dependabot-github_actions 0.237.0 → 0.239.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ff3ec4fa8f1b132227c557b6fa76217241bec1a0a75f53628f985a824a2be1f3
|
|
4
|
+
data.tar.gz: a02e8693737f12942663d1e4c5b7ffcb5f3955792a07b0f5fa0b4a829d925cbe
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1022e0293ced804a75245f3b1dd81c20393eb112ca7837f73426c88b37f4b9b182473ecc0f1f5a5f935e5119b914de3c17a269d43c1f98ece4198585f41630ab
|
|
7
|
+
data.tar.gz: 45f493d1f78fe2e01a3227d1e07b50ae53f5bf1ff345264a2e17745b8aa42f9490817e05d85d9cdbb5f83f7c942fd0fc2826dd5af59fd602b9a202a86aae680e
|
|
@@ -55,19 +55,21 @@ module Dependabot
|
|
|
55
55
|
credentials: credentials,
|
|
56
56
|
consider_version_branches_pinned: true
|
|
57
57
|
)
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
58
|
+
if git_checker.git_repo_reachable?
|
|
59
|
+
next unless git_checker.pinned?
|
|
60
|
+
|
|
61
|
+
# If dep does not have an assigned (semver) version, look for a commit that references a semver tag
|
|
62
|
+
unless dep.version
|
|
63
|
+
resolved = git_checker.version_for_pinned_sha
|
|
64
|
+
|
|
65
|
+
if resolved
|
|
66
|
+
dep = Dependency.new(
|
|
67
|
+
name: dep.name,
|
|
68
|
+
version: resolved.to_s,
|
|
69
|
+
requirements: dep.requirements,
|
|
70
|
+
package_manager: dep.package_manager
|
|
71
|
+
)
|
|
72
|
+
end
|
|
71
73
|
end
|
|
72
74
|
end
|
|
73
75
|
|
|
@@ -100,6 +100,8 @@ module Dependabot
|
|
|
100
100
|
return unless git_checker.ref_looks_like_commit_sha?(old_ref)
|
|
101
101
|
|
|
102
102
|
previous_version_tag = git_checker.most_specific_version_tag_for_sha(old_ref)
|
|
103
|
+
return unless previous_version_tag # There's no tag for this commit
|
|
104
|
+
|
|
103
105
|
previous_version = version_class.new(previous_version_tag).to_s
|
|
104
106
|
return unless comment.end_with? previous_version
|
|
105
107
|
|
|
@@ -1,16 +1,20 @@
|
|
|
1
1
|
# typed: true
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require "sorbet-runtime"
|
|
5
|
+
|
|
6
|
+
require "dependabot/requirement"
|
|
4
7
|
require "dependabot/utils"
|
|
5
8
|
require "dependabot/github_actions/version"
|
|
6
9
|
|
|
7
10
|
module Dependabot
|
|
8
11
|
module GithubActions
|
|
9
12
|
# Lifted from the bundler package manager
|
|
10
|
-
class Requirement <
|
|
13
|
+
class Requirement < Dependabot::Requirement
|
|
11
14
|
# For consistency with other languages, we define a requirements array.
|
|
12
15
|
# Ruby doesn't have an `OR` separator for requirements, so it always
|
|
13
16
|
# contains a single element.
|
|
17
|
+
sig { override.params(requirement_string: T.nilable(String)).returns(T::Array[Requirement]) }
|
|
14
18
|
def self.requirements_array(requirement_string)
|
|
15
19
|
[new(requirement_string)]
|
|
16
20
|
end
|
|
@@ -153,8 +153,7 @@ module Dependabot
|
|
|
153
153
|
|
|
154
154
|
Dir.chdir(repo_contents_path) do
|
|
155
155
|
ref_branch = find_container_branch(git_commit_checker.dependency_source_details[:ref])
|
|
156
|
-
|
|
157
|
-
git_commit_checker.head_commit_for_local_branch(ref_branch)
|
|
156
|
+
git_commit_checker.head_commit_for_local_branch(ref_branch) if ref_branch
|
|
158
157
|
end
|
|
159
158
|
end
|
|
160
159
|
end
|
|
@@ -254,6 +253,7 @@ module Dependabot
|
|
|
254
253
|
"git branch --remotes --contains #{sha}",
|
|
255
254
|
fingerprint: "git branch --remotes --contains <sha>"
|
|
256
255
|
).split("\n").map { |branch| branch.strip.gsub("origin/", "") }
|
|
256
|
+
return if branches_including_ref.empty?
|
|
257
257
|
|
|
258
258
|
current_branch = branches_including_ref.find { |branch| branch.start_with?("HEAD -> ") }
|
|
259
259
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-github_actions
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.239.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-
|
|
11
|
+
date: 2023-12-28 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.239.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.239.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -114,14 +114,14 @@ dependencies:
|
|
|
114
114
|
requirements:
|
|
115
115
|
- - "~>"
|
|
116
116
|
- !ruby/object:Gem::Version
|
|
117
|
-
version: 1.
|
|
117
|
+
version: 1.58.0
|
|
118
118
|
type: :development
|
|
119
119
|
prerelease: false
|
|
120
120
|
version_requirements: !ruby/object:Gem::Requirement
|
|
121
121
|
requirements:
|
|
122
122
|
- - "~>"
|
|
123
123
|
- !ruby/object:Gem::Version
|
|
124
|
-
version: 1.
|
|
124
|
+
version: 1.58.0
|
|
125
125
|
- !ruby/object:Gem::Dependency
|
|
126
126
|
name: rubocop-performance
|
|
127
127
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -227,7 +227,7 @@ licenses:
|
|
|
227
227
|
- Nonstandard
|
|
228
228
|
metadata:
|
|
229
229
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
230
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
230
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.239.0
|
|
231
231
|
post_install_message:
|
|
232
232
|
rdoc_options: []
|
|
233
233
|
require_paths:
|