dependabot-julia 0.345.0 → 0.347.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 02efc3b82fb7c50bf4945d9d8fc1c182924291ade81c7d0cc1d3b6295fed571a
-  data.tar.gz: 510ce71c0afa7f170f881367d5e97d7029b9169c2e28f8e70da5cd523ffe0b27
+  metadata.gz: 14960a6b1a395b60434d2ddc4aafec6dee23e5d49e1309d4b04f0f04818e9553
+  data.tar.gz: 19a4591beda7d2324c3f0d09404d7b2d3f4d9cdd80f149c153ba87a01b97285b
 SHA512:
-  metadata.gz: 8d8e2c00e1714dfe6f7e904c34e9483133c676afb133791702232eff2271fd50864a10b806631a0902eca7635f28641b32d0b81aef5949cdc841425086f5ac00
-  data.tar.gz: 35c245e66ef6a082d3e55b24ff9a014cec2cb3c67cfd59a8b29ed61e6d74bceb0f178401b152b5e2c18dd2c65ce33633ec8c8d2084770a1bda89b331166af681
+  metadata.gz: b4e63549d50c0163d37ad13847d653194a046c3734771b0d923153136dbfba163af83a46a8523ebf01034e0eaafabd67269a136d903702add09be953baacb482
+  data.tar.gz: a0bfd78e85d9a2146d64c412afe8302929d5a6ab5d722658edb665948819f868ddcf043e9f9a524e1458d95668e636df0ad79d09765f97b2a2f51621301078e7

data/lib/dependabot/julia/file_fetcher.rb

@@ -3,6 +3,9 @@
 
 require "dependabot/file_fetchers"
 require "dependabot/file_fetchers/base"
+require "dependabot/julia/registry_client"
+require "dependabot/shared_helpers"
+require "pathname"
 
 module Dependabot
   module Julia
@@ -22,38 +25,50 @@ module Dependabot
         # Julia is currently in beta - only fetch files if beta ecosystems are enabled
         return [] unless allow_beta_ecosystems?
 
-        fetched_files = []
+        # Clone the repository temporarily to let Julia helper identify the correct files
+        SharedHelpers.in_a_temporary_repo_directory(directory, repo_contents_path) do |temp_dir|
+          fetch_files_using_julia_helper(temp_dir)
+        end
+      end
 
-        # Fetch the main project file (Project.toml or JuliaProject.toml)
-        fetched_files << project_file
+      private
 
-        # Fetch the Manifest file if it exists
-        fetched_files << manifest_file if manifest_file
+      sig { params(temp_dir: T.any(Pathname, String)).returns(T::Array[Dependabot::DependencyFile]) }
+      def fetch_files_using_julia_helper(temp_dir)
+        # Use Julia helper to identify the correct environment files
+        env_files = registry_client.find_environment_files(temp_dir.to_s)
 
-        fetched_files
-      end
+        if env_files.empty? || !env_files["project_file"]
+          raise Dependabot::DependencyFileNotFound, "No Project.toml or JuliaProject.toml found."
+        end
 
-      private
+        fetched_files = []
 
-      sig { returns(Dependabot::DependencyFile) }
-      def project_file
-        @project_file ||= T.let(
-          fetch_file_if_present("Project.toml") ||
-          fetch_file_if_present("JuliaProject.toml") ||
-          raise(
-            Dependabot::DependencyFileNotFound,
-            "No Project.toml or JuliaProject.toml found."
-          ),
-          T.nilable(Dependabot::DependencyFile)
-        )
+        # Fetch the project file identified by Julia helper
+        project_path = T.must(env_files["project_file"])
+        project_filename = File.basename(project_path)
+        fetched_files << fetch_file_from_host(project_filename)
+
+        # Fetch the manifest file if Julia helper found one
+        manifest_path = env_files["manifest_file"]
+        if manifest_path && !manifest_path.empty?
+          # Calculate relative path from project to manifest
+          project_dir = File.dirname(project_path)
+          manifest_relative = Pathname.new(manifest_path).relative_path_from(Pathname.new(project_dir)).to_s
+
+          # Fetch manifest (handles workspace cases where manifest is in parent directory)
+          manifest_file = fetch_file_if_present(manifest_relative)
+          fetched_files << manifest_file if manifest_file
+        end
+
+        fetched_files
       end
 
-      sig { returns(T.nilable(Dependabot::DependencyFile)) }
-      def manifest_file
-        @manifest_file ||= T.let(
-          fetch_file_if_present("Manifest.toml") ||
-                                     fetch_file_if_present("JuliaManifest.toml"),
-          T.nilable(Dependabot::DependencyFile)
+      sig { returns(Dependabot::Julia::RegistryClient) }
+      def registry_client
+        @registry_client ||= T.let(
+          Dependabot::Julia::RegistryClient.new(credentials: credentials),
+          T.nilable(Dependabot::Julia::RegistryClient)
         )
       end
     end

data/lib/dependabot/julia/file_parser.rb

@@ -1,7 +1,6 @@
 # typed: strict
 # frozen_string_literal: true
 
-require "toml-rb"
 require "tempfile"
 require "fileutils"
 require "dependabot/dependency"
@@ -35,8 +34,6 @@ module Dependabot
         options: {}
       )
         super
-        @parsed_project_file = T.let(nil, T.nilable(T::Hash[String, T.untyped]))
-        @parsed_manifest_file = T.let(nil, T.nilable(T::Hash[String, T.untyped]))
         @registry_client = T.let(nil, T.nilable(Dependabot::Julia::RegistryClient))
         @custom_registries = T.let(nil, T.nilable(T::Array[T::Hash[Symbol, T.untyped]]))
         @temp_dir = T.let(nil, T.nilable(String))
@@ -76,21 +73,11 @@ module Dependabot
       sig { returns(String) }
       def write_temp_project_file
         @temp_dir ||= Dir.mktmpdir("julia_project")
-        project_path = File.join(@temp_dir, "Project.toml")
+        project_path = File.join(@temp_dir, T.must(project_file).name)
         File.write(project_path, T.must(project_file).content)
         project_path
       end
 
