npm - @paklo/runner - Versions diffs - 0.2.2 → 0.3.0 - Mend

@paklo/runner 0.2.2 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

package/LICENSE +664 -21
package/dist/{api-client-d6QdRcLh.d.mts → api-client-M8F9t7II.d.mts} +4 -4
package/dist/index.d.mts +3 -3
package/dist/index.mjs +2 -2
package/dist/index.mjs.map +1 -1
package/dist/local/azure/index.d.mts +3 -3
package/dist/local/azure/index.mjs +21 -22
package/dist/local/azure/index.mjs.map +1 -1
package/dist/local/index.d.mts +2 -2
package/dist/local/index.mjs +1 -2
package/dist/{run-DYm1dt_j.mjs → run-BtSPCvKv.mjs} +7 -6
package/dist/run-BtSPCvKv.mjs.map +1 -0
package/dist/{server-BkcsWPxI.d.mts → server-BSQEzdZw.d.mts} +19 -19
package/dist/{server-jm-ghIse.mjs → server-M1ps5BVd.mjs} +7 -6
package/dist/server-M1ps5BVd.mjs.map +1 -0
package/package.json +5 -5
package/dist/logger-DSV-e8-Y.mjs +0 -3
package/dist/run-DYm1dt_j.mjs.map +0 -1
package/dist/server-jm-ghIse.mjs.map +0 -1

package/dist/{api-client-d6QdRcLh.d.mts → api-client-M8F9t7II.d.mts} RENAMED Viewed

@@ -3,16 +3,16 @@ import { InnerApiClient } from "@paklo/core/http";
 //#region src/params.d.ts
 declare class JobParameters {
-  readonly jobId: number;
+  readonly jobId: string;
   readonly jobToken: string;
   readonly credentialsToken: string;
   readonly dependabotApiUrl: string;
   readonly dependabotApiDockerUrl: string;
   readonly updaterImage: string;
-  constructor(jobId: number, jobToken: string, credentialsToken: string, dependabotApiUrl: string, dependabotApiDockerUrl: string, updaterImage: string);
+  constructor(jobId: string, jobToken: string, credentialsToken: string, dependabotApiUrl: string, dependabotApiDockerUrl: string, updaterImage: string);
 }
 declare function getJobParameters(input: {
-  jobId?: string | number;
+  jobId?: string;
   jobToken?: string;
   credentialsToken?: string;
   dependabotApiUrl?: string;
@@ -45,4 +45,4 @@ declare class ApiClient {
 }
 //#endregion
 export { JobParameters as a, SecretMasker as i, CredentialFetchingError as n, getJobParameters as o, JobDetailsFetchingError as r, ApiClient as t };
-//# sourceMappingURL=api-client-d6QdRcLh.d.mts.map
+//# sourceMappingURL=api-client-M8F9t7II.d.mts.map

package/dist/index.d.mts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { a as JobParameters, i as SecretMasker, n as CredentialFetchingError, o as getJobParameters, r as JobDetailsFetchingError, t as ApiClient } from "./api-client-d6QdRcLh.mjs";
+import { a as JobParameters, i as SecretMasker, n as CredentialFetchingError, o as getJobParameters, r as JobDetailsFetchingError, t as ApiClient } from "./api-client-M8F9t7II.mjs";
 import { DependabotCredential, DependabotJobConfig, DependabotProxyConfig, FileFetcherInput, FileUpdaterInput } from "@paklo/core/dependabot";
 import Docker, { Container, Network } from "dockerode";
 import { UsageTelemetryRequestData } from "@paklo/core/usage";
@@ -47,7 +47,7 @@ declare class ProxyBuilder {
   private readonly proxyImage;
   private readonly cachedMode;
   constructor(docker: Docker, proxyImage: string, cachedMode: boolean);
-  run(jobId: number, jobToken: string, dependabotApiUrl: string, credentials: DependabotCredential[]): Promise<Proxy>;
+  run(jobId: string, jobToken: string, dependabotApiUrl: string, credentials: DependabotCredential[]): Promise<Proxy>;
   private ensureNetwork;
   private buildProxyConfig;
   private generateCertificateAuthority;
@@ -61,7 +61,7 @@ declare class JobRunnerUpdaterError extends Error {}
 type RunJobOptions = {
   dependabotApiUrl: string;
   dependabotApiDockerUrl?: string;
-  jobId: number;
+  jobId: string;
   jobToken: string;
   credentialsToken: string;
   updaterImage?: string;

package/dist/index.mjs CHANGED Viewed

@@ -1,5 +1,5 @@
-import { t as logger } from "./logger-DSV-e8-Y.mjs";
-import { _ as updaterImageName, a as UpdaterBuilder, b as CredentialFetchingError, c as getJobParameters, d as ContainerRuntimeError, f as ContainerService, g as repositoryName, h as hasDigest, i as Updater, l as ImageService, m as digestName, n as JobRunnerUpdaterError, o as ProxyBuilder, p as PROXY_IMAGE_NAME, r as runJob, s as JobParameters, t as JobRunnerImagingError, u as getOrgFromImage, v as updaterImages, x as JobDetailsFetchingError, y as ApiClient } from "./run-DYm1dt_j.mjs";
+import { _ as updaterImageName, a as UpdaterBuilder, b as CredentialFetchingError, c as getJobParameters, d as ContainerRuntimeError, f as ContainerService, g as repositoryName, h as hasDigest, i as Updater, l as ImageService, m as digestName, n as JobRunnerUpdaterError, o as ProxyBuilder, p as PROXY_IMAGE_NAME, r as runJob, s as JobParameters, t as JobRunnerImagingError, u as getOrgFromImage, v as updaterImages, x as JobDetailsFetchingError, y as ApiClient } from "./run-BtSPCvKv.mjs";
+import { logger } from "@paklo/core/logger";
 import Docker from "dockerode";
 //#region src/cleanup.ts

package/dist/index.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.mjs","names":["error: unknown"],"sources":["../src/cleanup.ts"],"sourcesContent":["import ~~Docker~~ from '~~dockerode~~';\nimport { ~~logger }~~ from '~~@/logger~~';\nimport { digestName, hasDigest, PROXY_IMAGE_NAME, repositoryName, updaterImages } from './docker-tags';\n\n// Code below is borrowed and adapted from dependabot-action\n\n// This method performs housekeeping checks to remove Docker artifacts\n// which were left behind by old versions or any jobs\n// which may have crashed before deleting their own containers or networks\n//\n// cutoff - a Go duration string to pass to the Docker API's 'until' argument, default '24h'\nexport async function cleanup(cutoff = '24h'): Promise<void> {\n if (process.env.DEPENDABOT_DISABLE_CLEANUP === '1') {\n return;\n }\n\n try {\n const docker = new Docker();\n const untilFilter = { until: [cutoff] };\n logger.info(`Pruning networks older than ${cutoff}`);\n await docker.pruneNetworks({ filters: untilFilter });\n logger.info(`Pruning containers older than ${cutoff}`);\n await docker.pruneContainers({ filters: untilFilter });\n await Promise.all(\n updaterImages().map(async (image) => {\n return cleanupOldImageVersions(docker, image);\n }),\n );\n await cleanupOldImageVersions(docker, PROXY_IMAGE_NAME);\n } catch (error: unknown) {\n if (error instanceof Error) {\n logger.error(`Error cleaning up: ${error.message}`);\n }\n }\n}\n\nexport async function cleanupOldImageVersions(docker: Docker, imageName: string): Promise<void> {\n const repo = repositoryName(imageName);\n const options = {\n filters: `{\"reference\":[\"${repo}\"]}`,\n };\n\n logger.info(`Cleaning up images for ${repo}`);\n\n docker.listImages(options, async (err, imageInfoList) => {\n if (imageInfoList && imageInfoList.length > 0) {\n for (const imageInfo of imageInfoList) {\n // The given imageName is expected to be a tag + digest, however to avoid any surprises in future\n // we fail over to check for a match on just tags as well.\n //\n // This means we won't remove any image which matches an imageName of either of these notations:\n // - dependabot/image:$TAG@sha256:$REF (current implementation)\n // - dependabot/image:v1\n //\n // Without checking imageInfo.RepoTags for a match, we would actually remove the latter even if\n // this was the active version.\n if (imageMatches(imageInfo, imageName)) {\n logger.info(`Skipping current image ${imageInfo.Id}`);\n continue;\n }\n\n logger.info(`Removing image ${imageInfo.Id}`);\n try {\n await docker.getImage(imageInfo.Id).remove();\n } catch (error: unknown) {\n if (error instanceof Error) {\n logger.info(`Unable to remove ${imageInfo.Id} -- ${error.message}`);\n }\n }\n }\n }\n });\n}\n\nfunction imageMatches(imageInfo: Docker.ImageInfo, imageName: string): boolean {\n if (hasDigest(imageName)) {\n return imageInfo.RepoDigests ? imageInfo.RepoDigests.includes(digestName(imageName)) : false;\n }\n return imageInfo.RepoTags ? imageInfo.RepoTags.includes(imageName) : false;\n}\n"],"mappings":";;;;;AAWA,eAAsB,QAAQ,SAAS,OAAsB;AAC3D,KAAI,QAAQ,IAAI,+BAA+B,IAC7C;AAGF,KAAI;EACF,MAAM,SAAS,IAAI,QAAQ;EAC3B,MAAM,cAAc,EAAE,OAAO,CAAC,OAAO,EAAE;AACvC,SAAO,KAAK,+BAA+B,SAAS;AACpD,QAAM,OAAO,cAAc,EAAE,SAAS,aAAa,CAAC;AACpD,SAAO,KAAK,iCAAiC,SAAS;AACtD,QAAM,OAAO,gBAAgB,EAAE,SAAS,aAAa,CAAC;AACtD,QAAM,QAAQ,IACZ,eAAe,CAAC,IAAI,OAAO,UAAU;AACnC,UAAO,wBAAwB,QAAQ,MAAM;IAC7C,CACH;AACD,QAAM,wBAAwB,QAAQ,iBAAiB;UAChDA,OAAgB;AACvB,MAAI,iBAAiB,MACnB,QAAO,MAAM,sBAAsB,MAAM,UAAU;;;AAKzD,eAAsB,wBAAwB,QAAgB,WAAkC;CAC9F,MAAM,OAAO,eAAe,UAAU;CACtC,MAAM,UAAU,EACd,SAAS,kBAAkB,KAAK,MACjC;AAED,QAAO,KAAK,0BAA0B,OAAO;AAE7C,QAAO,WAAW,SAAS,OAAO,KAAK,kBAAkB;AACvD,MAAI,iBAAiB,cAAc,SAAS,EAC1C,MAAK,MAAM,aAAa,eAAe;AAUrC,OAAI,aAAa,WAAW,UAAU,EAAE;AACtC,WAAO,KAAK,0BAA0B,UAAU,KAAK;AACrD;;AAGF,UAAO,KAAK,kBAAkB,UAAU,KAAK;AAC7C,OAAI;AACF,UAAM,OAAO,SAAS,UAAU,GAAG,CAAC,QAAQ;YACrCA,OAAgB;AACvB,QAAI,iBAAiB,MACnB,QAAO,KAAK,oBAAoB,UAAU,GAAG,MAAM,MAAM,UAAU;;;GAK3E;;AAGJ,SAAS,aAAa,WAA6B,WAA4B;AAC7E,KAAI,UAAU,UAAU,CACtB,QAAO,UAAU,cAAc,UAAU,YAAY,SAAS,WAAW,UAAU,CAAC,GAAG;AAEzF,QAAO,UAAU,WAAW,UAAU,SAAS,SAAS,UAAU,GAAG"}
1	+ {"version":3,"file":"index.mjs","names":["error: unknown"],"sources":["../src/cleanup.ts"],"sourcesContent":["import { logger } from '@paklo/core/logger';\nimport Docker from 'dockerode';\nimport { digestName, hasDigest, PROXY_IMAGE_NAME, repositoryName, updaterImages } from './docker-tags';\n\n// Code below is borrowed and adapted from dependabot-action\n\n// This method performs housekeeping checks to remove Docker artifacts\n// which were left behind by old versions or any jobs\n// which may have crashed before deleting their own containers or networks\n//\n// cutoff - a Go duration string to pass to the Docker API's 'until' argument, default '24h'\nexport async function cleanup(cutoff = '24h'): Promise<void> {\n if (process.env.DEPENDABOT_DISABLE_CLEANUP === '1') {\n return;\n }\n\n try {\n const docker = new Docker();\n const untilFilter = { until: [cutoff] };\n logger.info(`Pruning networks older than ${cutoff}`);\n await docker.pruneNetworks({ filters: untilFilter });\n logger.info(`Pruning containers older than ${cutoff}`);\n await docker.pruneContainers({ filters: untilFilter });\n await Promise.all(\n updaterImages().map(async (image) => {\n return cleanupOldImageVersions(docker, image);\n }),\n );\n await cleanupOldImageVersions(docker, PROXY_IMAGE_NAME);\n } catch (error: unknown) {\n if (error instanceof Error) {\n logger.error(`Error cleaning up: ${error.message}`);\n }\n }\n}\n\nexport async function cleanupOldImageVersions(docker: Docker, imageName: string): Promise<void> {\n const repo = repositoryName(imageName);\n const options = {\n filters: `{\"reference\":[\"${repo}\"]}`,\n };\n\n logger.info(`Cleaning up images for ${repo}`);\n\n docker.listImages(options, async (err, imageInfoList) => {\n if (imageInfoList && imageInfoList.length > 0) {\n for (const imageInfo of imageInfoList) {\n // The given imageName is expected to be a tag + digest, however to avoid any surprises in future\n // we fail over to check for a match on just tags as well.\n //\n // This means we won't remove any image which matches an imageName of either of these notations:\n // - dependabot/image:$TAG@sha256:$REF (current implementation)\n // - dependabot/image:v1\n //\n // Without checking imageInfo.RepoTags for a match, we would actually remove the latter even if\n // this was the active version.\n if (imageMatches(imageInfo, imageName)) {\n logger.info(`Skipping current image ${imageInfo.Id}`);\n continue;\n }\n\n logger.info(`Removing image ${imageInfo.Id}`);\n try {\n await docker.getImage(imageInfo.Id).remove();\n } catch (error: unknown) {\n if (error instanceof Error) {\n logger.info(`Unable to remove ${imageInfo.Id} -- ${error.message}`);\n }\n }\n }\n }\n });\n}\n\nfunction imageMatches(imageInfo: Docker.ImageInfo, imageName: string): boolean {\n if (hasDigest(imageName)) {\n return imageInfo.RepoDigests ? imageInfo.RepoDigests.includes(digestName(imageName)) : false;\n }\n return imageInfo.RepoTags ? imageInfo.RepoTags.includes(imageName) : false;\n}\n"],"mappings":";;;;;AAWA,eAAsB,QAAQ,SAAS,OAAsB;AAC3D,KAAI,QAAQ,IAAI,+BAA+B,IAC7C;AAGF,KAAI;EACF,MAAM,SAAS,IAAI,QAAQ;EAC3B,MAAM,cAAc,EAAE,OAAO,CAAC,OAAO,EAAE;AACvC,SAAO,KAAK,+BAA+B,SAAS;AACpD,QAAM,OAAO,cAAc,EAAE,SAAS,aAAa,CAAC;AACpD,SAAO,KAAK,iCAAiC,SAAS;AACtD,QAAM,OAAO,gBAAgB,EAAE,SAAS,aAAa,CAAC;AACtD,QAAM,QAAQ,IACZ,eAAe,CAAC,IAAI,OAAO,UAAU;AACnC,UAAO,wBAAwB,QAAQ,MAAM;IAC7C,CACH;AACD,QAAM,wBAAwB,QAAQ,iBAAiB;UAChDA,OAAgB;AACvB,MAAI,iBAAiB,MACnB,QAAO,MAAM,sBAAsB,MAAM,UAAU;;;AAKzD,eAAsB,wBAAwB,QAAgB,WAAkC;CAC9F,MAAM,OAAO,eAAe,UAAU;CACtC,MAAM,UAAU,EACd,SAAS,kBAAkB,KAAK,MACjC;AAED,QAAO,KAAK,0BAA0B,OAAO;AAE7C,QAAO,WAAW,SAAS,OAAO,KAAK,kBAAkB;AACvD,MAAI,iBAAiB,cAAc,SAAS,EAC1C,MAAK,MAAM,aAAa,eAAe;AAUrC,OAAI,aAAa,WAAW,UAAU,EAAE;AACtC,WAAO,KAAK,0BAA0B,UAAU,KAAK;AACrD;;AAGF,UAAO,KAAK,kBAAkB,UAAU,KAAK;AAC7C,OAAI;AACF,UAAM,OAAO,SAAS,UAAU,GAAG,CAAC,QAAQ;YACrCA,OAAgB;AACvB,QAAI,iBAAiB,MACnB,QAAO,KAAK,oBAAoB,UAAU,GAAG,MAAM,MAAM,UAAU;;;GAK3E;;AAGJ,SAAS,aAAa,WAA6B,WAA4B;AAC7E,KAAI,UAAU,UAAU,CACtB,QAAO,UAAU,cAAc,UAAU,YAAY,SAAS,WAAW,UAAU,CAAC,GAAG;AAEzF,QAAO,UAAU,WAAW,UAAU,SAAS,SAAS,UAAU,GAAG"}

package/dist/local/azure/index.d.mts CHANGED Viewed

@@ -1,5 +1,5 @@
-import "../../api-client-d6QdRcLh.mjs";
-import { a as LocalJobsRunner, i as LocalDependabotServerOptions, n as LocalDependabotServer, o as LocalJobsRunnerOptions, s as RunJobsResult } from "../../server-BkcsWPxI.mjs";
+import "../../api-client-M8F9t7II.mjs";
+import { a as LocalJobsRunner, i as LocalDependabotServerOptions, n as LocalDependabotServer, o as LocalJobsRunnerOptions, s as RunJobsResult } from "../../server-BSQEzdZw.mjs";
 import { DependabotRequest } from "@paklo/core/dependabot";
 import { AzureDevOpsRepositoryUrl, AzureDevOpsWebApiClient, IPullRequestProperties } from "@paklo/core/azure";
@@ -18,7 +18,7 @@ type AzureLocalDependabotServerOptions = LocalDependabotServerOptions & {
 declare class AzureLocalDependabotServer extends LocalDependabotServer {
   private readonly options;
   constructor(options: AzureLocalDependabotServerOptions);
-  protected handle(id: number, request: DependabotRequest): Promise<boolean>;
+  protected handle(id: string, request: DependabotRequest): Promise<boolean>;
 }
 //#endregion
 //#region src/local/azure/runner.d.ts

package/dist/local/azure/index.mjs CHANGED Viewed

@@ -1,7 +1,7 @@
-import { t as logger } from "../../logger-DSV-e8-Y.mjs";
-import { r as runJob } from "../../run-DYm1dt_j.mjs";
-import { n as LocalJobsRunner, t as LocalDependabotServer } from "../../server-jm-ghIse.mjs";
+import { r as runJob } from "../../run-BtSPCvKv.mjs";
+import { n as LocalJobsRunner, t as LocalDependabotServer } from "../../server-M1ps5BVd.mjs";
 import { DependabotJobBuilder, getBranchNameForUpdate, mapPackageEcosystemToPackageManager } from "@paklo/core/dependabot";
+import { logger } from "@paklo/core/logger";
 import { readFile } from "node:fs/promises";
 import { existsSync } from "node:fs";
 import { AzureDevOpsWebApiClient, DEVOPS_PR_PROPERTY_MICROSOFT_GIT_SOURCE_REF_NAME, GitPullRequestMergeStrategy, buildPullRequestProperties, getPullRequestChangedFilesForOutputData, getPullRequestCloseReasonForOutputData, getPullRequestDependenciesPropertyValueForOutputData, getPullRequestDescription, getPullRequestForDependencyNames, normalizeBranchName, parsePullRequestProperties } from "@paklo/core/azure";
@@ -285,7 +285,6 @@ var AzureLocalJobsRunner = class extends LocalJobsRunner {
 				experiments,
 				debug: false
 			});
-			let jobId;
 			let job;
 			let credentials;
 			let jobToken;
@@ -294,10 +293,10 @@ var AzureLocalJobsRunner = class extends LocalJobsRunner {
 			let dependencyNamesToUpdate = [];
 			const securityUpdatesOnly = update["open-pull-requests-limit"] === 0;
 			if (securityUpdatesOnly) {
-				({jobId, job, credentials} = builder.forDependenciesList({ command }));
+				({job, credentials} = builder.forDependenciesList({ command }));
 				({jobToken, credentialsToken} = this.makeTokens());
 				server.add({
-					id: jobId,
+					id: job.id,
 					update,
 					job,
 					jobToken,
@@ -307,14 +306,14 @@ var AzureLocalJobsRunner = class extends LocalJobsRunner {
 				await runJob({
 					dependabotApiUrl,
 					dependabotApiDockerUrl,
-					jobId,
+					jobId: job.id,
 					jobToken,
 					credentialsToken,
 					updaterImage,
 					secretMasker,
 					usage: makeUsageData(job)
 				});
-				const packagesToCheckForVulnerabilities = server.requests(jobId).find((o) => o.type === "update_dependency_list")?.data.dependencies?.map((d) => ({
+				const packagesToCheckForVulnerabilities = server.requests(job.id).find((o) => o.type === "update_dependency_list")?.data.dependencies?.map((d) => ({
 					name: d.name,
 					version: d.version
 				}));
@@ -337,17 +336,17 @@ var AzureLocalJobsRunner = class extends LocalJobsRunner {
 					if (dependencyNamesToUpdate.length) logger.trace(dependencyNamesToUpdate);
 				} else {
 					logger.info(`No vulnerabilities detected for update ${update["package-ecosystem"]} in ${update.directory}`);
-					server.clear(jobId);
+					server.clear(job.id);
 					continue;
 				}
-				server.clear(jobId);
+				server.clear(job.id);
 			}
 			const openPullRequestsLimit = update["open-pull-requests-limit"];
 			const openPullRequestsCount = Object.entries(existingPullRequestsForPackageManager).length;
 			if (!(openPullRequestsLimit > 0 && openPullRequestsCount >= openPullRequestsLimit)) {
 				const dependenciesHaveVulnerabilities = dependencyNamesToUpdate.length && securityVulnerabilities.length;
 				if (!securityUpdatesOnly || dependenciesHaveVulnerabilities) {
-					({jobId, job, credentials} = builder.forUpdate({
+					({job, credentials} = builder.forUpdate({
 						command,
 						dependencyNamesToUpdate,
 						existingPullRequests: existingPullRequestDependenciesForPackageManager,
@@ -355,7 +354,7 @@ var AzureLocalJobsRunner = class extends LocalJobsRunner {
 					}));
 					({jobToken, credentialsToken} = this.makeTokens());
 					server.add({
-						id: jobId,
+						id: job.id,
 						update,
 						job,
 						jobToken,
@@ -365,17 +364,17 @@ var AzureLocalJobsRunner = class extends LocalJobsRunner {
 					const { success, message } = await runJob({
 						dependabotApiUrl,
 						dependabotApiDockerUrl,
-						jobId,
+						jobId: job.id,
 						jobToken,
 						credentialsToken,
 						updaterImage,
 						secretMasker,
 						usage: makeUsageData(job)
 					});
-					const affectedPrs = server.allAffectedPrs(jobId);
-					server.clear(jobId);
+					const affectedPrs = server.allAffectedPrs(job.id);
+					server.clear(job.id);
 					results.push({
-						id: jobId,
+						id: job.id,
 						success,
 						message,
 						affectedPrs
@@ -384,7 +383,7 @@ var AzureLocalJobsRunner = class extends LocalJobsRunner {
 			} else logger.warn(`Skipping update for ${packageEcosystem} packages as the open pull requests limit (${openPullRequestsLimit}) has already been reached`);
 			const numberOfPullRequestsToUpdate = Object.keys(existingPullRequestsForPackageManager).length;
 			if (numberOfPullRequestsToUpdate > 0) if (!dryRun) for (const pullRequestId in existingPullRequestsForPackageManager) {
-				({jobId, job, credentials} = builder.forUpdate({
+				({job, credentials} = builder.forUpdate({
 					command,
 					existingPullRequests: existingPullRequestDependenciesForPackageManager,
 					pullRequestToUpdate: existingPullRequestsForPackageManager[pullRequestId],
@@ -392,7 +391,7 @@ var AzureLocalJobsRunner = class extends LocalJobsRunner {
 				}));
 				({jobToken, credentialsToken} = this.makeTokens());
 				server.add({
-					id: jobId,
+					id: job.id,
 					update,
 					job,
 					jobToken,
@@ -402,17 +401,17 @@ var AzureLocalJobsRunner = class extends LocalJobsRunner {
 				const { success, message } = await runJob({
 					dependabotApiUrl,
 					dependabotApiDockerUrl,
-					jobId,
+					jobId: job.id,
 					jobToken,
 					credentialsToken,
 					updaterImage,
 					secretMasker,
 					usage: makeUsageData(job)
 				});
-				const affectedPrs = server.allAffectedPrs(jobId);
-				server.clear(jobId);
+				const affectedPrs = server.allAffectedPrs(job.id);
+				server.clear(job.id);
 				results.push({
-					id: jobId,
+					id: job.id,
 					success,
 					message,
 					affectedPrs

package/dist/local/azure/index.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.mjs","names":["updates: DependabotUpdate[]","results: RunJobsResult","jobId: number \| undefined","job: DependabotJobConfig \| undefined","credentials: DependabotCredential[] \| undefined","jobToken: string","credentialsToken: string","securityVulnerabilities: SecurityVulnerability[]","dependencyNamesToUpdate: string[]","packagesToCheckForVulnerabilities: Package[] \| undefined"],"sources":["../../../src/local/azure/server.ts","../../../src/local/azure/runner.ts"],"sourcesContent":["import type { AzureDevOpsRepositoryUrl, AzureDevOpsWebApiClient, IPullRequestProperties } from '@paklo/core/azure';\nimport {\n buildPullRequestProperties,\n GitPullRequestMergeStrategy,\n getPullRequestChangedFilesForOutputData,\n getPullRequestCloseReasonForOutputData,\n getPullRequestDependenciesPropertyValueForOutputData,\n getPullRequestDescription,\n getPullRequestForDependencyNames,\n parsePullRequestProperties,\n} from '@paklo/core/azure';\nimport { type DependabotRequest, getBranchNameForUpdate } from '@paklo/core/dependabot';\nimport { logger } from '@/logger';\nimport { LocalDependabotServer, type LocalDependabotServerOptions } from '../server';\n\nexport type AzureLocalDependabotServerOptions = LocalDependabotServerOptions & {\n url: AzureDevOpsRepositoryUrl;\n authorClient: AzureDevOpsWebApiClient;\n autoApprove: boolean;\n approverClient?: AzureDevOpsWebApiClient;\n setAutoComplete: boolean;\n mergeStrategy?: string;\n autoCompleteIgnoreConfigIds: number[];\n existingBranchNames: string[] \| undefined;\n existingPullRequests: IPullRequestProperties[];\n};\n\nexport class AzureLocalDependabotServer extends LocalDependabotServer {\n // biome-ignore lint/correctness/noUnusedPrivateClassMembers: options is used\n private readonly options: AzureLocalDependabotServerOptions;\n\n constructor(options: AzureLocalDependabotServerOptions) {\n super(options);\n this.options = options;\n }\n\n protected override async handle(id: number, request: DependabotRequest): Promise<boolean> {\n await super.handle(id, request); // common logic\n\n const { options, affectedPullRequestIds } = this;\n const {\n url,\n authorClient,\n approverClient,\n existingBranchNames,\n existingPullRequests,\n autoApprove,\n mergeStrategy,\n setAutoComplete,\n autoCompleteIgnoreConfigIds,\n author,\n debug,\n dryRun,\n } = options;\n\n const { type, data } = request;\n const job = await this.job(id);\n if (!job) {\n logger.error(`No job found for ID '${id}', cannot process request of type '${type}'`);\n return false;\n }\n const { 'package-manager': packageManager } = job;\n logger.info(`Processing '${type}' for job ID '${id}'`);\n if (debug) {\n logger.debug(JSON.stringify(data));\n }\n\n const update = this.update(id)!; // exists because job exists\n const { project, repository } = url;\n\n switch (type) {\n // Documentation on the 'data' model for each output type can be found here:\n // See: https://github.com/dependabot/cli/blob/main/internal/model/update.go\n\n case 'create_pull_request': {\n const title = data['pr-title'];\n if (dryRun) {\n logger.warn(`Skipping pull request creation of '${title}' as 'dryRun' is set to 'true'`);\n return true;\n }\n\n // Skip if active pull request limit reached.\n const openPullRequestsLimit = update['open-pull-requests-limit']!;\n\n // Parse the Dependabot metadata for the existing pull requests that are related to this update\n // Dependabot will use this to determine if we need to create new pull requests or update/close existing ones\n const existingPullRequestsForPackageManager = parsePullRequestProperties(existingPullRequests, packageManager);\n const existingPullRequestsCount = Object.entries(existingPullRequestsForPackageManager).length;\n const openPullRequestsCount = affectedPullRequestIds.get(id)!.created.length + existingPullRequestsCount;\n const hasReachedOpenPullRequestLimit =\n openPullRequestsLimit > 0 && openPullRequestsCount >= openPullRequestsLimit;\n\n if (hasReachedOpenPullRequestLimit) {\n logger.warn(\n `Skipping pull request creation of '${title}' as the open pull requests limit (${openPullRequestsLimit}) has been reached`,\n );\n return true;\n }\n\n const changedFiles = getPullRequestChangedFilesForOutputData(data);\n const dependencies = getPullRequestDependenciesPropertyValueForOutputData(data);\n const targetBranch = update['target-branch'] \|\| (await authorClient.getDefaultBranch(project, repository));\n const sourceBranch = getBranchNameForUpdate(\n update['package-ecosystem'],\n targetBranch,\n update.directory \|\| update.directories?.find((dir) => changedFiles[0]?.path?.startsWith(dir)),\n !Array.isArray(dependencies) ? dependencies['dependency-group-name'] : undefined,\n !Array.isArray(dependencies) ? dependencies.dependencies : dependencies,\n update['pull-request-branch-name']?.separator,\n );\n\n // Check if the source branch already exists or conflicts with an existing branch\n const existingBranch = existingBranchNames?.find((branch) => sourceBranch === branch) \|\| [];\n if (existingBranch.length) {\n logger.error(\n `Unable to create pull request '${title}' as source branch '${sourceBranch}' already exists; Delete the existing branch and try again.`,\n );\n return false;\n }\n const conflictingBranches = existingBranchNames?.filter((branch) => sourceBranch.startsWith(branch)) \|\| [];\n if (conflictingBranches.length) {\n logger.error(\n `Unable to create pull request '${title}' as source branch '${sourceBranch}' would conflict with existing branch(es) '${conflictingBranches.join(', ')}'; Delete the conflicting branch(es) and try again.`,\n );\n return false;\n }\n\n // Create a new pull request\n const newPullRequestId = await authorClient.createPullRequest({\n project: project,\n repository: repository,\n source: {\n commit: data['base-commit-sha'] \|\| job.source.commit!,\n branch: sourceBranch,\n },\n target: {\n branch: targetBranch!,\n },\n author,\n title,\n description: getPullRequestDescription(packageManager, data['pr-body'], data.dependencies),\n commitMessage: data['commit-message'],\n autoComplete: setAutoComplete\n ? {\n ignorePolicyConfigIds: autoCompleteIgnoreConfigIds,\n mergeStrategy: (() => {\n switch (mergeStrategy) {\n case 'noFastForward':\n return GitPullRequestMergeStrategy.NoFastForward;\n case 'squash':\n return GitPullRequestMergeStrategy.Squash;\n case 'rebase':\n return GitPullRequestMergeStrategy.Rebase;\n case 'rebaseMerge':\n return GitPullRequestMergeStrategy.RebaseMerge;\n default:\n return GitPullRequestMergeStrategy.Squash;\n }\n })(),\n }\n : undefined,\n assignees: update.assignees,\n labels: update.labels?.map((label) => label?.trim()) \|\| [],\n workItems: update.milestone ? [update.milestone] : [],\n changes: changedFiles,\n properties: buildPullRequestProperties(packageManager, dependencies),\n });\n\n // Auto-approve the pull request, if required\n if (autoApprove && approverClient && newPullRequestId) {\n await approverClient.approvePullRequest({\n project: project,\n repository: repository,\n pullRequestId: newPullRequestId,\n });\n }\n\n // Store the new pull request ID, so we can keep track of the total number of open pull requests\n if (newPullRequestId && newPullRequestId > 0) {\n affectedPullRequestIds.get(id)!.created.push(newPullRequestId);\n return true;\n } else {\n return false;\n }\n }\n\n case 'update_pull_request': {\n if (dryRun) {\n logger.warn(`Skipping pull request update as 'dryRun' is set to 'true'`);\n return true;\n }\n\n // Find the pull request to update\n const pullRequestToUpdate = getPullRequestForDependencyNames(\n existingPullRequests,\n packageManager,\n data['dependency-names'],\n );\n if (!pullRequestToUpdate) {\n logger.error(\n `Could not find pull request to update for package manager '${packageManager}' with dependencies '${data['dependency-names'].join(', ')}'`,\n );\n return false;\n }\n\n // Update the pull request\n const pullRequestWasUpdated = await authorClient.updatePullRequest({\n project: project,\n repository: repository,\n pullRequestId: pullRequestToUpdate.id,\n commit: data['base-commit-sha'] \|\| job.source.commit!,\n author,\n changes: getPullRequestChangedFilesForOutputData(data),\n skipIfDraft: true,\n skipIfCommitsFromAuthorsOtherThan: author.email,\n skipIfNotBehindTargetBranch: true,\n });\n\n // Re-approve the pull request, if required\n if (autoApprove && approverClient && pullRequestWasUpdated) {\n await approverClient.approvePullRequest({\n project: project,\n repository: repository,\n pullRequestId: pullRequestToUpdate.id,\n });\n }\n\n if (pullRequestWasUpdated) {\n affectedPullRequestIds.get(id)!.updated.push(pullRequestToUpdate.id);\n return true;\n }\n return false;\n }\n\n case 'close_pull_request': {\n if (dryRun) {\n logger.warn(`Skipping pull request closure as 'dryRun' is set to 'true'`);\n return true;\n }\n\n // Find the pull request to close\n const pullRequestToClose = getPullRequestForDependencyNames(\n existingPullRequests,\n packageManager,\n data['dependency-names'],\n );\n if (!pullRequestToClose) {\n logger.error(\n `Could not find pull request to close for package manager '${packageManager}' with dependencies '${data['dependency-names'].join(', ')}'`,\n );\n return false;\n }\n\n // TODO: GitHub Dependabot will close with reason \"Superseded by ${new_pull_request_id}\" when another PR supersedes it.\n // How do we detect this? Do we need to?\n\n // Close the pull request\n const success = await authorClient.abandonPullRequest({\n project: project,\n repository: repository,\n pullRequestId: pullRequestToClose.id,\n comment: getPullRequestCloseReasonForOutputData(data),\n deleteSourceBranch: true,\n });\n if (success) {\n affectedPullRequestIds.get(id)!.closed.push(pullRequestToClose.id);\n return true;\n }\n return false;\n }\n\n // No action required\n case 'update_dependency_list':\n case 'mark_as_processed':\n case 'record_ecosystem_versions':\n case 'record_ecosystem_meta':\n case 'increment_metric':\n case 'record_metrics':\n return true;\n\n case 'record_update_job_error':\n logger.error(`Update job error: ${data['error-type']} ${JSON.stringify(data['error-details'])}`);\n return true;\n\n case 'record_update_job_unknown_error':\n logger.error(`Update job unknown error: ${data['error-type']}, ${JSON.stringify(data['error-details'])}`);\n return true;\n\n default:\n logger.warn(`Unknown dependabot output type '${type}', ignoring...`);\n return true;\n }\n }\n}\n","import { existsSync } from 'node:fs';\nimport { readFile } from 'node:fs/promises';\nimport {\n AzureDevOpsWebApiClient,\n DEVOPS_PR_PROPERTY_MICROSOFT_GIT_SOURCE_REF_NAME,\n type IPullRequestProperties,\n normalizeBranchName,\n parsePullRequestProperties,\n} from '@paklo/core/azure';\nimport {\n type DependabotCredential,\n DependabotJobBuilder,\n type DependabotJobConfig,\n type DependabotUpdate,\n mapPackageEcosystemToPackageManager,\n} from '@paklo/core/dependabot';\nimport {\n filterVulnerabilities,\n GitHubSecurityAdvisoryClient,\n getGhsaPackageEcosystemFromDependabotPackageManager,\n type Package,\n type SecurityVulnerability,\n SecurityVulnerabilitySchema,\n} from '@paklo/core/github';\nimport { logger } from '@/logger';\nimport { type RunJobOptions, runJob } from '../../run';\nimport { LocalJobsRunner, type LocalJobsRunnerOptions, type RunJobsResult } from '../runner';\nimport { AzureLocalDependabotServer, type AzureLocalDependabotServerOptions } from './server';\n\nexport type AzureLocalJobsRunnerOptions = LocalJobsRunnerOptions &\n Omit<\n AzureLocalDependabotServerOptions,\n 'authorClient' \| 'approverClient' \| 'existingBranchNames' \| 'existingPullRequests'\n > & {\n port?: number;\n securityAdvisoriesFile?: string;\n gitToken: string;\n githubToken?: string;\n autoApproveToken?: string;\n };\n\nexport class AzureLocalJobsRunner extends LocalJobsRunner {\n // biome-ignore-start lint/correctness/noUnusedPrivateClassMembers: variables are used\n private readonly options: AzureLocalJobsRunnerOptions;\n private readonly authorClient: AzureDevOpsWebApiClient;\n private readonly approverClient?: AzureDevOpsWebApiClient;\n // biome-ignore-end lint/correctness/noUnusedPrivateClassMembers: variables are used\n\n constructor(options: AzureLocalJobsRunnerOptions) {\n super({ ...options });\n this.options = options;\n const { url, gitToken, autoApprove, debug } = this.options;\n\n // Initialise the DevOps API clients (one for authoring the other for auto-approving (if configured))\n this.authorClient = new AzureDevOpsWebApiClient(url, gitToken, debug);\n this.approverClient = autoApprove\n ? new AzureDevOpsWebApiClient(url, options.autoApproveToken \|\| gitToken, debug)\n : undefined;\n }\n\n public override async run(): Promise<RunJobsResult> {\n await super.run(); // common logic\n\n const {\n options: { url, port, config, targetUpdateIds, command },\n authorClient,\n approverClient,\n } = this;\n\n // Print a warning about multi-ecosystem updates not being fully supported\n // TODO: Implement full support for multi-ecosystem updates (not sure this will be possible on the local model)\n if (config['multi-ecosystem-groups'] \|\| config.updates?.some((u) => u['multi-ecosystem-group'])) {\n logger.warn(\n 'Multi-ecosystem updates are not working yet. Only parsing and validation is supported at this time.',\n );\n }\n\n // Print a warning about missing schedules\n // TODO: remove this and enforce schedules on or after 2025-Nov-30\n if (config.updates?.some((u) => !u.schedule)) {\n logger.warn(\n `\n Some updates are missing a schedule configuration.\n This tool will require all updates to have a schedule on or after 2025-Nov-30.\n `,\n );\n }\n\n // Print a warning about the required workarounds for security-only updates, if any update is configured as such\n // TODO: If and when Dependabot supports a better way to do security-only updates, remove this.\n if (config.updates?.some((u) => u['open-pull-requests-limit'] === 0)) {\n logger.warn(\n 'Security-only updates incur a slight performance overhead due to limitations in Dependabot CLI. For more info, see: https://github.com/mburumaxwell/dependabot-azure-devops/blob/main/README.md#configuring-security-advisories-and-known-vulnerabilities',\n );\n }\n\n // Fetch the active pull requests created by the author user\n const existingBranchNames = await authorClient.getBranchNames(url.project, url.repository);\n const existingPullRequests = await authorClient.getActivePullRequestProperties(\n url.project,\n url.repository,\n await authorClient.getUserId(),\n );\n\n // Prepare local server\n const serverOptions: AzureLocalDependabotServerOptions = {\n authorClient,\n approverClient,\n existingBranchNames,\n existingPullRequests,\n ...this.options,\n };\n const server = new AzureLocalDependabotServer(serverOptions);\n server.start(port);\n // give the server a second to start\n await new Promise((resolve) => setTimeout(resolve, 1000));\n\n // The API urls is constant when working in this CLI. Asking people to setup NGROK or similar just to get\n // HTTPS for the job token to be used is too much hassle.\n // Using same value for dependabotApiUrl and dependabotApiDockerUrl so as to capture /record_metrics calls.\n const dependabotApiUrl = `http://host.docker.internal:${server.port}/api`;\n const dependabotApiDockerUrl = dependabotApiUrl;\n\n // If update identifiers are specified, select them; otherwise handle all\n let updates: DependabotUpdate[] = [];\n if (targetUpdateIds && targetUpdateIds.length > 0) {\n for (const id of targetUpdateIds) {\n const upd = config.updates[id];\n if (!upd) {\n logger.warn(\n `\n Unable to find target update id '${id}'.\n This value should be a zero based index of the update in your config file.\n Expected range: 0-${config.updates.length - 1}\n `,\n );\n } else {\n updates.push(upd);\n }\n }\n } else {\n updates = config.updates;\n }\n\n try {\n // Abandon all pull requests where the source branch has been deleted\n await this.abandonPullRequestsWhereSourceRefIsDeleted(existingBranchNames, existingPullRequests);\n\n // Perform updates for each of the [targeted] update blocks in dependabot.yaml\n return await this.performUpdates(\n server,\n updates,\n existingPullRequests,\n dependabotApiUrl,\n dependabotApiDockerUrl,\n command,\n );\n } finally {\n server.stop();\n }\n }\n\n /*\n Abandon all pull requests where the source branch has been deleted.\n * @param existingBranchNames The names of the existing branches.\n * @param existingPullRequests The existing pull requests.\n /\n private async abandonPullRequestsWhereSourceRefIsDeleted(\n existingBranchNames?: string[],\n existingPullRequests?: IPullRequestProperties[],\n ): Promise<void> {\n if (!existingBranchNames \|\| !existingPullRequests) return;\n\n const {\n options: { url, dryRun },\n authorClient,\n } = this;\n for (const pullRequestIndex in existingPullRequests) {\n const pullRequest = existingPullRequests[pullRequestIndex]!;\n const pullRequestSourceRefName = normalizeBranchName(\n pullRequest.properties?.find((x) => x.name === DEVOPS_PR_PROPERTY_MICROSOFT_GIT_SOURCE_REF_NAME)?.value,\n );\n if (pullRequestSourceRefName && !existingBranchNames.includes(pullRequestSourceRefName)) {\n // The source branch for the pull request has been deleted; abandon the pull request (if not dry run)\n if (!dryRun) {\n logger.warn(\n `Detected source branch for PR #${pullRequest.id} has been deleted; The pull request will be abandoned`,\n );\n await authorClient.abandonPullRequest({\n project: url.project,\n repository: url.repository,\n pullRequestId: pullRequest.id,\n // comment:\n // 'OK, I won't notify you again about this release, but will get in touch when a new version is available. ' +\n // 'If you'd rather skip all updates until the next major or minor version, add an ' +\n // '[`ignore` condition](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#ignore--) ' +\n // 'with the desired `update-types` to your config file.',\n comment:\n 'It might be a good idea to add an ' +\n '[`ignore` condition](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#ignore--) ' +\n 'with the desired `update-types` to your config file.',\n });\n }\n // Remove the pull request from the list of existing pull requests to ensures that we don't attempt to update it later in the process.\n existingPullRequests.splice(existingPullRequests.indexOf(pullRequest), 1);\n }\n }\n }\n\n /\n Performs the updates.\n * @param server The local Dependabot server.\n * @param updates The updates to perform.\n * @param existingPullRequests The existing pull requests.\n */\n private async performUpdates(\n server: AzureLocalDependabotServer,\n updates: DependabotUpdate[],\n existingPullRequests: IPullRequestProperties[],\n dependabotApiUrl: string,\n dependabotApiDockerUrl?: string,\n command?: DependabotJobConfig['command'],\n ): Promise<RunJobsResult> {\n const {\n options: { url, gitToken, githubToken, experiments, config, dryRun, securityAdvisoriesFile, secretMasker },\n } = this;\n\n const results: RunJobsResult = [];\n\n function makeUsageData(job: DependabotJobConfig): RunJobOptions['usage'] {\n return {\n trigger: 'user',\n provider: job.source.provider,\n owner: url.value.toString(),\n project: `${url.value.toString().replace(/\\/$/, '')}/${url.project}`,\n 'package-manager': job['package-manager'],\n };\n }\n\n for (const update of updates) {\n const packageEcosystem = update['package-ecosystem'];\n const packageManager = mapPackageEcosystemToPackageManager(packageEcosystem);\n\n // If there is an updater image, replace the placeholder in it\n let { updaterImage } = this.options;\n updaterImage = updaterImage?.replace(/\\{ecosystem\\}/i, packageEcosystem);\n\n // Parse the Dependabot metadata for the existing pull requests that are related to this update\n // Dependabot will use this to determine if we need to create new pull requests or update/close existing ones\n const existingPullRequestsForPackageManager = parsePullRequestProperties(existingPullRequests, packageManager);\n const existingPullRequestDependenciesForPackageManager = Object.values(existingPullRequestsForPackageManager);\n\n const builder = new DependabotJobBuilder({\n source: { provider: 'azure', ...url },\n config,\n update,\n systemAccessToken: gitToken,\n githubToken,\n experiments,\n debug: false,\n });\n\n let jobId: number \| undefined;\n let job: DependabotJobConfig \| undefined;\n let credentials: DependabotCredential[] \| undefined;\n let jobToken: string;\n let credentialsToken: string;\n\n // If this is a security-only update (i.e. 'open-pull-requests-limit: 0'), then we first need to discover the dependencies\n // that need updating and check each one for vulnerabilities. This is because Dependabot requires the list of vulnerable dependencies\n // to be supplied in the job definition of security-only update job, it will not automatically discover them like a versioned update does.\n // https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates#overriding-the-default-behavior-with-a-configuration-file\n let securityVulnerabilities: SecurityVulnerability[] = [];\n let dependencyNamesToUpdate: string[] = [];\n const securityUpdatesOnly = update['open-pull-requests-limit'] === 0;\n if (securityUpdatesOnly) {\n // Run an update job to discover all dependencies\n ({ jobId, job, credentials } = builder.forDependenciesList({ command }));\n ({ jobToken, credentialsToken } = this.makeTokens());\n server.add({ id: jobId, update, job, jobToken, credentialsToken, credentials });\n await runJob({\n dependabotApiUrl,\n dependabotApiDockerUrl,\n jobId,\n jobToken,\n credentialsToken,\n updaterImage,\n secretMasker,\n usage: makeUsageData(job),\n });\n\n const outputs = server.requests(jobId);\n const packagesToCheckForVulnerabilities: Package[] \| undefined = outputs!\n .find((o) => o.type === 'update_dependency_list')\n ?.data.dependencies?.map((d) => ({ name: d.name, version: d.version }));\n if (packagesToCheckForVulnerabilities?.length) {\n logger.info(\n `Detected ${packagesToCheckForVulnerabilities.length} dependencies; Checking for vulnerabilities...`,\n );\n\n // parse security advisories from file (private)\n if (securityAdvisoriesFile) {\n const filePath = securityAdvisoriesFile;\n if (existsSync(filePath)) {\n const fileContents = await readFile(filePath, 'utf-8');\n securityVulnerabilities = await SecurityVulnerabilitySchema.array().parseAsync(JSON.parse(fileContents));\n } else {\n logger.info(`Private security advisories file '${filePath}' does not exist`);\n }\n }\n if (githubToken) {\n const ghsaClient = new GitHubSecurityAdvisoryClient(githubToken);\n const githubVulnerabilities = await ghsaClient.getSecurityVulnerabilitiesAsync(\n getGhsaPackageEcosystemFromDependabotPackageManager(packageManager),\n packagesToCheckForVulnerabilities \|\| [],\n );\n securityVulnerabilities.push(...githubVulnerabilities);\n } else {\n logger.info(\n 'GitHub access token is not provided; Checking for vulnerabilities from GitHub is skipped. ' +\n 'This is not an issue if you are using private security advisories file.',\n );\n }\n\n securityVulnerabilities = filterVulnerabilities(securityVulnerabilities);\n\n // Only update dependencies that have vulnerabilities\n dependencyNamesToUpdate = Array.from(new Set(securityVulnerabilities.map((v) => v.package.name)));\n logger.info(\n `Detected ${securityVulnerabilities.length} vulnerabilities affecting ${dependencyNamesToUpdate.length} dependencies`,\n );\n if (dependencyNamesToUpdate.length) {\n logger.trace(dependencyNamesToUpdate);\n }\n } else {\n logger.info(`No vulnerabilities detected for update ${update['package-ecosystem']} in ${update.directory}`);\n server.clear(jobId);\n continue; // nothing more to do for this update\n }\n\n server.clear(jobId);\n }\n\n // Run an update job for \"all dependencies\"; this will create new pull requests for dependencies that need updating\n const openPullRequestsLimit = update['open-pull-requests-limit']!;\n const openPullRequestsCount = Object.entries(existingPullRequestsForPackageManager).length;\n const hasReachedOpenPullRequestLimit =\n openPullRequestsLimit > 0 && openPullRequestsCount >= openPullRequestsLimit;\n if (!hasReachedOpenPullRequestLimit) {\n const dependenciesHaveVulnerabilities = dependencyNamesToUpdate.length && securityVulnerabilities.length;\n if (!securityUpdatesOnly \|\| dependenciesHaveVulnerabilities) {\n ({ jobId, job, credentials } = builder.forUpdate({\n command,\n dependencyNamesToUpdate,\n existingPullRequests: existingPullRequestDependenciesForPackageManager,\n securityVulnerabilities,\n }));\n ({ jobToken, credentialsToken } = this.makeTokens());\n server.add({ id: jobId, update, job, jobToken, credentialsToken, credentials });\n const { success, message } = await runJob({\n dependabotApiUrl,\n dependabotApiDockerUrl,\n jobId,\n jobToken,\n credentialsToken,\n updaterImage,\n secretMasker,\n usage: makeUsageData(job),\n });\n const affectedPrs = server.allAffectedPrs(jobId);\n server.clear(jobId);\n results.push({ id: jobId, success, message, affectedPrs });\n } else {\n logger.info('Nothing to update; dependencies are not affected by any known vulnerability');\n }\n } else {\n logger.warn(\n `Skipping update for ${packageEcosystem} packages as the open pull requests limit (${openPullRequestsLimit}) has already been reached`,\n );\n }\n\n // If there are existing pull requests, run an update job for each one; this will resolve merge conflicts and close pull requests that are no longer needed\n const numberOfPullRequestsToUpdate = Object.keys(existingPullRequestsForPackageManager).length;\n if (numberOfPullRequestsToUpdate > 0) {\n if (!dryRun) {\n for (const pullRequestId in existingPullRequestsForPackageManager) {\n ({ jobId, job, credentials } = builder.forUpdate({\n command,\n existingPullRequests: existingPullRequestDependenciesForPackageManager,\n pullRequestToUpdate: existingPullRequestsForPackageManager[pullRequestId]!,\n securityVulnerabilities,\n }));\n ({ jobToken, credentialsToken } = this.makeTokens());\n server.add({ id: jobId, update, job, jobToken, credentialsToken, credentials });\n const { success, message } = await runJob({\n dependabotApiUrl,\n dependabotApiDockerUrl,\n jobId,\n jobToken,\n credentialsToken,\n updaterImage,\n secretMasker,\n usage: makeUsageData(job),\n });\n const affectedPrs = server.allAffectedPrs(jobId);\n server.clear(jobId);\n results.push({ id: jobId, success, message, affectedPrs });\n }\n } else {\n logger.warn(\n `Skipping update of ${numberOfPullRequestsToUpdate} existing ${packageEcosystem} package pull request(s) as 'dryRun' is set to 'true'`,\n );\n }\n }\n }\n\n return results;\n }\n}\n"],"mappings":";;;;;;;;;;AA2BA,IAAa,6BAAb,cAAgD,sBAAsB;CAEpE,AAAiB;CAEjB,YAAY,SAA4C;AACtD,QAAM,QAAQ;AACd,OAAK,UAAU;;CAGjB,MAAyB,OAAO,IAAY,SAA8C;AACxF,QAAM,MAAM,OAAO,IAAI,QAAQ;EAE/B,MAAM,EAAE,SAAS,2BAA2B;EAC5C,MAAM,EACJ,KACA,cACA,gBACA,qBACA,sBACA,aACA,eACA,iBACA,6BACA,QACA,OACA,WACE;EAEJ,MAAM,EAAE,MAAM,SAAS;EACvB,MAAM,MAAM,MAAM,KAAK,IAAI,GAAG;AAC9B,MAAI,CAAC,KAAK;AACR,UAAO,MAAM,wBAAwB,GAAG,qCAAqC,KAAK,GAAG;AACrF,UAAO;;EAET,MAAM,EAAE,mBAAmB,mBAAmB;AAC9C,SAAO,KAAK,eAAe,KAAK,gBAAgB,GAAG,GAAG;AACtD,MAAI,MACF,QAAO,MAAM,KAAK,UAAU,KAAK,CAAC;EAGpC,MAAM,SAAS,KAAK,OAAO,GAAG;EAC9B,MAAM,EAAE,SAAS,eAAe;AAEhC,UAAQ,MAAR;GAIE,KAAK,uBAAuB;IAC1B,MAAM,QAAQ,KAAK;AACnB,QAAI,QAAQ;AACV,YAAO,KAAK,sCAAsC,MAAM,gCAAgC;AACxF,YAAO;;IAIT,MAAM,wBAAwB,OAAO;IAIrC,MAAM,wCAAwC,2BAA2B,sBAAsB,eAAe;IAC9G,MAAM,4BAA4B,OAAO,QAAQ,sCAAsC,CAAC;IACxF,MAAM,wBAAwB,uBAAuB,IAAI,GAAG,CAAE,QAAQ,SAAS;AAI/E,QAFE,wBAAwB,KAAK,yBAAyB,uBAEpB;AAClC,YAAO,KACL,sCAAsC,MAAM,qCAAqC,sBAAsB,oBACxG;AACD,YAAO;;IAGT,MAAM,eAAe,wCAAwC,KAAK;IAClE,MAAM,eAAe,qDAAqD,KAAK;IAC/E,MAAM,eAAe,OAAO,oBAAqB,MAAM,aAAa,iBAAiB,SAAS,WAAW;IACzG,MAAM,eAAe,uBACnB,OAAO,sBACP,cACA,OAAO,aAAa,OAAO,aAAa,MAAM,QAAQ,aAAa,IAAI,MAAM,WAAW,IAAI,CAAC,EAC7F,CAAC,MAAM,QAAQ,aAAa,GAAG,aAAa,2BAA2B,QACvE,CAAC,MAAM,QAAQ,aAAa,GAAG,aAAa,eAAe,cAC3D,OAAO,6BAA6B,UACrC;AAID,SADuB,qBAAqB,MAAM,WAAW,iBAAiB,OAAO,IAAI,EAAE,EACxE,QAAQ;AACzB,YAAO,MACL,kCAAkC,MAAM,sBAAsB,aAAa,6DAC5E;AACD,YAAO;;IAET,MAAM,sBAAsB,qBAAqB,QAAQ,WAAW,aAAa,WAAW,OAAO,CAAC,IAAI,EAAE;AAC1G,QAAI,oBAAoB,QAAQ;AAC9B,YAAO,MACL,kCAAkC,MAAM,sBAAsB,aAAa,6CAA6C,oBAAoB,KAAK,KAAK,CAAC,qDACxJ;AACD,YAAO;;IAIT,MAAM,mBAAmB,MAAM,aAAa,kBAAkB;KACnD;KACG;KACZ,QAAQ;MACN,QAAQ,KAAK,sBAAsB,IAAI,OAAO;MAC9C,QAAQ;MACT;KACD,QAAQ,EACN,QAAQ,cACT;KACD;KACA;KACA,aAAa,0BAA0B,gBAAgB,KAAK,YAAY,KAAK,aAAa;KAC1F,eAAe,KAAK;KACpB,cAAc,kBACV;MACE,uBAAuB;MACvB,sBAAsB;AACpB,eAAQ,eAAR;QACE,KAAK,gBACH,QAAO,4BAA4B;QACrC,KAAK,SACH,QAAO,4BAA4B;QACrC,KAAK,SACH,QAAO,4BAA4B;QACrC,KAAK,cACH,QAAO,4BAA4B;QACrC,QACE,QAAO,4BAA4B;;UAErC;MACL,GACD;KACJ,WAAW,OAAO;KAClB,QAAQ,OAAO,QAAQ,KAAK,UAAU,OAAO,MAAM,CAAC,IAAI,EAAE;KAC1D,WAAW,OAAO,YAAY,CAAC,OAAO,UAAU,GAAG,EAAE;KACrD,SAAS;KACT,YAAY,2BAA2B,gBAAgB,aAAa;KACrE,CAAC;AAGF,QAAI,eAAe,kBAAkB,iBACnC,OAAM,eAAe,mBAAmB;KAC7B;KACG;KACZ,eAAe;KAChB,CAAC;AAIJ,QAAI,oBAAoB,mBAAmB,GAAG;AAC5C,4BAAuB,IAAI,GAAG,CAAE,QAAQ,KAAK,iBAAiB;AAC9D,YAAO;UAEP,QAAO;;GAIX,KAAK,uBAAuB;AAC1B,QAAI,QAAQ;AACV,YAAO,KAAK,4DAA4D;AACxE,YAAO;;IAIT,MAAM,sBAAsB,iCAC1B,sBACA,gBACA,KAAK,oBACN;AACD,QAAI,CAAC,qBAAqB;AACxB,YAAO,MACL,8DAA8D,eAAe,uBAAuB,KAAK,oBAAoB,KAAK,KAAK,CAAC,GACzI;AACD,YAAO;;IAIT,MAAM,wBAAwB,MAAM,aAAa,kBAAkB;KACxD;KACG;KACZ,eAAe,oBAAoB;KACnC,QAAQ,KAAK,sBAAsB,IAAI,OAAO;KAC9C;KACA,SAAS,wCAAwC,KAAK;KACtD,aAAa;KACb,mCAAmC,OAAO;KAC1C,6BAA6B;KAC9B,CAAC;AAGF,QAAI,eAAe,kBAAkB,sBACnC,OAAM,eAAe,mBAAmB;KAC7B;KACG;KACZ,eAAe,oBAAoB;KACpC,CAAC;AAGJ,QAAI,uBAAuB;AACzB,4BAAuB,IAAI,GAAG,CAAE,QAAQ,KAAK,oBAAoB,GAAG;AACpE,YAAO;;AAET,WAAO;;GAGT,KAAK,sBAAsB;AACzB,QAAI,QAAQ;AACV,YAAO,KAAK,6DAA6D;AACzE,YAAO;;IAIT,MAAM,qBAAqB,iCACzB,sBACA,gBACA,KAAK,oBACN;AACD,QAAI,CAAC,oBAAoB;AACvB,YAAO,MACL,6DAA6D,eAAe,uBAAuB,KAAK,oBAAoB,KAAK,KAAK,CAAC,GACxI;AACD,YAAO;;AAcT,QAPgB,MAAM,aAAa,mBAAmB;KAC3C;KACG;KACZ,eAAe,mBAAmB;KAClC,SAAS,uCAAuC,KAAK;KACrD,oBAAoB;KACrB,CAAC,EACW;AACX,4BAAuB,IAAI,GAAG,CAAE,OAAO,KAAK,mBAAmB,GAAG;AAClE,YAAO;;AAET,WAAO;;GAIT,KAAK;GACL,KAAK;GACL,KAAK;GACL,KAAK;GACL,KAAK;GACL,KAAK,iBACH,QAAO;GAET,KAAK;AACH,WAAO,MAAM,qBAAqB,KAAK,cAAc,GAAG,KAAK,UAAU,KAAK,iBAAiB,GAAG;AAChG,WAAO;GAET,KAAK;AACH,WAAO,MAAM,6BAA6B,KAAK,cAAc,IAAI,KAAK,UAAU,KAAK,iBAAiB,GAAG;AACzG,WAAO;GAET;AACE,WAAO,KAAK,mCAAmC,KAAK,gBAAgB;AACpE,WAAO;;;;;;;ACzPf,IAAa,uBAAb,cAA0C,gBAAgB;CAExD,AAAiB;CACjB,AAAiB;CACjB,AAAiB;CAGjB,YAAY,SAAsC;AAChD,QAAM,EAAE,GAAG,SAAS,CAAC;AACrB,OAAK,UAAU;EACf,MAAM,EAAE,KAAK,UAAU,aAAa,UAAU,KAAK;AAGnD,OAAK,eAAe,IAAI,wBAAwB,KAAK,UAAU,MAAM;AACrE,OAAK,iBAAiB,cAClB,IAAI,wBAAwB,KAAK,QAAQ,oBAAoB,UAAU,MAAM,GAC7E;;CAGN,MAAsB,MAA8B;AAClD,QAAM,MAAM,KAAK;EAEjB,MAAM,EACJ,SAAS,EAAE,KAAK,MAAM,QAAQ,iBAAiB,WAC/C,cACA,mBACE;AAIJ,MAAI,OAAO,6BAA6B,OAAO,SAAS,MAAM,MAAM,EAAE,yBAAyB,CAC7F,QAAO,KACL,sGACD;AAKH,MAAI,OAAO,SAAS,MAAM,MAAM,CAAC,EAAE,SAAS,CAC1C,QAAO,KACL;;;UAID;AAKH,MAAI,OAAO,SAAS,MAAM,MAAM,EAAE,gCAAgC,EAAE,CAClE,QAAO,KACL,4PACD;EAIH,MAAM,sBAAsB,MAAM,aAAa,eAAe,IAAI,SAAS,IAAI,WAAW;EAC1F,MAAM,uBAAuB,MAAM,aAAa,+BAC9C,IAAI,SACJ,IAAI,YACJ,MAAM,aAAa,WAAW,CAC/B;EAUD,MAAM,SAAS,IAAI,2BAPsC;GACvD;GACA;GACA;GACA;GACA,GAAG,KAAK;GACT,CAC2D;AAC5D,SAAO,MAAM,KAAK;AAElB,QAAM,IAAI,SAAS,YAAY,WAAW,SAAS,IAAK,CAAC;EAKzD,MAAM,mBAAmB,+BAA+B,OAAO,KAAK;EACpE,MAAM,yBAAyB;EAG/B,IAAIA,UAA8B,EAAE;AACpC,MAAI,mBAAmB,gBAAgB,SAAS,EAC9C,MAAK,MAAM,MAAM,iBAAiB;GAChC,MAAM,MAAM,OAAO,QAAQ;AAC3B,OAAI,CAAC,IACH,QAAO,KACL;+CACmC,GAAG;;gCAElB,OAAO,QAAQ,SAAS,EAAE;cAE/C;OAED,SAAQ,KAAK,IAAI;;MAIrB,WAAU,OAAO;AAGnB,MAAI;AAEF,SAAM,KAAK,2CAA2C,qBAAqB,qBAAqB;AAGhG,UAAO,MAAM,KAAK,eAChB,QACA,SACA,sBACA,kBACA,wBACA,QACD;YACO;AACR,UAAO,MAAM;;;;;;;;CASjB,MAAc,2CACZ,qBACA,sBACe;AACf,MAAI,CAAC,uBAAuB,CAAC,qBAAsB;EAEnD,MAAM,EACJ,SAAS,EAAE,KAAK,UAChB,iBACE;AACJ,OAAK,MAAM,oBAAoB,sBAAsB;GACnD,MAAM,cAAc,qBAAqB;GACzC,MAAM,2BAA2B,oBAC/B,YAAY,YAAY,MAAM,MAAM,EAAE,SAAS,iDAAiD,EAAE,MACnG;AACD,OAAI,4BAA4B,CAAC,oBAAoB,SAAS,yBAAyB,EAAE;AAEvF,QAAI,CAAC,QAAQ;AACX,YAAO,KACL,kCAAkC,YAAY,GAAG,uDAClD;AACD,WAAM,aAAa,mBAAmB;MACpC,SAAS,IAAI;MACb,YAAY,IAAI;MAChB,eAAe,YAAY;MAM3B,SACE;MAGH,CAAC;;AAGJ,yBAAqB,OAAO,qBAAqB,QAAQ,YAAY,EAAE,EAAE;;;;;;;;;;CAW/E,MAAc,eACZ,QACA,SACA,sBACA,kBACA,wBACA,SACwB;EACxB,MAAM,EACJ,SAAS,EAAE,KAAK,UAAU,aAAa,aAAa,QAAQ,QAAQ,wBAAwB,mBAC1F;EAEJ,MAAMC,UAAyB,EAAE;EAEjC,SAAS,cAAc,KAAkD;AACvE,UAAO;IACL,SAAS;IACT,UAAU,IAAI,OAAO;IACrB,OAAO,IAAI,MAAM,UAAU;IAC3B,SAAS,GAAG,IAAI,MAAM,UAAU,CAAC,QAAQ,OAAO,GAAG,CAAC,GAAG,IAAI;IAC3D,mBAAmB,IAAI;IACxB;;AAGH,OAAK,MAAM,UAAU,SAAS;GAC5B,MAAM,mBAAmB,OAAO;GAChC,MAAM,iBAAiB,oCAAoC,iBAAiB;GAG5E,IAAI,EAAE,iBAAiB,KAAK;AAC5B,kBAAe,cAAc,QAAQ,kBAAkB,iBAAiB;GAIxE,MAAM,wCAAwC,2BAA2B,sBAAsB,eAAe;GAC9G,MAAM,mDAAmD,OAAO,OAAO,sCAAsC;GAE7G,MAAM,UAAU,IAAI,qBAAqB;IACvC,QAAQ;KAAE,UAAU;KAAS,GAAG;KAAK;IACrC;IACA;IACA,mBAAmB;IACnB;IACA;IACA,OAAO;IACR,CAAC;GAEF,IAAIC;GACJ,IAAIC;GACJ,IAAIC;GACJ,IAAIC;GACJ,IAAIC;GAMJ,IAAIC,0BAAmD,EAAE;GACzD,IAAIC,0BAAoC,EAAE;GAC1C,MAAM,sBAAsB,OAAO,gCAAgC;AACnE,OAAI,qBAAqB;AAEvB,KAAC,CAAE,OAAO,KAAK,eAAgB,QAAQ,oBAAoB,EAAE,SAAS,CAAC;AACvE,KAAC,CAAE,UAAU,oBAAqB,KAAK,YAAY;AACnD,WAAO,IAAI;KAAE,IAAI;KAAO;KAAQ;KAAK;KAAU;KAAkB;KAAa,CAAC;AAC/E,UAAM,OAAO;KACX;KACA;KACA;KACA;KACA;KACA;KACA;KACA,OAAO,cAAc,IAAI;KAC1B,CAAC;IAGF,MAAMC,oCADU,OAAO,SAAS,MAAM,CAEnC,MAAM,MAAM,EAAE,SAAS,yBAAyB,EAC/C,KAAK,cAAc,KAAK,OAAO;KAAE,MAAM,EAAE;KAAM,SAAS,EAAE;KAAS,EAAE;AACzE,QAAI,mCAAmC,QAAQ;AAC7C,YAAO,KACL,YAAY,kCAAkC,OAAO,gDACtD;AAGD,SAAI,wBAAwB;MAC1B,MAAM,WAAW;AACjB,UAAI,WAAW,SAAS,EAAE;OACxB,MAAM,eAAe,MAAM,SAAS,UAAU,QAAQ;AACtD,iCAA0B,MAAM,4BAA4B,OAAO,CAAC,WAAW,KAAK,MAAM,aAAa,CAAC;YAExG,QAAO,KAAK,qCAAqC,SAAS,kBAAkB;;AAGhF,SAAI,aAAa;MAEf,MAAM,wBAAwB,MADX,IAAI,6BAA6B,YAAY,CACjB,gCAC7C,oDAAoD,eAAe,EACnE,qCAAqC,EAAE,CACxC;AACD,8BAAwB,KAAK,GAAG,sBAAsB;WAEtD,QAAO,KACL,oKAED;AAGH,+BAA0B,sBAAsB,wBAAwB;AAGxE,+BAA0B,MAAM,KAAK,IAAI,IAAI,wBAAwB,KAAK,MAAM,EAAE,QAAQ,KAAK,CAAC,CAAC;AACjG,YAAO,KACL,YAAY,wBAAwB,OAAO,6BAA6B,wBAAwB,OAAO,eACxG;AACD,SAAI,wBAAwB,OAC1B,QAAO,MAAM,wBAAwB;WAElC;AACL,YAAO,KAAK,0CAA0C,OAAO,qBAAqB,MAAM,OAAO,YAAY;AAC3G,YAAO,MAAM,MAAM;AACnB;;AAGF,WAAO,MAAM,MAAM;;GAIrB,MAAM,wBAAwB,OAAO;GACrC,MAAM,wBAAwB,OAAO,QAAQ,sCAAsC,CAAC;AAGpF,OAAI,EADF,wBAAwB,KAAK,yBAAyB,wBACnB;IACnC,MAAM,kCAAkC,wBAAwB,UAAU,wBAAwB;AAClG,QAAI,CAAC,uBAAuB,iCAAiC;AAC3D,MAAC,CAAE,OAAO,KAAK,eAAgB,QAAQ,UAAU;MAC/C;MACA;MACA,sBAAsB;MACtB;MACD,CAAC;AACF,MAAC,CAAE,UAAU,oBAAqB,KAAK,YAAY;AACnD,YAAO,IAAI;MAAE,IAAI;MAAO;MAAQ;MAAK;MAAU;MAAkB;MAAa,CAAC;KAC/E,MAAM,EAAE,SAAS,YAAY,MAAM,OAAO;MACxC;MACA;MACA;MACA;MACA;MACA;MACA;MACA,OAAO,cAAc,IAAI;MAC1B,CAAC;KACF,MAAM,cAAc,OAAO,eAAe,MAAM;AAChD,YAAO,MAAM,MAAM;AACnB,aAAQ,KAAK;MAAE,IAAI;MAAO;MAAS;MAAS;MAAa,CAAC;UAE1D,QAAO,KAAK,8EAA8E;SAG5F,QAAO,KACL,uBAAuB,iBAAiB,6CAA6C,sBAAsB,4BAC5G;GAIH,MAAM,+BAA+B,OAAO,KAAK,sCAAsC,CAAC;AACxF,OAAI,+BAA+B,EACjC,KAAI,CAAC,OACH,MAAK,MAAM,iBAAiB,uCAAuC;AACjE,KAAC,CAAE,OAAO,KAAK,eAAgB,QAAQ,UAAU;KAC/C;KACA,sBAAsB;KACtB,qBAAqB,sCAAsC;KAC3D;KACD,CAAC;AACF,KAAC,CAAE,UAAU,oBAAqB,KAAK,YAAY;AACnD,WAAO,IAAI;KAAE,IAAI;KAAO;KAAQ;KAAK;KAAU;KAAkB;KAAa,CAAC;IAC/E,MAAM,EAAE,SAAS,YAAY,MAAM,OAAO;KACxC;KACA;KACA;KACA;KACA;KACA;KACA;KACA,OAAO,cAAc,IAAI;KAC1B,CAAC;IACF,MAAM,cAAc,OAAO,eAAe,MAAM;AAChD,WAAO,MAAM,MAAM;AACnB,YAAQ,KAAK;KAAE,IAAI;KAAO;KAAS;KAAS;KAAa,CAAC;;OAG5D,QAAO,KACL,sBAAsB,6BAA6B,YAAY,iBAAiB,uDACjF;;AAKP,SAAO"}
1	+ {"version":3,"file":"index.mjs","names":["updates: DependabotUpdate[]","results: RunJobsResult","job: DependabotJobConfig \| undefined","credentials: DependabotCredential[] \| undefined","jobToken: string","credentialsToken: string","securityVulnerabilities: SecurityVulnerability[]","dependencyNamesToUpdate: string[]","packagesToCheckForVulnerabilities: Package[] \| undefined"],"sources":["../../../src/local/azure/server.ts","../../../src/local/azure/runner.ts"],"sourcesContent":["import type { AzureDevOpsRepositoryUrl, AzureDevOpsWebApiClient, IPullRequestProperties } from '@paklo/core/azure';\nimport {\n buildPullRequestProperties,\n GitPullRequestMergeStrategy,\n getPullRequestChangedFilesForOutputData,\n getPullRequestCloseReasonForOutputData,\n getPullRequestDependenciesPropertyValueForOutputData,\n getPullRequestDescription,\n getPullRequestForDependencyNames,\n parsePullRequestProperties,\n} from '@paklo/core/azure';\nimport { type DependabotRequest, getBranchNameForUpdate } from '@paklo/core/dependabot';\nimport { logger } from '@paklo/core/logger';\nimport { LocalDependabotServer, type LocalDependabotServerOptions } from '../server';\n\nexport type AzureLocalDependabotServerOptions = LocalDependabotServerOptions & {\n url: AzureDevOpsRepositoryUrl;\n authorClient: AzureDevOpsWebApiClient;\n autoApprove: boolean;\n approverClient?: AzureDevOpsWebApiClient;\n setAutoComplete: boolean;\n mergeStrategy?: string;\n autoCompleteIgnoreConfigIds: number[];\n existingBranchNames: string[] \| undefined;\n existingPullRequests: IPullRequestProperties[];\n};\n\nexport class AzureLocalDependabotServer extends LocalDependabotServer {\n // biome-ignore lint/correctness/noUnusedPrivateClassMembers: options is used\n private readonly options: AzureLocalDependabotServerOptions;\n\n constructor(options: AzureLocalDependabotServerOptions) {\n super(options);\n this.options = options;\n }\n\n protected override async handle(id: string, request: DependabotRequest): Promise<boolean> {\n await super.handle(id, request); // common logic\n\n const { options, affectedPullRequestIds } = this;\n const {\n url,\n authorClient,\n approverClient,\n existingBranchNames,\n existingPullRequests,\n autoApprove,\n mergeStrategy,\n setAutoComplete,\n autoCompleteIgnoreConfigIds,\n author,\n debug,\n dryRun,\n } = options;\n\n const { type, data } = request;\n const job = await this.job(id);\n if (!job) {\n logger.error(`No job found for ID '${id}', cannot process request of type '${type}'`);\n return false;\n }\n const { 'package-manager': packageManager } = job;\n logger.info(`Processing '${type}' for job ID '${id}'`);\n if (debug) {\n logger.debug(JSON.stringify(data));\n }\n\n const update = this.update(id)!; // exists because job exists\n const { project, repository } = url;\n\n switch (type) {\n // Documentation on the 'data' model for each output type can be found here:\n // See: https://github.com/dependabot/cli/blob/main/internal/model/update.go\n\n case 'create_pull_request': {\n const title = data['pr-title'];\n if (dryRun) {\n logger.warn(`Skipping pull request creation of '${title}' as 'dryRun' is set to 'true'`);\n return true;\n }\n\n // Skip if active pull request limit reached.\n const openPullRequestsLimit = update['open-pull-requests-limit']!;\n\n // Parse the Dependabot metadata for the existing pull requests that are related to this update\n // Dependabot will use this to determine if we need to create new pull requests or update/close existing ones\n const existingPullRequestsForPackageManager = parsePullRequestProperties(existingPullRequests, packageManager);\n const existingPullRequestsCount = Object.entries(existingPullRequestsForPackageManager).length;\n const openPullRequestsCount = affectedPullRequestIds.get(id)!.created.length + existingPullRequestsCount;\n const hasReachedOpenPullRequestLimit =\n openPullRequestsLimit > 0 && openPullRequestsCount >= openPullRequestsLimit;\n\n if (hasReachedOpenPullRequestLimit) {\n logger.warn(\n `Skipping pull request creation of '${title}' as the open pull requests limit (${openPullRequestsLimit}) has been reached`,\n );\n return true;\n }\n\n const changedFiles = getPullRequestChangedFilesForOutputData(data);\n const dependencies = getPullRequestDependenciesPropertyValueForOutputData(data);\n const targetBranch = update['target-branch'] \|\| (await authorClient.getDefaultBranch(project, repository));\n const sourceBranch = getBranchNameForUpdate(\n update['package-ecosystem'],\n targetBranch,\n update.directory \|\| update.directories?.find((dir) => changedFiles[0]?.path?.startsWith(dir)),\n !Array.isArray(dependencies) ? dependencies['dependency-group-name'] : undefined,\n !Array.isArray(dependencies) ? dependencies.dependencies : dependencies,\n update['pull-request-branch-name']?.separator,\n );\n\n // Check if the source branch already exists or conflicts with an existing branch\n const existingBranch = existingBranchNames?.find((branch) => sourceBranch === branch) \|\| [];\n if (existingBranch.length) {\n logger.error(\n `Unable to create pull request '${title}' as source branch '${sourceBranch}' already exists; Delete the existing branch and try again.`,\n );\n return false;\n }\n const conflictingBranches = existingBranchNames?.filter((branch) => sourceBranch.startsWith(branch)) \|\| [];\n if (conflictingBranches.length) {\n logger.error(\n `Unable to create pull request '${title}' as source branch '${sourceBranch}' would conflict with existing branch(es) '${conflictingBranches.join(', ')}'; Delete the conflicting branch(es) and try again.`,\n );\n return false;\n }\n\n // Create a new pull request\n const newPullRequestId = await authorClient.createPullRequest({\n project: project,\n repository: repository,\n source: {\n commit: data['base-commit-sha'] \|\| job.source.commit!,\n branch: sourceBranch,\n },\n target: {\n branch: targetBranch!,\n },\n author,\n title,\n description: getPullRequestDescription(packageManager, data['pr-body'], data.dependencies),\n commitMessage: data['commit-message'],\n autoComplete: setAutoComplete\n ? {\n ignorePolicyConfigIds: autoCompleteIgnoreConfigIds,\n mergeStrategy: (() => {\n switch (mergeStrategy) {\n case 'noFastForward':\n return GitPullRequestMergeStrategy.NoFastForward;\n case 'squash':\n return GitPullRequestMergeStrategy.Squash;\n case 'rebase':\n return GitPullRequestMergeStrategy.Rebase;\n case 'rebaseMerge':\n return GitPullRequestMergeStrategy.RebaseMerge;\n default:\n return GitPullRequestMergeStrategy.Squash;\n }\n })(),\n }\n : undefined,\n assignees: update.assignees,\n labels: update.labels?.map((label) => label?.trim()) \|\| [],\n workItems: update.milestone ? [update.milestone] : [],\n changes: changedFiles,\n properties: buildPullRequestProperties(packageManager, dependencies),\n });\n\n // Auto-approve the pull request, if required\n if (autoApprove && approverClient && newPullRequestId) {\n await approverClient.approvePullRequest({\n project: project,\n repository: repository,\n pullRequestId: newPullRequestId,\n });\n }\n\n // Store the new pull request ID, so we can keep track of the total number of open pull requests\n if (newPullRequestId && newPullRequestId > 0) {\n affectedPullRequestIds.get(id)!.created.push(newPullRequestId);\n return true;\n } else {\n return false;\n }\n }\n\n case 'update_pull_request': {\n if (dryRun) {\n logger.warn(`Skipping pull request update as 'dryRun' is set to 'true'`);\n return true;\n }\n\n // Find the pull request to update\n const pullRequestToUpdate = getPullRequestForDependencyNames(\n existingPullRequests,\n packageManager,\n data['dependency-names'],\n );\n if (!pullRequestToUpdate) {\n logger.error(\n `Could not find pull request to update for package manager '${packageManager}' with dependencies '${data['dependency-names'].join(', ')}'`,\n );\n return false;\n }\n\n // Update the pull request\n const pullRequestWasUpdated = await authorClient.updatePullRequest({\n project: project,\n repository: repository,\n pullRequestId: pullRequestToUpdate.id,\n commit: data['base-commit-sha'] \|\| job.source.commit!,\n author,\n changes: getPullRequestChangedFilesForOutputData(data),\n skipIfDraft: true,\n skipIfCommitsFromAuthorsOtherThan: author.email,\n skipIfNotBehindTargetBranch: true,\n });\n\n // Re-approve the pull request, if required\n if (autoApprove && approverClient && pullRequestWasUpdated) {\n await approverClient.approvePullRequest({\n project: project,\n repository: repository,\n pullRequestId: pullRequestToUpdate.id,\n });\n }\n\n if (pullRequestWasUpdated) {\n affectedPullRequestIds.get(id)!.updated.push(pullRequestToUpdate.id);\n return true;\n }\n return false;\n }\n\n case 'close_pull_request': {\n if (dryRun) {\n logger.warn(`Skipping pull request closure as 'dryRun' is set to 'true'`);\n return true;\n }\n\n // Find the pull request to close\n const pullRequestToClose = getPullRequestForDependencyNames(\n existingPullRequests,\n packageManager,\n data['dependency-names'],\n );\n if (!pullRequestToClose) {\n logger.error(\n `Could not find pull request to close for package manager '${packageManager}' with dependencies '${data['dependency-names'].join(', ')}'`,\n );\n return false;\n }\n\n // TODO: GitHub Dependabot will close with reason \"Superseded by ${new_pull_request_id}\" when another PR supersedes it.\n // How do we detect this? Do we need to?\n\n // Close the pull request\n const success = await authorClient.abandonPullRequest({\n project: project,\n repository: repository,\n pullRequestId: pullRequestToClose.id,\n comment: getPullRequestCloseReasonForOutputData(data),\n deleteSourceBranch: true,\n });\n if (success) {\n affectedPullRequestIds.get(id)!.closed.push(pullRequestToClose.id);\n return true;\n }\n return false;\n }\n\n // No action required\n case 'update_dependency_list':\n case 'mark_as_processed':\n case 'record_ecosystem_versions':\n case 'record_ecosystem_meta':\n case 'increment_metric':\n case 'record_metrics':\n return true;\n\n case 'record_update_job_error':\n logger.error(`Update job error: ${data['error-type']} ${JSON.stringify(data['error-details'])}`);\n return true;\n\n case 'record_update_job_unknown_error':\n logger.error(`Update job unknown error: ${data['error-type']}, ${JSON.stringify(data['error-details'])}`);\n return true;\n\n default:\n logger.warn(`Unknown dependabot output type '${type}', ignoring...`);\n return true;\n }\n }\n}\n","import { existsSync } from 'node:fs';\nimport { readFile } from 'node:fs/promises';\nimport {\n AzureDevOpsWebApiClient,\n DEVOPS_PR_PROPERTY_MICROSOFT_GIT_SOURCE_REF_NAME,\n type IPullRequestProperties,\n normalizeBranchName,\n parsePullRequestProperties,\n} from '@paklo/core/azure';\nimport {\n type DependabotCredential,\n DependabotJobBuilder,\n type DependabotJobConfig,\n type DependabotUpdate,\n mapPackageEcosystemToPackageManager,\n} from '@paklo/core/dependabot';\nimport {\n filterVulnerabilities,\n GitHubSecurityAdvisoryClient,\n getGhsaPackageEcosystemFromDependabotPackageManager,\n type Package,\n type SecurityVulnerability,\n SecurityVulnerabilitySchema,\n} from '@paklo/core/github';\nimport { logger } from '@paklo/core/logger';\nimport { type RunJobOptions, runJob } from '../../run';\nimport { LocalJobsRunner, type LocalJobsRunnerOptions, type RunJobsResult } from '../runner';\nimport { AzureLocalDependabotServer, type AzureLocalDependabotServerOptions } from './server';\n\nexport type AzureLocalJobsRunnerOptions = LocalJobsRunnerOptions &\n Omit<\n AzureLocalDependabotServerOptions,\n 'authorClient' \| 'approverClient' \| 'existingBranchNames' \| 'existingPullRequests'\n > & {\n port?: number;\n securityAdvisoriesFile?: string;\n gitToken: string;\n githubToken?: string;\n autoApproveToken?: string;\n };\n\nexport class AzureLocalJobsRunner extends LocalJobsRunner {\n // biome-ignore-start lint/correctness/noUnusedPrivateClassMembers: variables are used\n private readonly options: AzureLocalJobsRunnerOptions;\n private readonly authorClient: AzureDevOpsWebApiClient;\n private readonly approverClient?: AzureDevOpsWebApiClient;\n // biome-ignore-end lint/correctness/noUnusedPrivateClassMembers: variables are used\n\n constructor(options: AzureLocalJobsRunnerOptions) {\n super({ ...options });\n this.options = options;\n const { url, gitToken, autoApprove, debug } = this.options;\n\n // Initialise the DevOps API clients (one for authoring the other for auto-approving (if configured))\n this.authorClient = new AzureDevOpsWebApiClient(url, gitToken, debug);\n this.approverClient = autoApprove\n ? new AzureDevOpsWebApiClient(url, options.autoApproveToken \|\| gitToken, debug)\n : undefined;\n }\n\n public override async run(): Promise<RunJobsResult> {\n await super.run(); // common logic\n\n const {\n options: { url, port, config, targetUpdateIds, command },\n authorClient,\n approverClient,\n } = this;\n\n // Print a warning about multi-ecosystem updates not being fully supported\n // TODO: Implement full support for multi-ecosystem updates (not sure this will be possible on the local model)\n if (config['multi-ecosystem-groups'] \|\| config.updates?.some((u) => u['multi-ecosystem-group'])) {\n logger.warn(\n 'Multi-ecosystem updates are not working yet. Only parsing and validation is supported at this time.',\n );\n }\n\n // Print a warning about missing schedules\n // TODO: remove this and enforce schedules on or after 2025-Nov-30\n if (config.updates?.some((u) => !u.schedule)) {\n logger.warn(\n `\n Some updates are missing a schedule configuration.\n This tool will require all updates to have a schedule on or after 2025-Nov-30.\n `,\n );\n }\n\n // Print a warning about the required workarounds for security-only updates, if any update is configured as such\n // TODO: If and when Dependabot supports a better way to do security-only updates, remove this.\n if (config.updates?.some((u) => u['open-pull-requests-limit'] === 0)) {\n logger.warn(\n 'Security-only updates incur a slight performance overhead due to limitations in Dependabot CLI. For more info, see: https://github.com/mburumaxwell/dependabot-azure-devops/blob/main/README.md#configuring-security-advisories-and-known-vulnerabilities',\n );\n }\n\n // Fetch the active pull requests created by the author user\n const existingBranchNames = await authorClient.getBranchNames(url.project, url.repository);\n const existingPullRequests = await authorClient.getActivePullRequestProperties(\n url.project,\n url.repository,\n await authorClient.getUserId(),\n );\n\n // Prepare local server\n const serverOptions: AzureLocalDependabotServerOptions = {\n authorClient,\n approverClient,\n existingBranchNames,\n existingPullRequests,\n ...this.options,\n };\n const server = new AzureLocalDependabotServer(serverOptions);\n server.start(port);\n // give the server a second to start\n await new Promise((resolve) => setTimeout(resolve, 1000));\n\n // The API urls is constant when working in this CLI. Asking people to setup NGROK or similar just to get\n // HTTPS for the job token to be used is too much hassle.\n // Using same value for dependabotApiUrl and dependabotApiDockerUrl so as to capture /record_metrics calls.\n const dependabotApiUrl = `http://host.docker.internal:${server.port}/api`;\n const dependabotApiDockerUrl = dependabotApiUrl;\n\n // If update identifiers are specified, select them; otherwise handle all\n let updates: DependabotUpdate[] = [];\n if (targetUpdateIds && targetUpdateIds.length > 0) {\n for (const id of targetUpdateIds) {\n const upd = config.updates[id];\n if (!upd) {\n logger.warn(\n `\n Unable to find target update id '${id}'.\n This value should be a zero based index of the update in your config file.\n Expected range: 0-${config.updates.length - 1}\n `,\n );\n } else {\n updates.push(upd);\n }\n }\n } else {\n updates = config.updates;\n }\n\n try {\n // Abandon all pull requests where the source branch has been deleted\n await this.abandonPullRequestsWhereSourceRefIsDeleted(existingBranchNames, existingPullRequests);\n\n // Perform updates for each of the [targeted] update blocks in dependabot.yaml\n return await this.performUpdates(\n server,\n updates,\n existingPullRequests,\n dependabotApiUrl,\n dependabotApiDockerUrl,\n command,\n );\n } finally {\n server.stop();\n }\n }\n\n /*\n Abandon all pull requests where the source branch has been deleted.\n * @param existingBranchNames The names of the existing branches.\n * @param existingPullRequests The existing pull requests.\n /\n private async abandonPullRequestsWhereSourceRefIsDeleted(\n existingBranchNames?: string[],\n existingPullRequests?: IPullRequestProperties[],\n ): Promise<void> {\n if (!existingBranchNames \|\| !existingPullRequests) return;\n\n const {\n options: { url, dryRun },\n authorClient,\n } = this;\n for (const pullRequestIndex in existingPullRequests) {\n const pullRequest = existingPullRequests[pullRequestIndex]!;\n const pullRequestSourceRefName = normalizeBranchName(\n pullRequest.properties?.find((x) => x.name === DEVOPS_PR_PROPERTY_MICROSOFT_GIT_SOURCE_REF_NAME)?.value,\n );\n if (pullRequestSourceRefName && !existingBranchNames.includes(pullRequestSourceRefName)) {\n // The source branch for the pull request has been deleted; abandon the pull request (if not dry run)\n if (!dryRun) {\n logger.warn(\n `Detected source branch for PR #${pullRequest.id} has been deleted; The pull request will be abandoned`,\n );\n await authorClient.abandonPullRequest({\n project: url.project,\n repository: url.repository,\n pullRequestId: pullRequest.id,\n // comment:\n // 'OK, I won't notify you again about this release, but will get in touch when a new version is available. ' +\n // 'If you'd rather skip all updates until the next major or minor version, add an ' +\n // '[`ignore` condition](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#ignore--) ' +\n // 'with the desired `update-types` to your config file.',\n comment:\n 'It might be a good idea to add an ' +\n '[`ignore` condition](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#ignore--) ' +\n 'with the desired `update-types` to your config file.',\n });\n }\n // Remove the pull request from the list of existing pull requests to ensures that we don't attempt to update it later in the process.\n existingPullRequests.splice(existingPullRequests.indexOf(pullRequest), 1);\n }\n }\n }\n\n /\n Performs the updates.\n * @param server The local Dependabot server.\n * @param updates The updates to perform.\n * @param existingPullRequests The existing pull requests.\n */\n private async performUpdates(\n server: AzureLocalDependabotServer,\n updates: DependabotUpdate[],\n existingPullRequests: IPullRequestProperties[],\n dependabotApiUrl: string,\n dependabotApiDockerUrl?: string,\n command?: DependabotJobConfig['command'],\n ): Promise<RunJobsResult> {\n const {\n options: { url, gitToken, githubToken, experiments, config, dryRun, securityAdvisoriesFile, secretMasker },\n } = this;\n\n const results: RunJobsResult = [];\n\n function makeUsageData(job: DependabotJobConfig): RunJobOptions['usage'] {\n return {\n trigger: 'user',\n provider: job.source.provider,\n owner: url.value.toString(),\n project: `${url.value.toString().replace(/\\/$/, '')}/${url.project}`,\n 'package-manager': job['package-manager'],\n };\n }\n\n for (const update of updates) {\n const packageEcosystem = update['package-ecosystem'];\n const packageManager = mapPackageEcosystemToPackageManager(packageEcosystem);\n\n // If there is an updater image, replace the placeholder in it\n let { updaterImage } = this.options;\n updaterImage = updaterImage?.replace(/\\{ecosystem\\}/i, packageEcosystem);\n\n // Parse the Dependabot metadata for the existing pull requests that are related to this update\n // Dependabot will use this to determine if we need to create new pull requests or update/close existing ones\n const existingPullRequestsForPackageManager = parsePullRequestProperties(existingPullRequests, packageManager);\n const existingPullRequestDependenciesForPackageManager = Object.values(existingPullRequestsForPackageManager);\n\n const builder = new DependabotJobBuilder({\n source: { provider: 'azure', ...url },\n config,\n update,\n systemAccessToken: gitToken,\n githubToken,\n experiments,\n debug: false,\n });\n\n let job: DependabotJobConfig \| undefined;\n let credentials: DependabotCredential[] \| undefined;\n let jobToken: string;\n let credentialsToken: string;\n\n // If this is a security-only update (i.e. 'open-pull-requests-limit: 0'), then we first need to discover the dependencies\n // that need updating and check each one for vulnerabilities. This is because Dependabot requires the list of vulnerable dependencies\n // to be supplied in the job definition of security-only update job, it will not automatically discover them like a versioned update does.\n // https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates#overriding-the-default-behavior-with-a-configuration-file\n let securityVulnerabilities: SecurityVulnerability[] = [];\n let dependencyNamesToUpdate: string[] = [];\n const securityUpdatesOnly = update['open-pull-requests-limit'] === 0;\n if (securityUpdatesOnly) {\n // Run an update job to discover all dependencies\n ({ job, credentials } = builder.forDependenciesList({ command }));\n ({ jobToken, credentialsToken } = this.makeTokens());\n server.add({ id: job.id, update, job, jobToken, credentialsToken, credentials });\n await runJob({\n dependabotApiUrl,\n dependabotApiDockerUrl,\n jobId: job.id,\n jobToken,\n credentialsToken,\n updaterImage,\n secretMasker,\n usage: makeUsageData(job),\n });\n\n const outputs = server.requests(job.id);\n const packagesToCheckForVulnerabilities: Package[] \| undefined = outputs!\n .find((o) => o.type === 'update_dependency_list')\n ?.data.dependencies?.map((d) => ({ name: d.name, version: d.version }));\n if (packagesToCheckForVulnerabilities?.length) {\n logger.info(\n `Detected ${packagesToCheckForVulnerabilities.length} dependencies; Checking for vulnerabilities...`,\n );\n\n // parse security advisories from file (private)\n if (securityAdvisoriesFile) {\n const filePath = securityAdvisoriesFile;\n if (existsSync(filePath)) {\n const fileContents = await readFile(filePath, 'utf-8');\n securityVulnerabilities = await SecurityVulnerabilitySchema.array().parseAsync(JSON.parse(fileContents));\n } else {\n logger.info(`Private security advisories file '${filePath}' does not exist`);\n }\n }\n if (githubToken) {\n const ghsaClient = new GitHubSecurityAdvisoryClient(githubToken);\n const githubVulnerabilities = await ghsaClient.getSecurityVulnerabilitiesAsync(\n getGhsaPackageEcosystemFromDependabotPackageManager(packageManager),\n packagesToCheckForVulnerabilities \|\| [],\n );\n securityVulnerabilities.push(...githubVulnerabilities);\n } else {\n logger.info(\n 'GitHub access token is not provided; Checking for vulnerabilities from GitHub is skipped. ' +\n 'This is not an issue if you are using private security advisories file.',\n );\n }\n\n securityVulnerabilities = filterVulnerabilities(securityVulnerabilities);\n\n // Only update dependencies that have vulnerabilities\n dependencyNamesToUpdate = Array.from(new Set(securityVulnerabilities.map((v) => v.package.name)));\n logger.info(\n `Detected ${securityVulnerabilities.length} vulnerabilities affecting ${dependencyNamesToUpdate.length} dependencies`,\n );\n if (dependencyNamesToUpdate.length) {\n logger.trace(dependencyNamesToUpdate);\n }\n } else {\n logger.info(`No vulnerabilities detected for update ${update['package-ecosystem']} in ${update.directory}`);\n server.clear(job.id);\n continue; // nothing more to do for this update\n }\n\n server.clear(job.id);\n }\n\n // Run an update job for \"all dependencies\"; this will create new pull requests for dependencies that need updating\n const openPullRequestsLimit = update['open-pull-requests-limit']!;\n const openPullRequestsCount = Object.entries(existingPullRequestsForPackageManager).length;\n const hasReachedOpenPullRequestLimit =\n openPullRequestsLimit > 0 && openPullRequestsCount >= openPullRequestsLimit;\n if (!hasReachedOpenPullRequestLimit) {\n const dependenciesHaveVulnerabilities = dependencyNamesToUpdate.length && securityVulnerabilities.length;\n if (!securityUpdatesOnly \|\| dependenciesHaveVulnerabilities) {\n ({ job, credentials } = builder.forUpdate({\n command,\n dependencyNamesToUpdate,\n existingPullRequests: existingPullRequestDependenciesForPackageManager,\n securityVulnerabilities,\n }));\n ({ jobToken, credentialsToken } = this.makeTokens());\n server.add({ id: job.id, update, job, jobToken, credentialsToken, credentials });\n const { success, message } = await runJob({\n dependabotApiUrl,\n dependabotApiDockerUrl,\n jobId: job.id,\n jobToken,\n credentialsToken,\n updaterImage,\n secretMasker,\n usage: makeUsageData(job),\n });\n const affectedPrs = server.allAffectedPrs(job.id);\n server.clear(job.id);\n results.push({ id: job.id, success, message, affectedPrs });\n } else {\n logger.info('Nothing to update; dependencies are not affected by any known vulnerability');\n }\n } else {\n logger.warn(\n `Skipping update for ${packageEcosystem} packages as the open pull requests limit (${openPullRequestsLimit}) has already been reached`,\n );\n }\n\n // If there are existing pull requests, run an update job for each one; this will resolve merge conflicts and close pull requests that are no longer needed\n const numberOfPullRequestsToUpdate = Object.keys(existingPullRequestsForPackageManager).length;\n if (numberOfPullRequestsToUpdate > 0) {\n if (!dryRun) {\n for (const pullRequestId in existingPullRequestsForPackageManager) {\n ({ job, credentials } = builder.forUpdate({\n command,\n existingPullRequests: existingPullRequestDependenciesForPackageManager,\n pullRequestToUpdate: existingPullRequestsForPackageManager[pullRequestId]!,\n securityVulnerabilities,\n }));\n ({ jobToken, credentialsToken } = this.makeTokens());\n server.add({ id: job.id, update, job, jobToken, credentialsToken, credentials });\n const { success, message } = await runJob({\n dependabotApiUrl,\n dependabotApiDockerUrl,\n jobId: job.id,\n jobToken,\n credentialsToken,\n updaterImage,\n secretMasker,\n usage: makeUsageData(job),\n });\n const affectedPrs = server.allAffectedPrs(job.id);\n server.clear(job.id);\n results.push({ id: job.id, success, message, affectedPrs });\n }\n } else {\n logger.warn(\n `Skipping update of ${numberOfPullRequestsToUpdate} existing ${packageEcosystem} package pull request(s) as 'dryRun' is set to 'true'`,\n );\n }\n }\n }\n\n return results;\n }\n}\n"],"mappings":";;;;;;;;;;AA2BA,IAAa,6BAAb,cAAgD,sBAAsB;CAEpE,AAAiB;CAEjB,YAAY,SAA4C;AACtD,QAAM,QAAQ;AACd,OAAK,UAAU;;CAGjB,MAAyB,OAAO,IAAY,SAA8C;AACxF,QAAM,MAAM,OAAO,IAAI,QAAQ;EAE/B,MAAM,EAAE,SAAS,2BAA2B;EAC5C,MAAM,EACJ,KACA,cACA,gBACA,qBACA,sBACA,aACA,eACA,iBACA,6BACA,QACA,OACA,WACE;EAEJ,MAAM,EAAE,MAAM,SAAS;EACvB,MAAM,MAAM,MAAM,KAAK,IAAI,GAAG;AAC9B,MAAI,CAAC,KAAK;AACR,UAAO,MAAM,wBAAwB,GAAG,qCAAqC,KAAK,GAAG;AACrF,UAAO;;EAET,MAAM,EAAE,mBAAmB,mBAAmB;AAC9C,SAAO,KAAK,eAAe,KAAK,gBAAgB,GAAG,GAAG;AACtD,MAAI,MACF,QAAO,MAAM,KAAK,UAAU,KAAK,CAAC;EAGpC,MAAM,SAAS,KAAK,OAAO,GAAG;EAC9B,MAAM,EAAE,SAAS,eAAe;AAEhC,UAAQ,MAAR;GAIE,KAAK,uBAAuB;IAC1B,MAAM,QAAQ,KAAK;AACnB,QAAI,QAAQ;AACV,YAAO,KAAK,sCAAsC,MAAM,gCAAgC;AACxF,YAAO;;IAIT,MAAM,wBAAwB,OAAO;IAIrC,MAAM,wCAAwC,2BAA2B,sBAAsB,eAAe;IAC9G,MAAM,4BAA4B,OAAO,QAAQ,sCAAsC,CAAC;IACxF,MAAM,wBAAwB,uBAAuB,IAAI,GAAG,CAAE,QAAQ,SAAS;AAI/E,QAFE,wBAAwB,KAAK,yBAAyB,uBAEpB;AAClC,YAAO,KACL,sCAAsC,MAAM,qCAAqC,sBAAsB,oBACxG;AACD,YAAO;;IAGT,MAAM,eAAe,wCAAwC,KAAK;IAClE,MAAM,eAAe,qDAAqD,KAAK;IAC/E,MAAM,eAAe,OAAO,oBAAqB,MAAM,aAAa,iBAAiB,SAAS,WAAW;IACzG,MAAM,eAAe,uBACnB,OAAO,sBACP,cACA,OAAO,aAAa,OAAO,aAAa,MAAM,QAAQ,aAAa,IAAI,MAAM,WAAW,IAAI,CAAC,EAC7F,CAAC,MAAM,QAAQ,aAAa,GAAG,aAAa,2BAA2B,QACvE,CAAC,MAAM,QAAQ,aAAa,GAAG,aAAa,eAAe,cAC3D,OAAO,6BAA6B,UACrC;AAID,SADuB,qBAAqB,MAAM,WAAW,iBAAiB,OAAO,IAAI,EAAE,EACxE,QAAQ;AACzB,YAAO,MACL,kCAAkC,MAAM,sBAAsB,aAAa,6DAC5E;AACD,YAAO;;IAET,MAAM,sBAAsB,qBAAqB,QAAQ,WAAW,aAAa,WAAW,OAAO,CAAC,IAAI,EAAE;AAC1G,QAAI,oBAAoB,QAAQ;AAC9B,YAAO,MACL,kCAAkC,MAAM,sBAAsB,aAAa,6CAA6C,oBAAoB,KAAK,KAAK,CAAC,qDACxJ;AACD,YAAO;;IAIT,MAAM,mBAAmB,MAAM,aAAa,kBAAkB;KACnD;KACG;KACZ,QAAQ;MACN,QAAQ,KAAK,sBAAsB,IAAI,OAAO;MAC9C,QAAQ;MACT;KACD,QAAQ,EACN,QAAQ,cACT;KACD;KACA;KACA,aAAa,0BAA0B,gBAAgB,KAAK,YAAY,KAAK,aAAa;KAC1F,eAAe,KAAK;KACpB,cAAc,kBACV;MACE,uBAAuB;MACvB,sBAAsB;AACpB,eAAQ,eAAR;QACE,KAAK,gBACH,QAAO,4BAA4B;QACrC,KAAK,SACH,QAAO,4BAA4B;QACrC,KAAK,SACH,QAAO,4BAA4B;QACrC,KAAK,cACH,QAAO,4BAA4B;QACrC,QACE,QAAO,4BAA4B;;UAErC;MACL,GACD;KACJ,WAAW,OAAO;KAClB,QAAQ,OAAO,QAAQ,KAAK,UAAU,OAAO,MAAM,CAAC,IAAI,EAAE;KAC1D,WAAW,OAAO,YAAY,CAAC,OAAO,UAAU,GAAG,EAAE;KACrD,SAAS;KACT,YAAY,2BAA2B,gBAAgB,aAAa;KACrE,CAAC;AAGF,QAAI,eAAe,kBAAkB,iBACnC,OAAM,eAAe,mBAAmB;KAC7B;KACG;KACZ,eAAe;KAChB,CAAC;AAIJ,QAAI,oBAAoB,mBAAmB,GAAG;AAC5C,4BAAuB,IAAI,GAAG,CAAE,QAAQ,KAAK,iBAAiB;AAC9D,YAAO;UAEP,QAAO;;GAIX,KAAK,uBAAuB;AAC1B,QAAI,QAAQ;AACV,YAAO,KAAK,4DAA4D;AACxE,YAAO;;IAIT,MAAM,sBAAsB,iCAC1B,sBACA,gBACA,KAAK,oBACN;AACD,QAAI,CAAC,qBAAqB;AACxB,YAAO,MACL,8DAA8D,eAAe,uBAAuB,KAAK,oBAAoB,KAAK,KAAK,CAAC,GACzI;AACD,YAAO;;IAIT,MAAM,wBAAwB,MAAM,aAAa,kBAAkB;KACxD;KACG;KACZ,eAAe,oBAAoB;KACnC,QAAQ,KAAK,sBAAsB,IAAI,OAAO;KAC9C;KACA,SAAS,wCAAwC,KAAK;KACtD,aAAa;KACb,mCAAmC,OAAO;KAC1C,6BAA6B;KAC9B,CAAC;AAGF,QAAI,eAAe,kBAAkB,sBACnC,OAAM,eAAe,mBAAmB;KAC7B;KACG;KACZ,eAAe,oBAAoB;KACpC,CAAC;AAGJ,QAAI,uBAAuB;AACzB,4BAAuB,IAAI,GAAG,CAAE,QAAQ,KAAK,oBAAoB,GAAG;AACpE,YAAO;;AAET,WAAO;;GAGT,KAAK,sBAAsB;AACzB,QAAI,QAAQ;AACV,YAAO,KAAK,6DAA6D;AACzE,YAAO;;IAIT,MAAM,qBAAqB,iCACzB,sBACA,gBACA,KAAK,oBACN;AACD,QAAI,CAAC,oBAAoB;AACvB,YAAO,MACL,6DAA6D,eAAe,uBAAuB,KAAK,oBAAoB,KAAK,KAAK,CAAC,GACxI;AACD,YAAO;;AAcT,QAPgB,MAAM,aAAa,mBAAmB;KAC3C;KACG;KACZ,eAAe,mBAAmB;KAClC,SAAS,uCAAuC,KAAK;KACrD,oBAAoB;KACrB,CAAC,EACW;AACX,4BAAuB,IAAI,GAAG,CAAE,OAAO,KAAK,mBAAmB,GAAG;AAClE,YAAO;;AAET,WAAO;;GAIT,KAAK;GACL,KAAK;GACL,KAAK;GACL,KAAK;GACL,KAAK;GACL,KAAK,iBACH,QAAO;GAET,KAAK;AACH,WAAO,MAAM,qBAAqB,KAAK,cAAc,GAAG,KAAK,UAAU,KAAK,iBAAiB,GAAG;AAChG,WAAO;GAET,KAAK;AACH,WAAO,MAAM,6BAA6B,KAAK,cAAc,IAAI,KAAK,UAAU,KAAK,iBAAiB,GAAG;AACzG,WAAO;GAET;AACE,WAAO,KAAK,mCAAmC,KAAK,gBAAgB;AACpE,WAAO;;;;;;;ACzPf,IAAa,uBAAb,cAA0C,gBAAgB;CAExD,AAAiB;CACjB,AAAiB;CACjB,AAAiB;CAGjB,YAAY,SAAsC;AAChD,QAAM,EAAE,GAAG,SAAS,CAAC;AACrB,OAAK,UAAU;EACf,MAAM,EAAE,KAAK,UAAU,aAAa,UAAU,KAAK;AAGnD,OAAK,eAAe,IAAI,wBAAwB,KAAK,UAAU,MAAM;AACrE,OAAK,iBAAiB,cAClB,IAAI,wBAAwB,KAAK,QAAQ,oBAAoB,UAAU,MAAM,GAC7E;;CAGN,MAAsB,MAA8B;AAClD,QAAM,MAAM,KAAK;EAEjB,MAAM,EACJ,SAAS,EAAE,KAAK,MAAM,QAAQ,iBAAiB,WAC/C,cACA,mBACE;AAIJ,MAAI,OAAO,6BAA6B,OAAO,SAAS,MAAM,MAAM,EAAE,yBAAyB,CAC7F,QAAO,KACL,sGACD;AAKH,MAAI,OAAO,SAAS,MAAM,MAAM,CAAC,EAAE,SAAS,CAC1C,QAAO,KACL;;;UAID;AAKH,MAAI,OAAO,SAAS,MAAM,MAAM,EAAE,gCAAgC,EAAE,CAClE,QAAO,KACL,4PACD;EAIH,MAAM,sBAAsB,MAAM,aAAa,eAAe,IAAI,SAAS,IAAI,WAAW;EAC1F,MAAM,uBAAuB,MAAM,aAAa,+BAC9C,IAAI,SACJ,IAAI,YACJ,MAAM,aAAa,WAAW,CAC/B;EAUD,MAAM,SAAS,IAAI,2BAPsC;GACvD;GACA;GACA;GACA;GACA,GAAG,KAAK;GACT,CAC2D;AAC5D,SAAO,MAAM,KAAK;AAElB,QAAM,IAAI,SAAS,YAAY,WAAW,SAAS,IAAK,CAAC;EAKzD,MAAM,mBAAmB,+BAA+B,OAAO,KAAK;EACpE,MAAM,yBAAyB;EAG/B,IAAIA,UAA8B,EAAE;AACpC,MAAI,mBAAmB,gBAAgB,SAAS,EAC9C,MAAK,MAAM,MAAM,iBAAiB;GAChC,MAAM,MAAM,OAAO,QAAQ;AAC3B,OAAI,CAAC,IACH,QAAO,KACL;+CACmC,GAAG;;gCAElB,OAAO,QAAQ,SAAS,EAAE;cAE/C;OAED,SAAQ,KAAK,IAAI;;MAIrB,WAAU,OAAO;AAGnB,MAAI;AAEF,SAAM,KAAK,2CAA2C,qBAAqB,qBAAqB;AAGhG,UAAO,MAAM,KAAK,eAChB,QACA,SACA,sBACA,kBACA,wBACA,QACD;YACO;AACR,UAAO,MAAM;;;;;;;;CASjB,MAAc,2CACZ,qBACA,sBACe;AACf,MAAI,CAAC,uBAAuB,CAAC,qBAAsB;EAEnD,MAAM,EACJ,SAAS,EAAE,KAAK,UAChB,iBACE;AACJ,OAAK,MAAM,oBAAoB,sBAAsB;GACnD,MAAM,cAAc,qBAAqB;GACzC,MAAM,2BAA2B,oBAC/B,YAAY,YAAY,MAAM,MAAM,EAAE,SAAS,iDAAiD,EAAE,MACnG;AACD,OAAI,4BAA4B,CAAC,oBAAoB,SAAS,yBAAyB,EAAE;AAEvF,QAAI,CAAC,QAAQ;AACX,YAAO,KACL,kCAAkC,YAAY,GAAG,uDAClD;AACD,WAAM,aAAa,mBAAmB;MACpC,SAAS,IAAI;MACb,YAAY,IAAI;MAChB,eAAe,YAAY;MAM3B,SACE;MAGH,CAAC;;AAGJ,yBAAqB,OAAO,qBAAqB,QAAQ,YAAY,EAAE,EAAE;;;;;;;;;;CAW/E,MAAc,eACZ,QACA,SACA,sBACA,kBACA,wBACA,SACwB;EACxB,MAAM,EACJ,SAAS,EAAE,KAAK,UAAU,aAAa,aAAa,QAAQ,QAAQ,wBAAwB,mBAC1F;EAEJ,MAAMC,UAAyB,EAAE;EAEjC,SAAS,cAAc,KAAkD;AACvE,UAAO;IACL,SAAS;IACT,UAAU,IAAI,OAAO;IACrB,OAAO,IAAI,MAAM,UAAU;IAC3B,SAAS,GAAG,IAAI,MAAM,UAAU,CAAC,QAAQ,OAAO,GAAG,CAAC,GAAG,IAAI;IAC3D,mBAAmB,IAAI;IACxB;;AAGH,OAAK,MAAM,UAAU,SAAS;GAC5B,MAAM,mBAAmB,OAAO;GAChC,MAAM,iBAAiB,oCAAoC,iBAAiB;GAG5E,IAAI,EAAE,iBAAiB,KAAK;AAC5B,kBAAe,cAAc,QAAQ,kBAAkB,iBAAiB;GAIxE,MAAM,wCAAwC,2BAA2B,sBAAsB,eAAe;GAC9G,MAAM,mDAAmD,OAAO,OAAO,sCAAsC;GAE7G,MAAM,UAAU,IAAI,qBAAqB;IACvC,QAAQ;KAAE,UAAU;KAAS,GAAG;KAAK;IACrC;IACA;IACA,mBAAmB;IACnB;IACA;IACA,OAAO;IACR,CAAC;GAEF,IAAIC;GACJ,IAAIC;GACJ,IAAIC;GACJ,IAAIC;GAMJ,IAAIC,0BAAmD,EAAE;GACzD,IAAIC,0BAAoC,EAAE;GAC1C,MAAM,sBAAsB,OAAO,gCAAgC;AACnE,OAAI,qBAAqB;AAEvB,KAAC,CAAE,KAAK,eAAgB,QAAQ,oBAAoB,EAAE,SAAS,CAAC;AAChE,KAAC,CAAE,UAAU,oBAAqB,KAAK,YAAY;AACnD,WAAO,IAAI;KAAE,IAAI,IAAI;KAAI;KAAQ;KAAK;KAAU;KAAkB;KAAa,CAAC;AAChF,UAAM,OAAO;KACX;KACA;KACA,OAAO,IAAI;KACX;KACA;KACA;KACA;KACA,OAAO,cAAc,IAAI;KAC1B,CAAC;IAGF,MAAMC,oCADU,OAAO,SAAS,IAAI,GAAG,CAEpC,MAAM,MAAM,EAAE,SAAS,yBAAyB,EAC/C,KAAK,cAAc,KAAK,OAAO;KAAE,MAAM,EAAE;KAAM,SAAS,EAAE;KAAS,EAAE;AACzE,QAAI,mCAAmC,QAAQ;AAC7C,YAAO,KACL,YAAY,kCAAkC,OAAO,gDACtD;AAGD,SAAI,wBAAwB;MAC1B,MAAM,WAAW;AACjB,UAAI,WAAW,SAAS,EAAE;OACxB,MAAM,eAAe,MAAM,SAAS,UAAU,QAAQ;AACtD,iCAA0B,MAAM,4BAA4B,OAAO,CAAC,WAAW,KAAK,MAAM,aAAa,CAAC;YAExG,QAAO,KAAK,qCAAqC,SAAS,kBAAkB;;AAGhF,SAAI,aAAa;MAEf,MAAM,wBAAwB,MADX,IAAI,6BAA6B,YAAY,CACjB,gCAC7C,oDAAoD,eAAe,EACnE,qCAAqC,EAAE,CACxC;AACD,8BAAwB,KAAK,GAAG,sBAAsB;WAEtD,QAAO,KACL,oKAED;AAGH,+BAA0B,sBAAsB,wBAAwB;AAGxE,+BAA0B,MAAM,KAAK,IAAI,IAAI,wBAAwB,KAAK,MAAM,EAAE,QAAQ,KAAK,CAAC,CAAC;AACjG,YAAO,KACL,YAAY,wBAAwB,OAAO,6BAA6B,wBAAwB,OAAO,eACxG;AACD,SAAI,wBAAwB,OAC1B,QAAO,MAAM,wBAAwB;WAElC;AACL,YAAO,KAAK,0CAA0C,OAAO,qBAAqB,MAAM,OAAO,YAAY;AAC3G,YAAO,MAAM,IAAI,GAAG;AACpB;;AAGF,WAAO,MAAM,IAAI,GAAG;;GAItB,MAAM,wBAAwB,OAAO;GACrC,MAAM,wBAAwB,OAAO,QAAQ,sCAAsC,CAAC;AAGpF,OAAI,EADF,wBAAwB,KAAK,yBAAyB,wBACnB;IACnC,MAAM,kCAAkC,wBAAwB,UAAU,wBAAwB;AAClG,QAAI,CAAC,uBAAuB,iCAAiC;AAC3D,MAAC,CAAE,KAAK,eAAgB,QAAQ,UAAU;MACxC;MACA;MACA,sBAAsB;MACtB;MACD,CAAC;AACF,MAAC,CAAE,UAAU,oBAAqB,KAAK,YAAY;AACnD,YAAO,IAAI;MAAE,IAAI,IAAI;MAAI;MAAQ;MAAK;MAAU;MAAkB;MAAa,CAAC;KAChF,MAAM,EAAE,SAAS,YAAY,MAAM,OAAO;MACxC;MACA;MACA,OAAO,IAAI;MACX;MACA;MACA;MACA;MACA,OAAO,cAAc,IAAI;MAC1B,CAAC;KACF,MAAM,cAAc,OAAO,eAAe,IAAI,GAAG;AACjD,YAAO,MAAM,IAAI,GAAG;AACpB,aAAQ,KAAK;MAAE,IAAI,IAAI;MAAI;MAAS;MAAS;MAAa,CAAC;UAE3D,QAAO,KAAK,8EAA8E;SAG5F,QAAO,KACL,uBAAuB,iBAAiB,6CAA6C,sBAAsB,4BAC5G;GAIH,MAAM,+BAA+B,OAAO,KAAK,sCAAsC,CAAC;AACxF,OAAI,+BAA+B,EACjC,KAAI,CAAC,OACH,MAAK,MAAM,iBAAiB,uCAAuC;AACjE,KAAC,CAAE,KAAK,eAAgB,QAAQ,UAAU;KACxC;KACA,sBAAsB;KACtB,qBAAqB,sCAAsC;KAC3D;KACD,CAAC;AACF,KAAC,CAAE,UAAU,oBAAqB,KAAK,YAAY;AACnD,WAAO,IAAI;KAAE,IAAI,IAAI;KAAI;KAAQ;KAAK;KAAU;KAAkB;KAAa,CAAC;IAChF,MAAM,EAAE,SAAS,YAAY,MAAM,OAAO;KACxC;KACA;KACA,OAAO,IAAI;KACX;KACA;KACA;KACA;KACA,OAAO,cAAc,IAAI;KAC1B,CAAC;IACF,MAAM,cAAc,OAAO,eAAe,IAAI,GAAG;AACjD,WAAO,MAAM,IAAI,GAAG;AACpB,YAAQ,KAAK;KAAE,IAAI,IAAI;KAAI;KAAS;KAAS;KAAa,CAAC;;OAG7D,QAAO,KACL,sBAAsB,6BAA6B,YAAY,iBAAiB,uDACjF;;AAKP,SAAO"}

package/dist/local/index.d.mts CHANGED Viewed

@@ -1,3 +1,3 @@
-import "../api-client-d6QdRcLh.mjs";
-import { a as LocalJobsRunner, i as LocalDependabotServerOptions, n as LocalDependabotServer, o as LocalJobsRunnerOptions, r as LocalDependabotServerAddOptions, s as RunJobsResult, t as AffectedPullRequestIds } from "../server-BkcsWPxI.mjs";
+import "../api-client-M8F9t7II.mjs";
+import { a as LocalJobsRunner, i as LocalDependabotServerOptions, n as LocalDependabotServer, o as LocalJobsRunnerOptions, r as LocalDependabotServerAddOptions, s as RunJobsResult, t as AffectedPullRequestIds } from "../server-BSQEzdZw.mjs";
 export { AffectedPullRequestIds, LocalDependabotServer, LocalDependabotServerAddOptions, LocalDependabotServerOptions, LocalJobsRunner, LocalJobsRunnerOptions, RunJobsResult };

package/dist/local/index.mjs CHANGED Viewed

@@ -1,4 +1,3 @@
-import "../logger-DSV-e8-Y.mjs";
-import { n as LocalJobsRunner, t as LocalDependabotServer } from "../server-jm-ghIse.mjs";
+import { n as LocalJobsRunner, t as LocalDependabotServer } from "../server-M1ps5BVd.mjs";
 export { LocalDependabotServer, LocalJobsRunner };

package/dist/{run-DYm1dt_j.mjs → run-BtSPCvKv.mjs} RENAMED Viewed

@@ -1,6 +1,6 @@
-import { t as logger } from "./logger-DSV-e8-Y.mjs";
 import { DependabotCredentialSchema, DependabotJobConfigSchema } from "@paklo/core/dependabot";
 import { HEADER_NAME_AUTHORIZATION, HttpRequestError, InnerApiClient, isErrorTemporaryFailure } from "@paklo/core/http";
+import { logger } from "@paklo/core/logger";
 import Docker from "dockerode";
 import { pack } from "tar-stream";
 import stream, { Readable } from "node:stream";
@@ -119,7 +119,7 @@ var ApiClient = class {
 //#endregion
 //#region ../../dependabot-action/docker/containers.json
-var proxy = "ghcr.io/github/dependabot-update-job-proxy/dependabot-update-job-proxy:v2.0.20251023141128@sha256:92726df9e09d44a60e73f86e973bb30ed271819f5c27b4cbe7ba0d929e6913e5";
+var proxy = "ghcr.io/github/dependabot-update-job-proxy/dependabot-update-job-proxy:v2.0.20251113195050@sha256:617ff0562ba63ab27eef421637d04581cc0b0659d996200bf31b11a0855ae0a5";
 var containers_default = {
 	proxy,
 	bundler: "ghcr.io/dependabot/dependabot-updater-bundler:v2.0.20250916161401@sha256:cb1b48a4e2862bd9a2ebb1bb7f2eb1b28bd0099060925951618e07a96c191e5c",
@@ -148,7 +148,8 @@ var containers_default = {
 	vcpkg: "ghcr.io/dependabot/dependabot-updater-vcpkg:v2.0.20250916161401@sha256:40355d74ad784932730577475faee9f21ef863c3cec7b7d2817cc5621f3b1dd7",
 	helm: "ghcr.io/dependabot/dependabot-updater-helm:v2.0.20250916161401@sha256:42fe3e7a6bac84271dec7ec41ac0067ff7d1cffb8e5f63dbe5eec849b5bc433b",
 	julia: "ghcr.io/dependabot/dependabot-updater-julia:v2.0.20251023204638@sha256:49caaedd3e594c3056fa4f811ddc70da174a4d4dcd4726687ca626f844987d82",
-	bazel: "ghcr.io/dependabot/dependabot-updater-bazel:v2.0.20251027153627@sha256:ab86da3697ccff56c345c37d820ff72003ba242b41bf3309f44af08fd85aa538"
+	bazel: "ghcr.io/dependabot/dependabot-updater-bazel:v2.0.20251027153627@sha256:ab86da3697ccff56c345c37d820ff72003ba242b41bf3309f44af08fd85aa538",
+	opentofu: "ghcr.io/dependabot/dependabot-updater-opentofu:v2.0.20251114105702@sha256:9c33300c7a987367cf203bd7dda689029b093c0c95cc58b05c1cf9c6b4c652f7"
 };
 //#endregion
@@ -356,7 +357,7 @@ var JobParameters = class {
 	}
 };
 function getJobParameters(input) {
-	return new JobParameters(parseInt(input.jobId, 10), input.jobToken, input.credentialsToken, input.dependabotApiUrl, input.dependabotApiDockerUrl, input.updaterImage);
+	return new JobParameters(input.jobId, input.jobToken, input.credentialsToken, input.dependabotApiUrl, input.dependabotApiDockerUrl, input.updaterImage);
 }
 //#endregion
@@ -536,7 +537,7 @@ var ProxyBuilder = class {
 //#endregion
 //#region package.json
-var version = "0.2.2";
+var version = "0.3.0";
 //#endregion
 //#region src/updater-builder.ts
@@ -769,4 +770,4 @@ async function runJob(options) {
 //#endregion
 export { updaterImageName as _, UpdaterBuilder as a, CredentialFetchingError as b, getJobParameters as c, ContainerRuntimeError as d, ContainerService as f, repositoryName as g, hasDigest as h, Updater as i, ImageService as l, digestName as m, JobRunnerUpdaterError as n, ProxyBuilder as o, PROXY_IMAGE_NAME as p, runJob as r, JobParameters as s, JobRunnerImagingError as t, getOrgFromImage as u, updaterImages as v, JobDetailsFetchingError as x, ApiClient as y };
-//# sourceMappingURL=run-DYm1dt_j.mjs.map
+//# sourceMappingURL=run-BtSPCvKv.mjs.map