dependabot-github_actions 0.266.0 → 0.268.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/github_actions/file_updater.rb +2 -0
  3. data/lib/dependabot/github_actions/update_checker.rb +2 -1
  4. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 0a90e2dbbacd5205886d15e3d15500e6800873046d6dbe81fa706ce4d7221b6b
4
- data.tar.gz: 611a3c952475926a6310b11eb3d2f44766df9bb796380d9711b1acf328340d16
3
+ metadata.gz: f7ddc73ea15972422c0081802c1b31074978e0c389e9455e55e0e4878cb03cfd
4
+ data.tar.gz: 7e18157417351ae5ee3de0e9c1478847266483ce6e13dd90429a981f99b1aaf1
5
5
  SHA512:
6
- metadata.gz: 7d95be8c4815b3c9654eac88835e17e2722c97e53e32cd82f7f9298154fac4cc7a42b3387be9b3f15cdb8ee93e94e2a61f2d059fa75ff86085fc19f13eca9681
7
- data.tar.gz: 82a578d6a91db5c4aa3690d2f4355e34195732548d427a456591b17ca81b16f092ce00969a13a0dfb0d79b1a946c09cd9787fc5eea4b6d01c4e50deaf7c615fd
6
+ metadata.gz: b419b3d74cc65a31dcd7cb109194b3235ad91f73d1300ae9e91b25783b90afe2e6942c76e1737897000728d24d5ca3c4b45e62fcfcb019e52dc357a21bf51c5a
7
+ data.tar.gz: 2e420a0fe4acb0f9bd6f5a317e596245016e5b888fc3eb3d0720e4b368ed8605ae7b060cb2c1e49ca14d19a302c51414ed03bee388d29d0c28e81aa50a83c85b
data/lib/dependabot/github_actions/file_updater.rb CHANGED
@@ -118,6 +118,8 @@ module Dependabot
118
118
  return unless comment.end_with? previous_version
119
119
 
120
120
  new_version_tag = git_checker.most_specific_version_tag_for_sha(new_ref)
121
+ return unless new_version_tag
122
+
121
123
  new_version = version_class.new(new_version_tag).to_s
122
124
  comment.gsub(previous_version, new_version)
123
125
  end
data/lib/dependabot/github_actions/update_checker.rb CHANGED
@@ -76,7 +76,8 @@ module Dependabot
76
76
  sig { returns(T::Array[Dependabot::SecurityAdvisory]) }
77
77
  def active_advisories
78
78
  security_advisories.select do |advisory|
79
- advisory.vulnerable?(version_class.new(git_commit_checker.most_specific_tag_equivalent_to_pinned_ref))
79
+ version = git_commit_checker.most_specific_tag_equivalent_to_pinned_ref
80
+ version.nil? ? false : advisory.vulnerable?(version_class.new(version))
80
81
  end
81
82
  end
82
83
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-github_actions
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.266.0
4
+ version: 0.268.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-07-18 00:00:00.000000000 Z
11
+ date: 2024-08-02 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.266.0
19
+ version: 0.268.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.266.0
26
+ version: 0.268.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -255,7 +255,7 @@ licenses:
255
255
  - MIT
256
256
  metadata:
257
257
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
258
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.266.0
258
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.268.0
259
259
  post_install_message:
260
260
  rdoc_options: []
261
261
  require_paths: