dependabot-common 0.117.10 → 0.118.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a2a9d6ee089d6bb1c3e08a6858d924b995e13bfa7238746ccd8c55d217517185
-  data.tar.gz: 67048f550cf7595808e21d0cdf4864bf662140706261b3843f19bc480028c5c6
+  metadata.gz: d722e5df4607da96bfecc6e9f8fee39ff7ece6b069aaa25652c37fe1899e862b
+  data.tar.gz: '002249968a3815f8ece501ee39825d7b98630d44a2015c3e198346452646cb33'
 SHA512:
-  metadata.gz: e3211d6c6f5da2b379377cf28552d5173ccda7285bad50e1a85c433a0202655cd414ca21d80b521f925092faa22d1eb64ddb9066d91384f8d19e5399b9c8fcc7
-  data.tar.gz: '087ea4164b328bb0ed195b8a4f44c0c92358b1e763d186f22008f704097a59d16403c8d304cd503c1697631f5c022c7b143d69d10f27ccd458f384050199907c'
+  metadata.gz: 255df4e43643c130fd8e947a49e8c951234e6e66da0fef3c165f4521d176b478c70bff9dd2fa223a26641c4124280681100d8cd3c17ec3839cebf99465a3b7a8
+  data.tar.gz: 5beed00fd52d9f8ed67e50580f9eb509dab6071c8ade88f22002e70d4007cefc88b4a592360b887356cd74d4a76e58db575a970822bbe8db90a132ab577f9b73

data/lib/dependabot/errors.rb

@@ -25,7 +25,7 @@ module Dependabot
   class OutOfMemory < DependabotError; end
 
   #####################
-  # Repo leval errors #
+  # Repo level errors #
   #####################
 
   class BranchNotFound < DependabotError
@@ -191,4 +191,7 @@ module Dependabot
       super(msg)
     end
   end
+
+  # Raised by UpdateChecker if all candidate updates are ignored
+  class AllVersionsIgnored < DependabotError; end
 end

data/lib/dependabot/git_commit_checker.rb

@@ -21,11 +21,13 @@ module Dependabot
       )$
     /ix.freeze
 
-    def initialize(dependency:, credentials:, ignored_versions: [],
+    def initialize(dependency:, credentials:,
+                   ignored_versions: [], raise_on_ignored: false,
                    requirement_class: nil, version_class: nil)
       @dependency = dependency
       @credentials = credentials
       @ignored_versions = ignored_versions
+      @raise_on_ignored = raise_on_ignored
       @requirement_class = requirement_class
       @version_class = version_class
     end
@@ -85,15 +87,22 @@ module Dependabot
     end
 
     def local_tag_for_latest_version
-      tag =
+      tags =
         local_tags.
-        select { |t| version_tag?(t.name) && matches_existing_prefix?(t.name) }.
-        reject { |t| tag_included_in_ignore_reqs?(t) }.
-        reject { |t| tag_is_prerelease?(t) && !wants_prerelease? }.
-        max_by do |t|
-          version = t.name.match(VERSION_REGEX).named_captures.fetch("version")
-          version_class.new(version)
-        end
+        select { |t| version_tag?(t.name) && matches_existing_prefix?(t.name) }
+      filtered = tags.
+                 reject { |t| tag_included_in_ignore_reqs?(t) }
+      if @raise_on_ignored && tags.any? && filtered.empty?
+        raise Dependabot::AllVersionsIgnored
+      end
+
+      tag = filtered.
+            reject { |t| tag_is_prerelease?(t) && !wants_prerelease? }.
+            max_by do |t|
+              version = t.name.match(VERSION_REGEX).named_captures.
+                        fetch("version")
+              version_class.new(version)
+            end
 
       return unless tag
 

data/lib/dependabot/metadata_finders/base/changelog_finder.rb

@@ -314,24 +314,29 @@ module Dependabot
         end
 
         def new_version
-          @new_version ||= git_source? ? new_ref : dependency.version
-          @new_version&.gsub(/^v/, "")
+          return @new_version if defined?(@new_version)
+
+          new_version = git_source? && new_ref ? new_ref : dependency.version
+          @new_version = new_version&.gsub(/^v/, "")
         end
 
         def previous_ref
-          dependency.previous_requirements.map do |r|
+          previous_refs = dependency.previous_requirements.map do |r|
             r.dig(:source, "ref") || r.dig(:source, :ref)
-          end.compact.first
+          end.compact.uniq
+          return previous_refs.first if previous_refs.count == 1
         end
 
         def new_ref
-          dependency.requirements.map do |r|
+          new_refs = dependency.requirements.map do |r|
             r.dig(:source, "ref") || r.dig(:source, :ref)
-          end.compact.first
+          end.compact.uniq
+          return new_refs.first if new_refs.count == 1
         end
 
         def ref_changed?
-          previous_ref && new_ref && previous_ref != new_ref
+          # We could go from multiple previous refs (nil) to a single new ref
+          previous_ref != new_ref
         end
 
         # TODO: Refactor me so that Composer doesn't need to be special cased
@@ -343,10 +348,8 @@ module Dependabot
           requirements = dependency.requirements
           sources = requirements.map { |r| r.fetch(:source) }.uniq.compact
           return false if sources.empty?
-          raise "Multiple sources! #{sources.join(', ')}" if sources.count > 1
 
-          source_type = sources.first[:type] || sources.first.fetch("type")
-          source_type == "git"
+          sources.all? { |s| s[:type] == "git" || s["type"] == "git" }
         end
 
         def major_version_upgrade?

data/lib/dependabot/metadata_finders/base/changelog_pruner.rb

@@ -139,19 +139,17 @@ module Dependabot
         end
 
         def previous_ref
-          dependency.previous_requirements.map do |r|
+          previous_refs = dependency.previous_requirements.map do |r|
             r.dig(:source, "ref") || r.dig(:source, :ref)
-          end.compact.first
+          end.compact.uniq
+          return previous_refs.first if previous_refs.count == 1
         end
 
         def new_ref
-          dependency.requirements.map do |r|
+          new_refs = dependency.requirements.map do |r|
             r.dig(:source, "ref") || r.dig(:source, :ref)
-          end.compact.first
-        end
-
-        def ref_changed?
-          previous_ref && new_ref && previous_ref != new_ref
+          end.compact.uniq
+          return new_refs.first if new_refs.count == 1
         end
 
         # TODO: Refactor me so that Composer doesn't need to be special cased
@@ -163,10 +161,8 @@ module Dependabot
           requirements = dependency.requirements
           sources = requirements.map { |r| r.fetch(:source) }.uniq.compact
           return false if sources.empty?
-          raise "Multiple sources! #{sources.join(', ')}" if sources.count > 1
 
-          source_type = sources.first[:type] || sources.first.fetch("type")
-          source_type == "git"
+          sources.all? { |s| s[:type] == "git" || s["type"] == "git" }
         end
 
         def version_class

data/lib/dependabot/metadata_finders/base/commits_finder.rb

@@ -55,7 +55,7 @@ module Dependabot
             return new_version
           end
 
-          return new_ref if git_source?(dependency.requirements) && ref_changed?
+          return new_ref if new_ref && ref_changed?
 
           tags = dependency_tags.
                  select { |tag| tag_matches_version?(tag, new_version) }.
@@ -73,7 +73,7 @@ module Dependabot
           if git_source?(dependency.previous_requirements) &&
              git_sha?(previous_version)
             previous_version
-          elsif git_source?(dependency.previous_requirements) && ref_changed?
+          elsif previous_ref && ref_changed?
             previous_ref
           elsif previous_version
             tags = dependency_tags.
@@ -126,32 +126,31 @@ module Dependabot
 
           sources = requirements.map { |r| r.fetch(:source) }.uniq.compact
           return false if sources.empty?
-          raise "Multiple sources! #{sources.join(', ')}" if sources.count > 1
 
-          source_type = sources.first[:type] || sources.first.fetch("type")
-          source_type == "git"
+          sources.all? { |s| s[:type] == "git" || s["type"] == "git" }
         end
 
         def ref_changed?
-          return false unless previous_ref && new_ref
-
+          # We could go from multiple previous refs (nil) to a single new ref
           previous_ref != new_ref
         end
 
         def previous_ref
           return unless git_source?(dependency.previous_requirements)
 
-          dependency.previous_requirements.map do |r|
+          previous_refs = dependency.previous_requirements.map do |r|
             r.dig(:source, "ref") || r.dig(:source, :ref)
-          end.compact.first
+          end.compact.uniq
+          return previous_refs.first if previous_refs.count == 1
         end
 
         def new_ref
           return unless git_source?(dependency.previous_requirements)
 
