dependabot-bundler 0.258.0 → 0.260.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c05e36a108ee23327e96a2d23aa12c70539d40817036e5f06d173145a7bcca22
-  data.tar.gz: a71ba498133687bec52f73cfa49047526026bbfe9dbe6d1c91b5180613c19c90
+  metadata.gz: c9538499869166af66a0f2a6659e4e98a79e315448a80829ab14e92b28957594
+  data.tar.gz: c7b99137ddf893896b49fcb90e33144d5dd4b25cf2f1e423bfb5c93a3659e896
 SHA512:
-  metadata.gz: 319e8308114b8d774ce11e62d85c1937e71d7f6090f0c53d01af71df2d555cbdd297a0bf02e7da8d26b2a32ca8e696fac79077882d6c7eeb20e822e34d543402
-  data.tar.gz: c60531c805a0624d8c24a105d91abfc5724482ba1f904bd5f5ea2d428d788bac09204e868daba3896ce67c55221b5319b712341ee1d07bf2555a6427a9d5b26c
+  metadata.gz: 1ae19b8684f6edd8021bfe9ea83b9e434c97a76718d5c7acb510fb063473c0537492cfad227edd1b1d7fdd5260dea1256df3cae09dfc8b0573945f0ce39a13c9
+  data.tar.gz: 7feb5e67e67b9740b465371bbc38cb5f2796c0b07f38b0bf34a18ea3c6939dca58e577ead93168ed35947a8a0e2810364e93dbed3c72efc345d84072b87aa393

data/helpers/v1/spec/functions/conflicting_dependency_resolver_spec.rb

@@ -36,7 +36,7 @@ RSpec.describe Functions::ConflictingDependencyResolver do
       )
     end
 
-    context "with nested transitive dependencies" do
+    context "when dealing with nested transitive dependencies" do
       let(:project_name) { "transitive_blocking" }
       let(:dependency_name) { "activesupport" }
       let(:target_version) { "6.0.0" }

data/helpers/v1/spec/functions/dependency_source_spec.rb

@@ -47,7 +47,7 @@ RSpec.describe Functions::DependencySource do
       ])
     end
 
-    context "with specified as the default source" do
+    context "when specified as the default source" do
       let(:project_name) { "specified_default_source_no_lockfile" }
 
       it "returns all versions from the private source" do
@@ -59,7 +59,7 @@ RSpec.describe Functions::DependencySource do
       end
     end
 
-    context "when that we don't have authentication details for" do
+    context "when we don't have authentication details for" do
       before do
         stub_request(:get, registry_url + "versions")
           .with(basic_auth: ["SECRET_CODES", ""])
@@ -83,7 +83,7 @@ RSpec.describe Functions::DependencySource do
       end
     end
 
-    context "when that we have bad authentication details for" do
+    context "when we have bad authentication details" do
       before do
         stub_request(:get, registry_url + "versions")
           .with(basic_auth: ["SECRET_CODES", ""])
@@ -107,7 +107,7 @@ RSpec.describe Functions::DependencySource do
       end
     end
 
-    context "when that bad-requested, but was a private repo" do
+    context "when bad-requested, but is a private repo" do
       before do
         stub_request(:get, registry_url + "versions")
           .with(basic_auth: ["SECRET_CODES", ""])
@@ -130,7 +130,7 @@ RSpec.describe Functions::DependencySource do
       end
     end
 
-    context "when that doesn't have details of the gem" do
+    context "when it doesn't have details of the gem" do
       before do
         stub_request(:get, gemfury_business_url)
           .with(basic_auth: ["SECRET_CODES", ""])
@@ -152,7 +152,7 @@ RSpec.describe Functions::DependencySource do
       it { is_expected.to be_empty }
     end
 
-    context "when that only implements the old Bundler index format..." do
+    context "when it only implements the old Bundler index format" do
       let(:project_name) { "sidekiq_pro" }
       let(:dependency_name) { "sidekiq-pro" }
       let(:registry_url) { "https://gems.contribsys.com/" }
@@ -179,7 +179,7 @@ RSpec.describe Functions::DependencySource do
       end
 
       it "returns all versions from the private source" do
-        expect(private_registry_versions.length).to eql(70)
+        expect(private_registry_versions.length).to be(70)
         expect(private_registry_versions.min).to eql(Gem::Version.new("1.0.0"))
         expect(private_registry_versions.max).to eql(Gem::Version.new("3.5.2"))
       end

data/helpers/v1/spec/functions/file_parser_spec.rb

@@ -14,14 +14,14 @@ RSpec.describe Functions::FileParser do
   end
 
   describe "#parsed_gemfile" do
-    let(:project_name) { "gemfile" }
-
     subject(:parsed_gemfile) do
       in_tmp_folder do
         dependency_source.parsed_gemfile(gemfile_name: "Gemfile")
       end
     end
 
+    let(:project_name) { "gemfile" }
+
     it "parses gemfile" do
       parsed_gemfile = [
         {
@@ -44,14 +44,14 @@ RSpec.describe Functions::FileParser do
   end
 
   describe "#parsed_gemspec" do
-    let(:project_name) { "gemfile_exact" }
-
     subject(:parsed_gemspec) do
       in_tmp_folder do |_tmp_path|
         dependency_source.parsed_gemspec(gemspec_name: "example.gemspec")
       end
     end
 
+    let(:project_name) { "gemfile_exact" }
+
     it "parses gemspec" do
       parsed_gemspec = [
         {

data/helpers/v1/spec/functions/force_updater_spec.rb

@@ -6,7 +6,7 @@ require "shared_contexts"
 
 RSpec.describe Functions::ForceUpdater do
   include_context "when in a temporary bundler directory"
-  include_context "when stub rubygems compact index"
+  include_context "when stubbing rubygems compact index"
 
   let(:force_updater) do
     described_class.new(

data/helpers/v1/spec/functions/version_resolver_spec.rb

@@ -6,7 +6,7 @@ require "shared_contexts"
 
 RSpec.describe Functions::VersionResolver do
   include_context "when in a temporary bundler directory"
-  include_context "when stub rubygems compact index"
+  include_context "when stubbing rubygems compact index"
 
   let(:version_resolver) do
     described_class.new(
@@ -43,7 +43,7 @@ RSpec.describe Functions::VersionResolver do
     its([:fetcher]) { is_expected.to eq("Bundler::Fetcher::CompactIndex") }
 
     context "with a private gemserver source" do
-      include_context "when stub rubygems compact index"
+      include_context "when stubbing rubygems compact index"
 
       let(:project_name) { "specified_source" }
       let(:requirement_string) { ">= 0" }

data/helpers/v1/spec/shared_contexts.rb

@@ -34,7 +34,7 @@ RSpec.shared_context "without caching rubygems" do
   end
 end
 
-RSpec.shared_context "when stub rubygems compact index" do
+RSpec.shared_context "when stubbing rubygems compact index" do
   include_context "without caching rubygems"
 
   before do

data/helpers/v2/lib/functions/lockfile_updater.rb

@@ -189,7 +189,7 @@ module Functions
       # if those sub-deps are top-level dependencies. We only want true
       # subdeps unlocked, like they were in the UpdateChecker, so we
       # mutate the unlocked gems array.
-      unlocked = defn.instance_variable_get(:@unlock).fetch(:gems)
+      unlocked = defn.instance_variable_get(:@gems_to_unlock)
       must_not_unlock = defn.dependencies.map { |x| x.name.to_s } -
                         dependencies_to_unlock
       unlocked.reject! { |n| must_not_unlock.include?(n) }

data/helpers/v2/spec/functions/conflicting_dependency_resolver_spec.rb

@@ -36,7 +36,7 @@ RSpec.describe Functions::ConflictingDependencyResolver do
       )
     end
 
-    context "with nested transitive dependencies" do
+    context "when dealing with nested transitive dependencies" do
       let(:project_name) { "transitive_blocking" }
       let(:dependency_name) { "activesupport" }
       let(:target_version) { "6.0.0" }

data/helpers/v2/spec/functions/dependency_source_spec.rb

@@ -47,7 +47,7 @@ RSpec.describe Functions::DependencySource do
       ])
     end
 
