dependabot-github_actions 0.112.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/lib/dependabot/github_actions/file_fetcher.rb +63 -0
- data/lib/dependabot/github_actions/file_parser.rb +119 -0
- data/lib/dependabot/github_actions/file_updater.rb +78 -0
- data/lib/dependabot/github_actions/metadata_finder.rb +22 -0
- data/lib/dependabot/github_actions/requirement.rb +32 -0
- data/lib/dependabot/github_actions/update_checker.rb +117 -0
- data/lib/dependabot/github_actions/version.rb +13 -0
- data/lib/dependabot/github_actions.rb +23 -0
- metadata +177 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 5a3ec1ad6b33207b6d0973e12020412a62188e8b9b26c4280320e00ff659aa28
|
4
|
+
data.tar.gz: 1b0180a3946cd84dfe02b547a5e0036c40cabde26d91f9ec5410cd515583d23a
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 107641af2a487bfd05182e3c76505a77f61d1da48e1a3f8b85e84e6164c5a3c0918d72bebc1f0923dfaa84107abd7a77681533adae7a18c928e50745734be419
|
7
|
+
data.tar.gz: e0d8681dd348e407476294903cde452d8ed2eb5374c27859a6340ab349251605278b83cc8262ee94bd2096f349d0a58bfc1f83db7b80b87c56acf44cd4846c10
|
@@ -0,0 +1,63 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "dependabot/file_fetchers"
|
4
|
+
require "dependabot/file_fetchers/base"
|
5
|
+
|
6
|
+
module Dependabot
|
7
|
+
module GithubActions
|
8
|
+
class FileFetcher < Dependabot::FileFetchers::Base
|
9
|
+
def self.required_files_in?(filenames)
|
10
|
+
filenames.any? { |f| f == ".github" }
|
11
|
+
end
|
12
|
+
|
13
|
+
def self.required_files_message
|
14
|
+
"Repo must contain a .github/workflows repo with YAML files."
|
15
|
+
end
|
16
|
+
|
17
|
+
private
|
18
|
+
|
19
|
+
def fetch_files
|
20
|
+
fetched_files = []
|
21
|
+
fetched_files += correctly_encoded_workflow_files
|
22
|
+
fetched_files += referenced_local_workflow_files
|
23
|
+
|
24
|
+
return fetched_files if fetched_files.any?
|
25
|
+
|
26
|
+
if incorrectly_encoded_workflow_files.none?
|
27
|
+
raise(
|
28
|
+
Dependabot::DependencyFileNotFound,
|
29
|
+
File.join(directory, ".github/workflows/<anything>.yml")
|
30
|
+
)
|
31
|
+
else
|
32
|
+
raise(
|
33
|
+
Dependabot::DependencyFileNotParseable,
|
34
|
+
incorrectly_encoded_workflow_files.first.path
|
35
|
+
)
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
def workflow_files
|
40
|
+
@workflow_files ||=
|
41
|
+
repo_contents(dir: ".github/workflows", raise_errors: false).
|
42
|
+
select { |f| f.type == "file" && f.name.match?(/\.ya?ml$/) }.
|
43
|
+
map { |f| fetch_file_from_host(".github/workflows/#{f.name}") }
|
44
|
+
end
|
45
|
+
|
46
|
+
def referenced_local_workflow_files
|
47
|
+
# TODO: Fetch referenced local workflow files
|
48
|
+
[]
|
49
|
+
end
|
50
|
+
|
51
|
+
def correctly_encoded_workflow_files
|
52
|
+
workflow_files.select { |f| f.content.valid_encoding? }
|
53
|
+
end
|
54
|
+
|
55
|
+
def incorrectly_encoded_workflow_files
|
56
|
+
workflow_files.reject { |f| f.content.valid_encoding? }
|
57
|
+
end
|
58
|
+
end
|
59
|
+
end
|
60
|
+
end
|
61
|
+
|
62
|
+
Dependabot::FileFetchers.
