dependabot-common 0.314.0 → 0.315.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 75665e6e5f16e2e104b7415ff2f557508d03f394e8f9de6a5f841f4352e1484e
-  data.tar.gz: 61f9095c642362351d1381f1f9d3f5a26c13d3b24fb1841046b3682c6a85aaa6
+  metadata.gz: 68238b0440934d660fcb680bd94b21397bf3396c0e4467fbd88fd21a23453a6f
+  data.tar.gz: d263bcc8392bbad1168f031af2bdbf243190ab91ab1f019a7206c1af76f95652
 SHA512:
-  metadata.gz: bd09436156631884d91cd670497ca6d033ee4cb2927db598d0348f78af77f4d7bc1626ccd6ea36e051f900ad9b5ad4299f4c49e5cb4308a6203e99861c7cd458
-  data.tar.gz: f2a87eed835ec64c46769dadae2ec093fc8d6b9c8a004c40d3c65ed55a824ebdd2a402165d640d83dad757a0d34473f3b92d92d8ffd1aa99a2af0d734af9fdff
+  metadata.gz: 3165f873c2ff8492dc8f7ee6cfe0a136d664cf35653f9856ebc80f6c5c0fce35e287950be698263f62152affc82859d8808edb0bd2355d12f481193e9c463cb2
+  data.tar.gz: 5692d5ad262572fc9cc91095010ed4b2381335d98d1064ee078c845cb9b17a060be52dd48d0ff72dc82526fd9bd1ed8c5dcd1551822be4c1e5c7f763df46c69e

data/lib/dependabot/clients/bitbucket.rb

@@ -297,7 +297,7 @@ module Dependabot
       sig { params(url: String).returns(Excon::Response) }
       def get(url)
         response = Excon.get(
-          URI::DEFAULT_PARSER.escape(url),
+          URI::RFC2396_PARSER.escape(url),
           user: credentials&.fetch("username", nil),
           password: credentials&.fetch("password", nil),
           # Setting to false to prevent Excon retries, use BitbucketWithRetries for retries.

data/lib/dependabot/file_fetchers/base.rb

@@ -1,8 +1,10 @@
 # typed: strict
 # frozen_string_literal: true
 
-require "stringio"
+require "ostruct"
 require "sorbet-runtime"
+require "stringio"
+
 require "dependabot/config"
 require "dependabot/dependency_file"
 require "dependabot/source"

data/lib/dependabot/git_commit_checker.rb

@@ -234,6 +234,13 @@ module Dependabot
       tags[-1]&.name
     end
 
+    sig { params(tags: T::Array[Dependabot::GitRef]).returns(T.nilable(T::Hash[Symbol, T.untyped])) }
+    def max_local_tag(tags)
+      max_version_tag = tags.max_by { |t| version_from_tag(t) }
+
+      to_local_tag(max_version_tag)
+    end
+
     private
 
     sig { returns(Dependabot::Dependency) }
@@ -255,13 +262,6 @@ module Dependabot
       max_local_tag(select_lower_precision(tags))
     end
 
-    sig { params(tags: T::Array[Dependabot::GitRef]).returns(T.nilable(T::Hash[Symbol, T.untyped])) }
-    def max_local_tag(tags)
-      max_version_tag = tags.max_by { |t| version_from_tag(t) }
-
-      to_local_tag(max_version_tag)
-    end
-
     # Find the latest version with the same precision as the pinned version.
     sig { params(tags: T::Array[Dependabot::GitRef]).returns(T::Array[Dependabot::GitRef]) }
     def select_matching_existing_precision(tags)

data/lib/dependabot/git_metadata_fetcher.rb

@@ -3,6 +3,7 @@
 
 require "excon"
 require "open3"
+require "ostruct"
 require "sorbet-runtime"
 
 require "dependabot/errors"

data/lib/dependabot/metadata_finders/base/changelog_finder.rb

@@ -2,6 +2,7 @@
 # frozen_string_literal: true
 
 require "excon"
+require "ostruct"
 require "sorbet-runtime"
 
 require "dependabot/clients/github_with_retries"

data/lib/dependabot/metadata_finders/base/release_finder.rb

@@ -1,6 +1,7 @@
 # typed: strict
 # frozen_string_literal: true
 
+require "ostruct"
 require "sorbet-runtime"
 
 require "dependabot/credential"

data/lib/dependabot/pull_request_creator/branch_namer/multi_ecosystem_strategy.rb

@@ -0,0 +1,80 @@
+# typed: strong
+# frozen_string_literal: true
+
+require "sorbet-runtime"
+require "dependabot/pull_request_creator/branch_namer/base"
+
+module Dependabot
+  class PullRequestCreator
+    class BranchNamer
+      class MultiEcosystemStrategy < Base
+        extend T::Sig
+
+        sig do
+          params(
+            dependencies: T::Array[Dependabot::Dependency],
+            files: T::Array[Dependabot::DependencyFile],
+            target_branch: T.nilable(String),
+            includes_security_fixes: T::Boolean,
+            multi_ecosystem_name: String,
+            separator: String,
+            prefix: String,
+            max_length: T.nilable(Integer)
+          )
+            .void
+        end
+        def initialize(dependencies:, files:, target_branch:, includes_security_fixes:, multi_ecosystem_name:,
+                       separator: "/", prefix: "dependabot", max_length: nil)
+          super(
+            dependencies: dependencies,
+            files: files,
+            target_branch: target_branch,
+            separator: separator,
+            prefix: prefix,
+            max_length: max_length,
+          )
+
+          @multi_ecosystem_name = multi_ecosystem_name
+          @includes_security_fixes = includes_security_fixes
+        end
+
+        sig { override.returns(String) }
+        def new_branch_name
+          sanitize_branch_name(File.join(prefixes, group_name_with_dependency_digest))
+        end
+
+        private
+
+        sig { returns(String) }
+        attr_reader :multi_ecosystem_name
+
+        sig { returns(T::Array[String]) }
+        def prefixes
+          [
+            prefix,
+            target_branch
+          ].compact
+        end
+
+        sig { returns(String) }
+        def group_name_with_dependency_digest
+          if @includes_security_fixes
+            "group-security-#{multi_ecosystem_name}-#{dependency_digest}"
+          else
+            "#{multi_ecosystem_name}-#{dependency_digest}"
+          end
+        end
+
+        sig { returns(T.nilable(String)) }
+        def dependency_digest
+          @dependency_digest ||= T.let(
+            Digest::MD5.hexdigest(dependencies.map do |dependency|
+                                    "#{dependency.name}-#{dependency.removed? ? 'removed' : dependency.version}"
+                                  end.sort.join(",")).slice(0, 10),
+            T.nilable(String)
+          )
+        end
+      end
+    end
+  end
+end

data/lib/dependabot/pull_request_creator/branch_namer.rb

@@ -8,6 +8,7 @@ require "dependabot/metadata_finders"
 require "dependabot/pull_request_creator"
 require "dependabot/pull_request_creator/branch_namer/solo_strategy"
 require "dependabot/pull_request_creator/branch_namer/dependency_group_strategy"
+require "dependabot/pull_request_creator/branch_namer/multi_ecosystem_strategy"
 
 module Dependabot
   class PullRequestCreator
@@ -38,6 +39,9 @@ module Dependabot
       sig { returns(T::Boolean) }
       attr_reader :includes_security_fixes
 
+      sig { returns(T.nilable(String)) }
+      attr_reader :multi_ecosystem_name
+
       sig do
         params(
           dependencies: T::Array[Dependabot::Dependency],
@@ -47,12 +51,13 @@ module Dependabot
           separator: String,
           prefix: String,
           max_length: T.nilable(Integer),
-          includes_security_fixes: T::Boolean
+          includes_security_fixes: T::Boolean,
+          multi_ecosystem_name: T.nilable(String)
         )
           .void
       end
       def initialize(dependencies:, files:, target_branch:, dependency_group: nil, separator: "/",
-                     prefix: "dependabot", max_length: nil, includes_security_fixes: false)
+                     prefix: "dependabot", max_length: nil, includes_security_fixes: false, multi_ecosystem_name: nil)
         @dependencies  = dependencies
         @files         = files
         @target_branch = target_branch
@@ -61,6 +66,7 @@ module Dependabot
         @prefix        = prefix
         @max_length    = max_length
         @includes_security_fixes = includes_security_fixes
+        @multi_ecosystem_name = multi_ecosystem_name
       end
 
