ RSpec.describe Functions::DependencySource do
       end
     end
 
-    context "when that doesn't have details of the gem" do
+    context "when the gem details are not available" do
       before do
         stub_request(:get, gemfury_business_url)
           .with(basic_auth: ["SECRET_CODES", ""])
@@ -153,7 +153,7 @@ RSpec.describe Functions::DependencySource do
       it { is_expected.to be_empty }
     end
 
-    context "when that only implements the old Bundler index format..." do
+    context "when only the old Bundler index format is implemented" do
       let(:project_name) { "sidekiq_pro" }
       let(:dependency_name) { "sidekiq-pro" }
       let(:registry_url) { "https://gems.contribsys.com/" }

data/helpers/v2/spec/functions/file_parser_spec.rb

@@ -14,14 +14,14 @@ RSpec.describe Functions::FileParser do
   end
 
   describe "#parsed_gemfile" do
-    let(:project_name) { "gemfile" }
-
     subject(:parsed_gemfile) do
       in_tmp_folder do
         dependency_source.parsed_gemfile(gemfile_name: "Gemfile")
       end
     end
 
+    let(:project_name) { "gemfile" }
+
     it "parses gemfile" do
       parsed_gemfile = [
         {
@@ -109,14 +109,14 @@ RSpec.describe Functions::FileParser do
   end
 
   describe "#parsed_gemspec" do
-    let(:project_name) { "gemfile_exact" }
-
     subject(:parsed_gemspec) do
       in_tmp_folder do |_tmp_path|
         dependency_source.parsed_gemspec(gemspec_name: "example.gemspec")
       end
     end
 
+    let(:project_name) { "gemfile_exact" }
+
     it "parses gemspec" do
       parsed_gemspec = [
         {

data/helpers/v2/spec/functions/force_updater_spec.rb

@@ -6,7 +6,7 @@ require "shared_contexts"
 
 RSpec.describe Functions::ForceUpdater do
   include_context "when in a temporary bundler directory"
-  include_context "when stub rubygems compact index"
+  include_context "when stubbing rubygems compact index"
 
   let(:force_updater) do
     described_class.new(

data/helpers/v2/spec/functions/version_resolver_spec.rb

@@ -6,7 +6,7 @@ require "shared_contexts"
 
 RSpec.describe Functions::VersionResolver do
   include_context "when in a temporary bundler directory"
-  include_context "when stub rubygems compact index"
+  include_context "when stubbing rubygems compact index"
 
   let(:version_resolver) do
     described_class.new(
@@ -52,7 +52,7 @@ RSpec.describe Functions::VersionResolver do
     its([:fetcher]) { is_expected.to eq("Bundler::Fetcher::CompactIndex") }
 
     context "with a private gemserver source" do
-      include_context "when stub rubygems compact index"
+      include_context "when stubbing rubygems compact index"
 
       let(:project_name) { "specified_source" }
       let(:requirement_string) { ">= 0" }

data/helpers/v2/spec/functions_spec.rb

@@ -24,7 +24,6 @@ RSpec.describe Functions do
   end
 
   describe "#git_specs" do
-    let(:project_name) { "git_source" }
     subject(:git_specs) do
       in_tmp_folder do
         Functions.git_specs(
@@ -35,6 +34,8 @@ RSpec.describe Functions do
       end
     end
 
+    let(:project_name) { "git_source" }
+
     def expect_specs(count)
       expect(git_specs.size).to eq(count)
       git_specs.each do |gs|

data/helpers/v2/spec/native_spec_helper.rb

@@ -12,6 +12,7 @@ $LOAD_PATH.unshift(File.expand_path("../../spec_helpers", __dir__))
 # Bundler monkey patches
 require "definition_ruby_version_patch"
 require "definition_bundler_version_patch"
+require "definition_bundler_spec_set_patch"
 require "git_source_patch"
 
 require "functions"

data/helpers/v2/spec/ruby_version_spec.rb

@@ -6,13 +6,15 @@ require "shared_contexts"
 
 RSpec.describe BundlerDefinitionRubyVersionPatch do
   include_context "when in a temporary bundler directory"
-  include_context "when stub rubygems compact index"
+  include_context "when stubbing rubygems compact index"
 
   let(:project_name) { "ruby_version_implied" }
+
   before do
     @ui = Bundler.ui
     Bundler.ui = Bundler::UI::Silent.new
   end
+
   after { Bundler.ui = @ui }
 
   it "updates to the most recent version" do

data/helpers/v2/spec/shared_contexts.rb

@@ -27,7 +27,7 @@ RSpec.shared_context "when in a temporary bundler directory" do
   end
 end
 
-RSpec.shared_context "when stub rubygems compact index" do
+RSpec.shared_context "when stubbing rubygems compact index" do
   before do
     # Stub the Rubygems index
     stub_request(:get, "https://index.rubygems.org/versions")

data/lib/dependabot/bundler/file_fetcher.rb

@@ -45,6 +45,7 @@ module Dependabot
         fetched_files += child_gemfiles
         fetched_files += gemspecs
         fetched_files << ruby_version_file if ruby_version_file
+        fetched_files << tool_versions_file if tool_versions_file
         fetched_files += path_gemspecs
         fetched_files += require_relative_files(fetched_files)
 
@@ -100,9 +101,13 @@ module Dependabot
       def ruby_version_file
         return unless gemfile
 
-        @ruby_version_file ||=
-          fetch_file_if_present(".ruby-version")
-          &.tap { |f| f.support_file = true }
+        @ruby_version_file ||= fetch_support_file(".ruby-version")
+      end
+
+      def tool_versions_file
+        return unless gemfile
+
+        @tool_versions_file ||= fetch_support_file(".tool-versions")
       end
 
       def path_gemspecs

data/lib/dependabot/bundler/file_parser/file_preparer.rb

@@ -28,6 +28,7 @@ module Dependabot
             *evaled_gemfiles,
             lockfile,
             ruby_version_file,
+            tool_versions_file,
             *imported_ruby_files,
             *specification_files
           ].compact
@@ -47,10 +48,10 @@ module Dependabot
             .reject { |f| f.name.end_with?(".gemspec") }
             .reject { |f| f.name.end_with?(".specification") }
             .reject { |f| f.name.end_with?(".lock") }
-            .reject { |f| f.name.end_with?(".ruby-version") }
             .reject { |f| f.name == "Gemfile" }
             .reject { |f| f.name == "gems.rb" }
             .reject { |f| f.name == "gems.locked" }
+            .reject(&:support_file?)
         end
 
         def specification_files
@@ -70,6 +71,10 @@ module Dependabot
           dependency_files.find { |f| f.name == ".ruby-version" }
         end
 
+        def tool_versions_file
+          dependency_files.find { |f| f.name == ".tool-versions" }
+        end
+
         def imported_ruby_files
           dependency_files
             .select { |f| f.name.end_with?(".rb") }

data/lib/dependabot/bundler/file_parser.rb

@@ -245,10 +245,10 @@ module Dependabot
           .reject { |f| f.name.end_with?(".gemspec") }
           .reject { |f| f.name.end_with?(".specification") }
           .reject { |f| f.name.end_with?(".lock") }
-          .reject { |f| f.name.end_with?(".ruby-version") }
           .reject { |f| f.name == "Gemfile" }
           .reject { |f| f.name == "gems.rb" }
           .reject { |f| f.name == "gems.locked" }
+          .reject(&:support_file?)
       end
 
       def lockfile

data/lib/dependabot/bundler/file_updater/lockfile_updater.rb

@@ -96,6 +96,7 @@ module Dependabot
 
           write_gemspecs(top_level_gemspecs)
           write_ruby_version_file
+          write_tool_versions_file
           write_gemspecs(path_gemspecs)
           write_specification_files
           write_imported_ruby_files
@@ -115,6 +116,14 @@ module Dependabot
           File.write(path, ruby_version_file.content)
         end
 
+        def write_tool_versions_file
+          return unless tool_versions_file
+
+          path = tool_versions_file.name
+          FileUtils.mkdir_p(Pathname.new(path).dirname)
+          File.write(path, tool_versions_file.content)
+        end
+
         def write_gemspecs(files)
           files.each do |file|
             path = file.name
@@ -160,6 +169,10 @@ module Dependabot
           dependency_files.find { |f| f.name == ".ruby-version" }
         end
 
+        def tool_versions_file
+          dependency_files.find { |f| f.name == ".tool-versions" }
+        end
+
         def post_process_lockfile(lockfile_body)
           lockfile_body = reorder_git_dependencies(lockfile_body)
           replace_lockfile_ending(lockfile_body)
@@ -269,7 +282,6 @@ module Dependabot
             .reject { |f| f.name.end_with?(".gemspec") }
             .reject { |f| f.name.end_with?(".specification") }
             .reject { |f| f.name.end_with?(".lock") }
-            .reject { |f| f.name.end_with?(".ruby-version") }
             .reject { |f| f.name == "Gemfile" }
             .reject { |f| f.name == "gems.rb" }
             .reject { |f| f.name == "gems.locked" }

data/lib/dependabot/bundler/file_updater.rb

@@ -127,10 +127,10 @@ module Dependabot
           .reject { |f| f.name.end_with?(".gemspec") }
           .reject { |f| f.name.end_with?(".specification") }
           .reject { |f| f.name.end_with?(".lock") }
-          .reject { |f| f.name.end_with?(".ruby-version") }
           .reject { |f| f.name == "Gemfile" }
           .reject { |f| f.name == "gems.rb" }
           .reject { |f| f.name == "gems.locked" }
+          .reject(&:support_file?)
       end
 
       def updated_gemfile_content(file)

data/lib/dependabot/bundler/update_checker/file_preparer.rb

@@ -94,6 +94,7 @@ module Dependabot
           files += [
             lockfile,
             ruby_version_file,
+            tool_versions_file,
             *imported_ruby_files,
             *specification_files
           ].compact
@@ -130,10 +131,10 @@ module Dependabot
             .reject { |f| f.name.end_with?(".gemspec") }
             .reject { |f| f.name.end_with?(".specification") }
             .reject { |f| f.name.end_with?(".lock") }
-            .reject { |f| f.name.end_with?(".ruby-version") }
             .reject { |f| f.name == "Gemfile" }
             .reject { |f| f.name == "gems.rb" }
             .reject { |f| f.name == "gems.locked" }
+            .reject(&:support_file?)
         end
 
         def lockfile
@@ -154,6 +155,10 @@ module Dependabot
           dependency_files.find { |f| f.name == ".ruby-version" }
         end
 
+        def tool_versions_file
+          dependency_files.find { |f| f.name == ".tool-versions" }
+        end
+
         def path_gemspecs
           all = dependency_files.select { |f| f.name.end_with?(".gemspec") }
           all - top_level_gemspecs

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-bundler
 version: !ruby/object:Gem::Version
-  version: 0.258.0
+  version: 0.259.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-05-16 00:00:00.000000000 Z
+date: 2024-05-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.258.0
+        version: 0.259.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.258.0
+        version: 0.259.0
 - !ruby/object:Gem::Dependency
   name: parallel
   requirement: !ruby/object:Gem::Requirement
@@ -292,10 +292,12 @@ files:
 - helpers/v2/lib/functions/force_updater.rb
 - helpers/v2/lib/functions/lockfile_updater.rb
 - helpers/v2/lib/functions/version_resolver.rb
+- helpers/v2/monkey_patches/definition_bundler_spec_set_patch.rb
 - helpers/v2/monkey_patches/definition_bundler_version_patch.rb
 - helpers/v2/monkey_patches/definition_ruby_version_patch.rb
 - helpers/v2/monkey_patches/git_source_patch.rb
 - helpers/v2/run.rb
+- helpers/v2/spec/definition_bundler_spec_set_patch_spec.rb
 - helpers/v2/spec/functions/conflicting_dependency_resolver_spec.rb
 - helpers/v2/spec/functions/dependency_source_spec.rb
 - helpers/v2/spec/functions/file_parser_spec.rb
@@ -345,7 +347,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.258.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.259.0
 post_install_message: 
 rdoc_options: []
 require_paths: