dependabot-deno 0.374.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: ec6066d4076a76e3d341894a983e26ee507fdeba5d5b6b64dcb24fe01ffc05e6
+  data.tar.gz: e3763f86ce236ceae251ba9ab0c161b6eca6aaf27a9d751ac1e7eed9c5966493
+SHA512:
+  metadata.gz: ddb2bb058df3aeceaa8212feea1f922b41a35bd5c96c8ad4f201be1015d54a4c8858cc5002cd491c483b6484750753bc80a7da3d13bf7104a4dc44281f317a2c
+  data.tar.gz: c58c39f8f1e91219d894cac7f61d4362c5872c576b533b17b2061a4d6dba38aa4a12b34818ec3085ce33975fdca2d199def91f224f128f73126cde2ef56d19ec

data/lib/dependabot/deno/file_fetcher.rb

@@ -0,0 +1,70 @@
+# typed: strong
+# frozen_string_literal: true
+
+require "dependabot/file_fetchers"
+require "dependabot/file_fetchers/base"
+
+module Dependabot
+  module Deno
+    class FileFetcher < Dependabot::FileFetchers::Base
+      extend T::Sig
+
+      MANIFEST_FILENAMES = T.let(%w(deno.json deno.jsonc).freeze, T::Array[String])
+
+      sig { override.returns(String) }
+      def self.required_files_message
+        "Repo must contain a deno.json or deno.jsonc."
+      end
+
+      sig { override.params(filenames: T::Array[String]).returns(T::Boolean) }
+      def self.required_files_in?(filenames)
+        filenames.any? { |f| MANIFEST_FILENAMES.include?(f) }
+      end
+
+      sig { override.returns(T::Array[DependencyFile]) }
+      def fetch_files
+        unless allow_beta_ecosystems?
+          raise Dependabot::DependencyFileNotFound.new(
+            nil,
+            "Deno ecosystem support is in beta. Set enable-beta-ecosystems to use it."
+          )
+        end
+
+        fetched_files = []
+        fetched_files << manifest_file
+        fetched_files << lockfile if lockfile
+        fetched_files
+      end
+
+      sig { override.returns(T.nilable(T::Hash[Symbol, T.untyped])) }
+      def ecosystem_versions
+        nil
+      end
+
+      private
+
+      sig { returns(DependencyFile) }
+      def manifest_file
+        @manifest_file ||= T.let(
+          begin
+            file = MANIFEST_FILENAMES.filter_map { |f| fetch_file_if_present(f) }.first
+            raise Dependabot::DependencyFileNotFound.new(nil, self.class.required_files_message) unless file
+
+            file
+          end,
+          T.nilable(DependencyFile)
+        )
+      end
+
+      sig { returns(T.nilable(DependencyFile)) }
+      def lockfile
+        @lockfile ||= T.let(
+          fetch_file_if_present("deno.lock"),
+          T.nilable(DependencyFile)
+        )
+      end
+    end
+  end
+end
+
+Dependabot::FileFetchers.register("deno", Dependabot::Deno::FileFetcher)

data/lib/dependabot/deno/file_parser.rb

@@ -0,0 +1,151 @@
+# typed: strict
+# frozen_string_literal: true
+
+require "json"
+require "dependabot/dependency"
+require "dependabot/file_parsers"
+require "dependabot/file_parsers/base"
+require "dependabot/deno/version"
+
+module Dependabot
+  module Deno
+    class FileParser < Dependabot::FileParsers::Base
+      extend T::Sig
+
+      ECOSYSTEM = "deno"
+      MANIFEST_FILENAMES = T.let(%w(deno.json deno.jsonc).freeze, T::Array[String])
+
+      # Matches jsr:@scope/name[@constraint][/subpath] or npm:[@scope/]name[@constraint][/subpath]
+      # Constraint and subpath are both optional per Deno's specifier format.
+      JSR_SPECIFIER = %r{\Ajsr:(?<name>@[^@/]+/[^@/]+)(?:@(?<constraint>[^/]+))?(?:/[^\s]*)?\z}
+      NPM_SPECIFIER = %r{\Anpm:(?<name>(?:@[^/]+/)?[^@/]+)(?:@(?<constraint>[^/]+))?(?:/[^\s]*)?\z}
+
+      # Matches either a JSON string literal (with escapes), a line comment, a
+      # block comment, or a trailing comma. The alternation lets gsub preserve
+      # strings while stripping the JSONC-only constructs, so e.g. "//" inside a
+      # URL value is not mistaken for the start of a comment.
+      JSONC_TOKEN = %r{
+        ("(?:\\.|[^"\\])*")    # JSON string literal
+        | //[^\n]*             # line comment
+        | /\*.*?\*/            # block comment
+        | ,(?=\s*[\}\]])       # trailing comma
+      }mx
+
+      sig { override.returns(T::Array[Dependabot::Dependency]) }
+      def parse
+        # Multiple import aliases can reference the same underlying package
+        # (e.g. "@std/path" and "@std/path/posix"). Keyed dedup by name +
+        # source type collapses those without merging across registries — our
+        # update checker only queries the first requirement's source, so
+        # mixing jsr+npm under one Dependency would silently miss updates.
+        # When the same name+source appears with different constraints, every
+        # constraint is preserved as a separate requirement entry so callers
+        # can update them all.
+        deps_by_key = {}
+
+        imports.each do |_alias_name, specifier|
+          dep = parse_specifier(specifier.to_s)
+          next unless dep
+
+          key = [dep.name, T.must(dep.requirements.first)[:source][:type]]
+          existing = deps_by_key[key]
+          deps_by_key[key] = if existing
+                               Dependabot::Dependency.new(
+                                 name: existing.name,
+                                 version: existing.version,
+                                 requirements: (existing.requirements + dep.requirements).uniq,
+                                 package_manager: existing.package_manager
+                               )
+                             else
+                               dep
+                             end
+        end
+
+        deps_by_key.values.sort_by(&:name)
+      end
+
+      private
+
+      sig { override.void }
+      def check_required_files
+        return if manifest_file
+
+        raise "No deno.json or deno.jsonc found!"
+      end
+
+      sig { returns(T::Hash[String, T.untyped]) }
+      def imports
+        parsed_manifest.fetch("imports", {})
+      end
+
+      sig { returns(T::Hash[String, T.untyped]) }
+      def parsed_manifest
+        @parsed_manifest ||= T.let(
+          parse_json_or_jsonc(T.must(manifest_file).content),
+          T.nilable(T::Hash[String, T.untyped])
+        )
+      end
+
+      sig { returns(T.nilable(DependencyFile)) }
+      def manifest_file
+        @manifest_file ||= T.let(
+          MANIFEST_FILENAMES.filter_map { |f| get_original_file(f) }.first,
+          T.nilable(DependencyFile)
+        )
+      end
+
+      sig { params(specifier: String).returns(T.nilable(Dependabot::Dependency)) }
+      def parse_specifier(specifier)
+        if (match = JSR_SPECIFIER.match(specifier))
+          build_dependency(
+            name: T.must(match[:name]),
+            constraint: match[:constraint],
+            source_type: "jsr"
+          )
+        elsif (match = NPM_SPECIFIER.match(specifier))
+          build_dependency(
+            name: T.must(match[:name]),
+            constraint: match[:constraint],
+            source_type: "npm"
+          )
+        end
+      end
+
+      sig { params(name: String, constraint: T.nilable(String), source_type: String).returns(Dependabot::Dependency) }
+      def build_dependency(name:, constraint:, source_type:)
+        version = constraint ? extract_version(constraint) : nil
+
+        Dependabot::Dependency.new(
+          name: name,
+          version: version,
+          requirements: [{
+            requirement: constraint,
+            file: T.must(manifest_file).name,
+            groups: ["imports"],
+            source: { type: source_type }
+          }],
+          package_manager: ECOSYSTEM
+        )
+      end
+
+      sig { params(constraint: String).returns(T.nilable(String)) }
+      def extract_version(constraint)
+        version_str = constraint.sub(/\A[~^>=<!\s]+/, "")
+        return version_str if Deno::Version.correct?(version_str)
+
+        nil
+      end
+
+      sig { params(content: T.nilable(String)).returns(T::Hash[String, T.untyped]) }
+      def parse_json_or_jsonc(content)
+        return {} unless content
+
+        cleaned = content.gsub(JSONC_TOKEN) { ::Regexp.last_match(1) || "" }
+
+        JSON.parse(cleaned)
+      end
+    end
+  end
+end
+
+Dependabot::FileParsers.register("deno", Dependabot::Deno::FileParser)

