npm - @paklo/core - Versions diffs - 0.9.0 → 0.11.0 - Mend

@paklo/core 0.9.0 → 0.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

package/dist/azure/index.d.mts +1001 -493
package/dist/azure/index.mjs +883 -593
package/dist/azure/index.mjs.map +1 -1
package/dist/dependabot/index.d.mts +2 -2
package/dist/dependabot/index.mjs +3 -3
package/dist/{dependabot-rtPO9HdD.mjs → dependabot-DVf7lAEG.mjs} +80 -11
package/dist/dependabot-DVf7lAEG.mjs.map +1 -0
package/dist/github/index.mjs +1 -1
package/dist/{index-Byxjhvfz.d.mts → index-CjxvO_Pt.d.mts} +88 -28
package/dist/{job-BxOZ-hqF.mjs → job-COuliaYg.mjs} +13 -16
package/dist/{job-BxOZ-hqF.mjs.map → job-COuliaYg.mjs.map} +1 -1
package/dist/{logger-5PEqZVLr.mjs → logger-3Qfh9NUj.mjs} +2 -2
package/dist/logger-3Qfh9NUj.mjs.map +1 -0
package/dist/logger.mjs +1 -1
package/dist/usage.d.mts +1 -1
package/dist/usage.mjs +1 -1
package/package.json +6 -6
package/dist/dependabot-rtPO9HdD.mjs.map +0 -1
package/dist/logger-5PEqZVLr.mjs.map +0 -1

package/dist/{dependabot-rtPO9HdD.mjs → dependabot-DVf7lAEG.mjs} RENAMED Viewed

@@ -1,5 +1,5 @@
-import { n as logger } from "./logger-5PEqZVLr.mjs";
-import { h as DependabotPackageManagerSchema, s as DependabotDependencySchema } from "./job-BxOZ-hqF.mjs";
+import { n as logger } from "./logger-3Qfh9NUj.mjs";
+import { c as DependabotDependencySchema, g as DependabotPackageManagerSchema } from "./job-COuliaYg.mjs";
 import { z } from "zod";
 import * as crypto from "node:crypto";
 import { zValidator } from "@hono/zod-validator";
@@ -11,7 +11,7 @@ const DEPENDABOT_DEFAULT_AUTHOR_NAME = "dependabot[bot]";
 //#endregion
 //#region src/dependabot/branch-name.ts
-function getBranchNameForUpdate(packageEcosystem, targetBranchName, directory, dependencyGroupName, dependencies, separator = "/") {
+function getBranchNameForUpdate({ packageEcosystem, targetBranchName, directory, dependencyGroupName, dependencies, separator = "/" }) {
 	let branchName;
 	if (dependencyGroupName || dependencies.length > 1) {
 		const dependencyDigest = crypto.createHash("md5").update(dependencies.map((d) => `${d["dependency-name"]}-${d["dependency-version"]}`).join(",")).digest("hex").substring(0, 10);
@@ -424,19 +424,18 @@ const DependabotClosePullRequestSchema = z.object({
 	reason: DependabotClosePullRequestReasonEnum.nullish()
 });
 const DependabotMarkAsProcessedSchema = z.object({ "base-commit-sha": z.string().nullish() });
-const DependabotRecordUpdateJobErrorSchema = z.object({
+const DependabotJobErrorSchema = z.object({
 	"error-type": z.string(),
-	"error-details": z.record(z.string(), z.any()).nullish()
+	"error-details": z.record(z.string(), z.any()).nullish(),
+	unknown: z.boolean().nullish()
 });
+const DependabotRecordUpdateJobErrorSchema = DependabotJobErrorSchema.extend({});
 const DependabotRecordUpdateJobWarningSchema = z.object({
 	"warn-type": z.string(),
 	"warn-title": z.string(),
 	"warn-description": z.string()
 });
-const DependabotRecordUpdateJobUnknownErrorSchema = z.object({
-	"error-type": z.string(),
-	"error-details": z.record(z.string(), z.any()).nullish()
-});
+const DependabotRecordUpdateJobUnknownErrorSchema = DependabotJobErrorSchema.extend({});
 const DependabotRecordEcosystemVersionsSchema = z.object({ ecosystem_versions: z.record(z.string(), z.any()).nullish() });
 const DependabotEcosystemVersionManagerSchema = z.object({
 	name: z.string(),
@@ -630,5 +629,75 @@ function createApiServerApp({ basePath = `/api/update_jobs`, authenticate, getJo
 }
 //#endregion
-export { mapSourceFromDependabotConfigToJobConfig as A, mapAllowedUpdatesFromDependabotConfigToJobConfig as C, mapIgnoreConditionsFromDependabotConfigToJobConfig as D, mapGroupsFromDependabotConfigToJobConfig as E, getBranchNameForUpdate as F, sanitizeRef as I, DEPENDABOT_DEFAULT_AUTHOR_EMAIL as L, DEFAULT_EXPERIMENTS as M, parseExperiments as N, mapPackageEcosystemToPackageManager as O, setExperiment as P, DEPENDABOT_DEFAULT_AUTHOR_NAME as R, DependabotJobBuilder as S, mapExperiments as T, DependabotRecordUpdateJobErrorSchema as _, DependabotClosePullRequestSchema as a, DependabotUpdateDependencyListSchema as b, DependabotDependencySubmissionSchema as c, DependabotIncrementMetricSchema as d, DependabotMarkAsProcessedSchema as f, DependabotRecordEcosystemVersionsSchema as g, DependabotRecordEcosystemMetaSchema as h, DependabotClosePullRequestReasonEnum as i, mapVersionStrategyToRequirementsUpdateStrategy as j, mapSecurityAdvisories as k, DependabotEcosystemMetaSchema as l, DependabotRecordCooldownMetaSchema as m, DependabotRequestTypeSchema as n, DependabotCreatePullRequestSchema as o, DependabotMetricSchema as p, createApiServerApp as r, DependabotDependencyFileSchema as s, DependabotRequestSchema as t, DependabotEcosystemVersionManagerSchema as u, DependabotRecordUpdateJobUnknownErrorSchema as v, mapCredentials as w, DependabotUpdatePullRequestSchema as x, DependabotRecordUpdateJobWarningSchema as y };
-//# sourceMappingURL=dependabot-rtPO9HdD.mjs.map
+//#region src/dependabot/utils.ts
+function normalizeFilePath(path) {
+	return path?.replace(/\\/g, "/")?.replace(/^\.\//, "/")?.replace(/^([^/])/, "/$1");
+}
+function normalizeBranchName(branch) {
+	return branch?.replace(/^refs\/heads\//i, "");
+}
+function getDependencyNames(dependencies) {
+	return (Array.isArray(dependencies) ? dependencies : dependencies.dependencies).map((dep) => dep["dependency-name"]?.toString());
+}
+function areEqual(a, b) {
+	if (a.length !== b.length) return false;
+	return a.every((name) => b.includes(name));
+}
+function getPullRequestCloseReason(data) {
+	const leadDependencyName = data["dependency-names"][0];
+	let reason;
+	switch (data.reason) {
+		case "dependencies_changed":
+			reason = `Looks like the dependencies have changed`;
+			break;
+		case "dependency_group_empty":
+			reason = `Looks like the dependencies in this group are now empty`;
+			break;
+		case "dependency_removed":
+			reason = `Looks like ${leadDependencyName} is no longer a dependency`;
+			break;
+		case "up_to_date":
+			reason = `Looks like ${leadDependencyName} is up-to-date now`;
+			break;
+		case "update_no_longer_possible":
+			reason = `Looks like ${leadDependencyName} can no longer be updated`;
+			break;
+	}
+	if (reason && reason.length > 0) reason += ", so this is no longer needed.";
+	return reason;
+}
+function getPullRequestDependencies(data) {
+	const dependencies = data.dependencies?.map((dep) => {
+		return {
+			"dependency-name": dep.name,
+			"dependency-version": dep.version,
+			directory: dep.directory
+		};
+	});
+	const dependencyGroupName = data["dependency-group"]?.name;
+	if (!dependencyGroupName) return dependencies;
+	return {
+		"dependency-group-name": dependencyGroupName,
+		dependencies
+	};
+}
+function getPullRequestDescription({ packageManager, body, dependencies, maxDescriptionLength }) {
+	let header = "";
+	const footer = "";
+	const description = (body || "").replace(new RegExp(decodeURIComponent("%EF%BF%BD%EF%BF%BD%EF%BF%BD"), "g"), "");
+	if (dependencies.length === 1) {
+		const compatibilityScoreBadges = dependencies.map((dep) => {
+			return `![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=${dep.name}&package-manager=${packageManager}&previous-version=${dep["previous-version"]}&new-version=${dep.version})`;
+		});
+		header += `${compatibilityScoreBadges.join(" ")}\n\n`;
+	}
+	if (maxDescriptionLength) {
+		const maxDescriptionLengthAfterHeaderAndFooter = maxDescriptionLength - header.length - 0;
+		return `${header}${description.substring(0, maxDescriptionLengthAfterHeaderAndFooter)}${footer}`;
+	}
+	return `${header}${description}${footer}`;
+}
+//#endregion
+export { DependabotJobBuilder as A, DEFAULT_EXPERIMENTS as B, DependabotRecordEcosystemMetaSchema as C, DependabotRecordUpdateJobWarningSchema as D, DependabotRecordUpdateJobUnknownErrorSchema as E, mapIgnoreConditionsFromDependabotConfigToJobConfig as F, DEPENDABOT_DEFAULT_AUTHOR_EMAIL as G, setExperiment as H, mapPackageEcosystemToPackageManager as I, DEPENDABOT_DEFAULT_AUTHOR_NAME as K, mapSecurityAdvisories as L, mapCredentials as M, mapExperiments as N, DependabotUpdateDependencyListSchema as O, mapGroupsFromDependabotConfigToJobConfig as P, mapSourceFromDependabotConfigToJobConfig as R, DependabotRecordCooldownMetaSchema as S, DependabotRecordUpdateJobErrorSchema as T, getBranchNameForUpdate as U, parseExperiments as V, sanitizeRef as W, DependabotEcosystemVersionManagerSchema as _, getPullRequestDescription as a, DependabotMarkAsProcessedSchema as b, DependabotRequestSchema as c, DependabotClosePullRequestReasonEnum as d, DependabotClosePullRequestSchema as f, DependabotEcosystemMetaSchema as g, DependabotDependencySubmissionSchema as h, getPullRequestDependencies as i, mapAllowedUpdatesFromDependabotConfigToJobConfig as j, DependabotUpdatePullRequestSchema as k, DependabotRequestTypeSchema as l, DependabotDependencyFileSchema as m, getDependencyNames as n, normalizeBranchName as o, DependabotCreatePullRequestSchema as p, getPullRequestCloseReason as r, normalizeFilePath as s, areEqual as t, createApiServerApp as u, DependabotIncrementMetricSchema as v, DependabotRecordEcosystemVersionsSchema as w, DependabotMetricSchema as x, DependabotJobErrorSchema as y, mapVersionStrategyToRequirementsUpdateStrategy as z };
+//# sourceMappingURL=dependabot-DVf7lAEG.mjs.map

package/dist/dependabot-DVf7lAEG.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"dependabot-DVf7lAEG.mjs","names":["branchName: string","DEFAULT_EXPERIMENTS: DependabotExperiments","updatingPullRequest: boolean","updateDependencyGroupName: string | null","updateDependencyNames: string[] | null","vulnerabilities: SecurityVulnerability[] | undefined","success: boolean","reason: string | undefined"],"sources":["../src/dependabot/author.ts","../src/dependabot/branch-name.ts","../src/dependabot/experiments.ts","../src/dependabot/job-builder.ts","../src/dependabot/update.ts","../src/dependabot/server.ts","../src/dependabot/utils.ts"],"sourcesContent":["export type GitAuthor = {\n name: string;\n email: string;\n};\n\nexport const DEPENDABOT_DEFAULT_AUTHOR_EMAIL = 'noreply@github.com';\nexport const DEPENDABOT_DEFAULT_AUTHOR_NAME = 'dependabot[bot]';\n","import * as crypto from 'node:crypto';\nimport type { PackageEcosystem } from './config';\nimport type { DependabotExistingPR } from './job';\n\n// TODO: figure out how to handle IDENTIFIER field (in a group) in branch naming\n// Docs: https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#groups--\n// -> An identifier for a group is used in branch names and pull request titles.\n\nexport function getBranchNameForUpdate({\n packageEcosystem,\n targetBranchName,\n directory,\n dependencyGroupName,\n dependencies,\n separator = '/',\n}: {\n packageEcosystem: PackageEcosystem;\n targetBranchName?: string;\n directory?: string;\n dependencyGroupName?: string;\n dependencies: DependabotExistingPR[];\n separator?: string;\n}): string {\n // Based on dependabot-core implementation:\n // https://github.com/dependabot/dependabot-core/blob/main/common/lib/dependabot/pull_request_creator/branch_namer/solo_strategy.rb\n // https://github.com/dependabot/dependabot-core/blob/main/common/lib/dependabot/pull_request_creator/branch_namer/dependency_group_strategy.rb\n let branchName: string;\n const branchNameMightBeTooLong = dependencyGroupName || dependencies.length > 1;\n if (branchNameMightBeTooLong) {\n // Group/multi dependency update\n // e.g. dependabot/nuget/main/microsoft-3b49c54d9e\n const dependencyDigest = crypto\n .createHash('md5')\n .update(dependencies.map((d) => `${d['dependency-name']}-${d['dependency-version']}`).join(','))\n .digest('hex')\n .substring(0, 10);\n branchName = `${dependencyGroupName || 'multi'}-${dependencyDigest}`;\n } else {\n // Single dependency update\n // e.g. dependabot/nuget/main/Microsoft.Extensions.Logging-1.0.0\n const dependencyNames = dependencies\n .map((d) => d['dependency-name'])\n .join('-and-')\n .replace(/[:[]]/g, '-') // Replace `:` and `[]` with `-`\n .replace(/@/g, ''); // Remove `@`\n const versionSuffix = dependencies[0]?.removed ? 'removed' : dependencies[0]?.['dependency-version'];\n branchName = `${dependencyNames}-${versionSuffix}`;\n }\n\n return sanitizeRef(\n [\n 'dependabot',\n packageEcosystem,\n targetBranchName,\n // normalize directory to remove leading/trailing slashes and replace remaining ones with the separator\n directory\n ? directory\n .split('/')\n .filter((part) => part.length > 0)\n .join(separator)\n : undefined,\n branchName,\n ],\n separator,\n );\n}\n\nexport function sanitizeRef(refParts: (string | undefined)[], separator: string): string {\n // Based on dependabot-core implementation:\n // https://github.com/dependabot/dependabot-core/blob/fc31ae64f492dc977cfe6773ab13fb6373aabec4/common/lib/dependabot/pull_request_creator/branch_namer/base.rb#L99\n\n // This isn't a complete implementation of git's ref validation, but it\n // covers most cases that crop up. Its list of allowed characters is a\n // bit stricter than git's, but that's for cosmetic reasons.\n return (\n refParts\n // Join the parts with the separator, ignore empty parts\n .filter((p) => p && p.trim().length > 0)\n .join(separator)\n // Remove forbidden characters (those not already replaced elsewhere)\n .replace(/[^A-Za-z0-9/\\-_.(){}]/g, '')\n // Slashes can't be followed by periods\n .replace(/\\/\\./g, '/dot-')\n // Squeeze out consecutive periods and slashes\n .replace(/\\.+/g, '.')\n .replace(/\\/+/g, '/')\n // Trailing periods are forbidden\n .replace(/\\.$/, '')\n );\n}\n","import type { DependabotExperiments } from './job';\n\n// The default experiments known to be used by the GitHub Dependabot service.\n// This changes often, update as needed by extracting them from a Dependabot GitHub Action run.\n// e.g. https://github.com/mburumaxwell/dependabot-azure-devops/actions/workflows/dependabot/dependabot-updates\nexport const DEFAULT_EXPERIMENTS: DependabotExperiments = {\n 'record-ecosystem-versions': true,\n 'record-update-job-unknown-error': true,\n 'proxy-cached': true,\n 'dependency-change-validation': true,\n 'enable-file-parser-python-local': true,\n 'npm-fallback-version-above-v6': true,\n 'enable-record-ecosystem-meta': true,\n 'enable-corepack-for-npm-and-yarn': true,\n 'enable-shared-helpers-command-timeout': true,\n 'enable-dependabot-setting-up-cronjob': true,\n 'enable-engine-version-detection': true,\n 'avoid-duplicate-updates-package-json': true,\n 'allow-refresh-for-existing-pr-dependencies': true,\n 'allow-refresh-group-with-all-dependencies': true,\n 'exclude-local-composer-packages': true,\n 'enable-enhanced-error-details-for-updater': true,\n 'gradle-lockfile-updater': true,\n 'enable-exclude-paths-subdirectory-manifest-files': true,\n 'group-membership-enforcement': true,\n 'deprecate-close-command': true,\n 'deprecate-reopen-command': true,\n 'deprecate-merge-command': true,\n 'deprecate-cancel-merge-command': true,\n 'deprecate-squash-merge-command': true,\n};\n\n/**\n * Parses a comma-separated list of key=value pairs representing experiments.\n * @param raw A comma-separated list of key=value pairs representing experiments.\n * @returns A map of experiment names to their values.\n */\nexport function parseExperiments(raw?: string): DependabotExperiments | undefined {\n return raw\n ?.split(',')\n .filter((entry) => entry.trim() !== '') // <-- filter out empty entries\n .reduce((acc, cur) => {\n const [key, value] = cur.split('=', 2);\n acc[key!] = value || true;\n return acc;\n }, {} as DependabotExperiments);\n}\n\n/**\n * Set experiment in the given experiments map.\n * If the experiments map is undefined, a new map will be created.\n * @param experiments The experiments map to set the experiment in.\n * @param name The name of the experiment to set.\n * @param value The value of the experiment to set. Defaults to true.\n * @returns The updated experiments map.\n */\nexport function setExperiment(\n experiments: DependabotExperiments | undefined,\n name: string,\n value: boolean | string = true,\n): DependabotExperiments {\n return {\n ...(experiments || {}),\n // always add the experiment, even if the value is false or an empty string\n // this allows explicit disabling of experiments\n [name]: value,\n };\n}\n","import type { SecurityVulnerability } from '@/github';\nimport type {\n DependabotAllowCondition,\n DependabotConfig,\n DependabotGroup,\n DependabotIgnoreCondition,\n DependabotRegistry,\n DependabotUpdate,\n PackageEcosystem,\n VersioningStrategy,\n} from './config';\nimport { setExperiment } from './experiments';\nimport type {\n DependabotAllowed,\n DependabotCondition,\n DependabotCredential,\n DependabotExistingGroupPR,\n DependabotExperiments,\n DependabotGroupJob,\n DependabotJobConfig,\n DependabotPackageManager,\n DependabotPersistedPr,\n DependabotSecurityAdvisory,\n DependabotSource,\n DependabotSourceProvider,\n} from './job';\n\nexport type DependabotSourceInfo = {\n provider: DependabotSourceProvider;\n hostname: string;\n 'api-endpoint': string;\n 'repository-slug': string;\n};\n\nexport type DependabotJobBuilderOutput = {\n job: DependabotJobConfig;\n credentials: DependabotCredential[];\n};\n\n/**\n * Class for building dependabot job objects\n */\nexport class DependabotJobBuilder {\n private readonly config: DependabotConfig;\n private readonly update: DependabotUpdate;\n private readonly experiments: DependabotExperiments;\n private readonly debug: boolean;\n\n private readonly packageManager: DependabotPackageManager;\n private readonly source: DependabotSource;\n private readonly credentials: DependabotCredential[];\n\n constructor({\n source,\n config,\n update,\n systemAccessUser,\n systemAccessToken,\n githubToken,\n experiments,\n debug,\n }: {\n source: DependabotSourceInfo;\n config: DependabotConfig;\n update: DependabotUpdate;\n experiments: DependabotExperiments;\n systemAccessUser?: string;\n systemAccessToken?: string;\n githubToken?: string;\n /** Determines if verbose log messages are logged */\n debug: boolean;\n }) {\n this.config = config;\n this.update = update;\n this.debug = debug;\n\n this.experiments = setExperiment(experiments, 'enable_beta_ecosystems', config['enable-beta-ecosystems']);\n\n this.packageManager = mapPackageEcosystemToPackageManager(update['package-ecosystem']);\n this.source = mapSourceFromDependabotConfigToJobConfig(source, update);\n this.credentials = mapCredentials({\n sourceHostname: source.hostname,\n systemAccessUser,\n systemAccessToken,\n githubToken,\n registries: config.registries,\n });\n }\n\n /**\n * Create a dependabot update job that updates nothing, but will discover the dependency list for a package ecosystem\n */\n public forDependenciesList({\n id,\n command,\n }: {\n id: string;\n command: DependabotJobConfig['command'];\n }): DependabotJobBuilderOutput {\n return {\n job: {\n id: id,\n command: command,\n 'package-manager': this.packageManager,\n 'updating-a-pull-request': false,\n dependencies: null,\n 'allowed-updates': [{ 'dependency-type': 'direct', 'update-type': 'all' }],\n 'ignore-conditions': [{ 'dependency-name': '*' }],\n 'security-updates-only': false,\n 'security-advisories': [],\n source: this.source,\n 'update-subdependencies': false,\n 'existing-pull-requests': [],\n 'existing-group-pull-requests': [],\n experiments: this.experiments,\n 'requirements-update-strategy': null,\n 'lockfile-only': false,\n 'commit-message-options': {\n prefix: null,\n 'prefix-development': null,\n 'include-scope': null,\n },\n 'vendor-dependencies': false,\n 'repo-private': true,\n debug: this.debug,\n },\n credentials: this.credentials,\n };\n }\n\n /**\n * Create a dependabot update job that updates all dependencies for a package ecosystem\n */\n public forUpdate({\n id,\n command,\n dependencyNamesToUpdate,\n existingPullRequests,\n pullRequestToUpdate,\n securityVulnerabilities,\n }: {\n id: string;\n command: DependabotJobConfig['command'];\n dependencyNamesToUpdate?: string[];\n existingPullRequests: DependabotPersistedPr[];\n pullRequestToUpdate?: DependabotPersistedPr;\n securityVulnerabilities?: SecurityVulnerability[];\n }): DependabotJobBuilderOutput {\n const securityOnlyUpdate = this.update['open-pull-requests-limit'] === 0;\n\n let updatingPullRequest: boolean;\n let updateDependencyGroupName: string | null = null;\n let updateDependencyNames: string[] | null;\n let vulnerabilities: SecurityVulnerability[] | undefined;\n\n if (pullRequestToUpdate) {\n updatingPullRequest = true;\n updateDependencyGroupName = Array.isArray(pullRequestToUpdate)\n ? null\n : pullRequestToUpdate['dependency-group-name'];\n updateDependencyNames = (\n Array.isArray(pullRequestToUpdate) ? pullRequestToUpdate : pullRequestToUpdate.dependencies\n )?.map((d) => d['dependency-name']);\n vulnerabilities = securityVulnerabilities?.filter((v) => updateDependencyNames?.includes(v.package.name));\n } else {\n updatingPullRequest = false;\n const names = dependencyNamesToUpdate?.length ? dependencyNamesToUpdate : null;\n updateDependencyNames =\n securityOnlyUpdate && names\n ? names?.filter((d) => securityVulnerabilities?.find((v) => v.package.name === d))\n : names;\n vulnerabilities = securityVulnerabilities;\n }\n\n return {\n job: {\n id: id,\n command: command,\n 'package-manager': this.packageManager,\n 'updating-a-pull-request': updatingPullRequest || false,\n 'dependency-group-to-refresh': updateDependencyGroupName,\n 'dependency-groups': mapGroupsFromDependabotConfigToJobConfig(this.update.groups),\n dependencies: updateDependencyNames,\n 'allowed-updates': mapAllowedUpdatesFromDependabotConfigToJobConfig(this.update.allow, securityOnlyUpdate),\n 'ignore-conditions': mapIgnoreConditionsFromDependabotConfigToJobConfig(this.update.ignore),\n 'security-updates-only': securityOnlyUpdate,\n 'security-advisories': mapSecurityAdvisories(vulnerabilities),\n source: this.source,\n 'update-subdependencies': false,\n 'existing-pull-requests': existingPullRequests.filter((pr) => Array.isArray(pr)),\n 'existing-group-pull-requests': existingPullRequests.filter(\n (pr): pr is DependabotExistingGroupPR => !Array.isArray(pr),\n ),\n 'commit-message-options': {\n prefix: this.update['commit-message']?.prefix ?? null,\n 'prefix-development': this.update['commit-message']?.['prefix-development'] ?? null,\n 'include-scope':\n this.update['commit-message']?.include?.toLocaleLowerCase()?.trim() === 'scope' ? true : null,\n },\n cooldown: this.update.cooldown,\n experiments: mapExperiments(this.experiments),\n 'reject-external-code':\n this.update['insecure-external-code-execution']?.toLocaleLowerCase()?.trim() === 'allow',\n 'requirements-update-strategy': mapVersionStrategyToRequirementsUpdateStrategy(\n this.update['versioning-strategy'],\n ),\n 'lockfile-only': this.update['versioning-strategy'] === 'lockfile-only',\n 'vendor-dependencies': this.update.vendor ?? false,\n 'repo-private': true,\n debug: this.debug,\n 'proxy-log-response-body-on-auth-failure': true,\n 'max-updater-run-time': 2700,\n 'enable-beta-ecosystems': this.config['enable-beta-ecosystems'] || false,\n // Updates across ecosystems is still in development\n // See https://github.com/dependabot/dependabot-core/issues/8126\n // https://github.com/dependabot/dependabot-core/pull/12339\n // It needs to merged in the core repo first before we support it\n // However, to match current job configs and to prevent surprises, we disable it\n 'multi-ecosystem-update': false,\n 'exclude-paths': this.update['exclude-paths'],\n },\n credentials: this.credentials,\n };\n }\n}\n\nexport function mapPackageEcosystemToPackageManager(ecosystem: PackageEcosystem): DependabotPackageManager {\n // Map the dependabot config \"package ecosystem\" to the equivalent dependabot-core/cli \"package manager\".\n // Config values: https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#package-ecosystem-\n // Core/CLI values: https://github.com/dependabot/dependabot-core/blob/main/common/lib/dependabot/config/file.rb#L60-L81\n switch (ecosystem) {\n case 'docker-compose':\n return 'docker_compose';\n case 'dotnet-sdk':\n return 'dotnet_sdk';\n case 'github-actions':\n return 'github_actions';\n case 'gitsubmodule':\n return 'submodules';\n case 'gomod':\n return 'go_modules';\n case 'mix':\n return 'hex';\n case 'npm':\n return 'npm_and_yarn';\n // Additional aliases, sometimes used for convenience\n case 'pipenv':\n return 'pip';\n case 'pip-compile':\n return 'pip';\n case 'poetry':\n return 'pip';\n case 'pnpm':\n return 'npm_and_yarn';\n case 'rust-toolchain':\n return 'rust_toolchain';\n case 'yarn':\n return 'npm_and_yarn';\n default:\n return ecosystem;\n }\n}\n\nexport function mapSourceFromDependabotConfigToJobConfig(\n source: DependabotSourceInfo,\n update: DependabotUpdate,\n): DependabotSource {\n return {\n provider: source.provider,\n 'api-endpoint': source['api-endpoint'],\n hostname: source.hostname,\n repo: source['repository-slug'],\n branch: update['target-branch'],\n commit: null, // use latest commit of target branch\n directory: update.directory,\n directories: update.directories,\n };\n}\n\nexport function mapVersionStrategyToRequirementsUpdateStrategy(strategy?: VersioningStrategy): string | null {\n if (!strategy) return null;\n switch (strategy) {\n case 'auto':\n return null;\n case 'increase':\n return 'bump_versions';\n case 'increase-if-necessary':\n return 'bump_versions_if_necessary';\n case 'lockfile-only':\n return 'lockfile_only';\n case 'widen':\n return 'widen_ranges';\n default:\n throw new Error(`Invalid dependabot.yaml versioning strategy option '${strategy}'`);\n }\n}\n\nexport function mapGroupsFromDependabotConfigToJobConfig(\n dependencyGroups?: Record<string, DependabotGroup | null>,\n): DependabotGroupJob[] {\n if (!dependencyGroups || !Object.keys(dependencyGroups).length) return [];\n return Object.keys(dependencyGroups)\n .filter((name) => dependencyGroups[name])\n .map((name) => {\n const group = dependencyGroups[name]!;\n return {\n name: name,\n 'applies-to': group['applies-to'],\n rules: {\n patterns: group.patterns?.length ? group.patterns : ['*'],\n 'exclude-patterns': group['exclude-patterns'],\n 'dependency-type': group['dependency-type'],\n 'update-types': group['update-types'],\n },\n } satisfies DependabotGroupJob;\n });\n}\n\nexport function mapAllowedUpdatesFromDependabotConfigToJobConfig(\n allowedUpdates?: DependabotAllowCondition[],\n securityOnlyUpdate?: boolean,\n): DependabotAllowed[] {\n // If no allow conditions are specified, update direct dependencies by default; This is what GitHub does.\n // NOTE: 'update-type' appears to be a deprecated config, but still appears in the dependabot-core model and GitHub Dependabot job logs.\n // See: https://github.com/dependabot/dependabot-core/blob/b3a0c1f86c20729494097ebc695067099f5b4ada/updater/lib/dependabot/job.rb#L253C1-L257C78\n if (!allowedUpdates) {\n return [\n {\n 'dependency-type': 'direct',\n 'update-type': securityOnlyUpdate ? 'security' : 'all',\n },\n ];\n }\n return allowedUpdates.map((allow) => {\n return {\n 'dependency-name': allow['dependency-name'],\n 'dependency-type': allow['dependency-type'],\n 'update-type': allow['update-type'],\n };\n });\n}\n\nexport function mapIgnoreConditionsFromDependabotConfigToJobConfig(\n ignoreConditions?: DependabotIgnoreCondition[],\n): DependabotCondition[] {\n if (!ignoreConditions) return [];\n return ignoreConditions.map((ignore) => {\n return {\n source: ignore.source,\n 'updated-at': ignore['updated-at'],\n 'dependency-name': ignore['dependency-name'] ?? '*',\n 'update-types': ignore['update-types'],\n\n // The dependabot.yml config docs are not very clear about acceptable values; after scanning dependabot-core and dependabot-cli,\n // this could either be a single version string (e.g. '>1.0.0'), or multiple version strings separated by commas (e.g. '>1.0.0, <2.0.0')\n 'version-requirement': Array.isArray(ignore.versions) ? (<string[]>ignore.versions)?.join(', ') : ignore.versions,\n } satisfies DependabotCondition;\n });\n}\n\nexport function mapExperiments(experiments?: DependabotExperiments): DependabotExperiments {\n experiments ??= {};\n return Object.keys(experiments).reduce((acc, key) => {\n // Experiment values are known to be either 'true', 'false', or a string value.\n // If the value is 'true' or 'false', convert it to a boolean type so that dependabot-core handles it correctly.\n const value = experiments[key];\n if (typeof value === 'string' && value?.toLocaleLowerCase() === 'true') {\n acc[key] = true;\n } else if (typeof value === 'string' && value?.toLocaleLowerCase() === 'false') {\n acc[key] = false;\n } else {\n if (typeof value === 'string' || typeof value === 'boolean') acc[key] = value;\n }\n return acc;\n }, {} as DependabotExperiments);\n}\n\nexport function mapSecurityAdvisories(securityVulnerabilities?: SecurityVulnerability[]): DependabotSecurityAdvisory[] {\n if (!securityVulnerabilities) return [];\n\n // A single security advisory can cause a vulnerability in multiple versions of a package.\n // We need to map each unique security advisory to a list of affected-versions and patched-versions.\n const vulnerabilitiesGroupedByPackageNameAndAdvisoryId = new Map<string, SecurityVulnerability[]>();\n for (const vuln of securityVulnerabilities) {\n const key = `${vuln.package.name}/${vuln.advisory.identifiers.map((i) => `${i.type}:${i.value}`).join('/')}`;\n if (!vulnerabilitiesGroupedByPackageNameAndAdvisoryId.has(key)) {\n vulnerabilitiesGroupedByPackageNameAndAdvisoryId.set(key, []);\n }\n vulnerabilitiesGroupedByPackageNameAndAdvisoryId.get(key)!.push(vuln);\n }\n return Array.from(vulnerabilitiesGroupedByPackageNameAndAdvisoryId.values()).map((vulns) => {\n return {\n 'dependency-name': vulns[0]!.package.name,\n 'affected-versions': vulns.map((v) => v.vulnerableVersionRange).filter((v) => v && v.length > 0),\n 'patched-versions': vulns\n .map((v) => v.firstPatchedVersion?.identifier)\n .filter((v) => v && v.length > 0)\n .map((v) => v!),\n 'unaffected-versions': [],\n } satisfies DependabotSecurityAdvisory;\n });\n}\n\nexport function mapCredentials({\n sourceHostname,\n systemAccessUser,\n systemAccessToken,\n githubToken,\n registries,\n}: {\n sourceHostname: string;\n systemAccessUser?: string;\n systemAccessToken?: string;\n githubToken?: string;\n registries?: Record<string, DependabotRegistry>;\n}): DependabotCredential[] {\n const credentials = [];\n\n // Required to authenticate with the git repository when cloning the source code\n if (systemAccessToken) {\n credentials.push({\n type: 'git_source',\n host: sourceHostname,\n username: (systemAccessUser ?? '').trim()?.length > 0 ? systemAccessUser : 'x-access-token',\n password: systemAccessToken,\n });\n }\n\n // Required to avoid rate-limiting errors when generating pull request descriptions (e.g. fetching release notes, commit messages, etc)\n if (githubToken) {\n credentials.push({\n type: 'git_source',\n host: 'github.com',\n username: 'x-access-token',\n password: githubToken,\n });\n }\n if (registries) {\n // TODO: only registries for the current update should be set\n // Required to authenticate with private package feeds when finding the latest version of dependencies.\n // The registries have already been worked on (see parseRegistries) so there is no need to do anything else.\n credentials.push(...Object.values(registries));\n }\n\n return credentials;\n}\n","import { z } from 'zod';\nimport { DependabotDependencySchema, DependabotPackageManagerSchema } from './job';\n\n// we use nullish() because it does optional() and allows the value to be set to null\n\nexport const DependabotDependencyFileSchema = z.object({\n // https://github.com/dependabot/dependabot-core/blob/5e2711f9913cc387acb7cb0d29d51fb52d235ef2/common/lib/dependabot/dependency_file.rb#L14-L15\n content: z.string().nullish(),\n content_encoding: z\n .enum([\n 'utf-8',\n 'base64',\n // for some reason, some files (e.g. txt in gomod) are marked as empty string encoding\n '',\n ])\n .nullish(),\n deleted: z.boolean().nullish(),\n directory: z.string(),\n name: z.string(),\n operation: z.enum(['update', 'create', 'delete']),\n support_file: z.boolean().nullish(),\n vendored_file: z.boolean().nullish(),\n symlink_target: z.string().nullish(),\n type: z.string().nullish(),\n mode: z\n .enum({\n executable: '100755',\n file: '100644',\n directory: '040000',\n submodule: '160000',\n symlink: '120000',\n })\n .or(z.string())\n .nullish(),\n});\nexport type DependabotDependencyFile = z.infer<typeof DependabotDependencyFileSchema>;\n\nexport const DependabotUpdateDependencyListSchema = z.object({\n dependencies: DependabotDependencySchema.array(),\n dependency_files: z.string().array().nullish(),\n});\nexport type DependabotUpdateDependencyList = z.infer<typeof DependabotUpdateDependencyListSchema>;\n\nexport const DependabotDependencySubmissionSchema = z.object({\n version: z.number(),\n sha: z.string(),\n ref: z.string(),\n job: z.object({\n correlator: z.string(),\n id: z.string(),\n }),\n detector: z.object({\n name: z.string(),\n version: z.string(),\n url: z.string(),\n }),\n manifests: z.object({\n name: z.string().nullish(),\n file: z.object({ source_location: z.string() }).nullish(),\n metadata: z.object({ ecosystem: DependabotPackageManagerSchema }).nullish(),\n resolved: z\n .object({\n package_url: z.string(),\n relationship: z.enum(['direct', 'indirect']),\n scope: z.enum(['runtime', 'development']),\n dependencies: DependabotDependencySchema.array(),\n })\n .nullish(),\n }),\n});\nexport type DependabotDependencySubmission = z.infer<typeof DependabotDependencySubmissionSchema>;\n\nexport const DependabotCreatePullRequestSchema = z.object({\n 'base-commit-sha': z.string(),\n dependencies: DependabotDependencySchema.array(),\n 'updated-dependency-files': DependabotDependencyFileSchema.array(),\n 'pr-title': z.string(),\n 'pr-body': z.string().nullish(),\n 'commit-message': z.string(),\n 'dependency-group': z.record(z.string(), z.any()).nullish(),\n});\nexport type DependabotCreatePullRequest = z.infer<typeof DependabotCreatePullRequestSchema>;\n\nexport const DependabotUpdatePullRequestSchema = z.object({\n 'base-commit-sha': z.string(),\n 'dependency-names': z.string().array(),\n 'updated-dependency-files': DependabotDependencyFileSchema.array(),\n 'pr-title': z.string().nullish(), // this is usually excluded when working with dependabot-cli and an empty string if the API\n 'pr-body': z.string().nullish(), // this is usually excluded when working with dependabot-cli and an empty string if the API\n 'commit-message': z.string().nullish(), // this is usually excluded when working with dependabot-cli and an empty string if the API\n 'dependency-group': z.record(z.string(), z.any()).nullish(),\n});\nexport type DependabotUpdatePullRequest = z.infer<typeof DependabotUpdatePullRequestSchema>;\n\nexport const DependabotClosePullRequestReasonEnum = z.enum([\n 'dependencies_changed',\n 'dependency_group_empty',\n 'dependency_removed',\n 'up_to_date',\n 'update_no_longer_possible',\n]);\nexport