RubyGems - dependabot-nix - Versions diffs - 0.368.0 → 0.370.0 - Mend

dependabot-nix 0.368.0 → 0.370.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml +4 -4
data/lib/dependabot/nix/file_parser.rb +1 -1
data/lib/dependabot/nix/file_updater.rb +36 -6
data/lib/dependabot/nix/flake_nix_parser.rb +206 -0
data/lib/dependabot/nix/update_checker/versioned_branch_finder.rb +184 -0
data/lib/dependabot/nix/update_checker.rb +132 -6
metadata +6 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b0e3f983942dcb2716e77e6a4390dd075677fa30e80cf274016ccd88a880d9fb
-  data.tar.gz: 7064ea395d8cf247a1a15049be7826ad64cca2b7160db34e8e39e8d99f04c46c
+  metadata.gz: 7b92e30b98746b2c1f5856c15463bd7c0c8c9cc072027364feaa931946945a74
+  data.tar.gz: 35a7af97d0d7225b0e390cdb705eb0f58650d1895a73c399d8328926b5bff74d
 SHA512:
-  metadata.gz: f2d486cd013b48ef06a956cb0496fe55c63b43b70b20aca5f13d4fdd0ef680743d75abc476b01a7582e46b557c13de405355203614ab902b964434cf371bbc00
-  data.tar.gz: 495215f3e0cbe0fe06ad86078fe9402afc46a9795cf8f20149c9cd65a86173c4cbccb027f26beaf2dbda27f176fa3b527b5e5cc5ce23a3b3bfc51e6b17a18931
+  metadata.gz: b65a8cf1a67737b11fb3db6c40e29220b51cbdcf7d0daa65aae05282febe4ee7d2e6bb5fca4d34623b1328bca60eca0fd7f6db177f5cb7baa2c77b87343bd89a
+  data.tar.gz: d2ca3a0197a030d0383f5b67d7146e207d97770c156604e8b0da0a3aba91e4a8720b3a187ae161f404155cf3b81046f7f4ba86320e3a732004f1a5652bfc2d32

data/lib/dependabot/nix/file_parser.rb CHANGED Viewed

@@ -149,7 +149,7 @@ module Dependabot
           requirements: [{
             requirement: nil,
             file: "flake.lock",
-            source: { type: "git", url: url, branch: ref, ref: ref },
+            source: { type: "git", url: url, branch: nil, ref: ref },
             groups: []
           }]
         )

data/lib/dependabot/nix/file_updater.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: strong
+# typed: strict
 # frozen_string_literal: true
 require "sorbet-runtime"
@@ -7,6 +7,7 @@ require "dependabot/errors"
 require "dependabot/file_updaters"
 require "dependabot/file_updaters/base"
 require "dependabot/shared_helpers"
+require "dependabot/nix/flake_nix_parser"
 module Dependabot
   module Nix
@@ -15,14 +16,20 @@ module Dependabot
       sig { override.returns(T::Array[Dependabot::DependencyFile]) }
       def updated_dependency_files
-        updated_lockfile_content = update_flake_lock
+        updated_files = []
+        updated_flake_nix_content = update_flake_nix
+        updated_files << updated_file(file: flake_nix, content: updated_flake_nix_content) if updated_flake_nix_content
+        updated_lockfile_content = update_flake_lock(updated_flake_nix_content)
         if updated_lockfile_content == flake_lock.content
           raise Dependabot::DependencyFileContentNotChanged,
                 "Expected flake.lock to change for #{dependency.name}, but it didn't"
         end
-        [updated_file(file: flake_lock, content: updated_lockfile_content)]
+        updated_files << updated_file(file: flake_lock, content: updated_lockfile_content)
+        updated_files
       end
       private
@@ -32,13 +39,26 @@ module Dependabot
         T.must(dependencies.first)
       end
-      sig { returns(String) }
-      def update_flake_lock
+      # Returns updated flake.nix content if the ref changed, nil otherwise.
