dependabot-common 0.380.0 → 0.381.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3a6875517541de554dabb2e9256474b7b063b2af8a82bbf6579eb86e729e917e
-  data.tar.gz: c29581ace26310f39fb0b24c44702c943c01ab49bcc7787d9dfe4e5dd6093a5c
+  metadata.gz: d1bc1965fa1a1b0995cf9a71e47f098f471c2727513d3a69d7c8cf35b82a3cc3
+  data.tar.gz: 4273d18c7f649c135c28db5f864d82dc120f56a683a2b5fd823a09a486fc530b
 SHA512:
-  metadata.gz: 8f33816f8f94a02f956f067923cd79f44783dec54c23745a713cfc3fc51f6e27b55294ba31fa6f3640626988ad4a8d89f4a68b7971fe5ea14ff6886828b4d718
-  data.tar.gz: 7a24d2dd23e16b58f8eadc9b975146983c8693e99d0a473401ca392438bc5c81ed7e2b2c1a79e070c6e40189b955783000bac75b59811583a3d4a6fde8ce43b8
+  metadata.gz: 72acbd4917a61c50117d9014f26ac4cae89567215682764b01506c1a36f4eb80df3245f4ca4cad9ad7ab0f5d834e9e4540a67a6ea0dab5441d2d9c0a62f6acff
+  data.tar.gz: d2acef41e94afb6b5d0d171139e615adbbcc491e89a35ec78d7852b2d745e301ea3f9ec212b035452f7898cdfd791c8e2ff25decf021e5bc2fbda58011879688

data/lib/dependabot/clients/github_with_retries.rb

@@ -88,7 +88,7 @@ module Dependabot
 
       sig { params(repo: String, branch: String).returns(String) }
       def fetch_commit(repo, branch)
-        response = T.unsafe(self).ref(repo, "heads/#{branch}")
+        response = T.unsafe(ref(repo, "heads/#{branch}"))
 
         raise Octokit::NotFound if response.is_a?(Array)
 
@@ -97,7 +97,7 @@ module Dependabot
 
       sig { params(repo: String).returns(String) }
       def fetch_default_branch(repo)
-        T.unsafe(self).repository(repo).default_branch
+        T.unsafe(repository(repo)).default_branch
       end
 
       ############

data/lib/dependabot/clients/gitlab_with_retries.rb

@@ -67,12 +67,12 @@ module Dependabot
 
       sig { params(repo: String, branch: String).returns(String) }
       def fetch_commit(repo, branch)
-        T.unsafe(self).branch(repo, branch).commit.id
+        T.unsafe(branch(repo, branch)).commit.id
       end
 
       sig { params(repo: String).returns(String) }
       def fetch_default_branch(repo)
-        T.unsafe(self).project(repo).default_branch
+        T.unsafe(project(repo)).default_branch
       end
 
       ############

data/lib/dependabot/command_helpers.rb

@@ -96,7 +96,7 @@ module Dependabot
       stdout = T.let("", String)
       stderr = T.let("", String)
       status = T.let(nil, T.nilable(ProcessStatus))
-      pid = T.let(nil, T.untyped)
+      pid = T.let(nil, T.nilable(Integer))
       start_time = Time.now
 
       begin

data/lib/dependabot/errors.rb

@@ -393,6 +393,18 @@ module Dependabot
   # rubocop:enable Lint/RedundantCopDisableDirective
   # rubocop:enable Metrics/AbcSize
 
+  # Interface for error classes that provide Sentry context (e.g. fingerprint).
+  # Include this module in any error class that defines #sentry_context.
+  module HasSentryContext
+    extend T::Sig
+    extend T::Helpers
+
+    interface!
+
+    sig { abstract.returns(T::Hash[Symbol, T.untyped]) }
+    def sentry_context; end
+  end
+
   class DependabotError < StandardError
     extend T::Sig
 

data/lib/dependabot/file_fetchers/base.rb

@@ -393,19 +393,19 @@ module Dependabot
           .returns(T.nilable(T::Hash[String, T.untyped]))
       end
       def update_linked_paths(repo, path, commit, github_response)
-        case T.unsafe(github_response).type
+        case github_response[:type]
         when "submodule"
-          sub_source = Source.from_url(T.unsafe(github_response).submodule_git_url)
+          sub_source = Source.from_url(github_response[:submodule_git_url])
           return unless sub_source
 
           @linked_paths[path] = {
             repo: sub_source.repo,
             provider: sub_source.provider,
-            commit: T.unsafe(github_response).sha,
+            commit: github_response[:sha],
             path: "/"
           }
         when "symlink"
-          updated_path = File.join(File.dirname(path), T.unsafe(github_response).target)
+          updated_path = File.join(File.dirname(path), github_response[:target])
           @linked_paths[path] = {
             repo: repo,
             provider: "github",
@@ -564,10 +564,10 @@ module Dependabot
       sig { params(repo: String, path: String, commit: String).returns(T::Array[RepositoryContent]) }
       def _github_repo_contents(repo, path, commit)
         path = path.gsub(" ", "%20")
-        github_response = T.unsafe(github_client).contents(repo, path: path, ref: commit)
+        github_response = github_client.contents(repo, path: path, ref: commit)
 
         if github_response.respond_to?(:type)
-          update_linked_paths(repo, path, commit, github_response)
+          update_linked_paths(repo, path, commit, T.unsafe(github_response))
           raise Octokit::NotFound
         end
 
