dependabot-pre_commit 0.362.0 → 0.363.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4218be0a0ac564f79fe6b570a86323967d5fa38924801f1260e9e314dacf72bd
-  data.tar.gz: 11184797fefef083921b31eef2b74ca04a27e70ddf0e3f48cc7819554a8c2c56
+  metadata.gz: 992ba7269128211c8ce88fa7074245571db4980d9f2f9cee55b9dc90cbcc8c72
+  data.tar.gz: 8879531e1850590a92fc0966ff189a8578c161460510eb6ab3988d3c7f3f7158
 SHA512:
-  metadata.gz: 6963ef88985b49c16264d24f11b0da7857673a8c40c166bbb0b0d4fa8a03163a0b3422b1b13b5a0ba869413ca688b95f6654410fc460ff82959bde6d52aa0ab7
-  data.tar.gz: adcecfc80611486b0446a56cc6a95d011b1213e4266aff09b9bd0623fff26c1e87f513726449c8f4e7a34a3f1919cf1ba98a2e9f604696dc0f4cb5335b176e8b
+  metadata.gz: 5cafdaa259570be35235bc3f15fa47cd04a9adf85871f726b36043a6d5afb4388154c1d8819db13a705dd63d84fba4a196f4a4541d5357f8360f0596e39d3b6a
+  data.tar.gz: d073171bc7aecd0fe94f661a06be98d340ad454d7ae6a66cec9567ce00f39d4c4187ca422d28004a453630b5d6f64173f97ed04e915c4dcebfd28e8d9688f510

data/lib/dependabot/pre_commit/additional_dependency_checkers/dart.rb

@@ -0,0 +1,175 @@
+# typed: strict
+# frozen_string_literal: true
+
+require "sorbet-runtime"
+require "dependabot/dependency"
+require "dependabot/update_checkers"
+require "dependabot/pub/version"
+require "dependabot/pre_commit/additional_dependency_checkers"
+require "dependabot/pre_commit/additional_dependency_checkers/base"
+
+module Dependabot
+  module PreCommit
+    module AdditionalDependencyCheckers
+      class Dart < Base
+        extend T::Sig
+
+        sig { override.returns(T.nilable(String)) }
+        def latest_version
+          return nil unless package_name
+
+          @latest_version ||= T.let(
+            fetch_latest_version_via_pub_checker,
+            T.nilable(String)
+          )
+        end
+
+        sig { override.params(latest_version: String).returns(T::Array[T::Hash[Symbol, T.untyped]]) }
+        def updated_requirements(latest_version)
+          requirements.map do |original_req|
+            original_source = original_req[:source]
+            next original_req unless original_source.is_a?(Hash)
+            next original_req unless original_source[:type] == "additional_dependency"
+
+            original_requirement = original_req[:requirement]
+            new_requirement = build_updated_requirement(original_requirement, latest_version)
+
+            new_original_string = build_original_string(
+              package_name: original_source[:original_name] || original_source[:package_name],
+              requirement: new_requirement
+            )
+
+            new_source = original_source.merge(original_string: new_original_string)
+
+            original_req.merge(
+              requirement: new_requirement,
+              source: new_source
+            )
+          end
+        end
+
+        private
+
+        sig { returns(T.nilable(String)) }
+        def fetch_latest_version_via_pub_checker
+          pub_checker = pub_update_checker
+          return nil unless pub_checker
+
+          latest = pub_checker.latest_version
+          Dependabot.logger.info("Pub UpdateChecker found latest version: #{latest || 'none'}")
+
+          latest&.to_s
+        rescue Dependabot::DependabotError, Excon::Error => e
+          Dependabot.logger.debug("Error checking Dart package #{package_name}: #{e.message}")
+          nil
+        end
+
+        sig { returns(T.nilable(Dependabot::UpdateCheckers::Base)) }
+        def pub_update_checker
+          @pub_update_checker ||= T.let(
+            build_pub_update_checker,
+            T.nilable(Dependabot::UpdateCheckers::Base)
+          )
+        end
+
+        sig { returns(T.nilable(Dependabot::UpdateCheckers::Base)) }
+        def build_pub_update_checker
+          pub_dependency = build_pub_dependency
+          return nil unless pub_dependency
+
+          Dependabot.logger.info("Delegating to pub UpdateChecker for package: #{pub_dependency.name}")
+
+          Dependabot::UpdateCheckers.for_package_manager("pub").new(
+            dependency: pub_dependency,
+            dependency_files: build_pub_dependency_files,
+            credentials: credentials,
+            ignored_versions: [],
+            security_advisories: [],
+            raise_on_ignored: false
+          )
+        end
+
+        sig { returns(T.nilable(Dependabot::Dependency)) }
+        def build_pub_dependency
+          return nil unless package_name
+
+          version = current_version || extract_version_from_requirement
+
+          Dependabot::Dependency.new(
+            name: T.must(package_name),
+            version: version,
+            requirements: [{
+              requirement: version ? "^#{version}" : nil,
+              groups: ["dependencies"],
+              file: "pubspec.yaml",
+              source: nil
+            }],
+            package_manager: "pub"
+          )
+        end
+
+        sig { returns(T.nilable(String)) }
+        def extract_version_from_requirement
+          req_string = requirements.first&.dig(:requirement)
+          return nil unless req_string
+
+          version_part = req_string.to_s.sub(/\A(?:[~^]|[><=]+)\s*/, "")
+          return version_part if Dependabot::Pub::Version.correct?(version_part)
+
+          nil
+        end
+
+        sig { returns(T::Array[Dependabot::DependencyFile]) }
+        def build_pub_dependency_files
+          version = current_version || extract_version_from_requirement
+          requirement = version ? "^#{version}" : "any"
+
+          pubspec_content = <<~YAML
+            name: dependabot_pre_commit_check
+            version: 0.0.1
+            environment:
+              sdk: ">=3.0.0 <4.0.0"
+            dependencies:
+              #{T.must(package_name)}: #{requirement}
+          YAML
+
+          [
+            Dependabot::DependencyFile.new(
+              name: "pubspec.yaml",
+              content: pubspec_content
+            )
+          ]
+        end
+
+        sig do
+          params(
+            package_name: T.nilable(String),
+            requirement: T.nilable(String)
+          ).returns(String)
+        end
+        def build_original_string(package_name:, requirement:)
+          base = package_name.to_s
+          base = "#{base}:#{requirement}" if requirement
+          base
+        end
+
+        sig { params(original_requirement: T.nilable(String), new_version: String).returns(String) }
+        def build_updated_requirement(original_requirement, new_version)
+          return new_version unless original_requirement
+
+          operator_match = original_requirement.match(/\A(?<op>[~^]|[><=]+)\s*/)
+          if operator_match
+            "#{operator_match[:op]}#{new_version}"
+          else
+            new_version
+          end
+        end
+      end
+    end
+  end
+end
+
+Dependabot::PreCommit::AdditionalDependencyCheckers.register(
+  "dart",
+  Dependabot::PreCommit::AdditionalDependencyCheckers::Dart
+)

data/lib/dependabot/pre_commit/comment_version_helper.rb

@@ -0,0 +1,17 @@
+# typed: strong
+# frozen_string_literal: true
+
+module Dependabot
+  module PreCommit
+    module CommentVersionHelper
+      # Matches a version string in a comment, with optional "v" prefix.
+      # Examples: "v1", "v2.3.2", "7.3.0", "1.43.5"
+      COMMENT_VERSION_PATTERN = T.let(/v?\d+(?:\.\d+)*/, Regexp)
+
+      # Matches a version string preceded by a "frozen:" label or "#" prefix.
+      # Captures the version string (with optional "v" prefix) in group 1.
+      # Examples: "# frozen: v2.3.2" → "v2.3.2", "# v4.4.0" → "v4.4.0"
+      FROZEN_COMMENT_REF_PATTERN = T.let(/(?:frozen:\s*|#\s*)(#{COMMENT_VERSION_PATTERN})/, Regexp)
+    end
+  end
+end

data/lib/dependabot/pre_commit/file_parser.rb

@@ -12,6 +12,7 @@ require "dependabot/pre_commit/version"
 require "dependabot/pre_commit/requirement"
 require "dependabot/cargo/requirement"
 require "dependabot/npm_and_yarn/requirement"
+require "dependabot/pub/requirement"
 require "dependabot/python/requirement_parser"
 require "dependabot/bundler/requirement"
 require "dependabot/go_modules/requirement_parser"
@@ -32,7 +33,8 @@ module Dependabot
           "node" => ->(dep_string) { Dependabot::NpmAndYarn::Requirement.parse_dep_string(dep_string) },
           "rust" => ->(dep_string) { Dependabot::Cargo::Requirement.parse_dep_string(dep_string) },
           "golang" => ->(dep_string) { Dependabot::GoModules::RequirementParser.parse(dep_string) },
-          "ruby" => ->(dep_string) { Dependabot::Bundler::Requirement.parse_dep_string(dep_string) }
+          "ruby" => ->(dep_string) { Dependabot::Bundler::Requirement.parse_dep_string(dep_string) },
+          "dart" => ->(dep_string) { Dependabot::Pub::Requirement.parse_dep_string(dep_string) }
         }.freeze,
         T::Hash[String, T.proc.params(dep_string: String).returns(T.nilable(T::Hash[Symbol, T.untyped]))]
       )
@@ -102,6 +104,8 @@ module Dependabot
         return nil if repo_url.nil? || rev.nil?
         return nil if %w(local meta).include?(repo_url)
 