+      sig { returns(T.nilable(String)) }
+      def update_flake_nix
+        new_ref = new_source_ref
+        return unless new_ref
+        old_ref = old_source_ref
+        return unless old_ref
+        return if old_ref == new_ref
+        FlakeNixParser.update_input_ref(T.must(flake_nix.content), dependency.name, new_ref)
+      end
+      sig { params(updated_nix_content: T.nilable(String)).returns(String) }
+      def update_flake_lock(updated_nix_content)
         SharedHelpers.in_a_temporary_repo_directory(
           flake_lock.directory,
           repo_contents_path
         ) do
-          File.write("flake.nix", T.must(flake_nix.content))
+          File.write("flake.nix", updated_nix_content || T.must(flake_nix.content))
           File.write("flake.lock", T.must(flake_lock.content))
           SharedHelpers.run_shell_command(
@@ -50,6 +70,16 @@ module Dependabot
         end
       end
+      sig { returns(T.nilable(String)) }
+      def new_source_ref
+        dependency.requirements.first&.dig(:source, :ref)
+      end
+      sig { returns(T.nilable(String)) }
+      def old_source_ref
+        dependency.previous_requirements&.first&.dig(:source, :ref)
+      end
       sig { override.void }
       def check_required_files
         %w(flake.nix flake.lock).each do |filename|

data/lib/dependabot/nix/flake_nix_parser.rb ADDED Viewed

@@ -0,0 +1,206 @@
+# typed: strict
+# frozen_string_literal: true
+require "sorbet-runtime"
+module Dependabot
+  module Nix
+    # Parses flake.nix content to locate input URL declarations and extract
+    # their components (scheme, owner, repo, ref). Only handles the shorthand
+    # URL schemes (github:, gitlab:, sourcehut:) since those are the ones
+    # where the ref appears inline in the URL string.
+    class FlakeNixParser
+      extend T::Sig
+      # Matches shorthand flake URLs: github:owner/repo/ref or github:owner/repo
+      # Also handles gitlab: and sourcehut:~owner/repo/ref
+      FLAKE_URL_PATTERN = %r{
+        (?<scheme>github|gitlab|sourcehut):
+        (?<owner>~?[a-zA-Z0-9_\-\.]+)/
+        (?<repo>[a-zA-Z0-9_\-\.]+)
+        (?:/(?<ref>[a-zA-Z0-9_\-\./]+))?
+        (?:\?(?<query>[^"]*))?
+      }x
+      private_constant :FLAKE_URL_PATTERN
+      # Matches indirect/registry shorthand URLs: nixpkgs/nixos-24.11
+      # These have no scheme prefix (no ":") and resolve via the nix flake registry.
+      INDIRECT_URL_PATTERN = %r{
+        \A(?<id>[a-zA-Z0-9_\-]+)
+        /(?<ref>[a-zA-Z0-9_\-\./]+)\z
+      }x
+      private_constant :INDIRECT_URL_PATTERN
+      # Matches an input URL assignment tied to a specific input name.
+      # Covers the common syntactic forms:
+      #   inputs.NAME.url = "URL";
+      #   NAME.url = "URL";
+      #   NAME = { ... url = "URL"; ... };
+      #
+      # We build these dynamically per input name so that the name is anchored
+      # in the regex.
+      sig { params(content: String, input_name: String).returns(T.nilable(InputUrl)) }
+      def self.find_input_url(content, input_name)
+        new(content, input_name).find
+      end
+      sig { params(content: String, input_name: String, new_ref: String).returns(T.nilable(String)) }
+      def self.update_input_ref(content, input_name, new_ref)
+        new(content, input_name).update_ref(new_ref)
+      end
+      sig { params(content: String, input_name: String).void }
+      def initialize(content, input_name)
+        @content = content
+        @input_name = input_name
+      end
+      sig { returns(T.nilable(InputUrl)) }
+      def find
+        match = find_url_match
+        return unless match
+        url_str = match[:url]
+        # Try shorthand scheme first (github:, gitlab:, sourcehut:)
+        url_match = FLAKE_URL_PATTERN.match(url_str)
+        if url_match
+          return InputUrl.new(
+            full_url: url_str,
+            scheme: T.must(url_match[:scheme]),
+            owner: T.must(url_match[:owner]),
+            repo: T.must(url_match[:repo]),
+            ref: url_match[:ref],
+            query: url_match[:query],
+            match_start: match[:url_start],
+            match_end: match[:url_end]
+          )
+        end
+        # Try indirect/registry shorthand (e.g. nixpkgs/nixos-24.11)
+        indirect_match = INDIRECT_URL_PATTERN.match(url_str)
+        return unless indirect_match
+        InputUrl.new(
+          full_url: url_str,
+          scheme: "indirect",
+          owner: T.must(indirect_match[:id]),
+          repo: "",
+          ref: indirect_match[:ref],
+          query: nil,
+          match_start: match[:url_start],
+          match_end: match[:url_end]
+        )
+      end
+      sig { params(new_ref: String).returns(T.nilable(String)) }
+      def update_ref(new_ref)
+        input_url = find
+        return unless input_url
+        return unless input_url.ref # nothing to update if no ref
+        old_url = input_url.full_url
+        new_url = build_updated_url(input_url, new_ref)
+        updated = @content.dup
+        # Replace within the known match boundaries to avoid accidental matches elsewhere
+        updated[input_url.match_start...input_url.match_end] =
+          T.must(updated[input_url.match_start...input_url.match_end]).sub(old_url, new_url)
+        updated
+      end
+      private
+      sig { returns(String) }
+      attr_reader :content
+      sig { returns(String) }
+      attr_reader :input_name
+      # Returns a hash with :url, :url_start, :url_end if found, or nil.
+      sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
+      def find_url_match
+        escaped_name = Regexp.escape(input_name)
+        # Nix identifiers can contain letters, digits, underscores, hyphens, and apostrophes.
+        # Anchor the name so we don't match inside longer identifiers (e.g. "my-nixpkgs").
+        bounded_name = "(?<![A-Za-z0-9_'\\-])#{escaped_name}(?![A-Za-z0-9_'\\-])"
+        # Pattern 1: inputs.NAME.url = "URL";
+        # Pattern 2: NAME.url = "URL";  (inside inputs block)
+        url_assignment = /(?:inputs\.)?#{bounded_name}\.url\s*=\s*"(?<url>[^"]+)"/
+        match = find_uncommented_match(url_assignment)
+        return url_match_hash(match) if match
+        # Pattern 3: NAME = { ... url = "URL"; ... }
+        # Use a non-greedy match to find the url inside the attribute set
+        attr_set = /#{bounded_name}\s*=\s*\{[^}]*?\burl\s*=\s*"(?<url>[^"]+)"/m
+        match = find_uncommented_match(attr_set)
+        return url_match_hash(match) if match
+        nil
+      end
+      # Finds the first match that isn't inside a Nix comment (# or /* */).
+      sig { params(pattern: Regexp).returns(T.nilable(MatchData)) }
+      def find_uncommented_match(pattern)
+        content.to_enum(:scan, pattern).each do
+          match = T.must(Regexp.last_match)
+          next if inside_comment?(match.begin(0))
+          return match
+        end
+        nil
+      end
+      sig { params(pos: Integer).returns(T::Boolean) }
+      def inside_comment?(pos)
+        # Check for single-line comment: # at start of line before pos
+        line_start = content.rindex("\n", pos)&.+(1) || 0
+        line_before_pos = content[line_start...pos]
+        return true if line_before_pos&.match?(/(?:^|[^&])#/)
+        # Check for block comment: /* before pos without a closing */ between them
+        last_open = content.rindex("/*", pos)
+        return false unless last_open
+        last_close = content.rindex("*/", pos)
+        last_open > (last_close || -1)
+      end
+      sig { params(match: MatchData).returns(T::Hash[Symbol, T.untyped]) }
+      def url_match_hash(match)
+        url_capture_start = match.begin(:url)
+        url_capture_end = match.end(:url)
+        {
+          url: match[:url],
+          url_start: url_capture_start,
+          url_end: url_capture_end
+        }
+      end
+      sig { params(input_url: InputUrl, new_ref: String).returns(String) }
+      def build_updated_url(input_url, new_ref)
+        if input_url.scheme == "indirect"
+          "#{input_url.owner}/#{new_ref}"
+        else
+          base = "#{input_url.scheme}:#{input_url.owner}/#{input_url.repo}/#{new_ref}"
+          input_url.query ? "#{base}?#{input_url.query}" : base
+        end
+      end
+      # Represents a parsed flake input URL from flake.nix
+      class InputUrl < T::Struct
+        const :full_url, String
+        const :scheme, String
+        const :owner, String
+        const :repo, String
+        const :ref, T.nilable(String)
+        const :query, T.nilable(String)
+        # Character positions of the URL string within the flake.nix content
+        # (inside the quotes, not including the quotes themselves)
+        const :match_start, Integer
+        const :match_end, Integer
+      end
+    end
+  end
+end

data/lib/dependabot/nix/update_checker/versioned_branch_finder.rb ADDED Viewed

@@ -0,0 +1,184 @@
+# typed: strict
+# frozen_string_literal: true
+require "sorbet-runtime"
+require "dependabot/nix/update_checker"
+require "dependabot/nix/requirement"
+require "dependabot/git_metadata_fetcher"
+require "dependabot/git_ref"
+module Dependabot
+  module Nix
+    class UpdateChecker
+      # Detects versioned branch naming patterns (e.g. nixos-24.11, release-24.11)
+      # and finds the latest branch matching the same prefix.
