RubyGems - dependabot-github_actions - Versions diffs - 0.180.2 → 0.180.5 - Mend

dependabot-github_actions 0.180.2 → 0.180.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

checksums.yaml +4 -4
data/lib/dependabot/github_actions/update_checker.rb +36 -5
metadata +4 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 47df0e6ab6b350f25020dffc64e7dbcdfdb4472f6cdfa8acafe6fca3bcadc3f4
-  data.tar.gz: 8ed75892e2b85d882b7643ebb7a822548b4a6473da31eb44059fa0754faa83d6
+  metadata.gz: 4b56802e6e38052d84c01c6168a5a3ded0c8c61d5bfc7c37a3132614447d4dbc
+  data.tar.gz: fb499111d0042cc2076a1c0f4afe620e7e85c2710e7b808153139a3bf9132f3e
 SHA512:
-  metadata.gz: 29c94b9ce62b6c1b658379cff715358bec133b766a8af51899c4a77b8a0dffaeab8a158b3ecf33aae7e0d544f2248ac6902fed53dbb3524aed25b8f8cbfcb397
-  data.tar.gz: 510200ec1cba74366b9ee9a7fa7e8c1d9a61e0d6fb9a7ed41161c5142a2524aff63ccee378afec1345f3413ee824ebe566fc5bc64f6a3595a4f040c97feacf1f
+  metadata.gz: 9c3334add80237cea07d6c5d6c391cd61f7f9e5d7912d9eadad6846c8268e95b8fa271a3173e2533cf723684fca9bcee33a0bec4907e17d6850d74c3ef7d8c4f
+  data.tar.gz: 33a9b983fa584f7ba8fb82000b7ff6dcac9c7062f681f48df02a9f41903e01aadb744e26e0d22d64a4c655f1e5604c0abded54af8fef8c966dfccd0b1ed18a89

data/lib/dependabot/github_actions/update_checker.rb CHANGED Viewed

@@ -63,10 +63,8 @@ module Dependabot
         # If the dependency is pinned to a tag that looks like a version then
         # we want to update that tag.
-        if git_commit_checker.pinned_ref_looks_like_version? &&
-           git_commit_checker.local_tag_for_latest_version
-          latest_tag = git_commit_checker.local_tag_for_latest_version
-          latest_version = latest_tag.fetch(:version)
+        if git_commit_checker.pinned_ref_looks_like_version? && latest_version_tag
+          latest_version = latest_version_tag.fetch(:version)
           return version_class.new(dependency.version) if shortened_semver_eq?(dependency.version, latest_version.to_s)
           return latest_version
@@ -87,13 +85,39 @@ module Dependabot
         nil
       end
+      def latest_version_tag
+        @latest_version_tag ||= begin
+          return git_commit_checker.local_tag_for_latest_version if dependency.version.nil?
+          latest_tags = git_commit_checker.local_tags_for_latest_version_commit_sha
+          # Find the latest version with the same precision as the pinned version.
+          # Falls back to a version with the closest precision if no exact match.
+          current_dots = dependency.version.split(".").length
+          latest_tags.max do |a, b|
+            next a[:version] <=> b[:version] unless shortened_semver_version_eq?(a[:version], b[:version])
+            a_dots = a[:version].to_s.split(".").length
+            b_dots = b[:version].to_s.split(".").length
+            a_diff = (a_dots - current_dots).abs
+            b_diff = (b_dots - current_dots).abs
+            next -(a_diff <=> b_diff) unless a_diff == b_diff
+            # preference to a less specific version if we have a tie
+            next 1 if a_dots < current_dots
+            -1
+          end
+        end
+      end
       def updated_source
         # TODO: Support Docker sources
         return dependency_source_details unless git_dependency?
         # Update the git tag if updating a pinned version
         if git_commit_checker.pinned_ref_looks_like_version? &&
-           (new_tag = git_commit_checker.local_tag_for_latest_version) &&
+           (new_tag = latest_version_tag) &&
            new_tag.fetch(:commit_sha) != current_commit
           return dependency_source_details.merge(ref: new_tag.fetch(:tag))
         end
@@ -152,6 +176,13 @@ module Dependabot
         other_split[0..base_split.length - 1] == base_split
       end
+      def shortened_semver_version_eq?(base_version, other_version)
+        base = base_version.to_s
+        other = other_version.to_s
+        shortened_semver_eq?(base, other) || shortened_semver_eq?(other, base)
+      end
     end
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-github_actions
 version: !ruby/object:Gem::Version
-  version: 0.180.2
+  version: 0.180.5
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-03-28 00:00:00.000000000 Z
+date: 2022-04-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.180.2
+        version: 0.180.5
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.180.2
+        version: 0.180.5
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement