dependabot-common 0.211.0 → 0.213.0

data/lib/dependabot/pull_request_creator/message_builder/link_and_mention_sanitizer.rb

@@ -8,17 +8,19 @@ module Dependabot
   class PullRequestCreator
     class MessageBuilder
       class LinkAndMentionSanitizer
-        GITHUB_USERNAME = /[a-z0-9]+(-[a-z0-9]+)*/i.freeze
+        GITHUB_USERNAME = /[a-z0-9]+(-[a-z0-9]+)*/i
         GITHUB_REF_REGEX = %r{
           (?:https?://)?
           github\.com/(?<repo>#{GITHUB_USERNAME}/[^/\s]+)/
           (?:issue|pull)s?/(?<number>\d+)
-        }x.freeze
-        MENTION_REGEX = %r{(?<![A-Za-z0-9`~])@#{GITHUB_USERNAME}/?}.freeze
+        }x
+        # [^/\s#]+ means one or more characters not matching (^) the class /, whitespace (\s), or #
+        GITHUB_NWO_REGEX = %r{(?<repo>#{GITHUB_USERNAME}/[^/\s#]+)#(?<number>\d+)}
+        MENTION_REGEX = %r{(?<![A-Za-z0-9`~])@#{GITHUB_USERNAME}/?}
         # regex to match a team mention on github
-        TEAM_MENTION_REGEX = %r{(?<![A-Za-z0-9`~])@(?<org>#{GITHUB_USERNAME})/(?<team>#{GITHUB_USERNAME})/?}.freeze
+        TEAM_MENTION_REGEX = %r{(?<![A-Za-z0-9`~])@(?<org>#{GITHUB_USERNAME})/(?<team>#{GITHUB_USERNAME})/?}
         # End of string
-        EOS_REGEX = /\z/.freeze
+        EOS_REGEX = /\z/
         COMMONMARKER_OPTIONS = %i(
           GITHUB_PRE_LANG FULL_INFO_STRING
         ).freeze
@@ -40,6 +42,7 @@ module Dependabot
           sanitize_team_mentions(doc)
           sanitize_mentions(doc)
           sanitize_links(doc)
+          sanitize_nwo_text(doc)
 
           mode = unsafe ? :UNSAFE : :DEFAULT
           doc.to_html(([mode] + COMMONMARKER_OPTIONS), COMMONMARKER_EXTENSIONS)
@@ -109,6 +112,25 @@ module Dependabot
           end
         end
 
+        def sanitize_nwo_text(doc)
+          doc.walk do |node|
+            if node.type == :text &&
+               node.string_content.match?(GITHUB_NWO_REGEX) &&
+               !parent_node_link?(node)
+              replace_nwo_node(node)
+            end
+          end
+        end
+
+        def replace_nwo_node(node)
+          match = node.string_content.match(GITHUB_NWO_REGEX)
+          repo = match.named_captures.fetch("repo")
+          number = match.named_captures.fetch("number")
+          new_node = build_nwo_text_node("#{repo}##{number}")
+          node.insert_before(new_node)
+          node.delete
+        end
+
         def replace_github_host(text)
           text.gsub(
             /(www\.)?github.com/, github_redirection_service || "github.com"
@@ -171,6 +193,12 @@ module Dependabot
           [code_node]
         end
 
+        def build_nwo_text_node(text)
+          code_node = CommonMarker::Node.new(:code)
+          code_node.string_content = text
+          code_node
+        end
+
         def create_link_node(url, text)
           link_node = CommonMarker::Node.new(:link)
           code_node = CommonMarker::Node.new(:code)
@@ -189,7 +217,7 @@ module Dependabot
         end
 
         def parent_node_link?(node)
-          node.type == :link || node.parent && parent_node_link?(node.parent)
+          node.type == :link || (node.parent && parent_node_link?(node.parent))
         end
       end
     end

data/lib/dependabot/pull_request_creator/message_builder/metadata_presenter.rb

@@ -63,7 +63,7 @@ module Dependabot
         def release_cascade
           return "" unless releases_text && releases_url
 
-          msg = "*Sourced from [#{dependency.display_name}'s releases]"\
+          msg = "*Sourced from [#{dependency.display_name}'s releases]" \
                 "(#{releases_url}).*\n\n"
           msg += quote_and_truncate(releases_text)
           msg = link_issues(text: msg)
@@ -80,8 +80,8 @@ module Dependabot
         def changelog_cascade
           return "" unless changelog_url && changelog_text
 
-          msg = "*Sourced from "\
-                "[#{dependency.display_name}'s changelog]"\
+          msg = "*Sourced from " \
+                "[#{dependency.display_name}'s changelog]" \
                 "(#{changelog_url}).*\n\n"
           msg += quote_and_truncate(changelog_text)
           msg = link_issues(text: msg)
@@ -95,8 +95,8 @@ module Dependabot
         def upgrade_guide_cascade
           return "" unless upgrade_guide_url && upgrade_guide_text
 
-          msg = "*Sourced from "\
-                "[#{dependency.display_name}'s upgrade guide]"\
+          msg = "*Sourced from " \
+                "[#{dependency.display_name}'s upgrade guide]" \
                 "(#{upgrade_guide_url}).*\n\n"
           msg += quote_and_truncate(upgrade_guide_text)
           msg = link_issues(text: msg)
@@ -112,7 +112,7 @@ module Dependabot
 
           msg = ""
 
-          commits.reverse.first(10).each do |commit|
+          commits.last(10).reverse_each do |commit|
             title = commit[:message].strip.split("\n").first
             title = title.slice(0..76) + "..." if title && title.length > 80
             title = title&.gsub(/(?<=[^\w.-])([_*`~])/, '\\1')
@@ -124,8 +124,8 @@ module Dependabot
 
           msg +=
             if commits.count > 10
-              "- Additional commits viewable in "\
-              "[compare view](#{commits_url})\n"
+              "- Additional commits viewable in " \
+                "[compare view](#{commits_url})\n"
             else
               "- See full diff in [compare view](#{commits_url})\n"
             end
@@ -153,7 +153,7 @@ module Dependabot
             msg += body
             msg + "</details>\n"
           else
-            "\n\##{summary}\n\n#{body}"
+            "\n##{summary}\n\n#{body}"
           end
         end
 
@@ -175,8 +175,8 @@ module Dependabot
 
         def vulnerability_source_line(details)
           if details["source_url"] && details["source_name"]
-            "*Sourced from [#{details['source_name']}]"\
-            "(#{details['source_url']}).*\n\n"
+            "*Sourced from [#{details['source_name']}]" \
+              "(#{details['source_url']}).*\n\n"
           elsif details["source_name"]
             "*Sourced from #{details['source_name']}.*\n\n"
           else
@@ -245,8 +245,6 @@ module Dependabot
         end
 
         def sanitize_links_and_mentions(text, unsafe: false)
-          return text unless source.provider == "github"
-
           LinkAndMentionSanitizer.
             new(github_redirection_service: github_redirection_service).
             sanitize_links_and_mentions(text: text, unsafe: unsafe)

data/lib/dependabot/pull_request_creator/message_builder.rb

@@ -3,6 +3,7 @@
 require "pathname"
 require "dependabot/clients/github_with_retries"
 require "dependabot/clients/gitlab_with_retries"
+require "dependabot/logger"
 require "dependabot/metadata_finders"
 require "dependabot/pull_request_creator"
 require "dependabot/pull_request_creator/message"
@@ -38,7 +39,12 @@ module Dependabot
       end
 
       def pr_name
-        pr_name = pr_name_prefixer.pr_name_prefix
+        begin
+          pr_name = pr_name_prefixer.pr_name_prefix
+        rescue StandardError => e
+          Dependabot.logger.error("Error while generating PR name: #{e.message}")
+          pr_name = ""
+        end
         pr_name += library? ? library_pr_name : application_pr_name
         return pr_name if files.first.directory == "/"
 
@@ -48,6 +54,9 @@ module Dependabot
       def pr_message
         suffixed_pr_message_header + commit_message_intro + \
           metadata_cascades + prefixed_pr_message_footer
+      rescue StandardError => e
+        Dependabot.logger.error("Error while generating PR message: #{e.message}")
+        suffixed_pr_message_header + prefixed_pr_message_footer
       end
 
       def commit_message
@@ -56,6 +65,11 @@ module Dependabot
         message += metadata_links
         message += "\n\n" + message_trailers if message_trailers
         message
+      rescue StandardError => e
+        Dependabot.logger.error("Error while generating commit message: #{e.message}")
+        message = commit_subject
+        message += "\n\n" + message_trailers if message_trailers
+        message
       end
 
       def message
@@ -74,15 +88,20 @@ module Dependabot
 
         pr_name +
           if dependencies.count == 1
-            "#{dependencies.first.display_name} requirement "\
-            "#{from_version_msg(old_library_requirement(dependencies.first))}"\
-            "to #{new_library_requirement(dependencies.first)}"
+            "#{dependencies.first.display_name} requirement " \
+              "#{from_version_msg(old_library_requirement(dependencies.first))}" \
+              "to #{new_library_requirement(dependencies.first)}"
           else
-            names = dependencies.map(&:name)
-            "requirements for #{names[0..-2].join(', ')} and #{names[-1]}"
+            names = dependencies.map(&:name).uniq
+            if names.count == 1
+              "requirements for #{names.first}"
+            else
+              "requirements for #{names[0..-2].join(', ')} and #{names[-1]}"
+            end
           end
       end
 
+      # rubocop:disable Metrics/AbcSize
       def application_pr_name
         pr_name = "bump "
         pr_name = pr_name.capitalize if pr_name_prefixer.capitalize_first_word?
@@ -90,24 +109,29 @@ module Dependabot
         pr_name +
           if dependencies.count == 1
             dependency = dependencies.first
-            "#{dependency.display_name} "\
-            "#{from_version_msg(previous_version(dependency))}"\
-            "to #{new_version(dependency)}"
+            "#{dependency.display_name} " \
+              "#{from_version_msg(previous_version(dependency))}" \
+              "to #{new_version(dependency)}"
           elsif updating_a_property?
             dependency = dependencies.first
-            "#{property_name} "\
-            "#{from_version_msg(previous_version(dependency))}"\
-            "to #{new_version(dependency)}"
+            "#{property_name} " \
+              "#{from_version_msg(previous_version(dependency))}" \
+              "to #{new_version(dependency)}"
           elsif updating_a_dependency_set?
             dependency = dependencies.first
-            "#{dependency_set.fetch(:group)} dependency set "\
-            "#{from_version_msg(previous_version(dependency))}"\
-            "to #{new_version(dependency)}"
+            "#{dependency_set.fetch(:group)} dependency set " \
+              "#{from_version_msg(previous_version(dependency))}" \
+              "to #{new_version(dependency)}"
           else
-            names = dependencies.map(&:name)
-            "#{names[0..-2].join(', ')} and #{names[-1]}"
+            names = dependencies.map(&:name).uniq
+            if names.count == 1
+              names.first
+            else
+              "#{names[0..-2].join(', ')} and #{names[-1]}"
+            end
           end
       end
+      # rubocop:enable Metrics/AbcSize
 
       def pr_name_prefix
         pr_name_prefixer.pr_name_prefix
@@ -174,8 +198,8 @@ module Dependabot
         return unless signoff_details.is_a?(Hash)
         return unless signoff_details[:org_name] && signoff_details[:org_email]
 
-        "On-behalf-of: @#{signoff_details[:org_name]} "\
-        "<#{signoff_details[:org_email]}>"
+        "On-behalf-of: @#{signoff_details[:org_name]} " \
+          "<#{signoff_details[:org_email]}>"
       end
 
       def requirement_commit_message_intro
@@ -192,16 +216,22 @@ module Dependabot
       end
 
       # rubocop:disable Metrics/PerceivedComplexity
+      # rubocop:disable Metrics/AbcSize
       def version_commit_message_intro
         return multidependency_property_intro if dependencies.count > 1 && updating_a_property?
 
         return dependency_set_intro if dependencies.count > 1 && updating_a_dependency_set?
 
+        return transitive_removed_dependency_intro if dependencies.count > 1 && removing_a_transitive_dependency?
+
+        return transitive_multidependency_intro if dependencies.count > 1 &&
+                                                   updating_top_level_and_transitive_dependencies?
+
         return multidependency_intro if dependencies.count > 1
 
         dependency = dependencies.first
-        msg = "Bumps #{dependency_links.first} "\
-              "#{from_version_msg(previous_version(dependency))}"\
+        msg = "Bumps #{dependency_links.first} " \
+              "#{from_version_msg(previous_version(dependency))}" \
               "to #{new_version(dependency)}."
 
         msg += " This release includes the previously tagged commit." if switching_from_ref_to_release?(dependency)
@@ -216,27 +246,60 @@ module Dependabot
       end
 
       # rubocop:enable Metrics/PerceivedComplexity
+      # rubocop:enable Metrics/AbcSize
 
       def multidependency_property_intro
         dependency = dependencies.first
 
-        "Bumps `#{property_name}` "\
-        "#{from_version_msg(previous_version(dependency))}"\
-        "to #{new_version(dependency)}."
+        "Bumps `#{property_name}` " \
+          "#{from_version_msg(previous_version(dependency))}" \
+          "to #{new_version(dependency)}."
       end
 
       def dependency_set_intro
         dependency = dependencies.first
 
-        "Bumps `#{dependency_set.fetch(:group)}` "\
-        "dependency set #{from_version_msg(previous_version(dependency))}"\
-        "to #{new_version(dependency)}."
+        "Bumps `#{dependency_set.fetch(:group)}` " \
+          "dependency set #{from_version_msg(previous_version(dependency))}" \
+          "to #{new_version(dependency)}."
       end
 
       def multidependency_intro
-        "Bumps #{dependency_links[0..-2].join(', ')} "\
-        "and #{dependency_links[-1]}. These "\
-        "dependencies needed to be updated together."
+        "Bumps #{dependency_links[0..-2].join(', ')} " \
+          "and #{dependency_links[-1]}. These " \
+          "dependencies needed to be updated together."
+      end
+
+      def transitive_multidependency_intro
+        dependency = dependencies.first
+
+        msg = "Bumps #{dependency_links[0]} to #{new_version(dependency)}"
+
+        msg += if dependencies.count > 2
+                 " and updates ancestor dependencies #{dependency_links[0..-2].join(', ')} " \
+                   "and #{dependency_links[-1]}. "
+               else
+                 " and updates ancestor dependency #{dependency_links[1]}. "
+               end
+
+        msg += "These dependencies need to be updated together.\n"
+
+        msg
+      end
+
+      def transitive_removed_dependency_intro
+        msg = "Removes #{dependency_links[0]}. It's no longer used after updating"
+
+        msg += if dependencies.count > 2
+                 " ancestor dependencies #{dependency_links[0..-2].join(', ')} " \
+                   "and #{dependency_links[-1]}. "
+               else
+                 " ancestor dependency #{dependency_links[1]}. "
+               end
+
+        msg += "These dependencies need to be updated together.\n"
+
+        msg
       end
 
       def from_version_msg(previous_version)
@@ -257,6 +320,15 @@ module Dependabot
           any? { |r| r.dig(:metadata, :dependency_set) }
       end
 
+      def removing_a_transitive_dependency?
+        dependencies.any?(&:removed?)
+      end
+
+      def updating_top_level_and_transitive_dependencies?
+        dependencies.any?(&:top_level?) &&
+          dependencies.any? { |dep| !dep.top_level? }
+      end
+
       def property_name
         @property_name ||= dependencies.first.requirements.
                            find { |r| r.dig(:metadata, :property_name) }&.
@@ -296,10 +368,10 @@ module Dependabot
           if dep.removed?
             "\n\nRemoves `#{dep.display_name}`"
           else
-            "\n\nUpdates `#{dep.display_name}` "\
-            "#{from_version_msg(previous_version(dep))}to "\
-            "#{new_version(dep)}"\
-            "#{metadata_links_for_dep(dep)}"
+            "\n\nUpdates `#{dep.display_name}` " \
+              "#{from_version_msg(previous_version(dep))}to " \
+              "#{new_version(dep)}" \
+              "#{metadata_links_for_dep(dep)}"
           end
         end.join
       end
@@ -318,11 +390,11 @@ module Dependabot
 
         dependencies.map do |dep|
           msg = if dep.removed?
-                  "\nRemoves `#{dep.display_name}`"
+                  "\nRemoves `#{dep.display_name}`\n"
                 else
-                  "\nUpdates `#{dep.display_name}` "\
-                        "#{from_version_msg(previous_version(dep))}"\
-                        "to #{new_version(dep)}"
+                  "\nUpdates `#{dep.display_name}` " \
+                    "#{from_version_msg(previous_version(dep))}" \
+                    "to #{new_version(dep)}"
                 end
 
           if vulnerabilities_fixed[dep.name]&.one?
@@ -427,21 +499,21 @@ module Dependabot
 
       def docker_digest_from_reqs(requirements)
         requirements.
-          map { |r| r.dig(:source, "digest") || r.dig(:source, :digest) }.
-          compact.first
+          filter_map { |r| r.dig(:source, "digest") || r.dig(:source, :digest) }.
+          first
       end
 
       def previous_ref(dependency)
-        previous_refs = dependency.previous_requirements.map do |r|
+        previous_refs = dependency.previous_requirements.filter_map do |r|
           r.dig(:source, "ref") || r.dig(:source, :ref)
-        end.compact.uniq
+        end.uniq
         return previous_refs.first if previous_refs.count == 1
       end
 
       def new_ref(dependency)
-        new_refs = dependency.requirements.map do |r|
+        new_refs = dependency.requirements.filter_map do |r|
           r.dig(:source, "ref") || r.dig(:source, :ref)
-        end.compact.uniq
+        end.uniq
         return new_refs.first if new_refs.count == 1
       end
 
@@ -493,7 +565,7 @@ module Dependabot
 
       def switching_from_ref_to_release?(dependency)
         unless dependency.previous_version&.match?(/^[0-9a-f]{40}$/) ||
-               dependency.previous_version.nil? && previous_ref(dependency)
+               (dependency.previous_version.nil? && previous_ref(dependency))
           return false
         end
 

data/lib/dependabot/pull_request_creator/pr_name_prefixer.rb

@@ -43,11 +43,12 @@ module Dependabot
       end
 
       def capitalize_first_word?
-        return !commit_message_options[:prefix]&.strip&.match?(/\A[a-z]/) if commit_message_options.key?(:prefix)
-
         return capitalise_first_word_from_last_dependabot_commit_style if last_dependabot_commit_style
 
         capitalise_first_word_from_previous_commits
+      rescue StandardError
+        # ignoring failure due to network call to find out if the PR should be capitalized
+        false
       end
 
       private
@@ -280,8 +281,7 @@ module Dependabot
           reject { |c| c.author&.type == "Bot" }.
           reject { |c| c.commit&.message&.start_with?("Merge") }.
           map(&:commit).
-          map(&:message).
-          compact.
+          filter_map(&:message).
           map(&:strip)
       end
 
@@ -292,8 +292,7 @@ module Dependabot
         @recent_gitlab_commit_messages.
           reject { |c| c.author_email == dependabot_email }.
           reject { |c| c.message&.start_with?("merge !") }.
-          map(&:message).
-          compact.
+          filter_map(&:message).
           map(&:strip)
       end
 
@@ -304,8 +303,7 @@ module Dependabot
         @recent_azure_commit_messages.
           reject { |c| azure_commit_author_email(c) == dependabot_email }.
           reject { |c| c.fetch("comment")&.start_with?("Merge") }.
-          map { |c| c.fetch("comment") }.
-          compact.
+          filter_map { |c| c.fetch("comment") }.
           map(&:strip)
       end
 
@@ -315,8 +313,7 @@ module Dependabot
 
         @recent_bitbucket_commit_messages.
           reject { |c| bitbucket_commit_author_email(c) == dependabot_email }.
-          map { |c| c.fetch("message", nil) }.
-          compact.
+          filter_map { |c| c.fetch("message", nil) }.
           reject { |m| m.start_with?("Merge") }.
           map(&:strip)
       end
@@ -327,8 +324,7 @@ module Dependabot
         @recent_codecommit_commit_messages.commits.
           reject { |c| c.author.email == dependabot_email }.
           reject { |c| c.message&.start_with?("Merge") }.
-          map(&:message).
-          compact.
+          filter_map(&:message).
           map(&:strip)
       end
 

data/lib/dependabot/pull_request_creator.rb

@@ -48,7 +48,7 @@ module Dependabot
                 :custom_labels, :author_details, :signature_key,
                 :commit_message_options, :vulnerabilities_fixed,
                 :reviewers, :assignees, :milestone, :branch_name_separator,
-                :branch_name_prefix, :github_redirection_service,
+                :branch_name_prefix, :branch_name_max_length, :github_redirection_service,
                 :custom_headers, :provider_metadata
 
     def initialize(source:, base_commit:, dependencies:, files:, credentials:,
@@ -57,7 +57,8 @@ module Dependabot
                    commit_message_options: {}, vulnerabilities_fixed: {},
                    reviewers: nil, assignees: nil, milestone: nil,
                    branch_name_separator: "/", branch_name_prefix: "dependabot",
-                   label_language: false, automerge_candidate: false,
+                   branch_name_max_length: nil, label_language: false,
+                   automerge_candidate: false,
                    github_redirection_service: DEFAULT_GITHUB_REDIRECTION_SERVICE,
                    custom_headers: nil, require_up_to_date_base: false,
                    provider_metadata: {}, message: nil)
@@ -78,6 +79,7 @@ module Dependabot
       @vulnerabilities_fixed      = vulnerabilities_fixed
       @branch_name_separator      = branch_name_separator
       @branch_name_prefix         = branch_name_prefix
+      @branch_name_max_length     = branch_name_max_length
       @label_language             = label_language
       @automerge_candidate        = automerge_candidate
       @github_redirection_service = github_redirection_service
@@ -232,7 +234,8 @@ module Dependabot
           files: files,
           target_branch: source.branch,
           separator: branch_name_separator,
-          prefix: branch_name_prefix
+          prefix: branch_name_prefix,
+          max_length: branch_name_max_length
         )
     end
 

data/lib/dependabot/pull_request_updater/azure.rb

@@ -53,7 +53,7 @@ module Dependabot
       end
 
       # Currently the PR diff in ADO shows difference in commits instead of actual diff in files.
-      # This workaround is done to get the target branch commit history on the source branch alongwith file changes
+      # This workaround puts the target branch commit history on the source branch along with the file changes.
       def update_source_branch
         # 1) Push the file changes to a newly created temporary branch (from base commit)
         new_commit = create_temp_branch

data/lib/dependabot/pull_request_updater/github.rb

@@ -173,7 +173,7 @@ module Dependabot
 
         if e.message.match?(/protected branch/i) ||
            e.message.match?(/not authorized to push/i) ||
-           e.message.match?(/must not contain merge commits/) ||
+           e.message.include?("must not contain merge commits") ||
            e.message.match?(/required status check/i)
           raise BranchProtected
         end
@@ -182,28 +182,31 @@ module Dependabot
       end
 
       def commit_message
-        # Take the commit message from the old commit
-        commit_being_updated.message
+        fallback_message =
+          "#{pull_request.title}" \
+          "\n\n" \
+          "Dependabot couldn't find the original pull request head commit, " \
+          "#{old_commit}."
+
+        # Take the commit message from the old commit. If the old commit can't
+        # be found, use the PR title as the commit message.
+        commit_being_updated&.message || fallback_message
       end
 
       def commit_being_updated
-        @commit_being_updated ||=
+        return @commit_being_updated if defined?(@commit_being_updated)
+
+        @commit_being_updated =
           if pull_request.commits == 1
             github_client_for_source.
               git_commit(source.repo, pull_request.head.sha)
           else
-            author_name = author_details&.fetch(:name, nil) || "dependabot"
             commits =
               github_client_for_source.
-              pull_request_commits(source.repo, pull_request_number).
-              reverse
-
-            commit =
-              commits.find { |c| c.sha == old_commit } ||
-              commits.find { |c| c.commit.author.name.include?(author_name) } ||
-              commits.first
+              pull_request_commits(source.repo, pull_request_number)
 
-            commit.commit
+            commit = commits.find { |c| c.sha == old_commit }
+            commit&.commit
           end
       end
 

data/lib/dependabot/pull_request_updater.rb

@@ -69,7 +69,8 @@ module Dependabot
         old_commit: old_commit,
         files: files,
         credentials: credentials,
-        pull_request_number: pull_request_number
+        pull_request_number: pull_request_number,
+        author_details: author_details
       )
     end
   end

data/lib/dependabot/security_advisory.rb

@@ -51,7 +51,7 @@ module Dependabot
     # @return [Boolean]
     def fixed_by?(dependency)
       # Handle case mismatch between the security advisory and parsed name
-      return false unless dependency_name.downcase == dependency.name.downcase
+      return false unless dependency_name.casecmp(dependency.name).zero?
       return false unless package_manager == dependency.package_manager
       # TODO: Support no previous version to the same level as dependency graph
       # and security alerts. We currently ignore dependency updates without a
@@ -112,13 +112,13 @@ module Dependabot
     def check_version_requirements
       unless vulnerable_versions.is_a?(Array) &&
              vulnerable_versions.all? { |i| requirement_class <= i.class }
-        raise ArgumentError, "vulnerable_versions must be an array "\
+        raise ArgumentError, "vulnerable_versions must be an array " \
                              "of #{requirement_class} instances"
       end
 
       unless safe_versions.is_a?(Array) &&
              safe_versions.all? { |i| requirement_class <= i.class }
-        raise ArgumentError, "safe_versions must be an array "\
+        raise ArgumentError, "safe_versions must be an array " \
                              "of #{requirement_class} instances"
       end
     end