-    context "with specified as the default source" do
+    context "when specified as the default source" do
       let(:project_name) { "specified_default_source_no_lockfile" }
 
       it "returns all versions from the private source" do
@@ -59,7 +59,7 @@ RSpec.describe Functions::DependencySource do
       end
     end
 
-    context "when that we don't have authentication details for" do
+    context "when we don't have authentication details" do
       before do
         stub_request(:get, registry_url + "versions")
           .with(basic_auth: ["SECRET_CODES", ""])
@@ -82,7 +82,7 @@ RSpec.describe Functions::DependencySource do
       end
     end
 
-    context "when that we have bad authentication details for" do
+    context "when we have bad authentication details" do
       before do
         stub_request(:get, registry_url + "versions")
           .with(basic_auth: ["SECRET_CODES", ""])
@@ -105,7 +105,7 @@ RSpec.describe Functions::DependencySource do
       end
     end
 
-    context "when that bad-requested, but was a private repo" do
+    context "when there is a bad request but it's a private repo" do
       before do
         stub_request(:get, registry_url + "versions")
           .with(basic_auth: ["SECRET_CODES", ""])
@@ -131,7 +131,7 @@ RSpec.describe Functions::DependencySource do
       end
     end
 
-    context "when that doesn't have details of the gem" do
+    context "when the gem details are not available" do
       before do
         stub_request(:get, gemfury_business_url)
           .with(basic_auth: ["SECRET_CODES", ""])
@@ -153,7 +153,7 @@ RSpec.describe Functions::DependencySource do
       it { is_expected.to be_empty }
     end
 
-    context "when that only implements the old Bundler index format..." do
+    context "when only the old Bundler index format is implemented" do
       let(:project_name) { "sidekiq_pro" }
       let(:dependency_name) { "sidekiq-pro" }
       let(:registry_url) { "https://gems.contribsys.com/" }
@@ -180,7 +180,7 @@ RSpec.describe Functions::DependencySource do
       end
 
       it "returns all versions from the private source" do
-        expect(private_registry_versions.length).to eql(70)
+        expect(private_registry_versions.length).to be(70)
         expect(private_registry_versions.min).to eql(Gem::Version.new("1.0.0"))
         expect(private_registry_versions.max).to eql(Gem::Version.new("3.5.2"))
       end

data/helpers/v2/spec/functions/file_parser_spec.rb

@@ -14,14 +14,14 @@ RSpec.describe Functions::FileParser do
   end
 
   describe "#parsed_gemfile" do
-    let(:project_name) { "gemfile" }
-
     subject(:parsed_gemfile) do
       in_tmp_folder do
         dependency_source.parsed_gemfile(gemfile_name: "Gemfile")
       end
     end
 
+    let(:project_name) { "gemfile" }
+
     it "parses gemfile" do
       parsed_gemfile = [
         {
@@ -109,14 +109,14 @@ RSpec.describe Functions::FileParser do
   end
 
   describe "#parsed_gemspec" do
-    let(:project_name) { "gemfile_exact" }
-
     subject(:parsed_gemspec) do
       in_tmp_folder do |_tmp_path|
         dependency_source.parsed_gemspec(gemspec_name: "example.gemspec")
       end
     end
 
+    let(:project_name) { "gemfile_exact" }
+
     it "parses gemspec" do
       parsed_gemspec = [
         {

data/helpers/v2/spec/functions/force_updater_spec.rb

@@ -6,7 +6,7 @@ require "shared_contexts"
 
 RSpec.describe Functions::ForceUpdater do
   include_context "when in a temporary bundler directory"
-  include_context "when stub rubygems compact index"
+  include_context "when stubbing rubygems compact index"
 
   let(:force_updater) do
     described_class.new(

data/helpers/v2/spec/functions/version_resolver_spec.rb

@@ -6,7 +6,7 @@ require "shared_contexts"
 
 RSpec.describe Functions::VersionResolver do
   include_context "when in a temporary bundler directory"
-  include_context "when stub rubygems compact index"
+  include_context "when stubbing rubygems compact index"
 
   let(:version_resolver) do
     described_class.new(
@@ -36,6 +36,9 @@ RSpec.describe Functions::VersionResolver do
     stub_request(:get, "https://rubygems.org/quick/Marshal.4.8/statesman-1.2.1.gemspec.rz")
       .to_return(status: 200, body: fixture("rubygems_responses", "statesman-1.2.1.gemspec.rz"))
 
+    stub_request(:get, "https://rubygems.org/quick/Marshal.4.8/statesman-1.2.5.gemspec.rz")
+      .to_return(status: 200, body: fixture("rubygems_responses", "statesman-1.2.5.gemspec.rz"))
+
     stub_request(:get, %r{quick/Marshal.4.8/business-.*.gemspec.rz})
       .to_return(status: 200, body: fixture("rubygems_responses", "business-1.0.0.gemspec.rz"))
   end
@@ -52,7 +55,7 @@ RSpec.describe Functions::VersionResolver do
     its([:fetcher]) { is_expected.to eq("Bundler::Fetcher::CompactIndex") }
 
     context "with a private gemserver source" do
-      include_context "when stub rubygems compact index"
+      include_context "when stubbing rubygems compact index"
 
       let(:project_name) { "specified_source" }
       let(:requirement_string) { ">= 0" }
@@ -102,12 +105,12 @@ RSpec.describe Functions::VersionResolver do
       its([:fetcher]) { is_expected.to eq("Bundler::Fetcher::Dependency") }
     end
 
-    context "with no update possible due to a version conflict" do
+    context "when there's a version conflict with a subdep also listed as a top level dependency" do
       let(:project_name) { "version_conflict_with_listed_subdep" }
       let(:dependency_name) { "rspec-mocks" }
       let(:requirement_string) { ">= 0" }
 
-      its([:version]) { is_expected.to eq(Gem::Version.new("3.6.0")) }
+      its([:version]) { is_expected.to be > Gem::Version.new("3.6.0") }
     end
   end
 end

data/helpers/v2/spec/functions_spec.rb

@@ -12,7 +12,7 @@ RSpec.describe Functions do
 
     it "returns the jfrog source" do
       in_tmp_folder do
-        jfrog_source = Functions.jfrog_source(
+        jfrog_source = described_class.jfrog_source(
           dir: tmp_path,
           gemfile_name: "Gemfile",
           credentials: {}
@@ -24,10 +24,9 @@ RSpec.describe Functions do
   end
 
   describe "#git_specs" do
-    let(:project_name) { "git_source" }
     subject(:git_specs) do
       in_tmp_folder do
-        Functions.git_specs(
+        described_class.git_specs(
           dir: tmp_path,
           gemfile_name: "Gemfile",
           credentials: {}
@@ -35,6 +34,8 @@ RSpec.describe Functions do
       end
     end
 
+    let(:project_name) { "git_source" }
+
     def expect_specs(count)
       expect(git_specs.size).to eq(count)
       git_specs.each do |gs|

data/helpers/v2/spec/ruby_version_spec.rb

@@ -6,13 +6,15 @@ require "shared_contexts"
 
 RSpec.describe BundlerDefinitionRubyVersionPatch do
   include_context "when in a temporary bundler directory"
-  include_context "when stub rubygems compact index"
+  include_context "when stubbing rubygems compact index"
 
   let(:project_name) { "ruby_version_implied" }
+
   before do
     @ui = Bundler.ui
     Bundler.ui = Bundler::UI::Silent.new
   end
+
   after { Bundler.ui = @ui }
 
   it "updates to the most recent version" do

data/helpers/v2/spec/shared_contexts.rb

@@ -27,7 +27,7 @@ RSpec.shared_context "when in a temporary bundler directory" do
   end
 end
 
-RSpec.shared_context "when stub rubygems compact index" do
+RSpec.shared_context "when stubbing rubygems compact index" do
   before do
     # Stub the Rubygems index
     stub_request(:get, "https://index.rubygems.org/versions")

data/lib/dependabot/bundler/file_fetcher.rb

@@ -45,6 +45,7 @@ module Dependabot
         fetched_files += child_gemfiles
         fetched_files += gemspecs
         fetched_files << ruby_version_file if ruby_version_file
+        fetched_files << tool_versions_file if tool_versions_file
         fetched_files += path_gemspecs
         fetched_files += require_relative_files(fetched_files)
 
