dependabot-pub 0.302.0 → 0.303.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/pub/file_parser.rb +4 -3
  3. data/lib/dependabot/pub/file_updater.rb +1 -1
  4. data/lib/dependabot/pub/helpers.rb +83 -21
  5. data/lib/dependabot/pub/update_checker.rb +49 -16
  6. data/lib/dependabot/pub/version.rb +6 -2
  7. metadata +7 -7
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3f9d69bec956faff99d343a05f507bcb8dd8c2dbc5f7f6f502b01ff7672ee23c
4
- data.tar.gz: 97b580459e1d84e7ed26966d6aac38ac40bddc709ecd56de1b9aa29a65b60dae
3
+ metadata.gz: ee3ce64f8c3efda439b7a169413fc09d861625a9ed887d613d9bbbc35cb96959
4
+ data.tar.gz: 9d31a4d135baf055ab65e9663d9dee167fffda235f2676320e1de9f3da6ac90e
5
5
  SHA512:
6
- metadata.gz: dc9d8fe10834b8cf980c56aa0b4fdb75fa6a01cdd780805dc6d5b48f14c15b1900b4163ac6ae874d1c176f6d52060dd098c907fbfd186cae5b9998e7a4f0c826
7
- data.tar.gz: 6bd0e195e8e9584e0d87c52d851083b9026c0193f2301f08d278a6173473c2a95169f74c603ffaa2671aea53249464fe3d614ac0b6c189c02087ecb56280c315
6
+ metadata.gz: 96546864aa8653e4ee0b401583f665c26fcecd36f9a6acae53988450f9cc509e5da636843814b831bc78ae0bf06810d2307fa1a02ac662a475c03db6c3639487
7
+ data.tar.gz: b18bdfbf7c22667ce566b7f94fe566e395c14d40d424a88771bb8e1f433e3f8dd71e2cb1743e843786f440c3193eeff25eac2e862b743371443b900824dfa1a2
data/lib/dependabot/pub/file_parser.rb CHANGED
@@ -1,6 +1,8 @@
1
1
  # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "sorbet-runtime"
5
+
4
6
  require "dependabot/file_parsers"
5
7
  require "dependabot/file_parsers/base"
6
8
  require "dependabot/dependency"
@@ -8,7 +10,6 @@ require "dependabot/pub/version"
8
10
  require "dependabot/pub/helpers"
9
11
  require "dependabot/pub/package_manager"
10
12
  require "dependabot/pub/language"
11
- require "sorbet-runtime"
12
13
 
13
14
  module Dependabot
14
15
  module Pub
@@ -78,9 +79,9 @@ module Dependabot
78
79
  raise "No pubspec.yaml!" unless get_original_file("pubspec.yaml")
79
80
  end
80
81
 
81
- sig { returns(T::Array[Dependabot::Dependency]) }
82
+ sig { returns(T::Array[T::Hash[String, T.untyped]]) }
82
83
  def list
83
- @list ||= T.let(dependency_services_list, T.nilable(T::Array[Dependabot::Dependency]))
84
+ @list ||= T.let(dependency_services_list, T.nilable(T::Array[T::Hash[String, T.untyped]]))
84
85
  end
85
86
  end
86
87
  end
data/lib/dependabot/pub/file_updater.rb CHANGED
@@ -1,4 +1,4 @@
1
- # typed: strict
1
+ # typed: strong
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "dependabot/file_updaters"
data/lib/dependabot/pub/helpers.rb CHANGED
@@ -1,4 +1,4 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "digest"
@@ -22,19 +22,27 @@ module Dependabot
22
22
 
23
23
  abstract!
24
24
 
25
- sig { returns(T::Array[Dependabot::Credential]) }
26
- attr_reader :credentials
25
+ sig { abstract.returns(T::Array[Dependabot::Credential]) }
26
+ def credentials; end
27
27
 
28
- sig { returns(T::Array[Dependabot::DependencyFile]) }
29
- attr_reader :dependency_files
28
+ sig { abstract.returns(T::Array[Dependabot::DependencyFile]) }
29
+ def dependency_files; end
30
30
 
31
- sig { returns(T::Hash[Symbol, T.untyped]) }
32
- attr_reader :options
31
+ sig { abstract.returns(T::Hash[Symbol, T.untyped]) }
32
+ def options; end
33
33
 