-          dependency.requirements.map do |r|
+          new_refs = dependency.requirements.map do |r|
             r.dig(:source, "ref") || r.dig(:source, :ref)
-          end.compact.first
+          end.compact.uniq
+          return new_refs.first if new_refs.count == 1
         end
 
         def tag_matches_version?(tag, version)

data/lib/dependabot/metadata_finders/base/release_finder.rb

@@ -251,8 +251,11 @@ module Dependabot
             return ref_changed? ? previous_ref : nil
           end
 
+          # Previous version looks like a git SHA and there's a previous ref, we
+          # could be changing to a nil previous ref in which case we want to
+          # fall back to tge sha version
           if dependency.previous_version.match?(/^[0-9a-f]{40}$/) &&
-             ref_changed?
+             ref_changed? && previous_ref
             previous_ref
           else
             dependency.previous_version
@@ -260,7 +263,11 @@ module Dependabot
         end
 
         def new_version
-          if dependency.version.match?(/^[0-9a-f]{40}$/) && ref_changed?
+          # New version looks like a git SHA and there's a new ref, guarding
+          # against changes to a nil new_ref (not certain this can actually
+          # happen atm)
+          if dependency.version.match?(/^[0-9a-f]{40}$/) && ref_changed? &&
+             new_ref
             return new_ref
           end
 
@@ -268,20 +275,21 @@ module Dependabot
         end
 
         def previous_ref
-          dependency.previous_requirements.map do |r|
+          previous_refs = dependency.previous_requirements.map do |r|
             r.dig(:source, "ref") || r.dig(:source, :ref)
-          end.compact.first
+          end.compact.uniq
+          return previous_refs.first if previous_refs.count == 1
         end
 
         def new_ref
-          dependency.requirements.map do |r|
+          new_refs = dependency.requirements.map do |r|
             r.dig(:source, "ref") || r.dig(:source, :ref)
-          end.compact.first
+          end.compact.uniq
+          return new_refs.first if new_refs.count == 1
         end
 
         def ref_changed?
-          return false unless previous_ref
-
+          # We could go from multiple previous refs (nil) to a single new ref
           previous_ref != new_ref
         end
 

data/lib/dependabot/pull_request_creator/branch_namer.rb

@@ -36,7 +36,7 @@ module Dependabot
 
             dep = dependencies.first
 
-            if library? && ref_changed?(dependencies.first)
+            if library? && ref_changed?(dep) && new_ref(dep)
               "#{dependency_name_part}-#{new_ref(dep)}"
             elsif library?
               "#{dependency_name_part}-#{sanitized_requirement(dep)}"
@@ -116,9 +116,14 @@ module Dependabot
           gsub(",", "-and-")
       end
 
+      # rubocop:disable Metrics/PerceivedComplexity
       def new_version(dependency)
+        # Version looks like a git SHA and we could be updating to a specific
+        # ref in which case we return that otherwise we return a shorthand sha
         if dependency.version.match?(/^[0-9a-f]{40}$/)
-          return new_ref(dependency) if ref_changed?(dependency)
+          if ref_changed?(dependency) && new_ref(dependency)
+            return new_ref(dependency)
+          end
 
           dependency.version[0..6]
         elsif dependency.version == dependency.previous_version &&
@@ -130,22 +135,25 @@ module Dependabot
           dependency.version
         end
       end
+      # rubocop:enable Metrics/PerceivedComplexity
 
       def previous_ref(dependency)
-        dependency.previous_requirements.map do |r|
+        previous_refs = dependency.previous_requirements.map do |r|
           r.dig(:source, "ref") || r.dig(:source, :ref)
-        end.compact.first
+        end.compact.uniq
+        return previous_refs.first if previous_refs.count == 1
       end
 
       def new_ref(dependency)
-        dependency.requirements.map do |r|
+        new_refs = dependency.requirements.map do |r|
           r.dig(:source, "ref") || r.dig(:source, :ref)
-        end.compact.first
+        end.compact.uniq
+        return new_refs.first if new_refs.count == 1
       end
 
       def ref_changed?(dependency)
-        previous_ref(dependency) && new_ref(dependency) &&
-          previous_ref(dependency) != new_ref(dependency)
+        # We could go from multiple previous refs (nil) to a single new ref
+        previous_ref(dependency) != new_ref(dependency)
       end
 
       def new_library_requirement(dependency)
@@ -159,6 +167,9 @@ module Dependabot
         updated_reqs.first[:requirement]
       end
 
+      # TODO: Look into bringing this in line with existing library checks that
+      # we do in the update checkers, which are also overriden by passing an
+      # explicit `requirements_update_strategy`.
       def library?
         return true if files.map(&:name).any? { |nm| nm.end_with?(".gemspec") }
 

data/lib/dependabot/pull_request_creator/message_builder.rb

@@ -64,7 +64,7 @@ module Dependabot
         pr_name +
           if dependencies.count == 1
             "#{dependencies.first.display_name} requirement "\
-            "from #{old_library_requirement(dependencies.first)} "\
+            "#{from_version_msg(old_library_requirement(dependencies.first))}"\
             "to #{new_library_requirement(dependencies.first)}"
           else
             names = dependencies.map(&:name)
@@ -79,16 +79,18 @@ module Dependabot
         pr_name +
           if dependencies.count == 1
             dependency = dependencies.first
-            "#{dependency.display_name} from #{previous_version(dependency)} "\
+            "#{dependency.display_name} "\
+            "#{from_version_msg(previous_version(dependency))}"\
             "to #{new_version(dependency)}"
           elsif updating_a_property?
             dependency = dependencies.first
-            "#{property_name} from #{previous_version(dependency)} "\
+            "#{property_name} "\
+            "#{from_version_msg(previous_version(dependency))}"\
             "to #{new_version(dependency)}"
           elsif updating_a_dependency_set?
             dependency = dependencies.first
             "#{dependency_set.fetch(:group)} dependency set "\
-            "from #{previous_version(dependency)} "\
+            "#{from_version_msg(previous_version(dependency))}"\
             "to #{new_version(dependency)}"
           else
             names = dependencies.map(&:name)
@@ -178,7 +180,7 @@ module Dependabot
 
         dependency = dependencies.first
         msg = "Bumps #{dependency_links.first} "\
-              "from #{previous_version(dependency)} "\
+              "#{from_version_msg(previous_version(dependency))}"\
               "to #{new_version(dependency)}."
 
         if switching_from_ref_to_release?(dependency)
@@ -200,7 +202,7 @@ module Dependabot
         dependency = dependencies.first
 
         "Bumps `#{property_name}` "\
-        "from #{previous_version(dependency)} "\
+        "#{from_version_msg(previous_version(dependency))}"\
         "to #{new_version(dependency)}."
       end
 
@@ -208,7 +210,7 @@ module Dependabot
         dependency = dependencies.first
 
         "Bumps `#{dependency_set.fetch(:group)}` "\
-        "dependency set from #{previous_version(dependency)} "\
+        "dependency set #{from_version_msg(previous_version(dependency))}"\
         "to #{new_version(dependency)}."
       end
 
@@ -218,6 +220,12 @@ module Dependabot
         "dependencies needed to be updated together."
       end
 
+      def from_version_msg(previous_version)
+        return "" unless previous_version
+
+        "from #{previous_version} "
+      end
+
       def updating_a_property?
         dependencies.first.
           requirements.
@@ -268,7 +276,8 @@ module Dependabot
         end
 
         dependencies.map do |dep|
-          "\n\nUpdates `#{dep.display_name}` from #{previous_version(dep)} to "\
+          "\n\nUpdates `#{dep.display_name}` "\
+          "#{from_version_msg(previous_version(dep))}to "\
           "#{new_version(dep)}"\
           "#{metadata_links_for_dep(dep)}"
         end.join
@@ -289,8 +298,9 @@ module Dependabot
         end
 
         dependencies.map do |dep|
-          msg = "\nUpdates `#{dep.display_name}` from "\
-                "#{previous_version(dep)} to #{new_version(dep)}"
+          msg = "\nUpdates `#{dep.display_name}` "\
+                "#{from_version_msg(previous_version(dep))}"\
+                "to #{new_version(dep)}"
 
           if vulnerabilities_fixed[dep.name]&.one?
             msg += " **This update includes a security fix.**"
@@ -567,7 +577,9 @@ module Dependabot
         end
 
         if dependency.previous_version.match?(/^[0-9a-f]{40}$/)
-          return previous_ref(dependency) if ref_changed?(dependency)
+          if ref_changed?(dependency) && previous_ref(dependency)
+            return previous_ref(dependency)
+          end
 
           "`#{dependency.previous_version[0..6]}`"
         elsif dependency.version == dependency.previous_version &&
@@ -582,7 +594,9 @@ module Dependabot
 
       def new_version(dependency)
         if dependency.version.match?(/^[0-9a-f]{40}$/)
-          return new_ref(dependency) if ref_changed?(dependency)
+          if ref_changed?(dependency) && new_ref(dependency)
+            return new_ref(dependency)
+          end
 