+        comment = rev_line_comment(file, repo_url)
+
         Dependency.new(
           name: repo_url,
           version: rev,
@@ -114,7 +118,8 @@ module Dependabot
               url: repo_url,
               ref: rev,
               branch: nil
-            }
+            },
+            metadata: { comment: comment }
           }],
           package_manager: ECOSYSTEM
         )
@@ -192,6 +197,28 @@ module Dependabot
         dependencies
       end
 
+      sig do
+        params(
+          file: Dependabot::DependencyFile,
+          repo_url: String
+        ).returns(T.nilable(String))
+      end
+      def rev_line_comment(file, repo_url)
+        current_repo = T.let(nil, T.nilable(String))
+
+        T.must(file.content).each_line do |line|
+          repo_match = line.match(/^\s*-\s*repo:\s*(\S+)/)
+          current_repo = repo_match[1] if repo_match
+
+          next unless current_repo == repo_url
+
+          rev_match = line.match(/^\s*rev:\s*\S+\s*(#.*)$/)
+          return T.must(rev_match[1]).rstrip if rev_match
+        end
+
+        nil
+      end
+
       sig { returns(T::Array[Dependabot::DependencyFile]) }
       def pre_commit_config_files
         dependency_files.select { |f| f.name.match?(CONFIG_FILE_PATTERN) }

data/lib/dependabot/pre_commit/file_updater.rb

@@ -113,7 +113,18 @@ module Dependabot
         old_ref = T.cast(old_source.fetch(:ref), String)
         new_ref = T.cast(new_source.fetch(:ref), String)
 
-        replace_ref_in_content(content, repo_url, old_ref, new_ref)
+        new_metadata = T.cast(new_req.fetch(:metadata, {}), T::Hash[Symbol, T.untyped])
+        old_version = T.cast(new_metadata[:comment_version], T.nilable(String))
+        new_version = T.cast(new_metadata[:new_comment_version], T.nilable(String))
+
+        replace_ref_in_content(
+          content,
+          repo_url,
+          old_ref,
+          new_ref,
+          old_version: old_version,
+          new_version: new_version
+        )
       end
 
       sig do
@@ -134,9 +145,16 @@ module Dependabot
       end
 
       sig do
-        params(content: String, repo_url: String, old_ref: String, new_ref: String).returns(String)
+        params(
+          content: String,
+          repo_url: String,
+          old_ref: String,
+          new_ref: String,
+          old_version: T.nilable(String),
+          new_version: T.nilable(String)
+        ).returns(String)
       end
-      def replace_ref_in_content(content, repo_url, old_ref, new_ref)
+      def replace_ref_in_content(content, repo_url, old_ref, new_ref, old_version: nil, new_version: nil)
         current_repo = T.let(nil, T.nilable(String))
 
         updated_lines = content.lines.map do |line|
@@ -145,7 +163,9 @@ module Dependabot
 
           if current_repo == repo_url &&
              line.match?(/^\s*rev:\s+#{Regexp.escape(old_ref)}(\s*(?:#.*)?)?$/)
-            line.gsub(old_ref, new_ref)
+            updated_line = line.sub(old_ref, new_ref)
+            updated_line = update_version_comment(updated_line, old_version, new_version)
+            updated_line
           else
             line
           end
@@ -154,6 +174,28 @@ module Dependabot
         updated_lines.join
       end
 
+      sig do
+        params(
+          line: String,
+          old_version: T.nilable(String),
+          new_version: T.nilable(String)
+        ).returns(String)
+      end
+      def update_version_comment(line, old_version, new_version)
+        return line unless old_version && new_version
+
+        pattern = /
+          (                # 1: comment prefix
+            \#\s*          # '#' and optional whitespace
+            (?:frozen:\s*)? # optional 'frozen:' label
+          )
+          #{Regexp.escape(old_version)} # the old version
+          (.*)$            # 2: trailing content (whitespace or other characters) up to end of line
+        /x
+
+        line.sub(pattern, "\\1#{new_version}\\2")
+      end
+
       sig do
         params(content: String, old_string: String, new_string: String).returns(String)
       end

data/lib/dependabot/pre_commit/metadata_finder.rb

@@ -1,10 +1,7 @@
-# typed: strong
+# typed: strict
 # frozen_string_literal: true
 
-# NOTE: This file was scaffolded automatically but is OPTIONAL.
-# If you don't need custom metadata finding logic (changelogs, release notes, etc.),
-# you can safely delete this file and remove the require from lib/dependabot/pre_commit.rb
-
+require "sorbet-runtime"
 require "dependabot/metadata_finders"
 require "dependabot/metadata_finders/base"
 
@@ -17,9 +14,15 @@ module Dependabot
 
       sig { override.returns(T.nilable(Dependabot::Source)) }
       def look_up_source
-        # TODO: Implement custom source lookup logic if needed
-        # Otherwise, delete this file and the require in the main registration file
-        nil
+        info = dependency.requirements.filter_map { |r| r[:source] }.first
+
+        url =
+          if info.nil?
+            dependency.name
+          else
+            info[:url] || info.fetch("url")
+          end
+        Source.from_url(url)
       end
     end
   end

data/lib/dependabot/pre_commit/package/package_details_fetcher.rb

@@ -3,6 +3,7 @@
 
 require "sorbet-runtime"
 require "dependabot/errors"
+require "dependabot/pre_commit/comment_version_helper"
 require "dependabot/pre_commit/helpers"
 require "dependabot/pre_commit/requirement"
 require "dependabot/pre_commit/update_checker"
@@ -71,11 +72,14 @@ module Dependabot
         def commit_sha_release
           return unless git_commit_checker.pinned_ref_looks_like_commit_sha?
 
-          # Prioritize tagged releases over latest commits
-          # If latest_version_tag exists, use it (even if current SHA doesn't have a tag)
-          return latest_version_tag&.fetch(:version) if latest_version_tag
+          if latest_version_tag
+            if git_commit_checker.local_tag_for_pinned_sha || version_comment?
+              return T.must(latest_version_tag).fetch(:version)
+            end
+
+            return latest_commit_for_pinned_ref
+          end
 
-          # Only fall back to latest commit if no tags exist
           latest_commit_for_pinned_ref
         end
 
@@ -83,7 +87,9 @@ module Dependabot
         def latest_version_tag
           @latest_version_tag ||= T.let(
             begin
-              return git_commit_checker.local_tag_for_latest_version if dependency.version.nil?
+              if dependency.version.nil? || !Dependabot::PreCommit::Version.correct?(dependency.version)
+                return constrained_latest_version_tag || git_commit_checker.local_tag_for_latest_version
+              end
 
               ref = git_commit_checker.local_ref_for_latest_version_matching_existing_precision
               return ref if ref && current_version && ref.fetch(:version) > current_version
@@ -96,6 +102,74 @@ module Dependabot
 
         private
 
+        sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
+        def constrained_latest_version_tag
+          frozen_ref = frozen_comment_ref
+          return nil unless frozen_ref
+
+          prefix = tag_prefix(frozen_ref)
+          return nil if prefix.empty?
+
+          version_suffix = frozen_ref.sub(/^#{Regexp.escape(prefix)}/, "")
+          return nil if version_suffix.empty? || version_suffix !~ /^\d/
+
+          matching = tags_matching_frozen_constraint(prefix, version_suffix.split("."))
+          git_commit_checker.max_local_tag(matching)
+        end
+
+        sig do
+          params(
+            prefix: String,
+            frozen_segments: T::Array[String]
+          ).returns(T::Array[Dependabot::GitRef])
+        end
+        def tags_matching_frozen_constraint(prefix, frozen_segments)
+          tags = tags_with_prefix(prefix)
+
+          max_segments = tags.map { |t| tag_version_segments(t.name, prefix).length }.max || 0
+          return tags unless frozen_segments.length < max_segments
+
+          tags.select { |tag| tag_starts_with_segments?(tag.name, prefix, frozen_segments) }
+        end
+
+        sig { params(prefix: String).returns(T::Array[Dependabot::GitRef]) }
+        def tags_with_prefix(prefix)
+          git_commit_checker.allowed_version_tags.select { |tag| tag.name.start_with?(prefix) }
+        end
+
+        sig { params(tag_name: String, prefix: String).returns(T::Array[String]) }
+        def tag_version_segments(tag_name, prefix)
+          tag_name.sub(/^#{Regexp.escape(prefix)}/, "").split(".")
+        end
+
+        sig { params(tag_name: String, prefix: String, frozen_segments: T::Array[String]).returns(T::Boolean) }
+        def tag_starts_with_segments?(tag_name, prefix, frozen_segments)
+          segments = tag_version_segments(tag_name, prefix)
+          frozen_segments.each_with_index.all? { |seg, i| segments[i] == seg }
+        end
+
+        sig { returns(T.nilable(String)) }
+        def frozen_comment_ref
+          comment = dependency.requirements.first&.dig(:metadata, :comment)
+          return nil unless comment
+
+          match = comment.match(CommentVersionHelper::FROZEN_COMMENT_REF_PATTERN)
+          match&.[](1)
+        end
+
+        sig { params(ref: String).returns(String) }
+        def tag_prefix(ref)
+          ref.sub(/\d+(?:\.\d+)*$/, "")
+        end
+
+        sig { returns(T::Boolean) }
+        def version_comment?
+          comment = dependency.requirements.first&.dig(:metadata, :comment)
+          return false unless comment
+
+          comment.match?(CommentVersionHelper::COMMENT_VERSION_PATTERN)
+        end
+
         sig { returns(T.nilable(String)) }
         def current_commit
           git_commit_checker.head_commit_for_current_branch

