RubyGems - dependabot-bundler - Versions diffs - 0.334.0 → 0.336.0 - Mend

dependabot-bundler 0.334.0 → 0.336.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 37ba3de8a1d1b67ae172bb66d32d9b3fb93780d98441e41fced9bea77d40027a
-  data.tar.gz: 48b422ee5ebcb1e925f0cb0b84fab0aa164fd85efb94ab54e5b9152d6304c82e
+  metadata.gz: 0d81eae78c38a98b8637024836c9fa8c219916509e07cb207fca3fdaf017cc95
+  data.tar.gz: e99f4c6991029f7f44fc0a82c79298e7b57ca5e52e723abcf7e0a29f23635d2e
 SHA512:
-  metadata.gz: 2a702a441d11d257536810283d217a25149aaaab772c6eab11fd7caf958660af245b8b5836c2b92062b1384ac6ca0fadd7f5801c954b5b24e4eec971d41a5d1a
-  data.tar.gz: e2929aa03f76bb71700970e4b2cfea6f90f374a00e4f2ddcbf61ccdd2f1a7fd6fff84c0173f531a294b77552775316dba3965671036f91d78412068d8c194072
+  metadata.gz: 34cd1e356e391a6606063e807f2aa190dbe5e2812d3a207b625b222c02515cc24f5ea1066d99b96ced8a1bb26d0c23144eefb1ec75a534ee907936716906e261
+  data.tar.gz: 20c66bb7c4d1293f0fb19f3f5ebec61de873f3a21066b6d4ee9935d0bb858151d381c91e2f5979bd727b226fd787de6f1f8fd71b1f9979dfc54a5d9aad124f04

data/helpers/v2/lib/functions/force_updater.rb CHANGED Viewed

@@ -5,8 +5,13 @@ module Functions
   class ForceUpdater
     class TopLevelDependencyDowngradedError < StandardError; end
-    def initialize(dependency_name:, target_version:, gemfile_name:,
-                   lockfile_name:, update_multiple_dependencies:)
+    def initialize(
+      dependency_name:,
+      target_version:,
+      gemfile_name:,
+      lockfile_name:,
+      update_multiple_dependencies:
+    )
       @dependency_name = dependency_name
       @target_version = target_version
       @gemfile_name = gemfile_name

data/helpers/v2/lib/functions/version_resolver.rb CHANGED Viewed

@@ -10,8 +10,12 @@ module Functions
     attr_reader :gemfile_name
     attr_reader :lockfile_name
-    def initialize(dependency_name:, dependency_requirements:,
-                   gemfile_name:, lockfile_name:)
+    def initialize(
+      dependency_name:,
+      dependency_requirements:,
+      gemfile_name:,
+      lockfile_name:
+    )
       @dependency_name = dependency_name
       @dependency_requirements = dependency_requirements
       @gemfile_name = gemfile_name

data/helpers/v2/spec/functions/conflicting_dependency_resolver_spec.rb CHANGED Viewed

@@ -42,42 +42,50 @@ RSpec.describe Functions::ConflictingDependencyResolver do
       let(:target_version) { "6.0.0" }
       it "returns a list of dependencies that block the update" do
-        expect(conflicting_dependencies).to contain_exactly({
-          "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0)",
-          "name" => "rails",
-          "requirement" => "= 5.2.0",
-          "version" => "5.2.0"
-        }, {
-          "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via actionpack (5.2.0)",
-          "name" => "actionpack",
-          "version" => "5.2.0",
-          "requirement" => "= 5.2.0"
-        }, {
-          "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via actionview (5.2.0)",
-          "name" => "actionview",
-          "version" => "5.2.0",
-          "requirement" => "= 5.2.0"
-        }, {
-          "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via activejob (5.2.0)",
-          "name" => "activejob",
-          "version" => "5.2.0",
-          "requirement" => "= 5.2.0"
-        }, {
-          "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via activemodel (5.2.0)",
-          "name" => "activemodel",
-          "version" => "5.2.0",
-          "requirement" => "= 5.2.0"
-        }, {
-          "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via activerecord (5.2.0)",
-          "name" => "activerecord",
-          "version" => "5.2.0",
-          "requirement" => "= 5.2.0"
-        }, {
-          "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via railties (5.2.0)",
-          "name" => "railties",
-          "version" => "5.2.0",
-          "requirement" => "= 5.2.0"
-        })
+        expect(conflicting_dependencies).to contain_exactly(
+          {
+            "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0)",
+            "name" => "rails",
+            "requirement" => "= 5.2.0",
+            "version" => "5.2.0"
+          },
+          {
+            "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via actionpack (5.2.0)",
+            "name" => "actionpack",
+            "version" => "5.2.0",
+            "requirement" => "= 5.2.0"
+          },
+          {
+            "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via actionview (5.2.0)",
+            "name" => "actionview",
+            "version" => "5.2.0",
+            "requirement" => "= 5.2.0"
+          },
+          {
+            "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via activejob (5.2.0)",
+            "name" => "activejob",
+            "version" => "5.2.0",
+            "requirement" => "= 5.2.0"
+          },
+          {
+            "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via activemodel (5.2.0)",
+            "name" => "activemodel",
+            "version" => "5.2.0",
+            "requirement" => "= 5.2.0"
+          },
+          {
+            "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via activerecord (5.2.0)",
+            "name" => "activerecord",
+            "version" => "5.2.0",
+            "requirement" => "= 5.2.0"
+          },
+          {
+            "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via railties (5.2.0)",
+            "name" => "railties",
+            "version" => "5.2.0",
+            "requirement" => "= 5.2.0"
+          }
+        )
       end
     end
@@ -88,22 +96,26 @@ RSpec.describe Functions::ConflictingDependencyResolver do
       let(:project_name) { "multiple_blocking" }
       it "returns all of the blocking dependencies" do
-        expect(conflicting_dependencies).to contain_exactly({
-          "explanation" => "actionmailer (5.0.0) requires activesupport (= 5.0.0) via actionpack (5.0.0)",
-          "name" => "actionpack",
-          "version" => "5.0.0",
-          "requirement" => "= 5.0.0"
-        }, {
-          "explanation" => "actionview (5.0.0) requires activesupport (= 5.0.0)",
-          "name" => "actionview",
-          "version" => "5.0.0",
-          "requirement" => "= 5.0.0"
-        }, {
-          "explanation" => "actionmailer (5.0.0) requires activesupport (= 5.0.0) via activejob (5.0.0)",
-          "name" => "activejob",
-          "version" => "5.0.0",
-          "requirement" => "= 5.0.0"
-        })
+        expect(conflicting_dependencies).to contain_exactly(
+          {
+            "explanation" => "actionmailer (5.0.0) requires activesupport (= 5.0.0) via actionpack (5.0.0)",
+            "name" => "actionpack",
+            "version" => "5.0.0",
+            "requirement" => "= 5.0.0"
+          },
+          {
+            "explanation" => "actionview (5.0.0) requires activesupport (= 5.0.0)",
+            "name" => "actionview",
+            "version" => "5.0.0",
+            "requirement" => "= 5.0.0"
+          },
+          {
+            "explanation" => "actionmailer (5.0.0) requires activesupport (= 5.0.0) via activejob (5.0.0)",
+            "name" => "activejob",
+            "version" => "5.0.0",
+            "requirement" => "= 5.0.0"
+          }
+        )
       end
     end

data/helpers/v2/spec/functions/dependency_source_spec.rb CHANGED Viewed

@@ -40,22 +40,26 @@ RSpec.describe Functions::DependencySource do
     end
     it "returns all versions from the private source" do
-      expect(private_registry_versions).to eq([
-        Gem::Version.new("1.5.0"),
-        Gem::Version.new("1.9.0"),
-        Gem::Version.new("1.10.0.beta")
-      ])
+      expect(private_registry_versions).to eq(
+        [
+          Gem::Version.new("1.5.0"),
+          Gem::Version.new("1.9.0"),
+          Gem::Version.new("1.10.0.beta")
+        ]
+      )
     end
     context "when specified as the default source" do
       let(:project_name) { "specified_default_source_no_lockfile" }
       it "returns all versions from the private source" do
-        expect(private_registry_versions).to eq([
-          Gem::Version.new("1.5.0"),
-          Gem::Version.new("1.9.0"),
-          Gem::Version.new("1.10.0.beta")
-        ])
+        expect(private_registry_versions).to eq(
+          [
+            Gem::Version.new("1.5.0"),
+            Gem::Version.new("1.9.0"),
+            Gem::Version.new("1.10.0.beta")
+          ]
+        )
       end
     end