type DependabotClosePullRequestReason = z.infer<typeof DependabotClosePullRequestReasonEnum>;\nexport const DependabotClosePullRequestSchema = z.object({\n 'dependency-names': z.string().array(),\n reason: DependabotClosePullRequestReasonEnum.nullish(),\n});\nexport type DependabotClosePullRequest = z.infer<typeof DependabotClosePullRequestSchema>;\n\nexport const DependabotMarkAsProcessedSchema = z.object({\n 'base-commit-sha': z.string().nullish(),\n});\nexport type DependabotMarkAsProcessed = z.infer<typeof DependabotMarkAsProcessedSchema>;\n\nexport const DependabotJobErrorSchema = z.object({\n 'error-type': z.string(),\n 'error-details': z.record(z.string(), z.any()).nullish(),\n unknown: z.boolean().nullish(), // own property to differentiate between known and unknown errors\n});\nexport type DependabotJobError = z.infer<typeof DependabotJobErrorSchema>;\n\nexport const DependabotRecordUpdateJobErrorSchema = DependabotJobErrorSchema.extend({});\nexport type DependabotRecordUpdateJobError = z.infer<typeof DependabotRecordUpdateJobErrorSchema>;\n\nexport const DependabotRecordUpdateJobWarningSchema = z.object({\n 'warn-type': z.string(),\n 'warn-title': z.string(),\n 'warn-description': z.string(),\n});\nexport type DependabotRecordUpdateJobWarning = z.infer<typeof DependabotRecordUpdateJobWarningSchema>;\n\nexport const DependabotRecordUpdateJobUnknownErrorSchema = DependabotJobErrorSchema.extend({});\nexport type DependabotRecordUpdateJobUnknownError = z.infer<typeof DependabotRecordUpdateJobUnknownErrorSchema>;\n\nexport const DependabotRecordEcosystemVersionsSchema = z.object({\n ecosystem_versions: z.record(z.string(), z.any()).nullish(),\n});\nexport type DependabotRecordEcosystemVersions = z.infer<typeof DependabotRecordEcosystemVersionsSchema>;\n\nexport const DependabotEcosystemVersionManagerSchema = z.object({\n name: z.string(),\n version: z.string(),\n raw_version: z.string(),\n requirement: z.record(z.string(), z.any()).nullish(),\n});\nexport type DependabotEcosystemVersionManager = z.infer<typeof DependabotEcosystemVersionManagerSchema>;\n\nexport const DependabotEcosystemMetaSchema = z.object({\n name: z.string(),\n package_manager: DependabotEcosystemVersionManagerSchema.nullish(),\n language: DependabotEcosystemVersionManagerSchema.nullish(),\n version: DependabotEcosystemVersionManagerSchema.nullish(),\n});\nexport type DependabotEcosystemMeta = z.infer<typeof DependabotEcosystemMetaSchema>;\n\nexport const DependabotRecordEcosystemMetaSchema = z.object({\n ecosystem: DependabotEcosystemMetaSchema,\n});\nexport type DependabotRecordEcosystemMeta = z.infer<typeof DependabotRecordEcosystemMetaSchema>;\n\nexport const DependabotRecordCooldownMetaSchema = z.object({\n cooldown: z.object({\n ecosystem_name: DependabotPackageManagerSchema,\n config: z.object({\n default_days: z.number(),\n semver_major_days: z.number(),\n semver_minor_days: z.number(),\n semver_patch_days: z.number(),\n }),\n }),\n});\nexport type DependabotRecordCooldownMeta = z.infer<typeof DependabotRecordCooldownMetaSchema>;\n\nexport const DependabotIncrementMetricSchema = z.object({\n metric: z.string(),\n tags: z.record(z.string(), z.any()).nullish(),\n});\nexport type DependabotIncrementMetric = z.infer<typeof DependabotIncrementMetricSchema>;\n\nexport const DependabotMetricSchema = z.object({\n metric: z.string(),\n type: z.enum(['increment', 'gauge', 'distribution', 'histogram']),\n value: z.number().nullish(),\n values: z.number().array().nullish(),\n tags: z.record(z.string(), z.string()).nullish(),\n});\nexport type DependabotMetric = z.infer<typeof DependabotMetricSchema>;\n","import { zValidator } from '@hono/zod-validator';\nimport { Hono } from 'hono';\nimport { type ZodType, z } from 'zod';\nimport { logger } from '@/logger';\nimport type { DependabotCredential, DependabotJobConfig } from './job';\nimport {\n DependabotClosePullRequestSchema,\n DependabotCreatePullRequestSchema,\n DependabotDependencySubmissionSchema,\n DependabotIncrementMetricSchema,\n DependabotMarkAsProcessedSchema,\n DependabotMetricSchema,\n DependabotRecordCooldownMetaSchema,\n DependabotRecordEcosystemMetaSchema,\n DependabotRecordEcosystemVersionsSchema,\n DependabotRecordUpdateJobErrorSchema,\n DependabotRecordUpdateJobUnknownErrorSchema,\n DependabotRecordUpdateJobWarningSchema,\n DependabotUpdateDependencyListSchema,\n DependabotUpdatePullRequestSchema,\n} from './update';\n\nexport const DependabotRequestTypeSchema = z.enum([\n 'create_pull_request',\n 'update_pull_request',\n 'close_pull_request',\n 'record_update_job_error',\n 'record_update_job_warning',\n 'record_update_job_unknown_error',\n 'mark_as_processed',\n 'update_dependency_list',\n 'create_dependency_submission',\n 'record_ecosystem_versions',\n 'increment_metric',\n 'record_ecosystem_meta',\n 'record_cooldown_meta',\n 'record_metrics', // from the runner\n]);\nexport type DependabotRequestType = z.infer<typeof DependabotRequestTypeSchema>;\n\nexport const DependabotRequestSchema = z.discriminatedUnion('type', [\n z.object({ type: z.literal('create_pull_request'), data: DependabotCreatePullRequestSchema }),\n z.object({ type: z.literal('update_pull_request'), data: DependabotUpdatePullRequestSchema }),\n z.object({ type: z.literal('close_pull_request'), data: DependabotClosePullRequestSchema }),\n z.object({ type: z.literal('record_update_job_error'), data: DependabotRecordUpdateJobErrorSchema }),\n z.object({ type: z.literal('record_update_job_warning'), data: DependabotRecordUpdateJobWarningSchema }),\n z.object({ type: z.literal('record_update_job_unknown_error'), data: DependabotRecordUpdateJobUnknownErrorSchema }),\n z.object({ type: z.literal('mark_as_processed'), data: DependabotMarkAsProcessedSchema }),\n z.object({ type: z.literal('update_dependency_list'), data: DependabotUpdateDependencyListSchema }),\n z.object({ type: z.literal('create_dependency_submission'), data: DependabotDependencySubmissionSchema }),\n z.object({ type: z.literal('record_ecosystem_versions'), data: DependabotRecordEcosystemVersionsSchema }),\n z.object({ type: z.literal('record_ecosystem_meta'), data: DependabotRecordEcosystemMetaSchema.array() }),\n z.object({ type: z.literal('record_cooldown_meta'), data: DependabotRecordCooldownMetaSchema.array() }),\n z.object({ type: z.literal('increment_metric'), data: DependabotIncrementMetricSchema }),\n z.object({ type: z.literal('record_metrics'), data: DependabotMetricSchema.array() }), // from the runner\n]);\nexport type DependabotRequest = z.infer<typeof DependabotRequestSchema>;\n\nexport type DependabotTokenType = 'job' | 'credentials';\n\n/**\n * Function type for authenticating requests.\n * @param type - The type of authentication ('job' or 'credentials').\n * @param id - The ID of the dependabot job.\n * @param value - The authentication value (e.g., API key).\n * @returns A promise that resolves to a boolean indicating whether the authentication was successful.\n */\ntype AuthenticatorFunc = (type: DependabotTokenType, id: string, value: string) => Promise<boolean>;\n\n/**\n * Handler function for processing dependabot requests.\n * @param id - The ID of the dependabot job.\n * @param request - The dependabot request to handle.\n * @returns A promise that resolves to the result of handling the request.\n */\ntype HandlerFunc = (id: string, request: DependabotRequest) => Promise<boolean>;\n\n/**\n * Function for inspecting raw dependabot requests.\n * @param id - The ID of the dependabot job.\n * @param type - The type of dependabot request.\n * @param raw - The raw JSON data of the request.\n * @returns A promise that resolves when the operation is complete.\n */\ntype InspectRequestFunc = (id: string, type: DependabotRequestType, raw: unknown) => Promise<void>;\n\n/**\n * Function for getting a dependabot job config by ID.\n * @param id - The ID of the dependabot job.\n * @returns A promise that resolves to the dependabot job config, or undefined if not found.\n */\ntype GetJobFunc = (id: string) => Promise<DependabotJobConfig | undefined>;\n\n/**\n * Function for getting dependabot credentials by job ID.\n * @param id - The ID of the dependabot job.\n * @returns A promise that resolves to an array of dependabot credentials, or undefined if not found.\n */\ntype GetCredentialsFunc = (id: string) => Promise<DependabotCredential[] | undefined>;\n\nexport type CreateApiServerAppOptions = {\n /**\n * Base path for the endpoints.\n * @default `/api/update_jobs`\n */\n basePath?: string;\n\n /** Handler function for authenticating requests. */\n authenticate: AuthenticatorFunc;\n\n /** Function for getting a dependabot job by ID. */\n getJob: GetJobFunc;\n\n /** Function for getting dependabot credentials by job ID. */\n getCredentials: GetCredentialsFunc;\n\n /**\n * Optional function for inspecting raw dependabot requests.\n * Should only be used for troubleshooting.\n * */\n inspect?: InspectRequestFunc;\n\n /** Handler function for processing the operations. */\n handle: HandlerFunc;\n};\n\n/**\n * Creates an API server application for handling dependabot update jobs.\n * The endpoints in the server application have paths in the format: `/api/update_jobs/:id/{operation}`,\n * where `:id` is the job ID and `{operation}` is one of the defined operations e.g. `create_pull_request`.\n *\n * You should set the job endpoint URL in the job container to\n * `http://<host>:<port>/api/update_jobs/:id` where `<host>` and `<port>` are the host and port\n *\n * These endpoints are protected using the provided API key.\n * @param params - The parameters for creating the API server application.\n * @returns The created API server application.\n */\nexport function createApiServerApp({\n basePath = `/api/update_jobs`,\n authenticate,\n getJob,\n getCredentials,\n inspect,\n handle,\n}: CreateApiServerAppOptions): Hono {\n // Setup app with base path and middleware\n const app = new Hono().basePath(basePath);\n\n // Handle endpoints:\n // - POST request to /create_pull_request\n // - POST request to /update_pull_request\n // - POST request to /close_pull_request\n // - POST request to /record_update_job_error\n // - POST request to /record_update_job_warning\n // - POST request to /record_update_job_unknown_error\n // - PATCH request to /mark_as_processed\n // - POST request to /update_dependency_list\n // - POST request to /create_dependency_submission\n // - POST request to /record_ecosystem_versions\n // - POST request to /record_ecosystem_meta\n // - POST request to /increment_metric\n\n function operation<T extends ZodType>(type: DependabotRequestType, schema: T, method?: string) {\n app.on(\n method || 'post',\n `/:id/${type}`,\n zValidator('param', z.object({ id: z.string() })),\n async (context, next) => {\n /**\n * Do not authenticate in scenarios where the server is not using HTTPS because the\n * dependabot proxy will not send the job token over HTTP, yet trying to get HTTPS to work\n * with localhost (self-signed certs) against docker (host.docker.internal) is complicated.\n */\n const url = new URL(context.req.url);\n const isHTTPS = url.protocol === 'https:';\n const { id } = context.req.valid('param');\n if (isHTTPS) {\n const value = context.req.header('Authorization');\n if (!value) return context.body(null, 401);\n const valid = await authenticate('job', id, value);\n if (!valid) return context.body(null, 403);\n } else {\n logger.trace(`Skipping authentication because it is not secure ${context.req.url}`);\n }\n\n // if inspection is provided, call it with the raw request data\n if (inspect) {\n await inspect(id, type, await context.req.json());\n }\n\n await next();\n },\n zValidator('json', z.object({ data: schema })),\n async (context) => {\n const { id } = context.req.valid('param');\n const { data } = context.req.valid('json') as { data: z.infer<typeof schema> };\n // biome-ignore lint/suspicious/noExplicitAny: generic\n const success: boolean = await handle(id, { type, data: data as any });\n return context.body(null, success ? 