dependabot-common 0.209.0 → 0.212.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (30) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/clients/azure.rb +1 -1
  3. data/lib/dependabot/clients/bitbucket.rb +2 -2
  4. data/lib/dependabot/config/ignore_condition.rb +1 -1
  5. data/lib/dependabot/dependency.rb +16 -12
  6. data/lib/dependabot/errors.rb +7 -7
  7. data/lib/dependabot/file_fetchers/base.rb +4 -4
  8. data/lib/dependabot/file_parsers/base/dependency_set.rb +1 -1
  9. data/lib/dependabot/file_updaters/vendor_updater.rb +3 -3
  10. data/lib/dependabot/git_commit_checker.rb +6 -2
  11. data/lib/dependabot/git_metadata_fetcher.rb +2 -2
  12. data/lib/dependabot/metadata_finders/base/changelog_finder.rb +5 -5
  13. data/lib/dependabot/metadata_finders/base/changelog_pruner.rb +4 -4
  14. data/lib/dependabot/metadata_finders/base/commits_finder.rb +4 -4
  15. data/lib/dependabot/metadata_finders/base/release_finder.rb +4 -4
  16. data/lib/dependabot/pull_request_creator/branch_namer.rb +10 -12
  17. data/lib/dependabot/pull_request_creator/github.rb +5 -5
  18. data/lib/dependabot/pull_request_creator/labeler.rb +2 -0
  19. data/lib/dependabot/pull_request_creator/message_builder/link_and_mention_sanitizer.rb +1 -1
  20. data/lib/dependabot/pull_request_creator/message_builder/metadata_presenter.rb +10 -10
  21. data/lib/dependabot/pull_request_creator/message_builder.rb +49 -39
  22. data/lib/dependabot/pull_request_creator/pr_name_prefixer.rb +5 -10
  23. data/lib/dependabot/pull_request_updater/azure.rb +7 -3
  24. data/lib/dependabot/pull_request_updater/github.rb +1 -1
  25. data/lib/dependabot/security_advisory.rb +6 -3
  26. data/lib/dependabot/shared_helpers.rb +12 -12
  27. data/lib/dependabot/source.rb +2 -2
  28. data/lib/dependabot/update_checkers/base.rb +1 -1
  29. data/lib/dependabot/version.rb +1 -1
  30. metadata +38 -10
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 994a7ee1509cbaef535cc67655cb1707638d271e1f04645fc9fadff485259149
4
- data.tar.gz: efca3b54851d22bfe9568f795cfcc6aa52177790d0c99f3b8dbf9f1d382e4534
3
+ metadata.gz: 5242196cd22b0092cbdaaf08f6d5ce3f4249d1eeccedada949822b0b14657e9c
4
+ data.tar.gz: f47437aa525423bdbb507dfa5b0978863e41f3010682ed1c6f321d2ac67efea9
5
5
  SHA512:
6
- metadata.gz: 78ae2e2d95eb6b033548698e646c3dde4e15cfcfa4ad110604f6e9d2da21d9abe8029c95974c16f7b93bc87b58e4863b0ff17c7177427db57fafe928569852bf
7
- data.tar.gz: a964c4d8e720d2787ed878bc8e003456ecc8a941c460e9404090f93e4012bdf35a78f2d828bf40b2a3540fbab19024e24235f125c964ec1e7c0e977a6d9c0b82
6
+ metadata.gz: cad3f4c8848f45b07d7769bdf4a1b351e3cca4f921bb449cee629ddffc3c579df3b1dfc9343ecfdabd1192d1f1e207e82f8af0c8ee0f142af5856e5bee769d0e
7
+ data.tar.gz: c564e966eba317b8b5e61bf4d82df255248ee4932711d85854e38e843ce0f26d0dc22a649cb7e2f475e01f2b0fd61dce160a46a5ecdc0cbe61d560fd5b004587
@@ -310,7 +310,7 @@ module Dependabot
310
310
  # https://developercommunity.visualstudio.com/content/problem/608770/remove-4000-character-limit-on-pull-request-descri.html
311
311
  pr_description = pr_description.dup.force_encoding(Encoding::UTF_16)
312
312
  if pr_description.length > MAX_PR_DESCRIPTION_LENGTH
313
- truncated_msg = "...\n\n_Description has been truncated_".dup.force_encoding(Encoding::UTF_16)
313
+ truncated_msg = (+"...\n\n_Description has been truncated_").force_encoding(Encoding::UTF_16)
314
314
  truncate_length = MAX_PR_DESCRIPTION_LENGTH - truncated_msg.length
315
315
  pr_description = (pr_description[0..truncate_length] + truncated_msg)
316
316
  end
@@ -189,8 +189,8 @@ module Dependabot
189
189
  raise NotFound if response.status == 404
190
190
 
191
191
  if response.status >= 400
192
- raise "Unhandled Bitbucket error!\n"\
193
- "Status: #{response.status}\n"\
192
+ raise "Unhandled Bitbucket error!\n" \
193
+ "Status: #{response.status}\n" \
194
194
  "Body: #{response.body}"
195
195
  end
196
196
 
@@ -28,7 +28,7 @@ module Dependabot
28
28
  private
29
29
 
30
30
  def transformed_update_types
31
- update_types.map(&:downcase).map(&:strip).compact
31
+ update_types.map(&:downcase).filter_map(&:strip)
32
32
  end
33
33
 
34
34
  def versions_by_type(dependency)
@@ -41,7 +41,7 @@ module Dependabot
41
41
 
42
42
  def initialize(name:, requirements:, package_manager:, version: nil,
43
43
  previous_version: nil, previous_requirements: nil,
44
- subdependency_metadata: [])
44
+ subdependency_metadata: [], removed: false)
45
45
  @name = name
46
46
  @version = version
47
47
  @requirements = requirements.map { |req| symbolize_keys(req) }
@@ -53,6 +53,7 @@ module Dependabot
53
53
  @subdependency_metadata = subdependency_metadata&.
54
54
  map { |h| symbolize_keys(h) }
55
55
  end
56
+ @removed = removed
56
57
 
57
58
  check_values
58
59
  end
@@ -61,6 +62,10 @@ module Dependabot
61
62
  requirements.any?
62
63
  end
63
64
 
65
+ def removed?
66
+ @removed
67
+ end
68
+
64
69
  def to_h
65
70
  {
66
71
  "name" => name,
@@ -69,7 +74,8 @@ module Dependabot
69
74
  "previous_version" => previous_version,
70
75
  "previous_requirements" => previous_requirements,
71
76
  "package_manager" => package_manager,
72
- "subdependency_metadata" => subdependency_metadata
77
+ "subdependency_metadata" => subdependency_metadata,
78
+ "removed" => removed? ? true : nil
73
79
  }.compact
74
80
  end
75
81
 
@@ -114,9 +120,7 @@ module Dependabot
114
120
  private
115
121
 
116
122
  def check_values
117
- if [version, previous_version].any? { |v| v == "" }
118
- raise ArgumentError, "blank strings must not be provided as versions"
119
- end
123
+ raise ArgumentError, "blank strings must not be provided as versions" if [version, previous_version].any?("")
120
124
 
121
125
  check_requirement_fields
122
126
  check_subdependency_metadata
@@ -124,8 +128,8 @@ module Dependabot
124
128
 
125
129
  def check_requirement_fields
126
130
  requirement_fields = [requirements, previous_requirements].compact
127
- unless requirement_fields.all? { |r| r.is_a?(Array) } &&
128
- requirement_fields.flatten.all? { |r| r.is_a?(Hash) }
131
+ unless requirement_fields.all?(Array) &&
132
+ requirement_fields.flatten.all?(Hash)
129
133
  raise ArgumentError, "requirements must be an array of hashes"
130
134
  end
131
135
 
@@ -133,9 +137,9 @@ module Dependabot
133
137
  optional_keys = %i(metadata)
134
138
  unless requirement_fields.flatten.
135
139
  all? { |r| required_keys.sort == (r.keys - optional_keys).sort }
136
- raise ArgumentError, "each requirement must have the following "\
137
- "required keys: #{required_keys.join(', ')}."\
138
- "Optionally, it may have the following keys: "\
140
+ raise ArgumentError, "each requirement must have the following " \
141
+ "required keys: #{required_keys.join(', ')}." \
142
+ "Optionally, it may have the following keys: " \
139
143
  "#{optional_keys.join(', ')}."
140
144
  end
141
145
 
@@ -148,13 +152,13 @@ module Dependabot
148
152
  return unless subdependency_metadata
149
153
 
150
154
  unless subdependency_metadata.is_a?(Array) &&
151
- subdependency_metadata.all? { |r| r.is_a?(Hash) }
155
+ subdependency_metadata.all?(Hash)
152
156
  raise ArgumentError, "subdependency_metadata must be an array of hashes"
153
157
  end
154
158
  end
155
159
 
156
160
  def symbolize_keys(hash)
157
- hash.keys.map { |k| [k.to_sym, hash[k]] }.to_h
161
+ hash.keys.to_h { |k| [k.to_sym, hash[k]] }
158
162
  end
159
163
  end
160
164
  end
@@ -124,8 +124,8 @@ module Dependabot
124
124
 
125
125
  def initialize(source)
126
126
  @source = sanitize_source(source)
127
- msg = "The following source could not be reached as it requires "\
128
- "authentication (and any provided details were invalid or lacked "\
127
+ msg = "The following source could not be reached as it requires " \
128
+ "authentication (and any provided details were invalid or lacked " \
129
129
  "the required permissions): #{@source}"
130
130
  super(msg)
131
131
  end
@@ -173,7 +173,7 @@ module Dependabot
173
173
  @dependency_urls =
174
174
  dependency_urls.flatten.map { |uri| filter_sensitive_data(uri) }
175
175
 
176
- msg = "The following git URLs could not be retrieved: "\
176
+ msg = "The following git URLs could not be retrieved: " \
177
177
  "#{@dependency_urls.join(', ')}"
178
178
  super(msg)
179
179
  end
@@ -185,7 +185,7 @@ module Dependabot
185
185
  def initialize(dependency)
186
186
  @dependency = dependency
187
187
 
188
- msg = "The branch or reference specified for #{@dependency} could not "\
188
+ msg = "The branch or reference specified for #{@dependency} could not " \
189
189
  "be retrieved"
190
190
  super(msg)
191
191
  end
@@ -196,7 +196,7 @@ module Dependabot
196
196
 
197
197
  def initialize(*dependencies)
198
198
  @dependencies = dependencies.flatten
199
- msg = "The following path based dependencies could not be retrieved: "\
199
+ msg = "The following path based dependencies could not be retrieved: " \
200
200
  "#{@dependencies.join(', ')}"
201
201
  super(msg)
202
202
  end
@@ -210,8 +210,8 @@ module Dependabot
210
210
  @declared_path = declared_path
211
211
  @discovered_path = discovered_path
212
212
 
213
- msg = "The module path '#{@declared_path}' found in #{@go_mod} doesn't "\
214
- "match the actual path '#{@discovered_path}' in the dependency's "\
213
+ msg = "The module path '#{@declared_path}' found in #{@go_mod} doesn't " \
214
+ "match the actual path '#{@discovered_path}' in the dependency's " \
215
215
  "go.mod"
216
216
  super(msg)
217
217
  end
@@ -141,7 +141,7 @@ module Dependabot
141
141
 
142
142
  path = Pathname.new(File.join(directory, filename)).cleanpath.to_path
143
143
  content = _fetch_file_content(path, fetch_submodules: fetch_submodules)
144
- type = @linked_paths.key?(path.gsub(%r{^/}, "")) ? "symlink" : type
144
+ type = "symlink" if @linked_paths.key?(path.gsub(%r{^/}, ""))
145
145
 
146
146
  DependencyFile.new(
147
147
  name: Pathname.new(filename).cleanpath.to_path,
@@ -233,8 +233,8 @@ module Dependabot
233
233
  repo_path = File.join(clone_repo_contents, relative_path)
234
234
  return [] unless Dir.exist?(repo_path)
235
235
 
236
- Dir.entries(repo_path).map do |name|
237
- next if [".", ".."].include?(name)
236
+ Dir.entries(repo_path).filter_map do |name|
237
+ next if name == "." || name == ".."
238
238
 
239
239
  absolute_path = File.join(repo_path, name)
240
240
  type = if File.symlink?(absolute_path)
@@ -251,7 +251,7 @@ module Dependabot
251
251
  type: type,
252
252
  size: 0 # NOTE: added for parity with github contents API
253
253
  )
254
- end.compact
254
+ end
255
255
  end
256
256
 
257
257
  def update_linked_paths(repo, path, commit, github_response)
@@ -10,7 +10,7 @@ module Dependabot
10
10
  class DependencySet
11
11
  def initialize(dependencies = [], case_sensitive: false)
12
12
  unless dependencies.is_a?(Array) &&
13
- dependencies.all? { |dep| dep.is_a?(Dependency) }
13
+ dependencies.all?(Dependency)
14
14
  raise ArgumentError, "must be an array of Dependency objects"
15
15
  end
16
16
 
@@ -18,9 +18,9 @@ module Dependabot
18
18
  return [] unless repo_contents_path && vendor_dir
19
19
 
20
20
  Dir.chdir(repo_contents_path) do
21
- relative_dir = Pathname.new(vendor_dir).relative_path_from(
22
- repo_contents_path
23
- )
21
+ # rubocop:disable Performance/DeletePrefix
22
+ relative_dir = Pathname.new(base_directory).sub(%r{\A/}, "").join(vendor_dir)
23
+ # rubocop:enable Performance/DeletePrefix
24
24
 
25
25
  status = SharedHelpers.run_shell_command(
26
26
  "git status --untracked-files all --porcelain v1 #{relative_dir}"
@@ -86,6 +86,10 @@ module Dependabot
86
86
  raise Dependabot::GitDependencyReferenceNotFound, dependency.name
87
87
  end
88
88
 
89
+ def head_commit_for_local_branch(name)
90
+ local_repo_git_metadata_fetcher.head_commit_for_ref(name)
91
+ end
92
+
89
93
  def local_tags_for_latest_version_commit_sha
90
94
  tags = allowed_version_tags
91
95
  max_tag = max_version_tag(tags)
@@ -274,8 +278,8 @@ module Dependabot
274
278
  end
275
279
 
276
280
  def bitbucket_commit_comparison_status(ref1, ref2)
277
- url = "https://api.bitbucket.org/2.0/repositories/"\
278
- "#{listing_source_repo}/commits/?"\
281
+ url = "https://api.bitbucket.org/2.0/repositories/" \
282
+ "#{listing_source_repo}/commits/?" \
279
283
  "include=#{ref2}&exclude=#{ref1}"
280
284
 
281
285
  client = Clients::BitbucketWithRetries.
@@ -88,7 +88,7 @@ module Dependabot
88
88
  service_pack_uri = uri
89
89
  service_pack_uri += ".git" unless service_pack_uri.end_with?(".git")
90
90
 
91
- env = { "PATH" => ENV["PATH"] }
91
+ env = { "PATH" => ENV.fetch("PATH", nil) }
92
92
  command = "git ls-remote #{service_pack_uri}"
93
93
  command = SharedHelpers.escape_command(command)
94
94
 
@@ -125,7 +125,7 @@ module Dependabot
125
125
  full_ref_name = line.split.last
126
126
  next unless full_ref_name.start_with?("refs/tags", "refs/heads")
127
127
 
128
- peeled_lines << line && next if line.strip.end_with?("^{}")
128
+ (peeled_lines << line) && next if line.strip.end_with?("^{}")
129
129
 
130
130
  ref_name = full_ref_name.sub(%r{^refs/(tags|heads)/}, "").strip
131
131
  sha = sha_for_update_pack_line(line)
@@ -239,7 +239,7 @@ module Dependabot
239
239
  files += github_client.contents(source.repo, opts)
240
240
 
241
241
  files.uniq.each do |f|
242
- next unless %w(doc docs).include?(f.name) && f.type == "dir"
242
+ next unless f.type == "dir" && f.name.match?(/docs?/o)
243
243
 
244
244
  opts = { path: f.path, ref: ref }.compact
245
245
  files += github_client.contents(source.repo, opts)
@@ -300,16 +300,16 @@ module Dependabot
300
300
  end
301
301
 
302
302
  def previous_ref
303
- previous_refs = dependency.previous_requirements.map do |r|
303
+ previous_refs = dependency.previous_requirements.filter_map do |r|
304
304
  r.dig(:source, "ref") || r.dig(:source, :ref)
305
- end.compact.uniq
305
+ end.uniq
306
306
  return previous_refs.first if previous_refs.count == 1
307
307
  end
308
308
 
309
309
  def new_ref
310
- new_refs = dependency.requirements.map do |r|
310
+ new_refs = dependency.requirements.filter_map do |r|
311
311
  r.dig(:source, "ref") || r.dig(:source, :ref)
312
- end.compact.uniq
312
+ end.uniq
313
313
  return new_refs.first if new_refs.count == 1
314
314
  end
315
315
 
@@ -137,16 +137,16 @@ module Dependabot
137
137
  end
138
138
 
139
139
  def previous_ref
140
- previous_refs = dependency.previous_requirements.map do |r|
140
+ previous_refs = dependency.previous_requirements.filter_map do |r|
141
141
  r.dig(:source, "ref") || r.dig(:source, :ref)
142
- end.compact.uniq
142
+ end.uniq
143
143
  return previous_refs.first if previous_refs.count == 1
144
144
  end
145
145
 
146
146
  def new_ref
147
- new_refs = dependency.requirements.map do |r|
147
+ new_refs = dependency.requirements.filter_map do |r|
148
148
  r.dig(:source, "ref") || r.dig(:source, :ref)
149
- end.compact.uniq
149
+ end.uniq
150
150
  return new_refs.first if new_refs.count == 1
151
151
  end
152
152
 
@@ -136,18 +136,18 @@ module Dependabot
136
136
  def previous_ref
137
137
  return unless git_source?(dependency.previous_requirements)
138
138
 
139
- previous_refs = dependency.previous_requirements.map do |r|
139
+ previous_refs = dependency.previous_requirements.filter_map do |r|
140
140
  r.dig(:source, "ref") || r.dig(:source, :ref)
141
- end.compact.uniq
141
+ end.uniq
142
142
  return previous_refs.first if previous_refs.count == 1
143
143
  end
144
144
 
145
145
  def new_ref
146
146
  return unless git_source?(dependency.previous_requirements)
147
147
 
148
- new_refs = dependency.requirements.map do |r|
148
+ new_refs = dependency.requirements.filter_map do |r|
149
149
  r.dig(:source, "ref") || r.dig(:source, :ref)
150
- end.compact.uniq
150
+ end.uniq
151
151
  return new_refs.first if new_refs.count == 1
152
152
  end
153
153
 
@@ -275,16 +275,16 @@ module Dependabot
275
275
  end
276
276
 
277
277
  def previous_ref
278
- previous_refs = dependency.previous_requirements.map do |r|
278
+ previous_refs = dependency.previous_requirements.filter_map do |r|
279
279
  r.dig(:source, "ref") || r.dig(:source, :ref)
280
- end.compact.uniq
280
+ end.uniq
281
281
  return previous_refs.first if previous_refs.count == 1
282
282
  end
283
283
 
284
284
  def new_ref
285
- new_refs = dependency.requirements.map do |r|
285
+ new_refs = dependency.requirements.filter_map do |r|
286
286
  r.dig(:source, "ref") || r.dig(:source, :ref)
287
- end.compact.uniq
287
+ end.uniq
288
288
  return new_refs.first if new_refs.count == 1
289
289
  end
290
290
 
@@ -90,7 +90,9 @@ module Dependabot
90
90
  def branch_version_suffix
91
91
  dep = dependencies.first
92
92
 
93
- if library? && ref_changed?(dep) && new_ref(dep)
93
+ if dep.removed?
94
+ "-removed"
95
+ elsif library? && ref_changed?(dep) && new_ref(dep)
94
96
  new_ref(dep)
95
97
  elsif library?
96
98
  sanitized_requirement(dep)
@@ -127,24 +129,24 @@ module Dependabot
127
129
  elsif dependency.version == dependency.previous_version &&
128
130
  package_manager == "docker"
129
131
  dependency.requirements.
130
- map { |r| r.dig(:source, "digest") || r.dig(:source, :digest) }.
131
- compact.first.split(":").last[0..6]
132
+ filter_map { |r| r.dig(:source, "digest") || r.dig(:source, :digest) }.
133
+ first.split(":").last[0..6]
132
134
  else
133
135
  dependency.version
134
136
  end
135
137
  end
136
138
 
137
139
  def previous_ref(dependency)
138
- previous_refs = dependency.previous_requirements.map do |r|
140
+ previous_refs = dependency.previous_requirements.filter_map do |r|
139
141
  r.dig(:source, "ref") || r.dig(:source, :ref)
140
- end.compact.uniq
142
+ end.uniq
141
143
  return previous_refs.first if previous_refs.count == 1
142
144
  end
143
145
 
144
146
  def new_ref(dependency)
145
- new_refs = dependency.requirements.map do |r|
147
+ new_refs = dependency.requirements.filter_map do |r|
146
148
  r.dig(:source, "ref") || r.dig(:source, :ref)
147
- end.compact.uniq
149
+ end.uniq
148
150
  return new_refs.first if new_refs.count == 1
149
151
  end
150
152
 
@@ -185,11 +187,7 @@ module Dependabot
185
187
  # Remove forbidden characters (those not already replaced elsewhere)
186
188
  gsub(%r{[^A-Za-z0-9/\-_.(){}]}, "").
187
189
  # Slashes can't be followed by periods
188
- gsub(%r{/\.}, "/dot-").
189
- # Two or more sequential periods are forbidden
190
- gsub(/\.+/, ".").
191
- # Two or more sequential slashes are forbidden
192
- gsub(%r{/+}, "/").
190
+ gsub(%r{/\.}, "/dot-").squeeze(".").squeeze("/").
193
191
  # Trailing periods are forbidden
194
192
  sub(/\.$/, "")
195
193
  end
@@ -219,7 +219,7 @@ module Dependabot
219
219
  retry_count ||= 0
220
220
  retry_count += 1
221
221
  if retry_count > 10
222
- raise "Repeatedly failed to create or update branch #{branch_name} "\
222
+ raise "Repeatedly failed to create or update branch #{branch_name} " \
223
223
  "with commit #{commit.sha}."
224
224
  end
225
225
 
@@ -269,7 +269,7 @@ module Dependabot
269
269
 
270
270
  def add_reviewers_to_pull_request(pull_request)
271
271
  reviewers_hash =
272
- reviewers.keys.map { |k| [k.to_sym, reviewers[k]] }.to_h
272
+ reviewers.keys.to_h { |k| [k.to_sym, reviewers[k]] }
273
273
 
274
274
  github_client_for_source.request_pull_request_review(
275
275
  source.repo,
@@ -299,7 +299,7 @@ module Dependabot
299
299
 
300
300
  def comment_with_invalid_reviewer(pull_request, message)
301
301
  reviewers_hash =
302
- reviewers.keys.map { |k| [k.to_sym, reviewers[k]] }.to_h
302
+ reviewers.keys.to_h { |k| [k.to_sym, reviewers[k]] }
303
303
  reviewers = []
304
304
  reviewers += reviewers_hash[:reviewers] || []
305
305
  reviewers += (reviewers_hash[:team_reviewers] || []).
@@ -315,9 +315,9 @@ module Dependabot
315
315
 
316
316
  msg = "Dependabot tried to add #{reviewers_string} as "
317
317
  msg += reviewers.count > 1 ? "reviewers" : "a reviewer"
318
- msg += " to this PR, but received the following error from GitHub:\n\n"\
318
+ msg += " to this PR, but received the following error from GitHub:\n\n" \
319
319
  "```\n" \
320
- "#{message}\n"\
320
+ "#{message}\n" \
321
321
  "```"
322
322
 
323
323
  github_client_for_source.add_comment(
@@ -105,7 +105,9 @@ module Dependabot
105
105
  new_version_parts = version(dep).split(/[.+]/)
106
106
  old_version_parts = previous_version(dep)&.split(/[.+]/) || []
107
107
  all_parts = new_version_parts.first(3) + old_version_parts.first(3)
108
+ # rubocop:disable Performance/RedundantEqualityComparisonBlock
108
109
  next 0 unless all_parts.all? { |part| part.to_i.to_s == part }
110
+ # rubocop:enable Performance/RedundantEqualityComparisonBlock
109
111
  next 1 if new_version_parts[0] != old_version_parts[0]
110
112
  next 2 if new_version_parts[1] != old_version_parts[1]
111
113
 
@@ -189,7 +189,7 @@ module Dependabot
189
189
  end
190
190
 
191
191
  def parent_node_link?(node)
192
- node.type == :link || node.parent && parent_node_link?(node.parent)
192
+ node.type == :link || (node.parent && parent_node_link?(node.parent))
193
193
  end
194
194
  end
195
195
  end
@@ -63,7 +63,7 @@ module Dependabot
63
63
  def release_cascade
64
64
  return "" unless releases_text && releases_url
65
65
 
66
- msg = "*Sourced from [#{dependency.display_name}'s releases]"\
66
+ msg = "*Sourced from [#{dependency.display_name}'s releases]" \
67
67
  "(#{releases_url}).*\n\n"
68
68
  msg += quote_and_truncate(releases_text)
69
69
  msg = link_issues(text: msg)
@@ -80,8 +80,8 @@ module Dependabot
80
80
  def changelog_cascade
81
81
  return "" unless changelog_url && changelog_text
82
82
 
83
- msg = "*Sourced from "\
84
- "[#{dependency.display_name}'s changelog]"\
83
+ msg = "*Sourced from " \
84
+ "[#{dependency.display_name}'s changelog]" \
85
85
  "(#{changelog_url}).*\n\n"
86
86
  msg += quote_and_truncate(changelog_text)
87
87
  msg = link_issues(text: msg)
@@ -95,8 +95,8 @@ module Dependabot
95
95
  def upgrade_guide_cascade
96
96
  return "" unless upgrade_guide_url && upgrade_guide_text
97
97
 
98
- msg = "*Sourced from "\
99
- "[#{dependency.display_name}'s upgrade guide]"\
98
+ msg = "*Sourced from " \
99
+ "[#{dependency.display_name}'s upgrade guide]" \
100
100
  "(#{upgrade_guide_url}).*\n\n"
101
101
  msg += quote_and_truncate(upgrade_guide_text)
102
102
  msg = link_issues(text: msg)
@@ -112,7 +112,7 @@ module Dependabot
112
112
 
113
113
  msg = ""
114
114
 
115
- commits.reverse.first(10).each do |commit|
115
+ commits.last(10).reverse_each do |commit|
116
116
  title = commit[:message].strip.split("\n").first
117
117
  title = title.slice(0..76) + "..." if title && title.length > 80
118
118
  title = title&.gsub(/(?<=[^\w.-])([_*`~])/, '\\1')
@@ -124,8 +124,8 @@ module Dependabot
124
124
 
125
125
  msg +=
126
126
  if commits.count > 10
127
- "- Additional commits viewable in "\
128
- "[compare view](#{commits_url})\n"
127
+ "- Additional commits viewable in " \
128
+ "[compare view](#{commits_url})\n"
129
129
  else
130
130
  "- See full diff in [compare view](#{commits_url})\n"
131
131
  end
@@ -175,8 +175,8 @@ module Dependabot
175
175
 
176
176
  def vulnerability_source_line(details)
177
177
  if details["source_url"] && details["source_name"]
178
- "*Sourced from [#{details['source_name']}]"\
179
- "(#{details['source_url']}).*\n\n"
178
+ "*Sourced from [#{details['source_name']}]" \
179
+ "(#{details['source_url']}).*\n\n"
180
180
  elsif details["source_name"]
181
181
  "*Sourced from #{details['source_name']}.*\n\n"
182
182
  else
@@ -74,9 +74,9 @@ module Dependabot
74
74
 
75
75
  pr_name +
76
76
  if dependencies.count == 1
77
- "#{dependencies.first.display_name} requirement "\
78
- "#{from_version_msg(old_library_requirement(dependencies.first))}"\
79
- "to #{new_library_requirement(dependencies.first)}"
77
+ "#{dependencies.first.display_name} requirement " \
78
+ "#{from_version_msg(old_library_requirement(dependencies.first))}" \
79
+ "to #{new_library_requirement(dependencies.first)}"
80
80
  else
81
81
  names = dependencies.map(&:name)
82
82
  "requirements for #{names[0..-2].join(', ')} and #{names[-1]}"
@@ -90,19 +90,19 @@ module Dependabot
90
90
  pr_name +
91
91
  if dependencies.count == 1
92
92
  dependency = dependencies.first
93
- "#{dependency.display_name} "\
94
- "#{from_version_msg(previous_version(dependency))}"\
95
- "to #{new_version(dependency)}"
93
+ "#{dependency.display_name} " \
94
+ "#{from_version_msg(previous_version(dependency))}" \
95
+ "to #{new_version(dependency)}"
96
96
  elsif updating_a_property?
97
97
  dependency = dependencies.first
98
- "#{property_name} "\
99
- "#{from_version_msg(previous_version(dependency))}"\
100
- "to #{new_version(dependency)}"
98
+ "#{property_name} " \
99
+ "#{from_version_msg(previous_version(dependency))}" \
100
+ "to #{new_version(dependency)}"
101
101
  elsif updating_a_dependency_set?
102
102
  dependency = dependencies.first
103
- "#{dependency_set.fetch(:group)} dependency set "\
104
- "#{from_version_msg(previous_version(dependency))}"\
105
- "to #{new_version(dependency)}"
103
+ "#{dependency_set.fetch(:group)} dependency set " \
104
+ "#{from_version_msg(previous_version(dependency))}" \
105
+ "to #{new_version(dependency)}"
106
106
  else
107
107
  names = dependencies.map(&:name)
108
108
  "#{names[0..-2].join(', ')} and #{names[-1]}"
@@ -174,8 +174,8 @@ module Dependabot
174
174
  return unless signoff_details.is_a?(Hash)
175
175
  return unless signoff_details[:org_name] && signoff_details[:org_email]
176
176
 
177
- "On-behalf-of: @#{signoff_details[:org_name]} "\
178
- "<#{signoff_details[:org_email]}>"
177
+ "On-behalf-of: @#{signoff_details[:org_name]} " \
178
+ "<#{signoff_details[:org_email]}>"
179
179
  end
180
180
 
181
181
  def requirement_commit_message_intro
@@ -200,8 +200,8 @@ module Dependabot
200
200
  return multidependency_intro if dependencies.count > 1
201
201
 
202
202
  dependency = dependencies.first
203
- msg = "Bumps #{dependency_links.first} "\
204
- "#{from_version_msg(previous_version(dependency))}"\
203
+ msg = "Bumps #{dependency_links.first} " \
204
+ "#{from_version_msg(previous_version(dependency))}" \
205
205
  "to #{new_version(dependency)}."
206
206
 
207
207
  msg += " This release includes the previously tagged commit." if switching_from_ref_to_release?(dependency)
@@ -220,23 +220,23 @@ module Dependabot
220
220
  def multidependency_property_intro
221
221
  dependency = dependencies.first
222
222
 
223
- "Bumps `#{property_name}` "\
224
- "#{from_version_msg(previous_version(dependency))}"\
225
- "to #{new_version(dependency)}."
223
+ "Bumps `#{property_name}` " \
224
+ "#{from_version_msg(previous_version(dependency))}" \
225
+ "to #{new_version(dependency)}."
226
226
  end
227
227
 
