From 1175b5a1240552549dc0de3d72cd752e9aab3892 Mon Sep 17 00:00:00 2001
From: "Brett V. Forsgren" <brettfo@microsoft.com>
Date: Thu, 31 Oct 2024 09:57:06 -0600
Subject: [PATCH] do case-insensitive comparison for `lead_security_dependency`
 experiment (#10861)

* do case-insensitive comparison for `lead_security_dependency` experiment
---
 .../refresh_security_update_pull_request.rb   |  2 +-
 ...fresh_security_update_pull_request_spec.rb | 46 +++++++++++++++++++
 2 files changed, 47 insertions(+), 1 deletion(-)

diff --git a/updater/lib/dependabot/updater/operations/refresh_security_update_pull_request.rb b/updater/lib/dependabot/updater/operations/refresh_security_update_pull_request.rb
index 9acbffc8ba0..ab94b2fad2f 100644
--- a/updater/lib/dependabot/updater/operations/refresh_security_update_pull_request.rb
+++ b/updater/lib/dependabot/updater/operations/refresh_security_update_pull_request.rb
@@ -132,7 +132,7 @@ def check_and_update_pull_request(dependencies)
           # Dependabot::Experiments.register(:lead_security_dependency, true)
 
           if Dependabot::Experiments.enabled?(:lead_security_dependency)
-            lead_dep_name = security_advisory_dependency
+            lead_dep_name = security_advisory_dependency.downcase
 
             # telemetry data collection
             Dependabot.logger.info(
diff --git a/updater/spec/dependabot/updater/operations/refresh_security_update_pull_request_spec.rb b/updater/spec/dependabot/updater/operations/refresh_security_update_pull_request_spec.rb
index a2df8f7bcc8..fbc8aa9bc12 100644
--- a/updater/spec/dependabot/updater/operations/refresh_security_update_pull_request_spec.rb
+++ b/updater/spec/dependabot/updater/operations/refresh_security_update_pull_request_spec.rb
@@ -310,5 +310,51 @@
                                                   [dependency])
       end
     end
+
+    context "when the dependency name has upper-case characters" do
+      before do
+        allow(Dependabot::Experiments).to receive(:enabled?).with(:lead_security_dependency).and_return(true)
+        allow(stub_update_checker).to receive_messages(
+          up_to_date?: false,
+          requirements_unlocked_or_can_be?: true
+        )
+        allow(job).to receive_messages(allowed_update?: true,
+                                       security_advisories: [{ "dependency-name" => "Dummy-Pkg-A" }])
+      end
+
+      after do
+        allow(Dependabot::Experiments).to receive(:enabled?).with(:lead_security_dependency).and_return(false)
+      end
+
+      let(:dependency) do
+        Dependabot::Dependency.new(
+          name: "Dummy-Pkg-A",
+          version: "4.0.0",
+          requirements: [{
+            file: "Gemfile",
+            requirement: "~> 4.0.0",
+            groups: ["default"],
+            source: nil
+          }],
+          package_manager: "bundler",
+          metadata: { all_versions: ["4.0.0"] }
+        )
+      end
+
+      it "checks if a pull request already exists" do
+        allow(job).to receive(:dependencies).and_return(%w(dummy-pkg-a))
+        allow(refresh_security_update_pull_request).to receive(:existing_pull_request).and_return(true)
+        allow(Dependabot.logger).to receive(:info).and_call_original
+
+        expect(refresh_security_update_pull_request).to receive(:update_pull_request)
+
+        expect(Dependabot.logger)
+          .to receive(:info)
+          .with matching(/Security advisory dependency: dummy-pkg-a/)
+
+        refresh_security_update_pull_request.send(:check_and_update_pull_request,
+                                                  [dependency])
+      end
+    end
   end
 end