34
+ sig { returns(String) }
34
35
  def self.pub_helpers_path
35
36
  File.join(ENV.fetch("DEPENDABOT_NATIVE_HELPERS_PATH", nil), "pub")
36
37
  end
37
38
 
39
+ sig do
40
+ params(
41
+ dir: T.any(Pathname, String),
42
+ url: T.nilable(String)
43
+ )
44
+ .returns(T.nilable(T::Hash[String, T.untyped]))
45
+ end
38
46
  def self.run_infer_sdk_versions(dir, url: nil)
39
47
  env = {}
40
48
  cmd = File.join(pub_helpers_path, "infer_sdk_versions")
@@ -47,15 +55,18 @@ module Dependabot
47
55
 
48
56
  private
49
57
 
58
+ sig { returns(T::Array[T::Hash[String, T.untyped]]) }
50
59
  def dependency_services_list
51
60
  JSON.parse(run_dependency_services("list"))["dependencies"]
52
61
  end
53
62
 
63
+ sig { params(dependency: Dependabot::Dependency).returns(String) }
54
64
  def repository_url(dependency)
55
- source = dependency.requirements&.first&.dig(:source)
65
+ source = dependency.requirements.first&.dig(:source)
56
66
  source&.dig("description", "url") || options[:pub_hosted_url] || "https://pub.dev"
57
67
  end
58
68
 
69
+ sig { params(dependency: Dependabot::Dependency).returns(T::Hash[String, T.untyped]) }
59
70
  def fetch_package_listing(dependency)
60
71
  # Because we get the security_advisories as a set of constraints, we
61
72
  # fetch the list of all versions and filter them to a list of vulnerable
@@ -67,12 +78,14 @@ module Dependabot
67
78
  JSON.parse(response.body)
68
79
  end
69
80
 
81
+ sig { params(dependency: Dependabot::Dependency).returns(T::Array[Dependabot::Pub::Version]) }
70
82
  def available_versions(dependency)
71
83
  fetch_package_listing(dependency)["versions"].map do |v|
72
84
  Dependabot::Pub::Version.new(v["version"])
73
85
  end
74
86
  end
75
87
 
88
+ sig { returns(T::Array[T::Hash[String, T.untyped]]) }
76
89
  def dependency_services_report
77
90
  sha256 = Digest::SHA256.new
78
91
  dependency_files.each do |f|
@@ -83,22 +96,32 @@ module Dependabot
83
96
  cache_file = "/tmp/report-#{hash}-pid-#{Process.pid}.json"
84
97
  return JSON.parse(File.read(cache_file)) if File.file?(cache_file)
85
98
 
86
- report = JSON.parse(run_dependency_services("report", stdin_data: ""))["dependencies"]
99
+ report = JSON.parse(run_dependency_services("report"))["dependencies"]
87
100
  File.write(cache_file, JSON.generate(report))
88
101
  report
89
102
  end
90
103
 
104
+ sig do
105
+ params(
106
+ dependency_changes: T.nilable(T::Array[Dependabot::Dependency])
107
+ )
108
+ .returns(T::Array[Dependabot::DependencyFile])
109
+ end
91
110
  def dependency_services_apply(dependency_changes)
92
- run_dependency_services("apply", stdin_data: dependencies_to_json(dependency_changes)) do |temp_dir|
93
- dependency_files.map do |f|
94
- updated_file = f.dup
95
- updated_file.content = File.read(File.join(temp_dir, f.name))
96
- updated_file
97
- end
98
- end
111
+ T.cast(
112
+ run_dependency_services("apply", stdin_data: dependencies_to_json(dependency_changes)) do |temp_dir|
113
+ dependency_files.map do |f|
114
+ updated_file = f.dup
115
+ updated_file.content = File.read(File.join(temp_dir, f.name))
116
+ updated_file
117
+ end
118
+ end,
119
+ T::Array[Dependabot::DependencyFile]
120
+ )
99
121
  end
100
122
 
101
123
  # Clones the flutter repo into /tmp/flutter if needed
124
+ sig { void }
102
125
  def ensure_flutter_repo
103
126
  return if File.directory?("/tmp/flutter/.git")
104
127
 
