dependabot-nix 0.367.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: d96dbad7c99a3d367400e75f35924e09780a520b1bad0d75f3a09b1fd3dbcc61
+  data.tar.gz: 3075e3e0e369bfc2a6430770f31386d80501dee1a1fb3e99581668190779ad3a
+SHA512:
+  metadata.gz: 7b7ce4e11d73728346b66072626e0e7dd495b5fc5933dc605f2e864f8f601cc935448e3f1dc271ca3f06d6f4e3fcdc97218c9d1f95d7e7e1c054c9c4881ce792
+  data.tar.gz: 7ef644ba8f2b8fd863f1f05903fc58ed0552ae408118f416ebfcd7986bc4f913e9bd6714090307a88b46cd421d6aec3ea5710d6ca8667efde7b5804d37d9b113

data/lib/dependabot/nix/file_fetcher.rb

@@ -0,0 +1,66 @@
+# typed: strong
+# frozen_string_literal: true
+
+require "sorbet-runtime"
+require "dependabot/file_fetchers"
+require "dependabot/file_fetchers/base"
+
+module Dependabot
+  module Nix
+    class FileFetcher < Dependabot::FileFetchers::Base
+      extend T::Sig
+
+      sig { override.params(filenames: T::Array[String]).returns(T::Boolean) }
+      def self.required_files_in?(filenames)
+        filenames.include?("flake.nix") && filenames.include?("flake.lock")
+      end
+
+      sig { override.returns(String) }
+      def self.required_files_message
+        "Repo must contain a flake.nix and flake.lock file."
+      end
+
+      sig { override.returns(T::Array[DependencyFile]) }
+      def fetch_files
+        unless allow_beta_ecosystems?
+          raise Dependabot::DependencyFileNotFound.new(
+            nil,
+            "Nix support is currently in beta. Set ALLOW_BETA_ECOSYSTEMS=true to enable it."
+          )
+        end
+
+        fetched_files = []
+        fetched_files << flake_nix
+        fetched_files << flake_lock
+        fetched_files
+      end
+
+      sig { override.returns(T.nilable(T::Hash[Symbol, T.untyped])) }
+      def ecosystem_versions
+        nil
+      end
+
+      private
+
+      sig { returns(Dependabot::DependencyFile) }
+      def flake_nix
+        @flake_nix ||=
+          T.let(
+            fetch_file_from_host("flake.nix"),
+            T.nilable(Dependabot::DependencyFile)
+          )
+      end
+
+      sig { returns(Dependabot::DependencyFile) }
+      def flake_lock
+        @flake_lock ||=
+          T.let(
+            fetch_file_from_host("flake.lock"),
+            T.nilable(Dependabot::DependencyFile)
+          )
+      end
+    end
+  end
+end
+
+Dependabot::FileFetchers.register("nix", Dependabot::Nix::FileFetcher)

