feat(dependabot): use jq for robust JSON parsing v1.5.0

[vnz]

Summary

Replace fragile grep string matching with proper jq JSON parsing for Dependabot CLI output. The grep approach is retained as a fallback for environments without jq.

Problem

The current grep-based parsing:

<output> | grep '"type":"create_pull_request"'

Is fragile because:

1. Relies on exact string matching that breaks with formatting changes
2. Can't handle whitespace variations ("type": "create_pull_request" vs "type":"create_pull_request")
3. Can't extract nested fields reliably

Solution

Use jq for structural JSON parsing:

<output> | jq -c 'select(.type == "create_pull_request")'

Changes

• Section 1: Add jq to prerequisites check
• Section 5: jq as primary method, grep as fallback
• Section 5: Add jq extraction example for dependency summaries
• Section 5: Correct JSON field paths (data.dependencies[], data["pr-title"])
• Version: 1.4.0 → 1.5.0

Files Modified

• plugins/dependabot/skills/dependabot/SKILL.md — Sections 1 and 5
• plugins/dependabot/.claude-plugin/plugin.json — version bump
• .claude-plugin/marketplace.json — version bump

Verification

• Plugin-validator agent confirms valid structure
• Pre-commit hooks pass
• jq commands are syntactically correct

🤖 Generated with Claude Code

[gemini-code-assist]

Summary of Changes

Hello @vnz, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the reliability of processing Dependabot CLI output by transitioning from basic string matching to structured JSON parsing. This change ensures that the system can accurately interpret and extract dependency update information, making the plugin more resilient to formatting variations and improving overall data integrity.

Highlights

• Robust JSON Parsing: The parsing mechanism for Dependabot CLI output has been upgraded from fragile grep string matching to jq for more robust and reliable JSON processing. A grep fallback is retained for environments without jq.
• Prerequisite Check for jq: A new prerequisite check has been added to ensure jq is installed, providing clear instructions to users if it's missing.
• Improved Data Extraction: JSON field paths for extracting dependency information (e.g., data.dependencies[], data["pr-title"]) have been corrected and an example jq command for dependency summary extraction has been added.
• Version Update: The Dependabot plugin version has been incremented from 1.4.0 to 1.5.0.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces jq for robust JSON parsing of Dependabot CLI output, which is a great improvement over the fragile grep method. The changes are well-structured, with jq as the primary method and grep retained as a fallback. The documentation updates are clear and comprehensive. I've added a few suggestions to further improve the clarity of the documentation in SKILL.md.

[vnz]

Thanks @gemini-code-assist for the review!

Both suggestions applied in 82ead5f:

1. jq prerequisite message — Now indicates jq is "recommended" with fallback available, rather than implying it's required.

2. Bracket notation for previous-version — Fixed to data.dependencies[]["previous-version"] for consistency with other hyphenated keys. (Note: corrected the suggested syntax — jq doesn't use a dot before bracket notation.)

[gemini-code-assist]

That's great to hear, @vnz!

I appreciate you clarifying the jq prerequisite message to indicate it's recommended with a fallback. This provides better guidance for users.

And thank you for implementing the correct bracket notation for previous-version (data.dependencies[]["previous-version"]). Your clarification about jq not using a dot before bracket notation for hyphenated keys is spot on and very helpful for others reading the documentation.

These updates significantly improve the clarity and robustness of the Dependabot plugin's documentation. Excellent work!