dependabot · brrygrdn · Apr 6, 2023 · Apr 5, 2023
@@ -42,7 +42,7 @@ def update_pull_request(dependency_change, base_commit_sha)
       api_url = "#{base_url}/update_jobs/#{job_id}/update_pull_request"
       body = {
         data: {
-          "dependency-names": dependency_change.dependencies.map(&:name),
+          "dependency-names": dependency_change.updated_dependencies.map(&:name),
           "updated-dependency-files": dependency_change.updated_dependency_files_hash,
           "base-commit-sha": base_commit_sha
         }
@@ -153,7 +153,7 @@ def http_client
 
     def create_pull_request_data(dependency_change, base_commit_sha)
       data = {
-        dependencies: dependency_change.dependencies.map do |dep|
+        dependencies: dependency_change.updated_dependencies.map do |dep|
           {
             name: dep.name,
             "previous-version": dep.previous_version,

@@ -11,11 +11,11 @@
 # by adapters to create a Pull Request, apply the changes on disk, etc.
 module Dependabot
   class DependencyChange
-    attr_reader :job, :dependencies, :updated_dependency_files
+    attr_reader :job, :updated_dependencies, :updated_dependency_files
 
-    def initialize(job:, dependencies:, updated_dependency_files:, group_rule: nil)
+    def initialize(job:, updated_dependencies:, updated_dependency_files:, group_rule: nil)
       @job = job
-      @dependencies = dependencies
+      @updated_dependencies = updated_dependencies
       @updated_dependency_files = updated_dependency_files
       @group_rule = group_rule
     end
@@ -25,15 +25,15 @@ def pr_message
 
       @pr_message = Dependabot::PullRequestCreator::MessageBuilder.new(
         source: job.source,
-        dependencies: dependencies,
+        dependencies: updated_dependencies,
         files: updated_dependency_files,
         credentials: job.credentials,
         commit_message_options: job.commit_message_options
       ).message
     end
 
     def humanized
-      dependencies.map do |dependency|
+      updated_dependencies.map do |dependency|
         "#{dependency.name} ( from #{dependency.humanized_previous_version} to #{dependency.humanized_version} )"
       end.join(", ")
     end

@@ -45,7 +45,7 @@ def run
 
       Dependabot::DependencyChange.new(
         job: job,
-        dependencies: updated_deps,
+        updated_dependencies: updated_deps,
         updated_dependency_files: updated_files,
         group_rule: source_group_rule
       )

@@ -188,12 +188,12 @@ def check_and_update_pull_request(dependencies)
       # and the dependency name in the security advisory often doesn't match
       # what users have specified in their manifest.
       job_dependencies = job.dependencies.map(&:downcase)
-      if dependency_change.dependencies.map(&:name).map(&:downcase) != job_dependencies
+      if dependency_change.updated_dependencies.map(&:name).map(&:downcase) != job_dependencies
         # The dependencies being updated have changed. Close the existing
         # multi-dependency PR and try creating a new one.
         close_pull_request(reason: :dependencies_changed)
         create_pull_request(dependency_change)
-      elsif existing_pull_request(dependency_change.dependencies)
+      elsif existing_pull_request(dependency_change.updated_dependencies)
         # The existing PR is for this version. Update it.
         update_pull_request(dependency_change)
       else
@@ -594,12 +594,12 @@ def update_checker_for(dependency, raise_on_ignored:)
     end
 
     def create_pull_request(dependency_change)
-      Dependabot.logger.info("Submitting #{dependency_change.dependencies.map(&:name).join(', ')} " \
+      Dependabot.logger.info("Submitting #{dependency_change.updated_dependencies.map(&:name).join(', ')} " \
                              "pull request for creation")
 
       service.create_pull_request(dependency_change, dependency_snapshot.base_commit_sha)
 
-      created_pull_requests << dependency_change.dependencies.map do |dep|
+      created_pull_requests << dependency_change.updated_dependencies.map do |dep|
         {
           "dependency-name" => dep.name,
           "dependency-version" => dep.version,
@@ -609,7 +609,7 @@ def create_pull_request(dependency_change)
     end
 
     def update_pull_request(dependency_change)
-      Dependabot.logger.info("Submitting #{dependency_change.dependencies.map(&:name).join(', ')} " \
+      Dependabot.logger.info("Submitting #{dependency_change.updated_dependencies.map(&:name).join(', ')} " \
                              "pull request for update")
 
       service.update_pull_request(dependency_change, dependency_snapshot.base_commit_sha)

@@ -43,7 +43,7 @@ def perform
           Dependabot.logger.info("Starting update group for '#{GROUP_NAME_PLACEHOLDER}'")
           dependency_change = compile_all_dependency_changes
 
-          if dependency_change.dependencies.any?
+          if dependency_change.updated_dependencies.any?
             Dependabot.logger.info("Creating a pull request for '#{GROUP_NAME_PLACEHOLDER}'")
             begin
               service.create_pull_request(dependency_change, dependency_snapshot.base_commit_sha)
@@ -108,7 +108,7 @@ def compile_all_dependency_changes
               # filtering for us assuming we iteratively make file changes for
               # each Array of dependencies in the batch and the FileUpdater tells
               # us which cannot be applied.
-              all_updated_dependencies.concat(dependency_change.dependencies)
+              all_updated_dependencies.concat(dependency_change.updated_dependencies)
               dependency_change.updated_dependency_files
             else
               dependency_files # pass on the existing files if no updates are possible
@@ -119,7 +119,7 @@ def compile_all_dependency_changes
           # into a single object we can pass to PR creation.
           Dependabot::DependencyChange.new(
             job: job,
-            dependencies: all_updated_dependencies,
+            updated_dependencies: all_updated_dependencies,
             updated_dependency_files: updated_files,
             group_rule: group_rule
           )

@@ -97,12 +97,12 @@ def check_and_update_pull_request(dependencies)
           # and the dependency name in the security advisory often doesn't match
           # what users have specified in their manifest.
           job_dependencies = job.dependencies.map(&:downcase)
-          if dependency_change.dependencies.map(&:name).map(&:downcase) != job_dependencies
+          if dependency_change.updated_dependencies.map(&:name).map(&:downcase) != job_dependencies
             # The dependencies being updated have changed. Close the existing
             # multi-dependency PR and try creating a new one.
             close_pull_request(reason: :dependencies_changed)
             create_pull_request(dependency_change)
-          elsif existing_pull_request(dependency_change.dependencies)
+          elsif existing_pull_request(dependency_change.updated_dependencies)
             # The existing PR is for this version. Update it.
             update_pull_request(dependency_change)
           else
@@ -114,14 +114,14 @@ def check_and_update_pull_request(dependencies)
         # rubocop:enable Metrics/PerceivedComplexity
 
         def create_pull_request(dependency_change)
-          Dependabot.logger.info("Submitting #{dependency_change.dependencies.map(&:name).join(', ')} " \
+          Dependabot.logger.info("Submitting #{dependency_change.updated_dependencies.map(&:name).join(', ')} " \
                                  "pull request for creation")
 
           service.create_pull_request(dependency_change, dependency_snapshot.base_commit_sha)
         end
 
         def update_pull_request(dependency_change)
-          Dependabot.logger.info("Submitting #{dependency_change.dependencies.map(&:name).join(', ')} " \
+          Dependabot.logger.info("Submitting #{dependency_change.updated_dependencies.map(&:name).join(', ')} " \
                                  "pull request for update")
 
           service.update_pull_request(dependency_change, dependency_snapshot.base_commit_sha)

@@ -234,12 +234,12 @@ def peer_dependency_should_update_instead?(dependency_name, updated_deps)
         end
 
         def create_pull_request(dependency_change)
-          Dependabot.logger.info("Submitting #{dependency_change.dependencies.map(&:name).join(', ')} " \
+          Dependabot.logger.info("Submitting #{dependency_change.updated_dependencies.map(&:name).join(', ')} " \
                                  "pull request for creation")
 
           service.create_pull_request(dependency_change, dependency_snapshot.base_commit_sha)
 
-          created_pull_requests << dependency_change.dependencies.map do |dep|
+          created_pull_requests << dependency_change.updated_dependencies.map do |dep|
             {
               "dependency-name" => dep.name,
               "dependency-version" => dep.version,

@@ -13,7 +13,7 @@
     let(:dependency_change) do
       Dependabot::DependencyChange.new(
         job: job,
-        dependencies: dependencies,
+        updated_dependencies: dependencies,
         updated_dependency_files: dependency_files
       )
     end
@@ -188,7 +188,7 @@
       it "flags the PR as a grouped-update if the dependency change has a group rule assigned" do
         grouped_dependency_change = Dependabot::DependencyChange.new(
           job: job,
-          dependencies: dependencies,
+          updated_dependencies: dependencies,
           updated_dependency_files: dependency_files,
           group_rule: anything
         )
@@ -209,7 +209,7 @@
     let(:dependency_change) do
       Dependabot::DependencyChange.new(
         job: job,
-        dependencies: [dependency],
+        updated_dependencies: [dependency],
         updated_dependency_files: dependency_files
       )
     end

@@ -93,7 +93,7 @@
         dependency_change = create_change
 
         expect(dependency_change).to be_a(Dependabot::DependencyChange)
-        expect(dependency_change.dependencies).to eql(updated_dependencies)
+        expect(dependency_change.updated_dependencies).to eql(updated_dependencies)
         expect(dependency_change.updated_dependency_files.map(&:name)).to eql(["Gemfile", "Gemfile.lock"])
         expect(dependency_change).not_to be_grouped_update
 

@@ -8,7 +8,7 @@
   subject(:dependency_change) do
     described_class.new(
       job: job,
-      dependencies: dependencies,
+      updated_dependencies: updated_dependencies,
       updated_dependency_files: updated_dependency_files
     )
   end
@@ -17,7 +17,7 @@
     instance_double(Dependabot::Job)
   end
 
-  let(:dependencies) do
+  let(:updated_dependencies) do
     [
       Dependabot::Dependency.new(
         name: "business",
@@ -97,7 +97,7 @@
         to receive(:new).with(
           source: github_source,
           files: updated_dependency_files,
-          dependencies: dependencies,
+          dependencies: updated_dependencies,
           credentials: job_credentials,
           commit_message_options: commit_message_options
         )
@@ -115,7 +115,7 @@
       it "is true" do
         rule = described_class.new(
           job: job,
-          dependencies: dependencies,
+          updated_dependencies: updated_dependencies,
           updated_dependency_files: updated_dependency_files,
           group_rule: anything # For now the group_rule parameter is treated permissively as any non-nil value
         )

@@ -162,7 +162,7 @@
                 file: "Gemfile" }
             ]
           )
-          expect(dependency_change.dependencies).to eql([dep])
+          expect(dependency_change.updated_dependencies).to eql([dep])
           expect(dependency_change.updated_dependency_files_hash).to eq(
             [
               {
@@ -361,7 +361,7 @@
                 file: "Gemfile" }
             ]
           )
-          expect(dependency_change.dependencies).to eql([dep])
+          expect(dependency_change.updated_dependencies).to eql([dep])
           expect(dependency_change.updated_dependency_files_hash).to eq(
             [
               {

@@ -23,7 +23,7 @@
     let(:dependency_change) do
       Dependabot::DependencyChange.new(
         job: instance_double(Dependabot::Job, source: nil, credentials: [], commit_message_options: []),
-        dependencies: dependencies,
+        updated_dependencies: dependencies,
         updated_dependency_files: dependency_files
       )
     end
@@ -76,7 +76,7 @@
     let(:dependency_change) do
       Dependabot::DependencyChange.new(
         job: anything,
-        dependencies: dependencies,
+        updated_dependencies: dependencies,
         updated_dependency_files: dependency_files
       )
     end

@@ -34,7 +34,7 @@
       updater = build_updater(service: service, job: job)
 
       expect(service).to receive(:create_pull_request) do |dependency_change, base_commit_sha|
-        expect(dependency_change.dependencies.first).to have_attributes(name: "dummy-pkg-b")
+        expect(dependency_change.updated_dependencies.first).to have_attributes(name: "dummy-pkg-b")
         expect(dependency_change.updated_dependency_files_hash).to eql(
           [
             {
@@ -2009,7 +2009,7 @@ def expect_update_checker_with_ignored_versions(versions)
           updater = build_updater(service: service, job: job, dependency_files: dependency_files)
 
           expect(service).to receive(:create_pull_request) do |dependency_change, base_commit_sha|
-            expect(dependency_change.dependencies.first).to have_attributes(name: "dummy-pkg-b")
+            expect(dependency_change.updated_dependencies.first).to have_attributes(name: "dummy-pkg-b")
             expect(dependency_change.updated_dependency_files_hash).to eql(
               [
                 {
@@ -2202,7 +2202,7 @@ def expect_update_checker_with_ignored_versions(versions)
       updater = build_updater(service: service, job: job)
 
       expect(service).to receive(:create_pull_request) do |dependency_change, base_commit_sha|
-        expect(dependency_change.dependencies.first).to have_attributes(name: "dummy-pkg-b")
+        expect(dependency_change.updated_dependencies.first).to have_attributes(name: "dummy-pkg-b")
         expect(dependency_change.updated_dependency_files_hash).to eql(
           [
             {