data/lib/dependabot/nix/file_parser.rb

@@ -0,0 +1,215 @@
+# typed: strict
+# frozen_string_literal: true
+
+require "json"
+require "sorbet-runtime"
+
+require "dependabot/dependency"
+require "dependabot/file_parsers"
+require "dependabot/file_parsers/base"
+require "dependabot/shared_helpers"
+require "dependabot/nix/package_manager"
+
+module Dependabot
+  module Nix
+    class FileParser < Dependabot::FileParsers::Base
+      extend T::Sig
+
+      # Source types that are backed by git and can be updated via revision tracking
+      SUPPORTED_SOURCE_TYPES = T.let(%w(github gitlab sourcehut git).freeze, T::Array[String])
+
+      SUPPORTED_LOCK_VERSION = 7
+
+      DEFAULT_HOSTS = T.let(
+        {
+          "github" => "github.com",
+          "gitlab" => "gitlab.com",
+          "sourcehut" => "git.sr.ht"
+        }.freeze,
+        T::Hash[String, String]
+      )
+
+      sig { override.returns(T::Array[Dependabot::Dependency]) }
+      def parse
+        lock_content = JSON.parse(T.must(flake_lock.content))
+
+        lock_version = lock_content["version"]
+        if lock_version != SUPPORTED_LOCK_VERSION
+          Dependabot.logger.warn(
+            "flake.lock version #{lock_version.inspect} differs from expected #{SUPPORTED_LOCK_VERSION}"
+          )
+        end
+
+        root_name = lock_content.fetch("root", "root")
+        nodes = lock_content.fetch("nodes", {})
+        root_node = nodes.fetch(root_name, {})
+        root_inputs = root_node.fetch("inputs", {})
+
+        root_inputs.filter_map do |input_name, node_label|
+          node = resolve_node(node_label, nodes)
+          next unless node
+
+          build_dependency(input_name, node)
+        end
+      end
+
+      sig { returns(Ecosystem) }
+      def ecosystem
+        @ecosystem ||= T.let(
+          Ecosystem.new(
+            name: ECOSYSTEM,
+            package_manager: package_manager
+          ),
+          T.nilable(Dependabot::Ecosystem)
+        )
+      end
+
+      private
+
+      # Resolves a node_label to its node in the lock file.
+      # node_label is either a string (direct reference) or an array ("follows" path
+      # that must be walked through nested inputs maps).
+      sig do
+        params(
+          node_label: T.any(String, T::Array[String]),
+          nodes: T::Hash[String, T.untyped]
+        ).returns(T.nilable(T::Hash[String, T.untyped]))
+      end
+      def resolve_node(node_label, nodes)
+        return nodes[node_label] unless node_label.is_a?(Array)
+        return nil if node_label.empty?
+
+        # Walk the "follows" path: e.g. ["nixpkgs", "flake-utils"] means
+        # follow root -> nixpkgs node -> its inputs -> flake-utils
+        resolved_label = resolve_follows_path(node_label, nodes)
+        resolved_label ? nodes[resolved_label] : nil
+      end
+
+      # Walks a "follows" path through nested inputs to find the final node label.
+      sig do
+        params(
+          path: T::Array[String],
+          nodes: T::Hash[String, T.untyped]
+        ).returns(T.nilable(String))
+      end
+      def resolve_follows_path(path, nodes)
+        current_node_label = T.let(nil, T.nilable(String))
+
+        path.each_with_index do |segment, index|
+          # For the first segment, look up in the root's inputs via nodes directly
+          target = if index.zero?
+                     # The first segment references a top-level node by name
+                     segment
+                   else
+                     # Subsequent segments look up inputs within the current node
+                     node = nodes[T.must(current_node_label)]
+                     return nil unless node.is_a?(Hash)
+
+                     inputs = node.fetch("inputs", nil)
+                     return nil unless inputs.is_a?(Hash)
+
+                     label = inputs[segment]
+                     return nil unless label.is_a?(String)
+
+                     label
+                   end
+
+          current_node_label = target
+        end
+
+        current_node_label
+      end
+
+      sig do
+        params(
+          input_name: String,
+          node: T::Hash[String, T.untyped]
+        ).returns(T.nilable(Dependabot::Dependency))
+      end
+      def build_dependency(input_name, node)
+        locked = node.fetch("locked", nil)
+        original = node.fetch("original", nil)
+        return unless locked && original
+
+        source_type = locked.fetch("type", nil)
+        return unless SUPPORTED_SOURCE_TYPES.include?(source_type)
+
+        rev = locked.fetch("rev", nil)
+        return unless rev
+
+        url = build_url(locked)
+        return unless url
+
+        ref = original.fetch("ref", nil)
+
+        Dependency.new(
+          name: input_name,
+          version: rev,
+          package_manager: "nix",
+          requirements: [{
+            requirement: nil,
+            file: "flake.lock",
+            source: { type: "git", url: url, branch: ref, ref: ref },
+            groups: []
+          }]
+        )
+      end
+
+      sig { params(locked: T::Hash[String, T.untyped]).returns(T.nilable(String)) }
+      def build_url(locked)
+        case locked["type"]
+        when "github"
+          host = locked["host"] || DEFAULT_HOSTS["github"]
+          "https://#{host}/#{locked['owner']}/#{locked['repo']}"
+        when "gitlab"
+          host = locked["host"] || DEFAULT_HOSTS["gitlab"]
+          "https://#{host}/#{locked['owner']}/#{locked['repo']}"
+        when "sourcehut"
+          host = locked["host"] || DEFAULT_HOSTS["sourcehut"]
+          "https://#{host}/~#{locked['owner']}/#{locked['repo']}"
+        when "git"
+          locked["url"]
+        end
+      end
+
+      sig { returns(Dependabot::DependencyFile) }
+      def flake_lock
+        @flake_lock ||=
+          T.let(
+            T.must(get_original_file("flake.lock")),
+            T.nilable(Dependabot::DependencyFile)
+          )
+      end
+
+      sig { override.void }
+      def check_required_files
+        %w(flake.nix flake.lock).each do |filename|
+          raise "No #{filename}!" unless get_original_file(filename)
+        end
+      end
+
+      sig { returns(Ecosystem::VersionManager) }
+      def package_manager
+        @package_manager ||= T.let(
+          PackageManager.new(T.must(nix_version)),
+          T.nilable(Dependabot::Nix::PackageManager)
+        )
+      end
+
+      sig { returns(T.nilable(String)) }
+      def nix_version
+        @nix_version ||= T.let(
+          begin
+            version_output = SharedHelpers.run_shell_command("nix --version")
+            version_output.match(/nix.*?(\d+\.\d+[\.\d]*)/)&.captures&.first || "0.0.0"
+          rescue StandardError
+            "0.0.0"
+          end,
+          T.nilable(String)
+        )
+      end
+    end
+  end
+end
+
+Dependabot::FileParsers.register("nix", Dependabot::Nix::FileParser)

