dependabot-common 0.111.23 → 0.111.24

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: dcce62b12ea3d24de56496ad0df71c3ac94b8dd22a17028dbdb6792f26666921
-  data.tar.gz: 103eacacde9437828577a5b5c55f0491a0b8989307c715ea96010bbcfd6034a6
+  metadata.gz: 3d71c3c319631c3c3725d1b1fc4b0ee7176d2fe3412d4830f9d712626af2881f
+  data.tar.gz: 8525f0deaa7c990959e6e12e685eb7c69613fdc5a7c57f2c3be99f427e913b49
 SHA512:
-  metadata.gz: e30c37c82bd22adbabff118475f7c2d88ebd55b3e783cb511ccba23555a2e299dbddbd1e56de721f3498ab6413fbddb325f7dcee7096340532a80c13f0271166
-  data.tar.gz: faa8d9ffcb7d20e6c1175eb6412391961856a7c09f6ba488f1a36bfc8b7bdae471fcadbe3a524cf38ec35f104b49e11956ae3d818db19eda4ca2768a437c389b
+  metadata.gz: 1708d18b690a69ce8fafcef295baaed01433938e4103498f724f2620984622f398c3a01b71ebd2597c9a072630cd13eaae02a2fb0b2ac7602ddea505b229560e
+  data.tar.gz: 3a86a382415604639d19e11cb6bcb84d66ab7f68f8676eff428041ed364a86ec1be5e70daf1de57ca336297e07185a49ca052c58366bc9746cbf74e9e8075ca2

data/lib/dependabot/pull_request_creator.rb

@@ -27,10 +27,9 @@ module Dependabot
     def initialize(source:, base_commit:, dependencies:, files:, credentials:,
                    pr_message_footer: nil, custom_labels: nil,
                    author_details: nil, signature_key: nil,
-                   commit_message_options: {},
+                   commit_message_options: {}, vulnerabilities_fixed: {},
                    reviewers: nil, assignees: nil, milestone: nil,
-                   vulnerabilities_fixed: {}, branch_name_separator: "/",
-                   branch_name_prefix: "dependabot",
+                   branch_name_separator: "/", branch_name_prefix: "dependabot",
                    label_language: false, automerge_candidate: false,
                    github_redirection_service: "github-redirect.dependabot.com",
                    custom_headers: nil)

data/lib/dependabot/pull_request_creator/message_builder.rb

@@ -178,7 +178,9 @@ module Dependabot
           msg += " This release includes the previously tagged commit."
         end
 
-        if vulnerabilities_fixed[dependency.name]&.any?
+        if vulnerabilities_fixed[dependency.name]&.one?
+          msg += " **This update includes a security fix.**"
+        elsif vulnerabilities_fixed[dependency.name]&.any?
           msg += " **This update includes security fixes.**"
         end
 
@@ -275,16 +277,20 @@ module Dependabot
       end
 
       def metadata_cascades
-        if dependencies.count == 1
+        if dependencies.one?
           return metadata_cascades_for_dep(dependencies.first)
         end
 
         dependencies.map do |dep|
           msg = "\n\nUpdates `#{dep.display_name}` from "\
                 "#{previous_version(dep)} to #{new_version(dep)}"
-          if vulnerabilities_fixed[dep.name]&.any?
-            msg += ". **This update includes security fixes.**"
+
+          if vulnerabilities_fixed[dep.name]&.one?
+            msg += " **This update includes a security fix.**"
+          elsif vulnerabilities_fixed[dep.name]&.any?
+            msg += " **This update includes security fixes.**"
           end
+
           msg + metadata_cascades_for_dep(dep)
         end.join
       end

data/lib/dependabot/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.111.23"
+  VERSION = "0.111.24"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-common
 version: !ruby/object:Gem::Version
-  version: 0.111.23
+  version: 0.111.24
 platform: ruby
 authors:
 - Dependabot