-      sig { returns(T.nilable(String)) }
-      def write_temp_manifest_file
-        return nil unless manifest_file
-
-        @temp_dir ||= Dir.mktmpdir("julia_project")
-        manifest_path = File.join(@temp_dir, "Manifest.toml")
-        File.write(manifest_path, T.must(manifest_file).content)
-        manifest_path
-      end
-
       sig { returns(T::Array[Dependabot::Dependency]) }
       def project_file_dependencies
         dependencies = T.let([], T::Array[Dependabot::Dependency])
@@ -98,22 +85,11 @@ module Dependabot
 
         # Use DependabotHelper.jl for project parsing
         project_path = write_temp_project_file
-        manifest_path = write_temp_manifest_file if manifest_file
 
         begin
-          result = registry_client.parse_project(
-            project_path: project_path,
-            manifest_path: manifest_path
-          )
+          result = registry_client.parse_project(project_path: project_path)
 
-          if result["error"]
-            # Fallback to Ruby TOML parsing if Julia helper fails
-            Dependabot.logger.warn(
-              "DependabotHelper.jl parsing failed: #{result['error']}, " \
-              "falling back to Ruby parsing"
-            )
-            return fallback_project_file_dependencies
-          end
+          raise Dependabot::DependencyFileNotParseable, result["error"] if result["error"]
 
           # Convert DependabotHelper.jl result to Dependabot::Dependency objects
           dependencies = build_dependencies_from_julia_result(result)
@@ -128,104 +104,47 @@ module Dependabot
       sig { params(result: T::Hash[String, T.untyped]).returns(T::Array[Dependabot::Dependency]) }
       def build_dependencies_from_julia_result(result)
         dependencies = T.let([], T::Array[Dependabot::Dependency])
-        parsed_deps = T.cast(result["dependencies"] || [], T::Array[T.untyped])
 
-        parsed_deps.each do |dep_info|
-          dep_hash = T.cast(dep_info, T::Hash[String, T.untyped])
-          name = T.cast(dep_hash["name"], String)
-          uuid = T.cast(dep_hash["uuid"], T.nilable(String))
-          requirement_string = T.cast(dep_hash["requirement"] || "*", String)
-          resolved_version = T.cast(dep_hash["resolved_version"], T.nilable(String))
+        # Process dependencies and weak dependencies (matching CompatHelper.jl behavior)
+        # Note: We don't process dev_dependencies/extras to match CompatHelper.jl
+        parsed_deps = T.cast(result["dependencies"] || [], T::Array[T.untyped])
+        dependencies.concat(build_dependencies_from_dep_list(parsed_deps, ["deps"]))
 
-          # Skip Julia version requirement
-          next if name == "julia"
-
-          dependencies << Dependabot::Dependency.new(
-            name: name,
-            version: resolved_version,
-            requirements: [{
-              requirement: requirement_string,
-              file: T.must(project_file).name,
-              groups: ["runtime"],
-              source: nil
-            }],
-            package_manager: "julia",
-            metadata: uuid ? { julia_uuid: uuid } : {}
-          )
-        end
+        parsed_weak_deps = T.cast(result["weak_dependencies"] || [], T::Array[T.untyped])
+        dependencies.concat(build_dependencies_from_dep_list(parsed_weak_deps, ["weakdeps"]))
 
         dependencies
       end
 
-      # Fallback method using Ruby TOML parsing
-      sig { returns(T::Array[Dependabot::Dependency]) }
-      def fallback_project_file_dependencies
-        dependencies = T.let([], T::Array[Dependabot::Dependency])
-
-        parsed_project = parsed_project_file
-        deps_section = T.cast(parsed_project["deps"] || {}, T::Hash[String, T.untyped])
-        compat_section = T.cast(parsed_project["compat"] || {}, T::Hash[String, T.untyped])
-
-        deps_section.each do |name, _uuid|
+      sig do
+        params(
+          dep_list: T::Array[T.untyped],
+          groups: T::Array[String]
+        ).returns(T::Array[Dependabot::Dependency])
+      end
+      def build_dependencies_from_dep_list(dep_list, groups)
+        dep_list.filter_map do |dep_info|
+          dep_hash = T.cast(dep_info, T::Hash[String, T.untyped])
+          name = T.cast(dep_hash["name"], String)
           next if name == "julia" # Skip Julia version requirement
 
-          # Get the version requirement from compat section, default to "*" if not specified
-          requirement_string = T.cast(compat_section[name] || "*", String)
-
-          # Get the exact version from Manifest.toml if available
-          exact_version = version_from_manifest(name)
+          uuid = T.cast(dep_hash["uuid"], T.nilable(String))
+          # NOTE: Missing "requirement" means no compat entry (any version acceptable)
+          requirement_string = T.cast(dep_hash["requirement"], T.nilable(String))
 
-          dependencies << Dependabot::Dependency.new(
+          Dependabot::Dependency.new(
             name: name,
-            version: exact_version,
+            version: nil, # Julia dependencies don't use locked versions
             requirements: [{
               requirement: requirement_string,
               file: T.must(project_file).name,
-              groups: ["runtime"],
+              groups: groups,
               source: nil
             }],
-            package_manager: "julia"
+            package_manager: "julia",
+            metadata: uuid ? { julia_uuid: uuid } : {}
           )
         end
-
-        dependencies
-      end
-
-      sig { params(dependency_name: String).returns(T.nilable(String)) }
-      def version_from_manifest(dependency_name)
-        return nil unless manifest_file
-
-        # Try using DependabotHelper.jl first
-        temp_dir = Dir.mktmpdir("julia_manifest_only")
-        manifest_path = File.join(temp_dir, "Manifest.toml")
-        File.write(manifest_path, T.must(manifest_file).content)
-
-        begin
-          # We need the UUID for the DependabotHelper.jl call, so fallback to Ruby parsing
-          # Note: Future enhancement could add name-only lookup to DependabotHelper.jl
-          fallback_version_from_manifest(dependency_name)
-        ensure
-          FileUtils.rm_rf(temp_dir)
-        end
-      end
-
-      sig { params(dependency_name: String).returns(T.nilable(String)) }
-      def fallback_version_from_manifest(dependency_name)
-        return nil unless manifest_file
-
-        parsed_manifest = parsed_manifest_file
-
-        # Look for the dependency in the manifest
-        deps_section = T.cast(parsed_manifest["deps"], T.nilable(T::Hash[String, T.untyped]))
-        if deps_section && deps_section[dependency_name]
-          # Manifest v2 format
-          dep_entries = deps_section[dependency_name]
-          if dep_entries.is_a?(Array) && dep_entries.first.is_a?(Hash)
-            return T.cast(dep_entries.first["version"], T.nilable(String))
-          end
-        end
-
-        nil
       end
 
       sig { returns(T.nilable(Dependabot::DependencyFile)) }
@@ -236,37 +155,6 @@ module Dependabot
         )
       end
 
-      sig { returns(T.nilable(Dependabot::DependencyFile)) }
-      def manifest_file
-        @manifest_file ||= T.let(
-          get_original_file("Manifest.toml") || get_original_file("JuliaManifest.toml"),
-          T.nilable(Dependabot::DependencyFile)
-        )
-      end
-
-      sig { returns(T::Hash[String, T.untyped]) }
-      def parsed_project_file
-        return @parsed_project_file if @parsed_project_file
-
-        parsed_content = T.cast(TomlRB.parse(T.must(project_file).content), T::Hash[String, T.untyped])
-        @parsed_project_file = parsed_content
-        parsed_content
-      rescue TomlRB::ParseError, TomlRB::ValueOverwriteError => e
-        raise Dependabot::DependencyFileNotParseable, "Error parsing #{T.must(project_file).name}: #{e.message}"
-      end
-
-      sig { returns(T::Hash[String, T.untyped]) }
-      def parsed_manifest_file
-        return {} unless manifest_file
-        return @parsed_manifest_file if @parsed_manifest_file
-
-        parsed_content = T.cast(TomlRB.parse(T.must(manifest_file).content), T::Hash[String, T.untyped])
-        @parsed_manifest_file = parsed_content
-        parsed_content
-      rescue TomlRB::ParseError, TomlRB::ValueOverwriteError => e
-        raise Dependabot::DependencyFileNotParseable, "Error parsing #{T.must(manifest_file).name}: #{e.message}"
-      end
-
       sig { override.void }
       def check_required_files
         raise "No Project.toml or JuliaProject.toml!" unless project_file

data/lib/dependabot/julia/file_updater.rb

@@ -3,9 +3,12 @@
 
 require "toml-rb"
 require "tempfile"
+require "fileutils"
+require "pathname"
 require "dependabot/file_updaters"
 require "dependabot/file_updaters/base"
 require "dependabot/julia/registry_client"
+require "dependabot/notices"
 
 module Dependabot
   module Julia
@@ -17,72 +20,51 @@ module Dependabot
         [/(?:Julia)?Project\.toml$/i, /(?:Julia)?Manifest(?:-v[\d.]+)?\.toml$/i]
       end
 
+      sig { override.returns(T::Array[Dependabot::Notice]) }
+      attr_reader :notices
+
+      sig do
+        override.params(
+          dependencies: T::Array[Dependabot::Dependency],
+          dependency_files: T::Array[Dependabot::DependencyFile],
+          credentials: T::Array[Dependabot::Credential],
+          repo_contents_path: T.nilable(String),
+          options: T::Hash[Symbol, T.untyped]
+        ).void
+      end
+      def initialize(dependencies:, dependency_files:, credentials:, repo_contents_path: nil, options: {})
+        super
+        @notices = T.let([], T::Array[Dependabot::Notice])
+      end
+
       sig { override.returns(T::Array[Dependabot::DependencyFile]) }
       def updated_dependency_files
-        updated_files = []
+        # If no project file, cannot proceed
+        raise "No Project.toml file found" unless project_file
 
         # Use DependabotHelper.jl for manifest updating
-        if project_file
-          project_path = T.let(nil, T.nilable(String))
-
-          begin
-            project_path = write_temp_project_file
-
-            result = registry_client.update_manifest(
-              project_path: project_path,
-              updates: build_updates_hash
-            )
-
-            if result["error"]
-              # Fallback to Ruby TOML manipulation
-              Dependabot.logger.warn(
-                "DependabotHelper.jl update failed: #{result['error']}, " \
-                "falling back to Ruby updating"
-              )
-              return fallback_updated_dependency_files
-            end
-
-            # Create updated files from DependabotHelper.jl results
-            updated_files = build_updated_files_from_result(result)
-          rescue StandardError => e
-            # Fallback to Ruby TOML manipulation if Julia helper fails
-            Dependabot.logger.warn(
-              "DependabotHelper.jl update failed with exception: #{e.message}, " \
-              "falling back to Ruby updating"
-            )
-            return fallback_updated_dependency_files
-          ensure
-            File.delete(project_path) if project_path && File.exist?(project_path)
-          end
-        end
-
-        raise "No files changed!" if updated_files.empty?
-
-        updated_files
+        # This works for both standard packages and workspace packages
+        updated_files_with_julia_helper
       end
 
-      # Fallback method using Ruby TOML manipulation
       sig { returns(T::Array[Dependabot::DependencyFile]) }
-      def fallback_updated_dependency_files
+      def updated_files_with_julia_helper
         updated_files = []
 
-        # Update Project.toml file
-        if project_file && file_changed?(T.must(project_file))
-          updated_files << updated_file(
-            file: T.must(project_file),
-            content: updated_project_content
-          )
-        end
+        SharedHelpers.in_a_temporary_repo_directory(T.must(dependency_files.first).directory, repo_contents_path) do
+          updated_project = updated_project_content
+          actual_manifest = find_manifest_file
 
-        # Update Manifest.toml file if it exists and dependencies have changed
-        if manifest_file
-          updated_manifest_content = build_updated_manifest_content
-          if updated_manifest_content != T.must(manifest_file).content
-            updated_files << updated_file(
-              file: T.must(manifest_file),
-              content: updated_manifest_content
-            )
-          end
+          return project_only_update(updated_project) if actual_manifest.nil?
+
+          # Work directly in the repo directory - no need for another temp directory
+          # This ensures all workspace packages are accessible to Julia's Pkg
+          write_temporary_files(updated_project, actual_manifest)
+          result = call_julia_helper
+
+          return handle_julia_helper_error(result, actual_manifest, updated_project) if result["error"]
+
+          build_updated_files(updated_files, updated_project, actual_manifest, result)
         end
 
         raise "No files changed!" if updated_files.empty?
@@ -90,6 +72,111 @@ module Dependabot
         updated_files
       end
 