+      class VersionedBranchFinder
+        extend T::Sig
+        # Matches branch names with a YY.MM version segment and optional suffix.
+        # Captures: prefix (including separator), version, and optional suffix.
+        # Examples: "nixos-24.11" => prefix="nixos-", version="24.11", suffix=nil
+        #           "nixos-24.11-small" => prefix="nixos-", version="24.11", suffix="-small"
+        #           "release-24.11-aarch64" => prefix="release-", version="24.11", suffix="-aarch64"
+        VERSIONED_BRANCH_PATTERN = /\A(.+[.\-_])(\d{2}\.\d{2})(-[a-zA-Z0-9]+)?\z/
+        private_constant :VERSIONED_BRANCH_PATTERN
+        sig do
+          params(
+            current_ref: String,
+            dependency: Dependabot::Dependency,
+            credentials: T::Array[Dependabot::Credential],
+            ignored_versions: T::Array[String]
+          ).void
+        end
+        def initialize(current_ref:, dependency:, credentials:, ignored_versions: [])
+          @current_ref = current_ref
+          @dependency = dependency
+          @credentials = credentials
+          @ignored_versions = ignored_versions
+        end
+        # Returns true if the current ref looks like a versioned branch.
+        sig { returns(T::Boolean) }
+        def versioned_branch?
+          !branch_version_match.nil?
+        end
+        # Returns the latest versioned branch info or nil if no newer branch exists.
+        # Returns { branch: "nixos-25.05", commit_sha: "abc123" } or nil.
+        sig { returns(T.nilable(T::Hash[Symbol, String])) }
+        def latest_versioned_branch
+          match = branch_version_match
+          return unless match
+          prefix = match[1]
+          current_version = parse_version(T.must(match[2]))
+          return unless current_version
+          suffix = match[3] # nil if no suffix, e.g. "-small" if present
+          find_latest_branch(T.must(prefix), current_version, suffix)
+        end
+        private
+        sig { returns(String) }
+        attr_reader :current_ref
+        sig { returns(Dependabot::Dependency) }
+        attr_reader :dependency
+        sig { returns(T::Array[Dependabot::Credential]) }
+        attr_reader :credentials
+        sig { returns(T::Array[String]) }
+        attr_reader :ignored_versions
+        sig { returns(T.nilable(MatchData)) }
+        def branch_version_match
+          @branch_version_match ||= T.let(
+            VERSIONED_BRANCH_PATTERN.match(current_ref),
+            T.nilable(MatchData)
+          )
+        end
+        sig do
+          params(
+            prefix: String,
+            current_version: T::Array[Integer],
+            suffix: T.nilable(String)
+          ).returns(T.nilable(T::Hash[Symbol, String]))
+        end
+        def find_latest_branch(prefix, current_version, suffix)
+          candidates = remote_branches.filter_map do |ref|
+            build_candidate(ref, prefix, current_version, suffix)
+          end
+          latest = candidates.max_by { |c| c[:version] }
+          return unless latest
+          { branch: latest[:branch].to_s, commit_sha: latest[:commit_sha].to_s }
+        end
+        sig do
+          params(
+            ref: Dependabot::GitRef,
+            prefix: String,
+            current_version: T::Array[Integer],
+            suffix: T.nilable(String)
+          ).returns(T.nilable(T::Hash[Symbol, T.untyped]))
+        end
+        def build_candidate(ref, prefix, current_version, suffix)
+          branch_match = VERSIONED_BRANCH_PATTERN.match(ref.name)
+          return unless branch_match
+          return unless branch_match[1] == prefix
+          return unless branch_match[3] == suffix
+          version_str = T.must(branch_match[2])
+          version = parse_version(version_str)
+          return unless version
+          return unless (version <=> current_version) == 1
+          return if version_ignored?(version_str)
+          { branch: ref.name, commit_sha: ref.commit_sha, version: version }
+        end
+        sig { params(version_str: String).returns(T::Boolean) }
+        def version_ignored?(version_str)
+          return false if ignore_requirements.empty?
+          gem_version = Gem::Version.new(version_str)
+          ignore_requirements.any? { |req| req.satisfied_by?(gem_version) }
+        end
+        # Parses "YY.MM" into [year, month] for comparison.
+        sig { params(version_str: String).returns(T.nilable(T::Array[Integer])) }
+        def parse_version(version_str)
+          parts = version_str.split(".")
+          return unless parts.length == 2
+          year = Integer(T.must(parts[0]), 10)
+          month = Integer(T.must(parts[1]), 10)
+          return unless month.between?(1, 12)
+          [year, month]
+        rescue ArgumentError
+          nil
+        end
+        sig { returns(T::Array[Gem::Requirement]) }
+        def ignore_requirements
+          @ignore_requirements ||= T.let(
+            ignored_versions.flat_map do |req|
+              Dependabot::Nix::Requirement.requirements_array(req)
+            rescue Gem::Requirement::BadRequirementError
+              []
+            end,
+            T.nilable(T::Array[Gem::Requirement])
+          )
+        end
+        sig { returns(T::Array[Dependabot::GitRef]) }
+        def remote_branches
+          @remote_branches ||= T.let(
+            git_metadata_fetcher.refs_for_upload_pack.select do |ref|
+              ref.ref_type == Dependabot::RefType::Head
+            end,
+            T.nilable(T::Array[Dependabot::GitRef])
+          )
+        end
+        sig { returns(Dependabot::GitMetadataFetcher) }
+        def git_metadata_fetcher
+          @git_metadata_fetcher ||= T.let(
+            Dependabot::GitMetadataFetcher.new(
+              url: dependency.source_details&.fetch(:url, nil),
+              credentials: credentials
+            ),
+            T.nilable(Dependabot::GitMetadataFetcher)
+          )
+        end
+      end
+    end
+  end
+end

data/lib/dependabot/nix/update_checker.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: strong
+# typed: strict
 # frozen_string_literal: true
 require "sorbet-runtime"
@@ -15,6 +15,7 @@ module Dependabot
       extend T::Sig
       require_relative "update_checker/latest_version_finder"
+      require_relative "update_checker/versioned_branch_finder"
       sig { override.returns(T.nilable(T.any(String, Dependabot::Version))) }
       def latest_version
@@ -27,27 +28,29 @@ module Dependabot
       sig { override.returns(T.nilable(T.any(String, Dependabot::Version))) }
       def latest_resolvable_version
-        # Resolvability isn't an issue for flake inputs — they're independent.
         latest_version
       end
       sig { override.returns(T.nilable(T.any(String, Dependabot::Version))) }
       def latest_resolvable_version_with_no_unlock
-        # No concept of "unlocking" for flake inputs
         latest_version
       end
       sig { override.returns(T::Array[T::Hash[Symbol, T.untyped]]) }
       def updated_requirements
-        # Flake input requirements are the URL and branch — we never update those.
-        dependency.requirements
+        if ref_pinned_to_version_tag?
+          updated_requirements_for_tag
+        elsif ref_is_versioned_branch?
+          updated_requirements_for_versioned_branch
+        else
+          dependency.requirements
+        end
       end
       private
       sig { override.returns(T::Boolean) }
       def latest_version_resolvable_with_full_unlock?
-        # Full unlock checks aren't relevant for flake inputs
         false
       end
@@ -58,6 +61,77 @@ module Dependabot
       sig { returns(T.nilable(String)) }
       def fetch_latest_version
+        if ref_pinned_to_version_tag?
+          fetch_latest_version_for_tag
+        elsif ref_is_versioned_branch?