data/helpers/v2/spec/functions/version_resolver_spec.rb CHANGED Viewed

@@ -96,8 +96,10 @@ RSpec.describe Functions::VersionResolver do
         stub_request(:get, old_index_url + "?gems=business,statesman")
           .to_return(
             status: 200,
-            body: fixture("rubygems_responses",
-                          "dependencies-default-gemfile")
+            body: fixture(
+              "rubygems_responses",
+              "dependencies-default-gemfile"
+            )
           )
       end

data/lib/dependabot/bundler/file_fetcher.rb CHANGED Viewed

@@ -75,16 +75,20 @@ module Dependabot
       def gemfile
         return @gemfile if defined?(@gemfile)
-        @gemfile = T.let(fetch_file_if_present("gems.rb") || fetch_file_if_present("Gemfile"),
-                         T.nilable(Dependabot::DependencyFile))
+        @gemfile = T.let(
+          fetch_file_if_present("gems.rb") || fetch_file_if_present("Gemfile"),
+          T.nilable(Dependabot::DependencyFile)
+        )
       end
       sig { returns(T.nilable(DependencyFile)) }
       def lockfile
         return @lockfile if defined?(@lockfile)
-        @lockfile = T.let(fetch_file_if_present("gems.locked") || fetch_file_if_present("Gemfile.lock"),
-                          T.nilable(Dependabot::DependencyFile))
+        @lockfile = T.let(
+          fetch_file_if_present("gems.locked") || fetch_file_if_present("Gemfile.lock"),
+          T.nilable(Dependabot::DependencyFile)
+        )
       end
       sig { returns(T::Array[Dependabot::DependencyFile]) }
@@ -239,8 +243,10 @@ module Dependabot
       end
       sig do
-        params(file: DependencyFile,
-               previously_fetched_files: T::Array[DependencyFile]).returns(T::Array[DependencyFile])
+        params(
+          file: DependencyFile,
+          previously_fetched_files: T::Array[DependencyFile]
+        ).returns(T::Array[DependencyFile])
       end
       def fetch_child_gemfiles(file:, previously_fetched_files:)
         paths = ChildGemfileFinder.new(gemfile: file).child_gemfile_paths

data/lib/dependabot/bundler/file_parser.rb CHANGED Viewed

@@ -209,8 +209,10 @@ module Dependabot
       sig { returns(T::Array[T::Hash[String, T.untyped]]) }
       def parsed_gemfile
         @parsed_gemfile ||= T.let(
-          SharedHelpers.in_a_temporary_repo_directory(T.must(base_directory),
-                                                      repo_contents_path) do
+          SharedHelpers.in_a_temporary_repo_directory(
+            T.must(base_directory),
+            repo_contents_path
+          ) do
             write_temporary_dependency_files
             NativeHelpers.run_bundler_subprocess(

data/lib/dependabot/bundler/file_updater/gemspec_updater.rb CHANGED Viewed

@@ -39,20 +39,27 @@ module Dependabot
         attr_reader :gemspec
         sig do
-          params(gemspec: Dependabot::DependencyFile, dependency: Dependabot::Dependency,
-                 content: String).returns(String)
+          params(
+            gemspec: Dependabot::DependencyFile,
+            dependency: Dependabot::Dependency,
+            content: String
+          ).returns(String)
         end
         def replace_gemspec_version_requirement(gemspec, dependency, content)
           return content unless requirement_changed?(gemspec, dependency)
           updated_requirement =
-            T.must(dependency.requirements
-                      .find { |r| r[:file] == gemspec.name })
+            T.must(
+              dependency.requirements
+                                    .find { |r| r[:file] == gemspec.name }
+            )
              .fetch(:requirement)
           previous_requirement =
-            T.must(T.must(dependency.previous_requirements)
-                      .find { |r| r[:file] == gemspec.name })
+            T.must(
+              T.must(dependency.previous_requirements)
+                                    .find { |r| r[:file] == gemspec.name }
+            )
              .fetch(:requirement)
           RequirementReplacer.new(

