Skip to content

Fix TypeError when force_updater receives git commit SHA instead of Version#14096

Draft
Copilot wants to merge 3 commits intomainfrom
copilot/fix-typeerror-dependabot-version
Draft

Fix TypeError when force_updater receives git commit SHA instead of Version#14096
Copilot wants to merge 3 commits intomainfrom
copilot/fix-typeerror-dependabot-version

Conversation

Copy link
Contributor

Copilot AI commented Feb 4, 2026
edited by kbukum1
Loading

What are you trying to accomplish?

Fixes TypeError: T.cast: Expected type Dependabot::Version, got type String when updating git dependencies.

For git dependencies, latest_version returns commit SHAs (String) from methods like git_commit_checker.head_commit_for_current_branch. The force_updater expects Gem::Version objects and validates this constraint. Git dependencies bypass version resolution entirely—they track commits, not semantic versions—making the full unlock path inapplicable.

Anything you want to highlight for special attention from reviewers?

Added guards to short-circuit before force_updater invocation:

  • latest_version_resolvable_with_full_unlock? returns false for git dependencies
  • updated_dependencies_after_full_unlock returns [] for git dependencies

This follows the existing pattern for git dependency handling (see lowest_resolvable_security_fix_version line 47).

Alternative considered: Modify ForceUpdater to accept String types. Rejected because full unlock semantics don't apply to git dependencies—they don't have version constraints to unlock.

How will you know you've accomplished your goal?

Added test coverage for both methods with git dependencies returning commit SHAs. Tests verify no TypeError is raised and appropriate values are returned.

All changes pass Sorbet type checking, RuboCop validation, and CodeQL security analysis.

Checklist

  • I have run the complete test suite to ensure all tests and linters pass.
  • I have thoroughly tested my code changes to ensure they work as expected, including adding additional tests for new functionality.
  • I have written clear and descriptive commit messages.
  • I have provided a detailed description of the changes in the pull request, including the problem it addresses, how it fixes the problem, and any relevant details about the implementation.
  • I have ensured that the code is well-documented and easy to understand.

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

Copilot AI and others added 2 commits February 4, 2026 00:16
@kbukum1
Fix TypeError when git dependencies return commit SHA instead of Version
47d365d 
- Add guard to check for git dependencies before calling force_updater
- force_updater expects Gem::Version, not commit SHA strings
- Add tests for git dependency handling in both methods

Co-authored-by: kbukum1 <171620528+kbukum1@users.noreply.github.com>
@kbukum1
Refactor comment to be more concise per code review feedback
6283c16 
Co-authored-by: kbukum1 <171620528+kbukum1@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix TypeError for Dependabot::Version casting Fix TypeError when force_updater receives git commit SHA instead of Version Feb 4, 2026
Copilot AI requested a review from kbukum1 February 4, 2026 00:20
@github-actions github-actions bot added the L: ruby:bundler RubyGems via bundler label Feb 4, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kbukum1 kbukum1 Awaiting requested review from kbukum1

At least 1 approving review is required to merge this pull request.

Assignees

@kbukum1 kbukum1

Copilot code review Copilot

Labels

L: ruby:bundler RubyGems via bundler

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kbukum1