@@ -116,6 +139,7 @@ module Dependabot
116
139
  end
117
140
 
118
141
  # Will ensure that /tmp/flutter contains the flutter repo checked out at `ref`.
142
+ sig { params(ref: String).void }
119
143
  def check_out_flutter_ref(ref)
120
144
  ensure_flutter_repo
121
145
  Dependabot.logger.info "Checking out Flutter version #{ref}"
@@ -146,6 +170,7 @@ module Dependabot
146
170
  ## Detects the right flutter release to use for the pubspec.yaml.
147
171
  ## Then checks it out if it is not already.
148
172
  ## Returns the sdk versions
173
+ sig { params(dir: T.any(Pathname, String)).returns(T::Hash[String, String]) }
149
174
  def ensure_right_flutter_release(dir)
150
175
  versions = Helpers.run_infer_sdk_versions(
151
176
  File.join(dir, dependency_files.first&.directory),
@@ -171,6 +196,7 @@ module Dependabot
171
196
  run_flutter_version
172
197
  end
173
198
 
199
+ sig { void }
174
200
  def run_flutter_doctor
175
201
  Dependabot.logger.info(
176
202
  "Running `flutter doctor` to install artifacts and create flutter/version."
@@ -185,6 +211,7 @@ module Dependabot
185
211
  end
186
212
 
187
213
  # Runs `flutter version` and returns the dart and flutter version numbers in a map.
214
+ sig { returns(T::Hash[String, String]) }
188
215
  def run_flutter_version
189
216
  Dependabot.logger.info "Running `flutter --version`"
190
217
  # Run `flutter --version --machine` to get the current flutter version.
@@ -216,7 +243,16 @@ module Dependabot
216
243
  }
217
244
  end
218
245
 
219
- def run_dependency_services(command, stdin_data: nil)
246
+ sig do
247
+ type_parameters(:T)
248
+ .params(
249
+ command: String,
250
+ stdin_data: T.nilable(String),
251
+ blk: T.nilable(T.proc.params(arg0: String).returns(T.type_parameter(:T)))
252
+ )
253
+ .returns(T.any(String, T.type_parameter(:T)))
254
+ end
255
+ def run_dependency_services(command, stdin_data: nil, &blk)
220
256
  SharedHelpers.in_a_temporary_directory do |temp_dir|
221
257
  dependency_files.each do |f|
222
258
  in_path_name = File.join(temp_dir, f.directory, f.name)
@@ -245,13 +281,14 @@ module Dependabot
245
281
  chdir: command_dir
246
282
  )
247
283
  raise_error(stderr) unless status.success?
248
- return stdout unless block_given?
284
+ return stdout unless blk
249
285
 
250
286
  yield command_dir
251
287
  end
252
288
  end
253
289
  end
254
290
 
291
+ sig { params(stderr: String).returns(T.noreturn) }
255
292
  def raise_error(stderr)
256
293
  if stderr.include?("Failed parsing lock file") || stderr.include?("Unsupported operation")
257
294
  raise DependencyFileNotEvaluatable, "dependency_services failed: #{stderr}"
@@ -267,6 +304,7 @@ module Dependabot
267
304
  end
268
305
 
269
306
  # Parses a dependency as listed by `dependency_services list`.
307
+ sig { params(json: T::Hash[String, T.untyped]).returns(Dependabot::Dependency) }
270
308
  def parse_listed_dependency(json)
271
309
  params = {
272
310
  name: json["name"],
@@ -292,7 +330,14 @@ module Dependabot
292
330
  #
293
331
  # The `requirements_update_strategy`` is
294
332
  # used to chose the right updated constraint.
295
- def parse_updated_dependency(json, requirements_update_strategy: nil)
333
+ sig do
334
+ params(
335
+ json: T::Hash[String, T.untyped],
336
+ requirements_update_strategy: Dependabot::RequirementsUpdateStrategy
337
+ )
338
+ .returns(Dependabot::Dependency)
339
+ end
340
+ def parse_updated_dependency(json, requirements_update_strategy)
296
341
  params = {
297
342
  name: json["name"],
298
343
  version: json["version"],
@@ -332,6 +377,12 @@ module Dependabot
332
377
 
