dependabot-vcpkg 0.321.2

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 38707063662244331a728d6c97e056a2023c50320ab12effc358dadd9e08c60c
+  data.tar.gz: 3eb780be16ca540a85c21671f0d606e065c25ab123e4e2142c4448da8133895d
+SHA512:
+  metadata.gz: 06dad0ca7ee38a208a615193689009df102d24a840fe69b46e313d73ec819271a3817ceea6af21957fbc2bb71533289b33ca9f7285150da04f3c3396e8938cc4
+  data.tar.gz: 6c9b880041357bd2094b6a0dbbe44533281a6c356546dd840b4a0c6a9186a56c0cd90aa61cedb1d7b4b5d3a5e4d98311c2f099f709092257d71fefba13affee2

data/lib/dependabot/vcpkg/file_fetcher.rb

@@ -0,0 +1,52 @@
+# typed: strong
+# frozen_string_literal: true
+
+require "sorbet-runtime"
+
+require "dependabot/file_fetchers"
+require "dependabot/file_fetchers/base"
+
+require "dependabot/vcpkg"
+
+module Dependabot
+  module Vcpkg
+    class FileFetcher < Dependabot::FileFetchers::Base
+      extend T::Sig
+
+      sig { override.params(filenames: T::Array[String]).returns(T::Boolean) }
+      def self.required_files_in?(filenames)
+        filenames.include?(VCPKG_JSON_FILENAME)
+      end
+
+      sig { override.returns(String) }
+      def self.required_files_message
+        "Repo must contain a vcpkg.json file."
+      end
+
+      sig { override.returns(T::Array[Dependabot::DependencyFile]) }
+      def fetch_files
+        [vcpkg_manifest, vcpkg_configuration].compact
+      end
+
+      private
+
+      sig { returns(T.nilable(Dependabot::DependencyFile)) }
+      def vcpkg_manifest
+        @vcpkg_manifest ||= T.let(
+          fetch_file_if_present(VCPKG_JSON_FILENAME),
+          T.nilable(Dependabot::DependencyFile)
+        )
+      end
+
+      sig { returns(T.nilable(Dependabot::DependencyFile)) }
+      def vcpkg_configuration
+        @vcpkg_configuration ||= T.let(
+          fetch_file_if_present(VCPKG_CONFIGURATION_JSON_FILENAME),
+          T.nilable(Dependabot::DependencyFile)
+        )
+      end
+    end
+  end
+end
+
+Dependabot::FileFetchers.register("vcpkg", Dependabot::Vcpkg::FileFetcher)

data/lib/dependabot/vcpkg/file_parser.rb

@@ -0,0 +1,107 @@
+# typed: strict
+# frozen_string_literal: true
+
+require "sorbet-runtime"
+
+require "dependabot/dependency"
+require "dependabot/file_parsers"
+require "dependabot/file_parsers/base"
+
+require "dependabot/vcpkg"
+require "dependabot/vcpkg/language"
+require "dependabot/vcpkg/package_manager"
+
+module Dependabot
+  module Vcpkg
+    class FileParser < Dependabot::FileParsers::Base
+      extend T::Sig
+
+      require "dependabot/file_parsers/base/dependency_set"
+
+      sig { override.returns(T::Array[Dependabot::Dependency]) }
+      def parse
+        dependency_set = DependencySet.new
+
+        dependency_files.filter_map { |file| parse_dependency_file(file) }
+                        .each { |dependency| dependency_set << dependency }
+
+        dependency_set.dependencies
+      end
+
+      sig { override.returns(Ecosystem) }
+      def ecosystem
+        @ecosystem ||= T.let(
+          Ecosystem.new(
+            name: ECOSYSTEM,
+            package_manager: package_manager,
+            language: language
+          ),
+          T.nilable(Ecosystem)
+        )
+      end
+
+      private
+
+      sig { override.void }
+      def check_required_files
+        return if dependency_files.any? { |f| f.name == VCPKG_JSON_FILENAME }
+
+        raise Dependabot::DependencyFileNotFound, VCPKG_JSON_FILENAME
+      end
+
+      sig { params(dependency_file: Dependabot::DependencyFile).returns(T.nilable(Dependabot::Dependency)) }
+      def parse_dependency_file(dependency_file)
+        return unless dependency_file.content
+
+        case dependency_file.name
+        when VCPKG_JSON_FILENAME then parse_vcpkg_json(dependency_file)
+        when VCPKG_CONFIGURATION_JSON_FILENAME then nil # TODO
+        end
+      end
+
+      sig { params(dependency_file: Dependabot::DependencyFile).returns(T.nilable(Dependabot::Dependency)) }
+      def parse_vcpkg_json(dependency_file)
+        contents = T.must(dependency_file.content)
+
+        parsed_json = JSON.parse(contents)
+        baseline = parsed_json["builtin-baseline"]
+        return unless baseline
+
+        build_baseline_dependency(baseline: baseline, file: dependency_file)
+      rescue JSON::ParserError
+        raise Dependabot::DependencyFileNotParseable, T.must(dependency_files.first).path
+      end
+
+      sig { params(baseline: String, file: Dependabot::DependencyFile).returns(Dependabot::Dependency) }
+      def build_baseline_dependency(baseline:, file:)
+        Dependabot::Dependency.new(
+          name: VCPKG_DEFAULT_BASELINE_DEPENDENCY_NAME,
+          version: baseline,
+          package_manager: "vcpkg",
+          requirements: [{
+            requirement: nil,
+            groups: [],
+            source: {
+              type: "git",
+              url: VCPKG_DEFAULT_BASELINE_URL,
+              ref: VCPKG_DEFAULT_BASELINE_DEFAULT_BRANCH
+            },
+            file: file.name
+          }]
+        )
+      end
+
+      sig { returns(Ecosystem::VersionManager) }
+      def package_manager
+        @package_manager ||= T.let(PackageManager.new, T.nilable(Dependabot::Vcpkg::PackageManager))
+      end
+
+      sig { returns(Ecosystem::VersionManager) }
+      def language
+        @language ||= T.let(Language.new, T.nilable(Dependabot::Vcpkg::Language))
+      end
+    end
+  end
+end
+
+Dependabot::FileParsers.register("vcpkg", Dependabot::Vcpkg::FileParser)

data/lib/dependabot/vcpkg/file_updater.rb

@@ -0,0 +1,79 @@
+# typed: strict
+# frozen_string_literal: true
+
+require "json"
+require "sorbet-runtime"
+
+require "dependabot/file_updaters"
+require "dependabot/file_updaters/base"
+require "dependabot/vcpkg"
+
+module Dependabot
+  module Vcpkg
+    class FileUpdater < Dependabot::FileUpdaters::Base
+      extend T::Sig
+
+      sig { override.returns(T::Array[Regexp]) }
+      def self.updated_files_regex
+        [
+          /#{VCPKG_JSON_FILENAME}$/o
+        ]
+      end
+
+      sig { override.returns(T::Array[Dependabot::DependencyFile]) }
+      def updated_dependency_files
+        vcpkg_json_file = get_original_file(VCPKG_JSON_FILENAME)
+        return [] unless vcpkg_json_file
+
+        return [] unless file_changed?(vcpkg_json_file)
+
+        [updated_file(
+          file: vcpkg_json_file,
+          content: updated_vcpkg_json_content(vcpkg_json_file)
+        )]
+      end
+
+      private
+
+      sig { override.void }
+      def check_required_files
+        return if get_original_file(VCPKG_JSON_FILENAME)
+
+        raise Dependabot::DependencyFileNotFound, VCPKG_JSON_FILENAME
+      end
+
+      sig { params(file: Dependabot::DependencyFile).returns(String) }
+      def updated_vcpkg_json_content(file)
+        content = T.must(file.content)
+
+        parsed_content = JSON.parse(content)
+
+        # Find the baseline dependency and update it
+        dependencies
+          .find { |dep| dep.name == VCPKG_DEFAULT_BASELINE_DEPENDENCY_NAME }
+          &.then { |dep| update_baseline_in_content(parsed_content, dep, file.name) }
+
+        JSON.pretty_generate(parsed_content)
+      rescue JSON::ParserError
+        raise Dependabot::DependencyFileNotParseable, file.path
+      end
+
+      sig { params(content: T::Hash[String, T.untyped], dependency: Dependabot::Dependency, filename: String).void }
+      def update_baseline_in_content(content, dependency, filename)
+        # Find the requirement for this specific file
+        requirement = dependency.requirements.find { |r| r[:file] == filename }
+        return unless requirement
+
+        # Extract and validate the new baseline
+        case requirement[:source]
+        in { ref: String => new_baseline }
+          content["builtin-baseline"] = new_baseline
+        else
+          # Skip if source doesn't have the expected structure
+        end
+      end
+    end
+  end
+end
+
+Dependabot::FileUpdaters.register("vcpkg", Dependabot::Vcpkg::FileUpdater)

data/lib/dependabot/vcpkg/language.rb

@@ -0,0 +1,29 @@
+# typed: strong
+# frozen_string_literal: true
+
+require "sorbet-runtime"
+
+require "dependabot/ecosystem"
+
+module Dependabot
+  module Vcpkg
+    class Language < Dependabot::Ecosystem::VersionManager
+      extend T::Sig
+
+      sig { void }
+      def initialize
+        super(name: LANGUAGE)
+      end
+
+      sig { override.returns(T::Boolean) }
+      def deprecated?
+        false
+      end
+
+      sig { override.returns(T::Boolean) }
+      def unsupported?
+        false
+      end
+    end
+  end
+end

data/lib/dependabot/vcpkg/metadata_finder.rb

@@ -0,0 +1,54 @@
+# typed: strict
+# frozen_string_literal: true
+
+require "dependabot/metadata_finders"
+require "dependabot/metadata_finders/base"
+
+module Dependabot
+  module Vcpkg
+    class MetadataFinder < Dependabot::MetadataFinders::Base
+      extend T::Sig
+
+      sig { override.returns(T.nilable(String)) }
+      def homepage_url
+        # For individual VCPKG packages, try to find their specific homepage
+        # If the dependency has a specific source URL, use that
+        return source_url if source&.url != VCPKG_DEFAULT_BASELINE_URL.chomp(".git")
+
+        # For the main VCPKG baseline dependency, return the VCPKG homepage
+        if dependency.name == VCPKG_DEFAULT_BASELINE_DEPENDENCY_NAME
+          "https://vcpkg.io"
+        else
+          # For individual packages, try to construct their VCPKG page URL
+          "https://vcpkg.io/en/package/#{dependency.name}"
+        end
+      end
+
+      private
+
+      sig { override.returns(T.nilable(Dependabot::Source)) }
+      def look_up_source
+        # Check if this is a Git dependency with a specific source
+        info = dependency.requirements.filter_map { |r| r[:source] }.first
+
+        url =
+          if info.nil?
+            VCPKG_DEFAULT_BASELINE_URL
+          else
+            info[:url] || info.fetch("url", VCPKG_DEFAULT_BASELINE_URL)
+          end
+        Source.from_url(url)
+      end
+
+      sig { override.returns(T.nilable(String)) }
+      def suggested_changelog_url
+        # For the main VCPKG baseline dependency, point to releases
+        return unless dependency.name == VCPKG_DEFAULT_BASELINE_DEPENDENCY_NAME
+
+        "#{VCPKG_DEFAULT_BASELINE_URL}/releases"
+      end
+    end
+  end
+end
+
+Dependabot::MetadataFinders.register("vcpkg", Dependabot::Vcpkg::MetadataFinder)