|
63
|
+
register("github_actions", Dependabot::GithubActions::FileFetcher)
|
@@ -0,0 +1,119 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "yaml"
|
4
|
+
|
5
|
+
require "dependabot/dependency"
|
6
|
+
require "dependabot/file_parsers"
|
7
|
+
require "dependabot/file_parsers/base"
|
8
|
+
require "dependabot/errors"
|
9
|
+
|
10
|
+
# For docs, see
|
11
|
+
# https://help.github.com/en/articles/configuring-a-workflow#referencing-actions-in-your-workflow
|
12
|
+
module Dependabot
|
13
|
+
module GithubActions
|
14
|
+
class FileParser < Dependabot::FileParsers::Base
|
15
|
+
require "dependabot/file_parsers/base/dependency_set"
|
16
|
+
|
17
|
+
GITHUB_REPO_REFERENCE = %r{
|
18
|
+
(?<owner>[\w.-]+)/
|
19
|
+
(?<repo>[\w.-]+)
|
20
|
+
(?<path>/[^\@]+)?
|
21
|
+
@(?<ref>.+)
|
22
|
+
}x.freeze
|
23
|
+
|
24
|
+
def parse
|
25
|
+
dependency_set = DependencySet.new
|
26
|
+
|
27
|
+
workflow_files.each do |file|
|
28
|
+
dependency_set += workfile_file_dependencies(file)
|
29
|
+
end
|
30
|
+
|
31
|
+
dependency_set.dependencies
|
32
|
+
end
|
33
|
+
|
34
|
+
private
|
35
|
+
|
36
|
+
def workfile_file_dependencies(file)
|
37
|
+
dependency_set = DependencySet.new
|
38
|
+
|
39
|
+
json = YAML.safe_load(file.content, aliases: true)
|
40
|
+
uses_strings = deep_fetch_uses(json).uniq
|
41
|
+
|
42
|
+
uses_strings.each do |string|
|
43
|
+
# TODO: Support Docker references and path references
|
44
|
+
if string.match?(GITHUB_REPO_REFERENCE)
|
45
|
+
dependency_set << build_github_dependency(file, string)
|
46
|
+
end
|
47
|
+
end
|
48
|
+
|
49
|
+
dependency_set
|
50
|
+
rescue Psych::SyntaxError, Psych::DisallowedClass, Psych::BadAlias
|
51
|
+
raise Dependabot::DependencyFileNotParseable, file.path
|
52
|
+
end
|
53
|
+
|
54
|
+
def build_github_dependency(file, string)
|
55
|
+
details = string.match(GITHUB_REPO_REFERENCE).named_captures
|
56
|
+
name = "#{details.fetch('owner')}/#{details.fetch('repo')}"
|
57
|
+
url = "https://github.com/#{name}"
|
58
|
+
|
59
|
+
Dependency.new(
|
60
|
+
name: name,
|
61
|
+
version: nil,
|
62
|
+
requirements: [{
|
63
|
+
requirement: nil,
|
64
|
+
groups: [],
|
65
|
+
source: {
|
66
|
+
type: "git",
|
67
|
+
url: url,
|
68
|
+
ref: details.fetch("ref"),
|
69
|
+
branch: nil
|
70
|
+
},
|
71
|
+
file: file.name,
|
72
|
+
metadata: { declaration_string: string }
|
73
|
+
}],
|
74
|
+
package_manager: "github_actions"
|
75
|
+
)
|
76
|
+
end
|
77
|
+
|
78
|
+
def deep_fetch_uses(json_obj)
|
79
|
+
case json_obj
|
80
|
+
when Hash then deep_fetch_uses_from_hash(json_obj)
|
81
|
+
when Array then json_obj.flat_map { |o| deep_fetch_uses(o) }
|
82
|
+
else []
|
83
|
+
end
|
84
|
+
end
|
85
|
+
|
86
|
+
def deep_fetch_uses_from_hash(json_object)
|
87
|
+
steps = json_object.fetch("steps", [])
|
88
|
+
|
89
|
+
uses_strings =
|
90
|
+
if steps.is_a?(Array) && steps.all? { |s| s.is_a?(Hash) }
|
91
|
+
steps.
|
92
|
+
map { |step| step.fetch("uses", nil) }.
|
93
|
+
select { |use| use.is_a?(String) }
|
94
|
+
else
|
95
|
+
[]
|
96
|
+
end
|
97
|
+
|
98
|
+
uses_strings +
|
99
|
+
json_object.values.flat_map { |obj| deep_fetch_uses(obj) }
|
100
|
+
end
|
101
|
+
|
102
|
+
def workflow_files
|
103
|
+
# The file fetcher only fetches workflow files, so no need to
|
104
|
+
# filter here
|
105
|
+
dependency_files
|
106
|
+
end
|
107
|
+
|
108
|
+
def check_required_files
|
109
|
+
# Just check if there are any files at all.
|
110
|
+
return if dependency_files.any?
|
111
|
+
|
112
|
+
raise "No workflow files!"
|
113
|
+
end
|
114
|
+
end
|
115
|
+
end
|
116
|
+
end
|
117
|
+
|
118
|
+
Dependabot::FileParsers.
|
119
|
+
register("github_actions", Dependabot::GithubActions::FileParser)
|
@@ -0,0 +1,78 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "dependabot/file_updaters"
|
4
|
+
require "dependabot/file_updaters/base"
|
5
|
+
require "dependabot/errors"
|
6
|
+
|
7
|
+
module Dependabot
|
8
|
+
module GithubActions
|
9
|
+
class FileUpdater < Dependabot::FileUpdaters::Base
|
10
|
+
def self.updated_files_regex
|
11
|
+
[%r{\.github/workflows/.+\.ya?ml$}]
|
12
|
+
end
|
13
|
+
|
14
|
+
def updated_dependency_files
|
15
|
+
updated_files = []
|
16
|
+
|
17
|
+
dependency_files.each do |file|
|
18
|
+
next unless requirement_changed?(file, dependency)
|
19
|
+
|
20
|
+
updated_files <<
|
21
|
+
updated_file(
|
22
|
+
file: file,
|
23
|
+
content: updated_workflow_file_content(file)
|
24
|
+
)
|
25
|
+
end
|
26
|
+
|
27
|
+
updated_files.reject! { |f| dependency_files.include?(f) }
|
28
|
+
raise "No files changed!" if updated_files.none?
|
29
|
+
|
30
|
+
updated_files
|
31
|
+
end
|
32
|
+
|
33
|
+
private
|
34
|
+
|
35
|
+
def dependency
|
36
|
+
# GitHub Actions will only ever be updating a single dependency
|
37
|
+
dependencies.first
|
38
|
+
end
|
39
|
+
|
40
|
+
def check_required_files
|
41
|
+
# Just check if there are any files at all.
|
42
|
+
return if dependency_files.any?
|
43
|
+
|
44
|
+
raise "No workflow files!"
|
45
|
+
end
|
46
|
+
|
47
|
+
def updated_workflow_file_content(file)
|
48
|
+
updated_requirement_pairs =
|
49
|
+
dependency.requirements.zip(dependency.previous_requirements).
|
50
|
+
reject do |new_req, old_req|
|
51
|
+
next true if new_req[:file] != file.name
|
52
|
+
|
53
|
+
new_req[:source] == old_req[:source]
|
54
|
+
end
|
55
|
+
|
56
|
+
updated_content = file.content
|
57
|
+
|
58
|
+
updated_requirement_pairs.each do |new_req, old_req|
|
59
|
+
# TODO: Support updating Docker sources
|
60
|
+
next unless new_req.fetch(:source).fetch(:type) == "git"
|
61
|
+
|
62
|
+
old_declaration = old_req.fetch(:metadata).fetch(:declaration_string)
|
63
|
+
new_declaration =
|
64
|
+
old_declaration.
|
65
|
+
gsub(/@.*+/, "@#{new_req.fetch(:source).fetch(:ref)}")
|
66
|
+
|
67
|
+
updated_content = updated_content.
|
68
|
+
gsub(old_declaration, new_declaration)
|
69
|
+
end
|
70
|
+
|
71
|
+
updated_content
|
72
|
+
end
|
73
|
+
end
|
74
|
+
end
|
75
|
+
end
|
76
|
+
|
77
|
+
Dependabot::FileUpdaters.
|
78
|
+
register("github_actions", Dependabot::GithubActions::FileUpdater)
|
@@ -0,0 +1,22 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "dependabot/metadata_finders"
|
4
|
+
require "dependabot/metadata_finders/base"
|
5
|
+
|
6
|
+
module Dependabot
|
7
|
+
module GithubActions
|
8
|
+
class MetadataFinder < Dependabot::MetadataFinders::Base
|
9
|
+
private
|
10
|
+
|
11
|
+
def look_up_source
|
12
|
+
info = dependency.requirements.map { |r| r[:source] }.compact.first
|
13
|
+
|
14
|
+
url = info[:url] || info.fetch("url")
|
15
|
+
Source.from_url(url)
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
Dependabot::MetadataFinders.
|
22
|
+
register("github_actions", Dependabot::GithubActions::MetadataFinder)
|
@@ -0,0 +1,32 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "dependabot/utils"
|
4
|
+
|
5
|
+
module Dependabot
|
6
|
+
module GithubActions
|
7
|
+
# Lifted from the bundler package manager
|
8
|
+
class Requirement < Gem::Requirement
|
9
|
+
# For consistency with other langauges, we define a requirements array.
|
10
|
+
# Ruby doesn't have an `OR` separator for requirements, so it always
|
11
|
+
# contains a single element.
|
12
|
+
def self.requirements_array(requirement_string)
|
13
|
+
[new(requirement_string)]
|
14
|
+
end
|
15
|
+
|
16
|
+
# Patches Gem::Requirement to make it accept requirement strings like
|
17
|
+
# "~> 4.2.5, >= 4.2.5.1" without first needing to split them.
|
18
|
+
def initialize(*requirements)
|
19
|
+
requirements = requirements.flatten.flat_map do |req_string|
|
20
|
+
req_string.split(",")
|
21
|
+
end
|
22
|
+
|
23
|
+
super(requirements)
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
29
|
+
Dependabot::Utils.register_requirement_class(
|
30
|
+
"github_actions",
|
31
|
+
Dependabot::GithubActions::Requirement
|
32
|
+
)
|
@@ -0,0 +1,117 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "dependabot/update_checkers"
|
4
|
+
require "dependabot/update_checkers/base"
|
5
|
+
require "dependabot/errors"
|
6
|
+
require "dependabot/github_actions/version"
|
7
|
+
require "dependabot/github_actions/requirement"
|
8
|
+
|
9
|
+
module Dependabot
|
10
|
+
module GithubActions
|
11
|
+
class UpdateChecker < Dependabot::UpdateCheckers::Base
|
12
|
+
def latest_version
|
13
|
+
@latest_version ||= fetch_latest_version
|
14
|
+
end
|
15
|
+
|
16
|
+
def latest_resolvable_version
|
17
|
+
# Resolvability isn't an issue for GitHub Actions.
|
18
|
+
latest_version
|
19
|
+
end
|
20
|
+
|
21
|
+
def latest_resolvable_version_with_no_unlock
|
22
|
+
# No concept of "unlocking" for GitHub Actions (since no lockfile)
|
23
|
+
dependency.version
|
24
|
+
end
|
25
|
+
|
26
|
+
def updated_requirements
|
27
|
+
dependency.requirements.map { |req| req.merge(source: updated_source) }
|
28
|
+
end
|
29
|
+
|
30
|
+
private
|
31
|
+
|
32
|
+
def latest_version_resolvable_with_full_unlock?
|
33
|
+
# Full unlock checks aren't relevant for GitHub Actions
|
34
|
+
false
|
35
|
+
end
|
36
|
+
|
37
|
+
def updated_dependencies_after_full_unlock
|
38
|
+
raise NotImplementedError
|
39
|
+
end
|
40
|
+
|
41
|
+
def fetch_latest_version
|
42
|
+
# TODO: Support Docker sources
|
43
|
+
return unless git_dependency?
|
44
|
+
|
45
|
+
fetch_latest_version_for_git_dependency
|
46
|
+
end
|
47
|
+
|
48
|
+
def fetch_latest_version_for_git_dependency
|
49
|
+
unless git_commit_checker.pinned?
|
50
|
+
return git_commit_checker.head_commit_for_current_branch
|
51
|
+
end
|
52
|
+
|
53
|
+
# If the dependency is pinned to a tag that looks like a version then
|
54
|
+
# we want to update that tag. The latest version will then be the SHA
|
55
|
+
# of the latest tag that looks like a version.
|
56
|
+
if git_commit_checker.pinned_ref_looks_like_version?
|
57
|
+
latest_tag = git_commit_checker.local_tag_for_latest_version
|
58
|
+
return latest_tag&.fetch(:commit_sha) || dependency.version
|
59
|
+
end
|
60
|
+
|
61
|
+
# If the dependency is pinned to a tag that doesn't look like a
|
62
|
+
# version then there's nothing we can do.
|
63
|
+
#
|
64
|
+
# TODO: Treat refs that look like SHAs differently
|
65
|
+
dependency.version
|
66
|
+
end
|
67
|
+
|
68
|
+
def updated_source
|
69
|
+
# TODO: Support Docker sources
|
70
|
+
return dependency_source_details unless git_dependency?