data/lib/dependabot/bundler/file_updater/lockfile_updater.rb CHANGED Viewed

@@ -36,8 +36,13 @@ module Dependabot
             repo_contents_path: T.nilable(String)
           ).void
         end
-        def initialize(dependencies:, dependency_files:, credentials:, options:,
-                       repo_contents_path: nil)
+        def initialize(
+          dependencies:,
+          dependency_files:,
+          credentials:,
+          options:,
+          repo_contents_path: nil
+        )
           @dependencies = T.let(dependencies, T::Array[Dependabot::Dependency])
           @dependency_files = T.let(dependency_files, T::Array[Dependabot::DependencyFile])
           @repo_contents_path = T.let(repo_contents_path, T.nilable(String))

data/lib/dependabot/bundler/file_updater/requirement_replacer.rb CHANGED Viewed

@@ -33,8 +33,13 @@ module Dependabot
             insert_if_bare: T::Boolean
           ).void
         end
-        def initialize(dependency:, file_type:, updated_requirement:,
-                       previous_requirement: nil, insert_if_bare: false)
+        def initialize(
+          dependency:,
+          file_type:,
+          updated_requirement:,
+          previous_requirement: nil,
+          insert_if_bare: false
+        )
           @dependency           = dependency
           @file_type            = file_type
           @updated_requirement  = updated_requirement
@@ -121,8 +126,12 @@ module Dependabot
               insert_if_bare: T::Boolean
             ).void
           end
-          def initialize(dependency:, file_type:, updated_requirement:,
-                         insert_if_bare:)
+          def initialize(
+            dependency:,
+            file_type:,
+            updated_requirement:,
+            insert_if_bare:
+          )
             @dependency = T.let(dependency, Dependabot::Dependency)
             @file_type = T.let(file_type, Symbol)
             @updated_requirement = T.let(updated_requirement, String)
@@ -250,9 +259,11 @@ module Dependabot
               use_equality_operator: T::Boolean
             ).returns(String)
           end
-          def new_requirement_string(quote_characters:,
-                                     space_after_specifier:,
-                                     use_equality_operator:)
+          def new_requirement_string(
+            quote_characters:,
+            space_after_specifier:,
+            use_equality_operator:
+          )
             open_quote, close_quote = quote_characters
             new_requirement_string =
               updated_requirement.split(",")

data/lib/dependabot/bundler/metadata_finder.rb CHANGED Viewed

@@ -11,16 +11,19 @@ module Dependabot
     class MetadataFinder < Dependabot::MetadataFinders::Base
       extend T::Sig
-      SOURCE_KEYS = T.let(%w(
-        source_code_uri
-        homepage_uri
-        wiki_uri
-        bug_tracker_uri
-        documentation_uri
-        changelog_uri
-        mailing_list_uri
-        download_uri
-      ).freeze, T::Array[String])
+      SOURCE_KEYS = T.let(
+        %w(
+          source_code_uri
+          homepage_uri
+          wiki_uri
+          bug_tracker_uri
+          documentation_uri
+          changelog_uri
+          mailing_list_uri
+          download_uri
+        ).freeze,
+        T::Array[String]
+      )
       sig do
         params(