data/lib/dependabot/pre_commit/update_checker.rb

@@ -4,9 +4,11 @@
 require "sorbet-runtime"
 
 require "dependabot/errors"
+require "dependabot/pre_commit/comment_version_helper"
 require "dependabot/pre_commit/requirement"
 require "dependabot/pre_commit/version"
 require "dependabot/pre_commit/additional_dependency_checkers"
+require "dependabot/pre_commit/additional_dependency_checkers/dart"
 require "dependabot/pre_commit/additional_dependency_checkers/node"
 require "dependabot/pre_commit/additional_dependency_checkers/python"
 require "dependabot/pre_commit/additional_dependency_checkers/ruby"
@@ -54,7 +56,7 @@ module Dependabot
 
           current = T.cast(source&.[](:ref), T.nilable(String))
 
-          # Maintain a short git hash only if it matches the latest
+          # Maintain short git hash when the updated SHA starts with the current SHA
           if T.cast(req[:type], T.nilable(String)) == "git" &&
              git_commit_checker.ref_looks_like_commit_sha?(updated) &&
              current && git_commit_checker.ref_looks_like_commit_sha?(current) &&
@@ -63,7 +65,8 @@ module Dependabot
           end
 
           new_source = T.must(source).merge(ref: updated)
-          req.merge(source: new_source)
+          new_metadata = updated_comment_version_metadata(req, updated)
+          req.merge(source: new_source, metadata: new_metadata)
         end
       end
 
@@ -89,6 +92,9 @@ module Dependabot
       def current_version
         return super if dependency.numeric_version
 
+        frozen_ver = version_from_comment
+        return frozen_ver if frozen_ver
+
         # For git dependencies, try to parse the version from the ref
         source_details = dependency.source_details(allowed_types: ["git"])
         return nil unless source_details
@@ -102,6 +108,17 @@ module Dependabot
         version_class.new(version_string)
       end
 
+      sig { returns(T::Boolean) }
+      def sha1_version_up_to_date?
+        frozen_ver = version_from_comment
+        return super unless frozen_ver
+
+        resolved_sha = latest_commit_sha
+        return true if resolved_sha && resolved_sha == dependency.version
+
+        false
+      end
+
       sig { override.returns(T::Boolean) }
       def latest_version_resolvable_with_full_unlock?
         false
@@ -166,10 +183,11 @@ module Dependabot
         new_tag = T.must(latest_version_finder).latest_version_tag
 
         if new_tag
-          return T.cast(new_tag.fetch(:commit_sha), String) if git_commit_checker.local_tag_for_pinned_sha
+          if version_from_comment || git_commit_checker.local_tag_for_pinned_sha
+            return T.cast(new_tag.fetch(:commit_sha), String)
+          end
 
           return latest_commit_for_pinned_ref
-
         end
 
         # If there's no tag but we have a latest_version (commit SHA), use it
@@ -184,6 +202,67 @@ module Dependabot
         @git_commit_checker ||= T.let(git_helper.git_commit_checker, T.nilable(Dependabot::GitCommitChecker))
       end
 