+          fetch_latest_version_for_versioned_branch || fetch_latest_version_for_commit
+        else
+          fetch_latest_version_for_commit
+        end
+      end
+      # --- Tag-pinned ref support ---
+      sig { returns(T::Array[T::Hash[Symbol, T.untyped]]) }
+      def updated_requirements_for_tag
+        new_tag = latest_version_tag
+        return dependency.requirements unless new_tag
+        dependency.requirements.map do |req|
+          source = req[:source]
+          next req unless source
+          req.merge(source: source.merge(ref: new_tag[:tag], branch: nil))
+        end
+      end
+      sig { returns(T.nilable(String)) }
+      def fetch_latest_version_for_tag
+        tag = latest_version_tag
+        tag&.fetch(:commit_sha)
+      end
+      sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
+      def latest_version_tag
+        @latest_version_tag ||= T.let(
+          git_commit_checker.local_tag_for_latest_version,
+          T.nilable(T::Hash[Symbol, T.untyped])
+        )
+      end
+      # --- Versioned branch support ---
+      sig { returns(T::Array[T::Hash[Symbol, T.untyped]]) }
+      def updated_requirements_for_versioned_branch
+        result = latest_versioned_branch
+        return dependency.requirements unless result
+        dependency.requirements.map do |req|
+          source = req[:source]
+          next req unless source
+          req.merge(source: source.merge(ref: result[:branch], branch: nil))
+        end
+      end
+      sig { returns(T.nilable(String)) }
+      def fetch_latest_version_for_versioned_branch
+        result = latest_versioned_branch
+        result&.fetch(:commit_sha)
+      end
+      sig { returns(T.nilable(T::Hash[Symbol, String])) }
+      def latest_versioned_branch
+        @latest_versioned_branch ||= T.let(
+          versioned_branch_finder&.latest_versioned_branch,
+          T.nilable(T::Hash[Symbol, String])
+        )
+      end
+      # --- Commit-tracking (existing behavior) ---
+      sig { returns(T.nilable(String)) }
+      def fetch_latest_version_for_commit
         T.let(
           LatestVersionFinder.new(
             dependency: dependency,
@@ -71,6 +145,58 @@ module Dependabot
           T.nilable(String)
         )
       end
+      # --- Ref classification ---
+      sig { returns(T::Boolean) }
+      def ref_pinned_to_version_tag?
+        return false unless git_commit_checker.git_dependency?
+        return false unless dependency_source_ref
+        git_commit_checker.pinned_ref_looks_like_version?
+      end
+      sig { returns(T::Boolean) }
+      def ref_is_versioned_branch?
+        finder = versioned_branch_finder
+        return false unless finder
+        finder.versioned_branch?
+      end
+      sig { returns(T.nilable(String)) }
+      def dependency_source_ref
+        dependency.source_details(allowed_types: ["git"])&.fetch(:ref, nil)
+      end
+      sig { returns(T.nilable(VersionedBranchFinder)) }
+      def versioned_branch_finder
+        ref = dependency_source_ref
+        return unless ref
+        @versioned_branch_finder ||= T.let(
+          VersionedBranchFinder.new(
+            current_ref: ref,
+            dependency: dependency,
+            credentials: credentials,
+            ignored_versions: ignored_versions
+          ),
+          T.nilable(VersionedBranchFinder)
+        )
+      end
+      sig { returns(Dependabot::GitCommitChecker) }
+      def git_commit_checker
+        @git_commit_checker ||= T.let(
+          Dependabot::GitCommitChecker.new(
+            dependency: dependency,
+            credentials: credentials,
+            ignored_versions: ignored_versions,
+            raise_on_ignored: raise_on_ignored
+          ),
+          T.nilable(Dependabot::GitCommitChecker)
+        )
+      end
     end
   end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-nix
 version: !ruby/object:Gem::Version
-  version: 0.368.0
+  version: 0.370.0
 platform: ruby
 authors:
 - Dependabot
@@ -15,14 +15,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.368.0
+        version: 0.370.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.368.0
+        version: 0.370.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -245,19 +245,21 @@ files:
 - lib/dependabot/nix/file_fetcher.rb
 - lib/dependabot/nix/file_parser.rb
 - lib/dependabot/nix/file_updater.rb
+- lib/dependabot/nix/flake_nix_parser.rb
 - lib/dependabot/nix/metadata_finder.rb
 - lib/dependabot/nix/package/package_details_fetcher.rb
 - lib/dependabot/nix/package_manager.rb
 - lib/dependabot/nix/requirement.rb
 - lib/dependabot/nix/update_checker.rb
 - lib/dependabot/nix/update_checker/latest_version_finder.rb
+- lib/dependabot/nix/update_checker/versioned_branch_finder.rb
 - lib/dependabot/nix/version.rb
 homepage: https://github.com/dependabot/dependabot-core
 licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.368.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.370.0
 rdoc_options: []
 require_paths:
 - lib