|
71
|
+
|
72
|
+
# Update the git tag if updating a pinned version
|
73
|
+
if git_commit_checker.pinned_ref_looks_like_version? &&
|
74
|
+
git_commit_checker.local_tag_for_latest_version
|
75
|
+
new_tag = git_commit_checker.local_tag_for_latest_version
|
76
|
+
return dependency_source_details.merge(ref: new_tag.fetch(:tag))
|
77
|
+
end
|
78
|
+
|
79
|
+
# Otherwise return the original source
|
80
|
+
dependency_source_details
|
81
|
+
end
|
82
|
+
|
83
|
+
def dependency_source_details
|
84
|
+
sources =
|
85
|
+
dependency.requirements.map { |r| r.fetch(:source) }.uniq.compact
|
86
|
+
|
87
|
+
return sources.first if sources.count <= 1
|
88
|
+
|
89
|
+
# If there are multiple source types, or multiple source URLs, then it's
|
90
|
+
# unclear how we should proceed
|
91
|
+
if sources.map { |s| [s.fetch(:type), s[:url]] }.uniq.count > 1
|
92
|
+
raise "Multiple sources! #{sources.join(', ')}"
|
93
|
+
end
|
94
|
+
|
95
|
+
# Otherwise it's reasonable to take the first source and use that. This
|
96
|
+
# will happen if we have multiple git sources with difference references
|
97
|
+
# specified. In that case it's fine to update them all.
|
98
|
+
sources.first
|
99
|
+
end
|
100
|
+
|
101
|
+
def git_dependency?
|
102
|
+
git_commit_checker.git_dependency?
|
103
|
+
end
|
104
|
+
|
105
|
+
def git_commit_checker
|
106
|
+
@git_commit_checker ||= Dependabot::GitCommitChecker.new(
|
107
|
+
dependency: dependency,
|
108
|
+
credentials: credentials,
|
109
|
+
ignored_versions: ignored_versions
|
110
|
+
)
|
111
|
+
end
|
112
|
+
end
|
113
|
+
end
|
114
|
+
end
|
115
|
+
|
116
|
+
Dependabot::UpdateCheckers.
|
117
|
+
register("github_actions", Dependabot::GithubActions::UpdateChecker)
|
@@ -0,0 +1,13 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "dependabot/utils"
|
4
|
+
|
5
|
+
module Dependabot
|
6
|
+
module GithubActions
|
7
|
+
class Version < Gem::Version
|
8
|
+
end
|
9
|
+
end
|
10
|
+
end
|
11
|
+
|
12
|
+
Dependabot::Utils.
|
13
|
+
register_version_class("github_actions", Dependabot::GithubActions::Version)
|
@@ -0,0 +1,23 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# These all need to be required so the various classes can be registered in a
|
4
|
+
# lookup table of package manager names to concrete classes.
|
5
|
+
require "dependabot/github_actions/file_fetcher"
|
6
|
+
require "dependabot/github_actions/file_parser"
|
7
|
+
require "dependabot/github_actions/update_checker"
|
8
|
+
require "dependabot/github_actions/file_updater"
|
9
|
+
require "dependabot/github_actions/metadata_finder"
|
10
|
+
require "dependabot/github_actions/requirement"
|
11
|
+
require "dependabot/github_actions/version"
|
12
|
+
|
13
|
+
require "dependabot/pull_request_creator/labeler"
|
14
|
+
Dependabot::PullRequestCreator::Labeler.
|
15
|
+
register_label_details(
|
16
|
+
"github_actions",
|
17
|
+
name: "github_actions",
|
18
|
+
colour: "000000"
|
19
|
+
)
|
20
|
+
|
21
|
+
require "dependabot/dependency"
|
22
|
+
Dependabot::Dependency.
|
23
|
+
register_production_check("github_actions", ->(_) { true })
|
metadata
ADDED
@@ -0,0 +1,177 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: dependabot-github_actions
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.112.1
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Dependabot
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2019-08-14 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: dependabot-common
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - '='
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: 0.112.1
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - '='
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: 0.112.1
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: byebug
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '11.0'
|
34
|
+
type: :development
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - "~>"
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '11.0'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: rake
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - "~>"
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '12'
|
48
|
+
type: :development
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - "~>"
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '12'
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: rspec
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - "~>"
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '3.8'
|
62
|
+
type: :development
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - "~>"
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '3.8'
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: rspec-its
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - "~>"
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: '1.2'
|
76
|
+
type: :development
|
77
|
+
prerelease: false
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - "~>"
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: '1.2'
|
83
|
+
- !ruby/object:Gem::Dependency
|
84
|
+
name: rspec_junit_formatter
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
86
|
+
requirements:
|
87
|
+
- - "~>"
|
88
|
+
- !ruby/object:Gem::Version
|
89
|
+
version: '0.4'
|
90
|
+
type: :development
|
91
|
+
prerelease: false
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
93
|
+
requirements:
|
94
|
+
- - "~>"
|
95
|
+
- !ruby/object:Gem::Version
|
96
|
+
version: '0.4'
|
97
|
+
- !ruby/object:Gem::Dependency
|
98
|
+
name: rubocop
|
99
|
+
requirement: !ruby/object:Gem::Requirement
|
100
|
+
requirements:
|
101
|
+
- - "~>"
|
102
|
+
- !ruby/object:Gem::Version
|
103
|
+
version: 0.74.0
|
104
|
+
type: :development
|
105
|
+
prerelease: false
|
106
|
+
version_requirements: !ruby/object:Gem::Requirement
|
107
|
+
requirements:
|
108
|
+
- - "~>"
|
109
|
+
- !ruby/object:Gem::Version
|
110
|
+
version: 0.74.0
|
111
|
+
- !ruby/object:Gem::Dependency
|
112
|
+
name: vcr
|
113
|
+
requirement: !ruby/object:Gem::Requirement
|
114
|
+
requirements:
|
115
|
+
- - "~>"
|
116
|
+
- !ruby/object:Gem::Version
|
117
|
+
version: '5.0'
|
118
|
+
type: :development
|
119
|
+
prerelease: false
|
120
|
+
version_requirements: !ruby/object:Gem::Requirement
|
121
|
+
requirements:
|
122
|
+
- - "~>"
|
123
|
+
- !ruby/object:Gem::Version
|
124
|
+
version: '5.0'
|
125
|
+
- !ruby/object:Gem::Dependency
|
126
|
+
name: webmock
|
127
|
+
requirement: !ruby/object:Gem::Requirement
|
128
|
+
requirements:
|
129
|
+
- - "~>"
|
130
|
+
- !ruby/object:Gem::Version
|
131
|
+
version: '3.4'
|
132
|
+
type: :development
|
133
|
+
prerelease: false
|
134
|
+
version_requirements: !ruby/object:Gem::Requirement
|
135
|
+
requirements:
|
136
|
+
- - "~>"
|
137
|
+
- !ruby/object:Gem::Version
|
138
|
+
version: '3.4'
|
139
|
+
description: Automated dependency management for Ruby, JavaScript, Python, PHP, Elixir,
|
140
|
+
Rust, Java, .NET, Elm and Go
|
141
|
+
email: support@dependabot.com
|
142
|
+
executables: []
|
143
|
+
extensions: []
|
144
|
+
extra_rdoc_files: []
|
145
|
+
files:
|
146
|
+
- lib/dependabot/github_actions.rb
|
147
|
+
- lib/dependabot/github_actions/file_fetcher.rb
|
148
|
+
- lib/dependabot/github_actions/file_parser.rb
|
149
|
+
- lib/dependabot/github_actions/file_updater.rb
|
150
|
+
- lib/dependabot/github_actions/metadata_finder.rb
|
151
|
+
- lib/dependabot/github_actions/requirement.rb
|
152
|
+
- lib/dependabot/github_actions/update_checker.rb
|
153
|
+
- lib/dependabot/github_actions/version.rb
|
154
|
+
homepage: https://github.com/dependabot/dependabot-core
|
155
|
+
licenses:
|
156
|
+
- Nonstandard
|
157
|
+
metadata: {}
|
158
|
+
post_install_message:
|
159
|
+
rdoc_options: []
|
160
|
+
require_paths:
|
161
|
+
- lib
|
162
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
163
|
+
requirements:
|
164
|
+
- - ">="
|
165
|
+
- !ruby/object:Gem::Version
|
166
|
+
version: 2.5.0
|
167
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
168
|
+
requirements:
|
169
|
+
- - ">="
|
170
|
+
- !ruby/object:Gem::Version
|
171
|
+
version: 2.5.0
|
172
|
+
requirements: []
|
173
|
+
rubygems_version: 3.0.3
|
174
|
+
signing_key:
|
175
|
+
specification_version: 4
|
176
|
+
summary: GitHub Actions support for dependabot-common
|
177
|
+
test_files: []
|