+      sig { params(updated_project: String).returns(T::Array[Dependabot::DependencyFile]) }
+      def project_only_update(updated_project)
+        [updated_file(file: T.must(project_file), content: updated_project)]
+      end
+
+      sig do
+        params(
+          updated_project: String,
+          actual_manifest: Dependabot::DependencyFile
+        ).void
+      end
+      def write_temporary_files(updated_project, actual_manifest)
+        File.write(T.must(project_file).name, updated_project)
+
+        # Preserve relative paths (e.g., ../Manifest.toml for workspace packages)
+        # so Julia's Pkg can find and update the correct shared manifest
+        manifest_path = actual_manifest.name
+        FileUtils.mkdir_p(File.dirname(manifest_path)) if manifest_path.include?("/")
+        File.write(manifest_path, actual_manifest.content)
+      end
+
+      sig { returns(T::Hash[String, T.untyped]) }
+      def call_julia_helper
+        registry_client.update_manifest(
+          project_path: Dir.pwd,
+          updates: build_updates_hash
+        )
+      end
+
+      sig do
+        params(
+          result: T::Hash[String, T.untyped],
+          actual_manifest: Dependabot::DependencyFile,
+          updated_project: String
+        ).returns(T::Array[Dependabot::DependencyFile])
+      end
+      def handle_julia_helper_error(result, actual_manifest, updated_project)
+        error_message = result["error"]
+        manifest_path = actual_manifest.name
+
+        is_resolver_error = resolver_error?(error_message)
+        raise error_message unless is_resolver_error
+
+        add_manifest_update_notice(manifest_path, error_message)
+
+        # Return only the updated Project.toml
+        [updated_file(file: T.must(project_file), content: updated_project)]
+      end
+
+      sig { params(error_message: String).returns(T::Boolean) }
+      def resolver_error?(error_message)
+        error_message.start_with?("Pkg resolver error:") ||
+          error_message.include?("Unsatisfiable requirements") ||
+          error_message.include?("ResolverError")
+      end
+
+      sig { params(manifest_path: String, error_message: String).void }
+      def add_manifest_update_notice(manifest_path, error_message)
+        # Resolve relative paths to absolute paths for clarity in user-facing notices
+        # Use Pathname.cleanpath to handle any depth of relative paths (e.g., ../../Manifest.toml)
+        project_dir = T.must(project_file).directory
+        absolute_manifest_path = if manifest_path.start_with?("../", "./")
+                                   # For workspace packages, compute the absolute path
+                                   Pathname.new(File.join(project_dir, manifest_path)).cleanpath.to_s
+                                 else
+                                   # For regular packages, use the manifest path as-is
+                                   File.join(project_dir, manifest_path)
+                                 end
+
+        @notices << Dependabot::Notice.new(
+          mode: Dependabot::Notice::NoticeMode::WARN,
+          type: "julia_manifest_not_updated",
+          package_manager_name: "Pkg",
+          title: "Could not update manifest #{absolute_manifest_path}",
+          description: "The Julia package manager failed to update the new dependency versions " \
+                       "in `#{absolute_manifest_path}`:\n\n```\n#{error_message}\n```",
+          show_in_pr: true,
+          show_alert: true
+        )
+      end
+
+      sig do
+        params(
+          updated_files: T::Array[Dependabot::DependencyFile],
+          updated_project: String,
+          actual_manifest: Dependabot::DependencyFile,
+          result: T::Hash[String, T.untyped]
+        ).void
+      end
+      def build_updated_files(updated_files, updated_project, actual_manifest, result)
+        updated_files << updated_file(file: T.must(project_file), content: updated_project)
+
+        return unless result["manifest_content"]
+
+        updated_manifest_content = result["manifest_content"]
+        return unless updated_manifest_content != actual_manifest.content
+
+        manifest_for_update = if result["manifest_path"]
+                                manifest_file_for_path(result["manifest_path"])
+                              else
+                                actual_manifest
+                              end
+        updated_files << updated_file(file: manifest_for_update, content: updated_manifest_content)
+      end
+
       private
 
       sig { returns(T::Hash[String, String]) }
@@ -98,33 +185,15 @@ module Dependabot
         dependencies.each do |dependency|
           next unless dependency.version
 
-          updates[dependency.name] = dependency.version
+          uuid = T.cast(dependency.metadata[:julia_uuid], String)
+          updates[uuid] = {
+            "name" => dependency.name,
+            "version" => dependency.version
+          }
         end
         updates
       end
 
-      sig { params(result: T::Hash[String, T.untyped]).returns(T::Array[Dependabot::DependencyFile]) }
-      def build_updated_files_from_result(result)
-        updated_files = T.let([], T::Array[Dependabot::DependencyFile])
-
-        if result["project_content"] && result["project_content"] != T.must(project_file).content
-          updated_files << updated_file(
-            file: T.must(project_file),
-            content: result["project_content"]
-          )
-        end
-
-        if manifest_file && result["manifest_content"] &&
-           result["manifest_content"] != T.must(manifest_file).content
-          updated_files << updated_file(
-            file: T.must(manifest_file),
-            content: result["manifest_content"]
-          )
-        end
-
-        updated_files
-      end
-
       # Helper methods for DependabotHelper.jl integration
 
       sig { returns(Dependabot::Julia::RegistryClient) }
@@ -137,12 +206,54 @@ module Dependabot
         )
       end
 
-      sig { returns(String) }
-      def write_temp_project_file
-        temp_file = Tempfile.new(["Project", ".toml"])
-        temp_file.write(T.must(project_file).content)
-        temp_file.close
-        T.must(temp_file.path)
+      sig { returns(T.nilable(Dependabot::DependencyFile)) }
+      def find_manifest_file
+        # The file fetcher has already identified the correct manifest file
+        # For regular packages: manifest in same directory
+        # For workspace packages: manifest in parent directory
+        # We just need to find it in dependency_files
+        project_dir = T.must(project_file).directory
+
+        dependency_files.find do |f|
+          # Use basename to get just the filename, not the full path with ../
+          is_manifest = File.basename(f.name).match?(/^(Julia)?Manifest(?:-v[\d.]+)?\.toml$/i)
+          is_manifest && (f.directory == project_dir || project_dir.start_with?(f.directory))
+        end
+      end
+
+      sig { params(manifest_path: String).returns(Dependabot::DependencyFile) }
+      def manifest_file_for_path(manifest_path)
+        # manifest_path is relative to the project directory (e.g., "Manifest.toml" or "../Manifest.toml")
+        # We need to resolve it to find the actual manifest file in dependency_files
+
+        # Build the absolute path relative to the project directory
+        project_dir = T.must(project_file).directory
+        resolved_manifest_path = File.expand_path(manifest_path, project_dir)
+
+        # Normalize by removing leading "/" to get repo-relative path
+        resolved_manifest_path = resolved_manifest_path.sub(%r{^/}, "")
+
+        # Find the matching manifest file in dependency_files
+        found_manifest = dependency_files.find do |f|
+          next unless f.name.match?(/^(Julia)?Manifest(?:-v[\d.]+)?\.toml$/i)
+
+          # Construct the full path for this file and normalize it
+          file_path = File.join(f.directory, f.name).sub(%r{^/}, "")
+          file_path == resolved_manifest_path
+        end
+
+        # If we found the manifest file and the manifest_path matches its name exactly,
+        # return the original file to preserve its metadata
+        return found_manifest if found_manifest && found_manifest.name == manifest_path
+
+        # For workspace cases where manifest_path is relative (e.g., "../Manifest.toml"),
+        # we need to create a new DependencyFile with the relative path as its name,
+        # but copy the content from the found manifest if it exists
+        Dependabot::DependencyFile.new(
+          name: manifest_path,
+          content: found_manifest&.content || "",
+          directory: project_dir
+        )
       end
 
       sig { override.void }
@@ -164,16 +275,6 @@ module Dependabot
         )
       end
 
-      sig { returns(T.nilable(Dependabot::DependencyFile)) }
-      def manifest_file
-        @manifest_file ||= T.let(
-          dependency_files.find do |f|
-            f.name.match?(/^(Julia)?Manifest(?:-v[\d.]+)?\.toml$/i)
-          end,
-          T.nilable(Dependabot::DependencyFile)
-        )
-      end
-
       sig { returns(String) }
       def updated_project_content
         return T.must(T.must(project_file).content) unless project_file
@@ -196,15 +297,24 @@ module Dependabot
 
       sig { params(content: String, dependency_name: String, new_requirement: String).returns(String) }
       def update_dependency_requirement_in_content(content, dependency_name, new_requirement)
-        # Pattern to match the dependency in [compat] section
-        # Handles various quote styles and spacing
-        pattern = /(^\s*#{Regexp.escape(dependency_name)}\s*=\s*)(?:"[^"]*"|'[^']*'|[^\s#\n]+)(\s*(?:\#.*)?$)/mx
-
-        if content.match?(pattern)
-          # Replace existing entry
-          content.gsub(pattern, "\\1\"#{new_requirement}\"\\2")
+        # Extract the [compat] section to update it specifically
+        compat_section_match = content.match(/^\[compat\]\s*\n((?:(?!\[)[^\n]*\n)*?)(?=^\[|\z)/m)
+
+        if compat_section_match
+          compat_section = T.must(compat_section_match[1])
+          # Pattern to match the dependency in the compat section
+          pattern = /^(\s*#{Regexp.escape(dependency_name)}\s*=\s*)(?:"[^"]*"|'[^']*'|[^\s#\n]+)(\s*(?:\#.*)?)$/
+
+          if compat_section.match?(pattern)
+            # Replace existing entry in compat section
+            updated_compat = compat_section.gsub(pattern, "\\1\"#{new_requirement}\"\\2")
+            content.sub(T.must(compat_section_match[0]), "[compat]\n#{updated_compat}")
+          else
+            # Add new entry to existing [compat] section
+            add_compat_entry_to_content(content, dependency_name, new_requirement)
+          end
         else
-          # Add new entry to [compat] section
+          # Add new [compat] section
           add_compat_entry_to_content(content, dependency_name, new_requirement)
         end
       end
@@ -220,74 +330,6 @@ module Dependabot
           content + "\n[compat]\n#{dependency_name} = \"#{requirement}\"\n"
         end
       end
-
-      sig { returns(String) }
-      def build_updated_manifest_content
-        return T.must(T.must(manifest_file).content) unless manifest_file
-
-        content = T.must(T.must(manifest_file).content)
-
-        dependencies.each do |dependency|
-          next unless dependency.version
-
-          content = update_dependency_version_in_manifest(content, dependency.name, T.must(dependency.version))
-        end
-
-        content
-      end
-
-      sig { params(content: String, dependency_name: String, new_version: String).returns(String) }
-      def update_dependency_version_in_manifest(content, dependency_name, new_version)
-        # Pattern to find the dependency entry and update its version
-        # Matches the [[deps.DependencyName]] section and updates the version line within it
-        dep_start = /^\[\[deps\.#{Regexp.escape(dependency_name)}\]\]\s*\n(?:.*\n)*?/
-        version_key = /^\s*version\s*=\s*/
-        old_version = /(?:"[^"]*"|'[^']*'|[^\s#\n]+)/
-        trailing = /\s*(?:\#.*)?$/
-        pattern = /(#{dep_start})(#{version_key})#{old_version}(#{trailing})/mx
-
-        if content.match?(pattern)
-          content.gsub(pattern, "\\1\\2\"#{new_version}\"\\3")
-        else
-          # If pattern doesn't match, fall back to original approach
-          Dependabot.logger.warn("Could not find manifest entry for #{dependency_name}, using fallback")
-          fallback_update_manifest_content(content, dependency_name, new_version)
-        end
-      end
-
-      sig { params(content: String, dependency_name: String, new_version: String).returns(String) }
-      def fallback_update_manifest_content(content, dependency_name, new_version)
-        # Fallback to parse-and-dump for complex cases
-        parsed_manifest = T.cast(TomlRB.parse(content), T::Hash[String, T.untyped])
-
-        deps_section = T.cast(parsed_manifest["deps"] || {}, T::Hash[String, T.untyped])
-        if deps_section[dependency_name]
-          dep_entries = deps_section[dependency_name]
-          update_dependency_entries(dep_entries, new_version)
-        end
-
-        T.cast(TomlRB.dump(parsed_manifest), String)
-      end
-
-      sig { params(dependency: Dependabot::Dependency, manifest: T::Hash[String, T.untyped]).void }
-      def update_dependency_in_manifest(dependency, manifest)
-        deps_section = T.cast(manifest["deps"] || {}, T::Hash[String, T.untyped])
-        return unless deps_section[dependency.name]
-
-        dep_entries = deps_section[dependency.name]
-        update_dependency_entries(dep_entries, dependency.version)
-      end
-
-      sig { params(dep_entries: T.untyped, version: T.nilable(String)).void }
-      def update_dependency_entries(dep_entries, version)
-        if dep_entries.is_a?(Array)
-          dep_entries.each do |dep_entry|
-            dep_entry["version"] = version if dep_entry.is_a?(Hash) && dep_entry["uuid"]
-          end
-        elsif dep_entries.is_a?(Hash) && dep_entries["uuid"]
-          dep_entries["version"] = version
-        end
-      end
     end
   end
 end

data/lib/dependabot/julia/metadata_finder.rb

@@ -1,13 +1,10 @@
 # typed: strong
 # frozen_string_literal: true
 
-require "excon"
 require "dependabot/metadata_finders"
 require "dependabot/metadata_finders/base"
-require "dependabot/registry_client"
 require "dependabot/julia/registry_client"
 require "uri" # Required for URI.parse
-require "toml-rb" # Required for TOML parsing
 
 module Dependabot
   module Julia
@@ -21,9 +18,8 @@ module Dependabot
 
       sig { override.returns(T.nilable(Dependabot::Source)) }
       def look_up_source
-        # Only use authoritative sources from Julia helper or dependency files
-        url_string = source_url_from_julia_helper ||
-                     source_url_from_dependency_files
+        # Only use authoritative sources from Julia helper
+        url_string = source_url_from_julia_helper
 
         return nil unless url_string
 
@@ -84,14 +80,6 @@ module Dependabot
         Dependabot.logger.error("Invalid URI for dependency #{dependency.name}: #{url_string} - #{e.message}")
         nil
       end
-
-      sig { returns(T.nilable(String)) }
-      def source_url_from_dependency_files
-        # MetadataFinder doesn't have access to dependency_files
-        # This would typically be handled by FileParser or other components
-        # For now, we'll skip this strategy and rely on the Julia helper
-        nil
-      end
     end
   end
 end

data/lib/dependabot/julia/package/package_details_fetcher.rb

@@ -1,4 +1,4 @@
-# typed: strong
+# typed: strict
 # frozen_string_literal: true
 
 require "time"
@@ -72,31 +72,57 @@ module Dependabot
           ).returns(T::Array[Dependabot::Package::PackageRelease])
         end
         def build_releases_for_versions(registry_client, available_versions, uuid)
-          releases = T.let([], T::Array[Dependabot::Package::PackageRelease])
+          # Use batch operation to fetch all release dates at once
+          release_dates = fetch_release_dates_batch(registry_client, available_versions, uuid)
 
-          available_versions.each do |version_string|
+          available_versions.map do |version_string|
             version = Julia::Version.new(version_string)
-            release_date = fetch_release_date_safely(registry_client, version_string, uuid)
+            release_date = release_dates[version_string]
 
-            releases << create_package_release(version, release_date)
+            create_package_release(version, release_date)
           end
-
-          releases
         end
 
         sig do
           params(
             registry_client: RegistryClient,
-            version_string: String,
+            available_versions: T::Array[String],
             uuid: T.nilable(String)
-          ).returns(T.nilable(Time))
+          ).returns(T::Hash[String, T.nilable(Time)])
         end
-        def fetch_release_date_safely(registry_client, version_string, uuid)
-          registry_client.fetch_version_release_date(dependency.name, version_string, uuid)
-        rescue StandardError => e
-          Dependabot.logger.warn(
-            "Failed to fetch release info for #{dependency.name} version #{version_string}: #{e.message}"
-          )
+        def fetch_release_dates_batch(registry_client, available_versions, uuid)
+          return {} if available_versions.empty?
+
+          packages_versions = [{
+            name: dependency.name,
+            uuid: uuid || "",
+            versions: available_versions
+          }]
+
+          result = registry_client.batch_fetch_version_release_dates(packages_versions)
+          dates_for_package = result[dependency.name] || {}
+
+          convert_dates_to_time_objects(dates_for_package)
+        end
+
+        sig do
+          params(
+            dates_hash: T::Hash[String, T.untyped]
+          ).returns(T::Hash[String, T.nilable(Time)])
+        end
+        def convert_dates_to_time_objects(dates_hash)
+          dates_hash.transform_values do |date_value|
+            convert_single_date(date_value)
+          end
+        end
+
+        sig { params(date_value: T.untyped).returns(T.nilable(Time)) }
+        def convert_single_date(date_value)
+          return nil if date_value.nil?
+          return nil if date_value.is_a?(Hash) && date_value["error"]
+
+          Time.parse(date_value.to_s)
+        rescue ArgumentError, TypeError
           nil
         end
 

data/lib/dependabot/julia/package_manager.rb

@@ -14,10 +14,10 @@ module Dependabot
       PACKAGE_MANAGER_COMMAND = T.let("julia", String)
       # Julia versions as of June 2025:
       # - 1.10 is the LTS (Long Term Support) version
-      # - 1.11 is the current stable version
+      # - 1.12 is the current stable version
       # Update these constants when new LTS or major versions are released
       MINIMUM_VERSION = T.let("1.10", String) # LTS version
-      CURRENT_VERSION = T.let("1.11", String) # Current stable version
+      CURRENT_VERSION = T.let("1.12", String) # Current stable version
 
       sig { returns(T.nilable(String)) }
       def self.detected_version

data/lib/dependabot/julia/registry_client.rb

@@ -87,24 +87,6 @@ module Dependabot
         nil
       end
 
-      sig do
-        params(
-          project_path: String,
-          package_name: String,
-          target_version: String
-        ).returns(T::Hash[String, T.untyped])
-      end
-      def check_update_compatibility(project_path, package_name, target_version)
-        call_julia_helper(
-          function: "check_update_compatibility",
-          args: {
-            project_path: project_path,
-            package_name: package_name,
-            target_version: target_version
-          }
-        )
-      end
-
       sig do
         params(
           project_path: String,
@@ -129,6 +111,24 @@ module Dependabot
         )
       end
 
+      sig { params(directory: String).returns(T::Hash[String, String]) }
+      def find_environment_files(directory)
+        result = call_julia_helper(
+          function: "find_environment_files",
+          args: { directory: directory }
+        )
+
+        return {} if result["error"]
+
+        {
+          "project_file" => result["project_file"],
+          "manifest_file" => result["manifest_file"]
+        }
+      rescue StandardError => e
+        Dependabot.logger.warn("Failed to find environment files in #{directory}: #{e.message}")
+        {}
+      end
+
       sig do
         params(
           manifest_path: String,
@@ -160,22 +160,6 @@ module Dependabot
         )
       end
 
-      sig do
-        params(
-          package_name: String,
-          source_url: String
-        ).returns(T::Hash[String, T.untyped])
-      end
-      def extract_package_metadata_from_url(package_name, source_url)
-        call_julia_helper(
-          function: "extract_package_metadata_from_url",
-          args: {
-            package_name: package_name,
-            source_url: source_url
-          }
-        )
-      end
-
       sig do
         params(
           project_path: String,
@@ -269,6 +253,68 @@ module Dependabot
         []
       end
 
+      # ============================================================================
+      # BATCH OPERATIONS
+      # ============================================================================
+
+      sig { params(dependencies: T::Array[Dependabot::Dependency]).returns(T::Hash[String, T.untyped]) }
+      def batch_fetch_package_info(dependencies)
+        packages = dependencies.map do |dep|
+          {
+            name: dep.name,
+            uuid: dep.metadata[:julia_uuid] || ""
+          }
+        end
+
+        call_julia_helper(
+          function: "batch_get_package_info",
+          args: { packages: packages }
+        )
+      rescue StandardError => e
+        Dependabot.logger.error("Failed to batch fetch package info: #{e.message}")
+        {}
+      end
+
+      sig do
+        params(
+          packages_versions: T::Array[T::Hash[Symbol, T.untyped]]
+        ).returns(T::Hash[String, T::Hash[String, T.nilable(String)]])
+      end
+      def batch_fetch_version_release_dates(packages_versions)
+        result = call_julia_helper(
+          function: "batch_get_version_release_dates",
+          args: { packages_versions: packages_versions }
+        )
+
+        # Convert the result to a more Ruby-friendly format
+        result.transform_values do |dates|
+          next dates if dates.is_a?(Hash) && dates["error"]
+
+          dates.is_a?(Hash) ? dates : {}
+        end
+      rescue StandardError => e
+        Dependabot.logger.error("Failed to batch fetch version release dates: #{e.message}")
+        {}
+      end
+
+      sig { params(dependencies: T::Array[Dependabot::Dependency]).returns(T::Hash[String, T.untyped]) }
+      def batch_fetch_available_versions(dependencies)
+        packages = dependencies.map do |dep|
+          {
+            name: dep.name,
+            uuid: dep.metadata[:julia_uuid] || ""
+          }
+        end
+
+        call_julia_helper(
+          function: "batch_get_available_versions",
+          args: { packages: packages }
+        )
+      rescue StandardError => e
+        Dependabot.logger.error("Failed to batch fetch available versions: #{e.message}")
+        {}
+      end
+
       private
 
       sig { returns(T::Array[T::Hash[Symbol, String]]) }

data/lib/dependabot/julia/requirement.rb

@@ -14,16 +14,17 @@ module Dependabot
         # - Range: "1.2-1.3", ">=1.0, <2.0"
         # - Caret: "^1.2" (compatible within major version)
         # - Tilde: "~1.2.3" (compatible within minor version)
-        # - Wildcard: "*" (any version)
-        return [new(">= 0")] if requirement_string.nil? || requirement_string.empty? || requirement_string == "*"
+        # Note: Missing compat entry (nil/empty) means any version is acceptable
+        return [new(">= 0")] if requirement_string.nil? || requirement_string.empty?
 
         # Split by comma for multiple constraints
         constraints = requirement_string.split(",").map(&:strip)
 
         constraints.map do |constraint|
-          # Handle Julia-specific patterns
-          normalized_constraint = normalize_julia_constraint(constraint)
-          new(normalized_constraint)
+          # Handle Julia-specific patterns - returns an array of gem requirement strings
+          normalized_constraints = normalize_julia_constraint(constraint)
+          # Pass the array to Gem::Requirement, which accepts multiple conditions
+          new(normalized_constraints)
         end
       rescue Gem::Requirement::BadRequirementError
         [new(">= 0")]
@@ -41,38 +42,69 @@ module Dependabot
         version
       end
 
-      sig { params(constraint: String).returns(String) }
+      sig { params(constraint: String).returns(T::Array[String]) }
       def self.normalize_julia_constraint(constraint)
         return normalize_caret_constraint(constraint) if constraint.match?(/^\^(\d+(?:\.\d+)*)/)
         return normalize_tilde_constraint(constraint) if constraint.match?(/^~(\d+(?:\.\d+)*)/)
         return normalize_range_constraint(constraint) if constraint.match?(/^(\d+(?:\.\d+)*)-(\d+(?:\.\d+)*)$/)
 
+        # Julia treats plain version numbers as caret constraints (implicit ^)
+        # e.g., "1.2.3" is equivalent to "^1.2.3" which means ">= 1.2.3, < 2.0.0"
+        # See: https://pkgdocs.julialang.org/v1/compatibility/
+        return normalize_caret_constraint("^#{constraint}") if constraint.match?(/^(\d+(?:\.\d+)*)$/)
+
         # Return as-is for standard gem requirements (>=, <=, ==, etc.)
-        constraint
+        [constraint]
       end
 
-      sig { params(constraint: String).returns(String) }
+      sig { params(constraint: String).returns(T::Array[String]) }
       private_class_method def self.normalize_caret_constraint(constraint)
         version = T.must(constraint[1..-1])
         parts = version.split(".")
-        major = T.must(parts[0])
-        return ">= #{version}.0.0, < #{major.to_i + 1}.0.0" if parts.length == 1
-
-        ">= #{version}, < #{major.to_i + 1}.0.0"
+        major = T.must(parts[0]).to_i
+        minor = parts[1].to_i
+        patch = parts[2].to_i
+
+        # Julia caret semantics:
+        # - For 0.0.x: compatible within patch (e.g., 0.0.5 -> 0.0.x, < 0.0.6 or < 0.1.0?)
+        # - For 0.x.y: compatible within minor (e.g., 0.34.6 -> 0.34.x, < 0.35.0)
+        # - For x.y.z (x > 0): compatible within major (e.g., 1.2.3 -> 1.x.x, < 2.0.0)
+        if major.zero? && minor.zero?
+          # 0.0.x versions: bump patch
+          [">= #{version}", "< 0.0.#{patch + 1}"]
+        elsif major.zero?
+          # 0.x.y versions: bump minor (0.34.6 -> < 0.35.0)
+          [">= #{version}", "< 0.#{minor + 1}.0"]
+        else
+          # x.y.z versions where x > 0: bump major
+          [">= #{version}", "< #{major + 1}.0.0"]
+        end
       end
 
-      sig { params(constraint: String).returns(String) }
+      sig { params(constraint: String).returns(T::Array[String]) }
       private_class_method def self.normalize_tilde_constraint(constraint)
         version = T.must(constraint[1..-1])
         parts = version.split(".")
-        return ">= #{version}, < #{T.must(parts[0]).to_i + 1}.0.0" unless parts.length >= 2
-
-        major = T.must(parts[0])
-        minor = T.must(parts[1])
-        ">= #{version}, < #{major}.#{minor.to_i + 1}.0"
+        major = T.must(parts[0]).to_i
+        minor = parts[1].to_i
+
+        # Julia tilde semantics (similar to npm):
+        # - For 0.0.x: compatible within patch (same as caret)
+        # - For 0.x.y or x.y.z: compatible within minor (bump minor)
+        if major.zero? && minor.zero?
+          # 0.0.x versions: bump patch
+          patch = parts[2].to_i
+          [">= #{version}", "< 0.0.#{patch + 1}"]
+        elsif major.zero?
+          # 0.x.y versions: bump minor (same as caret for 0.x)
+          [">= #{version}", "< 0.#{minor + 1}.0"]
+        else
+          # x.y.z versions where x > 0: bump minor only
+          [">= #{version}", "< #{major}.#{minor + 1}.0"]
+        end
       end
 
-      sig { params(constraint: String).returns(String) }
+      sig { params(constraint: String).returns(T::Array[String]) }
       private_class_method def self.normalize_range_constraint(constraint)
         start_version, end_version = constraint.split("-")
         end_parts = T.must(end_version).split(".")
@@ -85,7 +117,7 @@ module Dependabot
                        "#{T.must(end_parts[0]).to_i + 1}.0.0"
                      end
 
-        ">= #{start_version}, < #{next_minor}"
+        [">= #{start_version}", "< #{next_minor}"]
       end
     end
   end

data/lib/dependabot/julia/update_checker/requirements_updater.rb

@@ -53,8 +53,8 @@ module Dependabot
       def update_requirement(requirement, target_version)
         current_requirement = requirement[:requirement]
 
-        # If requirement is "*" or nil, use target version
-        new_requirement = if current_requirement.nil? || current_requirement == "*"
+        # If requirement is nil (no compat entry), use target version
+        new_requirement = if current_requirement.nil?
                             target_version.to_s
                           else
                             updated_version_requirement(current_requirement, target_version)
@@ -65,24 +65,46 @@ module Dependabot
 
       sig { params(requirement_string: String, target_version: Dependabot::Julia::Version).returns(String) }
       def updated_version_requirement(requirement_string, target_version)
-        req = Dependabot::Julia::Requirement.new(requirement_string)
-
-        # If current requirement already satisfied, keep it
-        return requirement_string if req.satisfied_by?(target_version)
-
-        # Otherwise, create a new requirement that includes the target version
-        if requirement_string.start_with?("^")
-          # Caret requirement: ^1.2 -> update to ^new_major.new_minor if needed
-          "^#{target_version.segments[0]}.#{target_version.segments[1] || 0}"
-        elsif requirement_string.start_with?("~")
-          # Tilde requirement: ~1.2.3 -> update to ~new_version
-          "~#{target_version}"
-        elsif requirement_string.include?("-")
-          # Range requirement: keep as is or expand to include target
-          requirement_string
+        # Don't update range requirements (e.g., "0.34-0.35") - these are explicit manual constraints
+        return requirement_string if requirement_string.match?(/^\d+(?:\.\d+)*-\d+(?:\.\d+)*$/)
+
+        # Parse all constraints in the requirement string
+        reqs = Dependabot::Julia::Requirement.requirements_array(requirement_string)
+
+        # Check if any requirement is satisfied by the target version
+        # Note: This uses the implicit caret semantics from the Requirement class
+        return requirement_string if reqs.any? { |req| req.satisfied_by?(target_version) }
+
+        # Otherwise, append a new requirement that includes the target version
+        # Following CompatHelper.jl's approach: use major.minor for versions >= 1.0,
+        # 0.minor for 0.x versions, and 0.0.patch for 0.0.x versions
+        new_spec = simplified_version_spec(target_version)
+
+        # Append the new spec to the existing requirement (CompatHelper KeepEntry behavior)
+        # Detect whether the existing requirement uses spaces after commas and preserve that format
+        # and default to ", " if no commas found
+        separator = requirement_string.include?(",") && !requirement_string.include?(", ") ? "," : ", "
+        "#{requirement_string}#{separator}#{new_spec}"
+      end
+
+      sig { params(target_version: Dependabot::Julia::Version).returns(String) }
+      def simplified_version_spec(target_version)
+        # Follow CompatHelper.jl's compat_version_number logic:
+        # - major > 0: use "major.minor"
+        # - major == 0, minor > 0: use "0.minor"
+        # - major == 0, minor == 0: use "0.0.patch"
+        # Note: CompatHelper always returns plain versions (no ^ or ~ prefix)
+        # Coerce segments to integers (segments may be Integer or String or nil)
+        major = (target_version.segments[0] || 0).to_i
+        minor = (target_version.segments[1] || 0).to_i
+        patch = (target_version.segments[2] || 0).to_i
+
+        if major.positive?
+          "#{major}.#{minor}"
+        elsif minor.positive?
+          "0.#{minor}"
         else
-          # Exact version or other: use target version
-          target_version.to_s
+          "0.0.#{patch}"
         end
       end
     end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-julia
 version: !ruby/object:Gem::Version
-  version: 0.345.0
+  version: 0.347.0
 platform: ruby
 authors:
 - Dependabot
@@ -15,14 +15,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.345.0
+        version: 0.347.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.345.0
+        version: 0.347.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -260,7 +260,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.345.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.347.0
 rdoc_options: []
 require_paths:
 - lib