Include directory when serializing dependencies

updater/lib/dependabot/dependency_change.rb

@@ -59,6 +59,7 @@ def initialize(job:, updated_dependencies:, updated_dependency_files:, dependenc
       @dependency_group = dependency_group
 
       @pr_message = T.let(nil, T.nilable(Dependabot::PullRequestCreator::Message))
+      ensure_dependencies_have_directories
     end
 
     sig { returns(Dependabot::PullRequestCreator::Message) }
@@ -180,10 +181,30 @@ def updated_dependencies_set
           {
             "dependency-name" => dep.name,
             "dependency-version" => dep.version,
+            "directory" => should_consider_directory? ? dep.directory : nil,
             "dependency-removed" => dep.removed? ? true : nil
           }.compact
         end
       )
     end
+
+    sig { returns(T::Array[Dependabot::Dependency]) }
+    def ensure_dependencies_have_directories
+      updated_dependencies.each do |dep|
+        dep.directory = directory
+      end
+    end
+
+    sig { returns(String) }
+    def directory
+      return "" if updated_dependency_files.empty?
+
+      T.must(updated_dependency_files.first).directory
+    end
+
+    sig { returns(T::Boolean) }
+    def should_consider_directory?
+      grouped_update? && Dependabot::Experiments.enabled?("dependency_has_directory")
+    end
   end
 end

updater/spec/dependabot/dependency_change_spec.rb

@@ -267,4 +267,126 @@
       end
     end
   end
+
+  describe "#matches_existing_pr?" do
+    before do
+      Dependabot::Experiments.register("dependency_has_directory", true)
+    end
+
+    after do
+      Dependabot::Experiments.reset!
+    end
+
+    context "when no existing pull requests are found" do
+      let(:job) do
+        instance_double(Dependabot::Job,
+                        dependencies: updated_dependencies.map(&:name),
+                        existing_pull_requests: [])
+      end
+      let(:dependency_change) do
+        described_class.new(
+          job: job,
+          updated_dependencies: updated_dependencies,
+          updated_dependency_files: updated_dependency_files
+        )
+      end
+
+      it "returns false" do
+        expect(dependency_change.matches_existing_pr?).to be false
+      end
+    end
+
+    context "when updating a pull request with the same dependencies" do
+      let(:job) do
+        instance_double(Dependabot::Job,
+                        dependencies: updated_dependencies.map(&:name),
+                        existing_pull_requests: existing_pull_requests)
+      end
+      let(:existing_pull_requests) do
+        [
+          updated_dependencies.map do |dep|
+            { "dependency-name" => dep.name,
+              "dependency-version" => dep.version }
+          end
+        ]
+      end
+      let(:dependency_change) do
+        described_class.new(
+          job: job,
+          updated_dependencies: updated_dependencies,
+          updated_dependency_files: updated_dependency_files
+        )
+      end
+
+      it "returns true" do
+        expect(dependency_change.matches_existing_pr?).to be true
+      end
+    end
+
+    context "when updating a grouped pull request with the same dependencies" do
+      let(:job) do
+        instance_double(Dependabot::Job,
+                        dependencies: updated_dependencies.map(&:name),
+                        existing_group_pull_requests: existing_group_pull_requests)
+      end
+      let(:existing_group_pull_requests) do
+        [
+          { "dependency-group-name" => "foo",
+            "dependencies" => [
+              updated_dependencies.map do |dep|
+                { "dependency-name" => dep.name.to_s,
+                  "dependency-version" => dep.version.to_s,
+                  "directory" => dep.directory.to_s }
+              end
+            ] }
+        ]
+      end
+
+      let(:dependency_change) do
+        described_class.new(
+          job: job,
+          updated_dependencies: updated_dependencies,
+          updated_dependency_files: updated_dependency_files,
+          dependency_group: Dependabot::DependencyGroup.new(name: "foo", rules: { patterns: ["*"] })
+        )
+      end
+
+      it "returns true" do
+        expect(dependency_change.matches_existing_pr?).to be false
+      end
+    end
+
+    context "when updating a grouped pull request with the same dependencies, but in different directory" do
+      let(:job) do
+        instance_double(Dependabot::Job,
+                        dependencies: updated_dependencies.map(&:name),
+                        existing_group_pull_requests: existing_group_pull_requests)
+      end
+      let(:existing_group_pull_requests) do
+        [
+          { "dependency-group-name" => "foo",
+            "dependencies" => [
+              updated_dependencies.map do |dep|
+                { "dependency-name" => dep.name.to_s,
+                  "dependency-version" => dep.version.to_s,
+                  "directory" => "/foo" }
+              end
+            ] }
+        ]
+      end
+
+      let(:dependency_change) do
+        described_class.new(
+          job: job,
+          updated_dependencies: updated_dependencies,
+          updated_dependency_files: updated_dependency_files,
+          dependency_group: Dependabot::DependencyGroup.new(name: "foo", rules: { patterns: ["*"] })
+        )
+      end
+
+      it "returns false" do
+        expect(dependency_change.matches_existing_pr?).to be false
+      end
+    end
+  end
 end

updater/spec/dependabot/service_spec.rb

@@ -82,7 +82,7 @@
 
     let(:dependency_files) do
       [
-        { name: "Gemfile", content: "some gems" }
+        Dependabot::DependencyFile.new(name: "Gemfile", content: "some gems")
       ]
     end
 
@@ -138,7 +138,7 @@
 
     let(:dependency_files) do
       [
-        { name: "Gemfile", content: "some gems" }
+        Dependabot::DependencyFile.new(name: "Gemfile", content: "some gems")
       ]
     end
 

updater/spec/dependabot/updater/operations/refresh_group_update_pull_request_spec.rb

@@ -70,6 +70,11 @@
 
     before do
       stub_rubygems_calls
+      Dependabot::Experiments.register("dependency_has_directory", true)
+    end
+
+    after do
+      Dependabot::Experiments.reset!
     end
 
     it "updates the existing pull request without errors" do

updater/spec/fixtures/job_definitions/bundler/version_updates/group_update_refresh.yaml

@@ -15,6 +15,7 @@ job:
       dependencies:
         - dependency-name: dummy-pkg-b
           dependency-version: 1.2.0
+          directory: "/"
   updating-a-pull-request: true
   lockfile-only: false
   update-subdependencies: false