data/lib/dependabot/nix/file_updater.rb

@@ -0,0 +1,81 @@
+# typed: strong
+# frozen_string_literal: true
+
+require "sorbet-runtime"
+
+require "dependabot/errors"
+require "dependabot/file_updaters"
+require "dependabot/file_updaters/base"
+require "dependabot/shared_helpers"
+
+module Dependabot
+  module Nix
+    class FileUpdater < Dependabot::FileUpdaters::Base
+      extend T::Sig
+
+      sig { override.returns(T::Array[Dependabot::DependencyFile]) }
+      def updated_dependency_files
+        updated_lockfile_content = update_flake_lock
+
+        if updated_lockfile_content == flake_lock.content
+          raise Dependabot::DependencyFileContentNotChanged,
+                "Expected flake.lock to change for #{dependency.name}, but it didn't"
+        end
+
+        [updated_file(file: flake_lock, content: updated_lockfile_content)]
+      end
+
+      private
+
+      sig { returns(Dependabot::Dependency) }
+      def dependency
+        T.must(dependencies.first)
+      end
+
+      sig { returns(String) }
+      def update_flake_lock
+        SharedHelpers.in_a_temporary_repo_directory(
+          flake_lock.directory,
+          repo_contents_path
+        ) do
+          File.write("flake.nix", T.must(flake_nix.content))
+          File.write("flake.lock", T.must(flake_lock.content))
+
+          SharedHelpers.run_shell_command(
+            "nix flake update #{dependency.name}",
+            fingerprint: "nix flake update <input_name>"
+          )
+
+          File.read("flake.lock")
+        end
+      end
+
+      sig { override.void }
+      def check_required_files
+        %w(flake.nix flake.lock).each do |filename|
+          raise "No #{filename}!" unless get_original_file(filename)
+        end
+      end
+
+      sig { returns(Dependabot::DependencyFile) }
+      def flake_lock
+        @flake_lock ||=
+          T.let(
+            T.must(get_original_file("flake.lock")),
+            T.nilable(Dependabot::DependencyFile)
+          )
+      end
+
+      sig { returns(Dependabot::DependencyFile) }
+      def flake_nix
+        @flake_nix ||=
+          T.let(
+            T.must(get_original_file("flake.nix")),
+            T.nilable(Dependabot::DependencyFile)
+          )
+      end
+    end
+  end
+end
+
+Dependabot::FileUpdaters.register("nix", Dependabot::Nix::FileUpdater)

data/lib/dependabot/nix/metadata_finder.rb

@@ -0,0 +1,27 @@
+# typed: strict
+# frozen_string_literal: true
+
+require "sorbet-runtime"
+
+require "dependabot/metadata_finders"
+require "dependabot/metadata_finders/base"
+
+module Dependabot
+  module Nix
+    class MetadataFinder < Dependabot::MetadataFinders::Base
+      extend T::Sig
+
+      private
+
+      sig { override.returns(T.nilable(Dependabot::Source)) }
+      def look_up_source
+        url = dependency.requirements.first&.fetch(:source)&.fetch(:url) ||
+              dependency.requirements.first&.fetch(:source)&.fetch("url")
+
+        Source.from_url(url)
+      end
+    end
+  end
+end
+
+Dependabot::MetadataFinders.register("nix", Dependabot::Nix::MetadataFinder)

data/lib/dependabot/nix/package/package_details_fetcher.rb

@@ -0,0 +1,142 @@
+# typed: strict
+# frozen_string_literal: true
+
+require "json"
+require "time"
+require "sorbet-runtime"
+require "dependabot/nix"
+require "dependabot/package/package_release"
+require "dependabot/package/package_details"
+require "dependabot/git_commit_checker"
+require "dependabot/git_metadata_fetcher"
+
+module Dependabot
+  module Nix
+    module Package
+      class PackageDetailsFetcher
+        extend T::Sig
+
+        sig do
+          params(
+            dependency: Dependabot::Dependency,
+            credentials: T::Array[Dependabot::Credential]
+          ).void
+        end
+        def initialize(dependency:, credentials:)
+          @dependency = dependency
+          @credentials = credentials
+        end
+
+        sig { returns(Dependabot::Dependency) }
+        attr_reader :dependency
+
+        sig { returns(T::Array[T.untyped]) }
+        attr_reader :credentials
+
+        sig { returns(T.nilable(T::Array[Dependabot::Package::PackageRelease])) }
+        def available_versions
+          versions_metadata = fetch_tags_and_release_date
+
+          versions_metadata = fetch_latest_tag_info if versions_metadata.empty?
+
+          pseudo_version = versions_metadata.length + 1
+
+          versions_metadata.flat_map do |version_details|
+            pseudo_version -= 1
+            tag = version_details[:tag]
+            release_date = version_details[:release_date]
+
+            Dependabot::Package::PackageRelease.new(
+              version: Nix::Version.new("0.0.0-0.#{pseudo_version}"),
+              tag: tag,
+              released_at: release_date ? Time.parse(release_date) : nil
+            )
+          rescue ArgumentError
+            Dependabot::Package::PackageRelease.new(
+              version: Nix::Version.new("0.0.0-0.#{pseudo_version}"),
+              tag: tag
+            )
+          end
+        end
+
+        private
+
+        TARGET_COMMITS_TO_FETCH = 500
+        private_constant :TARGET_COMMITS_TO_FETCH
+
+        sig { returns(T::Array[T::Hash[Symbol, T.untyped]]) }
+        def fetch_latest_tag_info
+          client = build_client
+          head = client.head_commit_for_current_branch
+          return [] unless head
+
+          [{ tag: head }]
+        end
+
+        sig { returns(T::Array[T::Hash[Symbol, T.untyped]]) }
+        def fetch_tags_and_release_date
+          parsed_results = T.let([], T::Array[T::Hash[Symbol, T.untyped]])
+
+          begin
+            Dependabot.logger.info("Fetching release info for Nix flake input: #{dependency.name}")
+            client = build_client
+
+            sha = T.let(nil, T.nilable(String))
+            catch :found do
+              while parsed_results.length < TARGET_COMMITS_TO_FETCH
+                commits = get_commits(client, sha)
+                break if commits.empty?
+
+                commits.each do |commit|
+                  sha = commit["sha"]
+                  parsed_results << {
+                    tag: sha,
+                    release_date: commit.dig("commit", "committer", "date")
+                  }
+                  throw :found if sha == dependency.version
+                end
+                break if commits.length < Dependabot::GitMetadataFetcher::MAX_COMMITS_PER_PAGE
+              end
+            end
+            parsed_results
+          rescue StandardError => e
+            Dependabot.logger.error("Error while fetching package info for nix flake input: #{e.message}")
+            parsed_results
+          end
+        end
+
+        sig { returns(Dependabot::GitCommitChecker) }
+        def build_client
+          Dependabot::GitCommitChecker.new(
+            dependency: dependency,
+            credentials: credentials
+          )
+        end
+
+        sig do
+          params(
+            client: Dependabot::GitCommitChecker,
+            sha: T.nilable(String)
+          ).returns(T::Array[T::Hash[String, T.untyped]])
+        end
+        def get_commits(client, sha)
+          response = sha.nil? ? client.ref_details_for_pinned_ref : client.ref_details(sha)
+
+          unless response.status == 200
+            Dependabot.logger.error(
+              "Error while fetching details for #{dependency.name}: #{response.body}"
+            )
+          end
+
+          return [] unless response.status == 200
+
+          commits = JSON.parse(response.body)
+          sha.nil? || commits.empty? ? commits : commits[1..]
+        rescue StandardError => e
+          Dependabot.logger.error("Error fetching commits: #{e.message}")
+          []
+        end
+      end
+    end
+  end
+end

data/lib/dependabot/nix/package_manager.rb

@@ -0,0 +1,39 @@
+# typed: strong
+# frozen_string_literal: true
+
+require "sorbet-runtime"
+require "dependabot/ecosystem"
+require "dependabot/nix/version"
+
+module Dependabot
+  module Nix
+    ECOSYSTEM = "nix"
+    PACKAGE_MANAGER = "nix"
+    SUPPORTED_NIX_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
+    DEPRECATED_NIX_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
+
+    class PackageManager < Dependabot::Ecosystem::VersionManager
+      extend T::Sig
+
+      sig { params(raw_version: String).void }
+      def initialize(raw_version)
+        super(
+          name: PACKAGE_MANAGER,
+          version: Version.new(raw_version),
+          deprecated_versions: DEPRECATED_NIX_VERSIONS,
+          supported_versions: SUPPORTED_NIX_VERSIONS
+        )
+      end
+
+      sig { returns(T::Boolean) }
+      def deprecated?
+        false
+      end
+
+      sig { returns(T::Boolean) }
+      def unsupported?
+        false
+      end
+    end
+  end
+end

data/lib/dependabot/nix/requirement.rb

@@ -0,0 +1,32 @@
+# typed: strong
+# frozen_string_literal: true
+
+require "sorbet-runtime"
+
+require "dependabot/requirement"
+require "dependabot/utils"
+
+module Dependabot
+  module Nix
+    class Requirement < Dependabot::Requirement
+      extend T::Sig
+
+      sig { override.params(requirement_string: T.nilable(String)).returns(T::Array[Requirement]) }
+      def self.requirements_array(requirement_string)
+        [new(requirement_string)]
+      end
+
+      sig { params(requirements: T.nilable(String)).void }
+      def initialize(*requirements)
+        requirements = requirements.flatten.flat_map do |req_string|
+          req_string&.split(",")&.map(&:strip)
+        end
+
+        super(requirements)
+      end
+    end
+  end
+end
+
+Dependabot::Utils
+  .register_requirement_class("nix", Dependabot::Nix::Requirement)

data/lib/dependabot/nix/update_checker/latest_version_finder.rb

@@ -0,0 +1,60 @@
+# typed: strong
+# frozen_string_literal: true
+
+require "sorbet-runtime"
+
+require "dependabot/package/package_latest_version_finder"
+require "dependabot/package/package_details"
+require "dependabot/nix/update_checker"
+require "dependabot/nix/package/package_details_fetcher"
+
+module Dependabot
+  module Nix
+    class UpdateChecker
+      class LatestVersionFinder < Dependabot::Package::PackageLatestVersionFinder
+        extend T::Sig
+
+        sig do
+          override.params(releases: T::Array[Dependabot::Package::PackageRelease])
+                  .returns(T::Array[Dependabot::Package::PackageRelease])
+        end
+        def apply_post_fetch_latest_versions_filter(releases)
+          if releases.empty?
+            Dependabot.logger.info("No releases found for #{dependency.name} after applying filters.")
+            return releases
+          end
+
+          # Fallback so the current version is always in the candidate set
+          releases << Dependabot::Package::PackageRelease.new(
+            version: Nix::Version.new("0.0.0-0.0"),
+            tag: dependency.version
+          )
+          releases
+        end
+
+        # All Nix versions are pseudo-versions with prerelease segments (0.0.0-0.N),
+        # so we must always include prereleases to avoid filtering everything out.
+        sig { override.returns(T::Boolean) }
+        def wants_prerelease?
+          true
+        end
+
+        private
+
+        sig { override.returns(T.nilable(Dependabot::Package::PackageDetails)) }
+        def package_details
+          @package_details ||= T.let(
+            Dependabot::Package::PackageDetails.new(
+              dependency: dependency,
+              releases: Package::PackageDetailsFetcher.new(
+                dependency: dependency,
+                credentials: credentials
+              ).available_versions || []
+            ),
+            T.nilable(Dependabot::Package::PackageDetails)
+          )
+        end
+      end
+    end
+  end
+end

data/lib/dependabot/nix/update_checker.rb

@@ -0,0 +1,78 @@
+# typed: strong
+# frozen_string_literal: true
+
+require "sorbet-runtime"
+
+require "dependabot/update_checkers"
+require "dependabot/update_checkers/base"
+require "dependabot/nix/version"
+require "dependabot/nix/requirement"
+require "dependabot/git_commit_checker"
+
+module Dependabot
+  module Nix
+    class UpdateChecker < Dependabot::UpdateCheckers::Base
+      extend T::Sig
+
+      require_relative "update_checker/latest_version_finder"
+
+      sig { override.returns(T.nilable(T.any(String, Dependabot::Version))) }
+      def latest_version
+        @latest_version ||=
+          T.let(
+            fetch_latest_version,
+            T.nilable(T.any(String, Dependabot::Version))
+          )
+      end
+
+      sig { override.returns(T.nilable(T.any(String, Dependabot::Version))) }
+      def latest_resolvable_version
+        # Resolvability isn't an issue for flake inputs — they're independent.
+        latest_version
+      end
+
+      sig { override.returns(T.nilable(T.any(String, Dependabot::Version))) }
+      def latest_resolvable_version_with_no_unlock
+        # No concept of "unlocking" for flake inputs
+        latest_version
+      end
+
+      sig { override.returns(T::Array[T::Hash[Symbol, T.untyped]]) }
+      def updated_requirements
+        # Flake input requirements are the URL and branch — we never update those.
+        dependency.requirements
+      end
+
+      private
+
+      sig { override.returns(T::Boolean) }
+      def latest_version_resolvable_with_full_unlock?
+        # Full unlock checks aren't relevant for flake inputs
+        false
+      end
+
+      sig { override.returns(T::Array[Dependabot::Dependency]) }
+      def updated_dependencies_after_full_unlock
+        raise NotImplementedError
+      end
+
+      sig { returns(T.nilable(String)) }
+      def fetch_latest_version
+        T.let(
+          LatestVersionFinder.new(
+            dependency: dependency,
+            dependency_files: dependency_files,
+            credentials: credentials,
+            ignored_versions: ignored_versions,
+            security_advisories: security_advisories,
+            cooldown_options: update_cooldown,
+            raise_on_ignored: raise_on_ignored
+          ).latest_tag,
+          T.nilable(String)
+        )
+      end
+    end
+  end
+end
+
+Dependabot::UpdateCheckers.register("nix", Dependabot::Nix::UpdateChecker)

