npm - @paklo/runner - Versions diffs - 0.6.0 → 0.8.0 - Mend

@paklo/runner 0.6.0 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/dist/{api-client-M8F9t7II.d.mts → api-client-BoQ6jjRB.d.mts} +4 -3
package/dist/index.d.mts +25 -6
package/dist/index.mjs +2 -2
package/dist/local/azure/index.d.mts +7 -7
package/dist/local/azure/index.mjs +95 -64
package/dist/local/azure/index.mjs.map +1 -1
package/dist/local/index.d.mts +2 -2
package/dist/local/index.mjs +1 -1
package/dist/{run-DBD6Hefl.mjs → run-CXDAe0P_.mjs} +86 -89
package/dist/run-CXDAe0P_.mjs.map +1 -0
package/dist/{server-DTAFwSrb.d.mts → server-6BlJr2bw.d.mts} +3 -3
package/dist/{server-M1ps5BVd.mjs → server-BxUu1gGo.mjs} +2 -2
package/dist/{server-M1ps5BVd.mjs.map → server-BxUu1gGo.mjs.map} +1 -1
package/package.json +8 -6
package/dist/run-DBD6Hefl.mjs.map +0 -1

package/dist/local/azure/index.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.mjs","names":["updates: DependabotUpdate[]","results: RunJobsResult","job: DependabotJobConfig \| undefined","credentials: DependabotCredential[] \| undefined","jobToken: string","credentialsToken: string","securityVulnerabilities: SecurityVulnerability[]","dependencyNamesToUpdate: string[]","packagesToCheckForVulnerabilities: Package[] \| undefined"],"sources":["../../../src/local/azure/server.ts","../../../src/local/azure/runner.ts"],"sourcesContent":["import type { AzureDevOpsRepositoryUrl, AzureDevOpsWebApiClient, IPullRequestProperties } from '@paklo/core/azure';\nimport {\n buildPullRequestProperties,\n GitPullRequestMergeStrategy,\n getPullRequestChangedFilesForOutputData,\n getPullRequestCloseReasonForOutputData,\n getPullRequestDependenciesPropertyValueForOutputData,\n getPullRequestDescription,\n getPullRequestForDependencyNames,\n parsePullRequestProperties,\n} from '@paklo/core/azure';\nimport { type DependabotRequest, getBranchNameForUpdate } from '@paklo/core/dependabot';\nimport { logger } from '@paklo/core/logger';\nimport { LocalDependabotServer, type LocalDependabotServerOptions } from '../server';\n\nexport type AzureLocalDependabotServerOptions = LocalDependabotServerOptions & {\n url: AzureDevOpsRepositoryUrl;\n authorClient: AzureDevOpsWebApiClient;\n autoApprove: boolean;\n approverClient?: AzureDevOpsWebApiClient;\n setAutoComplete: boolean;\n mergeStrategy?: string;\n autoCompleteIgnoreConfigIds: number[];\n existingBranchNames: string[] \| undefined;\n existingPullRequests: IPullRequestProperties[];\n};\n\nexport class AzureLocalDependabotServer extends LocalDependabotServer {\n // biome-ignore lint/correctness/noUnusedPrivateClassMembers: options is used\n private readonly options: AzureLocalDependabotServerOptions;\n\n constructor(options: AzureLocalDependabotServerOptions) {\n super(options);\n this.options = options;\n }\n\n protected override async handle(id: string, request: DependabotRequest): Promise<boolean> {\n await super.handle(id, request); // common logic\n\n const { options, affectedPullRequestIds } = this;\n const {\n url,\n authorClient,\n approverClient,\n existingBranchNames,\n existingPullRequests,\n autoApprove,\n mergeStrategy,\n setAutoComplete,\n autoCompleteIgnoreConfigIds,\n author,\n dryRun,\n } = options;\n\n const { type, data } = request;\n const job = await this.job(id);\n if (!job) {\n logger.error(`No job found for ID '${id}', cannot process request of type '${type}'`);\n return false;\n }\n const { 'package-manager': packageManager } = job;\n logger.info(`Processing '${type}' for job ID '${id}'`);\n\n const update = this.update(id)!; // exists because job exists\n const { project, repository } = url;\n\n switch (type) {\n // Documentation on the 'data' model for each output type can be found here:\n // See: https://github.com/dependabot/cli/blob/main/internal/model/update.go\n\n case 'create_pull_request': {\n const title = data['pr-title'];\n if (dryRun) {\n logger.warn(`Skipping pull request creation of '${title}' as 'dryRun' is set to 'true'`);\n return true;\n }\n\n // Skip if active pull request limit reached.\n const openPullRequestsLimit = update['open-pull-requests-limit']!;\n\n // Parse the Dependabot metadata for the existing pull requests that are related to this update\n // Dependabot will use this to determine if we need to create new pull requests or update/close existing ones\n const existingPullRequestsForPackageManager = parsePullRequestProperties(existingPullRequests, packageManager);\n const existingPullRequestsCount = Object.entries(existingPullRequestsForPackageManager).length;\n const openPullRequestsCount = affectedPullRequestIds.get(id)!.created.length + existingPullRequestsCount;\n const hasReachedOpenPullRequestLimit =\n openPullRequestsLimit > 0 && openPullRequestsCount >= openPullRequestsLimit;\n\n if (hasReachedOpenPullRequestLimit) {\n logger.warn(\n `Skipping pull request creation of '${title}' as the open pull requests limit (${openPullRequestsLimit}) has been reached`,\n );\n return true;\n }\n\n const changedFiles = getPullRequestChangedFilesForOutputData(data);\n const dependencies = getPullRequestDependenciesPropertyValueForOutputData(data);\n const targetBranch = update['target-branch'] \|\| (await authorClient.getDefaultBranch(project, repository));\n const sourceBranch = getBranchNameForUpdate(\n update['package-ecosystem'],\n targetBranch,\n update.directory \|\| update.directories?.find((dir) => changedFiles[0]?.path?.startsWith(dir)),\n !Array.isArray(dependencies) ? dependencies['dependency-group-name'] : undefined,\n !Array.isArray(dependencies) ? dependencies.dependencies : dependencies,\n update['pull-request-branch-name']?.separator,\n );\n\n // Check if the source branch already exists or conflicts with an existing branch\n const existingBranch = existingBranchNames?.find((branch) => sourceBranch === branch) \|\| [];\n if (existingBranch.length) {\n logger.error(\n `Unable to create pull request '${title}' as source branch '${sourceBranch}' already exists; Delete the existing branch and try again.`,\n );\n return false;\n }\n const conflictingBranches = existingBranchNames?.filter((branch) => sourceBranch.startsWith(branch)) \|\| [];\n if (conflictingBranches.length) {\n logger.error(\n `Unable to create pull request '${title}' as source branch '${sourceBranch}' would conflict with existing branch(es) '${conflictingBranches.join(', ')}'; Delete the conflicting branch(es) and try again.`,\n );\n return false;\n }\n\n // Create a new pull request\n const newPullRequestId = await authorClient.createPullRequest({\n project: project,\n repository: repository,\n source: {\n commit: data['base-commit-sha'] \|\| job.source.commit!,\n branch: sourceBranch,\n },\n target: {\n branch: targetBranch!,\n },\n author,\n title,\n description: getPullRequestDescription(packageManager, data['pr-body'], data.dependencies),\n commitMessage: data['commit-message'],\n autoComplete: setAutoComplete\n ? {\n ignorePolicyConfigIds: autoCompleteIgnoreConfigIds,\n mergeStrategy: (() => {\n switch (mergeStrategy) {\n case 'noFastForward':\n return GitPullRequestMergeStrategy.NoFastForward;\n case 'squash':\n return GitPullRequestMergeStrategy.Squash;\n case 'rebase':\n return GitPullRequestMergeStrategy.Rebase;\n case 'rebaseMerge':\n return GitPullRequestMergeStrategy.RebaseMerge;\n default:\n return GitPullRequestMergeStrategy.Squash;\n }\n })(),\n }\n : undefined,\n assignees: update.assignees,\n labels: update.labels?.map((label) => label?.trim()) \|\| [],\n workItems: update.milestone ? [update.milestone] : [],\n changes: changedFiles,\n properties: buildPullRequestProperties(packageManager, dependencies),\n });\n\n // Auto-approve the pull request, if required\n if (autoApprove && approverClient && newPullRequestId) {\n await approverClient.approvePullRequest({\n project: project,\n repository: repository,\n pullRequestId: newPullRequestId,\n });\n }\n\n // Store the new pull request ID, so we can keep track of the total number of open pull requests\n if (newPullRequestId && newPullRequestId > 0) {\n affectedPullRequestIds.get(id)!.created.push(newPullRequestId);\n return true;\n } else {\n return false;\n }\n }\n\n case 'update_pull_request': {\n if (dryRun) {\n logger.warn(`Skipping pull request update as 'dryRun' is set to 'true'`);\n return true;\n }\n\n // Find the pull request to update\n const pullRequestToUpdate = getPullRequestForDependencyNames(\n existingPullRequests,\n packageManager,\n data['dependency-names'],\n );\n if (!pullRequestToUpdate) {\n logger.error(\n `Could not find pull request to update for package manager '${packageManager}' with dependencies '${data['dependency-names'].join(', ')}'`,\n );\n return false;\n }\n\n // Update the pull request\n const pullRequestWasUpdated = await authorClient.updatePullRequest({\n project: project,\n repository: repository,\n pullRequestId: pullRequestToUpdate.id,\n commit: data['base-commit-sha'] \|\| job.source.commit!,\n author,\n changes: getPullRequestChangedFilesForOutputData(data),\n skipIfDraft: true,\n skipIfCommitsFromAuthorsOtherThan: author.email,\n skipIfNotBehindTargetBranch: true,\n });\n\n // Re-approve the pull request, if required\n if (autoApprove && approverClient && pullRequestWasUpdated) {\n await approverClient.approvePullRequest({\n project: project,\n repository: repository,\n pullRequestId: pullRequestToUpdate.id,\n });\n }\n\n if (pullRequestWasUpdated) {\n affectedPullRequestIds.get(id)!.updated.push(pullRequestToUpdate.id);\n return true;\n }\n return false;\n }\n\n case 'close_pull_request': {\n if (dryRun) {\n logger.warn(`Skipping pull request closure as 'dryRun' is set to 'true'`);\n return true;\n }\n\n // Find the pull request to close\n const pullRequestToClose = getPullRequestForDependencyNames(\n existingPullRequests,\n packageManager,\n data['dependency-names'],\n );\n if (!pullRequestToClose) {\n logger.error(\n `Could not find pull request to close for package manager '${packageManager}' with dependencies '${data['dependency-names'].join(', ')}'`,\n );\n return false;\n }\n\n // TODO: GitHub Dependabot will close with reason \"Superseded by ${new_pull_request_id}\" when another PR supersedes it.\n // How do we detect this? Do we need to?\n\n // Close the pull request\n const success = await authorClient.abandonPullRequest({\n project: project,\n repository: repository,\n pullRequestId: pullRequestToClose.id,\n comment: getPullRequestCloseReasonForOutputData(data),\n deleteSourceBranch: true,\n });\n if (success) {\n affectedPullRequestIds.get(id)!.closed.push(pullRequestToClose.id);\n return true;\n }\n return false;\n }\n\n case 'record_update_job_warning': {\n if (dryRun) {\n logger.warn(`Skipping warning as 'dryRun' is set to 'true'`);\n return true;\n }\n\n // add comment to each create/updated pull request\n const ids = affectedPullRequestIds.get(id)!.created.concat(affectedPullRequestIds.get(id)!.updated);\n for (const pullRequestId of ids) {\n await authorClient.addCommentThread({\n project: project,\n repository: repository,\n content: `### Dependabot Warning: ${data['warn-title']}\\n\\n${data['warn-description']}`,\n pullRequestId,\n });\n }\n\n return true;\n }\n\n // No action required\n case 'update_dependency_list':\n case 'create_dependency_submission':\n case 'mark_as_processed':\n case 'record_ecosystem_versions':\n case 'increment_metric':\n case 'record_ecosystem_meta':\n case 'record_cooldown_meta':\n case 'record_metrics': // from the runner\n return true;\n\n case 'record_update_job_error':\n logger.error(`Update job error: ${data['error-type']} ${JSON.stringify(data['error-details'])}`);\n return true;\n\n case 'record_update_job_unknown_error':\n logger.error(`Update job unknown error: ${data['error-type']}, ${JSON.stringify(data['error-details'])}`);\n return true;\n\n default:\n logger.warn(`Unknown dependabot request type '${type}', ignoring...`);\n return true;\n }\n }\n}\n","import { existsSync } from 'node:fs';\nimport { readFile } from 'node:fs/promises';\nimport {\n AzureDevOpsWebApiClient,\n DEVOPS_PR_PROPERTY_MICROSOFT_GIT_SOURCE_REF_NAME,\n type IPullRequestProperties,\n normalizeBranchName,\n parsePullRequestProperties,\n} from '@paklo/core/azure';\nimport {\n type DependabotCredential,\n DependabotJobBuilder,\n type DependabotJobConfig,\n type DependabotUpdate,\n mapPackageEcosystemToPackageManager,\n} from '@paklo/core/dependabot';\nimport {\n filterVulnerabilities,\n GitHubSecurityAdvisoryClient,\n getGhsaPackageEcosystemFromDependabotPackageManager,\n type Package,\n type SecurityVulnerability,\n SecurityVulnerabilitySchema,\n} from '@paklo/core/github';\nimport { logger } from '@paklo/core/logger';\nimport { type RunJobOptions, runJob } from '../../run';\nimport { LocalJobsRunner, type LocalJobsRunnerOptions, type RunJobsResult } from '../runner';\nimport { AzureLocalDependabotServer, type AzureLocalDependabotServerOptions } from './server';\n\nexport type AzureLocalJobsRunnerOptions = LocalJobsRunnerOptions &\n Omit<\n AzureLocalDependabotServerOptions,\n 'authorClient' \| 'approverClient' \| 'existingBranchNames' \| 'existingPullRequests'\n > & {\n port?: number;\n securityAdvisoriesFile?: string;\n gitToken: string;\n githubToken?: string;\n autoApproveToken?: string;\n };\n\nexport class AzureLocalJobsRunner extends LocalJobsRunner {\n // biome-ignore-start lint/correctness/noUnusedPrivateClassMembers: variables are used\n private readonly options: AzureLocalJobsRunnerOptions;\n private readonly authorClient: AzureDevOpsWebApiClient;\n private readonly approverClient?: AzureDevOpsWebApiClient;\n // biome-ignore-end lint/correctness/noUnusedPrivateClassMembers: variables are used\n\n constructor(options: AzureLocalJobsRunnerOptions) {\n super({ ...options });\n this.options = options;\n const { url, gitToken, autoApprove, debug } = this.options;\n\n // Initialise the DevOps API clients (one for authoring the other for auto-approving (if configured))\n this.authorClient = new AzureDevOpsWebApiClient(url, gitToken, debug);\n this.approverClient = autoApprove\n ? new AzureDevOpsWebApiClient(url, options.autoApproveToken \|\| gitToken, debug)\n : undefined;\n }\n\n public override async run(): Promise<RunJobsResult> {\n await super.run(); // common logic\n\n const {\n options: { url, port, config, targetUpdateIds, command },\n authorClient,\n approverClient,\n } = this;\n\n // Print a warning about multi-ecosystem updates not being fully supported\n // TODO: Implement full support for multi-ecosystem updates (not sure this will be possible on the local model)\n if (config['multi-ecosystem-groups'] \|\| config.updates?.some((u) => u['multi-ecosystem-group'])) {\n logger.warn(\n 'Multi-ecosystem updates are not working yet. Only parsing and validation is supported at this time.',\n );\n }\n\n // Print a warning about the required workarounds for security-only updates, if any update is configured as such\n // TODO: If and when Dependabot supports a better way to do security-only updates, remove this.\n if (config.updates?.some((u) => u['open-pull-requests-limit'] === 0)) {\n logger.warn(\n 'Security-only updates incur a slight performance overhead due to limitations in Dependabot CLI. For more info, see: https://github.com/mburumaxwell/dependabot-azure-devops/blob/main/README.md#configuring-security-advisories-and-known-vulnerabilities',\n );\n }\n\n // Fetch the active pull requests created by the author user\n const existingBranchNames = await authorClient.getBranchNames(url.project, url.repository);\n const existingPullRequests = await authorClient.getActivePullRequestProperties(\n url.project,\n url.repository,\n await authorClient.getUserId(),\n );\n\n // Prepare local server\n const serverOptions: AzureLocalDependabotServerOptions = {\n authorClient,\n approverClient,\n existingBranchNames,\n existingPullRequests,\n ...this.options,\n };\n const server = new AzureLocalDependabotServer(serverOptions);\n server.start(port);\n // give the server a second to start\n await new Promise((resolve) => setTimeout(resolve, 1000));\n\n // The API urls is constant when working in this CLI. Asking people to setup NGROK or similar just to get\n // HTTPS for the job token to be used is too much hassle.\n // Using same value for dependabotApiUrl and dependabotApiDockerUrl so as to capture /record_metrics calls.\n const dependabotApiUrl = `http://host.docker.internal:${server.port}/api`;\n const dependabotApiDockerUrl = dependabotApiUrl;\n\n // If update identifiers are specified, select them; otherwise handle all\n let updates: DependabotUpdate[] = [];\n if (targetUpdateIds && targetUpdateIds.length > 0) {\n for (const id of targetUpdateIds) {\n const upd = config.updates[id];\n if (!upd) {\n logger.warn(\n `\n Unable to find target update id '${id}'.\n This value should be a zero based index of the update in your config file.\n Expected range: 0-${config.updates.length - 1}\n `,\n );\n } else {\n updates.push(upd);\n }\n }\n } else {\n updates = config.updates;\n }\n\n try {\n // Abandon all pull requests where the source branch has been deleted\n await this.abandonPullRequestsWhereSourceRefIsDeleted(existingBranchNames, existingPullRequests);\n\n // Perform updates for each of the [targeted] update blocks in dependabot.yaml\n return await this.performUpdates(\n server,\n updates,\n existingPullRequests,\n dependabotApiUrl,\n dependabotApiDockerUrl,\n command,\n );\n } finally {\n server.stop();\n }\n }\n\n /*\n Abandon all pull requests where the source branch has been deleted.\n * @param existingBranchNames The names of the existing branches.\n * @param existingPullRequests The existing pull requests.\n /\n private async abandonPullRequestsWhereSourceRefIsDeleted(\n existingBranchNames?: string[],\n existingPullRequests?: IPullRequestProperties[],\n ): Promise<void> {\n if (!existingBranchNames \|\| !existingPullRequests) return;\n\n const {\n options: { url, dryRun },\n authorClient,\n } = this;\n for (const pullRequestIndex in existingPullRequests) {\n const pullRequest = existingPullRequests[pullRequestIndex]!;\n const pullRequestSourceRefName = normalizeBranchName(\n pullRequest.properties?.find((x) => x.name === DEVOPS_PR_PROPERTY_MICROSOFT_GIT_SOURCE_REF_NAME)?.value,\n );\n if (pullRequestSourceRefName && !existingBranchNames.includes(pullRequestSourceRefName)) {\n // The source branch for the pull request has been deleted; abandon the pull request (if not dry run)\n if (!dryRun) {\n logger.warn(\n `Detected source branch for PR #${pullRequest.id} has been deleted; The pull request will be abandoned`,\n );\n await authorClient.abandonPullRequest({\n project: url.project,\n repository: url.repository,\n pullRequestId: pullRequest.id,\n // comment:\n // 'OK, I won't notify you again about this release, but will get in touch when a new version is available. ' +\n // 'If you'd rather skip all updates until the next major or minor version, add an ' +\n // '[`ignore` condition](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#ignore--) ' +\n // 'with the desired `update-types` to your config file.',\n comment:\n 'It might be a good idea to add an ' +\n '[`ignore` condition](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#ignore--) ' +\n 'with the desired `update-types` to your config file.',\n });\n }\n // Remove the pull request from the list of existing pull requests to ensures that we don't attempt to update it later in the process.\n existingPullRequests.splice(existingPullRequests.indexOf(pullRequest), 1);\n }\n }\n }\n\n /\n Performs the updates.\n * @param server The local Dependabot server.\n * @param updates The updates to perform.\n * @param existingPullRequests The existing pull requests.\n */\n private async performUpdates(\n server: AzureLocalDependabotServer,\n updates: DependabotUpdate[],\n existingPullRequests: IPullRequestProperties[],\n dependabotApiUrl: string,\n dependabotApiDockerUrl?: string,\n command?: DependabotJobConfig['command'],\n ): Promise<RunJobsResult> {\n const {\n options: { url, gitToken, githubToken, experiments, config, dryRun, securityAdvisoriesFile, secretMasker },\n } = this;\n\n const results: RunJobsResult = [];\n\n function makeUsageData(job: DependabotJobConfig): RunJobOptions['usage'] {\n return {\n trigger: 'user',\n provider: job.source.provider,\n owner: url.value.toString(),\n project: `${url.value.toString().replace(/\\/$/, '')}/${url.project}`,\n 'package-manager': job['package-manager'],\n };\n }\n\n for (const update of updates) {\n const packageEcosystem = update['package-ecosystem'];\n const packageManager = mapPackageEcosystemToPackageManager(packageEcosystem);\n\n // If there is an updater image, replace the placeholder in it\n let { updaterImage } = this.options;\n updaterImage = updaterImage?.replace(/\\{ecosystem\\}/i, packageEcosystem);\n\n // Parse the Dependabot metadata for the existing pull requests that are related to this update\n // Dependabot will use this to determine if we need to create new pull requests or update/close existing ones\n const existingPullRequestsForPackageManager = parsePullRequestProperties(existingPullRequests, packageManager);\n const existingPullRequestDependenciesForPackageManager = Object.values(existingPullRequestsForPackageManager);\n\n const builder = new DependabotJobBuilder({\n source: { provider: 'azure', ...url },\n config,\n update,\n systemAccessToken: gitToken,\n githubToken,\n experiments,\n debug: false,\n });\n\n let job: DependabotJobConfig \| undefined;\n let credentials: DependabotCredential[] \| undefined;\n let jobToken: string;\n let credentialsToken: string;\n\n // If this is a security-only update (i.e. 'open-pull-requests-limit: 0'), then we first need to discover the dependencies\n // that need updating and check each one for vulnerabilities. This is because Dependabot requires the list of vulnerable dependencies\n // to be supplied in the job definition of security-only update job, it will not automatically discover them like a versioned update does.\n // https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates#overriding-the-default-behavior-with-a-configuration-file\n let securityVulnerabilities: SecurityVulnerability[] = [];\n let dependencyNamesToUpdate: string[] = [];\n const securityUpdatesOnly = update['open-pull-requests-limit'] === 0;\n if (securityUpdatesOnly) {\n // Run an update job to discover all dependencies\n ({ job, credentials } = builder.forDependenciesList({ command }));\n ({ jobToken, credentialsToken } = this.makeTokens());\n server.add({ id: job.id, update, job, jobToken, credentialsToken, credentials });\n await runJob({\n dependabotApiUrl,\n dependabotApiDockerUrl,\n jobId: job.id,\n jobToken,\n credentialsToken,\n updaterImage,\n secretMasker,\n usage: makeUsageData(job),\n });\n\n const outputs = server.requests(job.id);\n const packagesToCheckForVulnerabilities: Package[] \| undefined = outputs!\n .find((o) => o.type === 'update_dependency_list')\n ?.data.dependencies?.map((d) => ({ name: d.name, version: d.version }));\n if (packagesToCheckForVulnerabilities?.length) {\n logger.info(\n `Detected ${packagesToCheckForVulnerabilities.length} dependencies; Checking for vulnerabilities...`,\n );\n\n // parse security advisories from file (private)\n if (securityAdvisoriesFile) {\n const filePath = securityAdvisoriesFile;\n if (existsSync(filePath)) {\n const fileContents = await readFile(filePath, 'utf-8');\n securityVulnerabilities = await SecurityVulnerabilitySchema.array().parseAsync(JSON.parse(fileContents));\n } else {\n logger.info(`Private security advisories file '${filePath}' does not exist`);\n }\n }\n if (githubToken) {\n const ghsaClient = new GitHubSecurityAdvisoryClient(githubToken);\n const githubVulnerabilities = await ghsaClient.getSecurityVulnerabilitiesAsync(\n getGhsaPackageEcosystemFromDependabotPackageManager(packageManager),\n packagesToCheckForVulnerabilities \|\| [],\n );\n securityVulnerabilities.push(...githubVulnerabilities);\n } else {\n logger.info(\n 'GitHub access token is not provided; Checking for vulnerabilities from GitHub is skipped. ' +\n 'This is not an issue if you are using private security advisories file.',\n );\n }\n\n securityVulnerabilities = filterVulnerabilities(securityVulnerabilities);\n\n // Only update dependencies that have vulnerabilities\n dependencyNamesToUpdate = Array.from(new Set(securityVulnerabilities.map((v) => v.package.name)));\n logger.info(\n `Detected ${securityVulnerabilities.length} vulnerabilities affecting ${dependencyNamesToUpdate.length} dependencies`,\n );\n if (dependencyNamesToUpdate.length) {\n logger.trace(dependencyNamesToUpdate);\n }\n } else {\n logger.info(`No vulnerabilities detected for update ${update['package-ecosystem']} in ${update.directory}`);\n server.clear(job.id);\n continue; // nothing more to do for this update\n }\n\n server.clear(job.id);\n }\n\n // Run an update job for \"all dependencies\"; this will create new pull requests for dependencies that need updating\n const openPullRequestsLimit = update['open-pull-requests-limit']!;\n const openPullRequestsCount = Object.entries(existingPullRequestsForPackageManager).length;\n const hasReachedOpenPullRequestLimit =\n openPullRequestsLimit > 0 && openPullRequestsCount >= openPullRequestsLimit;\n if (!hasReachedOpenPullRequestLimit) {\n const dependenciesHaveVulnerabilities = dependencyNamesToUpdate.length && securityVulnerabilities.length;\n if (!securityUpdatesOnly \|\| dependenciesHaveVulnerabilities) {\n ({ job, credentials } = builder.forUpdate({\n command,\n dependencyNamesToUpdate,\n existingPullRequests: existingPullRequestDependenciesForPackageManager,\n securityVulnerabilities,\n }));\n ({ jobToken, credentialsToken } = this.makeTokens());\n server.add({ id: job.id, update, job, jobToken, credentialsToken, credentials });\n const { success, message } = await runJob({\n dependabotApiUrl,\n dependabotApiDockerUrl,\n jobId: job.id,\n jobToken,\n credentialsToken,\n updaterImage,\n secretMasker,\n usage: makeUsageData(job),\n });\n const affectedPrs = server.allAffectedPrs(job.id);\n server.clear(job.id);\n results.push({ id: job.id, success, message, affectedPrs });\n } else {\n logger.info('Nothing to update; dependencies are not affected by any known vulnerability');\n }\n } else {\n logger.warn(\n `Skipping update for ${packageEcosystem} packages as the open pull requests limit (${openPullRequestsLimit}) has already been reached`,\n );\n }\n\n // If there are existing pull requests, run an update job for each one; this will resolve merge conflicts and close pull requests that are no longer needed\n const numberOfPullRequestsToUpdate = Object.keys(existingPullRequestsForPackageManager).length;\n if (numberOfPullRequestsToUpdate > 0) {\n if (!dryRun) {\n for (const pullRequestId in existingPullRequestsForPackageManager) {\n ({ job, credentials } = builder.forUpdate({\n command,\n existingPullRequests: existingPullRequestDependenciesForPackageManager,\n pullRequestToUpdate: existingPullRequestsForPackageManager[pullRequestId]!,\n securityVulnerabilities,\n }));\n ({ jobToken, credentialsToken } = this.makeTokens());\n server.add({ id: job.id, update, job, jobToken, credentialsToken, credentials });\n const { success, message } = await runJob({\n dependabotApiUrl,\n dependabotApiDockerUrl,\n jobId: job.id,\n jobToken,\n credentialsToken,\n updaterImage,\n secretMasker,\n usage: makeUsageData(job),\n });\n const affectedPrs = server.allAffectedPrs(job.id);\n server.clear(job.id);\n results.push({ id: job.id, success, message, affectedPrs });\n }\n } else {\n logger.warn(\n `Skipping update of ${numberOfPullRequestsToUpdate} existing ${packageEcosystem} package pull request(s) as 'dryRun' is set to 'true'`,\n );\n }\n }\n }\n\n return results;\n }\n}\n"],"mappings":";;;;;;;;;;AA2BA,IAAa,6BAAb,cAAgD,sBAAsB;CAEpE,AAAiB;CAEjB,YAAY,SAA4C;AACtD,QAAM,QAAQ;AACd,OAAK,UAAU;;CAGjB,MAAyB,OAAO,IAAY,SAA8C;AACxF,QAAM,MAAM,OAAO,IAAI,QAAQ;EAE/B,MAAM,EAAE,SAAS,2BAA2B;EAC5C,MAAM,EACJ,KACA,cACA,gBACA,qBACA,sBACA,aACA,eACA,iBACA,6BACA,QACA,WACE;EAEJ,MAAM,EAAE,MAAM,SAAS;EACvB,MAAM,MAAM,MAAM,KAAK,IAAI,GAAG;AAC9B,MAAI,CAAC,KAAK;AACR,UAAO,MAAM,wBAAwB,GAAG,qCAAqC,KAAK,GAAG;AACrF,UAAO;;EAET,MAAM,EAAE,mBAAmB,mBAAmB;AAC9C,SAAO,KAAK,eAAe,KAAK,gBAAgB,GAAG,GAAG;EAEtD,MAAM,SAAS,KAAK,OAAO,GAAG;EAC9B,MAAM,EAAE,SAAS,eAAe;AAEhC,UAAQ,MAAR;GAIE,KAAK,uBAAuB;IAC1B,MAAM,QAAQ,KAAK;AACnB,QAAI,QAAQ;AACV,YAAO,KAAK,sCAAsC,MAAM,gCAAgC;AACxF,YAAO;;IAIT,MAAM,wBAAwB,OAAO;IAIrC,MAAM,wCAAwC,2BAA2B,sBAAsB,eAAe;IAC9G,MAAM,4BAA4B,OAAO,QAAQ,sCAAsC,CAAC;IACxF,MAAM,wBAAwB,uBAAuB,IAAI,GAAG,CAAE,QAAQ,SAAS;AAI/E,QAFE,wBAAwB,KAAK,yBAAyB,uBAEpB;AAClC,YAAO,KACL,sCAAsC,MAAM,qCAAqC,sBAAsB,oBACxG;AACD,YAAO;;IAGT,MAAM,eAAe,wCAAwC,KAAK;IAClE,MAAM,eAAe,qDAAqD,KAAK;IAC/E,MAAM,eAAe,OAAO,oBAAqB,MAAM,aAAa,iBAAiB,SAAS,WAAW;IACzG,MAAM,eAAe,uBACnB,OAAO,sBACP,cACA,OAAO,aAAa,OAAO,aAAa,MAAM,QAAQ,aAAa,IAAI,MAAM,WAAW,IAAI,CAAC,EAC7F,CAAC,MAAM,QAAQ,aAAa,GAAG,aAAa,2BAA2B,QACvE,CAAC,MAAM,QAAQ,aAAa,GAAG,aAAa,eAAe,cAC3D,OAAO,6BAA6B,UACrC;AAID,SADuB,qBAAqB,MAAM,WAAW,iBAAiB,OAAO,IAAI,EAAE,EACxE,QAAQ;AACzB,YAAO,MACL,kCAAkC,MAAM,sBAAsB,aAAa,6DAC5E;AACD,YAAO;;IAET,MAAM,sBAAsB,qBAAqB,QAAQ,WAAW,aAAa,WAAW,OAAO,CAAC,IAAI,EAAE;AAC1G,QAAI,oBAAoB,QAAQ;AAC9B,YAAO,MACL,kCAAkC,MAAM,sBAAsB,aAAa,6CAA6C,oBAAoB,KAAK,KAAK,CAAC,qDACxJ;AACD,YAAO;;IAIT,MAAM,mBAAmB,MAAM,aAAa,kBAAkB;KACnD;KACG;KACZ,QAAQ;MACN,QAAQ,KAAK,sBAAsB,IAAI,OAAO;MAC9C,QAAQ;MACT;KACD,QAAQ,EACN,QAAQ,cACT;KACD;KACA;KACA,aAAa,0BAA0B,gBAAgB,KAAK,YAAY,KAAK,aAAa;KAC1F,eAAe,KAAK;KACpB,cAAc,kBACV;MACE,uBAAuB;MACvB,sBAAsB;AACpB,eAAQ,eAAR;QACE,KAAK,gBACH,QAAO,4BAA4B;QACrC,KAAK,SACH,QAAO,4BAA4B;QACrC,KAAK,SACH,QAAO,4BAA4B;QACrC,KAAK,cACH,QAAO,4BAA4B;QACrC,QACE,QAAO,4BAA4B;;UAErC;MACL,GACD;KACJ,WAAW,OAAO;KAClB,QAAQ,OAAO,QAAQ,KAAK,UAAU,OAAO,MAAM,CAAC,IAAI,EAAE;KAC1D,WAAW,OAAO,YAAY,CAAC,OAAO,UAAU,GAAG,EAAE;KACrD,SAAS;KACT,YAAY,2BAA2B,gBAAgB,aAAa;KACrE,CAAC;AAGF,QAAI,eAAe,kBAAkB,iBACnC,OAAM,eAAe,mBAAmB;KAC7B;KACG;KACZ,eAAe;KAChB,CAAC;AAIJ,QAAI,oBAAoB,mBAAmB,GAAG;AAC5C,4BAAuB,IAAI,GAAG,CAAE,QAAQ,KAAK,iBAAiB;AAC9D,YAAO;UAEP,QAAO;;GAIX,KAAK,uBAAuB;AAC1B,QAAI,QAAQ;AACV,YAAO,KAAK,4DAA4D;AACxE,YAAO;;IAIT,MAAM,sBAAsB,iCAC1B,sBACA,gBACA,KAAK,oBACN;AACD,QAAI,CAAC,qBAAqB;AACxB,YAAO,MACL,8DAA8D,eAAe,uBAAuB,KAAK,oBAAoB,KAAK,KAAK,CAAC,GACzI;AACD,YAAO;;IAIT,MAAM,wBAAwB,MAAM,aAAa,kBAAkB;KACxD;KACG;KACZ,eAAe,oBAAoB;KACnC,QAAQ,KAAK,sBAAsB,IAAI,OAAO;KAC9C;KACA,SAAS,wCAAwC,KAAK;KACtD,aAAa;KACb,mCAAmC,OAAO;KAC1C,6BAA6B;KAC9B,CAAC;AAGF,QAAI,eAAe,kBAAkB,sBACnC,OAAM,eAAe,mBAAmB;KAC7B;KACG;KACZ,eAAe,oBAAoB;KACpC,CAAC;AAGJ,QAAI,uBAAuB;AACzB,4BAAuB,IAAI,GAAG,CAAE,QAAQ,KAAK,oBAAoB,GAAG;AACpE,YAAO;;AAET,WAAO;;GAGT,KAAK,sBAAsB;AACzB,QAAI,QAAQ;AACV,YAAO,KAAK,6DAA6D;AACzE,YAAO;;IAIT,MAAM,qBAAqB,iCACzB,sBACA,gBACA,KAAK,oBACN;AACD,QAAI,CAAC,oBAAoB;AACvB,YAAO,MACL,6DAA6D,eAAe,uBAAuB,KAAK,oBAAoB,KAAK,KAAK,CAAC,GACxI;AACD,YAAO;;AAcT,QAPgB,MAAM,aAAa,mBAAmB;KAC3C;KACG;KACZ,eAAe,mBAAmB;KAClC,SAAS,uCAAuC,KAAK;KACrD,oBAAoB;KACrB,CAAC,EACW;AACX,4BAAuB,IAAI,GAAG,CAAE,OAAO,KAAK,mBAAmB,GAAG;AAClE,YAAO;;AAET,WAAO;;GAGT,KAAK,6BAA6B;AAChC,QAAI,QAAQ;AACV,YAAO,KAAK,gDAAgD;AAC5D,YAAO;;IAIT,MAAM,MAAM,uBAAuB,IAAI,GAAG,CAAE,QAAQ,OAAO,uBAAuB,IAAI,GAAG,CAAE,QAAQ;AACnG,SAAK,MAAM,iBAAiB,IAC1B,OAAM,aAAa,iBAAiB;KACzB;KACG;KACZ,SAAS,2BAA2B,KAAK,cAAc,MAAM,KAAK;KAClE;KACD,CAAC;AAGJ,WAAO;;GAIT,KAAK;GACL,KAAK;GACL,KAAK;GACL,KAAK;GACL,KAAK;GACL,KAAK;GACL,KAAK;GACL,KAAK,iBACH,QAAO;GAET,KAAK;AACH,WAAO,MAAM,qBAAqB,KAAK,cAAc,GAAG,KAAK,UAAU,KAAK,iBAAiB,GAAG;AAChG,WAAO;GAET,KAAK;AACH,WAAO,MAAM,6BAA6B,KAAK,cAAc,IAAI,KAAK,UAAU,KAAK,iBAAiB,GAAG;AACzG,WAAO;GAET;AACE,WAAO,KAAK,oCAAoC,KAAK,gBAAgB;AACrE,WAAO;;;;;;;AC3Qf,IAAa,uBAAb,cAA0C,gBAAgB;CAExD,AAAiB;CACjB,AAAiB;CACjB,AAAiB;CAGjB,YAAY,SAAsC;AAChD,QAAM,EAAE,GAAG,SAAS,CAAC;AACrB,OAAK,UAAU;EACf,MAAM,EAAE,KAAK,UAAU,aAAa,UAAU,KAAK;AAGnD,OAAK,eAAe,IAAI,wBAAwB,KAAK,UAAU,MAAM;AACrE,OAAK,iBAAiB,cAClB,IAAI,wBAAwB,KAAK,QAAQ,oBAAoB,UAAU,MAAM,GAC7E;;CAGN,MAAsB,MAA8B;AAClD,QAAM,MAAM,KAAK;EAEjB,MAAM,EACJ,SAAS,EAAE,KAAK,MAAM,QAAQ,iBAAiB,WAC/C,cACA,mBACE;AAIJ,MAAI,OAAO,6BAA6B,OAAO,SAAS,MAAM,MAAM,EAAE,yBAAyB,CAC7F,QAAO,KACL,sGACD;AAKH,MAAI,OAAO,SAAS,MAAM,MAAM,EAAE,gCAAgC,EAAE,CAClE,QAAO,KACL,4PACD;EAIH,MAAM,sBAAsB,MAAM,aAAa,eAAe,IAAI,SAAS,IAAI,WAAW;EAC1F,MAAM,uBAAuB,MAAM,aAAa,+BAC9C,IAAI,SACJ,IAAI,YACJ,MAAM,aAAa,WAAW,CAC/B;EAUD,MAAM,SAAS,IAAI,2BAPsC;GACvD;GACA;GACA;GACA;GACA,GAAG,KAAK;GACT,CAC2D;AAC5D,SAAO,MAAM,KAAK;AAElB,QAAM,IAAI,SAAS,YAAY,WAAW,SAAS,IAAK,CAAC;EAKzD,MAAM,mBAAmB,+BAA+B,OAAO,KAAK;EACpE,MAAM,yBAAyB;EAG/B,IAAIA,UAA8B,EAAE;AACpC,MAAI,mBAAmB,gBAAgB,SAAS,EAC9C,MAAK,MAAM,MAAM,iBAAiB;GAChC,MAAM,MAAM,OAAO,QAAQ;AAC3B,OAAI,CAAC,IACH,QAAO,KACL;+CACmC,GAAG;;gCAElB,OAAO,QAAQ,SAAS,EAAE;cAE/C;OAED,SAAQ,KAAK,IAAI;;MAIrB,WAAU,OAAO;AAGnB,MAAI;AAEF,SAAM,KAAK,2CAA2C,qBAAqB,qBAAqB;AAGhG,UAAO,MAAM,KAAK,eAChB,QACA,SACA,sBACA,kBACA,wBACA,QACD;YACO;AACR,UAAO,MAAM;;;;;;;;CASjB,MAAc,2CACZ,qBACA,sBACe;AACf,MAAI,CAAC,uBAAuB,CAAC,qBAAsB;EAEnD,MAAM,EACJ,SAAS,EAAE,KAAK,UAChB,iBACE;AACJ,OAAK,MAAM,oBAAoB,sBAAsB;GACnD,MAAM,cAAc,qBAAqB;GACzC,MAAM,2BAA2B,oBAC/B,YAAY,YAAY,MAAM,MAAM,EAAE,SAAS,iDAAiD,EAAE,MACnG;AACD,OAAI,4BAA4B,CAAC,oBAAoB,SAAS,yBAAyB,EAAE;AAEvF,QAAI,CAAC,QAAQ;AACX,YAAO,KACL,kCAAkC,YAAY,GAAG,uDAClD;AACD,WAAM,aAAa,mBAAmB;MACpC,SAAS,IAAI;MACb,YAAY,IAAI;MAChB,eAAe,YAAY;MAM3B,SACE;MAGH,CAAC;;AAGJ,yBAAqB,OAAO,qBAAqB,QAAQ,YAAY,EAAE,EAAE;;;;;;;;;;CAW/E,MAAc,eACZ,QACA,SACA,sBACA,kBACA,wBACA,SACwB;EACxB,MAAM,EACJ,SAAS,EAAE,KAAK,UAAU,aAAa,aAAa,QAAQ,QAAQ,wBAAwB,mBAC1F;EAEJ,MAAMC,UAAyB,EAAE;EAEjC,SAAS,cAAc,KAAkD;AACvE,UAAO;IACL,SAAS;IACT,UAAU,IAAI,OAAO;IACrB,OAAO,IAAI,MAAM,UAAU;IAC3B,SAAS,GAAG,IAAI,MAAM,UAAU,CAAC,QAAQ,OAAO,GAAG,CAAC,GAAG,IAAI;IAC3D,mBAAmB,IAAI;IACxB;;AAGH,OAAK,MAAM,UAAU,SAAS;GAC5B,MAAM,mBAAmB,OAAO;GAChC,MAAM,iBAAiB,oCAAoC,iBAAiB;GAG5E,IAAI,EAAE,iBAAiB,KAAK;AAC5B,kBAAe,cAAc,QAAQ,kBAAkB,iBAAiB;GAIxE,MAAM,wCAAwC,2BAA2B,sBAAsB,eAAe;GAC9G,MAAM,mDAAmD,OAAO,OAAO,sCAAsC;GAE7G,MAAM,UAAU,IAAI,qBAAqB;IACvC,QAAQ;KAAE,UAAU;KAAS,GAAG;KAAK;IACrC;IACA;IACA,mBAAmB;IACnB;IACA;IACA,OAAO;IACR,CAAC;GAEF,IAAIC;GACJ,IAAIC;GACJ,IAAIC;GACJ,IAAIC;GAMJ,IAAIC,0BAAmD,EAAE;GACzD,IAAIC,0BAAoC,EAAE;GAC1C,MAAM,sBAAsB,OAAO,gCAAgC;AACnE,OAAI,qBAAqB;AAEvB,KAAC,CAAE,KAAK,eAAgB,QAAQ,oBAAoB,EAAE,SAAS,CAAC;AAChE,KAAC,CAAE,UAAU,oBAAqB,KAAK,YAAY;AACnD,WAAO,IAAI;KAAE,IAAI,IAAI;KAAI;KAAQ;KAAK;KAAU;KAAkB;KAAa,CAAC;AAChF,UAAM,OAAO;KACX;KACA;KACA,OAAO,IAAI;KACX;KACA;KACA;KACA;KACA,OAAO,cAAc,IAAI;KAC1B,CAAC;IAGF,MAAMC,oCADU,OAAO,SAAS,IAAI,GAAG,CAEpC,MAAM,MAAM,EAAE,SAAS,yBAAyB,EAC/C,KAAK,cAAc,KAAK,OAAO;KAAE,MAAM,EAAE;KAAM,SAAS,EAAE;KAAS,EAAE;AACzE,QAAI,mCAAmC,QAAQ;AAC7C,YAAO,KACL,YAAY,kCAAkC,OAAO,gDACtD;AAGD,SAAI,wBAAwB;MAC1B,MAAM,WAAW;AACjB,UAAI,WAAW,SAAS,EAAE;OACxB,MAAM,eAAe,MAAM,SAAS,UAAU,QAAQ;AACtD,iCAA0B,MAAM,4BAA4B,OAAO,CAAC,WAAW,KAAK,MAAM,aAAa,CAAC;YAExG,QAAO,KAAK,qCAAqC,SAAS,kBAAkB;;AAGhF,SAAI,aAAa;MAEf,MAAM,wBAAwB,MADX,IAAI,6BAA6B,YAAY,CACjB,gCAC7C,oDAAoD,eAAe,EACnE,qCAAqC,EAAE,CACxC;AACD,8BAAwB,KAAK,GAAG,sBAAsB;WAEtD,QAAO,KACL,oKAED;AAGH,+BAA0B,sBAAsB,wBAAwB;AAGxE,+BAA0B,MAAM,KAAK,IAAI,IAAI,wBAAwB,KAAK,MAAM,EAAE,QAAQ,KAAK,CAAC,CAAC;AACjG,YAAO,KACL,YAAY,wBAAwB,OAAO,6BAA6B,wBAAwB,OAAO,eACxG;AACD,SAAI,wBAAwB,OAC1B,QAAO,MAAM,wBAAwB;WAElC;AACL,YAAO,KAAK,0CAA0C,OAAO,qBAAqB,MAAM,OAAO,YAAY;AAC3G,YAAO,MAAM,IAAI,GAAG;AACpB;;AAGF,WAAO,MAAM,IAAI,GAAG;;GAItB,MAAM,wBAAwB,OAAO;GACrC,MAAM,wBAAwB,OAAO,QAAQ,sCAAsC,CAAC;AAGpF,OAAI,EADF,wBAAwB,KAAK,yBAAyB,wBACnB;IACnC,MAAM,kCAAkC,wBAAwB,UAAU,wBAAwB;AAClG,QAAI,CAAC,uBAAuB,iCAAiC;AAC3D,MAAC,CAAE,KAAK,eAAgB,QAAQ,UAAU;MACxC;MACA;MACA,sBAAsB;MACtB;MACD,CAAC;AACF,MAAC,CAAE,UAAU,oBAAqB,KAAK,YAAY;AACnD,YAAO,IAAI;MAAE,IAAI,IAAI;MAAI;MAAQ;MAAK;MAAU;MAAkB;MAAa,CAAC;KAChF,MAAM,EAAE,SAAS,YAAY,MAAM,OAAO;MACxC;MACA;MACA,OAAO,IAAI;MACX;MACA;MACA;MACA;MACA,OAAO,cAAc,IAAI;MAC1B,CAAC;KACF,MAAM,cAAc,OAAO,eAAe,IAAI,GAAG;AACjD,YAAO,MAAM,IAAI,GAAG;AACpB,aAAQ,KAAK;MAAE,IAAI,IAAI;MAAI;MAAS;MAAS;MAAa,CAAC;UAE3D,QAAO,KAAK,8EAA8E;SAG5F,QAAO,KACL,uBAAuB,iBAAiB,6CAA6C,sBAAsB,4BAC5G;GAIH,MAAM,+BAA+B,OAAO,KAAK,sCAAsC,CAAC;AACxF,OAAI,+BAA+B,EACjC,KAAI,CAAC,OACH,MAAK,MAAM,iBAAiB,uCAAuC;AACjE,KAAC,CAAE,KAAK,eAAgB,QAAQ,UAAU;KACxC;KACA,sBAAsB;KACtB,qBAAqB,sCAAsC;KAC3D;KACD,CAAC;AACF,KAAC,CAAE,UAAU,oBAAqB,KAAK,YAAY;AACnD,WAAO,IAAI;KAAE,IAAI,IAAI;KAAI;KAAQ;KAAK;KAAU;KAAkB;KAAa,CAAC;IAChF,MAAM,EAAE,SAAS,YAAY,MAAM,OAAO;KACxC;KACA;KACA,OAAO,IAAI;KACX;KACA;KACA;KACA;KACA,OAAO,cAAc,IAAI;KAC1B,CAAC;IACF,MAAM,cAAc,OAAO,eAAe,IAAI,GAAG;AACjD,WAAO,MAAM,IAAI,GAAG;AACpB,YAAQ,KAAK;KAAE,IAAI,IAAI;KAAI;KAAS;KAAS;KAAa,CAAC;;OAG7D,QAAO,KACL,sBAAsB,6BAA6B,YAAY,iBAAiB,uDACjF;;AAKP,SAAO"}
1	+ {"version":3,"file":"index.mjs","names":["updates: DependabotUpdate[]","results: RunJobsResult","job: DependabotJobConfig \| undefined","credentials: DependabotCredential[] \| undefined","jobToken: string","credentialsToken: string","securityVulnerabilities: SecurityVulnerability[]","dependencyNamesToUpdate: string[]","packagesToCheckForVulnerabilities: Package[] \| undefined"],"sources":["../../../src/local/azure/server.ts","../../../src/local/azure/runner.ts"],"sourcesContent":["import type {\n AzdoPrExtractedWithProperties,\n AzureDevOpsClientWrapper,\n AzureDevOpsRepositoryUrl,\n} from '@paklo/core/azure';\nimport {\n type AzdoPullRequestMergeStrategy,\n buildPullRequestProperties,\n getPullRequestChangedFiles,\n getPullRequestForDependencyNames,\n PR_DESCRIPTION_MAX_LENGTH,\n parsePullRequestProperties,\n} from '@paklo/core/azure';\nimport {\n type DependabotRequest,\n getBranchNameForUpdate,\n getPullRequestCloseReason,\n getPullRequestDependencies,\n getPullRequestDescription,\n} from '@paklo/core/dependabot';\nimport { logger } from '@paklo/core/logger';\nimport { LocalDependabotServer, type LocalDependabotServerOptions } from '../server';\n\nexport type AzureLocalDependabotServerOptions = LocalDependabotServerOptions & {\n url: AzureDevOpsRepositoryUrl;\n authorClient: AzureDevOpsClientWrapper;\n autoApprove: boolean;\n approverClient?: AzureDevOpsClientWrapper;\n setAutoComplete: boolean;\n mergeStrategy?: AzdoPullRequestMergeStrategy;\n autoCompleteIgnoreConfigIds: number[];\n existingBranchNames: string[] \| undefined;\n existingPullRequests: AzdoPrExtractedWithProperties[];\n};\n\nexport class AzureLocalDependabotServer extends LocalDependabotServer {\n // biome-ignore lint/correctness/noUnusedPrivateClassMembers: options is used\n private readonly options: AzureLocalDependabotServerOptions;\n\n constructor(options: AzureLocalDependabotServerOptions) {\n super(options);\n this.options = options;\n }\n\n protected override async handle(id: string, request: DependabotRequest): Promise<boolean> {\n await super.handle(id, request); // common logic\n\n const { options, affectedPullRequestIds } = this;\n const {\n url,\n authorClient,\n approverClient,\n existingBranchNames,\n existingPullRequests,\n autoApprove,\n mergeStrategy,\n setAutoComplete,\n autoCompleteIgnoreConfigIds,\n author,\n dryRun,\n } = options;\n\n const { type, data } = request;\n const job = await this.job(id);\n if (!job) {\n logger.error(`No job found for ID '${id}', cannot process request of type '${type}'`);\n return false;\n }\n const { 'package-manager': packageManager } = job;\n logger.info(`Processing '${type}' for job ID '${id}'`);\n\n const update = this.update(id)!; // exists because job exists\n const { project, repository } = url;\n\n switch (type) {\n // Documentation on the 'data' model for each output type can be found here:\n // See: https://github.com/dependabot/cli/blob/main/internal/model/update.go\n\n case 'create_pull_request': {\n const title = data['pr-title'];\n if (dryRun) {\n logger.warn(`Skipping pull request creation of '${title}' as 'dryRun' is set to 'true'`);\n return true;\n }\n\n // Skip if active pull request limit reached.\n const openPullRequestsLimit = update['open-pull-requests-limit']!;\n\n // Parse the Dependabot metadata for the existing pull requests that are related to this update\n // Dependabot will use this to determine if we need to create new pull requests or update/close existing ones\n const existingPullRequestsForPackageManager = parsePullRequestProperties(existingPullRequests, packageManager);\n const existingPullRequestsCount = Object.entries(existingPullRequestsForPackageManager).length;\n const openPullRequestsCount = affectedPullRequestIds.get(id)!.created.length + existingPullRequestsCount;\n const hasReachedOpenPullRequestLimit =\n openPullRequestsLimit > 0 && openPullRequestsCount >= openPullRequestsLimit;\n\n if (hasReachedOpenPullRequestLimit) {\n logger.warn(\n `Skipping pull request creation of '${title}' as the open pull requests limit (${openPullRequestsLimit}) has been reached`,\n );\n return true;\n }\n\n const changedFiles = getPullRequestChangedFiles(data);\n const dependencies = getPullRequestDependencies(data);\n const targetBranch = update['target-branch'] \|\| (await authorClient.getDefaultBranch({ project, repository }));\n const sourceBranch = getBranchNameForUpdate({\n packageEcosystem: update['package-ecosystem'],\n targetBranchName: targetBranch,\n directory: update.directory \|\| update.directories?.find((dir) => changedFiles[0]?.path?.startsWith(dir)),\n dependencyGroupName: !Array.isArray(dependencies) ? dependencies['dependency-group-name'] : undefined,\n dependencies: !Array.isArray(dependencies) ? dependencies.dependencies : dependencies,\n separator: update['pull-request-branch-name']?.separator,\n });\n\n // Check if the source branch already exists or conflicts with an existing branch\n const existingBranch = existingBranchNames?.find((branch) => sourceBranch === branch) \|\| [];\n if (existingBranch.length) {\n logger.error(\n `Unable to create pull request '${title}' as source branch '${sourceBranch}' already exists; Delete the existing branch and try again.`,\n );\n return false;\n }\n const conflictingBranches = existingBranchNames?.filter((branch) => sourceBranch.startsWith(branch)) \|\| [];\n if (conflictingBranches.length) {\n logger.error(\n `Unable to create pull request '${title}' as source branch '${sourceBranch}' would conflict with existing branch(es) '${conflictingBranches.join(', ')}'; Delete the conflicting branch(es) and try again.`,\n );\n return false;\n }\n\n // Create a new pull request\n const newPullRequestId = await authorClient.createPullRequest({\n project: project,\n repository: repository,\n source: {\n commit: data['base-commit-sha'] \|\| job.source.commit!,\n branch: sourceBranch,\n },\n target: {\n branch: targetBranch!,\n },\n author,\n title,\n description: getPullRequestDescription({\n packageManager,\n body: data['pr-body'],\n dependencies: data.dependencies,\n maxDescriptionLength: PR_DESCRIPTION_MAX_LENGTH,\n }),\n commitMessage: data['commit-message'],\n autoComplete: setAutoComplete\n ? {\n ignorePolicyConfigIds: autoCompleteIgnoreConfigIds,\n mergeStrategy: mergeStrategy ?? 'squash',\n }\n : undefined,\n assignees: update.assignees,\n labels: update.labels?.map((label) => label?.trim()) \|\| [],\n workItems: update.milestone ? [update.milestone] : [],\n changes: changedFiles,\n properties: buildPullRequestProperties(packageManager, dependencies),\n });\n\n // Auto-approve the pull request, if required\n if (autoApprove && approverClient && newPullRequestId) {\n await approverClient.approvePullRequest({\n project: project,\n repository: repository,\n pullRequestId: newPullRequestId,\n });\n }\n\n // Store the new pull request ID, so we can keep track of the total number of open pull requests\n if (newPullRequestId) {\n affectedPullRequestIds.get(id)!.created.push(newPullRequestId);\n return true;\n }\n return false;\n }\n\n case 'update_pull_request': {\n if (dryRun) {\n logger.warn(`Skipping pull request update as 'dryRun' is set to 'true'`);\n return true;\n }\n\n // Find the pull request to update\n const pullRequestToUpdate = getPullRequestForDependencyNames(\n existingPullRequests,\n packageManager,\n data['dependency-names'],\n );\n if (!pullRequestToUpdate) {\n logger.error(\n `Could not find pull request to update for package manager '${packageManager}' with dependencies '${data['dependency-names'].join(', ')}'`,\n );\n return false;\n }\n\n // Update the pull request\n const pullRequestWasUpdated = await authorClient.updatePullRequest({\n project: project,\n repository: repository,\n pullRequestId: pullRequestToUpdate.pullRequestId,\n commit: data['base-commit-sha'] \|\| job.source.commit!,\n author,\n changes: getPullRequestChangedFiles(data),\n });\n\n // Re-approve the pull request, if required\n if (autoApprove && approverClient && pullRequestWasUpdated) {\n await approverClient.approvePullRequest({\n project: project,\n repository: repository,\n pullRequestId: pullRequestToUpdate.pullRequestId,\n });\n }\n\n if (pullRequestWasUpdated) {\n affectedPullRequestIds.get(id)!.updated.push(pullRequestToUpdate.pullRequestId);\n return true;\n }\n return false;\n }\n\n case 'close_pull_request': {\n if (dryRun) {\n logger.warn(`Skipping pull request closure as 'dryRun' is set to 'true'`);\n return true;\n }\n\n // Find the pull request to close\n const pullRequestToClose = getPullRequestForDependencyNames(\n existingPullRequests,\n packageManager,\n data['dependency-names'],\n );\n if (!pullRequestToClose) {\n logger.error(\n `Could not find pull request to close for package manager '${packageManager}' with dependencies '${data['dependency-names'].join(', ')}'`,\n );\n return false;\n }\n\n // TODO: GitHub Dependabot will close with reason \"Superseded by ${new_pull_request_id}\" when another PR supersedes it.\n // How do we detect this? Do we need to?\n\n // Close the pull request\n const success = await authorClient.abandonPullRequest({\n project: project,\n repository: repository,\n pullRequestId: pullRequestToClose.pullRequestId,\n comment: getPullRequestCloseReason(data),\n deleteSourceBranch: true,\n });\n if (success) {\n affectedPullRequestIds.get(id)!.closed.push(pullRequestToClose.pullRequestId);\n return true;\n }\n return false;\n }\n\n case 'record_update_job_warning': {\n if (dryRun) {\n logger.warn(`Skipping warning as 'dryRun' is set to 'true'`);\n return true;\n }\n\n // add comment to each create/updated pull request\n const ids = affectedPullRequestIds.get(id)!.created.concat(affectedPullRequestIds.get(id)!.updated);\n for (const pullRequestId of ids) {\n await authorClient.addCommentThread({\n project: project,\n repository: repository,\n content: `### Dependabot Warning: ${data['warn-title']}\\n\\n${data['warn-description']}`,\n pullRequestId,\n });\n }\n\n return true;\n }\n\n // No action required\n case 'update_dependency_list':\n case 'create_dependency_submission':\n case 'mark_as_processed':\n case 'record_ecosystem_versions':\n case 'increment_metric':\n case 'record_ecosystem_meta':\n case 'record_cooldown_meta':\n case 'record_metrics': // from the runner\n return true;\n\n case 'record_update_job_error':\n case 'record_update_job_unknown_error': {\n const unknown = type === 'record_update_job_unknown_error';\n logger.error(\n `Update${unknown ? ' unknown ' : ''})job error: ${data['error-type']} ${JSON.stringify(data['error-details'])}`,\n );\n return true;\n }\n\n default:\n logger.warn(`Unknown dependabot request type '${type}', ignoring...`);\n return true;\n }\n }\n}\n","import { existsSync } from 'node:fs';\nimport { readFile } from 'node:fs/promises';\nimport {\n type AzdoPrExtractedWithProperties,\n AzureDevOpsClientWrapper,\n PR_PROPERTY_MICROSOFT_GIT_SOURCE_REF_NAME,\n parsePullRequestProperties,\n} from '@paklo/core/azure';\nimport {\n type DependabotCredential,\n DependabotJobBuilder,\n type DependabotJobConfig,\n type DependabotUpdate,\n mapPackageEcosystemToPackageManager,\n normalizeBranchName,\n} from '@paklo/core/dependabot';\nimport {\n filterVulnerabilities,\n GitHubSecurityAdvisoryClient,\n getGhsaPackageEcosystemFromDependabotPackageManager,\n type Package,\n type SecurityVulnerability,\n SecurityVulnerabilitySchema,\n} from '@paklo/core/github';\nimport { logger } from '@paklo/core/logger';\nimport { type RunJobOptions, runJob } from '../../run';\nimport { LocalJobsRunner, type LocalJobsRunnerOptions, type RunJobsResult } from '../runner';\nimport { AzureLocalDependabotServer, type AzureLocalDependabotServerOptions } from './server';\n\nexport type AzureLocalJobsRunnerOptions = LocalJobsRunnerOptions &\n Omit<\n AzureLocalDependabotServerOptions,\n 'authorClient' \| 'approverClient' \| 'existingBranchNames' \| 'existingPullRequests'\n > & {\n port?: number;\n securityAdvisoriesFile?: string;\n gitToken: string;\n githubToken?: string;\n autoApproveToken?: string;\n };\n\nexport class AzureLocalJobsRunner extends LocalJobsRunner {\n // biome-ignore-start lint/correctness/noUnusedPrivateClassMembers: variables are used\n private readonly options: AzureLocalJobsRunnerOptions;\n private readonly authorClient: AzureDevOpsClientWrapper;\n private readonly approverClient?: AzureDevOpsClientWrapper;\n // biome-ignore-end lint/correctness/noUnusedPrivateClassMembers: variables are used\n\n constructor(options: AzureLocalJobsRunnerOptions) {\n super({ ...options });\n this.options = options;\n const { url, gitToken, autoApprove, debug } = this.options;\n\n // Initialise the DevOps API clients (one for authoring the other for auto-approving (if configured))\n this.authorClient = new AzureDevOpsClientWrapper(url, gitToken, debug);\n this.approverClient = autoApprove\n ? new AzureDevOpsClientWrapper(url, options.autoApproveToken \|\| gitToken, debug)\n : undefined;\n }\n\n public override async run(): Promise<RunJobsResult> {\n await super.run(); // common logic\n\n const {\n options: { url, port, config, targetUpdateIds, command },\n authorClient,\n approverClient,\n } = this;\n\n // Print a warning about multi-ecosystem updates not being fully supported\n // TODO: Implement full support for multi-ecosystem updates (not sure this will be possible on the local model)\n if (config['multi-ecosystem-groups'] \|\| config.updates?.some((u) => u['multi-ecosystem-group'])) {\n logger.warn(\n 'Multi-ecosystem updates are not working yet. Only parsing and validation is supported at this time.',\n );\n }\n\n // Print a warning about the required workarounds for security-only updates, if any update is configured as such\n // TODO: If and when Dependabot supports a better way to do security-only updates, remove this.\n if (config.updates?.some((u) => u['open-pull-requests-limit'] === 0)) {\n logger.warn(\n 'Security-only updates incur a slight performance overhead due to limitations in Dependabot CLI. For more info, see: https://github.com/mburumaxwell/dependabot-azure-devops/blob/main/README.md#configuring-security-advisories-and-known-vulnerabilities',\n );\n }\n\n // Fetch the active pull requests created by the author user\n const existingBranchNames = await authorClient.getBranchNames({ project: url.project, repository: url.repository });\n const existingPullRequests = await authorClient.getActivePullRequestProperties({\n project: url.project,\n repository: url.repository,\n creatorId: await authorClient.getUserId(),\n });\n\n // Prepare local server\n const serverOptions: AzureLocalDependabotServerOptions = {\n authorClient,\n approverClient,\n existingBranchNames,\n existingPullRequests,\n ...this.options,\n };\n const server = new AzureLocalDependabotServer(serverOptions);\n server.start(port);\n // give the server a second to start\n await new Promise((resolve) => setTimeout(resolve, 1000));\n\n // The API urls is constant when working in this CLI. Asking people to setup NGROK or similar just to get\n // HTTPS for the job token to be used is too much hassle.\n // Using same value for dependabotApiUrl and dependabotApiDockerUrl so as to capture /record_metrics calls.\n const dependabotApiUrl = `http://host.docker.internal:${server.port}/api`;\n const dependabotApiDockerUrl = dependabotApiUrl;\n\n // If update identifiers are specified, select them; otherwise handle all\n let updates: DependabotUpdate[] = [];\n if (targetUpdateIds && targetUpdateIds.length > 0) {\n for (const id of targetUpdateIds) {\n const upd = config.updates[id];\n if (!upd) {\n logger.warn(\n `\n Unable to find target update id '${id}'.\n This value should be a zero based index of the update in your config file.\n Expected range: 0-${config.updates.length - 1}\n `,\n );\n } else {\n updates.push(upd);\n }\n }\n } else {\n updates = config.updates;\n }\n\n try {\n // Abandon all pull requests where the source branch has been deleted\n await this.abandonPullRequestsWhereSourceRefIsDeleted(existingBranchNames, existingPullRequests);\n\n // Perform updates for each of the [targeted] update blocks in dependabot.yaml\n return await this.performUpdates(\n server,\n updates,\n existingPullRequests,\n dependabotApiUrl,\n dependabotApiDockerUrl,\n command,\n );\n } finally {\n server.stop();\n }\n }\n\n /*\n Abandon all pull requests where the source branch has been deleted.\n * @param existingBranchNames The names of the existing branches.\n * @param existingPullRequests The existing pull requests.\n /\n private async abandonPullRequestsWhereSourceRefIsDeleted(\n existingBranchNames?: string[],\n existingPullRequests?: AzdoPrExtractedWithProperties[],\n ): Promise<void> {\n if (!existingBranchNames \|\| !existingPullRequests) return;\n\n const {\n options: { url, dryRun },\n authorClient,\n } = this;\n for (const pullRequestIndex in existingPullRequests) {\n const pullRequest = existingPullRequests[pullRequestIndex]!;\n const pullRequestSourceRefName = normalizeBranchName(\n pullRequest.properties?.find((x) => x.name === PR_PROPERTY_MICROSOFT_GIT_SOURCE_REF_NAME)?.value,\n );\n if (pullRequestSourceRefName && !existingBranchNames.includes(pullRequestSourceRefName)) {\n // The source branch for the pull request has been deleted; abandon the pull request (if not dry run)\n if (!dryRun) {\n logger.warn(\n `Detected source branch for PR #${pullRequest.pullRequestId} has been deleted; The pull request will be abandoned`,\n );\n await authorClient.abandonPullRequest({\n project: url.project,\n repository: url.repository,\n pullRequestId: pullRequest.pullRequestId,\n // comment:\n // 'OK, I won't notify you again about this release, but will get in touch when a new version is available. ' +\n // 'If you'd rather skip all updates until the next major or minor version, add an ' +\n // '[`ignore` condition](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#ignore--) ' +\n // 'with the desired `update-types` to your config file.',\n comment:\n 'It might be a good idea to add an ' +\n '[`ignore` condition](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#ignore--) ' +\n 'with the desired `update-types` to your config file.',\n });\n }\n // Remove the pull request from the list of existing pull requests to ensures that we don't attempt to update it later in the process.\n existingPullRequests.splice(existingPullRequests.indexOf(pullRequest), 1);\n }\n }\n }\n\n /\n Performs the updates.\n * @param server The local Dependabot server.\n * @param updates The updates to perform.\n * @param existingPullRequests The existing pull requests.\n */\n private async performUpdates(\n server: AzureLocalDependabotServer,\n updates: DependabotUpdate[],\n existingPullRequests: AzdoPrExtractedWithProperties[],\n dependabotApiUrl: string,\n dependabotApiDockerUrl?: string,\n command?: DependabotJobConfig['command'],\n ): Promise<RunJobsResult> {\n const {\n options: { url, gitToken, githubToken, experiments, config, dryRun, securityAdvisoriesFile, secretMasker },\n } = this;\n\n const results: RunJobsResult = [];\n\n function makeRandomJobId(): string {\n const array = new Uint32Array(1);\n crypto.getRandomValues(array);\n return `${array[0]! % 10000000000}`; // Limit to 10 digits to match GitHub's job IDs\n }\n\n function makeUsageData(job: DependabotJobConfig): RunJobOptions['usage'] {\n return {\n trigger: 'user',\n provider: job.source.provider,\n owner: url.value.toString(),\n project: `${url.value.toString().replace(/\\/$/, '')}/${url.project}`,\n 'package-manager': job['package-manager'],\n };\n }\n\n for (const update of updates) {\n const packageEcosystem = update['package-ecosystem'];\n const packageManager = mapPackageEcosystemToPackageManager(packageEcosystem);\n\n // If there is an updater image, replace the placeholder in it\n let { updaterImage } = this.options;\n updaterImage = updaterImage?.replace(/\\{ecosystem\\}/i, packageEcosystem);\n\n // Parse the Dependabot metadata for the existing pull requests that are related to this update\n // Dependabot will use this to determine if we need to create new pull requests or update/close existing ones\n const existingPullRequestsForPackageManager = parsePullRequestProperties(existingPullRequests, packageManager);\n const existingPullRequestDependenciesForPackageManager = Object.values(existingPullRequestsForPackageManager);\n\n const builder = new DependabotJobBuilder({\n source: { provider: 'azure', ...url },\n config,\n update,\n systemAccessToken: gitToken,\n githubToken,\n experiments,\n debug: false,\n });\n\n let job: DependabotJobConfig \| undefined;\n let credentials: DependabotCredential[] \| undefined;\n let jobToken: string;\n let credentialsToken: string;\n\n const debug = this.options.debug;\n\n // If this is a security-only update (i.e. 'open-pull-requests-limit: 0'), then we first need to discover the dependencies\n // that need updating and check each one for vulnerabilities. This is because Dependabot requires the list of vulnerable dependencies\n // to be supplied in the job definition of security-only update job, it will not automatically discover them like a versioned update does.\n // https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates#overriding-the-default-behavior-with-a-configuration-file\n const securityVulnerabilities: SecurityVulnerability[] = [];\n const dependencyNamesToUpdate: string[] = [];\n const openPullRequestsLimit = update['open-pull-requests-limit']!;\n const securityUpdatesOnly = openPullRequestsLimit === 0;\n if (securityUpdatesOnly) {\n // Run an update job to discover all dependencies\n const id = makeRandomJobId();\n ({ job, credentials } = builder.forDependenciesList({ id, command }));\n ({ jobToken, credentialsToken } = this.makeTokens());\n server.add({ id, update, job, jobToken, credentialsToken, credentials });\n await runJob({\n dependabotApiUrl,\n dependabotApiDockerUrl,\n jobId: id,\n jobToken,\n credentialsToken,\n updaterImage,\n secretMasker,\n debug,\n usage: makeUsageData(job),\n });\n\n const outputs = server.requests(id);\n const packagesToCheckForVulnerabilities: Package[] \| undefined = outputs!\n .find((o) => o.type === 'update_dependency_list')\n ?.data.dependencies?.map((d) => ({ name: d.name, version: d.version }));\n if (packagesToCheckForVulnerabilities?.length) {\n logger.info(\n `Detected ${packagesToCheckForVulnerabilities.length} dependencies; Checking for vulnerabilities...`,\n );\n\n // parse security advisories from file (private)\n if (securityAdvisoriesFile) {\n const filePath = securityAdvisoriesFile;\n if (existsSync(filePath)) {\n const fileContents = await readFile(filePath, 'utf-8');\n securityVulnerabilities.push(\n ...(await SecurityVulnerabilitySchema.array().parseAsync(JSON.parse(fileContents))),\n );\n } else {\n logger.info(`Private security advisories file '${filePath}' does not exist`);\n }\n }\n if (githubToken) {\n const ghsaClient = new GitHubSecurityAdvisoryClient(githubToken);\n const githubVulnerabilities = await ghsaClient.getSecurityVulnerabilitiesAsync(\n getGhsaPackageEcosystemFromDependabotPackageManager(packageManager),\n packagesToCheckForVulnerabilities \|\| [],\n );\n securityVulnerabilities.push(...githubVulnerabilities);\n } else {\n logger.info(\n 'GitHub access token is not provided; Checking for vulnerabilities from GitHub is skipped. ' +\n 'This is not an issue if you are using private security advisories file.',\n );\n }\n\n const filtered = filterVulnerabilities(securityVulnerabilities);\n securityVulnerabilities.splice(0); // clear array\n securityVulnerabilities.push(...filtered);\n\n // Only update dependencies that have vulnerabilities\n dependencyNamesToUpdate.push(...Array.from(new Set(securityVulnerabilities.map((v) => v.package.name))));\n logger.info(\n `Detected ${securityVulnerabilities.length} vulnerabilities affecting ${dependencyNamesToUpdate.length} dependencies`,\n );\n if (dependencyNamesToUpdate.length) {\n logger.trace(dependencyNamesToUpdate);\n }\n } else {\n logger.info(`No vulnerabilities detected for update ${update['package-ecosystem']} in ${update.directory}`);\n server.clear(id);\n continue; // nothing more to do for this update\n }\n\n server.clear(id);\n }\n\n // Run an update job for \"all dependencies\"; this will create new pull requests for dependencies that need updating\n const openPullRequestsCount = Object.entries(existingPullRequestsForPackageManager).length;\n const hasReachedOpenPullRequestLimit =\n openPullRequestsLimit > 0 && openPullRequestsCount >= openPullRequestsLimit;\n if (!hasReachedOpenPullRequestLimit) {\n const dependenciesHaveVulnerabilities = dependencyNamesToUpdate.length && securityVulnerabilities.length;\n if (!securityUpdatesOnly \|\| dependenciesHaveVulnerabilities) {\n const id = makeRandomJobId();\n ({ job, credentials } = builder.forUpdate({\n id,\n command,\n dependencyNamesToUpdate,\n existingPullRequests: existingPullRequestDependenciesForPackageManager,\n securityVulnerabilities,\n }));\n ({ jobToken, credentialsToken } = this.makeTokens());\n server.add({ id, update, job, jobToken, credentialsToken, credentials });\n const { success, message } = await runJob({\n dependabotApiUrl,\n dependabotApiDockerUrl,\n jobId: id,\n jobToken,\n credentialsToken,\n updaterImage,\n secretMasker,\n debug,\n usage: makeUsageData(job),\n });\n const affectedPrs = server.allAffectedPrs(id);\n server.clear(id);\n results.push({ id, success, message, affectedPrs });\n } else {\n logger.info('Nothing to update; dependencies are not affected by any known vulnerability');\n }\n } else {\n logger.warn(\n `Skipping update for ${packageEcosystem} packages as the open pull requests limit (${openPullRequestsLimit}) has already been reached`,\n );\n }\n\n // If there are existing pull requests, run an update job for each one; this will resolve merge conflicts and close pull requests that are no longer needed\n const numberOfPullRequestsToUpdate = Object.keys(existingPullRequestsForPackageManager).length;\n if (numberOfPullRequestsToUpdate > 0) {\n if (!dryRun) {\n for (const pullRequestId in existingPullRequestsForPackageManager) {\n const id = makeRandomJobId();\n ({ job, credentials } = builder.forUpdate({\n id,\n command,\n existingPullRequests: existingPullRequestDependenciesForPackageManager,\n pullRequestToUpdate: existingPullRequestsForPackageManager[pullRequestId]!,\n securityVulnerabilities,\n }));\n ({ jobToken, credentialsToken } = this.makeTokens());\n server.add({ id, update, job, jobToken, credentialsToken, credentials });\n const { success, message } = await runJob({\n dependabotApiUrl,\n dependabotApiDockerUrl,\n jobId: id,\n jobToken,\n credentialsToken,\n updaterImage,\n secretMasker,\n debug,\n usage: makeUsageData(job),\n });\n const affectedPrs = server.allAffectedPrs(id);\n server.clear(id);\n results.push({ id, success, message, affectedPrs });\n }\n } else {\n logger.warn(\n `Skipping update of ${numberOfPullRequestsToUpdate} existing ${packageEcosystem} package pull request(s) as 'dryRun' is set to 'true'`,\n );\n }\n }\n }\n\n return results;\n }\n}\n"],"mappings":";;;;;;;;;;AAmCA,IAAa,6BAAb,cAAgD,sBAAsB;CAEpE,AAAiB;CAEjB,YAAY,SAA4C;AACtD,QAAM,QAAQ;AACd,OAAK,UAAU;;CAGjB,MAAyB,OAAO,IAAY,SAA8C;AACxF,QAAM,MAAM,OAAO,IAAI,QAAQ;EAE/B,MAAM,EAAE,SAAS,2BAA2B;EAC5C,MAAM,EACJ,KACA,cACA,gBACA,qBACA,sBACA,aACA,eACA,iBACA,6BACA,QACA,WACE;EAEJ,MAAM,EAAE,MAAM,SAAS;EACvB,MAAM,MAAM,MAAM,KAAK,IAAI,GAAG;AAC9B,MAAI,CAAC,KAAK;AACR,UAAO,MAAM,wBAAwB,GAAG,qCAAqC,KAAK,GAAG;AACrF,UAAO;;EAET,MAAM,EAAE,mBAAmB,mBAAmB;AAC9C,SAAO,KAAK,eAAe,KAAK,gBAAgB,GAAG,GAAG;EAEtD,MAAM,SAAS,KAAK,OAAO,GAAG;EAC9B,MAAM,EAAE,SAAS,eAAe;AAEhC,UAAQ,MAAR;GAIE,KAAK,uBAAuB;IAC1B,MAAM,QAAQ,KAAK;AACnB,QAAI,QAAQ;AACV,YAAO,KAAK,sCAAsC,MAAM,gCAAgC;AACxF,YAAO;;IAIT,MAAM,wBAAwB,OAAO;IAIrC,MAAM,wCAAwC,2BAA2B,sBAAsB,eAAe;IAC9G,MAAM,4BAA4B,OAAO,QAAQ,sCAAsC,CAAC;IACxF,MAAM,wBAAwB,uBAAuB,IAAI,GAAG,CAAE,QAAQ,SAAS;AAI/E,QAFE,wBAAwB,KAAK,yBAAyB,uBAEpB;AAClC,YAAO,KACL,sCAAsC,MAAM,qCAAqC,sBAAsB,oBACxG;AACD,YAAO;;IAGT,MAAM,eAAe,2BAA2B,KAAK;IACrD,MAAM,eAAe,2BAA2B,KAAK;IACrD,MAAM,eAAe,OAAO,oBAAqB,MAAM,aAAa,iBAAiB;KAAE;KAAS;KAAY,CAAC;IAC7G,MAAM,eAAe,uBAAuB;KAC1C,kBAAkB,OAAO;KACzB,kBAAkB;KAClB,WAAW,OAAO,aAAa,OAAO,aAAa,MAAM,QAAQ,aAAa,IAAI,MAAM,WAAW,IAAI,CAAC;KACxG,qBAAqB,CAAC,MAAM,QAAQ,aAAa,GAAG,aAAa,2BAA2B;KAC5F,cAAc,CAAC,MAAM,QAAQ,aAAa,GAAG,aAAa,eAAe;KACzE,WAAW,OAAO,6BAA6B;KAChD,CAAC;AAIF,SADuB,qBAAqB,MAAM,WAAW,iBAAiB,OAAO,IAAI,EAAE,EACxE,QAAQ;AACzB,YAAO,MACL,kCAAkC,MAAM,sBAAsB,aAAa,6DAC5E;AACD,YAAO;;IAET,MAAM,sBAAsB,qBAAqB,QAAQ,WAAW,aAAa,WAAW,OAAO,CAAC,IAAI,EAAE;AAC1G,QAAI,oBAAoB,QAAQ;AAC9B,YAAO,MACL,kCAAkC,MAAM,sBAAsB,aAAa,6CAA6C,oBAAoB,KAAK,KAAK,CAAC,qDACxJ;AACD,YAAO;;IAIT,MAAM,mBAAmB,MAAM,aAAa,kBAAkB;KACnD;KACG;KACZ,QAAQ;MACN,QAAQ,KAAK,sBAAsB,IAAI,OAAO;MAC9C,QAAQ;MACT;KACD,QAAQ,EACN,QAAQ,cACT;KACD;KACA;KACA,aAAa,0BAA0B;MACrC;MACA,MAAM,KAAK;MACX,cAAc,KAAK;MACnB,sBAAsB;MACvB,CAAC;KACF,eAAe,KAAK;KACpB,cAAc,kBACV;MACE,uBAAuB;MACvB,eAAe,iBAAiB;MACjC,GACD;KACJ,WAAW,OAAO;KAClB,QAAQ,OAAO,QAAQ,KAAK,UAAU,OAAO,MAAM,CAAC,IAAI,EAAE;KAC1D,WAAW,OAAO,YAAY,CAAC,OAAO,UAAU,GAAG,EAAE;KACrD,SAAS;KACT,YAAY,2BAA2B,gBAAgB,aAAa;KACrE,CAAC;AAGF,QAAI,eAAe,kBAAkB,iBACnC,OAAM,eAAe,mBAAmB;KAC7B;KACG;KACZ,eAAe;KAChB,CAAC;AAIJ,QAAI,kBAAkB;AACpB,4BAAuB,IAAI,GAAG,CAAE,QAAQ,KAAK,iBAAiB;AAC9D,YAAO;;AAET,WAAO;;GAGT,KAAK,uBAAuB;AAC1B,QAAI,QAAQ;AACV,YAAO,KAAK,4DAA4D;AACxE,YAAO;;IAIT,MAAM,sBAAsB,iCAC1B,sBACA,gBACA,KAAK,oBACN;AACD,QAAI,CAAC,qBAAqB;AACxB,YAAO,MACL,8DAA8D,eAAe,uBAAuB,KAAK,oBAAoB,KAAK,KAAK,CAAC,GACzI;AACD,YAAO;;IAIT,MAAM,wBAAwB,MAAM,aAAa,kBAAkB;KACxD;KACG;KACZ,eAAe,oBAAoB;KACnC,QAAQ,KAAK,sBAAsB,IAAI,OAAO;KAC9C;KACA,SAAS,2BAA2B,KAAK;KAC1C,CAAC;AAGF,QAAI,eAAe,kBAAkB,sBACnC,OAAM,eAAe,mBAAmB;KAC7B;KACG;KACZ,eAAe,oBAAoB;KACpC,CAAC;AAGJ,QAAI,uBAAuB;AACzB,4BAAuB,IAAI,GAAG,CAAE,QAAQ,KAAK,oBAAoB,cAAc;AAC/E,YAAO;;AAET,WAAO;;GAGT,KAAK,sBAAsB;AACzB,QAAI,QAAQ;AACV,YAAO,KAAK,6DAA6D;AACzE,YAAO;;IAIT,MAAM,qBAAqB,iCACzB,sBACA,gBACA,KAAK,oBACN;AACD,QAAI,CAAC,oBAAoB;AACvB,YAAO,MACL,6DAA6D,eAAe,uBAAuB,KAAK,oBAAoB,KAAK,KAAK,CAAC,GACxI;AACD,YAAO;;AAcT,QAPgB,MAAM,aAAa,mBAAmB;KAC3C;KACG;KACZ,eAAe,mBAAmB;KAClC,SAAS,0BAA0B,KAAK;KACxC,oBAAoB;KACrB,CAAC,EACW;AACX,4BAAuB,IAAI,GAAG,CAAE,OAAO,KAAK,mBAAmB,cAAc;AAC7E,YAAO;;AAET,WAAO;;GAGT,KAAK,6BAA6B;AAChC,QAAI,QAAQ;AACV,YAAO,KAAK,gDAAgD;AAC5D,YAAO;;IAIT,MAAM,MAAM,uBAAuB,IAAI,GAAG,CAAE,QAAQ,OAAO,uBAAuB,IAAI,GAAG,CAAE,QAAQ;AACnG,SAAK,MAAM,iBAAiB,IAC1B,OAAM,aAAa,iBAAiB;KACzB;KACG;KACZ,SAAS,2BAA2B,KAAK,cAAc,MAAM,KAAK;KAClE;KACD,CAAC;AAGJ,WAAO;;GAIT,KAAK;GACL,KAAK;GACL,KAAK;GACL,KAAK;GACL,KAAK;GACL,KAAK;GACL,KAAK;GACL,KAAK,iBACH,QAAO;GAET,KAAK;GACL,KAAK,mCAAmC;IACtC,MAAM,UAAU,SAAS;AACzB,WAAO,MACL,SAAS,UAAU,cAAc,GAAG,cAAc,KAAK,cAAc,GAAG,KAAK,UAAU,KAAK,iBAAiB,GAC9G;AACD,WAAO;;GAGT;AACE,WAAO,KAAK,oCAAoC,KAAK,gBAAgB;AACrE,WAAO;;;;;;;ACxQf,IAAa,uBAAb,cAA0C,gBAAgB;CAExD,AAAiB;CACjB,AAAiB;CACjB,AAAiB;CAGjB,YAAY,SAAsC;AAChD,QAAM,EAAE,GAAG,SAAS,CAAC;AACrB,OAAK,UAAU;EACf,MAAM,EAAE,KAAK,UAAU,aAAa,UAAU,KAAK;AAGnD,OAAK,eAAe,IAAI,yBAAyB,KAAK,UAAU,MAAM;AACtE,OAAK,iBAAiB,cAClB,IAAI,yBAAyB,KAAK,QAAQ,oBAAoB,UAAU,MAAM,GAC9E;;CAGN,MAAsB,MAA8B;AAClD,QAAM,MAAM,KAAK;EAEjB,MAAM,EACJ,SAAS,EAAE,KAAK,MAAM,QAAQ,iBAAiB,WAC/C,cACA,mBACE;AAIJ,MAAI,OAAO,6BAA6B,OAAO,SAAS,MAAM,MAAM,EAAE,yBAAyB,CAC7F,QAAO,KACL,sGACD;AAKH,MAAI,OAAO,SAAS,MAAM,MAAM,EAAE,gCAAgC,EAAE,CAClE,QAAO,KACL,4PACD;EAIH,MAAM,sBAAsB,MAAM,aAAa,eAAe;GAAE,SAAS,IAAI;GAAS,YAAY,IAAI;GAAY,CAAC;EACnH,MAAM,uBAAuB,MAAM,aAAa,+BAA+B;GAC7E,SAAS,IAAI;GACb,YAAY,IAAI;GAChB,WAAW,MAAM,aAAa,WAAW;GAC1C,CAAC;EAUF,MAAM,SAAS,IAAI,2BAPsC;GACvD;GACA;GACA;GACA;GACA,GAAG,KAAK;GACT,CAC2D;AAC5D,SAAO,MAAM,KAAK;AAElB,QAAM,IAAI,SAAS,YAAY,WAAW,SAAS,IAAK,CAAC;EAKzD,MAAM,mBAAmB,+BAA+B,OAAO,KAAK;EACpE,MAAM,yBAAyB;EAG/B,IAAIA,UAA8B,EAAE;AACpC,MAAI,mBAAmB,gBAAgB,SAAS,EAC9C,MAAK,MAAM,MAAM,iBAAiB;GAChC,MAAM,MAAM,OAAO,QAAQ;AAC3B,OAAI,CAAC,IACH,QAAO,KACL;+CACmC,GAAG;;gCAElB,OAAO,QAAQ,SAAS,EAAE;cAE/C;OAED,SAAQ,KAAK,IAAI;;MAIrB,WAAU,OAAO;AAGnB,MAAI;AAEF,SAAM,KAAK,2CAA2C,qBAAqB,qBAAqB;AAGhG,UAAO,MAAM,KAAK,eAChB,QACA,SACA,sBACA,kBACA,wBACA,QACD;YACO;AACR,UAAO,MAAM;;;;;;;;CASjB,MAAc,2CACZ,qBACA,sBACe;AACf,MAAI,CAAC,uBAAuB,CAAC,qBAAsB;EAEnD,MAAM,EACJ,SAAS,EAAE,KAAK,UAChB,iBACE;AACJ,OAAK,MAAM,oBAAoB,sBAAsB;GACnD,MAAM,cAAc,qBAAqB;GACzC,MAAM,2BAA2B,oBAC/B,YAAY,YAAY,MAAM,MAAM,EAAE,SAAS,0CAA0C,EAAE,MAC5F;AACD,OAAI,4BAA4B,CAAC,oBAAoB,SAAS,yBAAyB,EAAE;AAEvF,QAAI,CAAC,QAAQ;AACX,YAAO,KACL,kCAAkC,YAAY,cAAc,uDAC7D;AACD,WAAM,aAAa,mBAAmB;MACpC,SAAS,IAAI;MACb,YAAY,IAAI;MAChB,eAAe,YAAY;MAM3B,SACE;MAGH,CAAC;;AAGJ,yBAAqB,OAAO,qBAAqB,QAAQ,YAAY,EAAE,EAAE;;;;;;;;;;CAW/E,MAAc,eACZ,QACA,SACA,sBACA,kBACA,wBACA,SACwB;EACxB,MAAM,EACJ,SAAS,EAAE,KAAK,UAAU,aAAa,aAAa,QAAQ,QAAQ,wBAAwB,mBAC1F;EAEJ,MAAMC,UAAyB,EAAE;EAEjC,SAAS,kBAA0B;GACjC,MAAM,QAAQ,IAAI,YAAY,EAAE;AAChC,UAAO,gBAAgB,MAAM;AAC7B,UAAO,GAAG,MAAM,KAAM;;EAGxB,SAAS,cAAc,KAAkD;AACvE,UAAO;IACL,SAAS;IACT,UAAU,IAAI,OAAO;IACrB,OAAO,IAAI,MAAM,UAAU;IAC3B,SAAS,GAAG,IAAI,MAAM,UAAU,CAAC,QAAQ,OAAO,GAAG,CAAC,GAAG,IAAI;IAC3D,mBAAmB,IAAI;IACxB;;AAGH,OAAK,MAAM,UAAU,SAAS;GAC5B,MAAM,mBAAmB,OAAO;GAChC,MAAM,iBAAiB,oCAAoC,iBAAiB;GAG5E,IAAI,EAAE,iBAAiB,KAAK;AAC5B,kBAAe,cAAc,QAAQ,kBAAkB,iBAAiB;GAIxE,MAAM,wCAAwC,2BAA2B,sBAAsB,eAAe;GAC9G,MAAM,mDAAmD,OAAO,OAAO,sCAAsC;GAE7G,MAAM,UAAU,IAAI,qBAAqB;IACvC,QAAQ;KAAE,UAAU;KAAS,GAAG;KAAK;IACrC;IACA;IACA,mBAAmB;IACnB;IACA;IACA,OAAO;IACR,CAAC;GAEF,IAAIC;GACJ,IAAIC;GACJ,IAAIC;GACJ,IAAIC;GAEJ,MAAM,QAAQ,KAAK,QAAQ;GAM3B,MAAMC,0BAAmD,EAAE;GAC3D,MAAMC,0BAAoC,EAAE;GAC5C,MAAM,wBAAwB,OAAO;GACrC,MAAM,sBAAsB,0BAA0B;AACtD,OAAI,qBAAqB;IAEvB,MAAM,KAAK,iBAAiB;AAC5B,KAAC,CAAE,KAAK,eAAgB,QAAQ,oBAAoB;KAAE;KAAI;KAAS,CAAC;AACpE,KAAC,CAAE,UAAU,oBAAqB,KAAK,YAAY;AACnD,WAAO,IAAI;KAAE;KAAI;KAAQ;KAAK;KAAU;KAAkB;KAAa,CAAC;AACxE,UAAM,OAAO;KACX;KACA;KACA,OAAO;KACP;KACA;KACA;KACA;KACA;KACA,OAAO,cAAc,IAAI;KAC1B,CAAC;IAGF,MAAMC,oCADU,OAAO,SAAS,GAAG,CAEhC,MAAM,MAAM,EAAE,SAAS,yBAAyB,EAC/C,KAAK,cAAc,KAAK,OAAO;KAAE,MAAM,EAAE;KAAM,SAAS,EAAE;KAAS,EAAE;AACzE,QAAI,mCAAmC,QAAQ;AAC7C,YAAO,KACL,YAAY,kCAAkC,OAAO,gDACtD;AAGD,SAAI,wBAAwB;MAC1B,MAAM,WAAW;AACjB,UAAI,WAAW,SAAS,EAAE;OACxB,MAAM,eAAe,MAAM,SAAS,UAAU,QAAQ;AACtD,+BAAwB,KACtB,GAAI,MAAM,4BAA4B,OAAO,CAAC,WAAW,KAAK,MAAM,aAAa,CAAC,CACnF;YAED,QAAO,KAAK,qCAAqC,SAAS,kBAAkB;;AAGhF,SAAI,aAAa;MAEf,MAAM,wBAAwB,MADX,IAAI,6BAA6B,YAAY,CACjB,gCAC7C,oDAAoD,eAAe,EACnE,qCAAqC,EAAE,CACxC;AACD,8BAAwB,KAAK,GAAG,sBAAsB;WAEtD,QAAO,KACL,oKAED;KAGH,MAAM,WAAW,sBAAsB,wBAAwB;AAC/D,6BAAwB,OAAO,EAAE;AACjC,6BAAwB,KAAK,GAAG,SAAS;AAGzC,6BAAwB,KAAK,GAAG,MAAM,KAAK,IAAI,IAAI,wBAAwB,KAAK,MAAM,EAAE,QAAQ,KAAK,CAAC,CAAC,CAAC;AACxG,YAAO,KACL,YAAY,wBAAwB,OAAO,6BAA6B,wBAAwB,OAAO,eACxG;AACD,SAAI,wBAAwB,OAC1B,QAAO,MAAM,wBAAwB;WAElC;AACL,YAAO,KAAK,0CAA0C,OAAO,qBAAqB,MAAM,OAAO,YAAY;AAC3G,YAAO,MAAM,GAAG;AAChB;;AAGF,WAAO,MAAM,GAAG;;GAIlB,MAAM,wBAAwB,OAAO,QAAQ,sCAAsC,CAAC;AAGpF,OAAI,EADF,wBAAwB,KAAK,yBAAyB,wBACnB;IACnC,MAAM,kCAAkC,wBAAwB,UAAU,wBAAwB;AAClG,QAAI,CAAC,uBAAuB,iCAAiC;KAC3D,MAAM,KAAK,iBAAiB;AAC5B,MAAC,CAAE,KAAK,eAAgB,QAAQ,UAAU;MACxC;MACA;MACA;MACA,sBAAsB;MACtB;MACD,CAAC;AACF,MAAC,CAAE,UAAU,oBAAqB,KAAK,YAAY;AACnD,YAAO,IAAI;MAAE;MAAI;MAAQ;MAAK;MAAU;MAAkB;MAAa,CAAC;KACxE,MAAM,EAAE,SAAS,YAAY,MAAM,OAAO;MACxC;MACA;MACA,OAAO;MACP;MACA;MACA;MACA;MACA;MACA,OAAO,cAAc,IAAI;MAC1B,CAAC;KACF,MAAM,cAAc,OAAO,eAAe,GAAG;AAC7C,YAAO,MAAM,GAAG;AAChB,aAAQ,KAAK;MAAE;MAAI;MAAS;MAAS;MAAa,CAAC;UAEnD,QAAO,KAAK,8EAA8E;SAG5F,QAAO,KACL,uBAAuB,iBAAiB,6CAA6C,sBAAsB,4BAC5G;GAIH,MAAM,+BAA+B,OAAO,KAAK,sCAAsC,CAAC;AACxF,OAAI,+BAA+B,EACjC,KAAI,CAAC,OACH,MAAK,MAAM,iBAAiB,uCAAuC;IACjE,MAAM,KAAK,iBAAiB;AAC5B,KAAC,CAAE,KAAK,eAAgB,QAAQ,UAAU;KACxC;KACA;KACA,sBAAsB;KACtB,qBAAqB,sCAAsC;KAC3D;KACD,CAAC;AACF,KAAC,CAAE,UAAU,oBAAqB,KAAK,YAAY;AACnD,WAAO,IAAI;KAAE;KAAI;KAAQ;KAAK;KAAU;KAAkB;KAAa,CAAC;IACxE,MAAM,EAAE,SAAS,YAAY,MAAM,OAAO;KACxC;KACA;KACA,OAAO;KACP;KACA;KACA;KACA;KACA;KACA,OAAO,cAAc,IAAI;KAC1B,CAAC;IACF,MAAM,cAAc,OAAO,eAAe,GAAG;AAC7C,WAAO,MAAM,GAAG;AAChB,YAAQ,KAAK;KAAE;KAAI;KAAS;KAAS;KAAa,CAAC;;OAGrD,QAAO,KACL,sBAAsB,6BAA6B,YAAY,iBAAiB,uDACjF;;AAKP,SAAO"}

package/dist/local/index.d.mts CHANGED Viewed

@@ -1,3 +1,3 @@
-import "../api-client-M8F9t7II.mjs";
-import { a as LocalJobsRunner, i as LocalDependabotServerOptions, n as LocalDependabotServer, o as LocalJobsRunnerOptions, r as LocalDependabotServerAddOptions, s as RunJobsResult, t as AffectedPullRequestIds } from "../server-DTAFwSrb.mjs";
+import "../api-client-BoQ6jjRB.mjs";
+import { a as LocalJobsRunner, i as LocalDependabotServerOptions, n as LocalDependabotServer, o as LocalJobsRunnerOptions, r as LocalDependabotServerAddOptions, s as RunJobsResult, t as AffectedPullRequestIds } from "../server-6BlJr2bw.mjs";
 export { AffectedPullRequestIds, LocalDependabotServer, LocalDependabotServerAddOptions, LocalDependabotServerOptions, LocalJobsRunner, LocalJobsRunnerOptions, RunJobsResult };

package/dist/local/index.mjs CHANGED Viewed

@@ -1,3 +1,3 @@
-import { n as LocalJobsRunner, t as LocalDependabotServer } from "../server-M1ps5BVd.mjs";
+import { n as LocalJobsRunner, t as LocalDependabotServer } from "../server-BxUu1gGo.mjs";
 export { LocalDependabotServer, LocalJobsRunner };

package/dist/{run-DBD6Hefl.mjs → run-CXDAe0P_.mjs} RENAMED Viewed

@@ -1,6 +1,5 @@
-import { DependabotCredentialSchema, DependabotJobConfigSchema } from "@paklo/core/dependabot";
-import { HEADER_NAME_AUTHORIZATION, HttpRequestError, InnerApiClient, isErrorTemporaryFailure } from "@paklo/core/http";
 import { logger } from "@paklo/core/logger";
+import ky, { isHTTPError } from "ky";
 import Docker from "dockerode";
 import { pack } from "tar-stream";
 import stream, { Readable } from "node:stream";
@@ -14,12 +13,14 @@ import { z } from "zod";
 var JobDetailsFetchingError = class extends Error {};
 var CredentialFetchingError = class extends Error {};
 var ApiClient = class {
+	dependabotApiUrl;
 	jobToken;
 	constructor(client, params, jobToken, credentialsToken, secretMasker) {
 		this.client = client;
 		this.params = params;
 		this.credentialsToken = credentialsToken;
 		this.secretMasker = secretMasker;
+		this.dependabotApiUrl = params.dependabotApiUrl.replace("host.docker.internal", "localhost");
 		this.jobToken = jobToken;
 	}
 	UnknownSha = { "base-commit-sha": "unknown" };
@@ -27,47 +28,53 @@ var ApiClient = class {
 		return this.jobToken;
 	}
 	async getJobDetails() {
+		const detailsURL = `${this.dependabotApiUrl}/update_jobs/${this.params.jobId}/details`;
 		try {
-			const res = await this.getWithRetry(`/update_jobs/${this.params.jobId}/details`, this.jobToken, { schema: DependabotJobConfigSchema });
-			if (res.status !== 200) throw new JobDetailsFetchingError(`fetching job details: unexpected status code: ${res.status}: ${JSON.stringify(res.error)}`);
-			if (!res.data) throw new JobDetailsFetchingError(`fetching job details: missing response`);
-			return res.data;
+			const res = await this.getWithRetry(detailsURL, this.jobToken);
+			if (res.status !== 200) throw new JobDetailsFetchingError(`fetching job details: unexpected status code: ${res.status}: ${JSON.stringify(await res.json())}`);
+			const data = await res.json();
+			if (!data) throw new JobDetailsFetchingError(`fetching job details: missing response`);
+			return data;
 		} catch (error) {
 			if (error instanceof JobDetailsFetchingError) throw error;
-			else if (error instanceof HttpRequestError) throw new JobDetailsFetchingError(`fetching job details: unexpected status code: ${error.code}: ${error.message}`);
+			else if (isHTTPError(error)) throw new JobDetailsFetchingError(`fetching job details: unexpected status code: ${error.response.status}: ${error.message}`);
 			else if (error instanceof Error) throw new JobDetailsFetchingError(`fetching job details: ${error.name}: ${error.message}`);
 			throw error;
 		}
 	}
 	async getCredentials() {
+		const credentialsURL = `${this.dependabotApiUrl}/update_jobs/${this.params.jobId}/credentials`;
 		try {
-			const res = await this.getWithRetry(`/update_jobs/${this.params.jobId}/credentials`, this.credentialsToken, { schema: DependabotCredentialSchema.array() });
-			if (res.status !== 200) throw new CredentialFetchingError(`fetching credentials: unexpected status code: ${res.status}: ${JSON.stringify(res.error)}`);
-			if (!res.data) throw new CredentialFetchingError(`fetching credentials: missing response`);
-			for (const credential of res.data) {
+			const res = await this.getWithRetry(credentialsURL, this.credentialsToken);
+			if (res.status !== 200) throw new CredentialFetchingError(`fetching credentials: unexpected status code: ${res.status}: ${JSON.stringify(await res.json())}`);
+			const data = await res.json();
+			if (!data) throw new CredentialFetchingError(`fetching credentials: missing response`);
+			for (const credential of data) {
 				if (credential.password) this.secretMasker(credential.password);
 				if (credential.token) this.secretMasker(credential.token);
 				if (credential["auth-key"]) this.secretMasker(credential["auth-key"]);
 			}
-			return res.data;
+			return data;
 		} catch (error) {
 			if (error instanceof CredentialFetchingError) throw error;
-			else if (error instanceof HttpRequestError) throw new CredentialFetchingError(`fetching credentials: unexpected status code: ${error.code}: ${error.message}`);
+			else if (isHTTPError(error)) throw new CredentialFetchingError(`fetching credentials: unexpected status code: ${error.response.status}: ${error.message}`);
 			else if (error instanceof Error) throw new CredentialFetchingError(`fetching credentials: ${error.name}: ${error.message}`);
 			throw error;
 		}
 	}
 	async reportJobError(error) {
-		const res = await this.client.post(`/update_jobs/${this.params.jobId}/record_update_job_error`, {
-			payload: error,
-			headers: { [HEADER_NAME_AUTHORIZATION]: this.jobToken }
+		const recordErrorURL = `${this.dependabotApiUrl}/update_jobs/${this.params.jobId}/record_update_job_error`;
+		const res = await this.client.post(recordErrorURL, {
+			json: error,
+			headers: { Authorization: this.jobToken }
 		});
 		if (res.status !== 204) throw new Error(`Unexpected status code: ${res.status}`);
 	}
 	async markJobAsProcessed() {
-		const res = await this.client.patch(`/update_jobs/${this.params.jobId}/mark_as_processed`, {
-			payload: this.UnknownSha,
-			headers: { [HEADER_NAME_AUTHORIZATION]: this.jobToken }
+		const markAsProcessedURL = `${this.dependabotApiUrl}/update_jobs/${this.params.jobId}/mark_as_processed`;
+		const res = await this.client.patch(markAsProcessedURL, {
+			json: this.UnknownSha,
+			headers: { Authorization: this.jobToken }
 		});
 		if (res.status !== 204) throw new Error(`Unexpected status code: ${res.status}`);
 	}
@@ -85,35 +92,23 @@ var ApiClient = class {
 		}
 	}
 	async reportMetrics(metrics) {
-		const res = await this.client.post(`/update_jobs/${this.params.jobId}/record_metrics`, {
-			payload: { data: metrics },
-			headers: { [HEADER_NAME_AUTHORIZATION]: this.jobToken }
+		const metricsURL = `${this.dependabotApiUrl}/update_jobs/${this.params.jobId}/record_metrics`;
+		const res = await this.client.post(metricsURL, {
+			json: { data: metrics },
+			headers: { Authorization: this.jobToken }
 		});
 		if (res.status !== 204) throw new Error(`Unexpected status code: ${res.status}`);
 	}
 	async getWithRetry(url, token, options) {
-		let attempt = 1;
-		const delayMs = 1e3 * 2 ** attempt;
 		const execute = async () => {
-			try {
-				const res = await this.client.get(url, {
-					headers: { Authorization: token },
-					...options
-				});
-				const { status, statusText } = res;
-				if (status < 200 || status > 299) throw new HttpRequestError(`HTTP GET '${url}' failed: ${status} ${statusText}`, status);
-				return res;
-			} catch (e) {
-				const error = e;
-				if (isErrorTemporaryFailure(error)) {
-					if (attempt >= 3) throw error;
-					logger.warn(`Retrying failed request in ${delayMs}ms...`);
-					await new Promise((resolve) => setTimeout(resolve, delayMs));
-					attempt++;
-					return execute();
-				}
-				throw error;
-			}
+			return await this.client.get(url, {
+				headers: { Authorization: token },
+				retry: { limit: 3 },
+				hooks: { beforeRetry: [async ({ request, options: options$1, error, retryCount }) => {
+					if (isHTTPError(error)) logger.warn(`Retrying failed request with status code: ${error.response.status}`);
+				}] },
+				...options
+			});
 		};
 		return execute();
 	}
@@ -121,38 +116,38 @@ var ApiClient = class {
 //#endregion
 //#region docker/containers.json
-var proxy = "ghcr.io/github/dependabot-update-job-proxy/dependabot-update-job-proxy:v2.0.20251124194534@sha256:e3361d9ba33ffcb1c72b2ac9feba766f0e941b0bf2b692029948f60262708ffa";
+var proxy = "ghcr.io/github/dependabot-update-job-proxy/dependabot-update-job-proxy:v2.0.20251212184225@sha256:cd436ba52ca956dfbf8beaf71a603d8ed99c4fc3a7232fee6f8c4a665533b0de";
 var containers_default = {
 	proxy,
-	bundler: "ghcr.io/dependabot/dependabot-updater-bundler:v2.0.20251201212603@sha256:4d7ccca98ef685997794a1d600ebe241f51d7f04cfc7713dc49b1cea513f1bd0",
-	cargo: "ghcr.io/dependabot/dependabot-updater-cargo:v2.0.20251201212603@sha256:6f2027a0168181f0c5dcc8460b786d2b354680f0b8b4966354733c2c75786f19",
-	composer: "ghcr.io/dependabot/dependabot-updater-composer:v2.0.20251201212603@sha256:dfb87998cefafb53b524dd7badeeb419fac89bcb8ecfc0783f628a473a9116b2",
-	conda: "ghcr.io/dependabot/dependabot-updater-conda:v2.0.20251201212603@sha256:a51ae51359dd2b599c5359636d35c995f654fdc6dcd6ef2e7dbef0f6460e950d",
-	pub: "ghcr.io/dependabot/dependabot-updater-pub:v2.0.20251201212603@sha256:c1c16cbc231c6cfd55356980933ea1ccac2e8fef733dec2ff326e14b681329de",
-	docker: "ghcr.io/dependabot/dependabot-updater-docker:v2.0.20251201212603@sha256:cd696e992b0539a776f2559529609863682c5e2a58eb71cad94389388f810c7c",
-	elm: "ghcr.io/dependabot/dependabot-updater-elm:v2.0.20251201212603@sha256:47b8a968485f4c26bdff1042f9bc1e205cb3dcf3fe26b0c734bbbe4dceae8dff",
-	github_actions: "ghcr.io/dependabot/dependabot-updater-github-actions:v2.0.20251201212603@sha256:01cad8bab547d5041cf11cb2f0287f091695d5971d3f7fb93b97817727093a2c",
-	submodules: "ghcr.io/dependabot/dependabot-updater-gitsubmodule:v2.0.20251201212603@sha256:5db44d0735b56cb4e4f2ee690ce9dd7be70a023da92226a4736dd3cdcfe50bcd",
-	go_modules: "ghcr.io/dependabot/dependabot-updater-gomod:v2.0.20251201212603@sha256:2776cd9e167c5a1459339fa1467f982aff9e82e63da2cbd82ed499da964acca4",
-	gradle: "ghcr.io/dependabot/dependabot-updater-gradle:v2.0.20251201212603@sha256:b1e8f031e81353998e341783a543664ed7d55edf0f428f47e27f904bf911c61b",
-	maven: "ghcr.io/dependabot/dependabot-updater-maven:v2.0.20251201212603@sha256:0d141e28a13533871b5d722f53a3fb07ac488889a3d3711bebed3dbebd2ef762",
-	hex: "ghcr.io/dependabot/dependabot-updater-mix:v2.0.20251201212603@sha256:9adb70b1de3a5897d63e2e2f8b74dec4dfcbfacc601e11cc0c804815490b0a3e",
-	nuget: "ghcr.io/dependabot/dependabot-updater-nuget:v2.0.20251201212603@sha256:5e8b5352ecfc694cae8bf91361610715f44e8b87e2ef0025a731ab880359745b",
-	npm_and_yarn: "ghcr.io/dependabot/dependabot-updater-npm:v2.0.20251201212603@sha256:fa929e3b9351b79be8e5d578454233b1b9683b4ef1e0299ec3bec801187397e5",
-	pip: "ghcr.io/dependabot/dependabot-updater-pip:v2.0.20251201212603@sha256:3999dcdbe5c4c76c758689886d0bbd858591120265a09b3c66b7ca6953b9aed4",
-	rust_toolchain: "ghcr.io/dependabot/dependabot-updater-rust-toolchain:v2.0.20251201212603@sha256:93f0864479adf2a2bbd305b5a5aa879a939143030ce079f7876fc78d68e2114d",
-	swift: "ghcr.io/dependabot/dependabot-updater-swift:v2.0.20251201212603@sha256:4afa34565a697f4f9f9a7ed43aa27391f85a9595ede0bf50d0d8f2d6e78ad933",
-	terraform: "ghcr.io/dependabot/dependabot-updater-terraform:v2.0.20251201212603@sha256:fb52cb34279616f29e76ec8dc25af343d4dfc75e46450054c3a742ba90708a22",
-	devcontainers: "ghcr.io/dependabot/dependabot-updater-devcontainers:v2.0.20251201212603@sha256:5ff76b8ad5c9fc1898f99c7c85717acbb3c722a38c3e0d0cefd48d907276f554",
-	dotnet_sdk: "ghcr.io/dependabot/dependabot-updater-dotnet-sdk:v2.0.20251201212603@sha256:694ef1de781bba340a98b6b53686ff7f63678ad4dcf71cec93c8113c1fcdb09f",
-	bun: "ghcr.io/dependabot/dependabot-updater-bun:v2.0.20251201212603@sha256:3c3f05216013eaa0b687f92c3768cc4fa66a98b9c77d70502ca66299c0bb38dd",
-	docker_compose: "ghcr.io/dependabot/dependabot-updater-docker-compose:v2.0.20251201212603@sha256:a9bc91ed06af6dd34b69605484bb9af7ed05a1cec96d7bb82f0e0f7a71fd4e87",
-	uv: "ghcr.io/dependabot/dependabot-updater-uv:v2.0.20251201212603@sha256:46d19b5c71dd4d286194c07975c117129096eb31125df903dd2495c874523597",
-	vcpkg: "ghcr.io/dependabot/dependabot-updater-vcpkg:v2.0.20251201212603@sha256:53a3a1661aff1d1cf2070f2d1700a3421a8ac6f493ac2cfe2157b9161a661ddf",
-	helm: "ghcr.io/dependabot/dependabot-updater-helm:v2.0.20251201212603@sha256:2ea22bcae3f43403f066776e285b5745fbcd659717b22faaa8282c11cde239c5",
-	julia: "ghcr.io/dependabot/dependabot-updater-julia:v2.0.20251201212603@sha256:b0631e1e4822682c0d760cd770c65f6b2fddbf43e2e3a77fca99397bbde994b8",
-	bazel: "ghcr.io/dependabot/dependabot-updater-bazel:v2.0.20251201212603@sha256:cee3559d5502991a53f5eda54a4ea167acefe38eaa200f51221e346d0e68a6be",
-	opentofu: "ghcr.io/dependabot/dependabot-updater-opentofu:v2.0.20251201212603@sha256:e49bb50cdede47c0c30576c0d1969b7103a18c57d750929855b338fcbe51a749"
+	bundler: "ghcr.io/dependabot/dependabot-updater-bundler:v2.0.20251212192154@sha256:1e4a8ea4fcd14b4db9c30d33a537edb96bd2460fc417cb887e94855d526728a9",
+	cargo: "ghcr.io/dependabot/dependabot-updater-cargo:v2.0.20251212192154@sha256:54c7b4aba856020baeaa93f4c519e3fc8b135fd4765e881dababe1cc7d983327",
+	composer: "ghcr.io/dependabot/dependabot-updater-composer:v2.0.20251212192154@sha256:433f16561014141e86d6d00b0a7107b52e6d14c42a71f3a695da059aae77b9d5",
+	conda: "ghcr.io/dependabot/dependabot-updater-conda:v2.0.20251212192154@sha256:4f6fba2e147c6ba9c0ee210e811f3224c5f788632d2f754bb4f414faadaa3cdc",
+	pub: "ghcr.io/dependabot/dependabot-updater-pub:v2.0.20251212192154@sha256:84ad8b0473f345df585115ddf85bb782a2c3c93166fc8ba953a505bb5031868e",
+	docker: "ghcr.io/dependabot/dependabot-updater-docker:v2.0.20251212192154@sha256:a6901a7bbf83f95e664ab8ad114df3588d6f1dd89b9820f787dfa62d601595b9",
+	elm: "ghcr.io/dependabot/dependabot-updater-elm:v2.0.20251212192154@sha256:f5583a34625aa24cffe380a848b29bca4405ec24bb48b71a983a71c1c4f6d759",
+	github_actions: "ghcr.io/dependabot/dependabot-updater-github-actions:v2.0.20251212192154@sha256:c82fb58fd6f808a4c06a2fe790109356f2f519dd66819d3195b3a1420c1c98f9",
+	submodules: "ghcr.io/dependabot/dependabot-updater-gitsubmodule:v2.0.20251212192154@sha256:a6f30d57805dd8659881ebc16288bfd2b258199c2f7d02cc4d66f7c88bbd8a87",
+	go_modules: "ghcr.io/dependabot/dependabot-updater-gomod:v2.0.20251212192154@sha256:748079a7bea5bf1e7d7893950ebb6fa0e3ded52cf4b4b0846fcc97e247d3c1ad",
+	gradle: "ghcr.io/dependabot/dependabot-updater-gradle:v2.0.20251212192154@sha256:7c6903145d02c573c22e5357c4cfed9ae70c08c057857740e9a516dc3d471554",
+	maven: "ghcr.io/dependabot/dependabot-updater-maven:v2.0.20251212192154@sha256:273d07b986d509fd23859c2c737170b351f1b0517e4d1acf12453171b13d69a3",
+	hex: "ghcr.io/dependabot/dependabot-updater-mix:v2.0.20251212192154@sha256:a01f70e14b995c8ac0d572fe342f8168a77f2860efc6162e033ca9d766c2aabd",
+	nuget: "ghcr.io/dependabot/dependabot-updater-nuget:v2.0.20251212192154@sha256:7a7a92721c5571cb700afd7c5020dd0f83a0cca14f7ebde73b1367919e82f1af",
+	npm_and_yarn: "ghcr.io/dependabot/dependabot-updater-npm:v2.0.20251212192154@sha256:8fb8615abae9f2d51a330af676f83059ab39cf33d03b9850184e579a2c0a796e",
+	pip: "ghcr.io/dependabot/dependabot-updater-pip:v2.0.20251212192154@sha256:25a8099530502669207803834bf60f75f51aa7c9521132f9d63322f90129ca8f",
+	rust_toolchain: "ghcr.io/dependabot/dependabot-updater-rust-toolchain:v2.0.20251212192154@sha256:80e84192c652f7b84b558bd342888d0039947945c4815d77e67cb12d27fedc87",
+	swift: "ghcr.io/dependabot/dependabot-updater-swift:v2.0.20251212192154@sha256:7d2868c887b09f3c85fedbce5312c6d3516910499e1acaed73134c1b5cbb9b48",
+	terraform: "ghcr.io/dependabot/dependabot-updater-terraform:v2.0.20251212192154@sha256:287ceb85283279cfa9a08b4c342198ebd9344f036a02aa42a390f5d3ddde3362",
+	devcontainers: "ghcr.io/dependabot/dependabot-updater-devcontainers:v2.0.20251212192154@sha256:05648e7f35629917fb7733312acf4d2a9db4fd068abe7d2281df25b4c9615365",
+	dotnet_sdk: "ghcr.io/dependabot/dependabot-updater-dotnet-sdk:v2.0.20251212192154@sha256:01e521c8b5e7de9a7617d84eec655a94bbb844ccbf1403743165ecc6295329e3",
+	bun: "ghcr.io/dependabot/dependabot-updater-bun:v2.0.20251212192154@sha256:7c03e633930e9f1077c1a4b1d09eac693750b0729f1d78ea3384ed00212dc3ef",
+	docker_compose: "ghcr.io/dependabot/dependabot-updater-docker-compose:v2.0.20251212192154@sha256:692da08db4c5477e0120a3acad79489e67f64f334d72719b1e4b4f5eade92920",
+	uv: "ghcr.io/dependabot/dependabot-updater-uv:v2.0.20251212192154@sha256:38428259542f24e3a6a8e53ebc10249b79029d0335f73ba2dad72b853eb86d58",
+	vcpkg: "ghcr.io/dependabot/dependabot-updater-vcpkg:v2.0.20251212192154@sha256:4ecb840e58d9c3a377901ae13e824496456e01e1a1da5ba516063110a9789b6c",
+	helm: "ghcr.io/dependabot/dependabot-updater-helm:v2.0.20251212192154@sha256:b6531a30ead9f6aeaf75e6706556b74096ae025dc6ff6c08e9f18b9b71300492",
+	julia: "ghcr.io/dependabot/dependabot-updater-julia:v2.0.20251212192154@sha256:0eab8ed2d557669d13b71fed94c4c879a400a7f396ba057d4c2194ac2b87434f",
+	bazel: "ghcr.io/dependabot/dependabot-updater-bazel:v2.0.20251212192154@sha256:c7fa5b63963a9915bcdb1c4917de33012ac2f0fcae797cd42596ae5cec1c02fd",
+	opentofu: "ghcr.io/dependabot/dependabot-updater-opentofu:v2.0.20251212192154@sha256:3e770cde5e17b19d984fb0f1f205454f16eb6ebb7e342710249858842affa12e"
 };
 //#endregion
@@ -186,6 +181,7 @@ function digestName(imageName) {
 //#endregion
 //#region src/utils.ts
+const nullStream = new stream.Writable({ write: (__, _, next) => next() });
 const outStream = (prefix) => {
 	return new stream.Writable({ write(chunk, _, next) {
 		process.stdout.write(`${prefix} | ${chunk.toString()}`);
@@ -288,7 +284,7 @@ const ContainerService = {
 //#endregion
 //#region src/image-service.ts
 const MAX_RETRIES = 5;
-const INITIAL_DELAY_MS = 2e3;
+const INITIAL_DELAY_MS = 5e3;
 const sleep = async (ms) => new Promise((resolve) => setTimeout(resolve, ms));
 const endOfStream = async (docker$1, stream$1) => {
 	return new Promise((resolve, reject) => {
@@ -397,11 +393,12 @@ const CERT_SUBJECT = [
 		value: "San Francisco"
 	}
 ];
-var ProxyBuilder = class {
-	constructor(docker$1, proxyImage, cachedMode) {
+var ProxyBuilder = class ProxyBuilder {
+	constructor(docker$1, proxyImage, cachedMode, debug) {
 		this.docker = docker$1;
 		this.proxyImage = proxyImage;
 		this.cachedMode = cachedMode;
+		this.debug = debug;
 	}
 	async run(jobId, jobToken, dependabotApiUrl, credentials) {
 		const name = `dependabot-job-${jobId}-proxy`;
@@ -424,7 +421,7 @@ var ProxyBuilder = class {
 			stdout: true,
 			stderr: true
 		});
-		container.modem.demuxStream(stream$1, outStream("  proxy"), errStream("  proxy"));
+		container.modem.demuxStream(stream$1, this.debug ? outStream("  proxy") : nullStream, errStream("  proxy"));
 		const url = async () => {
 			const containerInfo = await container.inspect();
 			if (containerInfo.State.Running === true) return `http://${containerInfo.NetworkSettings.Networks[`${internalNetworkName}`].IPAddress}:1080`;
@@ -454,10 +451,10 @@ var ProxyBuilder = class {
 	async buildProxyConfig(credentials) {
 		return {
 			all_credentials: credentials,
-			ca: await this.generateCertificateAuthority()
+			ca: await ProxyBuilder.generateCertificateAuthority()
 		};
 	}
-	async generateCertificateAuthority() {
+	static async generateCertificateAuthority() {
 		const { default: { md, pki } } = await import("node-forge");
 		const keys = pki.rsa.generateKeyPair(KEY_SIZE);
 		const cert = pki.createCertificate();
@@ -540,7 +537,7 @@ var ProxyBuilder = class {
 //#endregion
 //#region package.json
-var version = "0.6.0";
+var version = "0.8.0";
 //#endregion
 //#region src/updater-builder.ts
@@ -607,12 +604,13 @@ var UpdaterBuilder = class {
 //#region src/updater.ts
 var Updater = class {
 	docker;
-	constructor(updaterImage, proxyImage, params, job, credentials) {
+	constructor(updaterImage, proxyImage, params, job, credentials, debug) {
 		this.updaterImage = updaterImage;
 		this.proxyImage = proxyImage;
 		this.params = params;
 		this.job = job;
 		this.credentials = credentials;
+		this.debug = debug;
 		this.docker = new Docker();
 		this.job["credentials-metadata"] = this.generateCredentialsMetadata();
 	}
@@ -621,7 +619,7 @@ var Updater = class {
 	*/
 	async runUpdater() {
 		const cachedMode = Object.hasOwn(this.job.experiments, "proxy-cached") === true;
-		const proxy$1 = await new ProxyBuilder(this.docker, this.proxyImage, cachedMode).run(this.params.jobId, this.params.jobToken, this.params.dependabotApiUrl, this.credentials);
+		const proxy$1 = await new ProxyBuilder(this.docker, this.proxyImage, cachedMode, this.debug).run(this.params.jobId, this.params.jobToken, this.params.dependabotApiUrl, this.credentials);
 		await proxy$1.container.start();
 		try {
 			await this.runUpdate(proxy$1);
@@ -692,7 +690,7 @@ var Updater = class {
 var JobRunnerImagingError = class extends Error {};
 var JobRunnerUpdaterError = class extends Error {};
 async function runJob(options) {
-	const { jobId, dependabotApiUrl, dependabotApiDockerUrl, jobToken, credentialsToken, secretMasker, usage } = options;
+	const { jobId, dependabotApiUrl, dependabotApiDockerUrl, jobToken, credentialsToken, secretMasker, debug, usage } = options;
 	const started = /* @__PURE__ */ new Date();
 	let success = false;
 	let message;
@@ -705,7 +703,7 @@ async function runJob(options) {
 			dependabotApiDockerUrl: dependabotApiDockerUrl ?? dependabotApiUrl,
 			updaterImage: options.updaterImage
 		});
-		const apiClient = new ApiClient(new InnerApiClient({ baseUrl: dependabotApiUrl.replace("host.docker.internal", "localhost") }), params, jobToken, credentialsToken, secretMasker);
+		const apiClient = new ApiClient(ky.create({ headers: { "User-Agent": `paklo-runner/${version}` } }), params, jobToken, credentialsToken, secretMasker);
 		const job = await apiClient.getJobDetails();
 		const updaterImage = params.updaterImage || updaterImageName(job["package-manager"]);
 		const sendMetricsWithPackageManager = async (name, metricType, value, additionalTags = {}) => {
@@ -718,7 +716,7 @@ async function runJob(options) {
 				logger.warn(`Metric sending failed for ${name}: ${error.message}`);
 			}
 		};
-		const updater = new Updater(updaterImage, PROXY_IMAGE_NAME, params, job, await apiClient.getCredentials() || []);
+		const updater = new Updater(updaterImage, PROXY_IMAGE_NAME, params, job, await apiClient.getCredentials() || [], debug);
 		try {
 			await ImageService.pull(updaterImage, sendMetricsWithPackageManager);
 			await ImageService.pull(PROXY_IMAGE_NAME, sendMetricsWithPackageManager);
@@ -759,8 +757,7 @@ async function runJob(options) {
 		try {
 			const json = JSON.stringify(data);
 			logger.debug(`Usage telemetry data: ${json}`);
-			const resp = await fetch("https://www.paklo.app/api/usage-telemetry", {
-				method: "POST",
+			const resp = await ky.post("https://www.paklo.app/api/usage-telemetry", {
 				headers: { "Content-Type": "application/json" },
 				body: json
 			});
@@ -789,5 +786,5 @@ async function isRunningInDocker() {
 }
 //#endregion
-export { JobDetailsFetchingError as S, repositoryName as _, Updater as a, ApiClient as b, JobParameters as c, getOrgFromImage as d, ContainerRuntimeError as f, hasDigest as g, digestName as h, runJob as i, getJobParameters as l, PROXY_IMAGE_NAME as m, JobRunnerUpdaterError as n, UpdaterBuilder as o, ContainerService as p, isRunningInDocker as r, ProxyBuilder as s, JobRunnerImagingError as t, ImageService as u, updaterImageName as v, CredentialFetchingError as x, updaterImages as y };
-//# sourceMappingURL=run-DBD6Hefl.mjs.map
+export { CredentialFetchingError as A, PROXY_IMAGE_NAME as C, updaterImageName as D, repositoryName as E, updaterImages as O, extractUpdaterSha as S, hasDigest as T, getJobParameters as _, Updater as a, ContainerRuntimeError as b, JOB_INPUT_FILENAME as c, JOB_OUTPUT_PATH as d, REPO_CONTENTS_PATH as f, JobParameters as g, ProxyBuilder as h, runJob as i, JobDetailsFetchingError as j, ApiClient as k, JOB_INPUT_PATH as l, CONFIG_FILE_NAME as m, JobRunnerUpdaterError as n, CA_CERT_FILENAME as o, UpdaterBuilder as p, isRunningInDocker as r, CA_CERT_INPUT_PATH as s, JobRunnerImagingError as t, JOB_OUTPUT_FILENAME as u, ImageService as v, digestName as w, ContainerService as x, getOrgFromImage as y };
+//# sourceMappingURL=run-CXDAe0P_.mjs.map