dependabot-common 0.341.0 → 0.342.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 258e743ccabcb1f78791965700ab1891705d53c161b25aa4bb88d7c60be56678
-  data.tar.gz: ee2a7d6fd7d626b18aa5dc1ba65b6bc07e37321e70a529a9ec27b8e8d32746e1
+  metadata.gz: 119ca0f68304d844107397afffa3ad2e46c139a787e8c96e5ca954e367bf7359
+  data.tar.gz: c7ced6c43c2ab909541c71e513d4774e036f8408d3f7220069e17dff776e8ffe
 SHA512:
-  metadata.gz: df1d185f7b202dc912dd4558a9e39f0d5a3e689b9e3ed8103395948fd38f485f6bc879a06c71344b8f9efecadef428a09356520b8270c571317bfabaa5cd320b
-  data.tar.gz: 9aae1f9d5217c7146a74b49bf2da406a69cd550dca4abadf72b8acdecf09307f319ae56e8ccd59da3a94b894bd98e3e1c0e413fcf4f100dd1152ee0afef657f3
+  metadata.gz: 11d3e8185b084316449bc004ef25a3653081719fbb9dbe7c340aaaafa8dab9f2caefce2277ba260fae4c0f9f894d7c4ec3fda7d59ea80a544b4729c41c490fd8
+  data.tar.gz: 4b8c05569a0fa3a8a9778f3e488f0f3c4908787e327dd77a18fb4e4ba20eb2426c58b0fe62b544f38dec650e8f3b0ea5483fe89d838c27a77c732d8e7047d68d

data/lib/dependabot/config/file.rb

@@ -75,6 +75,7 @@ module Dependabot
           "gomod" => "go_modules",
           "gradle" => "gradle",
           "helm" => "helm",
+          "julia" => "julia",
           "maven" => "maven",
           "mix" => "hex",
           "npm" => "npm_and_yarn",

data/lib/dependabot/git_commit_checker.rb

@@ -27,6 +27,9 @@ module Dependabot
       )$
     /ix
 
+    # String pattern for matching version tags with optional prefixes (e.g., "v1.2.3" matches "1.2.3")
+    VERSION_TAG_MATCH_PATTERN = "(?:[^0-9\\.]|\\A)%s\\z"
+
     sig do
       params(
         dependency: Dependabot::Dependency,
@@ -72,9 +75,7 @@ module Dependabot
       return false if branch == ref
       return true if branch
       return true if dependency.version&.start_with?(T.must(ref))
-
-      # If the specified `ref` is actually a tag, we're pinned
-      return true if local_upload_pack&.match?(%r{ refs/tags/#{ref}$})
+      return true if ref_matches_tag?
 
       # Assume we're pinned unless the specified `ref` is actually a branch
       return true unless local_upload_pack&.match?(%r{ refs/heads/#{ref}$})
@@ -280,6 +281,22 @@ module Dependabot
       max_local_tag(select_lower_precision(tags))
     end
 
+    # Check if the current ref matches any Git tag (handling version tag prefixes)
+    sig { returns(T::Boolean) }
+    def ref_matches_tag?
+      return false unless ref
+
+      # Handle tag prefixes (e.g., v0.0.13 for ref 0.0.13) by checking if any local tag matches the version
+      if version_tag?(T.must(ref)) && local_tags.any? do |tag|
+        tag.name =~ Regexp.new(VERSION_TAG_MATCH_PATTERN % Regexp.escape(T.must(ref)))
+      end
+        return true
+      end
+
+      # Fallback to exact match for non-version refs
+      local_upload_pack&.match?(%r{ refs/tags/#{ref}$}) || false
+    end
+
     # Find the latest version with the same precision as the pinned version.
     sig { params(tags: T::Array[Dependabot::GitRef]).returns(T::Array[Dependabot::GitRef]) }
     def select_matching_existing_precision(tags)
@@ -524,7 +541,7 @@ module Dependabot
     sig { params(version: String).returns(T.nilable(String)) }
     def listing_tag_for_version(version)
       listing_tags
-        .find { |t| t.name =~ /(?:[^0-9\.]|\A)#{Regexp.escape(version)}\z/ }
+        .find { |t| t.name =~ Regexp.new(VERSION_TAG_MATCH_PATTERN % Regexp.escape(version)) }
         &.name
     end
 

data/lib/dependabot.rb

@@ -2,5 +2,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.341.0"
+  VERSION = "0.342.2"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-common
 version: !ruby/object:Gem::Version
-  version: 0.341.0
+  version: 0.342.2
 platform: ruby
 authors:
 - Dependabot
@@ -629,7 +629,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.341.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.342.2
 rdoc_options: []
 require_paths:
 - lib