228
228
  def dependency_set_intro
229
229
  dependency = dependencies.first
230
230
 
231
- "Bumps `#{dependency_set.fetch(:group)}` "\
232
- "dependency set #{from_version_msg(previous_version(dependency))}"\
233
- "to #{new_version(dependency)}."
231
+ "Bumps `#{dependency_set.fetch(:group)}` " \
232
+ "dependency set #{from_version_msg(previous_version(dependency))}" \
233
+ "to #{new_version(dependency)}."
234
234
  end
235
235
 
236
236
  def multidependency_intro
237
- "Bumps #{dependency_links[0..-2].join(', ')} "\
238
- "and #{dependency_links[-1]}. These "\
239
- "dependencies needed to be updated together."
237
+ "Bumps #{dependency_links[0..-2].join(', ')} " \
238
+ "and #{dependency_links[-1]}. These " \
239
+ "dependencies needed to be updated together."
240
240
  end
241
241
 
242
242
  def from_version_msg(previous_version)
@@ -293,10 +293,14 @@ module Dependabot
293
293
  return metadata_links_for_dep(dependencies.first) if dependencies.count == 1
294
294
 
295
295
  dependencies.map do |dep|
296
- "\n\nUpdates `#{dep.display_name}` "\
297
- "#{from_version_msg(previous_version(dep))}to "\
298
- "#{new_version(dep)}"\
299
- "#{metadata_links_for_dep(dep)}"
296
+ if dep.removed?
297
+ "\n\nRemoves `#{dep.display_name}`"
298
+ else
299
+ "\n\nUpdates `#{dep.display_name}` " \
300
+ "#{from_version_msg(previous_version(dep))}to " \
301
+ "#{new_version(dep)}" \
302
+ "#{metadata_links_for_dep(dep)}"
303
+ end
300
304
  end.join
301
305
  end
302
306
 
@@ -313,9 +317,13 @@ module Dependabot
313
317
  return metadata_cascades_for_dep(dependencies.first) if dependencies.one?
314
318
 
315
319
  dependencies.map do |dep|
316
- msg = "\nUpdates `#{dep.display_name}` "\
317
- "#{from_version_msg(previous_version(dep))}"\
318
- "to #{new_version(dep)}"
320
+ msg = if dep.removed?
321
+ "\nRemoves `#{dep.display_name}`"
322
+ else
323
+ "\nUpdates `#{dep.display_name}` " \
324
+ "#{from_version_msg(previous_version(dep))}" \
325
+ "to #{new_version(dep)}"
326
+ end
319
327
 
320
328
  if vulnerabilities_fixed[dep.name]&.one?
321
329
  msg += " **This update includes a security fix.**"
@@ -328,6 +336,8 @@ module Dependabot
328
336
  end
329
337
 
330
338
  def metadata_cascades_for_dep(dependency)
339
+ return "" if dependency.removed?
340
+
331
341
  MetadataPresenter.new(
332
342
  dependency: dependency,
333
343
  source: source,
@@ -417,21 +427,21 @@ module Dependabot
417
427
 
418
428
  def docker_digest_from_reqs(requirements)
419
429
  requirements.
420
- map { |r| r.dig(:source, "digest") || r.dig(:source, :digest) }.
421
- compact.first
430
+ filter_map { |r| r.dig(:source, "digest") || r.dig(:source, :digest) }.
431
+ first
422
432
  end
423
433
 
424
434
  def previous_ref(dependency)
425
- previous_refs = dependency.previous_requirements.map do |r|
435
+ previous_refs = dependency.previous_requirements.filter_map do |r|
426
436
  r.dig(:source, "ref") || r.dig(:source, :ref)
427
- end.compact.uniq
437
+ end.uniq
428
438
  return previous_refs.first if previous_refs.count == 1
429
439
  end
430
440
 
431
441
  def new_ref(dependency)
432
- new_refs = dependency.requirements.map do |r|
442
+ new_refs = dependency.requirements.filter_map do |r|
433
443
  r.dig(:source, "ref") || r.dig(:source, :ref)
434
- end.compact.uniq
444
+ end.uniq
435
445
  return new_refs.first if new_refs.count == 1
436
446
  end
437
447
 
@@ -483,7 +493,7 @@ module Dependabot
483
493
 
484
494
  def switching_from_ref_to_release?(dependency)
485
495
  unless dependency.previous_version&.match?(/^[0-9a-f]{40}$/) ||
486
- dependency.previous_version.nil? && previous_ref(dependency)
496
+ (dependency.previous_version.nil? && previous_ref(dependency))
487
497
  return false
488
498
  end
489
499
 
@@ -280,8 +280,7 @@ module Dependabot
280
280
  reject { |c| c.author&.type == "Bot" }.
281
281
  reject { |c| c.commit&.message&.start_with?("Merge") }.
282
282
  map(&:commit).
283
- map(&:message).
284
- compact.
283
+ filter_map(&:message).
285
284
  map(&:strip)
286
285
  end
287
286
 
@@ -292,8 +291,7 @@ module Dependabot
292
291
  @recent_gitlab_commit_messages.
293
292
  reject { |c| c.author_email == dependabot_email }.
294
293
  reject { |c| c.message&.start_with?("merge !") }.
295
- map(&:message).
296
- compact.
294
+ filter_map(&:message).
297
295
  map(&:strip)
298
296
  end
299
297
 
@@ -304,8 +302,7 @@ module Dependabot
304
302
  @recent_azure_commit_messages.
305
303
  reject { |c| azure_commit_author_email(c) == dependabot_email }.
306
304
  reject { |c| c.fetch("comment")&.start_with?("Merge") }.
307
- map { |c| c.fetch("comment") }.
308
- compact.
305
+ filter_map { |c| c.fetch("comment") }.
309
306
  map(&:strip)
310
307
  end
311
308
 
@@ -315,8 +312,7 @@ module Dependabot
315
312
 
316
313
  @recent_bitbucket_commit_messages.
317
314
  reject { |c| bitbucket_commit_author_email(c) == dependabot_email }.
318
- map { |c| c.fetch("message", nil) }.
319
- compact.
315
+ filter_map { |c| c.fetch("message", nil) }.
320
316
  reject { |m| m.start_with?("Merge") }.
321
317
  map(&:strip)
322
318
  end
@@ -327,8 +323,7 @@ module Dependabot
327
323
  @recent_codecommit_commit_messages.commits.
328
324
  reject { |c| c.author.email == dependabot_email }.
329
325
  reject { |c| c.message&.start_with?("Merge") }.
330
- map(&:message).
331
- compact.
326
+ filter_map(&:message).
332
327
  map(&:strip)
333
328
  end
334
329
 