+      sig do
+        params(
+          req: T::Hash[Symbol, T.untyped],
+          new_ref: String
+        ).returns(T::Hash[Symbol, T.untyped])
+      end
+      def updated_comment_version_metadata(req, new_ref)
+        existing_metadata = T.cast(req.fetch(:metadata, {}), T::Hash[Symbol, T.untyped])
+        comment = T.cast(existing_metadata[:comment], T.nilable(String))
+        return existing_metadata unless comment
+
+        old_version = extract_version_from_comment(comment)
+        return existing_metadata unless old_version
+
+        new_version = resolve_new_comment_version(new_ref)
+        return existing_metadata unless new_version
+
+        existing_metadata.merge(comment_version: old_version, new_comment_version: new_version)
+      end
+
+      sig { params(comment: String).returns(T.nilable(String)) }
+      def extract_version_from_comment(comment)
+        match = comment.match(CommentVersionHelper::COMMENT_VERSION_PATTERN)
+        match&.[](0)
+      end
+
+      sig { returns(T.nilable(Dependabot::Version)) }
+      def version_from_comment
+        @version_from_comment ||= T.let(
+          begin
+            comment = T.let(
+              @dependency.requirements
+                .filter_map do |req|
+                  val = T.cast(req.fetch(:metadata, {}), T::Hash[Symbol, T.untyped])[:comment]
+                  T.cast(val, T.nilable(String))
+                end
+                .first,
+              T.nilable(String)
+            )
+            return nil unless comment
+
+            version_string = extract_version_from_comment(comment)
+            return nil unless version_string
+
+            cleaned = version_string.sub(/^v/, "")
+            return nil unless version_class.correct?(cleaned)
+
+            version_class.new(cleaned)
+          end,
+          T.nilable(Dependabot::Version)
+        )
+      end
+
+      sig { params(_new_ref: String).returns(T.nilable(String)) }
+      def resolve_new_comment_version(_new_ref)
+        new_tag = T.must(latest_version_finder).latest_version_tag
+        return T.cast(new_tag.fetch(:tag, nil), T.nilable(String)) if new_tag
+
+        nil
+      end
+
       sig { returns(Dependabot::PreCommit::Helpers::Githelper) }
       def git_helper
         Helpers::Githelper.new(

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-pre_commit
 version: !ruby/object:Gem::Version
-  version: 0.362.0
+  version: 0.363.0
 platform: ruby
 authors:
 - Dependabot
@@ -15,84 +15,84 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.362.0
+        version: 0.363.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.362.0
+        version: 0.363.0
 - !ruby/object:Gem::Dependency
   name: dependabot-cargo
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.362.0
+        version: 0.363.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.362.0
+        version: 0.363.0
 - !ruby/object:Gem::Dependency
   name: dependabot-common
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.362.0
+        version: 0.363.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.362.0
+        version: 0.363.0
 - !ruby/object:Gem::Dependency
   name: dependabot-go_modules
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.362.0
+        version: 0.363.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.362.0
+        version: 0.363.0
 - !ruby/object:Gem::Dependency
   name: dependabot-npm_and_yarn
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.362.0
+        version: 0.363.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.362.0
+        version: 0.363.0
 - !ruby/object:Gem::Dependency
   name: dependabot-python
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.362.0
+        version: 0.363.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.362.0
+        version: 0.363.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -155,14 +155,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '2.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: rspec-sorbet
   requirement: !ruby/object:Gem::Requirement
@@ -314,11 +314,13 @@ files:
 - lib/dependabot/pre_commit.rb
 - lib/dependabot/pre_commit/additional_dependency_checkers.rb
 - lib/dependabot/pre_commit/additional_dependency_checkers/base.rb
+- lib/dependabot/pre_commit/additional_dependency_checkers/dart.rb
 - lib/dependabot/pre_commit/additional_dependency_checkers/go.rb
 - lib/dependabot/pre_commit/additional_dependency_checkers/node.rb
 - lib/dependabot/pre_commit/additional_dependency_checkers/python.rb
 - lib/dependabot/pre_commit/additional_dependency_checkers/ruby.rb
 - lib/dependabot/pre_commit/additional_dependency_checkers/rust.rb
+- lib/dependabot/pre_commit/comment_version_helper.rb
 - lib/dependabot/pre_commit/file_fetcher.rb
 - lib/dependabot/pre_commit/file_parser.rb
 - lib/dependabot/pre_commit/file_updater.rb
@@ -335,7 +337,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.362.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.363.0
 rdoc_options: []
 require_paths:
 - lib