dependabot-github_actions 0.180.3 → 0.181.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/github_actions/update_checker.rb +36 -5
- metadata +34 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: cf45819807a321230e76bf84aa2e507adb6d3e0b7a302b2152fcada8d189f161
|
|
4
|
+
data.tar.gz: bfc5b56739eb334635f4c9e8d6802a387681c8b9a3002662f0f0dab68a1e2eda
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d4786e9eff67b85be2ad5e0785aaac4506ebf216a13443fd8faf622958fc000dd16c5f0a024ebce64e4a67c2c337769bcf65d9de0ab92ed48a0a679a558a9950
|
|
7
|
+
data.tar.gz: e908f0f3446d97d8c8951afe92b1d62172715e83cc568b72caca6285dd44c4242b30928b3f1eb854331c87cdc3792ce0bfcf1a83a0866f6f2bd16627f2d2dd6a
|
|
@@ -63,10 +63,8 @@ module Dependabot
|
|
|
63
63
|
|
|
64
64
|
# If the dependency is pinned to a tag that looks like a version then
|
|
65
65
|
# we want to update that tag.
|
|
66
|
-
if git_commit_checker.pinned_ref_looks_like_version? &&
|
|
67
|
-
|
|
68
|
-
latest_tag = git_commit_checker.local_tag_for_latest_version
|
|
69
|
-
latest_version = latest_tag.fetch(:version)
|
|
66
|
+
if git_commit_checker.pinned_ref_looks_like_version? && latest_version_tag
|
|
67
|
+
latest_version = latest_version_tag.fetch(:version)
|
|
70
68
|
return version_class.new(dependency.version) if shortened_semver_eq?(dependency.version, latest_version.to_s)
|
|
71
69
|
|
|
72
70
|
return latest_version
|
|
@@ -87,13 +85,39 @@ module Dependabot
|
|
|
87
85
|
nil
|
|
88
86
|
end
|
|
89
87
|
|
|
88
|
+
def latest_version_tag
|
|
89
|
+
@latest_version_tag ||= begin
|
|
90
|
+
return git_commit_checker.local_tag_for_latest_version if dependency.version.nil?
|
|
91
|
+
|
|
92
|
+
latest_tags = git_commit_checker.local_tags_for_latest_version_commit_sha
|
|
93
|
+
|
|
94
|
+
# Find the latest version with the same precision as the pinned version.
|
|
95
|
+
# Falls back to a version with the closest precision if no exact match.
|
|
96
|
+
current_dots = dependency.version.split(".").length
|
|
97
|
+
latest_tags.max do |a, b|
|
|
98
|
+
next a[:version] <=> b[:version] unless shortened_semver_version_eq?(a[:version], b[:version])
|
|
99
|
+
|
|
100
|
+
a_dots = a[:version].to_s.split(".").length
|
|
101
|
+
b_dots = b[:version].to_s.split(".").length
|
|
102
|
+
a_diff = (a_dots - current_dots).abs
|
|
103
|
+
b_diff = (b_dots - current_dots).abs
|
|
104
|
+
next -(a_diff <=> b_diff) unless a_diff == b_diff
|
|
105
|
+
|
|
106
|
+
# preference to a less specific version if we have a tie
|
|
107
|
+
next 1 if a_dots < current_dots
|
|
108
|
+
|
|
109
|
+
-1
|
|
110
|
+
end
|
|
111
|
+
end
|
|
112
|
+
end
|
|
113
|
+
|
|
90
114
|
def updated_source
|
|
91
115
|
# TODO: Support Docker sources
|
|
92
116
|
return dependency_source_details unless git_dependency?
|
|
93
117
|
|
|
94
118
|
# Update the git tag if updating a pinned version
|
|
95
119
|
if git_commit_checker.pinned_ref_looks_like_version? &&
|
|
96
|
-
(new_tag =
|
|
120
|
+
(new_tag = latest_version_tag) &&
|
|
97
121
|
new_tag.fetch(:commit_sha) != current_commit
|
|
98
122
|
return dependency_source_details.merge(ref: new_tag.fetch(:tag))
|
|
99
123
|
end
|
|
@@ -152,6 +176,13 @@ module Dependabot
|
|
|
152
176
|
|
|
153
177
|
other_split[0..base_split.length - 1] == base_split
|
|
154
178
|
end
|
|
179
|
+
|
|
180
|
+
def shortened_semver_version_eq?(base_version, other_version)
|
|
181
|
+
base = base_version.to_s
|
|
182
|
+
other = other_version.to_s
|
|
183
|
+
|
|
184
|
+
shortened_semver_eq?(base, other) || shortened_semver_eq?(other, base)
|
|
185
|
+
end
|
|
155
186
|
end
|
|
156
187
|
end
|
|
157
188
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-github_actions
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.181.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-04-
|
|
11
|
+
date: 2022-04-19 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,28 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.181.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.181.0
|
|
27
|
+
- !ruby/object:Gem::Dependency
|
|
28
|
+
name: debase
|
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
|
30
|
+
requirements:
|
|
31
|
+
- - "~>"
|
|
32
|
+
- !ruby/object:Gem::Version
|
|
33
|
+
version: 0.2.4.1
|
|
34
|
+
type: :development
|
|
35
|
+
prerelease: false
|
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
37
|
+
requirements:
|
|
38
|
+
- - "~>"
|
|
39
|
+
- !ruby/object:Gem::Version
|
|
40
|
+
version: 0.2.4.1
|
|
27
41
|
- !ruby/object:Gem::Dependency
|
|
28
42
|
name: debug
|
|
29
43
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -100,14 +114,28 @@ dependencies:
|
|
|
100
114
|
requirements:
|
|
101
115
|
- - "~>"
|
|
102
116
|
- !ruby/object:Gem::Version
|
|
103
|
-
version: 1.
|
|
117
|
+
version: 1.27.0
|
|
118
|
+
type: :development
|
|
119
|
+
prerelease: false
|
|
120
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
121
|
+
requirements:
|
|
122
|
+
- - "~>"
|
|
123
|
+
- !ruby/object:Gem::Version
|
|
124
|
+
version: 1.27.0
|
|
125
|
+
- !ruby/object:Gem::Dependency
|
|
126
|
+
name: ruby-debug-ide
|
|
127
|
+
requirement: !ruby/object:Gem::Requirement
|
|
128
|
+
requirements:
|
|
129
|
+
- - "~>"
|
|
130
|
+
- !ruby/object:Gem::Version
|
|
131
|
+
version: 0.7.3
|
|
104
132
|
type: :development
|
|
105
133
|
prerelease: false
|
|
106
134
|
version_requirements: !ruby/object:Gem::Requirement
|
|
107
135
|
requirements:
|
|
108
136
|
- - "~>"
|
|
109
137
|
- !ruby/object:Gem::Version
|
|
110
|
-
version:
|
|
138
|
+
version: 0.7.3
|
|
111
139
|
- !ruby/object:Gem::Dependency
|
|
112
140
|
name: simplecov
|
|
113
141
|
requirement: !ruby/object:Gem::Requirement
|