@@ -11,16 +11,17 @@ module Dependabot
11
11
  OBJECT_ID_FOR_BRANCH_DELETE = "0000000000000000000000000000000000000000"
12
12
 
13
13
  attr_reader :source, :files, :base_commit, :old_commit, :credentials,
14
- :pull_request_number
14
+ :pull_request_number, :author_details
15
15
 
16
16
  def initialize(source:, files:, base_commit:, old_commit:,
17
- credentials:, pull_request_number:)
17
+ credentials:, pull_request_number:, author_details: nil)
18
18
  @source = source
19
19
  @files = files
20
20
  @base_commit = base_commit
21
21
  @old_commit = old_commit
22
22
  @credentials = credentials
23
23
  @pull_request_number = pull_request_number
24
+ @author_details = author_details
24
25
  end
25
26
 
26
27
  def update
@@ -74,12 +75,15 @@ module Dependabot
74
75
  end
75
76
 
76
77
  def create_temp_branch
78
+ author = author_details&.slice(:name, :email, :date)
79
+ author = nil unless author&.any?
80
+
77
81
  response = azure_client_for_source.create_commit(
78
82
  temp_branch_name,
79
83
  base_commit,
80
84
  commit_message,
81
85
  files,
82
- nil
86
+ author
83
87
  )
84
88
 
85
89
  JSON.parse(response.body).fetch("refUpdates").first.fetch("newObjectId")
@@ -173,7 +173,7 @@ module Dependabot
173
173
 
174
174
  if e.message.match?(/protected branch/i) ||
175
175
  e.message.match?(/not authorized to push/i) ||
176
- e.message.match?(/must not contain merge commits/) ||
176
+ e.message.include?("must not contain merge commits") ||
177
177
  e.message.match?(/required status check/i)
178
178
  raise BranchProtected
179
179
  end
@@ -51,7 +51,7 @@ module Dependabot
51
51
  # @return [Boolean]
52
52
  def fixed_by?(dependency)
53
53
  # Handle case mismatch between the security advisory and parsed name
54
- return false unless dependency_name.downcase == dependency.name.downcase
54
+ return false unless dependency_name.casecmp(dependency.name).zero?
55
55
  return false unless package_manager == dependency.package_manager
56
56
  # TODO: Support no previous version to the same level as dependency graph
57
57
  # and security alerts. We currently ignore dependency updates without a
@@ -62,6 +62,9 @@ module Dependabot
62
62
  # Ignore deps that weren't previously vulnerable
63
63
  return false unless affects_version?(dependency.previous_version)
64
64
 
65
+ # Removing a dependency is a way to fix the vulnerability
66
+ return true if dependency.removed?
67
+
65
68
  # Select deps that are now fixed
66
69
  !affects_version?(dependency.version)
67
70
  end
@@ -109,13 +112,13 @@ module Dependabot
109
112
  def check_version_requirements
110
113
  unless vulnerable_versions.is_a?(Array) &&
111
114
  vulnerable_versions.all? { |i| requirement_class <= i.class }
112
- raise ArgumentError, "vulnerable_versions must be an array "\
115
+ raise ArgumentError, "vulnerable_versions must be an array " \
113
116
  "of #{requirement_class} instances"
114
117
  end
115
118
 
116
119
  unless safe_versions.is_a?(Array) &&
117
120
  safe_versions.all? { |i| requirement_class <= i.class }
118
- raise ArgumentError, "safe_versions must be an array "\
121
+ raise ArgumentError, "safe_versions must be an array " \
119
122
  "of #{requirement_class} instances"
120
123
  end
121
124
  end
@@ -17,9 +17,9 @@ require "dependabot/version"
17
17
  module Dependabot
18
18
  module SharedHelpers
19
19
  GIT_CONFIG_GLOBAL_PATH = File.expand_path("~/.gitconfig")
20
- USER_AGENT = "dependabot-core/#{Dependabot::VERSION} "\
21
- "#{Excon::USER_AGENT} ruby/#{RUBY_VERSION} "\
22
- "(#{RUBY_PLATFORM}) "\
20
+ USER_AGENT = "dependabot-core/#{Dependabot::VERSION} " \
21
+ "#{Excon::USER_AGENT} ruby/#{RUBY_VERSION} " \
22
+ "(#{RUBY_PLATFORM}) " \
23
23
  "(+https://github.com/dependabot/dependabot-core)"
24
24
  SIGKILL = 9
25
25
 
@@ -32,7 +32,7 @@ module Dependabot
32
32
  reset_git_repo(repo_contents_path)
33
33
  # Handle missing directories by creating an empty one and relying on the
34
34
  # file fetcher to raise a DependencyFileNotFound error
35
- FileUtils.mkdir_p(path) unless Dir.exist?(path)
35
+ FileUtils.mkdir_p(path)
36
36
  Dir.chdir(path) { yield(path) }
37
37
  else
38
38
  in_a_temporary_directory(directory, &block)
@@ -40,7 +40,7 @@ module Dependabot
40
40
  end
41
41
 
42
42
  def self.in_a_temporary_directory(directory = "/")
43
- Dir.mkdir(Utils::BUMP_TMP_DIR_PATH) unless Dir.exist?(Utils::BUMP_TMP_DIR_PATH)
43
+ FileUtils.mkdir_p(Utils::BUMP_TMP_DIR_PATH)
44
44
  tmp_dir = Dir.mktmpdir(Utils::BUMP_TMP_FILE_PREFIX, Utils::BUMP_TMP_DIR_PATH)
45
45
 
46
46
  begin
@@ -188,7 +188,7 @@ module Dependabot
188
188
  # a wrapper binary that only allows non-mutating commands. Without this,
189
189
  # whenever the credentials are deemed to be invalid, they're erased.
190
190
  run_shell_command(
191
- "git config --global credential.helper "\
191
+ "git config --global credential.helper " \
192
192
  "'!#{credential_helper_path} --file #{Dir.pwd}/git.store'",
193
193
  allow_unsafe_shell_command: true
194
194
  )
@@ -224,7 +224,7 @@ module Dependabot
224
224
  next unless cred["username"] && cred["password"]
225
225
 