204 : 400);\n },\n );\n }\n\n operation('create_pull_request', DependabotCreatePullRequestSchema);\n operation('update_pull_request', DependabotUpdatePullRequestSchema);\n operation('close_pull_request', DependabotClosePullRequestSchema);\n operation('record_update_job_error', DependabotRecordUpdateJobErrorSchema);\n operation('record_update_job_warning', DependabotRecordUpdateJobWarningSchema);\n operation('record_update_job_unknown_error', DependabotRecordUpdateJobUnknownErrorSchema);\n operation('mark_as_processed', DependabotMarkAsProcessedSchema, 'patch');\n operation('update_dependency_list', DependabotUpdateDependencyListSchema);\n operation('create_dependency_submission', DependabotDependencySubmissionSchema);\n operation('record_ecosystem_versions', DependabotRecordEcosystemVersionsSchema);\n operation('record_ecosystem_meta', DependabotRecordEcosystemMetaSchema.array());\n operation('record_cooldown_meta', DependabotRecordCooldownMetaSchema.array());\n operation('increment_metric', DependabotIncrementMetricSchema);\n operation('record_metrics', DependabotMetricSchema.array()); // from the runner\n\n // Handle endpoints:\n // - GET request to /details\n // - GET request to /credentials\n app.on(\n 'get',\n '/:id/details',\n zValidator('param', z.object({ id: z.string() })),\n async (context, next) => {\n const { id } = context.req.valid('param');\n const value = context.req.header('Authorization');\n if (!value) return context.body(null, 401);\n const valid = await authenticate('job', id, value);\n if (!valid) return context.body(null, 403);\n await next();\n },\n async (context) => {\n const { id } = context.req.valid('param');\n const job = await getJob(id);\n if (!job) return context.body(null, 204);\n return context.json(job);\n },\n );\n app.on(\n 'get',\n '/:id/credentials',\n zValidator('param', z.object({ id: z.string() })),\n async (context, next) => {\n const { id } = context.req.valid('param');\n const value = context.req.header('Authorization');\n if (!value) return context.body(null, 401);\n const valid = await authenticate('credentials', id, value);\n if (!valid) return context.body(null, 403);\n await next();\n },\n async (context) => {\n const { id } = context.req.valid('param');\n const credentials = await getCredentials(id);\n if (!credentials) return context.body(null, 204);\n return context.json(credentials);\n },\n );\n\n return app;\n}\n","import type { DependabotDependency, DependabotExistingGroupPR, DependabotPersistedPr } from './job';\nimport type { DependabotClosePullRequest, DependabotCreatePullRequest } from './update';\n\nexport function normalizeFilePath(path: string): string {\n // Convert backslashes to forward slashes, convert './' => '/' and ensure the path starts with a forward slash if it doesn't already, this is how DevOps paths are formatted\n return path\n ?.replace(/\\\\/g, '/')\n ?.replace(/^\\.\\//, '/')\n ?.replace(/^([^/])/, '/$1');\n}\n\nexport function normalizeBranchName(branch: string): string;\nexport function normalizeBranchName(branch?: string): string | undefined;\nexport function normalizeBranchName(branch?: string): string | undefined {\n // Strip the 'refs/heads/' prefix from the branch name, if present\n return branch?.replace(/^refs\\/heads\\//i, '');\n}\n\nexport function getDependencyNames(dependencies: DependabotPersistedPr): string[] {\n const deps = Array.isArray(dependencies) ? dependencies : dependencies.dependencies;\n return deps.map((dep) => dep['dependency-name']?.toString());\n}\n\nexport function areEqual(a: string[], b: string[]): boolean {\n if (a.length !== b.length) return false;\n return a.every((name) => b.includes(name));\n}\n\nexport function getPullRequestCloseReason(data: DependabotClosePullRequest): string | undefined {\n // The first dependency is the \"lead\" dependency in a multi-dependency update\n const leadDependencyName = data['dependency-names'][0];\n let reason: string | undefined;\n switch (data.reason) {\n case 'dependencies_changed':\n reason = `Looks like the dependencies have changed`;\n break;\n case 'dependency_group_empty':\n reason = `Looks like the dependencies in this group are now empty`;\n break;\n case 'dependency_removed':\n reason = `Looks like ${leadDependencyName} is no longer a dependency`;\n break;\n case 'up_to_date':\n reason = `Looks like ${leadDependencyName} is up-to-date now`;\n break;\n case 'update_no_longer_possible':\n reason = `Looks like ${leadDependencyName} can no longer be updated`;\n break;\n }\n if (reason && reason.length > 0) {\n reason += ', so this is no longer needed.';\n }\n return reason;\n}\n\nexport function getPullRequestDependencies(data: DependabotCreatePullRequest): DependabotPersistedPr {\n const dependencies = data.dependencies?.map((dep) => {\n return {\n 'dependency-name': dep.name,\n 'dependency-version': dep.version,\n directory: dep.directory,\n };\n });\n const dependencyGroupName = data['dependency-group']?.name;\n if (!dependencyGroupName) return dependencies;\n return {\n 'dependency-group-name': dependencyGroupName,\n dependencies: dependencies,\n } as DependabotExistingGroupPR;\n}\n\nexport function getPullRequestDescription({\n packageManager,\n body,\n dependencies,\n maxDescriptionLength,\n}: {\n packageManager: string;\n body: string | null | undefined;\n dependencies: DependabotDependency[];\n maxDescriptionLength?: number;\n}): string {\n let header = '';\n const footer = '';\n\n // Fix up GitHub mentions encoding issues by removing instances of the zero-width space '\\u200B' as it does not render correctly in Azure DevOps.\n // https://github.com/dependabot/dependabot-core/issues/9572\n // https://github.com/dependabot/dependabot-core/blob/313fcff149b3126cb78b38d15f018907d729f8cc/common/lib/dependabot/pull_request_creator/message_builder/link_and_mention_sanitizer.rb#L245-L252\n const description = (body || '').replace(new RegExp(decodeURIComponent('%EF%BF%BD%EF%BF%BD%EF%BF%BD'), 'g'), '');\n\n // If there is exactly one dependency, add a compatibility score badge to the description header.\n // Compatibility scores are intended for single dependency security updates, not group updates.\n // https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores\n if (dependencies.length === 1) {\n const compatibilityScoreBadges = dependencies.map((dep) => {\n return `![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=${dep.name}&package-manager=${packageManager}&previous-version=${dep['previous-version']}&new-version=${dep.version})`;\n });\n header += `${compatibilityScoreBadges.join(' ')}\\n\\n`;\n }\n\n // Build the full pull request description.\n // The header/footer must not be truncated.\n // If the description is too long and a max length is provided, we truncate the body.\n if (maxDescriptionLength) {\n const maxDescriptionLengthAfterHeaderAndFooter = maxDescriptionLength - header.length - footer.length;\n return `${header}${description.substring(0, maxDescriptionLengthAfterHeaderAndFooter)}${footer}`;\n }\n return `${header}${description}${footer}`;\n}\n"],"mappings":";;;;;;;;AAKA,MAAa,kCAAkC;AAC/C,MAAa,iCAAiC;;;;ACE9C,SAAgB,uBAAuB,EACrC,kBACA,kBACA,WACA,qBACA,cACA,YAAY,OAQH;CAIT,IAAIA;AAEJ,KADiC,uBAAuB,aAAa,SAAS,GAChD;EAG5B,MAAM,mBAAmB,OACtB,WAAW,MAAM,CACjB,OAAO,aAAa,KAAK,MAAM,GAAG,EAAE,mBAAmB,GAAG,EAAE,wBAAwB,CAAC,KAAK,IAAI,CAAC,CAC/F,OAAO,MAAM,CACb,UAAU,GAAG,GAAG;AACnB,eAAa,GAAG,uBAAuB,QAAQ,GAAG;OAUlD,cAAa,GANW,aACrB,KAAK,MAAM,EAAE,mBAAmB,CAChC,KAAK,QAAQ,CACb,QAAQ,UAAU,IAAI,CACtB,QAAQ,MAAM,GAAG,CAEY,GADV,aAAa,IAAI,UAAU,YAAY,aAAa,KAAK;AAIjF,QAAO,YACL;EACE;EACA;EACA;EAEA,YACI,UACG,MAAM,IAAI,CACV,QAAQ,SAAS,KAAK,SAAS,EAAE,CACjC,KAAK,UAAU,GAClB;EACJ;EACD,EACD,UACD;;AAGH,SAAgB,YAAY,UAAkC,WAA2B;AAOvF,QACE,SAEG,QAAQ,MAAM,KAAK,EAAE,MAAM,CAAC,SAAS,EAAE,CACvC,KAAK,UAAU,CAEf,QAAQ,0BAA0B,GAAG,CAErC,QAAQ,SAAS,QAAQ,CAEzB,QAAQ,QAAQ,IAAI,CACpB,QAAQ,QAAQ,IAAI,CAEpB,QAAQ,OAAO,GAAG;;;;;AClFzB,MAAaC,sBAA6C;CACxD,6BAA6B;CAC7B,mCAAmC;CACnC,gBAAgB;CAChB,gCAAgC;CAChC,mCAAmC;CACnC,iCAAiC;CACjC,gCAAgC;CAChC,oCAAoC;CACpC,yCAAyC;CACzC,wCAAwC;CACxC,mCAAmC;CACnC,wCAAwC;CACxC,8CAA8C;CAC9C,6CAA6C;CAC7C,mCAAmC;CACnC,6CAA6C;CAC7C,2BAA2B;CAC3B,oDAAoD;CACpD,gCAAgC;CAChC,2BAA2B;CAC3B,4BAA4B;CAC5B,2BAA2B;CAC3B,kCAAkC;CAClC,kCAAkC;CACnC;;;;;;AAOD,SAAgB,iBAAiB,KAAiD;AAChF,QAAO,KACH,MAAM,IAAI,CACX,QAAQ,UAAU,MAAM,MAAM,KAAK,GAAG,CACtC,QAAQ,KAAK,QAAQ;EACpB,MAAM,CAAC,KAAK,SAAS,IAAI,MAAM,KAAK,EAAE;AACtC,MAAI,OAAQ,SAAS;AACrB,SAAO;IACN,EAAE,CAA0B;;;;;;;;;;AAWnC,SAAgB,cACd,aACA,MACA,QAA0B,MACH;AACvB,QAAO;EACL,GAAI,eAAe,EAAE;GAGpB,OAAO;EACT;;;;;;;;ACxBH,IAAa,uBAAb,MAAkC;CAChC,AAAiB;CACjB,AAAiB;CACjB,AAAiB;CACjB,AAAiB;CAEjB,AAAiB;CACjB,AAAiB;CACjB,AAAiB;CAEjB,YAAY,EACV,QACA,QACA,QACA,kBACA,mBACA,aACA,aACA,SAWC;AACD,OAAK,SAAS;AACd,OAAK,SAAS;AACd,OAAK,QAAQ;AAEb,OAAK,cAAc,cAAc,aAAa,0BAA0B,OAAO,0BAA0B;AAEzG,OAAK,iBAAiB,oCAAoC,OAAO,qBAAqB;AACtF,OAAK,SAAS,yCAAyC,QAAQ,OAAO;AACtE,OAAK,cAAc,eAAe;GAChC,gBAAgB,OAAO;GACvB;GACA;GACA;GACA,YAAY,OAAO;GACpB,CAAC;;;;;CAMJ,AAAO,oBAAoB,EACzB,IACA,WAI6B;AAC7B,SAAO;GACL,KAAK;IACC;IACK;IACT,mBAAmB,KAAK;IACxB,2BAA2B;IAC3B,cAAc;IACd,mBAAmB,CAAC;KAAE,mBAAmB;KAAU,eAAe;KAAO,CAAC;IAC1E,qBAAqB,CAAC,EAAE,mBAAmB,KAAK,CAAC;IACjD,yBAAyB;IACzB,uBAAuB,EAAE;IACzB,QAAQ,KAAK;IACb,0BAA0B;IAC1B,0BAA0B,EAAE;IAC5B,gCAAgC,EAAE;IAClC,aAAa,KAAK;IAClB,gCAAgC;IAChC,iBAAiB;IACjB,0BAA0B;KACxB,QAAQ;KACR,sBAAsB;KACtB,iBAAiB;KAClB;IACD,uBAAuB;IACvB,gBAAgB;IAChB,OAAO,KAAK;IACb;GACD,aAAa,KAAK;GACnB;;;;;CAMH,AAAO,UAAU,EACf,IACA,SACA,yBACA,sBACA,qBACA,2BAQ6B;EAC7B,MAAM,qBAAqB,KAAK,OAAO,gCAAgC;EAEvE,IAAIC;EACJ,IAAIC,4BAA2C;EAC/C,IAAIC;EACJ,IAAIC;AAEJ,MAAI,qBAAqB;AACvB,yBAAsB;AACtB,+BAA4B,MAAM,QAAQ,oBAAoB,GAC1D,OACA,oBAAoB;AACxB,4BACE,MAAM,QAAQ,oBAAoB,GAAG,sBAAsB,oBAAoB,eAC9E,KAAK,MAAM,EAAE,mBAAmB;AACnC,qBAAkB,yBAAyB,QAAQ,MAAM,uBAAuB,SAAS,EAAE,QAAQ,KAAK,CAAC;SACpG;AACL,yBAAsB;GACtB,MAAM,QAAQ,yBAAyB,SAAS,0BAA0B;AAC1E,2BACE,sBAAsB,QAClB,OAAO,QAAQ,MAAM,yBAAyB,MAAM,MAAM,EAAE,QAAQ,SAAS,EAAE,CAAC,GAChF;AACN,qBAAkB;;AAGpB,SAAO;GACL,KAAK;IACC;IACK;IACT,mBAAmB,KAAK;IACxB,2BAA2B,uBAAuB;IAClD,+BAA+B;IAC/B,qBAAqB,yCAAyC,KAAK,OAAO,OAAO;IACjF,cAAc;IACd,mBAAmB,iDAAiD,KAAK,OAAO,OAAO,mBAAmB;IAC1G,qBAAqB,mDAAmD,KAAK,OAAO,OAAO;IAC3F,yBAAyB;IACzB,uBAAuB,sBAAsB,gBAAgB;IAC7D,QAAQ,KAAK;IACb,0BAA0B;IAC1B,0BAA0B,qBAAqB,QAAQ,OAAO,MAAM,QAAQ,GAAG,CAAC;IAChF,gCAAgC,qBAAqB,QAClD,OAAwC,CAAC,MAAM,QAAQ,GAAG,CAC5D;IACD,0BAA0B;KACxB,QAAQ,KAAK,OAAO,mBAAmB,UAAU;KACjD,sBAAsB,KAAK,OAAO,oBAAoB,yBAAyB;KAC/E,iBACE,KAAK,OAAO,mBAAmB,SAAS,mBAAmB,EAAE,MAAM,KAAK,UAAU,OAAO;KAC5F;IACD,UAAU,KAAK,OAAO;IACtB,aAAa,eAAe,KAAK,YAAY;IAC7C,wBACE,KAAK,OAAO,qCAAqC,mBAAmB,EAAE,MAAM,KAAK;IACnF,gCAAgC,+CAC9B,KAAK,OAAO,uBACb;IACD,iBAAiB,KAAK,OAAO,2BAA2B;IACxD,uBAAuB,KAAK,OAAO,UAAU;IAC7C,gBAAgB;IAChB,OAAO,KAAK;IACZ,2CAA2C;IAC3C,wBAAwB;IACxB,0BAA0B,KAAK,OAAO,6BAA6B;IAMnE,0BAA0B;IAC1B,iBAAiB,KAAK,OAAO;IAC9B;GACD,aAAa,KAAK;GACnB;;;AAIL,SAAgB,oCAAoC,WAAuD;AAIzG,SAAQ,WAAR;EACE,KAAK,iBACH,QAAO;EACT,KAAK,aACH,QAAO;EACT,KAAK,iBACH,QAAO;EACT,KAAK,eACH,QAAO;EACT,KAAK,QACH,QAAO;EACT,KAAK,MACH,QAAO;EACT,KAAK,MACH,QAAO;EAET,KAAK,SACH,QAAO;EACT,KAAK,cACH,QAAO;EACT,KAAK,SACH,QAAO;EACT,KAAK,OACH,QAAO;EACT,KAAK,iBACH,QAAO;EACT,KAAK,OACH,QAAO;EACT,QACE,QAAO;;;AAIb,SAAgB,yCACd,QACA,QACkB;AAClB,QAAO;EACL,UAAU,OAAO;EACjB,gBAAgB,OAAO;EACvB,UAAU,OAAO;EACjB,MAAM,OAAO;EACb,QAAQ,OAAO;EACf,QAAQ;EACR,WAAW,OAAO;EAClB,aAAa,OAAO;EACrB;;AAGH,SAAgB,+CAA+C,UAA8C;AAC3G,KAAI,CAAC,SAAU,QAAO;AACtB,SAAQ,UAAR;EACE,KAAK,OACH,QAAO;EACT,KAAK,WACH,QAAO;EACT,KAAK,wBACH,QAAO;EACT,KAAK,gBACH,QAAO;EACT,KAAK,QACH,QAAO;EACT,QACE,OAAM,IAAI,MAAM,uDAAuD,SAAS,GAAG;;;AAIzF,SAAgB,yCACd,kBACsB;AACtB,KAAI,CAAC,oBAAoB,CAAC,OAAO,KAAK,iBAAiB,CAAC,OAAQ,QAAO,EAAE;AACzE,QAAO,OAAO,KAAK,iBAAiB,CACjC,QAAQ,SAAS,iBAAiB,MAAM,CACxC,KAAK,SAAS;EACb,MAAM,QAAQ,iBAAiB;AAC/B,SAAO;GACC;GACN,cAAc,MAAM;GACpB,OAAO;IACL,UAAU,MAAM,UAAU,SAAS,MAAM,WAAW,CAAC,IAAI;IACzD,oBAAoB,MAAM;IAC1B,mBAAmB,MAAM;IACzB,gBAAgB,MAAM;IACvB;GACF;GACD;;AAGN,SAAgB,iDACd,gBACA,oBACqB;AAIrB,KAAI,CAAC,eACH,QAAO,CACL;EACE,mBAAmB;EACnB,eAAe,qBAAqB,aAAa;EAClD,CACF;AAEH,QAAO,eAAe,KAAK,UAAU;AACnC,SAAO;GACL,mBAAmB,MAAM;GACzB,mBAAmB,MAAM;GACzB,eAAe,MAAM;GACtB;GACD;;AAGJ,SAAgB,mDACd,kBACuB;AACvB,KAAI,CAAC,iBAAkB,QAAO,EAAE;AAChC,QAAO,iBAAiB,KAAK,WAAW;AACtC,SAAO;GACL,QAAQ,OAAO;GACf,cAAc,OAAO;GACrB,mBAAmB,OAAO,sBAAsB;GAChD,gBAAgB,OAAO;GAIvB,uBAAuB,MAAM,QAAQ,OAAO,SAAS,GAAc,OAAO,UAAW,KAAK,KAAK,GAAG,OAAO;GAC1G;GACD;;AAGJ,SAAgB,eAAe,aAA4D;AACzF,iBAAgB,EAAE;AAClB,QAAO,OAAO,KAAK,YAAY,CAAC,QAAQ,KAAK,QAAQ;EAGnD,MAAM,QAAQ,YAAY;AAC1B,MAAI,OAAO,UAAU,YAAY,OAAO,mBAAmB,KAAK,OAC9D,KAAI,OAAO;WACF,OAAO,UAAU,YAAY,OAAO,mBAAmB,KAAK,QACrE,KAAI,OAAO;WAEP,OAAO,UAAU,YAAY,OAAO,UAAU,UAAW,KAAI,OAAO;AAE1E,SAAO;IACN,EAAE,CAA0B;;AAGjC,SAAgB,sBAAsB,yBAAiF;AACrH,KAAI,CAAC,wBAAyB,QAAO,EAAE;CAIvC,MAAM,mEAAmD,IAAI,KAAsC;AACnG,MAAK,MAAM,QAAQ,yBAAyB;EAC1C,MAAM,MAAM,GAAG,KAAK,QAAQ,KAAK,GAAG,KAAK,SAAS,YAAY,KAAK,MAAM,GAAG,EAAE,KAAK,GAAG,EAAE,QAAQ,CAAC,KAAK,IAAI;AAC1G,MAAI,CAAC,iDAAiD,IAAI,IAAI,CAC5D,kDAAiD,IAAI,KAAK,EAAE,CAAC;AAE/D,mDAAiD,IAAI,IAAI,CAAE,KAAK,KAAK;;AAEvE,QAAO,MAAM,KAAK,iDAAiD,QAAQ,CAAC,CAAC,KAAK,UAAU;AAC1F,SAAO;GACL,mBAAmB,MAAM,GAAI,QAAQ;GACrC,qBAAqB,MAAM,KAAK,MAAM,EAAE,uBAAuB,CAAC,QAAQ,MAAM,KAAK,EAAE,SAAS,EAAE;GAChG,oBAAoB,MACjB,KAAK,MAAM,EAAE,qBAAqB,WAAW,CAC7C,QAAQ,MAAM,KAAK,EAAE,SAAS,EAAE,CAChC,KAAK,MAAM,EAAG;GACjB,uBAAuB,EAAE;GAC1B;GACD;;AAGJ,SAAgB,eAAe,EAC7B,gBACA,kBACA,mBACA,aACA,cAOyB;CACzB,MAAM,cAAc,EAAE;AAGtB,KAAI,kBACF,aAAY,KAAK;EACf,MAAM;EACN,MAAM;EACN,WAAW,oBAAoB,IAAI,MAAM,EAAE,SAAS,IAAI,mBAAmB;EAC3E,UAAU;EACX,CAAC;AAIJ,KAAI,YACF,aAAY,KAAK;EACf,MAAM;EACN,MAAM;EACN,UAAU;EACV,UAAU;EACX,CAAC;AAEJ,KAAI,WAIF,aAAY,KAAK,GAAG,OAAO,OAAO,WAAW,CAAC;AAGhD,QAAO;;;;;ACvbT,MAAa,iCAAiC,EAAE,OAAO;CAErD,SAAS,EAAE,QAAQ,CAAC,SAAS;CAC7B,kBAAkB,EACf,KAAK;EACJ;EACA;EAEA;EACD,CAAC,CACD,SAAS;CACZ,SAAS,EAAE,SAAS,CAAC,SAAS;CAC9B,WAAW,EAAE,QAAQ;CACrB,MAAM,EAAE,QAAQ;CAChB,WAAW,EAAE,KAAK;EAAC;EAAU;EAAU;EAAS,CAAC;CACjD,cAAc,EAAE,SAAS,CAAC,SAAS;CACnC,eAAe,EAAE,SAAS,CAAC,SAAS;CACpC,gBAAgB,EAAE,QAAQ,CAAC,SAAS;CACpC,MAAM,EAAE,QAAQ,CAAC,SAAS;CAC1B,MAAM,EACH,KAAK;EACJ,YAAY;EACZ,MAAM;EACN,WAAW;EACX,WAAW;EACX,SAAS;EACV,CAAC,CACD,GAAG,EAAE,QAAQ,CAAC,CACd,SAAS;CACb,CAAC;AAGF,MAAa,uCAAuC,EAAE,OAAO;CAC3D,cAAc,2BAA2B,OAAO;CAChD,kBAAkB,EAAE,QAAQ,CAAC,OAAO,CAAC,SAAS;CAC/C,CAAC;AAGF,MAAa,uCAAuC,EAAE,OAAO;CAC3D,SAAS,EAAE,QAAQ;CACnB,KAAK,EAAE,QAAQ;CACf,KAAK,EAAE,QAAQ;CACf,KAAK,EAAE,OAAO;EACZ,YAAY,EAAE,QAAQ;EACtB,IAAI,EAAE,QAAQ;EACf,CAAC;CACF,UAAU,EAAE,OAAO;EACjB,MAAM,EAAE,QAAQ;EAChB,SAAS,EAAE,QAAQ;EACnB,KAAK,EAAE,QAAQ;EAChB,CAAC;CACF,WAAW,EAAE,OAAO;EAClB,MAAM,EAAE,QAAQ,CAAC,SAAS;EAC1B,MAAM,EAAE,OAAO,EAAE,iBAAiB,EAAE,QAAQ,EAAE,CAAC,CAAC,SAAS;EACzD,UAAU,EAAE,OAAO,EAAE,WAAW,gCAAgC,CAAC,CAAC,SAAS;EAC3E,UAAU,EACP,OAAO;GACN,aAAa,EAAE,QAAQ;GACvB,cAAc,EAAE,KAAK,CAAC,UAAU,WAAW,CAAC;GAC5C,OAAO,EAAE,KAAK,CAAC,WAAW,cAAc,CAAC;GACzC,cAAc,2BAA2B,OAAO;GACjD,CAAC,CACD,SAAS;EACb,CAAC;CACH,CAAC;AAGF,MAAa,oCAAoC,EAAE,OAAO;CACxD,mBAAmB,EAAE,QAAQ;CAC7B,cAAc,2BAA2B,OAAO;CAChD,4BAA4B,+BAA+B,OAAO;CAClE,YAAY,EAAE,QAAQ;CACtB,WAAW,EAAE,QAAQ,CAAC,SAAS;CAC/B,kBAAkB,EAAE,QAAQ;CAC5B,oBAAoB,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,KAAK,CAAC,CAAC,SAAS;CAC5D,CAAC;AAGF,MAAa,oCAAoC,EAAE,OAAO;CACxD,mBAAmB,EAAE,QAAQ;CAC7B,oBAAoB,EAAE,QAAQ,CAAC,OAAO;CACtC,4BAA4B,+BAA+B,OAAO;CAClE,YAAY,EAAE,QAAQ,CAAC,SAAS;CAChC,WAAW,EAAE,QAAQ,CAAC,SAAS;CAC/B,kBAAkB,EAAE,QAAQ,CAAC,SAAS;CACtC,oBAAoB,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,KAAK,CAAC,CAAC,SAAS;CAC5D,CAAC;AAGF,MAAa,uCAAuC,EAAE,KAAK;CACzD;CACA;CACA;CACA;CACA;CACD,CAAC;AAEF,MAAa,mCAAmC,EAAE,OAAO;CACvD,oBAAoB,EAAE,QAAQ,CAAC,OAAO;CACtC,QAAQ,qCAAqC,SAAS;CACvD,CAAC;AAGF,MAAa,kCAAkC,EAAE,OAAO,EACtD,mBAAmB,EAAE,QAAQ,CAAC,SAAS,EACxC,CAAC;AAGF,MAAa,2BAA2B,EAAE,OAAO;CAC/C,cAAc,EAAE,QAAQ;CACxB,iBAAiB,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,KAAK,CAAC,CAAC,SAAS;CACxD,SAAS,EAAE,SAAS,CAAC,SAAS;CAC/B,CAAC;AAGF,MAAa,uCAAuC,yBAAyB,OAAO,EAAE,CAAC;AAGvF,MAAa,yCAAyC,EAAE,OAAO;CAC7D,aAAa,EAAE,QAAQ;CACvB,cAAc,EAAE,QAAQ;CACxB,oBAAoB,EAAE,QAAQ;CAC/B,CAAC;AAGF,MAAa,8CAA8C,yBAAyB,OAAO,EAAE,CAAC;AAG9F,MAAa,0CAA0C,EAAE,OAAO,EAC9D,oBAAoB,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,KAAK,CAAC,CAAC,SAAS,EAC5D,CAAC;AAGF,MAAa,0CAA0C,EAAE,OAAO;CAC9D,MAAM,EAAE,QAAQ;CAChB,SAAS,EAAE,QAAQ;CACnB,aAAa,EAAE,QAAQ;CACvB,aAAa,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,KAAK,CAAC,CAAC,SAAS;CACrD,CAAC;AAGF,MAAa,gCAAgC,EAAE,OAAO;CACpD,MAAM,EAAE,QAAQ;CAChB,iBAAiB,wCAAwC,SAAS;CAClE,UAAU,wCAAwC,SAAS;CAC3D,SAAS,wCAAwC,SAAS;CAC3D,CAAC;AAGF,MAAa,sCAAsC,EAAE,OAAO,EAC1D,WAAW,+BACZ,CAAC;AAGF,MAAa,qCAAqC,EAAE,OAAO,EACzD,UAAU,EAAE,OAAO;CACjB,gBAAgB;CAChB,QAAQ,EAAE,OAAO;EACf,cAAc,EAAE,QAAQ;EACxB,mBAAmB,EAAE,QAAQ;EAC7B,mBAAmB,EAAE,QAAQ;EAC7B,mBAAmB,EAAE,QAAQ;EAC9B,CAAC;CACH,CAAC,EACH,CAAC;AAGF,MAAa,kCAAkC,EAAE,OAAO;CACtD,QAAQ,EAAE,QAAQ;CAClB,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,KAAK,CAAC,CAAC,SAAS;CAC9C,CAAC;AAGF,MAAa,yBAAyB,EAAE,OAAO;CAC7C,QAAQ,EAAE,QAAQ;CAClB,MAAM,EAAE,KAAK;EAAC;EAAa;EAAS;EAAgB;EAAY,CAAC;CACjE,OAAO,EAAE,QAAQ,CAAC,SAAS;CAC3B,QAAQ,EAAE,QAAQ,CAAC,OAAO,CAAC,SAAS;CACpC,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,QAAQ,CAAC,CAAC,SAAS;CACjD,CAAC;;;;AClKF,MAAa,8BAA8B,EAAE,KAAK;CAChD;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACD,CAAC;AAGF,MAAa,0BAA0B,EAAE,mBAAmB,QAAQ;CAClE,EAAE,OAAO;EAAE,MAAM,EAAE,QAAQ,sBAAsB;EAAE,MAAM;EAAmC,CAAC;CAC7F,EAAE,OAAO;EAAE,MAAM,EAAE,QAAQ,sBAAsB;EAAE,MAAM;EAAmC,CAAC;CAC7F,EAAE,OAAO;EAAE,MAAM,EAAE,QAAQ,qBAAqB;EAAE,MAAM;EAAkC,CAAC;CAC3F,EAAE,OAAO;EAAE,MAAM,EAAE,QAAQ,0BAA0B;EAAE,MAAM;EAAsC,CAAC;CACpG,EAAE,OAAO;EAAE,MAAM,EAAE,QAAQ,4BAA4B;EAAE,MAAM;EAAwC,CAAC;CACxG,EAAE,OAAO;EAAE,MAAM,EAAE,QAAQ,kCAAkC;EAAE,MAAM;EAA6C,CAAC;CACnH,EAAE,OAAO;EAAE,MAAM,EAAE,QAAQ,oBAAoB;EAAE,MAAM;EAAiC,CAAC;CACzF,EAAE,OAAO;EAAE,MAAM,EAAE,QAAQ,yBAAyB;EAAE,MAAM;EAAsC,CAAC;CACnG,EAAE,OAAO;EAAE,MAAM,EAAE,QAAQ,+BAA+B;EAAE,MAAM;EAAsC,CAAC;CACzG,EAAE,OAAO;EAAE,MAAM,EAAE,QAAQ,4BAA4B;EAAE,MAAM;EAAyC,CAAC;CACzG,EAAE,OAAO;EAAE,MAAM,EAAE,QAAQ,wBAAwB;EAAE,MAAM,oCAAoC,OAAO;EAAE,CAAC;CACzG,EAAE,OAAO;EAAE,MAAM,EAAE,QAAQ,uBAAuB;EAAE,MAAM,mCAAmC,OAAO;EAAE,CAAC;CACvG,EAAE,OAAO;EAAE,MAAM,EAAE,QAAQ,mBAAmB;EAAE,MAAM;EAAiC,CAAC;CACxF,EAAE,OAAO;EAAE,MAAM,EAAE,QAAQ,iBAAiB;EAAE,MAAM,uBAAuB,OAAO;EAAE,CAAC;CACtF,CAAC;;;;;;;;;;;;;AAmFF,SAAgB,mBAAmB,EACjC,WAAW,oBACX,cACA,QACA,gBACA,SACA,UACkC;CAElC,MAAM,MAAM,IAAI,MAAM,CAAC,SAAS,SAAS;CAgBzC,SAAS,UAA6B,MAA6B,QAAW,QAAiB;AAC7F,MAAI,GACF,UAAU,QACV,QAAQ,QACR,WAAW,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC,EACjD,OAAO,SAAS,SAAS;GAOvB,MAAM,UADM,IAAI,IAAI,QAAQ,IAAI,IAAI,CAChB,aAAa;GACjC,MAAM,EAAE,OAAO,QAAQ,IAAI,MAAM,QAAQ;AACzC,OAAI,SAAS;IACX,MAAM,QAAQ,QAAQ,IAAI,OAAO,gBAAgB;AACjD,QAAI,CAAC,MAAO,QAAO,QAAQ,KAAK,MAAM,IAAI;AAE1C,QAAI,CADU,MAAM,aAAa,OAAO,IAAI,MAAM,CACtC,QAAO,QAAQ,KAAK,MAAM,IAAI;SAE1C,QAAO,MAAM,oDAAoD,QAAQ,IAAI,MAAM;AAIrF,OAAI,QACF,OAAM,QAAQ,IAAI,MAAM,MAAM,QAAQ,IAAI,MAAM,CAAC;AAGnD,SAAM,MAAM;KAEd,WAAW,QAAQ,EAAE,OAAO,EAAE,MAAM,QAAQ,CAAC,CAAC,EAC9C,OAAO,YAAY;GACjB,MAAM,EAAE,OAAO,QAAQ,IAAI,MAAM,QAAQ;GACzC,MAAM,EAAE,SAAS,QAAQ,IAAI,MAAM,OAAO;GAE1C,MAAMC,UAAmB,MAAM,OAAO,IAAI;IAAE;IAAY;IAAa,CAAC;AACtE,UAAO,QAAQ,KAAK,MAAM,UAAU,MAAM,IAAI;IAEjD;;AAGH,WAAU,uBAAuB,kCAAkC;AACnE,WAAU,uBAAuB,kCAAkC;AACnE,WAAU,sBAAsB,iCAAiC;AACjE,WAAU,2BAA2B,qCAAqC;AAC1E,WAAU,6BAA6B,uCAAuC;AAC9E,WAAU,mCAAmC,4CAA4C;AACzF,WAAU,qBAAqB,iCAAiC,QAAQ;AACxE,WAAU,0BAA0B,qCAAqC;AACzE,WAAU,gCAAgC,qCAAqC;AAC/E,WAAU,6BAA6B,wCAAwC;AAC/E,WAAU,yBAAyB,oCAAoC,OAAO,CAAC;AAC/E,WAAU,wBAAwB,mCAAmC,OAAO,CAAC;AAC7E,WAAU,oBAAoB,gCAAgC;AAC9D,WAAU,kBAAkB,uBAAuB,OAAO,CAAC;AAK3D,KAAI,GACF,OACA,gBACA,WAAW,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC,EACjD,OAAO,SAAS,SAAS;EACvB,MAAM,EAAE,OAAO,QAAQ,IAAI,MAAM,QAAQ;EACzC,MAAM,QAAQ,QAAQ,IAAI,OAAO,gBAAgB;AACjD,MAAI,CAAC,MAAO,QAAO,QAAQ,KAAK,MAAM,IAAI;AAE1C,MAAI,CADU,MAAM,aAAa,OAAO,IAAI,MAAM,CACtC,QAAO,QAAQ,KAAK,MAAM,IAAI;AAC1C,QAAM,MAAM;IAEd,OAAO,YAAY;EACjB,MAAM,EAAE,OAAO,QAAQ,IAAI,MAAM,QAAQ;EACzC,MAAM,MAAM,MAAM,OAAO,GAAG;AAC5B,MAAI,CAAC,IAAK,QAAO,QAAQ,KAAK,MAAM,IAAI;AACxC,SAAO,QAAQ,KAAK,IAAI;GAE3B;AACD,KAAI,GACF,OACA,oBACA,WAAW,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC,EACjD,OAAO,SAAS,SAAS;EACvB,MAAM,EAAE,OAAO,QAAQ,IAAI,MAAM,QAAQ;EACzC,MAAM,QAAQ,QAAQ,IAAI,OAAO,gBAAgB;AACjD,MAAI,CAAC,MAAO,QAAO,QAAQ,KAAK,MAAM,IAAI;AAE1C,MAAI,CADU,MAAM,aAAa,eAAe,IAAI,MAAM,CAC9C,QAAO,QAAQ,KAAK,MAAM,IAAI;AAC1C,QAAM,MAAM;IAEd,OAAO,YAAY;EACjB,MAAM,EAAE,OAAO,QAAQ,IAAI,MAAM,QAAQ;EACzC,MAAM,cAAc,MAAM,eAAe,GAAG;AAC5C,MAAI,CAAC,YAAa,QAAO,QAAQ,KAAK,MAAM,IAAI;AAChD,SAAO,QAAQ,KAAK,YAAY;GAEnC;AAED,QAAO;;;;;AClQT,SAAgB,kBAAkB,MAAsB;AAEtD,QAAO,MACH,QAAQ,OAAO,IAAI,EACnB,QAAQ,SAAS,IAAI,EACrB,QAAQ,WAAW,MAAM;;AAK/B,SAAgB,oBAAoB,QAAqC;AAEvE,QAAO,QAAQ,QAAQ,mBAAmB,GAAG;;AAG/C,SAAgB,mBAAmB,cAA+C;AAEhF,SADa,MAAM,QAAQ,aAAa,GAAG,eAAe,aAAa,cAC3D,KAAK,QAAQ,IAAI,oBAAoB,UAAU,CAAC;;AAG9D,SAAgB,SAAS,GAAa,GAAsB;AAC1D,KAAI,EAAE,WAAW,EAAE,OAAQ,QAAO;AAClC,QAAO,EAAE,OAAO,SAAS,EAAE,SAAS,KAAK,CAAC;;AAG5C,SAAgB,0BAA0B,MAAsD;CAE9F,MAAM,qBAAqB,KAAK,oBAAoB;CACpD,IAAIC;AACJ,SAAQ,KAAK,QAAb;EACE,KAAK;AACH,YAAS;AACT;EACF,KAAK;AACH,YAAS;AACT;EACF,KAAK;AACH,YAAS,cAAc,mBAAmB;AAC1C;EACF,KAAK;AACH,YAAS,cAAc,mBAAmB;AAC1C;EACF,KAAK;AACH,YAAS,cAAc,mBAAmB;AAC1C;;AAEJ,KAAI,UAAU,OAAO,SAAS,EAC5B,WAAU;AAEZ,QAAO;;AAGT,SAAgB,2BAA2B,MAA0D;CACnG,MAAM,eAAe,KAAK,cAAc,KAAK,QAAQ;AACnD,SAAO;GACL,mBAAmB,IAAI;GACvB,sBAAsB,IAAI;GAC1B,WAAW,IAAI;GAChB;GACD;CACF,MAAM,sBAAsB,KAAK,qBAAqB;AACtD,KAAI,CAAC,oBAAqB,QAAO;AACjC,QAAO;EACL,yBAAyB;EACX;EACf;;AAGH,SAAgB,0BAA0B,EACxC,gBACA,MACA,cACA,wBAMS;CACT,IAAI,SAAS;CACb,MAAM,SAAS;CAKf,MAAM,eAAe,QAAQ,IAAI,QAAQ,IAAI,OAAO,mBAAmB,8BAA8B,EAAE,IAAI,EAAE,GAAG;AAKhH,KAAI,aAAa,WAAW,GAAG;EAC7B,MAAM,2BAA2B,aAAa,KAAK,QAAQ;AACzD,UAAO,wHAAwH,IAAI,KAAK,mBAAmB,eAAe,oBAAoB,IAAI,oBAAoB,eAAe,IAAI,QAAQ;IACjP;AACF,YAAU,GAAG,yBAAyB,KAAK,IAAI,CAAC;;AAMlD,KAAI,sBAAsB;EACxB,MAAM,2CAA2C,uBAAuB,OAAO,SAAS;AACxF,SAAO,GAAG,SAAS,YAAY,UAAU,GAAG,yCAAyC,GAAG;;AAE1F,QAAO,GAAG,SAAS,cAAc"}

package/dist/github/index.mjs CHANGED Viewed

@@ -1,4 +1,4 @@
-import { n as logger } from "../logger-5PEqZVLr.mjs";
+import { n as logger } from "../logger-3Qfh9NUj.mjs";
 import { z } from "zod";
 import { Octokit } from "octokit";
 import * as semver from "semver";

package/dist/{index-Byxjhvfz.d.mts → index-CjxvO_Pt.d.mts} RENAMED Viewed

@@ -114,10 +114,10 @@ declare const DependabotAllowConditionSchema: z.ZodObject<{
   'dependency-name': z.ZodOptional<z.ZodString>;
   'dependency-type': z.ZodOptional<z.ZodEnum<{
     production: "production";
+    all: "all";
     development: "development";
     direct: "direct";
     indirect: "indirect";
-    all: "all";
   }>>;
   'update-type': z.ZodOptional<z.ZodEnum<{
     all: "all";
@@ -279,10 +279,10 @@ declare const DependabotUpdateSchema: z.ZodPipe<z.ZodObject<{
     'dependency-name': z.ZodOptional<z.ZodString>;
     'dependency-type': z.ZodOptional<z.ZodEnum<{
       production: "production";
+      all: "all";
       development: "development";
       direct: "direct";
       indirect: "indirect";
-      all: "all";
     }>>;
     'update-type': z.ZodOptional<z.ZodEnum<{
       all: "all";
@@ -402,7 +402,7 @@ declare const DependabotUpdateSchema: z.ZodPipe<z.ZodObject<{
   'exclude-paths'?: string[] | undefined;
   allow?: {
     'dependency-name'?: string | undefined;
-    'dependency-type'?: "production" | "development" | "direct" | "indirect" | "all" | undefined;
+    'dependency-type'?: "production" | "all" | "development" | "direct" | "indirect" | undefined;
     'update-type'?: "all" | "security" | undefined;
   }[] | undefined;
   assignees?: string[] | undefined;
@@ -460,7 +460,7 @@ declare const DependabotUpdateSchema: z.ZodPipe<z.ZodObject<{
   'exclude-paths'?: string[] | undefined;
   allow?: {
     'dependency-name'?: string | undefined;
-    'dependency-type'?: "production" | "development" | "direct" | "indirect" | "all" | undefined;
+    'dependency-type'?: "production" | "all" | "development" | "direct" | "indirect" | undefined;
     'update-type'?: "all" | "security" | undefined;
   }[] | undefined;
   assignees?: string[] | undefined;
@@ -655,10 +655,10 @@ declare const DependabotConfigSchema: z.ZodPipe<z.ZodObject<{
       'dependency-name': z.ZodOptional<z.ZodString>;
       'dependency-type': z.ZodOptional<z.ZodEnum<{
         production: "production";
+        all: "all";
         development: "development";
         direct: "direct";
         indirect: "indirect";
-        all: "all";
       }>>;
       'update-type': z.ZodOptional<z.ZodEnum<{
         all: "all";
@@ -778,7 +778,7 @@ declare const DependabotConfigSchema: z.ZodPipe<z.ZodObject<{
     'exclude-paths'?: string[] | undefined;
     allow?: {
       'dependency-name'?: string | undefined;
-      'dependency-type'?: "production" | "development" | "direct" | "indirect" | "all" | undefined;
+      'dependency-type'?: "production" | "all" | "development" | "direct" | "indirect" | undefined;
       'update-type'?: "all" | "security" | undefined;
     }[] | undefined;
     assignees?: string[] | undefined;
@@ -836,7 +836,7 @@ declare const DependabotConfigSchema: z.ZodPipe<z.ZodObject<{
     'exclude-paths'?: string[] | undefined;
     allow?: {
       'dependency-name'?: string | undefined;
-      'dependency-type'?: "production" | "development" | "direct" | "indirect" | "all" | undefined;
+      'dependency-type'?: "production" | "all" | "development" | "direct" | "indirect" | undefined;
       'update-type'?: "all" | "security" | undefined;
     }[] | undefined;
     assignees?: string[] | undefined;
@@ -966,7 +966,7 @@ declare const DependabotConfigSchema: z.ZodPipe<z.ZodObject<{
     'exclude-paths'?: string[] | undefined;
     allow?: {
       'dependency-name'?: string | undefined;
-      'dependency-type'?: "production" | "development" | "direct" | "indirect" | "all" | undefined;
+      'dependency-type'?: "production" | "all" | "development" | "direct" | "indirect" | undefined;
       'update-type'?: "all" | "security" | undefined;
     }[] | undefined;
     assignees?: string[] | undefined;
@@ -1067,7 +1067,7 @@ declare const DependabotConfigSchema: z.ZodPipe<z.ZodObject<{
     'exclude-paths'?: string[] | undefined;
     allow?: {
       'dependency-name'?: string | undefined;
-      'dependency-type'?: "production" | "development" | "direct" | "indirect" | "all" | undefined;
+      'dependency-type'?: "production" | "all" | "development" | "direct" | "indirect" | undefined;
       'update-type'?: "all" | "security" | undefined;
     }[] | undefined;
     assignees?: string[] | undefined;
@@ -1157,11 +1157,11 @@ type DependabotConfig = z.infer<typeof DependabotConfigSchema>;
 declare function parseUpdates(config: DependabotConfig, configPath: string): DependabotUpdate[];
 declare function parseRegistries(config: DependabotConfig, variableFinder: VariableFinderFn): Promise<Record<string, DependabotRegistry>>;
 declare function validateConfiguration(updates: DependabotUpdate[], registries: Record<string, DependabotRegistry>): void;
-/**
- * Possible paths to the dependabot config file.
- * Remember to prefix with a forward slash when querying API endpoints or where necessary.
- */
-declare const POSSIBLE_CONFIG_FILE_PATHS: string[];
+/** Possible paths to the dependabot config file for GitHub. */
+declare const CONFIG_FILE_NAMES: string[];
+declare const CONFIG_FILE_PATHS_GITHUB: string[];
+/** Possible paths to the dependabot config file for Azure. */
+declare const CONFIG_FILE_PATHS_AZURE: string[];
 /**
  * Parse the contents of a dependabot config YAML file
  * @returns {DependabotConfig} config - the dependabot configuration
@@ -1194,15 +1194,15 @@ declare const DependabotProxyConfigSchema: z.ZodObject<{
 type DependabotProxyConfig = z.infer<typeof DependabotProxyConfigSchema>;
 declare const DependabotSourceProviderSchema: z.ZodEnum<{
   azure: "azure";
-  gitlab: "gitlab";
   bitbucket: "bitbucket";
+  gitlab: "gitlab";
 }>;
 type DependabotSourceProvider = z.infer<typeof DependabotSourceProviderSchema>;
 declare const DependabotSourceSchema: z.ZodObject<{
   provider: z.ZodEnum<{
     azure: "azure";
-    gitlab: "gitlab";
     bitbucket: "bitbucket";
+    gitlab: "gitlab";
   }>;
   repo: z.ZodString;
   directory: z.ZodOptional<z.ZodNullable<z.ZodString>>;
@@ -1350,6 +1350,7 @@ declare const DependabotPackageManagerSchema: z.ZodEnum<{
   opentofu: "opentofu";
 }>;
 type DependabotPackageManager = z.infer<typeof DependabotPackageManagerSchema>;
+declare const DEPENDABOT_COMMANDS: readonly ["graph", "version", "recreate"];
 declare const DependabotCommandSchema: z.ZodEnum<{
   version: "version";
   graph: "graph";
@@ -1450,8 +1451,8 @@ declare const DependabotJobConfigSchema: z.ZodObject<{
   source: z.ZodObject<{
     provider: z.ZodEnum<{
       azure: "azure";
-      gitlab: "gitlab";
       bitbucket: "bitbucket";
+      gitlab: "gitlab";
     }>;
     repo: z.ZodString;
     directory: z.ZodOptional<z.ZodNullable<z.ZodString>>;
@@ -1582,8 +1583,8 @@ declare const DependabotJobFileSchema: z.ZodObject<{
     source: z.ZodObject<{
       provider: z.ZodEnum<{
         azure: "azure";
-        gitlab: "gitlab";
         bitbucket: "bitbucket";
+        gitlab: "gitlab";
       }>;
       repo: z.ZodString;
       directory: z.ZodOptional<z.ZodNullable<z.ZodString>>;
@@ -1631,9 +1632,38 @@ type FileFetcherInput = {
 type FileUpdaterInput = FetchedFiles & {
   job: DependabotJobConfig;
 };
+declare const DependabotPersistedPrSchema: z.ZodUnion<[z.ZodArray<z.ZodObject<{
+  'dependency-name': z.ZodString;
+  'dependency-version': z.ZodOptional<z.ZodNullable<z.ZodString>>;
+  directory: z.ZodOptional<z.ZodNullable<z.ZodString>>;
+  removed: z.ZodOptional<z.ZodNullable<z.ZodBoolean>>;
+}, z.core.$strip>>, z.ZodObject<{
+  'dependency-group-name': z.ZodString;
+  dependencies: z.ZodArray<z.ZodObject<{
+    'dependency-name': z.ZodString;
+    'dependency-version': z.ZodOptional<z.ZodNullable<z.ZodString>>;
+    directory: z.ZodOptional<z.ZodNullable<z.ZodString>>;
+    removed: z.ZodOptional<z.ZodNullable<z.ZodBoolean>>;
+  }, z.core.$strip>>;
+}, z.core.$strip>]>;
+type DependabotPersistedPr = z.infer<typeof DependabotPersistedPrSchema>;
 //#endregion
 //#region src/dependabot/branch-name.d.ts
-declare function getBranchNameForUpdate(packageEcosystem: PackageEcosystem, targetBranchName: string | undefined, directory: string | undefined, dependencyGroupName: string | undefined, dependencies: DependabotExistingPR[], separator?: string): string;
+declare function getBranchNameForUpdate({
+  packageEcosystem,
+  targetBranchName,
+  directory,
+  dependencyGroupName,
+  dependencies,
+  separator
+}: {
+  packageEcosystem: PackageEcosystem;
+  targetBranchName?: string;
+  directory?: string;
+  dependencyGroupName?: string;
+  dependencies: DependabotExistingPR[];
+  separator?: string;
+}): string;
 declare function sanitizeRef(refParts: (string | undefined)[], separator: string): string;
 //#endregion
 //#region src/dependabot/directory-key.d.ts
@@ -1776,8 +1806,8 @@ declare class DependabotJobBuilder {
     id: string;
     command: DependabotJobConfig['command'];
     dependencyNamesToUpdate?: string[];
-    existingPullRequests: (DependabotExistingPR[] | DependabotExistingGroupPR)[];
-    pullRequestToUpdate?: DependabotExistingPR[] | DependabotExistingGroupPR;
+    existingPullRequests: DependabotPersistedPr[];
+    pullRequestToUpdate?: DependabotPersistedPr;
     securityVulnerabilities?: SecurityVulnerability[];
   }): DependabotJobBuilderOutput;
 }
@@ -1861,9 +1891,9 @@ declare const DependabotRequestSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
       directory: z.ZodString;
       name: z.ZodString;
       operation: z.ZodEnum<{
+        delete: "delete";
         update: "update";
         create: "create";
-        delete: "delete";
       }>;
       support_file: z.ZodOptional<z.ZodNullable<z.ZodBoolean>>;
       vendored_file: z.ZodOptional<z.ZodNullable<z.ZodBoolean>>;
@@ -1898,9 +1928,9 @@ declare const DependabotRequestSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
       directory: z.ZodString;
       name: z.ZodString;
       operation: z.ZodEnum<{
+        delete: "delete";
         update: "update";
         create: "create";
-        delete: "delete";
       }>;
       support_file: z.ZodOptional<z.ZodNullable<z.ZodBoolean>>;
       vendored_file: z.ZodOptional<z.ZodNullable<z.ZodBoolean>>;
@@ -1936,6 +1966,7 @@ declare const DependabotRequestSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
   data: z.ZodObject<{
     'error-type': z.ZodString;
     'error-details': z.ZodOptional<z.ZodNullable<z.ZodRecord<z.ZodString, z.ZodAny>>>;
+    unknown: z.ZodOptional<z.ZodNullable<z.ZodBoolean>>;
   }, z.core.$strip>;
 }, z.core.$strip>, z.ZodObject<{
   type: z.ZodLiteral<"record_update_job_warning">;
@@ -1949,6 +1980,7 @@ declare const DependabotRequestSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
   data: z.ZodObject<{
     'error-type': z.ZodString;
     'error-details': z.ZodOptional<z.ZodNullable<z.ZodRecord<z.ZodString, z.ZodAny>>>;
+    unknown: z.ZodOptional<z.ZodNullable<z.ZodBoolean>>;
   }, z.core.$strip>;
 }, z.core.$strip>, z.ZodObject<{
   type: z.ZodLiteral<"mark_as_processed">;
@@ -2260,9 +2292,9 @@ declare const DependabotDependencyFileSchema: z.ZodObject<{
   directory: z.ZodString;
   name: z.ZodString;
   operation: z.ZodEnum<{
+    delete: "delete";
     update: "update";
     create: "create";
-    delete: "delete";
   }>;
   support_file: z.ZodOptional<z.ZodNullable<z.ZodBoolean>>;
   vendored_file: z.ZodOptional<z.ZodNullable<z.ZodBoolean>>;
@@ -2434,9 +2466,9 @@ declare const DependabotCreatePullRequestSchema: z.ZodObject<{
     directory: z.ZodString;
     name: z.ZodString;
     operation: z.ZodEnum<{
+      delete: "delete";
       update: "update";
       create: "create";
-      delete: "delete";
     }>;
     support_file: z.ZodOptional<z.ZodNullable<z.ZodBoolean>>;
     vendored_file: z.ZodOptional<z.ZodNullable<z.ZodBoolean>>;
@@ -2470,9 +2502,9 @@ declare const DependabotUpdatePullRequestSchema: z.ZodObject<{
     directory: z.ZodString;
     name: z.ZodString;
     operation: z.ZodEnum<{
+      delete: "delete";
       update: "update";
       create: "create";
-      delete: "delete";
     }>;
     support_file: z.ZodOptional<z.ZodNullable<z.ZodBoolean>>;
     vendored_file: z.ZodOptional<z.ZodNullable<z.ZodBoolean>>;
@@ -2515,9 +2547,16 @@ declare const DependabotMarkAsProcessedSchema: z.ZodObject<{
   'base-commit-sha': z.ZodOptional<z.ZodNullable<z.ZodString>>;
 }, z.core.$strip>;
 type DependabotMarkAsProcessed = z.infer<typeof DependabotMarkAsProcessedSchema>;
+declare const DependabotJobErrorSchema: z.ZodObject<{
+  'error-type': z.ZodString;
+  'error-details': z.ZodOptional<z.ZodNullable<z.ZodRecord<z.ZodString, z.ZodAny>>>;
+  unknown: z.ZodOptional<z.ZodNullable<z.ZodBoolean>>;
+}, z.core.$strip>;
+type DependabotJobError = z.infer<typeof DependabotJobErrorSchema>;
 declare const DependabotRecordUpdateJobErrorSchema: z.ZodObject<{
   'error-type': z.ZodString;
   'error-details': z.ZodOptional<z.ZodNullable<z.ZodRecord<z.ZodString, z.ZodAny>>>;
+  unknown: z.ZodOptional<z.ZodNullable<z.ZodBoolean>>;
 }, z.core.$strip>;
 type DependabotRecordUpdateJobError = z.infer<typeof DependabotRecordUpdateJobErrorSchema>;
 declare const DependabotRecordUpdateJobWarningSchema: z.ZodObject<{
@@ -2529,6 +2568,7 @@ type DependabotRecordUpdateJobWarning = z.infer<typeof DependabotRecordUpdateJob
 declare const DependabotRecordUpdateJobUnknownErrorSchema: z.ZodObject<{
   'error-type': z.ZodString;
   'error-details': z.ZodOptional<z.ZodNullable<z.ZodRecord<z.ZodString, z.ZodAny>>>;
+  unknown: z.ZodOptional<z.ZodNullable<z.ZodBoolean>>;
 }, z.core.$strip>;
 type DependabotRecordUpdateJobUnknownError = z.infer<typeof DependabotRecordUpdateJobUnknownErrorSchema>;
 declare const DependabotRecordEcosystemVersionsSchema: z.ZodObject<{
@@ -2649,5 +2689,25 @@ declare const DependabotMetricSchema: z.ZodObject<{
 }, z.core.$strip>;
 type DependabotMetric = z.infer<typeof DependabotMetricSchema>;
 //#endregion
-export { mapSecurityAdvisories as $, DependabotAllowCondition as $t, DependabotRecordUpdateJobUnknownErrorSchema as A, convertPlaceholder as An, DependabotGroupRuleJob as At, DependabotRequestType as B, DependabotRequirement as Bt, DependabotRecordEcosystemMeta as C, VersioningStrategy as Cn, DependabotExistingGroupPRSchema as Ct, DependabotRecordUpdateJobError as D, parseUpdates as Dn, DependabotExperimentsSchema as Dt, DependabotRecordEcosystemVersionsSchema as E, parseRegistries as En, DependabotExperiments as Et, DependabotUpdatePullRequest as F, DependabotJobFileSchema as Ft, DependabotJobBuilderOutput as G, DependabotSecurityAdvisorySchema as Gt, DependabotTokenType as H, DependabotRequirementSource as Ht, DependabotUpdatePullRequestSchema as I, DependabotPackageManager as It, mapCredentials as J, DependabotSourceProviderSchema as Jt, DependabotSourceInfo as K, DependabotSource as Kt, CreateApiServerAppOptions as L, DependabotPackageManagerSchema as Lt, DependabotRecordUpdateJobWarningSchema as M, DEPENDABOT_DEFAULT_AUTHOR_EMAIL as Mn, DependabotJobConfig as Mt, DependabotUpdateDependencyList as N, DEPENDABOT_DEFAULT_AUTHOR_NAME as Nn, DependabotJobConfigSchema as Nt, DependabotRecordUpdateJobErrorSchema as O, validateConfiguration as On, DependabotGroupJob as Ot, DependabotUpdateDependencyListSchema as P, GitAuthor as Pn, DependabotJobFile as Pt, mapPackageEcosystemToPackageManager as Q, FileUpdaterInput as Qt, DependabotRequest as R, DependabotProxyConfig as Rt, DependabotRecordCooldownMetaSchema as S, PackageEcosystemSchema as Sn, DependabotExistingGroupPR as St, DependabotRecordEcosystemVersions as T, parseDependabotConfig as Tn, DependabotExistingPRSchema as Tt, createApiServerApp as U, DependabotRequirementSourceSchema as Ut, DependabotRequestTypeSchema as V, DependabotRequirementSchema as Vt, DependabotJobBuilder as W, DependabotSecurityAdvisory as Wt, mapGroupsFromDependabotConfigToJobConfig as X, FetchedFiles as Xt, mapExperiments as Y, DependabotSourceSchema as Yt, mapIgnoreConditionsFromDependabotConfigToJobConfig as Z, FileFetcherInput as Zt, DependabotMarkAsProcessed as _, DependabotScheduleSchema as _n, DependabotConditionSchema as _t, DependabotCreatePullRequest as a, DependabotCooldown as an, makeDirectoryKey as at, DependabotMetricSchema as b, POSSIBLE_CONFIG_FILE_PATHS as bn, DependabotDependency as bt, DependabotDependencyFileSchema as c, DependabotGroupSchema as cn, CertificateAuthority as ct, DependabotEcosystemMeta as d, DependabotMultiEcosystemGroup as dn, DependabotAllowedSchema as dt, DependabotAllowConditionSchema as en, mapSourceFromDependabotConfigToJobConfig as et, DependabotEcosystemMetaSchema as f, DependabotMultiEcosystemGroupSchema as fn, DependabotCommand as ft, DependabotIncrementMetricSchema as g, DependabotSchedule as gn, DependabotCondition as gt, DependabotIncrementMetric as h, DependabotRegistrySchema as hn, DependabotCommitOptionsSchema as ht, DependabotClosePullRequestSchema as i, DependabotConfigSchema as in, setExperiment as it, DependabotRecordUpdateJobWarning as j, extractPlaceholder as jn, DependabotGroupRuleJobSchema as jt, DependabotRecordUpdateJobUnknownError as k, VariableFinderFn as kn, DependabotGroupJobSchema as kt, DependabotDependencySubmission as l, DependabotIgnoreCondition as ln, CertificateAuthoritySchema as lt, DependabotEcosystemVersionManagerSchema as m, DependabotRegistry as mn, DependabotCommitOptions as mt, DependabotClosePullRequestReason as n, DependabotCommitMessageSchema as nn, DEFAULT_EXPERIMENTS as nt, DependabotCreatePullRequestSchema as o, DependabotCooldownSchema as on, getBranchNameForUpdate as ot, DependabotEcosystemVersionManager as p, DependabotPullRequestBranchName as pn, DependabotCommandSchema as pt, mapAllowedUpdatesFromDependabotConfigToJobConfig as q, DependabotSourceProvider as qt, DependabotClosePullRequestReasonEnum as r, DependabotConfig as rn, parseExperiments as rt, DependabotDependencyFile as s, DependabotGroup as sn, sanitizeRef as st, DependabotClosePullRequest as t, DependabotCommitMessage as tn, mapVersionStrategyToRequirementsUpdateStrategy as tt, DependabotDependencySubmissionSchema as u, DependabotIgnoreConditionSchema as un, DependabotAllowed as ut, DependabotMarkAsProcessedSchema as v, DependabotUpdate as vn, DependabotCredential as vt, DependabotRecordEcosystemMetaSchema as w, VersioningStrategySchema as wn, DependabotExistingPR as wt, DependabotRecordCooldownMeta as x, PackageEcosystem as xn, DependabotDependencySchema as xt, DependabotMetric as y, DependabotUpdateSchema as yn, DependabotCredentialSchema as yt, DependabotRequestSchema as z, DependabotProxyConfigSchema as zt };
-//# sourceMappingURL=index-Byxjhvfz.d.mts.map
+//#region src/dependabot/utils.d.ts
+declare function normalizeFilePath(path: string): string;
+declare function normalizeBranchName(branch: string): string;
+declare function normalizeBranchName(branch?: string): string | undefined;
+declare function getDependencyNames(dependencies: DependabotPersistedPr): string[];
+declare function areEqual(a: string[], b: string[]): boolean;
+declare function getPullRequestCloseReason(data: DependabotClosePullRequest): string | undefined;
+declare function getPullRequestDependencies(data: DependabotCreatePullRequest): DependabotPersistedPr;
+declare function getPullRequestDescription({
+  packageManager,
+  body,
+  dependencies,
+  maxDescriptionLength
+}: {
+  packageManager: string;
+  body: string | null | undefined;
+  dependencies: DependabotDependency[];
+  maxDescriptionLength?: number;
+}): string;
+//#endregion
+export { DependabotJobBuilder as $, DependabotRequirementSchema as $t, DependabotRecordCooldownMeta as A, DependabotRegistrySchema as An, DependabotDependency as At, DependabotRecordUpdateJobWarning as B, parseRegistries as Bn, DependabotGroupRuleJob as Bt, DependabotIncrementMetricSchema as C, DependabotGroupSchema as Cn, DependabotCommandSchema as Ct, DependabotMarkAsProcessedSchema as D, DependabotMultiEcosystemGroupSchema as Dn, DependabotConditionSchema as Dt, DependabotMarkAsProcessed as E, DependabotMultiEcosystemGroup as En, DependabotCondition as Et, DependabotRecordEcosystemVersionsSchema as F, PackageEcosystem as Fn, DependabotExistingPRSchema as Ft, DependabotUpdatePullRequestSchema as G, extractPlaceholder as Gn, DependabotJobFileSchema as Gt, DependabotUpdateDependencyList as H, validateConfiguration as Hn, DependabotJobConfig as Ht, DependabotRecordUpdateJobError as I, PackageEcosystemSchema as In, DependabotExperiments as It, DependabotRequestSchema as J, GitAuthor as Jn, DependabotPersistedPr as Jt, CreateApiServerAppOptions as K, DEPENDABOT_DEFAULT_AUTHOR_EMAIL as Kn, DependabotPackageManager as Kt, DependabotRecordUpdateJobErrorSchema as L, VersioningStrategy as Ln, DependabotExperimentsSchema as Lt, DependabotRecordEcosystemMeta as M, DependabotScheduleSchema as Mn, DependabotExistingGroupPR as Mt, DependabotRecordEcosystemMetaSchema as N, DependabotUpdate as Nn, DependabotExistingGroupPRSchema as Nt, DependabotMetric as O, DependabotPullRequestBranchName as On, DependabotCredential as Ot, DependabotRecordEcosystemVersions as P, DependabotUpdateSchema as Pn, DependabotExistingPR as Pt, createApiServerApp as Q, DependabotRequirement as Qt, DependabotRecordUpdateJobUnknownError as R, VersioningStrategySchema as Rn, DependabotGroupJob as Rt, DependabotIncrementMetric as S, DependabotGroup as Sn, DependabotCommand as St, DependabotJobErrorSchema as T, DependabotIgnoreConditionSchema as Tn, DependabotCommitOptionsSchema as Tt, DependabotUpdateDependencyListSchema as U, VariableFinderFn as Un, DependabotJobConfigSchema as Ut, DependabotRecordUpdateJobWarningSchema as V, parseUpdates as Vn, DependabotGroupRuleJobSchema as Vt, DependabotUpdatePullRequest as W, convertPlaceholder as Wn, DependabotJobFile as Wt, DependabotRequestTypeSchema as X, DependabotProxyConfig as Xt, DependabotRequestType as Y, DependabotPersistedPrSchema as Yt, DependabotTokenType as Z, DependabotProxyConfigSchema as Zt, DependabotDependencySubmissionSchema as _, DependabotCommitMessageSchema as _n, CertificateAuthority as _t, getPullRequestDescription as a, DependabotSourceProvider as an, mapGroupsFromDependabotConfigToJobConfig as at, DependabotEcosystemVersionManager as b, DependabotCooldown as bn, DependabotAllowed as bt, DependabotClosePullRequest as c, FetchedFiles as cn, mapSecurityAdvisories as ct, DependabotClosePullRequestSchema as d, CONFIG_FILE_NAMES as dn, DEFAULT_EXPERIMENTS as dt, DependabotRequirementSource as en, DependabotJobBuilderOutput as et, DependabotCreatePullRequest as f, CONFIG_FILE_PATHS_AZURE as fn, parseExperiments as ft, DependabotDependencySubmission as g, DependabotCommitMessage as gn, sanitizeRef as gt, DependabotDependencyFileSchema as h, DependabotAllowConditionSchema as hn, getBranchNameForUpdate as ht, getPullRequestDependencies as i, DependabotSource as in, mapExperiments as it, DependabotRecordCooldownMetaSchema as j, DependabotSchedule as jn, DependabotDependencySchema as jt, DependabotMetricSchema as k, DependabotRegistry as kn, DependabotCredentialSchema as kt, DependabotClosePullRequestReason as l, FileFetcherInput as ln, mapSourceFromDependabotConfigToJobConfig as lt, DependabotDependencyFile as m, DependabotAllowCondition as mn, makeDirectoryKey as mt, getDependencyNames as n, DependabotSecurityAdvisory as nn, mapAllowedUpdatesFromDependabotConfigToJobConfig as nt, normalizeBranchName as o, DependabotSourceProviderSchema as on, mapIgnoreConditionsFromDependabotConfigToJobConfig as ot, DependabotCreatePullRequestSchema as p, CONFIG_FILE_PATHS_GITHUB as pn, setExperiment as pt, DependabotRequest as q, DEPENDABOT_DEFAULT_AUTHOR_NAME as qn, DependabotPackageManagerSchema as qt, getPullRequestCloseReason as r, DependabotSecurityAdvisorySchema as rn, mapCredentials as rt, normalizeFilePath as s, DependabotSourceSchema as sn, mapPackageEcosystemToPackageManager as st, areEqual as t, DependabotRequirementSourceSchema as tn, DependabotSourceInfo as tt, DependabotClosePullRequestReasonEnum as u, FileUpdaterInput as un, mapVersionStrategyToRequirementsUpdateStrategy as ut, DependabotEcosystemMeta as v, DependabotConfig as vn, CertificateAuthoritySchema as vt, DependabotJobError as w, DependabotIgnoreCondition as wn, DependabotCommitOptions as wt, DependabotEcosystemVersionManagerSchema as x, DependabotCooldownSchema as xn, DependabotAllowedSchema as xt, DependabotEcosystemMetaSchema as y, DependabotConfigSchema as yn, DEPENDABOT_COMMANDS as yt, DependabotRecordUpdateJobUnknownErrorSchema as z, parseDependabotConfig as zn, DependabotGroupJobSchema as zt };
+//# sourceMappingURL=index-CjxvO_Pt.d.mts.map