data/lib/dependabot/vcpkg/package/package_details_fetcher.rb

@@ -0,0 +1,96 @@
+# typed: strict
+# frozen_string_literal: true
+
+require "sorbet-runtime"
+require "uri"
+
+require "dependabot/git_commit_checker"
+require "dependabot/package/package_details"
+require "dependabot/registry_client"
+require "dependabot/update_checkers/base"
+
+require "dependabot/vcpkg/version"
+
+module Dependabot
+  module Vcpkg
+    module Package
+      class PackageDetailsFetcher
+        extend T::Sig
+
+        sig do
+          params(
+            dependency: Dependabot::Dependency
+          ).void
+        end
+        def initialize(dependency:)
+          @dependency = dependency
+        end
+
+        sig { returns(Dependabot::Dependency) }
+        attr_reader :dependency
+
+        sig { returns(T.nilable(Dependabot::Package::PackageDetails)) }
+        def fetch
+          return unless git_dependency?
+
+          Dependabot::GitCommitChecker.new(
+            dependency: dependency,
+            credentials: []
+          ).local_tags_for_allowed_versions
+                                      .map { |tag_info| create_package_release(tag_info) }
+                                      .reverse
+                                      .uniq(&:version)
+                                      .then do |releases|
+            Dependabot::Package::PackageDetails.new(
+              dependency: dependency,
+              releases: releases
+            )
+          end
+        rescue Dependabot::GitDependenciesNotReachable
+          # Fallback to empty releases if git repo is not reachable
+          Dependabot::Package::PackageDetails.new(
+            dependency: dependency,
+            releases: []
+          )
+        end
+
+        private
+
+        sig { returns(T::Boolean) }
+        def git_dependency?
+          dependency.source_details(allowed_types: ["git"]) in { type: "git" }
+        end
+
+        sig { params(tag_info: T::Hash[Symbol, T.untyped]).returns(Dependabot::Package::PackageRelease) }
+        def create_package_release(tag_info)
+          Dependabot::Package::PackageRelease.new(
+            version: Version.new(tag_info.fetch(:tag)),
+            tag: tag_info.fetch(:tag),
+            url: dependency.source_details&.dig(:url),
+            released_at: extract_release_date(tag_info.fetch(:tag)),
+            details: {
+              "commit_sha" => tag_info.fetch(:commit_sha),
+              "tag_sha" => tag_info.fetch(:tag_sha)
+            }
+          )
+        end
+
+        sig { params(tag_name: String).returns(T.nilable(Time)) }
+        def extract_release_date(tag_name)
+          # Extract date from vcpkg tag format like "2025.06.13"
+          # Use pattern matching for cleaner validation and extraction
+          case tag_name.gsub(/^v?/, "")
+          in /^(?<year>\d{4})\.(?<month>\d{2})\.(?<day>\d{2})$/
+            begin
+              Time.new($~[:year].to_i, $~[:month].to_i, $~[:day].to_i)
+            rescue ArgumentError
+              nil
+            end
+          else
+            nil
+          end
+        end
+      end
+    end
+  end
+end

data/lib/dependabot/vcpkg/package_manager.rb

@@ -0,0 +1,29 @@
+# typed: strong
+# frozen_string_literal: true
+
+require "sorbet-runtime"
+
+require "dependabot/ecosystem"
+
+module Dependabot
+  module Vcpkg
+    class PackageManager < Dependabot::Ecosystem::VersionManager
+      extend T::Sig
+
+      sig { void }
+      def initialize
+        super(name: PACKAGE_MANAGER)
+      end
+
+      sig { override.returns(T::Boolean) }
+      def deprecated?
+        false
+      end
+
+      sig { override.returns(T::Boolean) }
+      def unsupported?
+        false
+      end
+    end
+  end
+end

data/lib/dependabot/vcpkg/requirement.rb

@@ -0,0 +1,24 @@
+# typed: strong
+# frozen_string_literal: true
+
+require "sorbet-runtime"
+
+require "dependabot/requirement"
+require "dependabot/utils"
+
+module Dependabot
+  module Vcpkg
+    class Requirement < Dependabot::Requirement
+      extend T::Sig
+
+      # Vcpkg requirements are simple strings, so we can just return a single
+      # requirement object for the given string.
+      sig { override.params(requirement_string: T.nilable(String)).returns(T::Array[Dependabot::Requirement]) }
+      def self.requirements_array(requirement_string)
+        [new(requirement_string)]
+      end
+    end
+  end
+end
+
+Dependabot::Utils.register_requirement_class("vcpkg", Dependabot::Vcpkg::Requirement)

