Merge branch 'main' into patch-1

dependabot · Feb 2, 2025 · bc54535 · bc54535
2 parents cec0435 + 54ad7bd
commit bc54535
Show file tree

Hide file tree

Showing 3,299 changed files with 621,569 additions and 214,914 deletions.
diff --git a/.codespellrc b/.codespellrc
@@ -0,0 +1,6 @@
+[codespell]
+skip = .git,*.pdf,*.svg,gems,index,fixtures,CHANGELOG_ARCHIVE_*,yarn.lock
+ignore-regex = \bsha512-[^"]*|ENV\["ROUGE"\]|\b(com\.google\.errorprone)\b|\bto(_not)? include .*versio"|https://\S*
+# some modules, parts of regexes, and variable names to ignore, some
+# misspellings in fixtures/external responses we do not own
+ignore-words-list = caf,bu,nwo,nd,kernal,crate,unparseable,couldn,defintions,hashin
diff --git a/.devcontainer/core-dev/devcontainer.json b/.devcontainer/core-dev/devcontainer.json
@@ -2,7 +2,7 @@
   "name": "core-dev",
   "build": {
     "dockerfile": "../../Dockerfile.development",
-    "cacheFrom": "ghcr.io/dependabot/dependabot-core-development"
+    "cacheFrom": "ghcr.io/dependabot/dependabot-updater-core"
   },
 
   "workspaceFolder": "/home/dependabot/dependabot-core",
@@ -16,74 +16,60 @@
     "-v", "${localWorkspaceFolder}/.gitignore:/home/dependabot/dependabot-core/.gitignore",
     "-v", "${localWorkspaceFolder}/.rubocop.yml:/home/dependabot/dependabot-core/.rubocop.yml",
     "-v", "${localWorkspaceFolder}/bin:/home/dependabot/dependabot-core/bin",
-    "-v", "${localWorkspaceFolder}/common/Gemfile:/home/dependabot/dependabot-core/common/Gemfile",
     "-v", "${localWorkspaceFolder}/common/dependabot-common.gemspec:/home/dependabot/dependabot-core/common/dependabot-common.gemspec",
     "-v", "${localWorkspaceFolder}/common/bin:/home/dependabot/dependabot-core/common/bin",
     "-v", "${localWorkspaceFolder}/common/lib:/home/dependabot/dependabot-core/common/lib",
     "-v", "${localWorkspaceFolder}/common/spec:/home/dependabot/dependabot-core/common/spec",
     "-v", "${localWorkspaceFolder}/bundler/dependabot-bundler.gemspec:/home/dependabot/dependabot-core/bundler/dependabot-bundler.gemspec",
-    "-v", "${localWorkspaceFolder}/bundler/Gemfile:/home/dependabot/dependabot-core/bundler/Gemfile",
     "-v", "${localWorkspaceFolder}/bundler/helpers:/home/dependabot/dependabot-core/bundler/helpers",
     "-v", "${localWorkspaceFolder}/bundler/lib:/home/dependabot/dependabot-core/bundler/lib",
     "-v", "${localWorkspaceFolder}/bundler/spec:/home/dependabot/dependabot-core/bundler/spec",
     "-v", "${localWorkspaceFolder}/cargo/dependabot-cargo.gemspec:/home/dependabot/dependabot-core/cargo/dependabot-cargo.gemspec",
-    "-v", "${localWorkspaceFolder}/cargo/Gemfile:/home/dependabot/dependabot-core/cargo/Gemfile",
     "-v", "${localWorkspaceFolder}/cargo/lib:/home/dependabot/dependabot-core/cargo/lib",
     "-v", "${localWorkspaceFolder}/cargo/spec:/home/dependabot/dependabot-core/cargo/spec",
     "-v", "${localWorkspaceFolder}/composer/dependabot-composer.gemspec:/home/dependabot/dependabot-core/composer/dependabot-composer.gemspec",
-    "-v", "${localWorkspaceFolder}/composer/Gemfile:/home/dependabot/dependabot-core/composer/Gemfile",
     "-v", "${localWorkspaceFolder}/composer/lib:/home/dependabot/dependabot-core/composer/lib",
     "-v", "${localWorkspaceFolder}/composer/spec:/home/dependabot/dependabot-core/composer/spec",
     "-v", "${localWorkspaceFolder}/docker/dependabot-docker.gemspec:/home/dependabot/dependabot-core/docker/dependabot-docker.gemspec",
-    "-v", "${localWorkspaceFolder}/docker/Gemfile:/home/dependabot/dependabot-core/docker/Gemfile",
     "-v", "${localWorkspaceFolder}/docker/lib:/home/dependabot/dependabot-core/docker/lib",
     "-v", "${localWorkspaceFolder}/docker/spec:/home/dependabot/dependabot-core/docker/spec",
     "-v", "${localWorkspaceFolder}/elm/dependabot-elm.gemspec:/home/dependabot/dependabot-core/elm/dependabot-elm.gemspec",
-    "-v", "${localWorkspaceFolder}/elm/Gemfile:/home/dependabot/dependabot-core/elm/Gemfile",
     "-v", "${localWorkspaceFolder}/elm/lib:/home/dependabot/dependabot-core/elm/lib",
     "-v", "${localWorkspaceFolder}/elm/spec:/home/dependabot/dependabot-core/elm/spec",
     "-v", "${localWorkspaceFolder}/git_submodules/dependabot-git_submodules.gemspec:/home/dependabot/dependabot-core/git_submodules/dependabot-git_submodules.gemspec",
-    "-v", "${localWorkspaceFolder}/git_submodules/Gemfile:/home/dependabot/dependabot-core/git_submodules/Gemfile",
     "-v", "${localWorkspaceFolder}/git_submodules/lib:/home/dependabot/dependabot-core/git_submodules/lib",
     "-v", "${localWorkspaceFolder}/git_submodules/spec:/home/dependabot/dependabot-core/git_submodules/spec",
     "-v", "${localWorkspaceFolder}/github_actions/dependabot-github_actions.gemspec:/home/dependabot/dependabot-core/github_actions/dependabot-github_actions.gemspec",
-    "-v", "${localWorkspaceFolder}/github_actions/Gemfile:/home/dependabot/dependabot-core/github_actions/Gemfile",
     "-v", "${localWorkspaceFolder}/github_actions/lib:/home/dependabot/dependabot-core/github_actions/lib",
     "-v", "${localWorkspaceFolder}/github_actions/spec:/home/dependabot/dependabot-core/github_actions/spec",
     "-v", "${localWorkspaceFolder}/go_modules/dependabot-go_modules.gemspec:/home/dependabot/dependabot-core/go_modules/dependabot-go_modules.gemspec",
-    "-v", "${localWorkspaceFolder}/go_modules/Gemfile:/home/dependabot/dependabot-core/go_modules/Gemfile",
     "-v", "${localWorkspaceFolder}/go_modules/lib:/home/dependabot/dependabot-core/go_modules/lib",
     "-v", "${localWorkspaceFolder}/go_modules/spec:/home/dependabot/dependabot-core/go_modules/spec",
     "-v", "${localWorkspaceFolder}/gradle/dependabot-gradle.gemspec:/home/dependabot/dependabot-core/gradle/dependabot-gradle.gemspec",
-    "-v", "${localWorkspaceFolder}/gradle/Gemfile:/home/dependabot/dependabot-core/gradle/Gemfile",
     "-v", "${localWorkspaceFolder}/gradle/lib:/home/dependabot/dependabot-core/gradle/lib",
     "-v", "${localWorkspaceFolder}/gradle/spec:/home/dependabot/dependabot-core/gradle/spec",
     "-v", "${localWorkspaceFolder}/hex/dependabot-hex.gemspec:/home/dependabot/dependabot-core/hex/dependabot-hex.gemspec",
-    "-v", "${localWorkspaceFolder}/hex/Gemfile:/home/dependabot/dependabot-core/hex/Gemfile",
     "-v", "${localWorkspaceFolder}/hex/lib:/home/dependabot/dependabot-core/hex/lib",
     "-v", "${localWorkspaceFolder}/hex/spec:/home/dependabot/dependabot-core/hex/spec",
     "-v", "${localWorkspaceFolder}/maven/dependabot-maven.gemspec:/home/dependabot/dependabot-core/maven/dependabot-maven.gemspec",
-    "-v", "${localWorkspaceFolder}/maven/Gemfile:/home/dependabot/dependabot-core/maven/Gemfile",
     "-v", "${localWorkspaceFolder}/maven/lib:/home/dependabot/dependabot-core/maven/lib",
     "-v", "${localWorkspaceFolder}/maven/spec:/home/dependabot/dependabot-core/maven/spec",
     "-v", "${localWorkspaceFolder}/npm_and_yarn/dependabot-npm_and_yarn.gemspec:/home/dependabot/dependabot-core/npm_and_yarn/dependabot-npm_and_yarn.gemspec",
-    "-v", "${localWorkspaceFolder}/npm_and_yarn/Gemfile:/home/dependabot/dependabot-core/npm_and_yarn/Gemfile",
     "-v", "${localWorkspaceFolder}/npm_and_yarn/lib:/home/dependabot/dependabot-core/npm_and_yarn/lib",
     "-v", "${localWorkspaceFolder}/npm_and_yarn/spec:/home/dependabot/dependabot-core/npm_and_yarn/spec",
     "-v", "${localWorkspaceFolder}/nuget/dependabot-nuget.gemspec:/home/dependabot/dependabot-core/nuget/dependabot-nuget.gemspec",
-    "-v", "${localWorkspaceFolder}/nuget/Gemfile:/home/dependabot/dependabot-core/nuget/Gemfile",
     "-v", "${localWorkspaceFolder}/nuget/lib:/home/dependabot/dependabot-core/nuget/lib",
     "-v", "${localWorkspaceFolder}/nuget/spec:/home/dependabot/dependabot-core/nuget/spec",
     "-v", "${localWorkspaceFolder}/pub/dependabot-pub.gemspec:/home/dependabot/dependabot-core/pub/dependabot-pub.gemspec",
-    "-v", "${localWorkspaceFolder}/pub/Gemfile:/home/dependabot/dependabot-core/pub/Gemfile",
     "-v", "${localWorkspaceFolder}/pub/lib:/home/dependabot/dependabot-core/pub/lib",
     "-v", "${localWorkspaceFolder}/pub/spec:/home/dependabot/dependabot-core/pub/spec",
     "-v", "${localWorkspaceFolder}/python/dependabot-python.gemspec:/home/dependabot/dependabot-core/python/dependabot-python.gemspec",
-    "-v", "${localWorkspaceFolder}/python/Gemfile:/home/dependabot/dependabot-core/python/Gemfile",
     "-v", "${localWorkspaceFolder}/python/lib:/home/dependabot/dependabot-core/python/lib",
     "-v", "${localWorkspaceFolder}/python/spec:/home/dependabot/dependabot-core/python/spec",
+    "-v", "${localWorkspaceFolder}/swift/dependabot-swift.gemspec:/home/dependabot/dependabot-core/swift/dependabot-swift.gemspec",
+    "-v", "${localWorkspaceFolder}/swift/lib:/home/dependabot/dependabot-core/swift/lib",
+    "-v", "${localWorkspaceFolder}/swift/spec:/home/dependabot/dependabot-core/swift/spec",
     "-v", "${localWorkspaceFolder}/terraform/dependabot-terraform.gemspec:/home/dependabot/dependabot-core/terraform/dependabot-terraform.gemspec",
-    "-v", "${localWorkspaceFolder}/terraform/Gemfile:/home/dependabot/dependabot-core/terraform/Gemfile",
     "-v", "${localWorkspaceFolder}/terraform/lib:/home/dependabot/dependabot-core/terraform/lib",
     "-v", "${localWorkspaceFolder}/terraform/spec:/home/dependabot/dependabot-core/terraform/spec",
     "-v", "${localWorkspaceFolder}/omnibus/Gemfile:/home/dependabot/dependabot-core/omnibus/Gemfile",
@@ -92,41 +78,30 @@
 
     "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined"
   ],
-
-  // Use 'settings' to set *default* container specific settings.json values on container create.
-  // You can edit these settings after create using File > Preferences > Settings > Remote.
-  "settings": {
-    "terminal.integrated.shell.linux": "/bin/bash",
-    "solargraph.useBundler": true,
-    "ruby.useBundler": true,
-    "ruby.useLanguageServer": true,
-    "ruby.lint": {
-      "rubocop": {
-        "useBundler": true,
-        "lint": true
-      },
-      "reek": {
-        "useBundler": true
+  "customizations": {
+    "vscode": {
+      "extensions": [
+        "ms-vscode-remote.remote-containers",
+        "rubocop.vscode-rubocop",
+        "shopify.ruby-extensions-pack",
+        "ms-dotnettools.csdevkit"
+      ],
+      "settings": {
+        "[ruby]": {
+          "editor.defaultFormatter": "Shopify.ruby-lsp",
+          "editor.formatOnSave": true,
+          "editor.formatOnType": true,
+          "editor.insertSpaces": true,
+          "editor.rulers": [120],
+          "editor.semanticHighlighting.enabled": true,
+          "editor.tabSize": 2,
+          "files.insertFinalNewline": true,
+          "files.trimFinalNewlines": true,
+          "files.trimTrailingWhitespace": true
+        },
+        "rubocop.autocorrect": true,
+        "sorbet.enabled": true
       }
-    },
-    "ruby.format": "rubocop",
-    "[ruby]": {
-      "editor.defaultFormatter": "misogi.ruby-rubocop"
     }
-  },
-
-  // Uncomment the next line if you want to publish any ports.
-  // "appPort": [],
-
-  // Uncomment the next line to run commands after the container is created.
-  // "postCreateCommand": "ruby --version"
-
-  "extensions": [
-    "rebornix.ruby",
-    "castwide.solargraph",
-    "misogi.ruby-rubocop",
-    "groksrc.ruby",
-    "hoovercj.ruby-linter",
-    "miguel-savignano.ruby-symbols"
-  ]
+  }
 }
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -19,15 +19,41 @@
   // Comment out to connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root.
   "remoteUser": "vscode",
   "features": {
-    "docker-from-docker": "latest",
-    "github-cli": "latest",
-    "node": "lts",
-    "golang": "latest",
-    "ruby": "3.1.3",
-    "rust": "latest",
-    "dotnet": "latest",
+    "ghcr.io/devcontainers/features/docker-outside-of-docker": "latest",
+    "ghcr.io/devcontainers/features/github-cli": "latest",
+    "ghcr.io/devcontainers/features/node": "lts",
+    "ghcr.io/devcontainers/features/go": "latest",
+    "ghcr.io/devcontainers/features/ruby": "3.3.6",
+    "ghcr.io/devcontainers/features/rust": "latest",
+    "ghcr.io/devcontainers/features/dotnet": "latest",
     "ghcr.io/devcontainers/features/sshd:1": {
       "version": "latest"
     }
+  },
+  "customizations": {
+    "vscode": {
+      "extensions": [
+        "ms-vscode-remote.remote-containers",
+        "rubocop.vscode-rubocop",
+        "shopify.ruby-extensions-pack",
+        "ms-dotnettools.csdevkit"
+      ],
+      "settings": {
+        "[ruby]": {
+          "editor.defaultFormatter": "Shopify.ruby-lsp",
+          "editor.formatOnSave": true,
+          "editor.formatOnType": true,
+          "editor.insertSpaces": true,
+          "editor.rulers": [120],
+          "editor.semanticHighlighting.enabled": true,
+          "editor.tabSize": 2,
+          "files.insertFinalNewline": true,
+          "files.trimFinalNewlines": true,
+          "files.trimTrailingWhitespace": true
+        },
+        "rubocop.autocorrect": true,
+        "sorbet.enabled": true
+      }
+    }
   }
 }
diff --git a/.devcontainer/on-create.sh b/.devcontainer/on-create.sh
@@ -1,4 +1,2 @@
-#!/bin/bash
-# This pull takes a while, adding it to the prebuild
-docker pull ghcr.io/dependabot/dependabot-updater:latest
+#!/usr/bin/env bash
 docker pull ghcr.io/github/dependabot-update-job-proxy/dependabot-update-job-proxy:latest
diff --git a/.devcontainer/post-create.sh b/.devcontainer/post-create.sh
@@ -1,7 +1,14 @@
-#!/bin/bash
+#!/usr/bin/env bash
 gh release download --repo dependabot/cli -p "*linux-amd64.tar.gz"
 tar xzvf ./*.tar.gz >/dev/null 2>&1
 sudo mv dependabot /usr/local/bin
 rm ./*.tar.gz
 
+# The image comes loaded with 8.0 SDK, but we need the 7.0 and 9.0 runtimes for running tests
+sudo wget https://dot.net/v1/dotnet-install.sh
+sudo chmod +x dotnet-install.sh
+sudo ./dotnet-install.sh -c 7.0 --runtime dotnet --install-dir /usr/share/dotnet/shared
+sudo ./dotnet-install.sh -c 9.0 --install-dir /usr/share/dotnet
+sudo rm ./dotnet-install.sh
+
 echo "export LOCAL_GITHUB_ACCESS_TOKEN=$GITHUB_TOKEN" >> ~/.bashrc
diff --git a/.dockerignore b/.dockerignore
@@ -12,16 +12,18 @@
 /vendor
 /tmp
 **/.bundle
+!*/.bundle/config
 **/coverage
-**/Gemfile.lock
+/Gemfile.lock
+*/Gemfile.lock
 !updater/Gemfile.lock
-!updater/spec/fixtures/**/Gemfile.lock
 **/node_modules
-!**/spec/fixtures/*
 git.store
 .DS_Store
 *.pyc
 .dockerignore
 Dockerfile*
 *.md
 CODEOWNERS
+**/.vs
+**/NuGetUpdater/artifacts
diff --git a/.editorconfig b/.editorconfig
@@ -15,3 +15,7 @@ indent_style = tab
 
 [*.php]
 indent_size = 4
+
+[*.py]
+indent_size = 4
+max_line_length = 80
diff --git a/.git-blame-ignore-revs b/.git-blame-ignore-revs
@@ -0,0 +1,8 @@
+# These commits will be ignored by the GitHub blame view.
+# The git blame CLI can ignore them as well by doing:
+#   git blame --ignore-revs-file .git-blame-ignore-revs <filepath>
+# or via global config:
+#   git config --global blame.ignoreRevsFile .git-blame-ignore-revs
+#
+# Changed Layout/DotPosition from leading to trailing
+3fc49229761517cf3dc6979018a9a2d84f733ece
diff --git a/.gitattributes b/.gitattributes
@@ -1,2 +1,4 @@
-* text=auto
-nuget/spec/fixtures/nuspecs/Microsoft.Extensions.DependencyModel.nuspec text eol=crlf
+* text=auto eof=lf
+Dockerfile.development linguist-language=Dockerfile
+Dockerfile.updater-core linguist-language=Dockerfile
+bundler/spec/fixtures/rubygems_responses/*.rz binary linguist-generated
diff --git a/.github/ISSUE_TEMPLATE/bug-report.yml b/.github/ISSUE_TEMPLATE/bug-report.yml
@@ -5,8 +5,10 @@ body:
   - type: markdown
     attributes:
       value: |
+        This issue-tracker is meant for issues related to Dependabot's updating logic, a good rule of thumb is that if you have questions about the _diff_ in a PR, it belongs here.
+
+        Issues related to security alerts or Dependency Graph should instead be filed as a [Code Security discussion](https://github.com/orgs/community/discussions/categories/code-security).
         For support on the GitHub-integrated Dependabot service, please contact [GitHub support](https://support.github.com/).
-        This issue-tracker is meant for issues related to Dependabot's updating logic, a good rule of thumb is that if you have questions about the _diff_ in a PR, it belongs here, otherwise the GitHub support team is best equipped to help you.
 
         The more information you can provide, the easier it will be to reproduce the issue and find a fix.
 

diff --git a/.github/ISSUE_TEMPLATE/tech-debt.yml b/.github/ISSUE_TEMPLATE/tech-debt.yml
@@ -2,14 +2,6 @@ name: ⚙ Tech Debt
 description: Tech debt is for code improvements that do not change the user-facing behavior (ie, neither adding features nor fixing bugs).
 labels: "T: tech-debt ⚙️"
 body:
-  - type: checkboxes
-    attributes:
-      label: Is there an existing issue for this?
-      description: Please search existing issues to avoid creating duplicates.
-      options:
-        - label: I have searched the existing issues
-          required: true
-
   - type: textarea
     attributes:
       label: Code improvement description

diff --git a/.github/ci-filters.yml b/.github/ci-filters.yml
@@ -0,0 +1,68 @@
+shared: &shared
+  - .dockerignore
+  - Dockerfile.updater-core
+  - 'common/**'
+  - 'updater/Gemfil*'
+  - 'omnibus/**'
+  - '.github/workflows/ci.yml'
+bundler:
+  - *shared
+  - 'bundler/**'
+cargo:
+  - *shared
+  - 'cargo/**'
+common:
+  - *shared
+  - '**/**'
+composer:
+  - *shared
+  - 'composer/**'
+devcontainers:
+  - *shared
+  - 'devcontainers/**'
+docker:
+  - *shared
+  - 'docker/**'
+dotnet_sdk:
+  - *shared
+  - 'dotnet_sdk/**'
+elm:
+  - *shared
+  - 'elm/**'
+git_submodules:
+  - *shared
+  - 'git_submodules/**'
+github_actions:
+  - *shared
+  - 'github_actions/**'
+go_modules:
+  - *shared
+  - 'go_modules/**'
+gradle:
+  - *shared
+  - 'maven/**'
+  - 'gradle/**'
+hex:
+  - *shared
+  - 'hex/**'
+maven:
+  - *shared
+  - 'maven/**'
+npm_and_yarn:
+  - *shared
+  - 'npm_and_yarn/**'
+nuget:
+  - *shared
+  - 'nuget/**'
+pub:
+  - *shared
+  - 'pub/**'
+python:
+  - *shared
+  - 'python/**'
+swift:
+  - *shared
+  - 'swift/**'
+terraform:
+  - *shared
+  - 'terraform/**'