       sig { returns(String) }
@@ -73,30 +79,56 @@ module Dependabot
       sig { returns(Dependabot::PullRequestCreator::BranchNamer::Base) }
       def strategy
         @strategy ||= T.let(
-          if dependency_group.nil?
-            SoloStrategy.new(
-              dependencies: dependencies,
-              files: files,
-              target_branch: target_branch,
-              separator: separator,
-              prefix: prefix,
-              max_length: max_length
-            )
+          if multi_ecosystem_name
+            build_multi_ecosystem_strategy
+          elsif dependency_group.nil?
+            build_solo_strategy
           else
-            DependencyGroupStrategy.new(
-              dependencies: dependencies,
-              files: files,
-              target_branch: target_branch,
-              dependency_group: T.must(dependency_group),
-              includes_security_fixes: includes_security_fixes,
-              separator: separator,
-              prefix: prefix,
-              max_length: max_length
-            )
+            build_dependency_group_strategy
           end,
           T.nilable(Dependabot::PullRequestCreator::BranchNamer::Base)
         )
       end
+
+      sig { returns(Dependabot::PullRequestCreator::BranchNamer::MultiEcosystemStrategy) }
+      def build_multi_ecosystem_strategy
+        MultiEcosystemStrategy.new(
+          dependencies: dependencies,
+          files: files,
+          target_branch: target_branch,
+          includes_security_fixes: includes_security_fixes,
+          separator: separator,
+          prefix: prefix,
+          max_length: max_length,
+          multi_ecosystem_name: T.must(multi_ecosystem_name)
+        )
+      end
+
+      sig { returns(Dependabot::PullRequestCreator::BranchNamer::SoloStrategy) }
+      def build_solo_strategy
+        SoloStrategy.new(
+          dependencies: dependencies,
+          files: files,
+          target_branch: target_branch,
+          separator: separator,
+          prefix: prefix,
+          max_length: max_length
+        )
+      end
+
+      sig { returns(Dependabot::PullRequestCreator::BranchNamer::DependencyGroupStrategy) }
+      def build_dependency_group_strategy
+        DependencyGroupStrategy.new(
+          dependencies: dependencies,
+          files: files,
+          target_branch: target_branch,
+          dependency_group: T.must(dependency_group),
+          includes_security_fixes: includes_security_fixes,
+          separator: separator,
+          prefix: prefix,
+          max_length: max_length
+        )
+      end
     end
   end
 end

data/lib/dependabot/utils.rb

@@ -2,7 +2,6 @@
 # frozen_string_literal: true
 
 require "tmpdir"
-require "set"
 require "sorbet-runtime"
 
 require "dependabot/requirement"

data/lib/dependabot.rb

@@ -2,5 +2,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.314.0"
+  VERSION = "0.315.0"
 end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-common
 version: !ruby/object:Gem::Version
-  version: 0.314.0
+  version: 0.315.0
 platform: ruby
 authors:
 - Dependabot
 bindir: bin
 cert_chain: []
-date: 2025-05-22 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-codecommit
@@ -91,14 +91,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.109'
+        version: '1.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.109'
+        version: '1.2'
 - !ruby/object:Gem::Dependency
   name: faraday
   requirement: !ruby/object:Gem::Requirement
@@ -225,6 +225,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.3'
+- !ruby/object:Gem::Dependency
+  name: ostruct
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
 - !ruby/object:Gem::Dependency
   name: parser
   requirement: !ruby/object:Gem::Requirement
@@ -569,6 +583,7 @@ files:
 - lib/dependabot/pull_request_creator/branch_namer.rb
 - lib/dependabot/pull_request_creator/branch_namer/base.rb
 - lib/dependabot/pull_request_creator/branch_namer/dependency_group_strategy.rb
+- lib/dependabot/pull_request_creator/branch_namer/multi_ecosystem_strategy.rb
 - lib/dependabot/pull_request_creator/branch_namer/solo_strategy.rb
 - lib/dependabot/pull_request_creator/codecommit.rb
 - lib/dependabot/pull_request_creator/commit_signer.rb
@@ -610,7 +625,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.314.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.315.0
 rdoc_options: []
 require_paths:
 - lib
@@ -618,14 +633,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 3.1.0
+      version: 3.3.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: 3.3.7
 requirements: []
-rubygems_version: 3.6.3
+rubygems_version: 3.6.9
 specification_version: 4
 summary: Shared code used across Dependabot Core
 test_files: []