           "`#{dependency.version[0..6]}`"
         elsif dependency.version == dependency.previous_version &&
@@ -601,15 +615,17 @@ module Dependabot
       end
 
       def previous_ref(dependency)
-        dependency.previous_requirements.map do |r|
+        previous_refs = dependency.previous_requirements.map do |r|
           r.dig(:source, "ref") || r.dig(:source, :ref)
-        end.compact.first
+        end.compact.uniq
+        return previous_refs.first if previous_refs.count == 1
       end
 
       def new_ref(dependency)
-        dependency.requirements.map do |r|
+        new_refs = dependency.requirements.map do |r|
           r.dig(:source, "ref") || r.dig(:source, :ref)
-        end.compact.first
+        end.compact.uniq
+        return new_refs.first if new_refs.count == 1
       end
 
       def old_library_requirement(dependency)
@@ -623,8 +639,6 @@ module Dependabot
         req = old_reqs.first.fetch(:requirement)
         return req if req
         return previous_ref(dependency) if ref_changed?(dependency)
-
-        raise "No previous requirement!"
       end
 
       def new_library_requirement(dependency)
@@ -637,7 +651,9 @@ module Dependabot
 
         req = updated_reqs.first.fetch(:requirement)
         return req if req
-        return new_ref(dependency) if ref_changed?(dependency)
+        if ref_changed?(dependency) && new_ref(dependency)
+          return new_ref(dependency)
+        end
 
         raise "No new requirement!"
       end
@@ -685,8 +701,6 @@ module Dependabot
       end
 
       def ref_changed?(dependency)
-        return false unless previous_ref(dependency)
-
         previous_ref(dependency) != new_ref(dependency)
       end
 

data/lib/dependabot/pull_request_creator/pr_name_prefixer.rb

@@ -314,7 +314,7 @@ module Dependabot
           azure_client_for_source.commits
 
         @recent_azure_commit_messages.
-          reject { |c| c.fetch("author").fetch("email") == dependabot_email }.
+          reject { |c| azure_commit_author_email(c) == dependabot_email }.
           reject { |c| c.fetch("comment")&.start_with?("Merge") }.
           map { |c| c.fetch("comment") }.
           compact.
@@ -355,7 +355,7 @@ module Dependabot
       def recent_github_commits
         @recent_github_commits ||=
           github_client_for_source.commits(source.repo, per_page: 100)
-      rescue Octokit::Conflict
+      rescue Octokit::Conflict, Octokit::NotFound
         @recent_github_commits ||= []
       end
 
@@ -374,7 +374,7 @@ module Dependabot
           azure_client_for_source.commits
 
         @recent_azure_commit_messages.
-          find { |c| c.fetch("author").fetch("email") == dependabot_email }&.
+          find { |c| azure_commit_author_email(c) == dependabot_email }&.
           message&.
           strip
       end
@@ -389,6 +389,10 @@ module Dependabot
           strip
       end
 
+      def azure_commit_author_email(commit)
+        commit.fetch("author").fetch("email", "")
+      end
+
       def github_client_for_source
         @github_client_for_source ||=
           Dependabot::Clients::GithubWithRetries.for_source(

data/lib/dependabot/pull_request_updater.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require "dependabot/pull_request_updater/github"
+require "dependabot/pull_request_updater/gitlab"
 
 module Dependabot
   class PullRequestUpdater
@@ -25,6 +26,7 @@ module Dependabot
     def update
       case source.provider
       when "github" then github_updater.update
+      when "gitlab" then gitlab_updater.update
       else raise "Unsupported provider #{source.provider}"
       end
     end
@@ -43,5 +45,16 @@ module Dependabot
         signature_key: signature_key
       )
     end
+
+    def gitlab_updater
+      Gitlab.new(
+        source: source,
+        base_commit: base_commit,
+        old_commit: old_commit,
+        files: files,
+        credentials: credentials,
+        pull_request_number: pull_request_number
+      )
+    end
   end
 end

data/lib/dependabot/pull_request_updater/github.rb

@@ -162,7 +162,7 @@ module Dependabot
         return nil if e.message.match?(/Reference does not exist/i)
         return nil if e.message.match?(/Reference cannot be updated/i)
 
-        if e.message.match?(/force\-push to a protected/i) ||
+        if e.message.match?(/protected branch/i) ||
            e.message.match?(/not authorized to push/i) ||
            e.message.match?(/must not contain merge commits/)
           raise BranchProtected

data/lib/dependabot/pull_request_updater/gitlab.rb

@@ -0,0 +1,85 @@
+# frozen_string_literal: true
+
+require "dependabot/clients/gitlab_with_retries"
+require "dependabot/pull_request_creator"
+require "gitlab"
+
+module Dependabot
+  class PullRequestUpdater
+    class Gitlab
+      attr_reader :source, :files, :base_commit, :old_commit, :credentials,
+                  :pull_request_number
+
+      def initialize(source:, base_commit:, old_commit:, files:,
+                     credentials:, pull_request_number:)
+        @source              = source
+        @base_commit         = base_commit
+        @old_commit          = old_commit
+        @files               = files
+        @credentials         = credentials
+        @pull_request_number = pull_request_number
+      end
+
+      def update
+        return unless merge_request_exists?
+        return unless branch_exists?(merge_request.source_branch)
+
+        create_commit
+        merge_request.source_branch
+      end
+
+      private
+
+      def merge_request_exists?
+        merge_request
+        true
+      rescue ::Gitlab::Error::NotFound
+        false
+      end
+
+      def merge_request
+        @merge_request ||= gitlab_client_for_source.merge_request(
+          source.repo,
+          pull_request_number
+        )
+      end
+
+      def gitlab_client_for_source
+        @gitlab_client_for_source ||=
+          Dependabot::Clients::GitlabWithRetries.for_source(
+            source: source,
+            credentials: credentials
+          )
+      end
+
+      def branch_exists?(name)
+        gitlab_client_for_source.branch(source.repo, name)
+      rescue ::Gitlab::Error::NotFound
+        false
+      end
+
+      def commit_being_updated
+        gitlab_client_for_source.commit(source.repo, old_commit)
+      end
+
+      def create_commit
+        actions = files.map do |file|
+          {
+            action: "update",
+            file_path: file.type == "symlink" ? file.symlink_target : file.path,
+            content: file.content
+          }
+        end
+
+        gitlab_client_for_source.create_commit(
+          source.repo,
+          merge_request.source_branch,
+          commit_being_updated.title,
+          actions,
+          force: true,
+          start_branch: merge_request.target_branch
+        )
+      end
+    end
+  end
+end

data/lib/dependabot/update_checkers/base.rb

@@ -8,17 +8,19 @@ module Dependabot
   module UpdateCheckers
     class Base
       attr_reader :dependency, :dependency_files, :credentials,
-                  :ignored_versions, :security_advisories,
-                  :requirements_update_strategy
+                  :ignored_versions, :raise_on_ignored,
+                  :security_advisories, :requirements_update_strategy
 
       def initialize(dependency:, dependency_files:, credentials:,
-                     ignored_versions: [], security_advisories: [],
+                     ignored_versions: [], raise_on_ignored: false,
+                     security_advisories: [],
                      requirements_update_strategy: nil)
         @dependency = dependency
         @dependency_files = dependency_files
         @credentials = credentials
         @requirements_update_strategy = requirements_update_strategy
         @ignored_versions = ignored_versions
+        @raise_on_ignored = raise_on_ignored
         @security_advisories = security_advisories
       end
 

data/lib/dependabot/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.117.10"
+  VERSION = "0.118.3"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-common
 version: !ruby/object:Gem::Version
-  version: 0.117.10
+  version: 0.118.3
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-05-21 00:00:00.000000000 Z
+date: 2020-06-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-codecommit
@@ -118,14 +118,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 4.14.1
+        version: 4.15.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 4.14.1
+        version: 4.15.0
 - !ruby/object:Gem::Dependency
   name: nokogiri
   requirement: !ruby/object:Gem::Requirement
@@ -306,28 +306,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.83.0
+        version: 0.85.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.83.0
+        version: 0.85.0
 - !ruby/object:Gem::Dependency
   name: vcr
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: 6.0.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: 6.0.0
 - !ruby/object:Gem::Dependency
   name: webmock
   requirement: !ruby/object:Gem::Requirement
@@ -393,6 +393,7 @@ files:
 - lib/dependabot/pull_request_creator/pr_name_prefixer.rb
 - lib/dependabot/pull_request_updater.rb
 - lib/dependabot/pull_request_updater/github.rb
+- lib/dependabot/pull_request_updater/gitlab.rb
 - lib/dependabot/security_advisory.rb
 - lib/dependabot/shared_helpers.rb
 - lib/dependabot/source.rb