Merge branch 'main' into refactor-api-client

Author: yeikel

Gemfile.lock

@@ -1,26 +1,26 @@
 PATH
   remote: bun
   specs:
-    dependabot-bun (0.331.0)
-      dependabot-common (= 0.331.0)
+    dependabot-bun (0.332.0)
+      dependabot-common (= 0.332.0)
 
 PATH
   remote: bundler
   specs:
-    dependabot-bundler (0.331.0)
-      dependabot-common (= 0.331.0)
+    dependabot-bundler (0.332.0)
+      dependabot-common (= 0.332.0)
       parallel (~> 1.24)
 
 PATH
   remote: cargo
   specs:
-    dependabot-cargo (0.331.0)
-      dependabot-common (= 0.331.0)
+    dependabot-cargo (0.332.0)
+      dependabot-common (= 0.332.0)
 
 PATH
   remote: common
   specs:
-    dependabot-common (0.331.0)
+    dependabot-common (0.332.0)
       aws-sdk-codecommit (~> 1.28)
       aws-sdk-ecr (~> 1.5)
       bundler (>= 1.16, < 3.0.0)
@@ -46,151 +46,151 @@ PATH
 PATH
   remote: composer
   specs:
-    dependabot-composer (0.331.0)
-      dependabot-common (= 0.331.0)
+    dependabot-composer (0.332.0)
+      dependabot-common (= 0.332.0)
 
 PATH
   remote: conda
   specs:
-    dependabot-conda (0.331.0)
-      dependabot-common (= 0.331.0)
-      dependabot-python (= 0.331.0)
+    dependabot-conda (0.332.0)
+      dependabot-common (= 0.332.0)
+      dependabot-python (= 0.332.0)
 
 PATH
   remote: devcontainers
   specs:
-    dependabot-devcontainers (0.331.0)
-      dependabot-common (= 0.331.0)
+    dependabot-devcontainers (0.332.0)
+      dependabot-common (= 0.332.0)
 
 PATH
   remote: docker_compose
   specs:
-    dependabot-docker_compose (0.331.0)
-      dependabot-common (= 0.331.0)
-      dependabot-docker (= 0.331.0)
+    dependabot-docker_compose (0.332.0)
+      dependabot-common (= 0.332.0)
+      dependabot-docker (= 0.332.0)
 
 PATH
   remote: docker
   specs:
-    dependabot-docker (0.331.0)
-      dependabot-common (= 0.331.0)
+    dependabot-docker (0.332.0)
+      dependabot-common (= 0.332.0)
 
 PATH
   remote: dotnet_sdk
   specs:
-    dependabot-dotnet_sdk (0.331.0)
-      dependabot-common (= 0.331.0)
+    dependabot-dotnet_sdk (0.332.0)
+      dependabot-common (= 0.332.0)
 
 PATH
   remote: elm
   specs:
-    dependabot-elm (0.331.0)
-      dependabot-common (= 0.331.0)
+    dependabot-elm (0.332.0)
+      dependabot-common (= 0.332.0)
 
 PATH
   remote: git_submodules
   specs:
-    dependabot-git_submodules (0.331.0)
-      dependabot-common (= 0.331.0)
+    dependabot-git_submodules (0.332.0)
+      dependabot-common (= 0.332.0)
       parseconfig (~> 1.0, < 1.1.0)
 
 PATH
   remote: github_actions
   specs:
-    dependabot-github_actions (0.331.0)
-      dependabot-common (= 0.331.0)
+    dependabot-github_actions (0.332.0)
+      dependabot-common (= 0.332.0)
 
 PATH
   remote: go_modules
   specs:
-    dependabot-go_modules (0.331.0)
-      dependabot-common (= 0.331.0)
+    dependabot-go_modules (0.332.0)
+      dependabot-common (= 0.332.0)
 
 PATH
   remote: gradle
   specs:
-    dependabot-gradle (0.331.0)
-      dependabot-common (= 0.331.0)
-      dependabot-maven (= 0.331.0)
+    dependabot-gradle (0.332.0)
+      dependabot-common (= 0.332.0)
+      dependabot-maven (= 0.332.0)
 
 PATH
   remote: helm
   specs:
-    dependabot-helm (0.331.0)
-      dependabot-common (= 0.331.0)
-      dependabot-docker (= 0.331.0)
+    dependabot-helm (0.332.0)
+      dependabot-common (= 0.332.0)
+      dependabot-docker (= 0.332.0)
 
 PATH
   remote: hex
   specs:
-    dependabot-hex (0.331.0)
-      dependabot-common (= 0.331.0)
+    dependabot-hex (0.332.0)
+      dependabot-common (= 0.332.0)
 
 PATH
   remote: maven
   specs:
-    dependabot-maven (0.331.0)
-      dependabot-common (= 0.331.0)
+    dependabot-maven (0.332.0)
+      dependabot-common (= 0.332.0)
 
 PATH
   remote: npm_and_yarn
   specs:
-    dependabot-npm_and_yarn (0.331.0)
-      dependabot-common (= 0.331.0)
+    dependabot-npm_and_yarn (0.332.0)
+      dependabot-common (= 0.332.0)
 
 PATH
   remote: nuget
   specs:
-    dependabot-nuget (0.331.0)
-      dependabot-common (= 0.331.0)
+    dependabot-nuget (0.332.0)
+      dependabot-common (= 0.332.0)
 
 PATH
   remote: pub
   specs:
-    dependabot-pub (0.331.0)
-      dependabot-common (= 0.331.0)
+    dependabot-pub (0.332.0)
+      dependabot-common (= 0.332.0)
 
 PATH
   remote: python
   specs:
-    dependabot-python (0.331.0)
-      dependabot-common (= 0.331.0)
+    dependabot-python (0.332.0)
+      dependabot-common (= 0.332.0)
 
 PATH
   remote: rust_toolchain
   specs:
-    dependabot-rust_toolchain (0.331.0)
-      dependabot-common (= 0.331.0)
+    dependabot-rust_toolchain (0.332.0)
+      dependabot-common (= 0.332.0)
 
 PATH
   remote: silent
   specs:
-    dependabot-silent (0.331.0)
-      dependabot-common (= 0.331.0)
+    dependabot-silent (0.332.0)
+      dependabot-common (= 0.332.0)
 
 PATH
   remote: swift
   specs:
-    dependabot-swift (0.331.0)
-      dependabot-common (= 0.331.0)
+    dependabot-swift (0.332.0)
+      dependabot-common (= 0.332.0)
 
 PATH
   remote: terraform
   specs:
-    dependabot-terraform (0.331.0)
-      dependabot-common (= 0.331.0)
+    dependabot-terraform (0.332.0)
+      dependabot-common (= 0.332.0)
 
 PATH
   remote: uv
   specs:
-    dependabot-uv (0.331.0)
-      dependabot-common (= 0.331.0)
+    dependabot-uv (0.332.0)
+      dependabot-common (= 0.332.0)
 
 PATH
   remote: vcpkg
   specs:
-    dependabot-vcpkg (0.331.0)
-      dependabot-common (= 0.331.0)
+    dependabot-vcpkg (0.332.0)
+      dependabot-common (= 0.332.0)
 
 GEM
   remote: https://rubygems.org/
@@ -497,34 +497,34 @@ CHECKSUMS
   csv (3.3.0) sha256=0bbd1defdc31134abefed027a639b3723c2753862150f4c3ee61cab71b20d67d
   date (3.4.1) sha256=bf268e14ef7158009bfeaec40b5fa3c7271906e88b196d958a89d4b408abe64f
   debug (1.9.2) sha256=48e026c0852c7a10c60263e2e527968308958e266231e36d64e3efcabec7e7fc
-  dependabot-bun (0.331.0)
-  dependabot-bundler (0.331.0)
-  dependabot-cargo (0.331.0)
-  dependabot-common (0.331.0)
-  dependabot-composer (0.331.0)
-  dependabot-conda (0.331.0)
-  dependabot-devcontainers (0.331.0)
-  dependabot-docker (0.331.0)
-  dependabot-docker_compose (0.331.0)
-  dependabot-dotnet_sdk (0.331.0)
-  dependabot-elm (0.331.0)
-  dependabot-git_submodules (0.331.0)
-  dependabot-github_actions (0.331.0)
-  dependabot-go_modules (0.331.0)
-  dependabot-gradle (0.331.0)
-  dependabot-helm (0.331.0)
-  dependabot-hex (0.331.0)
-  dependabot-maven (0.331.0)
-  dependabot-npm_and_yarn (0.331.0)
-  dependabot-nuget (0.331.0)
-  dependabot-pub (0.331.0)
-  dependabot-python (0.331.0)
-  dependabot-rust_toolchain (0.331.0)
-  dependabot-silent (0.331.0)
-  dependabot-swift (0.331.0)
-  dependabot-terraform (0.331.0)
-  dependabot-uv (0.331.0)
-  dependabot-vcpkg (0.331.0)
+  dependabot-bun (0.332.0)
+  dependabot-bundler (0.332.0)
+  dependabot-cargo (0.332.0)
+  dependabot-common (0.332.0)
+  dependabot-composer (0.332.0)
+  dependabot-conda (0.332.0)
+  dependabot-devcontainers (0.332.0)
+  dependabot-docker (0.332.0)
+  dependabot-docker_compose (0.332.0)
+  dependabot-dotnet_sdk (0.332.0)
+  dependabot-elm (0.332.0)
+  dependabot-git_submodules (0.332.0)
+  dependabot-github_actions (0.332.0)
+  dependabot-go_modules (0.332.0)
+  dependabot-gradle (0.332.0)
+  dependabot-helm (0.332.0)
+  dependabot-hex (0.332.0)
+  dependabot-maven (0.332.0)
+  dependabot-npm_and_yarn (0.332.0)
+  dependabot-nuget (0.332.0)
+  dependabot-pub (0.332.0)
+  dependabot-python (0.332.0)
+  dependabot-rust_toolchain (0.332.0)
+  dependabot-silent (0.332.0)
+  dependabot-swift (0.332.0)
+  dependabot-terraform (0.332.0)
+  dependabot-uv (0.332.0)
+  dependabot-vcpkg (0.332.0)
   diff-lcs (1.6.2) sha256=9ae0d2cba7d4df3075fe8cd8602a8604993efc0dfa934cff568969efb1909962
   docile (1.4.0) sha256=5f1734bde23721245c20c3d723e76c104208e1aa01277a69901ce770f0ebb8d3
   docker_registry2 (1.18.2) sha256=2ace909110fbca29d69dd1cdec99f555024aa6f6577798638139c8e8e556910f

common/lib/dependabot.rb

@@ -2,5 +2,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.331.0"
+  VERSION = "0.332.0"
 end

conda/lib/dependabot/conda/update_checker.rb

@@ -135,19 +135,26 @@ def latest_version_finder
       def fetch_lowest_resolvable_security_fix_version
         # Delegate to latest_version_finder for security fix resolution
         # This leverages Python ecosystem's security advisory infrastructure
-        latest_version_finder.lowest_security_fix_version
+        fix_version = latest_version_finder.lowest_security_fix_version
+
+        # If no security fix version is found, fall back to latest_resolvable_version
+        if fix_version.nil?
+          fallback = latest_resolvable_version
+          return fallback.is_a?(String) ? Dependabot::Conda::Version.new(fallback) : fallback
+        end
+
+        fix_version
       end
 
       sig { override.returns(T::Boolean) }
       def latest_version_resolvable_with_full_unlock?
-        # For Phase 3, return false as placeholder since we're not doing full dependency resolution
+        # No lock file support for Conda
         false
       end
 
       sig { override.returns(T::Array[Dependabot::Dependency]) }
       def updated_dependencies_after_full_unlock
-        # For Phase 3, return empty array as placeholder
-        []
+        raise NotImplementedError
       end
 
       sig { params(requirement_string: String, new_version: String).returns(String) }

conda/lib/dependabot/conda/update_checker/latest_version_finder.rb

@@ -54,7 +54,7 @@ def python_latest_version_finder
               credentials: credentials,
               ignored_versions: ignored_versions,
               raise_on_ignored: @raise_on_ignored,
-              security_advisories: security_advisories,
+              security_advisories: python_compatible_security_advisories,
               cooldown_options: @cooldown_options
             ),
             T.nilable(Dependabot::Python::UpdateChecker::LatestVersionFinder)
@@ -81,6 +81,28 @@ def python_compatible_requirements
           end
         end
 
+        sig { returns(T::Array[Dependabot::SecurityAdvisory]) }
+        def python_compatible_security_advisories
+          security_advisories.map do |advisory|
+            # Convert Conda requirements to Python requirements for pip compatibility
+            python_vulnerable_versions = advisory.vulnerable_versions.flat_map do |conda_req|
+              Dependabot::Python::Requirement.requirements_array(conda_req.to_s)
+            end
+
+            python_safe_versions = advisory.safe_versions.flat_map do |conda_req|
+              Dependabot::Python::Requirement.requirements_array(conda_req.to_s)
+            end
+
+            # Normalize security advisories to use 'pip' package manager for Python delegation
+            Dependabot::SecurityAdvisory.new(
+              dependency_name: advisory.dependency_name,
+              package_manager: "pip", # Use pip for PyPI compatibility
+              vulnerable_versions: python_vulnerable_versions,
+              safe_versions: python_safe_versions
+            )
+          end
+        end
+
         sig { params(conda_requirement: T.nilable(String)).returns(T.nilable(String)) }
         def convert_conda_requirement_to_pip(conda_requirement)
           RequirementTranslator.conda_to_pip(conda_requirement)