dependabot-common 0.334.0 → 0.335.0

data/lib/dependabot/pull_request_creator/commit_signer.rb

@@ -35,8 +35,13 @@ module Dependabot
           signature_key: String
         ).void
       end
-      def initialize(author_details:, commit_message:, tree_sha:, parent_sha:,
-                     signature_key:)
+      def initialize(
+        author_details:,
+        commit_message:,
+        tree_sha:,
+        parent_sha:,
+        signature_key:
+      )
         @author_details = author_details
         @commit_message = commit_message
         @tree_sha = tree_sha
@@ -49,8 +54,9 @@ module Dependabot
         begin
           require "gpgme"
         rescue LoadError
-          raise LoadError, "Please add `gpgme` to your Gemfile or gemspec " \
-                           "enable commit signatures"
+          raise LoadError,
+                "Please add `gpgme` to your Gemfile or gemspec " \
+                "enable commit signatures"
         end
 
         email = author_details[:email]

data/lib/dependabot/pull_request_creator/github.rb

@@ -85,11 +85,24 @@ module Dependabot
         )
           .void
       end
-      def initialize(source:, branch_name:, base_commit:, credentials:,
-                     files:, commit_message:, pr_description:, pr_name:,
-                     author_details:, signature_key:, custom_headers:,
-                     labeler:, reviewers:, assignees:, milestone:,
-                     require_up_to_date_base:)
+      def initialize(
+        source:,
+        branch_name:,
+        base_commit:,
+        credentials:,
+        files:,
+        commit_message:,
+        pr_description:,
+        pr_name:,
+        author_details:,
+        signature_key:,
+        custom_headers:,
+        labeler:,
+        reviewers:,
+        assignees:,
+        milestone:,
+        require_up_to_date_base:
+      )
         @source                  = source
         @branch_name             = branch_name
         @base_commit             = base_commit

data/lib/dependabot/pull_request_creator/gitlab.rb

@@ -73,10 +73,22 @@ module Dependabot
         )
           .void
       end
-      def initialize(source:, branch_name:, base_commit:, credentials:,
-                     files:, commit_message:, pr_description:, pr_name:,
-                     author_details:, labeler:, approvers:, assignees:,
-                     milestone:, target_project_id:)
+      def initialize(
+        source:,
+        branch_name:,
+        base_commit:,
+        credentials:,
+        files:,
+        commit_message:,
+        pr_description:,
+        pr_name:,
+        author_details:,
+        labeler:,
+        approvers:,
+        assignees:,
+        milestone:,
+        target_project_id:
+      )
         @source            = source
         @branch_name       = branch_name
         @base_commit       = base_commit

data/lib/dependabot/pull_request_creator/labeler.rb

@@ -50,9 +50,15 @@ module Dependabot
         )
           .void
       end
-      def initialize(source:, custom_labels:, credentials:, dependencies:,
-                     includes_security_fixes:, label_language:,
-                     automerge_candidate:)
+      def initialize(
+        source:,
+        custom_labels:,
+        credentials:,
+        dependencies:,
+        includes_security_fixes:,
+        label_language:,
+        automerge_candidate:
+      )
         @source                  = source
         @custom_labels           = custom_labels
         @credentials             = credentials
@@ -143,18 +149,20 @@ module Dependabot
 
       sig { returns(Integer) }
       def precision
-        T.must(dependencies.map do |dep|
-          new_version_parts = T.must(version(dep)).split(/[.+]/)
-          old_version_parts = previous_version(dep)&.split(/[.+]/) || []
-          all_parts = new_version_parts.first(3) + old_version_parts.first(3)
-          # rubocop:disable Performance/RedundantEqualityComparisonBlock
-          next 0 unless all_parts.all? { |part| part.to_i.to_s == part }
-          # rubocop:enable Performance/RedundantEqualityComparisonBlock
-          next 1 if new_version_parts[0] != old_version_parts[0]
-          next 2 if new_version_parts[1] != old_version_parts[1]
-
-          3
-        end.min)
+        T.must(
+          dependencies.map do |dep|
+            new_version_parts = T.must(version(dep)).split(/[.+]/)
+            old_version_parts = previous_version(dep)&.split(/[.+]/) || []
+            all_parts = new_version_parts.first(3) + old_version_parts.first(3)
+            # rubocop:disable Performance/RedundantEqualityComparisonBlock
+            next 0 unless all_parts.all? { |part| part.to_i.to_s == part }
+            # rubocop:enable Performance/RedundantEqualityComparisonBlock
+            next 1 if new_version_parts[0] != old_version_parts[0]
+            next 2 if new_version_parts[1] != old_version_parts[1]
+
+            3
+          end.min
+        )
       end
 
       # rubocop:disable Metrics/PerceivedComplexity
@@ -383,7 +391,9 @@ module Dependabot
       sig { returns(T::Array[String]) }
       def create_github_dependencies_label
         T.unsafe(github_client_for_source).add_label(
-          source.repo, DEFAULT_DEPENDENCIES_LABEL, "0366d6",
+          source.repo,
+          DEFAULT_DEPENDENCIES_LABEL,
+          "0366d6",
           description: "Pull requests that update a dependency file",
           accept: "application/vnd.github.symmetra-preview+json"
         )
@@ -397,7 +407,9 @@ module Dependabot
       sig { returns(T::Array[String]) }
       def create_gitlab_dependencies_label
         T.unsafe(gitlab_client_for_source).create_label(
-          source.repo, DEFAULT_DEPENDENCIES_LABEL, "#0366d6",
+          source.repo,
+          DEFAULT_DEPENDENCIES_LABEL,
+          "#0366d6",
           description: "Pull requests that update a dependency file"
         )
         @labels = [*@labels, DEFAULT_DEPENDENCIES_LABEL].uniq
@@ -406,7 +418,9 @@ module Dependabot
       sig { returns(T::Array[String]) }
       def create_github_security_label
         T.unsafe(github_client_for_source).add_label(
-          source.repo, DEFAULT_SECURITY_LABEL, "ee0701",
+          source.repo,
+          DEFAULT_SECURITY_LABEL,
+          "ee0701",
           description: "Pull requests that address a security vulnerability",
           accept: "application/vnd.github.symmetra-preview+json"
         )
@@ -420,7 +434,9 @@ module Dependabot
       sig { returns(T.nilable(T::Array[String])) }
       def create_gitlab_security_label
         T.unsafe(gitlab_client_for_source).create_label(
-          source.repo, DEFAULT_SECURITY_LABEL, "#ee0701",
+          source.repo,
+          DEFAULT_SECURITY_LABEL,
+          "#ee0701",
           description: "Pull requests that address a security vulnerability"
         )
         @labels = [*@labels, DEFAULT_SECURITY_LABEL].uniq

data/lib/dependabot/pull_request_creator/message_builder/issue_linker.rb

@@ -12,14 +12,17 @@ module Dependabot
 
         REPO_REGEX = %r{(?<repo>[\w.-]+/(?:(?!\.git|\.\s)[\w.-])+)}
         TAG_REGEX = /(?<tag>(?:\#|GH-)\d+)/i
-        ISSUE_LINK_REGEXS = T.let([
-          /
-            (?:(?<=[^A-Za-z0-9\[\\]|^)\\*#{TAG_REGEX}(?=[^A-Za-z0-9\-]|$))|
-            (?:(?<=\s|^)#{REPO_REGEX}#{TAG_REGEX}(?=[^A-Za-z0-9\-]|$))
-          /x,
-          /\[#{TAG_REGEX}\](?=[^A-Za-z0-9\-\(])/,
-          /\[(?<tag>(?:\#|GH-)?\d+)\]\(\)/i
-        ].freeze, T::Array[Regexp])
+        ISSUE_LINK_REGEXS = T.let(
+          [
+            /
+              (?:(?<=[^A-Za-z0-9\[\\]|^)\\*#{TAG_REGEX}(?=[^A-Za-z0-9\-]|$))|
+              (?:(?<=\s|^)#{REPO_REGEX}#{TAG_REGEX}(?=[^A-Za-z0-9\-]|$))
+            /x,
+            /\[#{TAG_REGEX}\](?=[^A-Za-z0-9\-\(])/,
+            /\[(?<tag>(?:\#|GH-)?\d+)\]\(\)/i
+          ].freeze,
+          T::Array[Regexp]
+        )
 
         sig { returns(T.nilable(String)) }
         attr_reader :source_url
@@ -36,8 +39,10 @@ module Dependabot
           ISSUE_LINK_REGEXS.reduce(text) do |updated_text, regex|
             updated_text.gsub(regex) do |issue_link|
               tag = T.must(
-                T.must(issue_link
-                    .match(/(?<tag>(?:\#|GH-)?\d+)/i))
+                T.must(
+                  issue_link
+                                      .match(/(?<tag>(?:\#|GH-)?\d+)/i)
+                )
                      .named_captures.fetch("tag")
               )
               number = tag.match(/\d+/).to_s

data/lib/dependabot/pull_request_creator/message_builder/metadata_presenter.rb

@@ -48,8 +48,13 @@ module Dependabot
           )
             .void
         end
-        def initialize(dependency:, source:, metadata_finder:,
-                       vulnerabilities_fixed:, github_redirection_service:)
+        def initialize(
+          dependency:,
+          source:,
+          metadata_finder:,
+          vulnerabilities_fixed:,
+          github_redirection_service:
+        )
           @dependency = dependency
           @source = source
           @metadata_finder = metadata_finder

data/lib/dependabot/pull_request_creator/message_builder.rb

@@ -89,12 +89,22 @@ module Dependabot
         )
           .void
       end
-      def initialize(source:, dependencies:, files:, credentials:,
-                     pr_message_header: nil, pr_message_footer: nil,
-                     commit_message_options: {}, vulnerabilities_fixed: {},
-                     github_redirection_service: DEFAULT_GITHUB_REDIRECTION_SERVICE,
-                     dependency_group: nil, pr_message_max_length: nil, pr_message_encoding: nil,
-                     ignore_conditions: [], notices: nil)
+      def initialize(
+        source:,
+        dependencies:,
+        files:,
+        credentials:,
+        pr_message_header: nil,
+        pr_message_footer: nil,
+        commit_message_options: {},
+        vulnerabilities_fixed: {},
+        github_redirection_service: DEFAULT_GITHUB_REDIRECTION_SERVICE,
+        dependency_group: nil,
+        pr_message_max_length: nil,
+        pr_message_encoding: nil,
+        ignore_conditions: [],
+        notices: nil
+      )
         @dependencies               = dependencies
         @files                      = files
         @source                     = source

data/lib/dependabot/pull_request_creator/pr_name_prefixer.rb

@@ -43,8 +43,13 @@ module Dependabot
         )
           .void
       end
-      def initialize(source:, dependencies:, credentials:, security_fix: false,
-                     commit_message_options: {})
+      def initialize(
+        source:,
+        dependencies:,
+        credentials:,
+        security_fix: false,
+        commit_message_options: {}
+      )
         @dependencies           = dependencies
         @source                 = source
         @credentials            = credentials

data/lib/dependabot/pull_request_creator.rb

@@ -6,7 +6,7 @@ require "dependabot/metadata_finders"
 require "dependabot/credential"
 
 module Dependabot
-  class PullRequestCreator
+  class PullRequestCreator # rubocop:disable Metrics/ClassLength
     extend T::Sig
 
     require "dependabot/pull_request_creator/azure"
@@ -179,17 +179,36 @@ module Dependabot
       )
         .void
     end
-    def initialize(source:, base_commit:, dependencies:, files:, credentials:,
-                   pr_message_header: nil, pr_message_footer: nil,
-                   custom_labels: nil, author_details: nil, signature_key: nil,
-                   commit_message_options: {}, vulnerabilities_fixed: {},
-                   reviewers: nil, assignees: nil, milestone: nil, branch_name_separator: "/",
-                   branch_name_prefix: "dependabot", branch_name_max_length: nil,
-                   label_language: false, automerge_candidate: false,
-                   github_redirection_service: DEFAULT_GITHUB_REDIRECTION_SERVICE,
-                   custom_headers: nil, require_up_to_date_base: false,
-                   provider_metadata: {}, message: nil, dependency_group: nil, pr_message_max_length: nil,
-                   pr_message_encoding: nil)
+    def initialize(
+      source:,
+      base_commit:,
+      dependencies:,
+      files:,
+      credentials:,
+      pr_message_header: nil,
+      pr_message_footer: nil,
+      custom_labels: nil,
+      author_details: nil,
+      signature_key: nil,
+      commit_message_options: {},
+      vulnerabilities_fixed: {},
+      reviewers: nil,
+      assignees: nil,
+      milestone: nil,
+      branch_name_separator: "/",
+      branch_name_prefix: "dependabot",
+      branch_name_max_length: nil,
+      label_language: false,
+      automerge_candidate: false,
+      github_redirection_service: DEFAULT_GITHUB_REDIRECTION_SERVICE,
+      custom_headers: nil,
+      require_up_to_date_base: false,
+      provider_metadata: {},
+      message: nil,
+      dependency_group: nil,
+      pr_message_max_length: nil,
+      pr_message_encoding: nil
+    )
       @dependencies               = dependencies
       @source                     = source
       @base_commit                = base_commit

data/lib/dependabot/pull_request_updater/azure.rb

@@ -48,8 +48,15 @@ module Dependabot
         )
           .void
       end
-      def initialize(source:, files:, base_commit:, old_commit:,
-                     credentials:, pull_request_number:, author_details: nil)
+      def initialize(
+        source:,
+        files:,
+        base_commit:,
+        old_commit:,
+        credentials:,
+        pull_request_number:,
+        author_details: nil
+      )
         @source = source
         @files = files
         @base_commit = base_commit

data/lib/dependabot/pull_request_updater/github.rb

@@ -50,9 +50,16 @@ module Dependabot
         )
           .void
       end
-      def initialize(source:, base_commit:, old_commit:, files:,
-                     credentials:, pull_request_number:,
-                     author_details: nil, signature_key: nil)
+      def initialize(
+        source:,
+        base_commit:,
+        old_commit:,
+        files:,
+        credentials:,
+        pull_request_number:,
+        author_details: nil,
+        signature_key: nil
+      )
         @source              = source
         @base_commit         = base_commit
         @old_commit          = old_commit

data/lib/dependabot/pull_request_updater/gitlab.rb

@@ -46,8 +46,15 @@ module Dependabot
         )
           .void
       end
-      def initialize(source:, base_commit:, old_commit:, files:,
-                     credentials:, pull_request_number:, target_project_id:)
+      def initialize(
+        source:,
+        base_commit:,
+        old_commit:,
+        files:,
+        credentials:,
+        pull_request_number:,
+        target_project_id:
+      )
         @source              = source
         @base_commit         = base_commit
         @old_commit          = old_commit

data/lib/dependabot/pull_request_updater.rb

@@ -54,10 +54,17 @@ module Dependabot
       )
         .void
     end
-    def initialize(source:, base_commit:, old_commit:, files:,
-                   credentials:, pull_request_number:,
-                   author_details: nil, signature_key: nil,
-                   provider_metadata: {})
+    def initialize(
+      source:,
+      base_commit:,
+      old_commit:,
+      files:,
+      credentials:,
+      pull_request_number:,
+      author_details: nil,
+      signature_key: nil,
+      provider_metadata: {}
+    )
       @source              = source
       @base_commit         = base_commit
       @old_commit          = old_commit

data/lib/dependabot/security_advisory.rb

@@ -32,8 +32,12 @@ module Dependabot
       )
         .void
     end
-    def initialize(dependency_name:, package_manager:,
-                   vulnerable_versions: [], safe_versions: [])
+    def initialize(
+      dependency_name:,
+      package_manager:,
+      vulnerable_versions: [],
+      safe_versions: []
+    )
       @dependency_name = dependency_name
       @package_manager = package_manager
       @vulnerable_version_strings = T.let(vulnerable_versions || [], T::Array[T.any(String, Dependabot::Requirement)])
@@ -143,14 +147,16 @@ module Dependabot
     def check_version_requirements
       unless vulnerable_versions.is_a?(Array) &&
              vulnerable_versions.all? { |i| requirement_class <= i.class }
-        raise ArgumentError, "vulnerable_versions must be an array " \
-                             "of #{requirement_class} instances"
+        raise ArgumentError,
+              "vulnerable_versions must be an array " \
+              "of #{requirement_class} instances"
       end
 
       unless safe_versions.is_a?(Array) &&
              safe_versions.all? { |i| requirement_class <= i.class }
-        raise ArgumentError, "safe_versions must be an array " \
-                             "of #{requirement_class} instances"
+        raise ArgumentError,
+              "safe_versions must be an array " \
+              "of #{requirement_class} instances"
       end
     end
 

data/lib/dependabot/shared_helpers.rb

@@ -139,11 +139,16 @@ module Dependabot
       )
         .returns(T.untyped)
     end
-    def self.run_helper_subprocess(command:, function:, args:, env: nil,
-                                   stderr_to_stdout: false,
-                                   allow_unsafe_shell_command: false,
-                                   error_class: HelperSubprocessFailed,
-                                   timeout: CommandHelpers::TIMEOUTS::DEFAULT)
+    def self.run_helper_subprocess(
+      command:,
+      function:,
+      args:,
+      env: nil,
+      stderr_to_stdout: false,
+      allow_unsafe_shell_command: false,
+      error_class: HelperSubprocessFailed,
+      timeout: CommandHelpers::TIMEOUTS::DEFAULT
+    )
       start = Time.now
       stdin_data = JSON.dump(function: function, args: args)
       cmd = allow_unsafe_shell_command ? command : escape_command(command)
@@ -209,8 +214,12 @@ module Dependabot
     end
 
     sig do
-      params(stdout: String, stderr: String, error_context: T::Hash[Symbol, T.untyped],
-             error_class: T.class_of(HelperSubprocessFailed))
+      params(
+        stdout: String,
+        stderr: String,
+        error_context: T::Hash[Symbol, T.untyped],
+        error_class: T.class_of(HelperSubprocessFailed)
+      )
         .returns(HelperSubprocessFailed)
     end
     def self.handle_json_parse_error(stdout, stderr, error_context, error_class)
@@ -232,8 +241,11 @@ module Dependabot
 
     # rubocop:enable Metrics/MethodLength
     sig do
-      params(stderr: T.nilable(String), error_context: T::Hash[Symbol, String],
-             error_class: T.class_of(HelperSubprocessFailed)).void
+      params(
+        stderr: T.nilable(String),
+        error_context: T::Hash[Symbol, String],
+        error_class: T.class_of(HelperSubprocessFailed)
+      ).void
     end
     def self.check_out_of_memory_error(stderr, error_context, error_class)
       return unless stderr&.include?("JavaScript heap out of memory")
@@ -325,8 +337,11 @@ module Dependabot
 
     # rubocop:disable Metrics/PerceivedComplexity
     sig do
-      params(credentials: T::Array[Dependabot::Credential], safe_directories: T::Array[String],
-             git_config_global_path: String).void
+      params(
+        credentials: T::Array[Dependabot::Credential],
+        safe_directories: T::Array[String],
+        git_config_global_path: String
+      ).void
     end
     def self.configure_git_to_use_https_with_credentials(credentials, safe_directories, git_config_global_path)
       File.open(git_config_global_path, "w") do |file|
@@ -445,14 +460,16 @@ module Dependabot
         output_observer: CommandHelpers::OutputObserver
       ).returns(String)
     end
-    def self.run_shell_command(command,
-                               allow_unsafe_shell_command: false,
-                               cwd: nil,
-                               env: {},
-                               fingerprint: nil,
-                               stderr_to_stdout: true,
-                               timeout: CommandHelpers::TIMEOUTS::DEFAULT,
-                               output_observer: nil)
+    def self.run_shell_command(
+      command,
+      allow_unsafe_shell_command: false,
+      cwd: nil,
+      env: {},
+      fingerprint: nil,
+      stderr_to_stdout: true,
+      timeout: CommandHelpers::TIMEOUTS::DEFAULT,
+      output_observer: nil
+    )
       start = Time.now
       cmd = allow_unsafe_shell_command ? command : escape_command(command)
 

data/lib/dependabot/source.rb

@@ -63,8 +63,10 @@ module Dependabot
       (?:#{CODECOMMIT_SOURCE})
     /x
 
-    IGNORED_PROVIDER_HOSTS = T.let(%w(gitbox.apache.org svn.apache.org fuchsia.googlesource.com).freeze,
-                                   T::Array[String])
+    IGNORED_PROVIDER_HOSTS = T.let(
+      %w(gitbox.apache.org svn.apache.org fuchsia.googlesource.com).freeze,
+      T::Array[String]
+    )
 
     sig { returns(String) }
     attr_accessor :provider
@@ -147,8 +149,16 @@ module Dependabot
         api_endpoint: T.nilable(String)
       ).void
     end
-    def initialize(provider:, repo:, directory: nil, directories: nil, branch: nil, commit: nil,
-                   hostname: nil, api_endpoint: nil)
+    def initialize(
+      provider:,
+      repo:,
+      directory: nil,
+      directories: nil,
+      branch: nil,
+      commit: nil,
+      hostname: nil,
+      api_endpoint: nil
+    )
       if (hostname.nil? ^ api_endpoint.nil?) && (provider != "codecommit")
         msg = "Both hostname and api_endpoint must be specified if either " \
               "are. Alternatively, both may be left blank to use the " \

data/lib/dependabot/update_checkers/base.rb

@@ -65,11 +65,19 @@ module Dependabot
         )
           .void
       end
-      def initialize(dependency:, dependency_files:, credentials:,
-                     repo_contents_path: nil, ignored_versions: [],
-                     raise_on_ignored: false, security_advisories: [],
-                     requirements_update_strategy: nil, dependency_group: nil,
-                     update_cooldown: nil, options: {})
+      def initialize(
+        dependency:,
+        dependency_files:,
+        credentials:,
+        repo_contents_path: nil,
+        ignored_versions: [],
+        raise_on_ignored: false,
+        security_advisories: [],
+        requirements_update_strategy: nil,
+        dependency_group: nil,
+        update_cooldown: nil,
+        options: {}
+      )
         @dependency = dependency
         @dependency_files = dependency_files
         @repo_contents_path = repo_contents_path

data/lib/dependabot.rb

@@ -2,5 +2,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.334.0"
+  VERSION = "0.335.0"
 end