data/lib/dependabot/deno/file_updater.rb

@@ -0,0 +1,66 @@
+# typed: strict
+# frozen_string_literal: true
+
+require "dependabot/file_updaters"
+require "dependabot/file_updaters/base"
+
+module Dependabot
+  module Deno
+    class FileUpdater < Dependabot::FileUpdaters::Base
+      extend T::Sig
+
+      MANIFEST_FILENAMES = T.let(%w(deno.json deno.jsonc).freeze, T::Array[String])
+
+      sig { override.returns(T::Array[Dependabot::DependencyFile]) }
+      def updated_dependency_files
+        updated_files = []
+
+        dependency_files.each do |file|
+          next unless MANIFEST_FILENAMES.include?(file.name)
+
+          new_content = update_manifest_content(file)
+          next if new_content == file.content
+
+          updated_files << updated_file(file: file, content: new_content)
+        end
+
+        updated_files
+      end
+
+      private
+
+      sig { override.void }
+      def check_required_files
+        return if dependency_files.any? { |f| MANIFEST_FILENAMES.include?(f.name) }
+
+        raise "No deno.json or deno.jsonc found!"
+      end
+
+      sig { params(file: Dependabot::DependencyFile).returns(String) }
+      def update_manifest_content(file)
+        content = T.must(file.content)
+
+        dependencies.each do |dep|
+          prev_reqs = dep.previous_requirements&.select { |r| r[:file] == file.name } || []
+          new_reqs = dep.requirements.select { |r| r[:file] == file.name }
+
+          prev_reqs.zip(new_reqs).each do |prev_req, new_req|
+            source_type = prev_req[:source][:type]
+            prev_req_str = prev_req[:requirement]
+            new_req_str = T.must(new_req)[:requirement]
+
+            base = "#{source_type}:#{dep.name}"
+            old_specifier = prev_req_str ? "#{base}@#{prev_req_str}" : base
+            new_specifier = "#{base}@#{new_req_str}"
+
+            content = content.gsub(%r{#{Regexp.escape(old_specifier)}(?=["/])}, new_specifier)
+          end
+        end
+
+        content
+      end
+    end
+  end
+end
+
+Dependabot::FileUpdaters.register("deno", Dependabot::Deno::FileUpdater)

data/lib/dependabot/deno/metadata_finder.rb

@@ -0,0 +1,52 @@
+# typed: strict
+# frozen_string_literal: true
+
+require "json"
+require "dependabot/metadata_finders"
+require "dependabot/metadata_finders/base"
+require "dependabot/registry_client"
+
+module Dependabot
+  module Deno
+    class MetadataFinder < Dependabot::MetadataFinders::Base
+      extend T::Sig
+
+      private
+
+      sig { override.returns(T.nilable(Dependabot::Source)) }
+      def look_up_source
+        source_type = dependency.requirements.first&.dig(:source, :type)
+
+        case source_type
+        when "npm"
+          find_source_from_npm
+        when "jsr"
+          find_source_from_jsr
+        end
+      end
+
+      sig { returns(T.nilable(Dependabot::Source)) }
+      def find_source_from_npm
+        response = Dependabot::RegistryClient.get(
+          url: "https://registry.npmjs.org/#{dependency.name}"
+        )
+        data = JSON.parse(response.body)
+
+        repo = data.dig("repository", "url")
+        return nil unless repo
+
+        Source.from_url(repo)
+      rescue JSON::ParserError, Excon::Error::Timeout, Excon::Error::Socket
+        nil
+      end
+
+      sig { returns(T.nilable(Dependabot::Source)) }
+      def find_source_from_jsr
+        # JSR meta.json doesn't include repository info directly
+        nil
+      end
+    end
+  end
+end
+
+Dependabot::MetadataFinders.register("deno", Dependabot::Deno::MetadataFinder)

data/lib/dependabot/deno/package/package_details_fetcher.rb

@@ -0,0 +1,104 @@
+# typed: strict
+# frozen_string_literal: true
+
+require "json"
+require "time"
+require "sorbet-runtime"
+require "dependabot/registry_client"
+require "dependabot/package/package_release"
+require "dependabot/deno/version"
+
+module Dependabot
+  module Deno
+    module Package
+      class PackageDetailsFetcher
+        extend T::Sig
+
+        sig do
+          params(
+            dependency: Dependabot::Dependency
+          ).void
+        end
+        def initialize(dependency:)
+          @dependency = dependency
+        end
+
+        sig { returns(T::Array[Dependabot::Package::PackageRelease]) }
+        def available_versions
+          source_type = dependency.requirements.first&.dig(:source, :type)
+
+          case source_type
+          when "jsr"
+            fetch_jsr_releases
+          when "npm"
+            fetch_npm_releases
+          else
+            []
+          end
+        end
+
+        private
+
+        sig { returns(Dependabot::Dependency) }
+        attr_reader :dependency
+
+        sig { returns(T::Array[Dependabot::Package::PackageRelease]) }
+        def fetch_jsr_releases
+          name = dependency.name
+          url = "https://jsr.io/#{name}/meta.json"
+
+          response = Dependabot::RegistryClient.get(url: url)
+          data = JSON.parse(response.body)
+
+          data.fetch("versions", {}).filter_map do |version_str, meta|
+            next unless Deno::Version.correct?(version_str)
+
+            yanked = meta.is_a?(Hash) && meta["yanked"] == true
+            released_at = parse_time(meta["createdAt"]) if meta.is_a?(Hash)
+
+            Dependabot::Package::PackageRelease.new(
+              version: Deno::Version.new(version_str),
+              released_at: released_at,
+              yanked: yanked
+            )
+          end
+        rescue JSON::ParserError, Excon::Error::Timeout, Excon::Error::Socket
+          []
+        end
+
+        sig { returns(T::Array[Dependabot::Package::PackageRelease]) }
+        def fetch_npm_releases
+          name = dependency.name
+          url = "https://registry.npmjs.org/#{name}"
+
+          response = Dependabot::RegistryClient.get(url: url)
+          data = JSON.parse(response.body)
+
+          time_data = data.fetch("time", {})
+
+          data.fetch("versions", {}).filter_map do |version_str, _meta|
+            next unless Deno::Version.correct?(version_str)
+
+            released_at = parse_time(time_data[version_str])
+
+            Dependabot::Package::PackageRelease.new(
+              version: Deno::Version.new(version_str),
+              released_at: released_at
+            )
+          end
+        rescue JSON::ParserError, Excon::Error::Timeout, Excon::Error::Socket
+          []
+        end
+
+        sig { params(time_str: T.nilable(String)).returns(T.nilable(Time)) }
+        def parse_time(time_str)
+          return nil unless time_str
+
+          Time.parse(time_str)
+        rescue ArgumentError
+          nil
+        end
+      end
+    end
+  end
+end

data/lib/dependabot/deno/requirement.rb

@@ -0,0 +1,74 @@
+# typed: strict
+# frozen_string_literal: true
+
+require "sorbet-runtime"
+require "dependabot/requirement"
+require "dependabot/utils"
+require "dependabot/deno/version"
+
+# Deno uses npm-style semver constraints for both jsr: and npm: specifiers.
+# Supported operators: ^, ~, >=, >, <=, <, =, exact version
+
+module Dependabot
+  module Deno
+    class Requirement < Dependabot::Requirement
+      extend T::Sig
+
+      sig { override.params(requirement_string: T.nilable(String)).returns(T::Array[Requirement]) }
+      def self.requirements_array(requirement_string)
+        return [new(nil)] if requirement_string.nil?
+
+        [new(requirement_string)]
+      end
+
+      sig { params(requirements: T.nilable(T.any(String, T::Array[String]))).void }
+      def initialize(*requirements)
+        requirements = requirements.flatten.compact.flat_map do |req_string|
+          req_string.split(",").map(&:strip).map do |r|
+            convert_deno_constraint_to_ruby_constraint(r.strip)
+          end
+        end
+        requirements = [">= 0"] if requirements.empty?
+        super(requirements)
+      end
+
+      private
+
+      sig { params(req_string: String).returns(T.any(String, T::Array[String])) }
+      def convert_deno_constraint_to_ruby_constraint(req_string)
+        if req_string.match?(/^\^/) then convert_caret_req(req_string)
+        elsif req_string.match?(/^~[^>]/) then convert_tilde_req(req_string)
+        elsif req_string.match?(/[<=>]/) then req_string
+        else
+          "= #{req_string}"
+        end
+      end
+
+      sig { params(req_string: String).returns(String) }
+      def convert_tilde_req(req_string)
+        version = req_string.gsub(/^~/, "")
+        "~> #{version}"
+      end
+
+      sig { params(req_string: String).returns(T::Array[String]) }
+      def convert_caret_req(req_string)
+        version = req_string.gsub(/^\^/, "")
+        parts = version.split(".")
+        first_non_zero = parts.find { |d| d != "0" }
+        first_non_zero_index =
+          first_non_zero ? parts.index(first_non_zero) : parts.count - 1
+        upper_bound = parts.map.with_index do |part, i|
+          if i < T.must(first_non_zero_index) then part
+          elsif i == first_non_zero_index then (part.to_i + 1).to_s
+          else
+            0
+          end
+        end.join(".")
+
+        [">= #{version}", "< #{upper_bound}"]
+      end
+    end
+  end
+end
+
+Dependabot::Utils.register_requirement_class("deno", Dependabot::Deno::Requirement)

data/lib/dependabot/deno/update_checker/latest_version_finder.rb

@@ -0,0 +1,33 @@
+# typed: strong
+# frozen_string_literal: true
+
+require "sorbet-runtime"
+require "dependabot/package/package_latest_version_finder"
+require "dependabot/package/package_details"
+require "dependabot/deno/update_checker"
+require "dependabot/deno/package/package_details_fetcher"
+
+module Dependabot
+  module Deno
+    class UpdateChecker < Dependabot::UpdateCheckers::Base
+      class LatestVersionFinder < Dependabot::Package::PackageLatestVersionFinder
+        extend T::Sig
+
+        private
+
+        sig { override.returns(T.nilable(Dependabot::Package::PackageDetails)) }
+        def package_details
+          @package_details ||= T.let(
+            Dependabot::Package::PackageDetails.new(
+              dependency: dependency,
+              releases: Package::PackageDetailsFetcher.new(
+                dependency: dependency
+              ).available_versions
+            ),
+            T.nilable(Dependabot::Package::PackageDetails)
+          )
+        end
+      end
+    end
+  end
+end

data/lib/dependabot/deno/update_checker.rb

@@ -0,0 +1,94 @@
+# typed: strict
+# frozen_string_literal: true
+
+require "dependabot/update_checkers"
+require "dependabot/update_checkers/base"
+require "dependabot/deno/version"
+require "dependabot/deno/requirement"
+
+module Dependabot
+  module Deno
+    class UpdateChecker < Dependabot::UpdateCheckers::Base
+      extend T::Sig
+
+      require_relative "update_checker/latest_version_finder"
+
+      sig { override.returns(T.nilable(T.any(String, Gem::Version))) }
+      def latest_version
+        latest_version_finder.latest_version
+      end
+
+      sig { override.returns(T.nilable(T.any(String, Gem::Version))) }
+      def latest_resolvable_version
+        latest_version
+      end
+
+      sig { override.returns(T.nilable(String)) }
+      def latest_resolvable_version_with_no_unlock
+        dependency.version
+      end
+
+      sig { override.returns(T::Array[T::Hash[Symbol, T.untyped]]) }
+      def updated_requirements
+        return dependency.requirements unless latest_version
+
+        dependency.requirements.map do |req|
+          req.merge(requirement: updated_constraint(req[:requirement]))
+        end
+      end
+
+      private
+
+      sig { override.returns(T::Boolean) }
+      def latest_version_resolvable_with_full_unlock?
+        false
+      end
+
+      sig { override.returns(T::Array[Dependabot::Dependency]) }
+      def updated_dependencies_after_full_unlock
+        []
+      end
+
+      sig { returns(LatestVersionFinder) }
+      def latest_version_finder
+        @latest_version_finder ||= T.let(
+          LatestVersionFinder.new(
+            dependency: dependency,
+            dependency_files: dependency_files,
+            credentials: credentials,
+            ignored_versions: ignored_versions,
+            security_advisories: security_advisories,
+            cooldown_options: update_cooldown
+          ),
+          T.nilable(LatestVersionFinder)
+        )
+      end
+
+      sig { params(old_constraint: T.nilable(String)).returns(String) }
+      def updated_constraint(old_constraint)
+        return latest_version.to_s unless old_constraint
+
+        latest = latest_version
+        return old_constraint unless latest
+
+        if old_constraint.start_with?("^")
+          "^#{latest}"
+        elsif old_constraint.start_with?("~")
+          "~#{latest}"
+        elsif old_constraint.start_with?("=")
+          "=#{latest}"
+        elsif old_constraint.match?(/\A[><]/)
+          # Range constraints (>=, <=, <, >, and compound ranges like
+          # ">=1.0.0 <2.0.0") are intentionally left unchanged. Updating
+          # range bounds requires resolving the new version against the
+          # full range and is deferred to a follow-up.
+          old_constraint
+        else
+          latest.to_s
+        end
+      end
+    end
+  end
+end
+
+Dependabot::UpdateCheckers.register("deno", Dependabot::Deno::UpdateChecker)

data/lib/dependabot/deno/version.rb

@@ -0,0 +1,57 @@
+# typed: strict
+# frozen_string_literal: true
+
+require "dependabot/version"
+require "dependabot/utils"
+require "sorbet-runtime"
+
+# Deno uses semver for both jsr: and npm: specifiers.
+# Build metadata (e.g. 1.0.0+build) is preserved but ignored in comparisons.
+
+module Dependabot
+  module Deno
+    class Version < Dependabot::Version
+      extend T::Sig
+
+      VERSION_PATTERN = T.let(Gem::Version::VERSION_PATTERN + '(\+[0-9a-zA-Z\-.]+)?', String)
+      ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/
+
+      sig { returns(T.nilable(String)) }
+      attr_reader :build_info
+
+      sig { override.params(version: VersionParameter).returns(T::Boolean) }
+      def self.correct?(version)
+        return false if version.nil?
+
+        version.to_s.match?(ANCHORED_VERSION_PATTERN)
+      end
+
+      sig { override.params(version: VersionParameter).void }
+      def initialize(version)
+        @version_string = T.let(version.to_s, String)
+        @build_info = T.let(nil, T.nilable(String))
+
+        version, @build_info = version.to_s.split("+") if version.to_s.include?("+")
+
+        super(T.must(version))
+      end
+
+      sig { override.params(version: VersionParameter).returns(Dependabot::Deno::Version) }
+      def self.new(version)
+        T.cast(super, Dependabot::Deno::Version)
+      end
+
+      sig { override.returns(String) }
+      def to_s
+        @version_string
+      end
+
+      sig { override.returns(String) }
+      def inspect
+        "#<#{self.class} #{@version_string}>"
+      end
+    end
+  end
+end
+
+Dependabot::Utils.register_version_class("deno", Dependabot::Deno::Version)

data/lib/dependabot/deno.rb

@@ -0,0 +1,23 @@
+# typed: strong
+# frozen_string_literal: true
+
+# These all need to be required so the various classes can be registered in a
+# lookup table of package manager names to concrete classes.
+require "dependabot/deno/file_fetcher"
+require "dependabot/deno/file_parser"
+require "dependabot/deno/update_checker"
+require "dependabot/deno/file_updater"
+require "dependabot/deno/metadata_finder"
+require "dependabot/deno/package/package_details_fetcher"
+require "dependabot/deno/version"
+require "dependabot/deno/requirement"
+
+require "dependabot/pull_request_creator/labeler"
+Dependabot::PullRequestCreator::Labeler
+  .register_label_details("deno", name: "deno", colour: "70ffaf")
+
+require "dependabot/dependency"
+# Deno's import map has no dev/prod distinction (no devDependencies equivalent),
+# so every import is treated as production. If a future deno.json schema adds
+# a way to mark dev-only or test-only imports, this check should consult groups.
+Dependabot::Dependency.register_production_check("deno", ->(_) { true })

metadata

@@ -0,0 +1,277 @@
+--- !ruby/object:Gem::Specification
+name: dependabot-deno
+version: !ruby/object:Gem::Version
+  version: 0.374.0
+platform: ruby
+authors:
+- Dependabot
+bindir: bin
+cert_chain: []
+date: 1980-01-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: dependabot-common
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.374.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.374.0
+- !ruby/object:Gem::Dependency
+  name: debug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+- !ruby/object:Gem::Dependency
+  name: gpgme
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.2'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.12'
+- !ruby/object:Gem::Dependency
+  name: rspec-its
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: rspec-sorbet
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.80'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.80'
+- !ruby/object:Gem::Dependency
+  name: rubocop-performance
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.26'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.26'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.7'
+- !ruby/object:Gem::Dependency
+  name: rubocop-sorbet
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.10'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.10'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.22'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.22'
+- !ruby/object:Gem::Dependency
+  name: turbo_tests
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.2.5
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.2.5
+- !ruby/object:Gem::Dependency
+  name: vcr
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.1'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.25'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.25'
+- !ruby/object:Gem::Dependency
+  name: webrick
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+description: Dependabot-Deno provides support for bumping Deno dependencies via Dependabot.
+  If you want support for multiple package managers, you probably want the meta-gem
+  dependabot-omnibus.
+email: opensource@github.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/dependabot/deno.rb
+- lib/dependabot/deno/file_fetcher.rb
+- lib/dependabot/deno/file_parser.rb
+- lib/dependabot/deno/file_updater.rb
+- lib/dependabot/deno/metadata_finder.rb
+- lib/dependabot/deno/package/package_details_fetcher.rb
+- lib/dependabot/deno/requirement.rb
+- lib/dependabot/deno/update_checker.rb
+- lib/dependabot/deno/update_checker/latest_version_finder.rb
+- lib/dependabot/deno/version.rb
+homepage: https://github.com/dependabot/dependabot-core
+licenses:
+- MIT
+metadata:
+  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.374.0
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.3.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.3.0
+requirements: []
+rubygems_version: 3.7.2
+specification_version: 4
+summary: Provides Dependabot support for Deno
+test_files: []