diff --git a/.github/dependabot.yml b/.github/dependabot.yml index c774caee..39a7e0c8 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -27,6 +27,7 @@ updates: patterns: ['opentelemetry-*'] rubocop: patterns: ['*rubocop*'] + exclude-patterns: ['rubocop-rspec'] sentry: patterns: ['sentry-*'] diff --git a/extension/README.md b/extension/README.md index 34facf79..2fa046a8 100644 --- a/extension/README.md +++ b/extension/README.md @@ -55,7 +55,7 @@ Dependabot uses Docker containers, which may take time to install if not already |setAutoComplete|**_Optional_**. Determines if the pull requests that dependabot creates should have auto complete set. When set to `true`, pull requests that pass all policies will be merged automatically. Defaults to `false`.| |mergeStrategy|**_Optional_**. The merge strategy to use when auto complete is set. Learn more [here](https://learn.microsoft.com/en-us/rest/api/azure/devops/git/pull-requests/update?view=azure-devops-rest-6.0&tabs=HTTP#gitpullrequestmergestrategy). Defaults to `squash`.| |autoCompleteIgnoreConfigIds|**_Optional_**. List of any policy configuration Id's which auto-complete should not wait for. Only applies to optional policies. Auto-complete always waits for required (blocking) policies.| -|autoApprove|**_Optional_**. Determines if the pull requests that dependabot creates should be automatically completed. When set to `true`, pull requests will be approved automatically. To use a different user for approval, supply `autoApproveUserToken` input. Defaults to `false`.| +|autoApprove|**_Optional_**. Determines if the pull requests that dependabot creates should be automatically completed. When set to `true`, pull requests will be approved automatically. To use a different user for approval, supply `autoApproveUserToken` input. Defaults to `false`. Requires [Azure DevOps REST API 7.1](https://learn.microsoft.com/en-us/azure/devops/integrate/concepts/rest-api-versioning?view=azure-devops#supported-versions).| |autoApproveUserToken|**_Optional_**. A personal access token for the user to automatically approve the created PR.| |authorEmail|**_Optional_**. The email address to use for the change commit author. Can be used to associate the committer with an existing account, to provide a profile picture. Defaults to `noreply@github.com`.| |authorName|**_Optional_**. The name to use as the git commit author of the pull requests. Defaults to `dependabot[bot]`.| @@ -82,7 +82,7 @@ Dependabot uses Docker containers, which may take time to install if not already |setAutoComplete|**_Optional_**. Determines if the pull requests that dependabot creates should have auto complete set. When set to `true`, pull requests that pass all policies will be merged automatically. Defaults to `false`.| |mergeStrategy|**_Optional_**. The merge strategy to use when auto complete is set. Learn more [here](https://learn.microsoft.com/en-us/rest/api/azure/devops/git/pull-requests/update?view=azure-devops-rest-6.0&tabs=HTTP#gitpullrequestmergestrategy). Defaults to `squash`.| |autoCompleteIgnoreConfigIds|**_Optional_**. List of any policy configuration Id's which auto-complete should not wait for. Only applies to optional policies. Auto-complete always waits for required (blocking) policies.| -|autoApprove|**_Optional_**. Determines if the pull requests that dependabot creates should be automatically completed. When set to `true`, pull requests will be approved automatically. To use a different user for approval, supply `autoApproveUserToken` input. Defaults to `false`.| +|autoApprove|**_Optional_**. Determines if the pull requests that dependabot creates should be automatically completed. When set to `true`, pull requests will be approved automatically. To use a different user for approval, supply `autoApproveUserToken` input. Defaults to `false`. Requires [Azure DevOps REST API 7.1](https://learn.microsoft.com/en-us/azure/devops/integrate/concepts/rest-api-versioning?view=azure-devops#supported-versions).| |autoApproveUserToken|**_Optional_**. A personal access token for the user to automatically approve the created PR.| |skipPullRequests|**_Optional_**. Determines whether to skip creation and updating of pull requests. When set to `true` the logic to update the dependencies is executed but the actual Pull Requests are not created/updated. This is useful for debugging. Defaults to `false`.| |abandonUnwantedPullRequests|**_Optional_**. Determines whether to abandon unwanted pull requests. Defaults to `false`.| diff --git a/extension/package-lock.json b/extension/package-lock.json index 42ff1682..329acf54 100644 --- a/extension/package-lock.json +++ b/extension/package-lock.json @@ -15,9 +15,9 @@ "js-yaml": "4.1.0" }, "devDependencies": { - "@types/jest": "29.5.13", + "@types/jest": "29.5.14", "@types/js-yaml": "4.0.9", - "@types/node": "22.7.7", + "@types/node": "22.8.1", "@types/q": "1.5.8", "jest": "29.7.0", "ts-jest": "29.2.5", @@ -1131,9 +1131,9 @@ } }, "node_modules/@types/jest": { - "version": "29.5.13", - "resolved": "https://registry.npmjs.org/@types/jest/-/jest-29.5.13.tgz", - "integrity": "sha512-wd+MVEZCHt23V0/L642O5APvspWply/rGY5BcW4SUETo2UzPU3Z26qr8jC2qxpimI2jjx9h7+2cj2FwIr01bXg==", + "version": "29.5.14", + "resolved": "https://registry.npmjs.org/@types/jest/-/jest-29.5.14.tgz", + "integrity": "sha512-ZN+4sdnLUbo8EVvVc2ao0GFW6oVrQRPn4K2lglySj7APvSrgzxHiNNK99us4WDMi57xxA2yggblIAMNhXOotLQ==", "dev": true, "license": "MIT", "dependencies": { @@ -1148,13 +1148,13 @@ "dev": true }, "node_modules/@types/node": { - "version": "22.7.7", - "resolved": "https://registry.npmjs.org/@types/node/-/node-22.7.7.tgz", - "integrity": "sha512-SRxCrrg9CL/y54aiMCG3edPKdprgMVGDXjA3gB8UmmBW5TcXzRUYAh8EWzTnSJFAd1rgImPELza+A3bJ+qxz8Q==", + "version": "22.8.1", + "resolved": "https://registry.npmjs.org/@types/node/-/node-22.8.1.tgz", + "integrity": "sha512-k6Gi8Yyo8EtrNtkHXutUu2corfDf9su95VYVP10aGYMMROM6SAItZi0w1XszA6RtWTHSVp5OeFof37w0IEqCQg==", "dev": true, "license": "MIT", "dependencies": { - "undici-types": "~6.19.2" + "undici-types": "~6.19.8" } }, "node_modules/@types/q": { @@ -4182,9 +4182,9 @@ "license": "MIT" }, "node_modules/undici-types": { - "version": "6.19.6", - "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.19.6.tgz", - "integrity": "sha512-e/vggGopEfTKSvj4ihnOLTsqhrKRN3LeO6qSN/GxohhuRv8qH9bNQ4B8W7e/vFL+0XTnmHPB4/kegunZGA4Org==", + "version": "6.19.8", + "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.19.8.tgz", + "integrity": "sha512-ve2KP6f/JnbPBFyobGHuerC9g1FYGn/F8n1LWTwNxCEzd6IfqTwUQcNXgEtmmQ6DlRrC1hrSrBnCZPokRrDHjw==", "dev": true, "license": "MIT" }, diff --git a/extension/package.json b/extension/package.json index 3b24023a..b4098066 100644 --- a/extension/package.json +++ b/extension/package.json @@ -34,9 +34,9 @@ "js-yaml": "4.1.0" }, "devDependencies": { - "@types/jest": "29.5.13", + "@types/jest": "29.5.14", "@types/js-yaml": "4.0.9", - "@types/node": "22.7.7", + "@types/node": "22.8.1", "@types/q": "1.5.8", "jest": "29.7.0", "ts-jest": "29.2.5", diff --git a/extension/tasks/dependabotV1/task.json b/extension/tasks/dependabotV1/task.json index 320028ac..3d193856 100644 --- a/extension/tasks/dependabotV1/task.json +++ b/extension/tasks/dependabotV1/task.json @@ -138,7 +138,7 @@ "label": "Auto-approve pull requests", "defaultValue": false, "required": false, - "helpMarkDown": "When set to `true`, pull requests will automatically be approved by the specified user. Defaults to `false`." + "helpMarkDown": "When set to `true`, pull requests will automatically be approved by the specified user. Defaults to `false`. Requires [Azure DevOps REST API 7.1](https://learn.microsoft.com/en-us/azure/devops/integrate/concepts/rest-api-versioning?view=azure-devops#supported-versions)" }, { "name": "autoApproveUserToken", diff --git a/extension/tasks/dependabotV2/task.json b/extension/tasks/dependabotV2/task.json index 0909dea7..25b8702f 100644 --- a/extension/tasks/dependabotV2/task.json +++ b/extension/tasks/dependabotV2/task.json @@ -118,7 +118,7 @@ "label": "Auto-approve pull requests", "defaultValue": false, "required": false, - "helpMarkDown": "When set to `true`, pull requests will automatically be approved by the specified user. Defaults to `false`." + "helpMarkDown": "When set to `true`, pull requests will automatically be approved by the specified user. Defaults to `false`. Requires [Azure DevOps REST API 7.1](https://learn.microsoft.com/en-us/azure/devops/integrate/concepts/rest-api-versioning?view=azure-devops#supported-versions)" }, { "name": "autoApproveUserToken", diff --git a/extension/tasks/dependabotV2/utils/azure-devops/AzureDevOpsWebApiClient.ts b/extension/tasks/dependabotV2/utils/azure-devops/AzureDevOpsWebApiClient.ts index 9f8880ec..c9cf2de9 100644 --- a/extension/tasks/dependabotV2/utils/azure-devops/AzureDevOpsWebApiClient.ts +++ b/extension/tasks/dependabotV2/utils/azure-devops/AzureDevOpsWebApiClient.ts @@ -28,7 +28,7 @@ export class AzureDevOpsWebApiClient { private authenticatedUserId: string; private resolvedUserIds: Record; - public static API_VERSION = '7.1'; + public static API_VERSION = '5.0'; // this is the same version used by dependabot-core constructor(organisationApiUrl: string, accessToken: string) { this.organisationApiUrl = organisationApiUrl.replace(/\/$/, ''); // trim trailing slash @@ -464,9 +464,18 @@ export class AzureDevOpsWebApiClient { const userVote = await this.restApiPut( `${this.organisationApiUrl}/${pr.project}/_apis/git/repositories/${pr.repository}/pullrequests/${pr.pullRequestId}/reviewers/${userId}`, { - vote: 10, // 10 - approved 5 - approved with suggestions 0 - no vote -5 - waiting for author -10 - rejected - isReapprove: false, // don't re-approve if already approved + // Vote 10 = "approved"; 5 = "approved with suggestions"; 0 = "no vote"; -5 = "waiting for author"; -10 = "rejected" + vote: 10, + // Reapprove must be set to true after the 2023 August 23 update; + // Approval of a previous PR iteration does not count in later iterations, which means we must (re)approve every after push to the source branch + // See: https://learn.microsoft.com/en-us/azure/devops/release-notes/2023/sprint-226-update#new-branch-policy-preventing-users-to-approve-their-own-changes + // https://github.com/tinglesoftware/dependabot-azure-devops/issues/1069 + isReapprove: true, }, + // API version 7.1 is required to use the 'isReapprove' parameter + // See: https://learn.microsoft.com/en-us/rest/api/azure/devops/git/pull-request-reviewers/create-pull-request-reviewer?view=azure-devops-rest-7.1&tabs=HTTP#request-body + // https://learn.microsoft.com/en-us/azure/devops/integrate/concepts/rest-api-versioning?view=azure-devops#supported-versions + '7.1', ); if (userVote?.vote != 10) { throw new Error('Failed to approve pull request, vote was not recorded'); @@ -619,7 +628,7 @@ export class AzureDevOpsWebApiClient { .map((key) => `${key}=${params[key]}`) .join('&'); const fullUrl = `${url}?api-version=${apiVersion}${queryString ? `&${queryString}` : ''}`; - return await this.restApiRequest('GET', url, () => + return await this.restApiRequest('GET', fullUrl, () => this.connection.rest.client.get(fullUrl, { Accept: 'application/json', }), @@ -632,7 +641,7 @@ export class AzureDevOpsWebApiClient { apiVersion: string = AzureDevOpsWebApiClient.API_VERSION, ): Promise { const fullUrl = `${url}?api-version=${apiVersion}`; - return await this.restApiRequest('POST', url, () => + return await this.restApiRequest('POST', fullUrl, () => this.connection.rest.client.post(fullUrl, JSON.stringify(data), { 'Content-Type': 'application/json', }), @@ -645,7 +654,7 @@ export class AzureDevOpsWebApiClient { apiVersion: string = AzureDevOpsWebApiClient.API_VERSION, ): Promise { const fullUrl = `${url}?api-version=${apiVersion}`; - return await this.restApiRequest('PUT', url, () => + return await this.restApiRequest('PUT', fullUrl, () => this.connection.rest.client.put(fullUrl, JSON.stringify(data), { 'Content-Type': 'application/json', }), @@ -659,7 +668,7 @@ export class AzureDevOpsWebApiClient { apiVersion: string = AzureDevOpsWebApiClient.API_VERSION, ): Promise { const fullUrl = `${url}?api-version=${apiVersion}`; - return await this.restApiRequest('PATCH', url, () => + return await this.restApiRequest('PATCH', fullUrl, () => this.connection.rest.client.patch(fullUrl, JSON.stringify(data), { 'Content-Type': contentType || 'application/json', }), diff --git a/server/Tingle.Dependabot/Tingle.Dependabot.csproj b/server/Tingle.Dependabot/Tingle.Dependabot.csproj index 0f48e1b7..b55243bf 100644 --- a/server/Tingle.Dependabot/Tingle.Dependabot.csproj +++ b/server/Tingle.Dependabot/Tingle.Dependabot.csproj @@ -18,7 +18,7 @@ - + diff --git a/updater/Gemfile b/updater/Gemfile index 7e2469d5..36ca4b07 100644 --- a/updater/Gemfile +++ b/updater/Gemfile @@ -8,7 +8,7 @@ source "https://rubygems.org" # They are so many, our reference won't be found for it to be updated. # Hence adding the branch. -gem "dependabot-omnibus", "~>0.281.0" +gem "dependabot-omnibus", "~>0.282.0" # gem "dependabot-omnibus", github: "dependabot/dependabot-core", branch: "main" # gem "dependabot-omnibus", github: "dependabot/dependabot-core", tag: "v0.232.0" # gem "dependabot-omnibus", github: "dependabot/dependabot-core", ref: "ffde6f6" @@ -21,7 +21,7 @@ gem "opentelemetry-instrumentation-excon", "~> 0.22" gem "opentelemetry-instrumentation-faraday", "~> 0.24" gem "opentelemetry-instrumentation-http", "~> 0.23" gem "opentelemetry-instrumentation-net_http", "~> 0.22" -gem "opentelemetry-metrics-sdk", "~> 0.2" +gem "opentelemetry-metrics-sdk", "~> 0.3" gem "opentelemetry-sdk", "~> 1.5" gem "sentry-opentelemetry", "~> 5.21" gem "sentry-ruby", "~> 5.17" @@ -36,10 +36,10 @@ group :test do gem "rspec", "~> 3.12" gem "rspec-its", "~> 1.3" gem "rspec-sorbet", "~> 1.9.2" - gem "rubocop", "~> 1.65.1" - gem "rubocop-performance", "~> 1.21.0" + gem "rubocop", "~> 1.67.0" + gem "rubocop-performance", "~> 1.22.1" gem "rubocop-rspec", "~> 2.29.1" - gem "rubocop-sorbet", "~> 0.8.1" + gem "rubocop-sorbet", "~> 0.8.6" gem "simplecov", "~> 0.22.0" gem "turbo_tests", "~> 2.2.0" gem "vcr", "~> 6.3" diff --git a/updater/Gemfile.lock b/updater/Gemfile.lock index 63cc3649..cf87d8a7 100644 --- a/updater/Gemfile.lock +++ b/updater/Gemfile.lock @@ -5,11 +5,11 @@ GEM public_suffix (>= 2.0.2, < 7.0) ast (2.4.2) aws-eventstream (1.3.0) - aws-partitions (1.992.0) + aws-partitions (1.996.0) aws-sdk-codecommit (1.79.0) aws-sdk-core (~> 3, >= 3.210.0) aws-sigv4 (~> 1.5) - aws-sdk-core (3.210.0) + aws-sdk-core (3.211.0) aws-eventstream (~> 1, >= 1.3.0) aws-partitions (~> 1, >= 1.992.0) aws-sigv4 (~> 1.9) @@ -17,7 +17,7 @@ GEM aws-sdk-ecr (1.88.0) aws-sdk-core (~> 3, >= 3.210.0) aws-sigv4 (~> 1.5) - aws-sigv4 (1.10.0) + aws-sigv4 (1.10.1) aws-eventstream (~> 1, >= 1.0.2) base64 (0.2.0) bigdecimal (3.1.8) @@ -31,12 +31,12 @@ GEM debug (1.9.2) irb (~> 1.10) reline (>= 0.3.8) - dependabot-bundler (0.281.0) - dependabot-common (= 0.281.0) + dependabot-bundler (0.282.0) + dependabot-common (= 0.282.0) parallel (~> 1.24) - dependabot-cargo (0.281.0) - dependabot-common (= 0.281.0) - dependabot-common (0.281.0) + dependabot-cargo (0.282.0) + dependabot-common (= 0.282.0) + dependabot-common (0.282.0) aws-sdk-codecommit (~> 1.28) aws-sdk-ecr (~> 1.5) bundler (>= 1.16, < 3.0.0) @@ -56,61 +56,61 @@ GEM sorbet-runtime (~> 0.5.11577) stackprof (~> 0.2.16) toml-rb (>= 1.1.2, < 4.0) - dependabot-composer (0.281.0) - dependabot-common (= 0.281.0) - dependabot-devcontainers (0.281.0) - dependabot-common (= 0.281.0) - dependabot-docker (0.281.0) - dependabot-common (= 0.281.0) - dependabot-elm (0.281.0) - dependabot-common (= 0.281.0) - dependabot-git_submodules (0.281.0) - dependabot-common (= 0.281.0) + dependabot-composer (0.282.0) + dependabot-common (= 0.282.0) + dependabot-devcontainers (0.282.0) + dependabot-common (= 0.282.0) + dependabot-docker (0.282.0) + dependabot-common (= 0.282.0) + dependabot-elm (0.282.0) + dependabot-common (= 0.282.0) + dependabot-git_submodules (0.282.0) + dependabot-common (= 0.282.0) parseconfig (~> 1.0, < 1.1.0) - dependabot-github_actions (0.281.0) - dependabot-common (= 0.281.0) - dependabot-go_modules (0.281.0) - dependabot-common (= 0.281.0) - dependabot-gradle (0.281.0) - dependabot-common (= 0.281.0) - dependabot-maven (= 0.281.0) - dependabot-hex (0.281.0) - dependabot-common (= 0.281.0) - dependabot-maven (0.281.0) - dependabot-common (= 0.281.0) - dependabot-npm_and_yarn (0.281.0) - dependabot-common (= 0.281.0) - dependabot-nuget (0.281.0) - dependabot-common (= 0.281.0) + dependabot-github_actions (0.282.0) + dependabot-common (= 0.282.0) + dependabot-go_modules (0.282.0) + dependabot-common (= 0.282.0) + dependabot-gradle (0.282.0) + dependabot-common (= 0.282.0) + dependabot-maven (= 0.282.0) + dependabot-hex (0.282.0) + dependabot-common (= 0.282.0) + dependabot-maven (0.282.0) + dependabot-common (= 0.282.0) + dependabot-npm_and_yarn (0.282.0) + dependabot-common (= 0.282.0) + dependabot-nuget (0.282.0) + dependabot-common (= 0.282.0) rubyzip (>= 2.3.2, < 3.0) - dependabot-omnibus (0.281.0) - dependabot-bundler (= 0.281.0) - dependabot-cargo (= 0.281.0) - dependabot-common (= 0.281.0) - dependabot-composer (= 0.281.0) - dependabot-devcontainers (= 0.281.0) - dependabot-docker (= 0.281.0) - dependabot-elm (= 0.281.0) - dependabot-git_submodules (= 0.281.0) - dependabot-github_actions (= 0.281.0) - dependabot-go_modules (= 0.281.0) - dependabot-gradle (= 0.281.0) - dependabot-hex (= 0.281.0) - dependabot-maven (= 0.281.0) - dependabot-npm_and_yarn (= 0.281.0) - dependabot-nuget (= 0.281.0) - dependabot-pub (= 0.281.0) - dependabot-python (= 0.281.0) - dependabot-swift (= 0.281.0) - dependabot-terraform (= 0.281.0) - dependabot-pub (0.281.0) - dependabot-common (= 0.281.0) - dependabot-python (0.281.0) - dependabot-common (= 0.281.0) - dependabot-swift (0.281.0) - dependabot-common (= 0.281.0) - dependabot-terraform (0.281.0) - dependabot-common (= 0.281.0) + dependabot-omnibus (0.282.0) + dependabot-bundler (= 0.282.0) + dependabot-cargo (= 0.282.0) + dependabot-common (= 0.282.0) + dependabot-composer (= 0.282.0) + dependabot-devcontainers (= 0.282.0) + dependabot-docker (= 0.282.0) + dependabot-elm (= 0.282.0) + dependabot-git_submodules (= 0.282.0) + dependabot-github_actions (= 0.282.0) + dependabot-go_modules (= 0.282.0) + dependabot-gradle (= 0.282.0) + dependabot-hex (= 0.282.0) + dependabot-maven (= 0.282.0) + dependabot-npm_and_yarn (= 0.282.0) + dependabot-nuget (= 0.282.0) + dependabot-pub (= 0.282.0) + dependabot-python (= 0.282.0) + dependabot-swift (= 0.282.0) + dependabot-terraform (= 0.282.0) + dependabot-pub (0.282.0) + dependabot-common (= 0.282.0) + dependabot-python (0.282.0) + dependabot-common (= 0.282.0) + dependabot-swift (0.282.0) + dependabot-common (= 0.282.0) + dependabot-terraform (0.282.0) + dependabot-common (= 0.282.0) diff-lcs (1.5.1) docile (1.4.1) docker_registry2 (1.18.2) @@ -252,11 +252,11 @@ GEM opentelemetry-instrumentation-net_http (0.22.7) opentelemetry-api (~> 1.0) opentelemetry-instrumentation-base (~> 0.22.1) - opentelemetry-metrics-api (0.1.0) + opentelemetry-metrics-api (0.1.1) opentelemetry-api (~> 1.0) - opentelemetry-metrics-sdk (0.2.0) + opentelemetry-metrics-sdk (0.3.0) opentelemetry-api (~> 1.1) - opentelemetry-metrics-api + opentelemetry-metrics-api (~> 0.1.1) opentelemetry-sdk (~> 1.2) opentelemetry-registry (0.3.1) opentelemetry-api (~> 1.1) @@ -290,17 +290,17 @@ GEM http-cookie (>= 1.0.2, < 2.0) mime-types (>= 1.16, < 4.0) netrc (~> 0.8) - rexml (3.3.8) + rexml (3.3.9) rspec (3.13.0) rspec-core (~> 3.13.0) rspec-expectations (~> 3.13.0) rspec-mocks (~> 3.13.0) - rspec-core (3.13.1) + rspec-core (3.13.2) rspec-support (~> 3.13.0) rspec-expectations (3.13.3) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.13.0) - rspec-its (1.3.0) + rspec-its (1.3.1) rspec-core (>= 3.0.0) rspec-expectations (>= 3.0.0) rspec-mocks (3.13.1) @@ -309,15 +309,14 @@ GEM rspec-sorbet (1.9.2) sorbet-runtime rspec-support (3.13.1) - rubocop (1.65.1) + rubocop (1.67.0) json (~> 2.3) language_server-protocol (>= 3.17.0) parallel (~> 1.10) parser (>= 3.3.0.2) rainbow (>= 2.2.2, < 4.0) regexp_parser (>= 2.4, < 3.0) - rexml (>= 3.2.5, < 4.0) - rubocop-ast (>= 1.31.1, < 2.0) + rubocop-ast (>= 1.32.2, < 2.0) ruby-progressbar (~> 1.7) unicode-display_width (>= 2.4.0, < 3.0) rubocop-ast (1.32.3) @@ -326,7 +325,7 @@ GEM rubocop (~> 1.41) rubocop-factory_bot (2.26.1) rubocop (~> 1.61) - rubocop-performance (1.21.1) + rubocop-performance (1.22.1) rubocop (>= 1.48.1, < 2.0) rubocop-ast (>= 1.31.1, < 2.0) rubocop-rspec (2.29.2) @@ -336,7 +335,7 @@ GEM rubocop-rspec_rails (~> 2.28) rubocop-rspec_rails (2.29.1) rubocop (~> 1.61) - rubocop-sorbet (0.8.5) + rubocop-sorbet (0.8.6) rubocop (>= 1) ruby-progressbar (1.13.0) ruby2_keywords (0.0.5) @@ -356,7 +355,7 @@ GEM simplecov_json_formatter (~> 0.1) simplecov-html (0.13.1) simplecov_json_formatter (0.1.4) - sorbet-runtime (0.5.11609) + sorbet-runtime (0.5.11618) stackprof (0.2.26) stringio (3.1.1) terminal-table (3.0.2) @@ -395,7 +394,7 @@ PLATFORMS DEPENDENCIES debug (~> 1.9.2) - dependabot-omnibus (~> 0.281.0) + dependabot-omnibus (~> 0.282.0) flamegraph (~> 0.9.5) gpgme (~> 2.0) http (~> 5.2) @@ -406,16 +405,16 @@ DEPENDENCIES opentelemetry-instrumentation-faraday (~> 0.24) opentelemetry-instrumentation-http (~> 0.23) opentelemetry-instrumentation-net_http (~> 0.22) - opentelemetry-metrics-sdk (~> 0.2) + opentelemetry-metrics-sdk (~> 0.3) opentelemetry-sdk (~> 1.5) rake (~> 13) rspec (~> 3.12) rspec-its (~> 1.3) rspec-sorbet (~> 1.9.2) - rubocop (~> 1.65.1) - rubocop-performance (~> 1.21.0) + rubocop (~> 1.67.0) + rubocop-performance (~> 1.22.1) rubocop-rspec (~> 2.29.1) - rubocop-sorbet (~> 0.8.1) + rubocop-sorbet (~> 0.8.6) sentry-opentelemetry (~> 5.21) sentry-ruby (~> 5.17) simplecov (~> 0.22.0)