dependabot-common 0.342.1 → 0.342.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b614a0d6fac738013befc606454b555c574a12a05d560d940b64f119ddd995d9
-  data.tar.gz: 472c1e8dc3f032c5d44b3f262328b09ff336bae36f8935286c0d9ff95094b4e7
+  metadata.gz: 119ca0f68304d844107397afffa3ad2e46c139a787e8c96e5ca954e367bf7359
+  data.tar.gz: c7ced6c43c2ab909541c71e513d4774e036f8408d3f7220069e17dff776e8ffe
 SHA512:
-  metadata.gz: 3c99d2cfcefd567dc585079bf52f23955a4ce5eef30754c00c27f6ce6fa9e4bddad6bc7d97466ef8c100d12780a9fce959a5c5aa176812f05408bd84d8e22bfb
-  data.tar.gz: 536014a02a2d59819e339563e9227a710f97c731eaf595521a757f6a6ae1878109ba9d76fa2ec9c94da1a5d57216b835c7538e0e019388c03cf545c4ffeb07ff
+  metadata.gz: 11d3e8185b084316449bc004ef25a3653081719fbb9dbe7c340aaaafa8dab9f2caefce2277ba260fae4c0f9f894d7c4ec3fda7d59ea80a544b4729c41c490fd8
+  data.tar.gz: 4b8c05569a0fa3a8a9778f3e488f0f3c4908787e327dd77a18fb4e4ba20eb2426c58b0fe62b544f38dec650e8f3b0ea5483fe89d838c27a77c732d8e7047d68d

data/lib/dependabot/git_commit_checker.rb

@@ -27,6 +27,9 @@ module Dependabot
       )$
     /ix
 
+    # String pattern for matching version tags with optional prefixes (e.g., "v1.2.3" matches "1.2.3")
+    VERSION_TAG_MATCH_PATTERN = "(?:[^0-9\\.]|\\A)%s\\z"
+
     sig do
       params(
         dependency: Dependabot::Dependency,
@@ -72,9 +75,7 @@ module Dependabot
       return false if branch == ref
       return true if branch
       return true if dependency.version&.start_with?(T.must(ref))
-
-      # If the specified `ref` is actually a tag, we're pinned
-      return true if local_upload_pack&.match?(%r{ refs/tags/#{ref}$})
+      return true if ref_matches_tag?
 
       # Assume we're pinned unless the specified `ref` is actually a branch
       return true unless local_upload_pack&.match?(%r{ refs/heads/#{ref}$})
@@ -280,6 +281,22 @@ module Dependabot
       max_local_tag(select_lower_precision(tags))
     end
 
+    # Check if the current ref matches any Git tag (handling version tag prefixes)
+    sig { returns(T::Boolean) }
+    def ref_matches_tag?
+      return false unless ref
+
+      # Handle tag prefixes (e.g., v0.0.13 for ref 0.0.13) by checking if any local tag matches the version
+      if version_tag?(T.must(ref)) && local_tags.any? do |tag|
+        tag.name =~ Regexp.new(VERSION_TAG_MATCH_PATTERN % Regexp.escape(T.must(ref)))
+      end
+        return true
+      end
+
+      # Fallback to exact match for non-version refs
+      local_upload_pack&.match?(%r{ refs/tags/#{ref}$}) || false
+    end
+
     # Find the latest version with the same precision as the pinned version.
     sig { params(tags: T::Array[Dependabot::GitRef]).returns(T::Array[Dependabot::GitRef]) }
     def select_matching_existing_precision(tags)
@@ -524,7 +541,7 @@ module Dependabot
     sig { params(version: String).returns(T.nilable(String)) }
     def listing_tag_for_version(version)
       listing_tags
-        .find { |t| t.name =~ /(?:[^0-9\.]|\A)#{Regexp.escape(version)}\z/ }
+        .find { |t| t.name =~ Regexp.new(VERSION_TAG_MATCH_PATTERN % Regexp.escape(version)) }
         &.name
     end
 

data/lib/dependabot.rb

@@ -2,5 +2,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.342.1"
+  VERSION = "0.342.2"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-common
 version: !ruby/object:Gem::Version
-  version: 0.342.1
+  version: 0.342.2
 platform: ruby
 authors:
 - Dependabot
@@ -629,7 +629,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.342.1
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.342.2
 rdoc_options: []
 require_paths:
 - lib