data/lib/dependabot/vcpkg/update_checker/latest_version_finder.rb

@@ -0,0 +1,43 @@
+# typed: strict
+# frozen_string_literal: true
+
+require "sorbet-runtime"
+
+require "dependabot/update_checkers/base"
+require "dependabot/package/package_latest_version_finder"
+
+require "dependabot/vcpkg/package/package_details_fetcher"
+require "dependabot/vcpkg/requirement"
+require "dependabot/vcpkg/version"
+
+module Dependabot
+  module Vcpkg
+    class UpdateChecker < Dependabot::UpdateCheckers::Base
+      class LatestVersionFinder < Dependabot::Package::PackageLatestVersionFinder
+        extend T::Sig
+
+        sig { override.returns(T.nilable(Dependabot::Package::PackageDetails)) }
+        def package_details
+          @package_details ||= T.let(
+            Package::PackageDetailsFetcher.new(dependency: dependency).fetch,
+            T.nilable(Dependabot::Package::PackageDetails)
+          )
+        end
+
+        sig { returns(T.nilable(String)) }
+        def latest_tag
+          available_versions
+            &.then { |releases| filter_by_cooldown(releases) }
+            &.max_by(&:version)
+            &.details
+            &.[]("tag_sha")
+        end
+
+        private
+
+        sig { override.returns(T::Boolean) }
+        def cooldown_enabled? = Dependabot::Experiments.enabled?(:enable_cooldown_for_vcpkg)
+      end
+    end
+  end
+end

data/lib/dependabot/vcpkg/update_checker.rb

@@ -0,0 +1,79 @@
+# typed: strong
+# frozen_string_literal: true
+
+require "sorbet-runtime"
+
+require "dependabot/errors"
+require "dependabot/update_checkers"
+require "dependabot/update_checkers/base"
+
+module Dependabot
+  module Vcpkg
+    class UpdateChecker < Dependabot::UpdateCheckers::Base
+      extend T::Sig
+
+      require_relative "update_checker/latest_version_finder"
+
+      sig { override.returns(T.nilable(T.any(String, Dependabot::Version))) }
+      def latest_version
+        @latest_version ||= T.let(
+          latest_version_finder.latest_tag,
+          T.nilable(T.any(String, Dependabot::Version))
+        )
+      end
+
+      # Vcpkg baselines don't have resolvability issues since we're dealing with
+      # git tags from the official repository, so these methods delegate to latest_version
+      sig { override.returns(T.nilable(T.any(String, Dependabot::Version))) }
+      def latest_resolvable_version = latest_version
+
+      sig { override.returns(T.nilable(T.any(String, Dependabot::Version))) }
+      def latest_resolvable_version_with_no_unlock = latest_version
+
+      sig { override.returns(T::Array[T::Hash[Symbol, T.untyped]]) }
+      def updated_requirements
+        return dependency.requirements unless latest_version
+
+        dependency.requirements.filter_map do |requirement|
+          source = T.cast(requirement[:source], T.nilable(T::Hash[Symbol, T.untyped]))
+
+          if source
+            requirement.merge(source: source.merge(ref: latest_version.to_s))
+          else
+            requirement
+          end
+        end
+      end
+
+      private
+
+      # Vcpkg doesn't support full unlocking since dependencies are tracked via baselines
+      sig { override.returns(T::Boolean) }
+      def latest_version_resolvable_with_full_unlock? = false
+
+      sig { override.returns(T::Array[Dependabot::Dependency]) }
+      def updated_dependencies_after_full_unlock
+        raise NotImplementedError, "Vcpkg doesn't support full unlock operations"
+      end
+
+      sig { returns(LatestVersionFinder) }
+      def latest_version_finder
+        @latest_version_finder ||= T.let(
+          LatestVersionFinder.new(
+            dependency: dependency,
+            dependency_files: dependency_files,
+            credentials: credentials,
+            ignored_versions: ignored_versions,
+            security_advisories: security_advisories,
+            cooldown_options: update_cooldown,
+            raise_on_ignored: raise_on_ignored,
+            options: options
+          ),
+          T.nilable(LatestVersionFinder)
+        )
+      end
+    end
+  end
+end
+
+Dependabot::UpdateCheckers.register("vcpkg", Dependabot::Vcpkg::UpdateChecker)

data/lib/dependabot/vcpkg/version.rb

@@ -0,0 +1,16 @@
+# typed: strong
+# frozen_string_literal: true
+
+require "sorbet-runtime"
+
+require "dependabot/utils"
+require "dependabot/version"
+
+module Dependabot
+  module Vcpkg
+    class Version < Dependabot::Version
+    end
+  end
+end
+
+Dependabot::Utils.register_version_class("vcpkg", Dependabot::Vcpkg::Version)

data/lib/dependabot/vcpkg.rb

@@ -0,0 +1,43 @@
+# typed: strong
+# frozen_string_literal: true
+
+# These all need to be required so the various classes can be registered in a
+# lookup table of package manager names to concrete classes.
+require "dependabot/vcpkg/language"
+require "dependabot/vcpkg/package_manager"
+require "dependabot/vcpkg/file_fetcher"
+require "dependabot/vcpkg/file_parser"
+require "dependabot/vcpkg/update_checker"
+require "dependabot/vcpkg/file_updater"
+require "dependabot/vcpkg/metadata_finder"
+require "dependabot/vcpkg/requirement"
+require "dependabot/vcpkg/version"
+
+require "dependabot/pull_request_creator/labeler"
+Dependabot::PullRequestCreator::Labeler
+  .register_label_details("vcpkg", name: "vcpkg_package_manager", colour: "512BD4")
+
+require "dependabot/dependency"
+Dependabot::Dependency.register_production_check("vcpkg", ->(_) { true })
+
+module Dependabot
+  module Vcpkg
+    ECOSYSTEM = "vcpkg"
+
+    PACKAGE_MANAGER = "vcpkg"
+
+    LANGUAGE = "cpp"
+
+    # See: https://learn.microsoft.com/vcpkg/reference/vcpkg-json
+    VCPKG_JSON_FILENAME = "vcpkg.json"
+
+    # See: https://learn.microsoft.com/vcpkg/reference/vcpkg-configuration-json
+    VCPKG_CONFIGURATION_JSON_FILENAME = "vcpkg-configuration.json"
+
+    VCPKG_DEFAULT_BASELINE_DEPENDENCY_NAME = "github.com/microsoft/vcpkg"
+
+    VCPKG_DEFAULT_BASELINE_URL = "https://github.com/microsoft/vcpkg.git"
+
+    VCPKG_DEFAULT_BASELINE_DEFAULT_BRANCH = "master"
+  end
+end

metadata

@@ -0,0 +1,277 @@
+--- !ruby/object:Gem::Specification
+name: dependabot-vcpkg
+version: !ruby/object:Gem::Version
+  version: 0.321.2
+platform: ruby
+authors:
+- Dependabot
+bindir: bin
+cert_chain: []
+date: 1980-01-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: dependabot-common
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.321.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.321.2
+- !ruby/object:Gem::Dependency
+  name: debug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+- !ruby/object:Gem::Dependency
+  name: gpgme
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.2'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.12'
+- !ruby/object:Gem::Dependency
+  name: rspec-its
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rspec-sorbet
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.67'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.67'
+- !ruby/object:Gem::Dependency
+  name: rubocop-performance
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.22'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.22'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.29'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.29'
+- !ruby/object:Gem::Dependency
+  name: rubocop-sorbet
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.22'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.22'
+- !ruby/object:Gem::Dependency
+  name: turbo_tests
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
+- !ruby/object:Gem::Dependency
+  name: vcr
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.1'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.18'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.18'
+- !ruby/object:Gem::Dependency
+  name: webrick
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+description: dependabot-vcpkg provides support for managing VCPKG projects via Dependabot.
+email: opensource@github.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/dependabot/vcpkg.rb
+- lib/dependabot/vcpkg/file_fetcher.rb
+- lib/dependabot/vcpkg/file_parser.rb
+- lib/dependabot/vcpkg/file_updater.rb
+- lib/dependabot/vcpkg/language.rb
+- lib/dependabot/vcpkg/metadata_finder.rb
+- lib/dependabot/vcpkg/package/package_details_fetcher.rb
+- lib/dependabot/vcpkg/package_manager.rb
+- lib/dependabot/vcpkg/requirement.rb
+- lib/dependabot/vcpkg/update_checker.rb
+- lib/dependabot/vcpkg/update_checker/latest_version_finder.rb
+- lib/dependabot/vcpkg/version.rb
+homepage: https://github.com/dependabot/dependabot-core
+licenses:
+- MIT
+metadata:
+  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.321.2
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.3.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.3.0
+requirements: []
+rubygems_version: 3.6.9
+specification_version: 4
+summary: Provides Dependabot support for the VCPKG package manager.
+test_files: []