data/lib/dependabot/nix/version.rb

@@ -0,0 +1,15 @@
+# typed: strong
+# frozen_string_literal: true
+
+require "dependabot/version"
+require "dependabot/utils"
+
+module Dependabot
+  module Nix
+    class Version < Dependabot::Version
+    end
+  end
+end
+
+Dependabot::Utils
+  .register_version_class("nix", Dependabot::Nix::Version)

data/lib/dependabot/nix.rb

@@ -0,0 +1,20 @@
+# typed: strong
+# frozen_string_literal: true
+
+# These all need to be required so the various classes can be registered in a
+# lookup table of package manager names to concrete classes.
+require "dependabot/nix/file_fetcher"
+require "dependabot/nix/file_parser"
+require "dependabot/nix/update_checker"
+require "dependabot/nix/file_updater"
+require "dependabot/nix/metadata_finder"
+require "dependabot/nix/version"
+require "dependabot/nix/requirement"
+
+require "dependabot/pull_request_creator/labeler"
+Dependabot::PullRequestCreator::Labeler
+  .register_label_details("nix", name: "nix", colour: "3E6399")
+
+require "dependabot/dependency"
+Dependabot::Dependency
+  .register_production_check("nix", ->(_) { true })

metadata

@@ -0,0 +1,278 @@
+--- !ruby/object:Gem::Specification
+name: dependabot-nix
+version: !ruby/object:Gem::Version
+  version: 0.367.0
+platform: ruby
+authors:
+- Dependabot
+bindir: bin
+cert_chain: []
+date: 1980-01-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: dependabot-common
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.367.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.367.0
+- !ruby/object:Gem::Dependency
+  name: debug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+- !ruby/object:Gem::Dependency
+  name: gpgme
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.2'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.12'
+- !ruby/object:Gem::Dependency
+  name: rspec-its
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: rspec-sorbet
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.80'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.80'
+- !ruby/object:Gem::Dependency
+  name: rubocop-performance
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.26'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.26'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.7'
+- !ruby/object:Gem::Dependency
+  name: rubocop-sorbet
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.10'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.10'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.22'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.22'
+- !ruby/object:Gem::Dependency
+  name: turbo_tests
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.2.5
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.2.5
+- !ruby/object:Gem::Dependency
+  name: vcr
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.1'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.25'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.25'
+- !ruby/object:Gem::Dependency
+  name: webrick
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+description: Dependabot-Nix provides support for bumping Nix dependencies via Dependabot.
+  If you want support for multiple package managers, you probably want the meta-gem
+  dependabot-omnibus.
+email: opensource@github.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/dependabot/nix.rb
+- lib/dependabot/nix/file_fetcher.rb
+- lib/dependabot/nix/file_parser.rb
+- lib/dependabot/nix/file_updater.rb
+- lib/dependabot/nix/metadata_finder.rb
+- lib/dependabot/nix/package/package_details_fetcher.rb
+- lib/dependabot/nix/package_manager.rb
+- lib/dependabot/nix/requirement.rb
+- lib/dependabot/nix/update_checker.rb
+- lib/dependabot/nix/update_checker/latest_version_finder.rb
+- lib/dependabot/nix/version.rb
+homepage: https://github.com/dependabot/dependabot-core
+licenses:
+- MIT
+metadata:
+  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.367.0
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.3.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.3.0
+requirements: []
+rubygems_version: 3.7.2
+specification_version: 4
+summary: Provides Dependabot support for Nix
+test_files: []