226
226
  authenticated_url =
227
- "https://#{cred.fetch('username')}:#{cred.fetch('password')}"\
227
+ "https://#{cred.fetch('username')}:#{cred.fetch('password')}" \
228
228
  "@#{cred.fetch('host')}"
229
229
 
230
230
  git_store_content += authenticated_url + "\n"
@@ -241,23 +241,23 @@ module Dependabot
241
241
  # NOTE: we use --global here (rather than --system) so that Dependabot
242
242
  # can be run without privileged access
243
243
  run_shell_command(
244
- "git config --global --replace-all url.https://#{host}/."\
244
+ "git config --global --replace-all url.https://#{host}/." \
245
245
  "insteadOf ssh://git@#{host}/"
246
246
  )
247
247
  run_shell_command(
248
- "git config --global --add url.https://#{host}/."\
248
+ "git config --global --add url.https://#{host}/." \
249
249
  "insteadOf ssh://git@#{host}:"
250
250
  )
251
251
  run_shell_command(
252
- "git config --global --add url.https://#{host}/."\
252
+ "git config --global --add url.https://#{host}/." \
253
253
  "insteadOf git@#{host}:"
254
254
  )
255
255
  run_shell_command(
256
- "git config --global --add url.https://#{host}/."\
256
+ "git config --global --add url.https://#{host}/." \
257
257
  "insteadOf git@#{host}/"
258
258
  )
259
259
  run_shell_command(
260
- "git config --global --add url.https://#{host}/."\
260
+ "git config --global --add url.https://#{host}/." \
261
261
  "insteadOf git://#{host}/"
262
262
  )
263
263
  end
@@ -109,8 +109,8 @@ module Dependabot
109
109
  def initialize(provider:, repo:, directory: nil, branch: nil, commit: nil,
110
110
  hostname: nil, api_endpoint: nil)
111
111
  if (hostname.nil? ^ api_endpoint.nil?) && (provider != "codecommit")
112
- msg = "Both hostname and api_endpoint must be specified if either "\
113
- "are. Alternatively, both may be left blank to use the "\
112
+ msg = "Both hostname and api_endpoint must be specified if either " \
113
+ "are. Alternatively, both may be left blank to use the " \
114
114
  "provider's defaults."
115
115
  raise msg
116
116
  end
@@ -287,7 +287,7 @@ module Dependabot
287
287
 
288
288
  def version_from_requirements
289
289
  @version_from_requirements ||=
290
- dependency.requirements.map { |r| r.fetch(:requirement) }.compact.
290
+ dependency.requirements.filter_map { |r| r.fetch(:requirement) }.
291
291
  flat_map { |req_str| requirement_class.requirements_array(req_str) }.
292
292
  flat_map(&:requirements).
293
293
  reject { |req_array| req_array.first.start_with?("<") }.
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.209.0"
4
+ VERSION = "0.212.0"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.209.0
4
+ version: 0.212.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-08-17 00:00:00.000000000 Z
11
+ date: 2022-09-06 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -98,20 +98,20 @@ dependencies:
98
98
  requirements:
99
99
  - - "~>"
100
100
  - !ruby/object:Gem::Version
101
- version: '1.7'
101
+ version: '1.11'
102
102
  - - ">="
103
103
  - !ruby/object:Gem::Version
104
- version: 1.7.1
104
+ version: 1.11.0
105
105
  type: :runtime
106
106
  prerelease: false
107
107
  version_requirements: !ruby/object:Gem::Requirement
108
108
  requirements:
109
109
  - - "~>"
110
110
  - !ruby/object:Gem::Version
111
- version: '1.7'
111
+ version: '1.11'
112
112
  - - ">="
113
113
  - !ruby/object:Gem::Version
114
- version: 1.7.1
114
+ version: 1.11.0
115
115
  - !ruby/object:Gem::Dependency
116
116
  name: excon
117
117
  requirement: !ruby/object:Gem::Requirement
@@ -132,14 +132,14 @@ dependencies:
132
132
  requirements:
133
133
  - - '='
134
134
  - !ruby/object:Gem::Version
135
- version: 2.3.0
135
+ version: 2.5.2
136
136
  type: :runtime
137
137
  prerelease: false
138
138
  version_requirements: !ruby/object:Gem::Requirement
139
139
  requirements:
140
140
  - - '='
141
141
  - !ruby/object:Gem::Version
142
- version: 2.3.0
142
+ version: 2.5.2
143
143
  - !ruby/object:Gem::Dependency
144
144
  name: gitlab
145
145
  requirement: !ruby/object:Gem::Requirement
@@ -284,6 +284,20 @@ dependencies:
284
284
  - - "~>"
285
285
  - !ruby/object:Gem::Version
286
286
  version: '2.0'
287
+ - !ruby/object:Gem::Dependency
288
+ name: parallel_tests
289
+ requirement: !ruby/object:Gem::Requirement
290
+ requirements:
291
+ - - "~>"
292
+ - !ruby/object:Gem::Version
293
+ version: 3.12.0
294
+ type: :development
295
+ prerelease: false
296
+ version_requirements: !ruby/object:Gem::Requirement
297
+ requirements:
298
+ - - "~>"
299
+ - !ruby/object:Gem::Version
300
+ version: 3.12.0
287
301
  - !ruby/object:Gem::Dependency
288
302
  name: rake
289
303
  requirement: !ruby/object:Gem::Requirement
@@ -332,14 +346,28 @@ dependencies:
332
346
  requirements:
333
347
  - - "~>"
334
348
  - !ruby/object:Gem::Version
335
- version: 1.33.0
349
+ version: 1.36.0
350
+ type: :development
351
+ prerelease: false
352
+ version_requirements: !ruby/object:Gem::Requirement
353
+ requirements:
354
+ - - "~>"
355
+ - !ruby/object:Gem::Version
356
+ version: 1.36.0
357
+ - !ruby/object:Gem::Dependency
358
+ name: rubocop-performance
359
+ requirement: !ruby/object:Gem::Requirement
360
+ requirements:
361
+ - - "~>"
362
+ - !ruby/object:Gem::Version
363
+ version: 1.14.2
336
364
  type: :development
337
365
  prerelease: false
338
366
  version_requirements: !ruby/object:Gem::Requirement
339
367
  requirements:
340
368
  - - "~>"
341
369
  - !ruby/object:Gem::Version
342
- version: 1.33.0
370
+ version: 1.14.2
343
371
  - !ruby/object:Gem::Dependency
344
372
  name: ruby-debug-ide
345
373
  requirement: !ruby/object:Gem::Requirement