data/lib/dependabot/bundler/package/package_details_fetcher.rb CHANGED Viewed

@@ -143,7 +143,9 @@ module Dependabot
           rescue URI::InvalidURIError
             raise "Invalid registry URL: #{registry_url}"
           end
-          return package_details([]) if parsed_url.host == "rubygems.pkg.github.com"
+          # Handle GitHub Package Registry
+          return github_packages_versions(registry_url) if parsed_url.host == "rubygems.pkg.github.com"
           response = registry_json_response_for_dependency(registry_url)
@@ -193,6 +195,61 @@ module Dependabot
           )
         end
+        sig { params(registry_url: String).returns(Dependabot::Package::PackageDetails) }
+        def github_packages_versions(registry_url)
+          # Extract org name from URL like "https://rubygems.pkg.github.com/dsp-testing/"
+          org_name = registry_url.split("/").last
+          # GitHub Packages API endpoint for RubyGems packages
+          api_url = "https://api.github.com/orgs/#{org_name}/packages/rubygems/#{dependency.name}/versions"
+          response = Dependabot::RegistryClient.get(
+            url: api_url,
+            headers: {
+              "Accept" => "application/vnd.github.v3+json",
+              "Authorization" => "Bearer #{github_token}"
+            }
+          )
+          unless response.status == 200
+            error_details = "Status: #{response.status}"
+            error_details += " (Package not found in GitHub Registry)" if response.status == 404
+            error_message = "Failed to fetch versions for '#{dependency.name}' from GitHub Packages. #{error_details}"
+            Dependabot.logger.info(error_message)
+            return package_details([])
+          end
+          begin
+            versions_data = JSON.parse(response.body)
+            package_releases = versions_data.map do |version_info|
+              # GitHub Packages API returns different structure than RubyGems
+              version_number = version_info["name"] # GitHub uses "name" for version
+              created_at = version_info["created_at"]
+              package_release(
+                version: version_number,
+                released_at: Time.parse(created_at),
+                downloads: 0, # GitHub Packages doesn't provide download counts
+                url: "#{registry_url}/gems/#{dependency.name}-#{version_number}.gem",
+                ruby_version: nil # GitHub Packages API doesn't provide ruby version requirements
+              )
+            end
+            package_details(package_releases)
+          rescue JSON::ParserError => e
+            Dependabot.logger.info("Failed to parse GitHub Packages response: #{e.message}")
+            package_details([])
+          end
+        end
+        sig { returns(T.nilable(String)) }
+        def github_token
+          github_credential = credentials.find do |cred|
+            cred["type"] == "rubygems_server" && cred["host"] == "rubygems.pkg.github.com"
+          end
+          github_credential&.fetch("token", nil)
+        end
         sig { params(req_string: String).returns(Requirement) }
         def language_requirement(req_string)
           Requirement.new(req_string)
@@ -222,7 +279,8 @@ module Dependabot
             Dependabot::Package::PackageDetails.new(
               dependency: dependency,
               releases: releases.reverse.uniq(&:version)
-            ), T.nilable(Dependabot::Package::PackageDetails)
+            ),
+            T.nilable(Dependabot::Package::PackageDetails)
           )
         end

data/lib/dependabot/bundler/update_checker/file_preparer.rb CHANGED Viewed

@@ -53,12 +53,15 @@ module Dependabot
             lock_ruby_version: T::Boolean
           ).void
         end
-        def initialize(dependency_files:, dependency:,
-                       remove_git_source: false,
-                       unlock_requirement: true,
-                       replacement_git_pin: nil,
-                       latest_allowable_version: nil,
-                       lock_ruby_version: true)
+        def initialize(
+          dependency_files:,
+          dependency:,
+          remove_git_source: false,
+          unlock_requirement: true,
+          replacement_git_pin: nil,
+          latest_allowable_version: nil,
+          lock_ruby_version: true
+        )
           @dependency_files = T.let(dependency_files, T::Array[Dependabot::DependencyFile])
           @dependency = T.let(dependency, Dependabot::Dependency)
           @remove_git_source = T.let(remove_git_source, T::Boolean)
@@ -127,10 +130,13 @@ module Dependabot
         sig { returns(T::Array[Dependabot::DependencyFile]) }
         attr_reader :dependency_files
         sig { returns(Dependabot::Dependency) }
         attr_reader :dependency
         sig { returns(T.nilable(String)) }
         attr_reader :replacement_git_pin
         sig { returns(T.nilable(String)) }
         attr_reader :latest_allowable_version

data/lib/dependabot/bundler/update_checker/force_updater.rb CHANGED Viewed

@@ -33,10 +33,16 @@ module Dependabot
             update_multiple_dependencies: T::Boolean
           ).void
         end
-        def initialize(dependency:, dependency_files:, credentials:, target_version:,
-                       requirements_update_strategy:, options:,
-                       repo_contents_path: nil,
-                       update_multiple_dependencies: true)
+        def initialize(
+          dependency:,
+          dependency_files:,
+          credentials:,
+          target_version:,
+          requirements_update_strategy:,
+          options:,
+          repo_contents_path: nil,
+          update_multiple_dependencies: true
+        )
           @dependency                   = dependency
           @dependency_files             = dependency_files
           @repo_contents_path           = repo_contents_path

data/lib/dependabot/bundler/update_checker/latest_version_finder/dependency_source.rb CHANGED Viewed

@@ -46,10 +46,12 @@ module Dependabot
               options: T::Hash[Symbol, T.untyped]
             ).void
           end
-          def initialize(dependency:,
-                         dependency_files:,
-                         credentials:,
-                         options:)
+          def initialize(
+            dependency:,
+            dependency_files:,
+            credentials:,
+            options:
+          )
             @dependency          = dependency
             @dependency_files    = dependency_files
             @repo_contents_path  = T.let(nil, T.nilable(String))

data/lib/dependabot/bundler/update_checker/latest_version_finder.rb CHANGED Viewed

@@ -125,7 +125,8 @@ module Dependabot
               current_version&.prerelease? || dependency.requirements.any? do |req|
                 req[:requirement].match?(/[a-z]/i)
               end
-            end, T.nilable(T::Boolean)
+            end,
+            T.nilable(T::Boolean)
           )
         end
@@ -137,7 +138,8 @@ module Dependabot
               dependency_files: dependency_files,
               credentials: credentials,
               options: options
-            ), T.nilable(DependencySource)
+            ),
+            T.nilable(DependencySource)
           )
         end
       end

data/lib/dependabot/bundler/update_checker/requirements_updater.rb CHANGED Viewed

@@ -32,8 +32,13 @@ module Dependabot
             latest_resolvable_version: T.nilable(String)
           ).void
         end
-        def initialize(requirements:, update_strategy:, updated_source:,
-                       latest_version:, latest_resolvable_version:)
+        def initialize(
+          requirements:,
+          update_strategy:,
+          updated_source:,
+          latest_version:,
+          latest_resolvable_version:
+        )
           @requirements = requirements
           @latest_version = T.let(
             (T.cast(Dependabot::Bundler::Version.new(latest_version), Dependabot::Bundler::Version) if latest_version),
@@ -71,12 +76,16 @@ module Dependabot
         sig { returns(T::Array[T::Hash[Symbol, T.untyped]]) }
         attr_reader :requirements
         sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
         attr_reader :updated_source
         sig { returns(T.nilable(Dependabot::Bundler::Version)) }
         attr_reader :latest_version
         sig { returns(T.nilable(Dependabot::Bundler::Version)) }
         attr_reader :latest_resolvable_version
         sig { returns(Dependabot::RequirementsUpdateStrategy) }
         attr_reader :update_strategy
@@ -302,8 +311,10 @@ module Dependabot
         # Updates the version in a "~>" constraint to allow the given version
         sig do
-          params(requirement: Gem::Requirement,
-                 version_to_be_permitted: Dependabot::Bundler::Version).returns(Gem::Requirement)
+          params(
+            requirement: Gem::Requirement,
+            version_to_be_permitted: Dependabot::Bundler::Version
+          ).returns(Gem::Requirement)
         end
         def update_twiddle_version(requirement, version_to_be_permitted)
           old_version = requirement.requirements.first.last
@@ -314,8 +325,10 @@ module Dependabot
         # Updates the version in a "<" or "<=" constraint to allow the given
         # version
         sig do
-          params(requirement: Gem::Requirement,
-                 version_to_be_permitted: Dependabot::Bundler::Version).returns(Gem::Requirement)
+          params(
+            requirement: Gem::Requirement,
+            version_to_be_permitted: Dependabot::Bundler::Version
+          ).returns(Gem::Requirement)
         end
         def update_greatest_version(requirement, version_to_be_permitted)
           op, version = requirement.requirements.first

data/lib/dependabot/bundler/update_checker/version_resolver.rb CHANGED Viewed

@@ -39,13 +39,20 @@ module Dependabot
             cooldown_options: T.nilable(Dependabot::Package::ReleaseCooldownOptions)
           ).void
         end
-        def initialize(dependency:, unprepared_dependency_files:, credentials:, ignored_versions:, options:,
-                       repo_contents_path: nil,
-                       raise_on_ignored: false,
-                       replacement_git_pin: nil, remove_git_source: false,
-                       unlock_requirement: true,
-                       latest_allowable_version: nil,
-                       cooldown_options: nil)
+        def initialize(
+          dependency:,
+          unprepared_dependency_files:,
+          credentials:,
+          ignored_versions:,
+          options:,
+          repo_contents_path: nil,
+          raise_on_ignored: false,
+          replacement_git_pin: nil,
+          remove_git_source: false,
+          unlock_requirement: true,
+          latest_allowable_version: nil,
+          cooldown_options: nil
+        )
           @dependency                  = dependency
           @unprepared_dependency_files = unprepared_dependency_files
           @credentials                 = credentials

data/lib/dependabot/bundler/update_checker.rb CHANGED Viewed

@@ -354,8 +354,10 @@ module Dependabot
       sig { returns(Dependabot::Bundler::UpdateChecker::ForceUpdater) }
       def force_updater
         if @force_updater.nil?
-          @force_updater = T.let(@force_updater,
-                                 T.nilable(Dependabot::Bundler::UpdateChecker::ForceUpdater))
+          @force_updater = T.let(
+            @force_updater,
+            T.nilable(Dependabot::Bundler::UpdateChecker::ForceUpdater)
+          )
         end
         @force_updater ||=
           ForceUpdater.new(
@@ -372,8 +374,10 @@ module Dependabot
       sig { returns(Dependabot::GitCommitChecker) }
       def git_commit_checker
         if @git_commit_checker.nil?
-          @git_commit_checker = T.let(@git_commit_checker,
-                                      T.nilable(Dependabot::GitCommitChecker))
+          @git_commit_checker = T.let(
+            @git_commit_checker,
+            T.nilable(Dependabot::GitCommitChecker)
+          )
         end
         @git_commit_checker ||=
           GitCommitChecker.new(
@@ -432,8 +436,11 @@ module Dependabot
           latest_allowable_version: T.nilable(T.any(String, Dependabot::Bundler::Version))
         ).returns(T::Array[Dependabot::DependencyFile])
       end
-      def prepared_dependency_files(remove_git_source:, unlock_requirement:,
-                                    latest_allowable_version: nil)
+      def prepared_dependency_files(
+        remove_git_source:,
+        unlock_requirement:,
+        latest_allowable_version: nil
+      )
         FilePreparer.new(
           dependency: dependency,
           dependency_files: dependency_files,

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-bundler
 version: !ruby/object:Gem::Version
-  version: 0.334.0
+  version: 0.336.0
 platform: ruby
 authors:
 - Dependabot
@@ -15,14 +15,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.334.0
+        version: 0.336.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.334.0
+        version: 0.336.0
 - !ruby/object:Gem::Dependency
   name: parallel
   requirement: !ruby/object:Gem::Requirement
@@ -127,56 +127,56 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.67'
+        version: '1.80'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.67'
+        version: '1.80'
 - !ruby/object:Gem::Dependency
   name: rubocop-performance
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.22'
+        version: '1.26'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.22'
+        version: '1.26'
 - !ruby/object:Gem::Dependency
   name: rubocop-rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.29'
+        version: '3.7'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.29'
+        version: '3.7'
 - !ruby/object:Gem::Dependency
   name: rubocop-sorbet
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.8'
+        version: '0.10'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.8'
+        version: '0.10'
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -322,7 +322,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.334.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.336.0
 rdoc_options: []
 require_paths:
 - lib