@@ -100,9 +101,13 @@ module Dependabot
       def ruby_version_file
         return unless gemfile
 
-        @ruby_version_file ||=
-          fetch_file_if_present(".ruby-version")
-          &.tap { |f| f.support_file = true }
+        @ruby_version_file ||= fetch_support_file(".ruby-version")
+      end
+
+      def tool_versions_file
+        return unless gemfile
+
+        @tool_versions_file ||= fetch_support_file(".tool-versions")
       end
 
       def path_gemspecs

data/lib/dependabot/bundler/file_parser/file_preparer.rb

@@ -28,6 +28,7 @@ module Dependabot
             *evaled_gemfiles,
             lockfile,
             ruby_version_file,
+            tool_versions_file,
             *imported_ruby_files,
             *specification_files
           ].compact
@@ -47,10 +48,10 @@ module Dependabot
             .reject { |f| f.name.end_with?(".gemspec") }
             .reject { |f| f.name.end_with?(".specification") }
             .reject { |f| f.name.end_with?(".lock") }
-            .reject { |f| f.name.end_with?(".ruby-version") }
             .reject { |f| f.name == "Gemfile" }
             .reject { |f| f.name == "gems.rb" }
             .reject { |f| f.name == "gems.locked" }
+            .reject(&:support_file?)
         end
 
         def specification_files
@@ -70,6 +71,10 @@ module Dependabot
           dependency_files.find { |f| f.name == ".ruby-version" }
         end
 
+        def tool_versions_file
+          dependency_files.find { |f| f.name == ".tool-versions" }
+        end
+
         def imported_ruby_files
           dependency_files
             .select { |f| f.name.end_with?(".rb") }

data/lib/dependabot/bundler/file_parser.rb

@@ -245,10 +245,10 @@ module Dependabot
           .reject { |f| f.name.end_with?(".gemspec") }
           .reject { |f| f.name.end_with?(".specification") }
           .reject { |f| f.name.end_with?(".lock") }
-          .reject { |f| f.name.end_with?(".ruby-version") }
           .reject { |f| f.name == "Gemfile" }
           .reject { |f| f.name == "gems.rb" }
           .reject { |f| f.name == "gems.locked" }
+          .reject(&:support_file?)
       end
 
       def lockfile

data/lib/dependabot/bundler/file_updater/lockfile_updater.rb

@@ -96,6 +96,7 @@ module Dependabot
 
           write_gemspecs(top_level_gemspecs)
           write_ruby_version_file
+          write_tool_versions_file
           write_gemspecs(path_gemspecs)
           write_specification_files
           write_imported_ruby_files
@@ -115,6 +116,14 @@ module Dependabot
           File.write(path, ruby_version_file.content)
         end
 
+        def write_tool_versions_file
+          return unless tool_versions_file
+
+          path = tool_versions_file.name
+          FileUtils.mkdir_p(Pathname.new(path).dirname)
+          File.write(path, tool_versions_file.content)
+        end
+
         def write_gemspecs(files)
           files.each do |file|
             path = file.name
@@ -160,6 +169,10 @@ module Dependabot
           dependency_files.find { |f| f.name == ".ruby-version" }
         end
 
+        def tool_versions_file
+          dependency_files.find { |f| f.name == ".tool-versions" }
+        end
+
         def post_process_lockfile(lockfile_body)
           lockfile_body = reorder_git_dependencies(lockfile_body)
           replace_lockfile_ending(lockfile_body)
@@ -269,7 +282,6 @@ module Dependabot
             .reject { |f| f.name.end_with?(".gemspec") }
             .reject { |f| f.name.end_with?(".specification") }
             .reject { |f| f.name.end_with?(".lock") }
-            .reject { |f| f.name.end_with?(".ruby-version") }
             .reject { |f| f.name == "Gemfile" }
             .reject { |f| f.name == "gems.rb" }
             .reject { |f| f.name == "gems.locked" }

data/lib/dependabot/bundler/file_updater.rb

@@ -1,4 +1,4 @@
-# typed: false
+# typed: true
 # frozen_string_literal: true
 
 require "dependabot/file_updaters"
@@ -27,7 +27,7 @@ module Dependabot
       # rubocop:disable Metrics/PerceivedComplexity
       # rubocop:disable Metrics/AbcSize
       def updated_dependency_files
-        updated_files = []
+        updated_files = T.let([], T::Array[Dependabot::DependencyFile])
 
         if gemfile && file_changed?(gemfile)
           updated_files <<
@@ -58,7 +58,7 @@ module Dependabot
 
         check_updated_files(updated_files)
 
-        base_dir = updated_files.first.directory
+        base_dir = T.must(updated_files.first).directory
         vendor_updater
           .updated_vendor_cache_files(base_directory: base_dir)
           .each do |file|
@@ -127,10 +127,10 @@ module Dependabot
           .reject { |f| f.name.end_with?(".gemspec") }
           .reject { |f| f.name.end_with?(".specification") }
           .reject { |f| f.name.end_with?(".lock") }
-          .reject { |f| f.name.end_with?(".ruby-version") }
           .reject { |f| f.name == "Gemfile" }
           .reject { |f| f.name == "gems.rb" }
           .reject { |f| f.name == "gems.locked" }
+          .reject(&:support_file?)
       end
 
       def updated_gemfile_content(file)

data/lib/dependabot/bundler/metadata_finder.rb

@@ -1,4 +1,4 @@
-# typed: false
+# typed: true
 # frozen_string_literal: true
 
 require "excon"
@@ -87,7 +87,7 @@ module Dependabot
         end
 
         source_url = github_urls.find do |url|
-          repo = Source.from_url(url).repo
+          repo = T.must(Source.from_url(url)).repo
           repo.downcase.end_with?(dependency.name)
         end
         return unless source_url
@@ -102,7 +102,7 @@ module Dependabot
         rubygems_marshalled_gemspec_response.gsub("\x06;", "\n")
                                             .scan(Dependabot::Source::SOURCE_REGEX) do
           github_urls << (Regexp.last_match.to_s +
-                         Regexp.last_match.post_match.split("\n").first)
+                         T.must(T.must(Regexp.last_match).post_match.split("\n").first))
         end
 
         github_urls.find do |url|
@@ -204,7 +204,7 @@ module Dependabot
           cred["type"] == "rubygems_server" && cred.replaces_base?
         end
         host = credential ? credential["host"] : "rubygems.org"
-        @base_url = "https://#{host}" + ("/" unless host.end_with?("/"))
+        @base_url = "https://#{host}#{host&.end_with?('/') ? '' : '/'}"
       end
 
       def registry_auth_headers

data/lib/dependabot/bundler/update_checker/file_preparer.rb

@@ -94,6 +94,7 @@ module Dependabot
           files += [
             lockfile,
             ruby_version_file,
+            tool_versions_file,
             *imported_ruby_files,
             *specification_files
           ].compact
@@ -130,10 +131,10 @@ module Dependabot
             .reject { |f| f.name.end_with?(".gemspec") }
             .reject { |f| f.name.end_with?(".specification") }
             .reject { |f| f.name.end_with?(".lock") }
-            .reject { |f| f.name.end_with?(".ruby-version") }
             .reject { |f| f.name == "Gemfile" }
             .reject { |f| f.name == "gems.rb" }
             .reject { |f| f.name == "gems.locked" }
+            .reject(&:support_file?)
         end
 
         def lockfile
@@ -154,6 +155,10 @@ module Dependabot
           dependency_files.find { |f| f.name == ".ruby-version" }
         end
 
+        def tool_versions_file
+          dependency_files.find { |f| f.name == ".tool-versions" }
+        end
+
         def path_gemspecs
           all = dependency_files.select { |f| f.name.end_with?(".gemspec") }
           all - top_level_gemspecs

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-bundler
 version: !ruby/object:Gem::Version
-  version: 0.258.0
+  version: 0.260.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-05-16 00:00:00.000000000 Z
+date: 2024-06-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.258.0
+        version: 0.260.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.258.0
+        version: 0.260.0
 - !ruby/object:Gem::Dependency
   name: parallel
   requirement: !ruby/object:Gem::Requirement
@@ -345,7 +345,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.258.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.260.0
 post_install_message: 
 rdoc_options: []
 require_paths: