Bump dependabot-omnibus from 0.283.0 to 0.285.0 in /updater

Rakefile

@@ -34,6 +34,7 @@ GEMSPECS = %w(
   silent/dependabot-silent.gemspec
   swift/dependabot-swift.gemspec
   devcontainers/dependabot-devcontainers.gemspec
+  dotnet_sdk/dependabot-dotnet_sdk.gemspec
 ).freeze
 
 def run_command(command)

updater/Gemfile

@@ -8,7 +8,7 @@ source "https://rubygems.org"
 # They are so many, our reference won't be found for it to be updated.
 # Hence adding the branch.
 
-gem "dependabot-omnibus", "~>0.283.0"
+gem "dependabot-omnibus", "~>0.285.0"
 # gem "dependabot-omnibus", github: "dependabot/dependabot-core", branch: "main"
 # gem "dependabot-omnibus", github: "dependabot/dependabot-core", tag: "v0.232.0"
 # gem "dependabot-omnibus", github: "dependabot/dependabot-core", ref: "ffde6f6"

updater/Gemfile.lock

@@ -5,11 +5,11 @@ GEM
       public_suffix (>= 2.0.2, < 7.0)
     ast (2.4.2)
     aws-eventstream (1.3.0)
-    aws-partitions (1.1001.0)
+    aws-partitions (1.1003.0)
     aws-sdk-codecommit (1.79.0)
       aws-sdk-core (~> 3, >= 3.210.0)
       aws-sigv4 (~> 1.5)
-    aws-sdk-core (3.211.0)
+    aws-sdk-core (3.212.0)
       aws-eventstream (~> 1, >= 1.3.0)
       aws-partitions (~> 1, >= 1.992.0)
       aws-sigv4 (~> 1.9)
@@ -31,17 +31,17 @@ GEM
     debug (1.9.2)
       irb (~> 1.10)
       reline (>= 0.3.8)
-    dependabot-bundler (0.283.0)
-      dependabot-common (= 0.283.0)
+    dependabot-bundler (0.285.0)
+      dependabot-common (= 0.285.0)
       parallel (~> 1.24)
-    dependabot-cargo (0.283.0)
-      dependabot-common (= 0.283.0)
-    dependabot-common (0.283.0)
+    dependabot-cargo (0.285.0)
+      dependabot-common (= 0.285.0)
+    dependabot-common (0.285.0)
       aws-sdk-codecommit (~> 1.28)
       aws-sdk-ecr (~> 1.5)
       bundler (>= 1.16, < 3.0.0)
       commonmarker (>= 0.20.1, < 0.24.0)
-      docker_registry2 (~> 1.18.0)
+      docker_registry2 (~> 1.18.2)
       excon (~> 0.109)
       faraday (= 2.7.11)
       faraday-retry (= 2.2.0)
@@ -56,61 +56,64 @@ GEM
       sorbet-runtime (~> 0.5.11577)
       stackprof (~> 0.2.16)
       toml-rb (>= 1.1.2, < 4.0)
-    dependabot-composer (0.283.0)
-      dependabot-common (= 0.283.0)
-    dependabot-devcontainers (0.283.0)
-      dependabot-common (= 0.283.0)
-    dependabot-docker (0.283.0)
-      dependabot-common (= 0.283.0)
-    dependabot-elm (0.283.0)
-      dependabot-common (= 0.283.0)
-    dependabot-git_submodules (0.283.0)
-      dependabot-common (= 0.283.0)
+    dependabot-composer (0.285.0)
+      dependabot-common (= 0.285.0)
+    dependabot-devcontainers (0.285.0)
+      dependabot-common (= 0.285.0)
+    dependabot-docker (0.285.0)
+      dependabot-common (= 0.285.0)
+    dependabot-dotnet_sdk (0.285.0)
+      dependabot-common (= 0.285.0)
+    dependabot-elm (0.285.0)
+      dependabot-common (= 0.285.0)
+    dependabot-git_submodules (0.285.0)
+      dependabot-common (= 0.285.0)
       parseconfig (~> 1.0, < 1.1.0)
-    dependabot-github_actions (0.283.0)
-      dependabot-common (= 0.283.0)
-    dependabot-go_modules (0.283.0)
-      dependabot-common (= 0.283.0)
-    dependabot-gradle (0.283.0)
-      dependabot-common (= 0.283.0)
-      dependabot-maven (= 0.283.0)
-    dependabot-hex (0.283.0)
-      dependabot-common (= 0.283.0)
-    dependabot-maven (0.283.0)
-      dependabot-common (= 0.283.0)
-    dependabot-npm_and_yarn (0.283.0)
-      dependabot-common (= 0.283.0)
-    dependabot-nuget (0.283.0)
-      dependabot-common (= 0.283.0)
+    dependabot-github_actions (0.285.0)
+      dependabot-common (= 0.285.0)
+    dependabot-go_modules (0.285.0)
+      dependabot-common (= 0.285.0)
+    dependabot-gradle (0.285.0)
+      dependabot-common (= 0.285.0)
+      dependabot-maven (= 0.285.0)
+    dependabot-hex (0.285.0)
+      dependabot-common (= 0.285.0)
+    dependabot-maven (0.285.0)
+      dependabot-common (= 0.285.0)
+    dependabot-npm_and_yarn (0.285.0)
+      dependabot-common (= 0.285.0)
+    dependabot-nuget (0.285.0)
+      dependabot-common (= 0.285.0)
       rubyzip (>= 2.3.2, < 3.0)
-    dependabot-omnibus (0.283.0)
-      dependabot-bundler (= 0.283.0)
-      dependabot-cargo (= 0.283.0)
-      dependabot-common (= 0.283.0)
-      dependabot-composer (= 0.283.0)
-      dependabot-devcontainers (= 0.283.0)
-      dependabot-docker (= 0.283.0)
-      dependabot-elm (= 0.283.0)
-      dependabot-git_submodules (= 0.283.0)
-      dependabot-github_actions (= 0.283.0)
-      dependabot-go_modules (= 0.283.0)
-      dependabot-gradle (= 0.283.0)
-      dependabot-hex (= 0.283.0)
-      dependabot-maven (= 0.283.0)
-      dependabot-npm_and_yarn (= 0.283.0)
-      dependabot-nuget (= 0.283.0)
-      dependabot-pub (= 0.283.0)
-      dependabot-python (= 0.283.0)
-      dependabot-swift (= 0.283.0)
-      dependabot-terraform (= 0.283.0)
-    dependabot-pub (0.283.0)
-      dependabot-common (= 0.283.0)
-    dependabot-python (0.283.0)
-      dependabot-common (= 0.283.0)
-    dependabot-swift (0.283.0)
-      dependabot-common (= 0.283.0)
-    dependabot-terraform (0.283.0)
-      dependabot-common (= 0.283.0)
+    dependabot-omnibus (0.285.0)
+      dependabot-bundler (= 0.285.0)
+      dependabot-cargo (= 0.285.0)
+      dependabot-common (= 0.285.0)
+      dependabot-composer (= 0.285.0)
+      dependabot-devcontainers (= 0.285.0)
+      dependabot-docker (= 0.285.0)
+      dependabot-dotnet_sdk (= 0.285.0)
+      dependabot-elm (= 0.285.0)
+      dependabot-git_submodules (= 0.285.0)
+      dependabot-github_actions (= 0.285.0)
+      dependabot-go_modules (= 0.285.0)
+      dependabot-gradle (= 0.285.0)
+      dependabot-hex (= 0.285.0)
+      dependabot-maven (= 0.285.0)
+      dependabot-npm_and_yarn (= 0.285.0)
+      dependabot-nuget (= 0.285.0)
+      dependabot-pub (= 0.285.0)
+      dependabot-python (= 0.285.0)
+      dependabot-swift (= 0.285.0)
+      dependabot-terraform (= 0.285.0)
+    dependabot-pub (0.285.0)
+      dependabot-common (= 0.285.0)
+    dependabot-python (0.285.0)
+      dependabot-common (= 0.285.0)
+    dependabot-swift (0.285.0)
+      dependabot-common (= 0.285.0)
+    dependabot-terraform (0.285.0)
+      dependabot-common (= 0.285.0)
     diff-lcs (1.5.1)
     docile (1.4.1)
     docker_registry2 (1.18.2)
@@ -193,7 +196,7 @@ GEM
     mime-types (3.6.0)
       logger
       mime-types-data (~> 3.2015)
-    mime-types-data (3.2024.1001)
+    mime-types-data (3.2024.1105)
     mini_mime (1.1.5)
     mini_portile2 (2.8.7)
     multi_xml (0.7.1)
@@ -271,10 +274,10 @@ GEM
     parallel_tests (4.7.2)
       parallel
     parseconfig (1.0.8)
-    parser (3.3.5.1)
+    parser (3.3.6.0)
       ast (~> 2.4.1)
       racc
-    psych (5.1.2)
+    psych (5.2.0)
       stringio
     public_suffix (6.0.1)
     racc (1.8.1)
@@ -355,9 +358,9 @@ GEM
       simplecov_json_formatter (~> 0.1)
     simplecov-html (0.13.1)
     simplecov_json_formatter (0.1.4)
-    sorbet-runtime (0.5.11633)
+    sorbet-runtime (0.5.11645)
     stackprof (0.2.26)
-    stringio (3.1.1)
+    stringio (3.1.2)
     terminal-table (3.0.2)
       unicode-display_width (>= 1.1.1, < 3)
     toml-rb (3.0.1)
@@ -394,7 +397,7 @@ PLATFORMS
 
 DEPENDENCIES
   debug (~> 1.9.2)
-  dependabot-omnibus (~> 0.283.0)
+  dependabot-omnibus (~> 0.285.0)
   flamegraph (~> 0.9.5)
   gpgme (~> 2.0)
   http (~> 5.2)

updater/bin/update_script.rb

@@ -28,6 +28,7 @@
 require "dependabot/cargo"
 require "dependabot/composer"
 require "dependabot/docker"
+require "dependabot/dotnet_sdk"
 require "dependabot/elm"
 require "dependabot/git_submodules"
 require "dependabot/github_actions"

updater/lib/dependabot/dependency_snapshot.rb

@@ -67,9 +67,9 @@ def dependencies
       T.must(@dependencies[@current_directory])
     end
 
-    sig { returns(T.nilable(Dependabot::PackageManagerBase)) }
-    def package_manager
-      @package_manager[@current_directory]
+    sig { returns(T.nilable(Dependabot::Ecosystem)) }
+    def ecosystem
+      @ecosystem[@current_directory]
     end
 
     sig { returns(T::Array[Dependabot::Notice]) }
@@ -181,7 +181,7 @@ def initialize(job:, base_commit_sha:, dependency_files:) # rubocop:disable Metr
       @current_directory = T.let("", String)
 
       @dependencies = T.let({}, T::Hash[String, T::Array[Dependabot::Dependency]])
-      @package_manager = T.let({}, T::Hash[String, T.nilable(Dependabot::PackageManagerBase)])
+      @ecosystem = T.let({}, T::Hash[String, T.nilable(Dependabot::Ecosystem)])
       @notices = T.let({}, T::Hash[String, T::Array[Dependabot::Notice]])
 
       directories.each do |dir|
@@ -241,12 +241,12 @@ def dependency_file_parser
         reject_external_code: job.reject_external_code?,
         options: job.experiments
       )
-      # Add 'package_manager' to the dependency_snapshot to use it in operations
-      package_manager = parser.package_manager
+      # Add 'ecosystem' to the dependency_snapshot to use it in operations
+      ecosystem = parser.ecosystem
       # Raise an error if the package manager version is unsupported
-      package_manager&.raise_if_unsupported!
+      ecosystem&.raise_if_unsupported!
 
-      @package_manager[@current_directory] = package_manager
+      @ecosystem[@current_directory] = ecosystem
 
       # Log deprecation notices if the package manager is deprecated
       # and add them to the notices array
@@ -255,7 +255,7 @@ def dependency_file_parser
       # add deprecation notices for the package manager
       add_deprecation_notice(
         notices: notices_for_current_directory,
-        package_manager: package_manager
+        package_manager: ecosystem&.package_manager
       )
       @notices[@current_directory] = notices_for_current_directory
 

updater/lib/dependabot/notices_helpers.rb

@@ -3,7 +3,7 @@
 
 require "sorbet-runtime"
 require "dependabot/notices"
-require "dependabot/package_manager"
+require "dependabot/ecosystem"
 
 # This module extracts helpers for notice generations that can be used
 # for showing notices in logs, pr messages and alert ui page.
@@ -20,7 +20,7 @@ module NoticesHelpers
     sig do
       params(
         notices: T::Array[Dependabot::Notice],
-        package_manager: T.nilable(PackageManagerBase)
+        package_manager: T.nilable(Ecosystem::VersionManager)
       )
         .void
     end
@@ -58,11 +58,11 @@ def log_notice(notice)
 
     private
 
-    sig { params(package_manager: T.nilable(PackageManagerBase)).returns(T.nilable(Dependabot::Notice)) }
+    sig { params(package_manager: T.nilable(Ecosystem::VersionManager)).returns(T.nilable(Dependabot::Notice)) }
     def create_deprecation_notice(package_manager)
       return unless package_manager
 
-      return unless package_manager.is_a?(PackageManagerBase)
+      return unless package_manager.is_a?(Ecosystem::VersionManager)
 
       Notice.generate_pm_deprecation_notice(
         package_manager

updater/lib/dependabot/setup.rb

@@ -30,6 +30,7 @@
     terraform|
     elm|
     docker|
+    dotnet_sdk|
     git_submodules|
     github_actions|
     composer|
@@ -60,6 +61,7 @@
 require "dependabot/terraform"
 require "dependabot/elm"
 require "dependabot/docker"
+require "dependabot/dotnet_sdk"
 require "dependabot/git_submodules"
 require "dependabot/github_actions"
 require "dependabot/composer"

updater/lib/dependabot/updater/operations/refresh_security_update_pull_request.rb

@@ -132,7 +132,7 @@ def check_and_update_pull_request(dependencies)
           # Dependabot::Experiments.register(:lead_security_dependency, true)
 
           if Dependabot::Experiments.enabled?(:lead_security_dependency)
-            lead_dep_name = security_advisory_dependency
+            lead_dep_name = security_advisory_dependency.downcase
 
             # telemetry data collection
             Dependabot.logger.info(

updater/lib/tinglesoftware/dependabot/setup.rb

@@ -49,6 +49,7 @@
 require "dependabot/terraform"
 require "dependabot/elm"
 require "dependabot/docker"
+require "dependabot/dotnet_sdk"
 require "dependabot/git_submodules"
 require "dependabot/github_actions"
 require "dependabot/composer"

updater/spec/support/dummy_pkg_helpers.rb

@@ -1,7 +1,7 @@
 # typed: false
 # frozen_string_literal: true
 
-require "dependabot/package_manager"
+require "dependabot/ecosystem"
 require "dependabot/dependency_file"
 
 # This module provides some shortcuts for working with our two mock RubyGems packages:
@@ -63,22 +63,17 @@ def updated_bundler_files_hash(fixture: "bundler")
     updated_bundler_files(fixture: fixture).map(&:to_h)
   end
 
-  # Stub PackageManagerBase
-  class StubPackageManager < Dependabot::PackageManagerBase
-    def initialize(name:, version:, deprecated_versions: [], unsupported_versions: [], supported_versions: [])
-      @name = name
-      @version = version
-      @deprecated_versions = deprecated_versions
-      @unsupported_versions = unsupported_versions
-      @supported_versions = supported_versions
+  # Stub Ecosystem::VersionManager
+  class StubPackageManager < Dependabot::Ecosystem::VersionManager
+    def initialize(name:, version:, deprecated_versions: [], supported_versions: [])
+      super(
+        name,
+        Dependabot::Version.new(version),
+        deprecated_versions,
+        supported_versions
+      )
     end
 
-    attr_reader :name
-    attr_reader :version
-    attr_reader :deprecated_versions
-    attr_reader :unsupported_versions
-    attr_reader :supported_versions
-
     sig { override.returns(T::Boolean) }
     def deprecated?
       # If the version is unsupported, the unsupported error is getting raised separately.