333
378
  # expects "auto" to already have been resolved to one of the other
334
379
  # strategies.
380
+ sig do
381
+ params(
382
+ requirements_update_strategy: Dependabot::RequirementsUpdateStrategy
383
+ )
384
+ .returns(String)
385
+ end
335
386
  def constraint_field_from_update_strategy(requirements_update_strategy)
336
387
  case requirements_update_strategy
337
388
  when RequirementsUpdateStrategy::WidenRanges
@@ -340,22 +391,33 @@ module Dependabot
340
391
  "constraintBumped"
341
392
  when RequirementsUpdateStrategy::BumpVersionsIfNecessary
342
393
  "constraintBumpedIfNeeded"
394
+ else
395
+ raise "Unexpected requirements_update_strategy #{requirements_update_strategy}"
343
396
  end
344
397
  end
345
398
 
399
+ sig do
400
+ params(
401
+ dependencies: T.nilable(T::Array[Dependabot::Dependency])
402
+ )
403
+ .returns(T.nilable(String))
404
+ end
346
405
  def dependencies_to_json(dependencies)
347
406
  if dependencies.nil?
348
407
  nil
349
408
  else
350
409
  deps = dependencies.map do |d|
351
- source = d.requirements.empty? ? nil : d.requirements.first[:source]
410
+ source = d.requirements.empty? ? nil : d.requirements.first&.[](:source)
352
411
  obj = {
353
412
  "name" => d.name,
354
413
  "version" => d.version,
355
414
  "source" => source
356
415
  }
357
416
 
358
- obj["constraint"] = d.requirements[0][:requirement].to_s unless d.requirements.nil? || d.requirements.empty?
417
+ unless d.requirements.nil? || d.requirements.empty?
418
+ obj["constraint"] =
419
+ d.requirements[0]&.[](:requirement).to_s
420
+ end
359
421
  obj
360
422
  end
361
423
  JSON.generate({
data/lib/dependabot/pub/update_checker.rb CHANGED
@@ -1,4 +1,4 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "sorbet-runtime"
@@ -17,6 +17,7 @@ module Dependabot
17
17
 
18
18
  include Dependabot::Pub::Helpers
19
19
 
20
+ sig { override.returns(T.nilable(T.any(String, Dependabot::Version))) }
20
21
  def latest_version
21
22
  version = version_unless_ignored(current_report["latest"], current_version: dependency.version)
22
23
  raise AllVersionsIgnored if version.nil? && @raise_on_ignored
@@ -24,6 +25,7 @@ module Dependabot
24
25
  version
25
26
  end
26
27
 
28
+ sig { override.returns(T.nilable(T.any(String, Dependabot::Version))) }
27
29
  def latest_resolvable_version_with_no_unlock
28
30
  # Version we can get if we're not allowed to change pubspec.yaml, but we
29
31
  # allow changes in the pubspec.lock file.
@@ -33,6 +35,7 @@ module Dependabot
33
35
  version_unless_ignored(entry["version"])
34
36
  end
35
37
 
38
+ sig { override.returns(T.nilable(T.any(String, Dependabot::Version))) }
36
39
  def latest_resolvable_version
37
40
  # Latest version we can get if we're allowed to unlock the current
38
41
  # package in pubspec.yaml
@@ -42,27 +45,31 @@ module Dependabot
42
45
  version_unless_ignored(entry["version"])
43
46
  end
44
47
 
48
+ sig { override.returns(T.nilable(Dependabot::Version)) }
45
49
  def lowest_resolvable_security_fix_version
46
50
  raise "Dependency not vulnerable!" unless vulnerable?
47
51
 
48
52
  lowest_security_fix_version
49
53
  end
50
54
 
55
+ sig { override.returns(T.nilable(Dependabot::Version)) }
51
56
  def lowest_security_fix_version
52
57
  # Don't attempt to do security updates for git dependencies.
53
- return nil if git_revision? dependency.version
58
+ return nil if git_revision? T.must(dependency.version)
54
59
  # If the current version is not vulnerable, we stay on it.
55
- return version_unless_ignored dependency.version unless vulnerable?
60
+ return T.cast(version_unless_ignored(T.must(dependency.version)), Dependabot::Version) unless vulnerable?
56
61
 
57
62
  e = dependency_services_smallest_update
58
63
  return nil if e.nil?
59
64
 