@@ -629,18 +629,20 @@ module Dependabot
       sig { params(file: Sawyer::Resource).returns(RepositoryContent) }
       def _build_github_file_struct(file)
         RepositoryContent.new(
-          name: T.unsafe(file).name,
-          path: T.unsafe(file).path,
-          type: T.unsafe(file).type,
-          sha: T.unsafe(file).sha,
-          size: T.unsafe(file).size
+          name: file[:name],
+          path: file[:path],
+          type: file[:type],
+          sha: file[:sha],
+          size: file[:size]
         )
       end
 
       sig { params(repo: String, path: String, commit: String).returns(T::Array[RepositoryContent]) }
       def _gitlab_repo_contents(repo, path, commit)
-        T.unsafe(gitlab_client)
-         .repo_tree(repo, path: path, ref: commit, per_page: 100)
+        T.unsafe(
+          gitlab_client
+                   .repo_tree(repo, path: path, ref: commit, per_page: 100)
+        )
          .map do |file|
           # GitLab API essentially returns the output from `git ls-tree`
           type = case file.type
@@ -681,12 +683,12 @@ module Dependabot
 
       sig { params(repo: String, path: String, commit: String).returns(T::Array[RepositoryContent]) }
       def _bitbucket_repo_contents(repo, path, commit)
-        response = T.unsafe(bitbucket_client)
-                    .fetch_repo_contents(
-                      repo,
-                      commit,
-                      path
-                    )
+        response = bitbucket_client
+                   .fetch_repo_contents(
+                     repo,
+                     commit,
+                     path
+                   )
 
         response.map do |file|
           type = case file.fetch("type")
@@ -775,12 +777,12 @@ module Dependabot
         when "github"
           _fetch_file_content_from_github(path, repo, commit)
         when "gitlab"
-          tmp = T.unsafe(gitlab_client).get_file(repo, path, commit).content
+          tmp = T.unsafe(gitlab_client.get_file(repo, path, commit)).content
           decode_binary_string(tmp)
         when "azure"
           azure_client.fetch_file_contents(commit, path)
         when "bitbucket"
-          T.unsafe(bitbucket_client).fetch_file_contents(repo, commit, path)
+          bitbucket_client.fetch_file_contents(repo, commit, path)
         when "codecommit"
           codecommit_client.fetch_file_contents(repo, commit, path)
         else raise "Unsupported provider '#{source.provider}'."
@@ -790,30 +792,30 @@ module Dependabot
       # rubocop:disable Metrics/AbcSize
       sig { params(path: String, repo: String, commit: String).returns(String) }
       def _fetch_file_content_from_github(path, repo, commit)
-        tmp = T.unsafe(github_client).contents(repo, path: path, ref: commit)
+        tmp = github_client.contents(repo, path: path, ref: commit)
 
         raise Octokit::NotFound if tmp.is_a?(Array)
 
-        if tmp.type == "symlink"
+        if T.unsafe(tmp).type == "symlink"
           @linked_paths[path] = {
             repo: repo,
             provider: "github",
             commit: commit,
-            path: Pathname.new(tmp.target).cleanpath.to_path
+            path: Pathname.new(T.unsafe(tmp).target).cleanpath.to_path
           }
-          tmp = T.unsafe(github_client).contents(
+          tmp = github_client.contents(
             repo,
-            path: Pathname.new(tmp.target).cleanpath.to_path,
+            path: Pathname.new(T.unsafe(tmp).target).cleanpath.to_path,
             ref: commit
           )
         end
 
-        if tmp.content == ""
+        if T.unsafe(tmp).content == ""
           # The file may have exceeded the 1MB limit
           # see https://github.blog/changelog/2022-05-03-increased-file-size-limit-when-retrieving-file-contents-via-rest-api/
-          T.unsafe(github_client).contents(repo, path: path, ref: commit, accept: "application/vnd.github.v3.raw")
+          T.unsafe(github_client.contents(repo, path: path, ref: commit, accept: "application/vnd.github.v3.raw"))
         else
-          decode_binary_string(tmp.content)
+          decode_binary_string(T.unsafe(tmp).content)
         end
       rescue Octokit::Forbidden => e
         raise unless e.message.include?("too_large")
@@ -825,10 +827,10 @@ module Dependabot
         file_details = repo_contents(dir: dir).find { |f| f.name == basename }
         raise unless file_details
 
-        tmp = T.unsafe(github_client).blob(repo, file_details.sha)
-        return tmp.content if tmp.encoding == "utf-8"
+        tmp = github_client.blob(repo, file_details.sha)
+        return T.unsafe(tmp).content if T.unsafe(tmp).encoding == "utf-8"
 
-        decode_binary_string(tmp.content)
+        decode_binary_string(T.unsafe(tmp).content)
       end
       # rubocop:enable Metrics/AbcSize
 

data/lib/dependabot/file_updaters/artifact_updater.rb

@@ -124,7 +124,22 @@ module Dependabot
           .returns(Dependabot::DependencyFile)
       end
       def create_dependency_file(parameters)
-        Dependabot::DependencyFile.new(**T.unsafe(parameters))
+        Dependabot::DependencyFile.new(
+          name: parameters.fetch(:name),
+          content: parameters[:content],
+          directory: parameters.fetch(:directory, "/"),
+          type: parameters.fetch(:type, "file"),
+          support_file: parameters.fetch(:support_file, false),
+          vendored_file: parameters.fetch(:vendored_file, false),
+          symlink_target: parameters[:symlink_target],
+          content_encoding: parameters.fetch(
+            :content_encoding,
+            Dependabot::DependencyFile::ContentEncoding::UTF_8
+          ),
+          deleted: parameters.fetch(:deleted, false),
+          operation: parameters.fetch(:operation, Dependabot::DependencyFile::Operation::UPDATE),
+          mode: parameters[:mode]
+        )
       end
     end
   end

data/lib/dependabot/file_updaters/vendor_updater.rb

@@ -37,7 +37,22 @@ module Dependabot
           .returns(Dependabot::DependencyFile)
       end
       def create_dependency_file(parameters)
-        Dependabot::DependencyFile.new(**T.unsafe({ **parameters, vendored_file: true }))
+        Dependabot::DependencyFile.new(
+          name: parameters.fetch(:name),
+          content: parameters[:content],
+          directory: parameters.fetch(:directory, "/"),
+          type: parameters.fetch(:type, "file"),
+          support_file: parameters.fetch(:support_file, false),
+          vendored_file: true,
+          symlink_target: parameters[:symlink_target],
+          content_encoding: parameters.fetch(
+            :content_encoding,
+            Dependabot::DependencyFile::ContentEncoding::UTF_8
+          ),
+          deleted: parameters.fetch(:deleted, false),
+          operation: parameters.fetch(:operation, Dependabot::DependencyFile::Operation::UPDATE),
+          mode: parameters[:mode]
+        )
       end
     end
   end

data/lib/dependabot/git_commit_checker.rb

@@ -463,7 +463,7 @@ module Dependabot
                .for_github_dot_com(credentials: credentials)
 
       # TODO: create this method instead of relying on method_missing
-      T.unsafe(client).compare(listing_source_repo, ref1, ref2).status
+      T.unsafe(client.compare(T.must(listing_source_repo), ref1, ref2)).status
     end
 
     sig { params(ref1: String, ref2: String).returns(String) }
@@ -471,10 +471,10 @@ module Dependabot
       client = Clients::GitlabWithRetries
                .for_gitlab_dot_com(credentials: credentials)
 
-      comparison = T.unsafe(client).compare(listing_source_repo, ref1, ref2)
+      comparison = client.compare(T.must(listing_source_repo), ref1, ref2)
 
-      if comparison.commits.none? then "behind"
-      elsif comparison.compare_same_ref then "identical"
+      if T.unsafe(comparison).commits.none? then "behind"
+      elsif T.unsafe(comparison).compare_same_ref then "identical"
       else
         "ahead"
       end
@@ -489,7 +489,7 @@ module Dependabot
       client = Clients::BitbucketWithRetries
                .for_bitbucket_dot_org(credentials: credentials)
 
-      response = T.unsafe(client).get(url)
+      response = client.get(url)
 
       # Conservatively assume that ref2 is ahead in the equality case, of
       # if we get an unexpected format (e.g., due to a 404)
@@ -688,7 +688,7 @@ module Dependabot
             source: T.must(source),
             credentials: credentials
           )
-          T.unsafe(client).releases(T.must(source).repo, per_page: 100)
+          client.releases(T.must(source).repo, per_page: 100)
         rescue Octokit::Error
           []
         end,

data/lib/dependabot/metadata_finders/base/changelog_finder.rb

@@ -102,7 +102,7 @@ module Dependabot
           @suggested_changelog_url = @suggested_changelog_url&.split("#")&.first
 
           @new_version = T.let(nil, T.nilable(String))
-          @changelog_from_suggested_url = T.let(nil, T.untyped)
+          @changelog_from_suggested_url = T.let(nil, T.nilable(Sawyer::Resource))
         end
 
         sig { returns(T.nilable(String)) }
@@ -172,7 +172,7 @@ module Dependabot
 
           opts = { path: suggested_source&.directory, ref: suggested_source&.branch }.compact
           suggested_source_client = github_client_for_source(T.must(suggested_source))
-          tmp_files = T.unsafe(suggested_source_client).contents(suggested_source&.repo, opts)
+          tmp_files = suggested_source_client.contents(T.must(suggested_source).repo, opts)
 
           filename = T.must(T.must(suggested_changelog_url).split("/").last)
           @changelog_from_suggested_url =
@@ -290,7 +290,7 @@ module Dependabot
         sig { params(file_source: Dependabot::Source, file: T.untyped).returns(String) }
         def fetch_github_file(file_source, file)
           # Hitting the download URL directly causes encoding problems
-          raw_content = T.unsafe(github_client_for_source(file_source)).get(file.url).content
+          raw_content = T.unsafe(github_client_for_source(file_source).get(file.url)).content
           Base64.decode64(raw_content).force_encoding("UTF-8").encode
         end
 
@@ -305,8 +305,8 @@ module Dependabot
 
         sig { params(file: T.untyped).returns(String) }
         def fetch_bitbucket_file(file)
-          T.unsafe(bitbucket_client).get(file.download_url).body
-           .force_encoding("UTF-8").encode
+          bitbucket_client.get(file.download_url).body
+                          .force_encoding("UTF-8").encode
         end
 
         sig { params(file: T.untyped).returns(String) }
@@ -349,37 +349,34 @@ module Dependabot
           end
         end
 
-        # rubocop:disable Metrics/AbcSize
         sig { params(ref: T.nilable(String)).returns(T::Array[T.untyped]) }
         def fetch_github_file_list(ref)
           files = []
 
           if T.must(source).directory
             opts = { path: T.must(source).directory, ref: ref }.compact
-            tmp_files = T.unsafe(github_client).contents(T.must(source).repo, opts)
+            tmp_files = github_client.contents(T.must(source).repo, opts)
             files += tmp_files if tmp_files.is_a?(Array)
           end
 
           opts = { ref: ref }.compact
-          files += T.unsafe(github_client).contents(T.must(source).repo, opts)
+          files += github_client.contents(T.must(source).repo, opts)
 
           files.uniq.each do |f|
             next unless f.type == "dir" && f.name.match?(/docs?/o)
 
             opts = { path: f.path, ref: ref }.compact
-            files += T.unsafe(github_client).contents(T.must(source).repo, opts)
+            files += github_client.contents(T.must(source).repo, opts)
           end
 
           files
         rescue Octokit::NotFound, Octokit::UnavailableForLegalReasons
           []
         end
-        # rubocop:enable Metrics/AbcSize
-
         sig { returns(T.untyped) }
         def fetch_bitbucket_file_list
           branch = default_bitbucket_branch
-          T.unsafe(bitbucket_client).fetch_repo_contents(T.must(source).repo).map do |file|
+          bitbucket_client.fetch_repo_contents(T.must(source).repo).map do |file|
             type = case file.fetch("type")
                    when "commit_file" then "file"
                    when "commit_directory" then "dir"
@@ -402,7 +399,7 @@ module Dependabot
         sig { returns(T.untyped) }
         def fetch_gitlab_file_list
           branch = default_gitlab_branch
-          T.unsafe(gitlab_client).repo_tree(T.must(source).repo).map do |file|
+          T.unsafe(gitlab_client.repo_tree(T.must(source).repo)).map do |file|
             type = case file.type
                    when "blob" then "file"
                    when "tree" then "dir"
@@ -544,7 +541,7 @@ module Dependabot
         def default_bitbucket_branch
           @default_bitbucket_branch ||=
             T.let(
-              T.unsafe(bitbucket_client).fetch_default_branch(T.must(source).repo),
+              bitbucket_client.fetch_default_branch(T.must(source).repo),
               T.nilable(String)
             )
         end

data/lib/dependabot/metadata_finders/base/commits_finder.rb

@@ -282,13 +282,15 @@ module Dependabot
 
               args = { sha: previous_tag, path: path }.compact
               previous_commit_shas =
-                T.unsafe(github_client).commits(repo, **args).map(&:sha)
+                T.unsafe(github_client.commits(repo, **args)).map(&:sha)
 
               # NOTE: We reverse this so it's consistent with the array we get
               # from `github_client.compare(...)`
               args = { sha: new_tag, path: path }.compact
-              T.unsafe(github_client)
-               .commits(repo, **args)
+              T.unsafe(
+                github_client
+                               .commits(repo, **args)
+              )
                .reject { |c| previous_commit_shas.include?(c.sha) }.reverse
             end
           return [] unless commits
@@ -306,9 +308,9 @@ module Dependabot
 
         sig { returns(T::Array[T::Hash[Symbol, String]]) }
         def fetch_bitbucket_commits
-          T.unsafe(bitbucket_client)
-           .compare(T.must(source).repo, previous_tag, new_tag)
-           .map do |commit|
+          bitbucket_client
+            .compare(T.must(source).repo, T.must(previous_tag), T.must(new_tag))
+            .map do |commit|
             {
               message: commit.dig("summary", "raw"),
               sha: commit["hash"],
@@ -326,8 +328,10 @@ module Dependabot
 
         sig { returns(T::Array[T::Hash[Symbol, String]]) }
         def fetch_gitlab_commits
-          T.unsafe(gitlab_client)
-           .compare(T.must(source).repo, previous_tag, new_tag)
+          T.unsafe(
+            gitlab_client
+                       .compare(T.must(source).repo, T.must(previous_tag), T.must(new_tag))
+          )
            .commits
            .map do |commit|
             {

data/lib/dependabot/metadata_finders/base/release_finder.rb

@@ -281,21 +281,21 @@ module Dependabot
 
         sig { returns(T::Array[T.untyped]) }
         def fetch_github_releases
-          releases = T.unsafe(github_client).releases(T.must(source).repo, per_page: 100)
+          releases = github_client.releases(T.must(source).repo, per_page: 100)
 
           # Remove any releases without a tag name. These are draft releases and
           # aren't yet associated with a tag, so shouldn't be used.
-          releases = releases.reject { |r| r.tag_name.nil? }
+          releases = releases.reject { |r| T.unsafe(r).tag_name.nil? }
 
           clean_release_names =
-            releases.map { |r| r.tag_name.gsub(/^[^0-9\.]*/, "") }
+            releases.map { |r| T.unsafe(r).tag_name.gsub(/^[^0-9\.]*/, "") }
 
           if clean_release_names.all? { |nm| version_class.correct?(nm) }
             releases.sort_by do |r|
-              version_class.new(r.tag_name.gsub(/^[^0-9\.]*/, ""))
+              version_class.new(T.unsafe(r).tag_name.gsub(/^[^0-9\.]*/, ""))
             end.reverse
           else
-            releases.sort_by(&:id).reverse
+            releases.sort_by { |r| T.unsafe(r).id }.reverse
           end
         rescue Octokit::NotFound, Octokit::UnavailableForLegalReasons
           []
@@ -304,18 +304,20 @@ module Dependabot
         sig { returns(T::Array[T.untyped]) }
         def fetch_gitlab_releases
           releases =
-            T.unsafe(gitlab_client)
-             .tags(T.must(source).repo)
+            T.unsafe(
+              gitlab_client
+                           .tags(T.must(source).repo)
+            )
              .select(&:release)
-             .sort_by { |r| r.commit.authored_date }
+             .sort_by { |r| T.unsafe(r).commit.authored_date }
              .reverse
 
           releases.map do |tag|
             GitLabRelease.new(
-              name: tag.name,
-              tag_name: tag.release.tag_name,
-              body: tag.release.description,
-              html_url: "#{T.must(source).url}/tags/#{tag.name}"
+              name: T.unsafe(tag).name,
+              tag_name: T.unsafe(tag).release.tag_name,
+              body: T.unsafe(tag).release.description,
+              html_url: "#{T.must(source).url}/tags/#{T.unsafe(tag).name}"
             )
           end
         rescue Gitlab::Error::NotFound

data/lib/dependabot/package/package_latest_version_finder.rb

@@ -323,11 +323,16 @@ module Dependabot
 
       sig { returns(T::Boolean) }
       def wants_prerelease?
-        return version_class.new(dependency.version).prerelease? if dependency.version
+        return true if dependency.numeric_version&.prerelease?
 
         dependency.requirements.any? do |req|
-          reqs = (req.fetch(:requirement) || "").split(",").map(&:strip)
-          reqs.any? { |r| r.match?(/[A-Za-z]/) }
+          req_string = req.fetch(:requirement) || ""
+          req_string.split(",").map(&:strip).any? do |r|
+            version_str = r.gsub(/^\s*[!<>=~^]+\s*/, "").strip
+            next false unless version_class.correct?(version_str)
+
+            version_class.new(version_str).prerelease?
+          end
         end
       end
 

data/lib/dependabot/pull_request_creator/github.rb

@@ -196,7 +196,7 @@ module Dependabot
         @pull_requests_for_branch ||=
           T.let(
             begin
-              T.unsafe(github_client_for_source).pull_requests(
+              github_client_for_source.pull_requests(
                 source.repo,
                 head: "#{source.repo.split('/').first}:#{branch_name}",
                 state: "all"
@@ -204,13 +204,13 @@ module Dependabot
             rescue Octokit::InternalServerError
               # A GitHub bug sometimes means adding `state: all` causes problems.
               # In that case, fall back to making two separate requests.
-              open_prs = T.unsafe(github_client_for_source).pull_requests(
+              open_prs = github_client_for_source.pull_requests(
                 source.repo,
                 head: "#{source.repo.split('/').first}:#{branch_name}",
                 state: "open"
               )
 
-              closed_prs = T.unsafe(github_client_for_source).pull_requests(
+              closed_prs = github_client_for_source.pull_requests(
                 source.repo,
                 head: "#{source.repo.split('/').first}:#{branch_name}",
                 state: "closed"
@@ -254,7 +254,7 @@ module Dependabot
 
       sig { returns(T::Boolean) }
       def repo_exists?
-        T.unsafe(github_client_for_source).repo(source.repo)
+        github_client_for_source.repo(source.repo)
         true
       rescue Octokit::NotFound
         false
@@ -265,7 +265,7 @@ module Dependabot
         tree = create_tree
 
         begin
-          T.unsafe(github_client_for_source).create_commit(
+          github_client_for_source.create_commit(
             source.repo,
             commit_message,
             tree.sha,
@@ -317,8 +317,8 @@ module Dependabot
             content = if file.operation == Dependabot::DependencyFile::Operation::DELETE
                         { sha: nil }
                       elsif file.binary?
-                        sha = T.unsafe(github_client_for_source).create_blob(
-                          source.repo, file.content, "base64"
+                        sha = github_client_for_source.create_blob(
+                          source.repo, T.must(file.content), "base64"
                         )
                         { sha: sha }
                       else
@@ -333,7 +333,7 @@ module Dependabot
           end
         end
 
-        T.unsafe(github_client_for_source).create_tree(
+        github_client_for_source.create_tree(
           source.repo,
           file_trees,
           base_tree: base_commit
@@ -365,7 +365,7 @@ module Dependabot
 
         begin
           branch =
-            T.unsafe(github_client_for_source).create_ref(source.repo, ref, commit.sha)
+            github_client_for_source.create_ref(source.repo, ref, commit.sha)
           @branch_name = ref.gsub(%r{^refs/heads/}, "")
           branch
         rescue Octokit::UnprocessableEntity => e
@@ -385,7 +385,7 @@ module Dependabot
 
       sig { params(commit: T.untyped).void }
       def update_branch(commit)
-        T.unsafe(github_client_for_source).update_ref(
+        github_client_for_source.update_ref(
           source.repo,
           "heads/#{branch_name}",
           commit.sha,
@@ -406,7 +406,7 @@ module Dependabot
         reviewers_hash =
           T.must(reviewers).keys.to_h { |k| [k.to_sym, T.must(reviewers)[k]] }
 
-        T.unsafe(github_client_for_source).request_pull_request_review(
+        github_client_for_source.request_pull_request_review(
           source.repo,
           pull_request.number,
           reviewers: reviewers_hash[:reviewers] || [],
@@ -458,7 +458,7 @@ module Dependabot
                "#{message}\n" \
                "```"
 
-        T.unsafe(github_client_for_source).add_comment(
+        github_client_for_source.add_comment(
           source.repo,
           pull_request.number,
           msg
@@ -467,10 +467,10 @@ module Dependabot
 
       sig { params(pull_request: T.untyped).void }
       def add_assignees_to_pull_request(pull_request)
-        T.unsafe(github_client_for_source).add_assignees(
+        github_client_for_source.add_assignees(
           source.repo,
           pull_request.number,
-          assignees
+          T.must(assignees)
         )
       rescue Octokit::NotFound
         # This can happen if a passed assignee login is now an org account
@@ -482,7 +482,7 @@ module Dependabot
 
       sig { params(pull_request: T.untyped).void }
       def add_milestone_to_pull_request(pull_request)
-        T.unsafe(github_client_for_source).update_issue(
+        github_client_for_source.update_issue(
           source.repo,
           pull_request.number,
           milestone: milestone
@@ -493,7 +493,7 @@ module Dependabot
 
       sig { returns(T.untyped) }
       def create_pull_request
-        T.unsafe(github_client_for_source).create_pull_request(
+        github_client_for_source.create_pull_request(
           source.repo,
           target_branch,
           branch_name,
@@ -521,7 +521,7 @@ module Dependabot
       def default_branch
         @default_branch ||=
           T.let(
-            T.unsafe(github_client_for_source).repo(source.repo).default_branch,
+            T.unsafe(github_client_for_source.repo(source.repo)).default_branch,
             T.nilable(String)
           )
       end

data/lib/dependabot/pull_request_creator/gitlab.rb

@@ -143,7 +143,7 @@ module Dependabot
       def branch_exists?
         @branch_ref ||=
           T.let(
-            T.unsafe(gitlab_client_for_source).branch(source.repo, branch_name),
+            gitlab_client_for_source.branch(source.repo, branch_name),
             T.nilable(::Gitlab::ObjectifiedHash)
           )
         true
@@ -155,25 +155,27 @@ module Dependabot
       def commit_exists?
         @commits ||=
           T.let(
-            T.unsafe(gitlab_client_for_source).commits(source.repo, ref_name: branch_name),
+            gitlab_client_for_source.commits(source.repo, ref_name: branch_name),
             T.nilable(::Gitlab::PaginatedResponse)
           )
-        @commits.first.message == commit_message
+        T.unsafe(@commits).first.message == commit_message
       end
 
       sig { returns(T::Boolean) }
       def merge_request_exists?
-        T.unsafe(gitlab_client_for_source).merge_requests(
-          target_project_id || source.repo,
-          source_branch: branch_name,
-          target_branch: source.branch || default_branch,
-          state: "all"
+        T.unsafe(
+          gitlab_client_for_source.merge_requests(
+            (target_project_id || source.repo).to_s,
+            source_branch: branch_name,
+            target_branch: source.branch || default_branch,
+            state: "all"
+          )
         ).any?
       end
 
       sig { returns(::Gitlab::ObjectifiedHash) }
       def create_branch
-        T.unsafe(gitlab_client_for_source).create_branch(
+        gitlab_client_for_source.create_branch(
           source.repo,
           branch_name,
           base_commit
@@ -201,7 +203,7 @@ module Dependabot
       def create_submodule_update_commit
         file = T.must(files.first)
 
-        T.unsafe(gitlab_client_for_source).edit_submodule(
+        gitlab_client_for_source.edit_submodule(
           source.repo,
           file.path.gsub(%r{^/}, ""),
           branch: branch_name,
@@ -212,7 +214,7 @@ module Dependabot
 
       sig { returns(T.nilable(::Gitlab::ObjectifiedHash)) }
       def create_merge_request
-        T.unsafe(gitlab_client_for_source).create_merge_request(
+        gitlab_client_for_source.create_merge_request(
           source.repo,
           pr_name,
           source_branch: branch_name,
@@ -236,8 +238,8 @@ module Dependabot
       def add_approvers_to_merge_request(merge_request)
         return unless approvers_hash[:approvers] || approvers_hash[:group_approvers]
 
-        T.unsafe(gitlab_client_for_source).create_merge_request_level_rule(
-          target_project_id || source.repo,
+        gitlab_client_for_source.create_merge_request_level_rule(
+          (target_project_id || source.repo).to_s,
           T.unsafe(merge_request).iid,
           name: "dependency-updates",
           approvals_required: 1,
@@ -258,7 +260,7 @@ module Dependabot
       def default_branch
         @default_branch ||=
           T.let(
-            T.unsafe(gitlab_client_for_source).project(source.repo).default_branch,
+            T.unsafe(gitlab_client_for_source.project(source.repo)).default_branch,
             T.nilable(String)
           )
       end

data/lib/dependabot/pull_request_creator/labeler.rb

@@ -92,7 +92,7 @@ module Dependabot
         return if labels_for_pr.none?
         raise "Only GitHub!" unless source.provider == "github"
 
-        T.unsafe(github_client_for_source).add_labels_to_an_issue(
+        github_client_for_source.add_labels_to_an_issue(
           source.repo,
           pull_request_number,
           labels_for_pr
@@ -320,16 +320,16 @@ module Dependabot
       def fetch_github_labels
         client = github_client_for_source
 
-        labels =
-          T.unsafe(client)
-           .labels(source.repo, per_page: 100)
-           .map(&:name)
+        labels = T.let(
+          T.unsafe(client.labels(source.repo, per_page: 100)).map(&:name),
+          T::Array[String]
+        )
 
-        next_link = T.unsafe(client).last_response.rels[:next]
+        next_link = T.let(client.last_response.rels[:next], T.nilable(Sawyer::Relation))
 
         while next_link
-          next_page = next_link.get
-          labels += next_page.data.map(&:name)
+          next_page = T.let(next_link.get, Sawyer::Response)
+          labels += T.unsafe(next_page.data).map(&:name)
           next_link = next_page.rels[:next]
         end
 
@@ -338,9 +338,11 @@ module Dependabot
 
       sig { returns(T::Array[String]) }
       def fetch_gitlab_labels
-        T.unsafe(gitlab_client_for_source)
-         .labels(source.repo, per_page: 100)
-         .auto_paginate
+        T.unsafe(
+          gitlab_client_for_source
+                   .labels(source.repo, per_page: 100)
+                   .auto_paginate
+        )
          .map(&:name)
       end
 
@@ -390,7 +392,7 @@ module Dependabot
 
       sig { returns(T::Array[String]) }
       def create_github_dependencies_label
-        T.unsafe(github_client_for_source).add_label(
+        github_client_for_source.add_label(
           source.repo,
           DEFAULT_DEPENDENCIES_LABEL,
           "0366d6",
@@ -406,7 +408,7 @@ module Dependabot
 
       sig { returns(T::Array[String]) }
       def create_gitlab_dependencies_label
-        T.unsafe(gitlab_client_for_source).create_label(
+        gitlab_client_for_source.create_label(
           source.repo,
           DEFAULT_DEPENDENCIES_LABEL,
           "#0366d6",
@@ -417,7 +419,7 @@ module Dependabot
 
       sig { returns(T::Array[String]) }
       def create_github_security_label
-        T.unsafe(github_client_for_source).add_label(
+        github_client_for_source.add_label(
           source.repo,
           DEFAULT_SECURITY_LABEL,
           "ee0701",
@@ -433,7 +435,7 @@ module Dependabot
 
       sig { returns(T.nilable(T::Array[String])) }
       def create_gitlab_security_label
-        T.unsafe(gitlab_client_for_source).create_label(
+        gitlab_client_for_source.create_label(
           source.repo,
           DEFAULT_SECURITY_LABEL,
           "#ee0701",
@@ -446,7 +448,7 @@ module Dependabot
       def create_github_language_label
         label = self.class.label_details_for_package_manager(package_manager)
         language_name = label.fetch(:name)
-        T.unsafe(github_client_for_source).add_label(
+        github_client_for_source.add_label(
           source.repo,
           language_name,
           label.fetch(:colour),
@@ -470,7 +472,7 @@ module Dependabot
         language_name =
           self.class.label_details_for_package_manager(package_manager)
               .fetch(:name)
-        T.unsafe(gitlab_client_for_source).create_label(
+        gitlab_client_for_source.create_label(
           source.repo,
           language_name,
           "#" + self.class.label_details_for_package_manager(package_manager)

data/lib/dependabot/pull_request_creator/pr_name_prefixer.rb

@@ -347,7 +347,7 @@ module Dependabot
       sig { returns(T::Array[String]) }
       def recent_gitlab_commit_messages
         @recent_gitlab_commit_messages ||=
-          T.unsafe(gitlab_client_for_source).commits(source.repo)
+          gitlab_client_for_source.commits(source.repo)
 
         @recent_gitlab_commit_messages
           .reject { |c| c.author_email == dependabot_email }
@@ -431,7 +431,7 @@ module Dependabot
       def recent_github_commits
         @recent_github_commits ||=
           T.let(
-            T.unsafe(github_client_for_source).commits(source.repo, per_page: 100),
+            github_client_for_source.commits(source.repo, per_page: 100),
             T.untyped
           )
       rescue Octokit::Conflict, Octokit::NotFound
@@ -442,7 +442,7 @@ module Dependabot
       def last_gitlab_dependabot_commit_message
         @recent_gitlab_commit_messages ||=
           T.let(
-            T.unsafe(gitlab_client_for_source).commits(source.repo),
+            gitlab_client_for_source.commits(source.repo),
             T.untyped
           )
 

data/lib/dependabot/pull_request_updater/github.rb

@@ -91,7 +91,7 @@ module Dependabot
         target_branch = source.branch || pull_request.base.repo.default_branch
         return if target_branch == pull_request.base.ref
 
-        T.unsafe(github_client_for_source).update_pull_request(
+        github_client_for_source.update_pull_request(
           source.repo,
           pull_request_number,
           base: target_branch
@@ -137,7 +137,7 @@ module Dependabot
       def pull_request
         @pull_request ||=
           T.let(
-            T.unsafe(github_client_for_source).pull_request(
+            github_client_for_source.pull_request(
               source.repo,
               pull_request_number
             ),
@@ -147,7 +147,7 @@ module Dependabot
 
       sig { params(name: String).returns(T::Boolean) }
       def branch_exists?(name)
-        T.unsafe(github_client_for_source).branch(source.repo, name)
+        github_client_for_source.branch(source.repo, name)
         true
       rescue Octokit::NotFound
         false
@@ -165,7 +165,7 @@ module Dependabot
         end
 
         begin
-          T.unsafe(github_client_for_source).create_commit(
+          github_client_for_source.create_commit(
             source.repo,
             commit_message,
             tree.sha,
@@ -200,8 +200,8 @@ module Dependabot
             content = if file.operation == Dependabot::DependencyFile::Operation::DELETE
                         { sha: nil }
                       elsif file.binary?
-                        sha = T.unsafe(github_client_for_source).create_blob(
-                          source.repo, file.content, "base64"
+                        sha = github_client_for_source.create_blob(
+                          source.repo, T.must(file.content), "base64"
                         )
                         { sha: sha }
                       else
@@ -216,7 +216,7 @@ module Dependabot
           end
         end
 
-        T.unsafe(github_client_for_source).create_tree(
+        github_client_for_source.create_tree(
           source.repo,
           file_trees,
           base_tree: base_commit
@@ -240,7 +240,7 @@ module Dependabot
 
       sig { params(commit: T.untyped).returns(T.untyped) }
       def update_branch(commit)
-        T.unsafe(github_client_for_source).update_ref(
+        github_client_for_source.update_ref(
           source.repo,
           "heads/" + pull_request.head.ref,
           commit.sha,
@@ -279,12 +279,14 @@ module Dependabot
         @commit_being_updated =
           T.let(
             if pull_request.commits == 1
-              T.unsafe(github_client_for_source)
+              github_client_for_source
                .git_commit(source.repo, pull_request.head.sha)
             else
               commits =
-                T.unsafe(github_client_for_source)
-                 .pull_request_commits(source.repo, pull_request_number)
+                T.unsafe(
+                  github_client_for_source
+                                   .pull_request_commits(source.repo, pull_request_number)
+                )
 
               commit = commits.find { |c| c.sha == old_commit }
               commit&.commit

data/lib/dependabot/pull_request_updater/gitlab.rb

@@ -108,7 +108,7 @@ module Dependabot
 
       sig { params(name: String).returns(T::Boolean) }
       def branch_exists?(name)
-        !T.unsafe(gitlab_client_for_source).branch(source.repo, name).nil?
+        !gitlab_client_for_source.branch(source.repo, name).nil?
       rescue ::Gitlab::Error::NotFound
         false
       end
@@ -116,7 +116,7 @@ module Dependabot
       # TODO: This needs to be typed when the underlying client is
       sig { returns(T.untyped) }
       def commit_being_updated
-        T.unsafe(gitlab_client_for_source).commit(source.repo, old_commit)
+        gitlab_client_for_source.commit(source.repo, old_commit)
       end
 
       sig { void }

data/lib/dependabot/shared_helpers.rb

@@ -86,6 +86,7 @@ module Dependabot
 
     class HelperSubprocessFailed < Dependabot::DependabotError
       extend T::Sig
+      include Dependabot::HasSentryContext
 
       sig { returns(String) }
       attr_reader :error_class
@@ -112,7 +113,7 @@ module Dependabot
         @trace = trace
       end
 
-      sig { returns(T::Hash[Symbol, T.untyped]) }
+      sig { override.returns(T::Hash[Symbol, T.untyped]) }
       def sentry_context
         { fingerprint: [@fingerprint], extra: @error_context.except(:stderr_output, :fingerprint) }
       end

data/lib/dependabot.rb

@@ -2,5 +2,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.380.0"
+  VERSION = "0.381.0"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-common
 version: !ruby/object:Gem::Version
-  version: 0.380.0
+  version: 0.381.0
 platform: ruby
 authors:
 - Dependabot
@@ -617,7 +617,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.380.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.381.0
 rdoc_options: []
 require_paths:
 - lib