60
65
  upgrade = e.find { |u| u["name"] == dependency.name }
61
66
 
62
- version = upgrade["version"]
63
- version_unless_ignored(version)
67
+ version = T.must(upgrade)["version"]
68
+ T.cast(version_unless_ignored(version), Dependabot::Version)
64
69
  end
65
70
 
71
+ # rubocop:disable Metrics/PerceivedComplexity
72
+ sig { override.returns(T::Array[T::Hash[Symbol, T.untyped]]) }
66
73
  def updated_requirements
67
74
  # Requirements that need to be changed, if obtain:
68
75
  # latest_resolvable_version or lowest_security_fix_version
@@ -71,25 +78,28 @@ module Dependabot
71
78
 
72
79
  # Ideally we would like to do any upgrade that migrates away from the vulnerability
73
80
  # but this method can only return a single requirement udate.
74
- breaking_changes = updates.filter { |d| d["previousConstraint"] != d["constraintBumpedIfNeeded"] }
81
+ breaking_changes = updates&.filter { |d| d["previousConstraint"] != d["constraintBumpedIfNeeded"] }
75
82
 
76
83
  # This security update would require unlocking other packages, which is not currently supported.
77
84
  # Because of that, return original requirements, so that no requirements are actually updated and
78
85
  # the error bubbles up as security_update_not_possible to the user.
79
- return dependency.requirements if breaking_changes.size > 1
86
+ return dependency.requirements if breaking_changes&.size&. > 1
80
87
 
81
- updates.find { |u| u["name"] == dependency.name }
88
+ updates&.find { |u| u["name"] == dependency.name }
82
89
  else
83
90
  current_report["singleBreaking"].find { |d| d["name"] == dependency.name }
84
91
  end
85
- return unless entry
92
+ return [] unless entry
86
93
 
87
- parse_updated_dependency(entry, requirements_update_strategy: resolved_requirements_update_strategy)
94
+ parse_updated_dependency(entry, resolved_requirements_update_strategy)
88
95
  .requirements
89
96
  end
97
+ # rubocop:enable Metrics/PerceivedComplexity
90
98
 
91
99
  private
92
100
 
101
+ # rubocop:disable Metrics/AbcSize
102
+ sig { returns(T.nilable(T::Array[T::Hash[String, T.untyped]])) }
93
103
  def dependency_services_smallest_update
94
104
  return @smallest_update if @smallest_update
95
105
 
@@ -119,8 +129,12 @@ module Dependabot
119
129
  ]
120
130
  }
121
131
  report = JSON.parse(run_dependency_services("report", stdin_data: JSON.generate(input)))["dependencies"]
122
- @smallest_update = report.find { |d| d["name"] == dependency.name }["smallestUpdate"]
132
+ @smallest_update = T.let(
133
+ report.find { |d| d["name"] == dependency.name }["smallestUpdate"],
134
+ T.nilable(T::Array[T::Hash[String, T.untyped]])
135
+ )
123
136
  end
137
+ # rubocop:enable Metrics/AbcSize
124
138
 
125
139
  # Returns unparsed_version if it looks like a git-revision.
126
140
  #
@@ -131,6 +145,13 @@ module Dependabot
131
145
  # * If current_version is non-nil and the parsed version is the same it
132
146
  # will be returned.
133
147
  # * Otherwise returns nil
148
+ sig do
149
+ params(
150
+ unparsed_version: String,
151
+ current_version: T.nilable(String)
152
+ )
153
+ .returns(T.nilable(T.any(String, Dependabot::Version)))
154
+ end
134
155
  def version_unless_ignored(unparsed_version, current_version: nil)
135
156
  if git_revision?(unparsed_version)
136
157
  unparsed_version
@@ -146,6 +167,7 @@ module Dependabot
146
167
  end
147
168
  end
148
169
 
170
+ sig { params(version_string: String).returns(T::Boolean) }
149
171
  def git_revision?(version_string)
150
172
  version_string.match?(/^[0-9a-f]{6,}$/)
151
173
  end
@@ -161,6 +183,7 @@ module Dependabot
161
183
  latest_version == entry["version"]
162
184
  end
163
185
 
186
+ sig { override.returns(T::Array[Dependabot::Dependency]) }
164
187
  def updated_dependencies_after_full_unlock
165
188
  report_section = if vulnerable?
166
189
  dependency_services_smallest_update
@@ -172,22 +195,32 @@ module Dependabot
172
195
  d["kind"] == "transitive"
173
196
  end
174
197
  direct_deps.map do |d|
175
- parse_updated_dependency(d, requirements_update_strategy: resolved_requirements_update_strategy)
198
+ parse_updated_dependency(d, resolved_requirements_update_strategy)
176
199
  end
177
200
  end
178
201
 
202
+ sig { returns(T::Array[T::Hash[String, T.untyped]]) }
179
203
  def report
180
- @report ||= dependency_services_report
204
+ @report ||= T.let(
205
+ dependency_services_report,
206
+ T.nilable(T::Array[T::Hash[String, T.untyped]])
207
+ )
181
208
  end
182
209
 
210
+ sig { returns(T::Hash[String, T.untyped]) }
183
211
  def current_report
184
- report.find { |d| d["name"] == dependency.name }
212
+ T.must(report.find { |d| d["name"] == dependency.name })
185
213
  end
186
214
 
215
+ sig { returns(Dependabot::RequirementsUpdateStrategy) }
187
216
  def resolved_requirements_update_strategy
188
- @resolved_requirements_update_strategy ||= resolve_requirements_update_strategy
217
+ @resolved_requirements_update_strategy ||= T.let(
218
+ resolve_requirements_update_strategy,
219
+ T.nilable(Dependabot::RequirementsUpdateStrategy)
220
+ )
189
221
  end
190
222
 
223
+ sig { returns(Dependabot::RequirementsUpdateStrategy) }
191
224
  def resolve_requirements_update_strategy
192
225
  raise "Unexpected requirements_update_strategy #{requirements_update_strategy}" unless
193
226
  [nil, RequirementsUpdateStrategy::WidenRanges, RequirementsUpdateStrategy::BumpVersions,
@@ -210,7 +243,7 @@ module Dependabot
210
243
  RequirementsUpdateStrategy::WidenRanges
211
244
  end
212
245
  else
213
- requirements_update_strategy
246
+ T.must(requirements_update_strategy)
214
247
  end
215
248
  end
216
249
  end
data/lib/dependabot/pub/version.rb CHANGED
@@ -1,6 +1,8 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "sorbet-runtime"
5
+
4
6
  require "dependabot/version"
5
7
  require "dependabot/utils"
6
8
 
@@ -22,12 +24,14 @@ module Dependabot
22
24
  VERSION_PATTERN = T.let(Gem::Version::VERSION_PATTERN + "(\\+[0-9a-zA-Z\\-.]+)?", String)
23
25
  ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/
24
26
 
25
- sig { returns(String) }
27
+ sig { returns(T.nilable(String)) }
26
28
  attr_reader :build_info
27
29
 
28
30
  sig { override.params(version: VersionParameter).void }
29
31
  def initialize(version)
30
32
  @version_string = T.let(version.to_s, String)
33
+ @build_info = T.let(nil, T.nilable(String))
34
+
31
35
  version, @build_info = version.to_s.split("+") if version.to_s.include?("+")
32
36
 
33
37
  super(T.must(version))
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-pub
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.302.0
4
+ version: 0.303.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2025-03-20 00:00:00.000000000 Z
11
+ date: 2025-03-27 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.302.0
19
+ version: 0.303.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.302.0
26
+ version: 0.303.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -156,14 +156,14 @@ dependencies:
156
156
  requirements:
157
157
  - - "~>"
158
158
  - !ruby/object:Gem::Version
159
- version: 0.8.5
159
+ version: 0.8.7
160
160
  type: :development
161
161
  prerelease: false
162
162
  version_requirements: !ruby/object:Gem::Requirement
163
163
  requirements:
164
164
  - - "~>"
165
165
  - !ruby/object:Gem::Version
166
- version: 0.8.5
166
+ version: 0.8.7
167
167
  - !ruby/object:Gem::Dependency
168
168
  name: simplecov
169
169
  requirement: !ruby/object:Gem::Requirement
@@ -258,7 +258,7 @@ licenses:
258
258
  - MIT
259
259
  metadata:
260
260
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
261
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.302.0
261
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.303.0
262
262
  post_install_message:
263
263
  rdoc_options: []
264
264
  require_paths: