dependabot-github_actions 0.267.0 → 0.270.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b2726ec2b4746403a221eed42c7c80ecbaa058f2b0ed3ded067473dc42cbf7ed
-  data.tar.gz: 1e1ea813c71e834d2d8fbbcf45257b82eaa323be97c90b9c1d4281fde3493d33
+  metadata.gz: 5db73134b465481476d9633842287d37d71a1625093cdfb3f5e9cb0b5d12ff9f
+  data.tar.gz: a1ac08c16e6f2d282e45084c72316a81c933505f730aea10173eaedbabc70dcb
 SHA512:
-  metadata.gz: d87a58f9ed3e45db5328f3a41ebbf7bb2092ec3054a7be6667f83dd7b1ea9d47dfcacad8233ecab83195620eb8c8cae3c18eaa111fbaa782aa8363866f544a4f
-  data.tar.gz: b64b20d67c5b6b7001e32f4530e7e3eb3cd8607e55e75b2665f2158a07060682676cbf391d0f505614d0d5403618482952db7a055a15c39eb788ecba6f6b6485
+  metadata.gz: 0fabd8aede6fd962f44657d911e799023a9845a7d023dfa6c635def23b45620e2cbc9f3361a648b3b557dcc3186126b351fea97990580574412539100696e104
+  data.tar.gz: 3309e9013fc6c5aa9cd56acf6deede876cad74c427c45f75808377de55416afb30219920d06d9a7f25ffb5621bb6326b0dc359ed49b71d369583cc545aa5b56b

data/lib/dependabot/github_actions/file_updater.rb

@@ -12,9 +12,14 @@ module Dependabot
     class FileUpdater < Dependabot::FileUpdaters::Base
       extend T::Sig
 
-      sig { override.returns(T::Array[Regexp]) }
-      def self.updated_files_regex
-        [%r{\.github/workflows/.+\.ya?ml$}]
+      sig { override.params(allowlist_enabled: T::Boolean).returns(T::Array[Regexp]) }
+      def self.updated_files_regex(allowlist_enabled = false)
+        if allowlist_enabled
+          [%r{\.github/workflows?/.+\.ya?ml$}]
+        else
+          # Old regex. After 100% rollout of the allowlist, this will be removed.
+          [%r{\.github/workflows/.+\.ya?ml$}]
+        end
       end
 
       sig { override.returns(T::Array[Dependabot::DependencyFile]) }
@@ -118,6 +123,8 @@ module Dependabot
         return unless comment.end_with? previous_version
 
         new_version_tag = git_checker.most_specific_version_tag_for_sha(new_ref)
+        return unless new_version_tag
+
         new_version = version_class.new(new_version_tag).to_s
         comment.gsub(previous_version, new_version)
       end

data/lib/dependabot/github_actions/update_checker.rb

@@ -76,7 +76,8 @@ module Dependabot
       sig { returns(T::Array[Dependabot::SecurityAdvisory]) }
       def active_advisories
         security_advisories.select do |advisory|
-          advisory.vulnerable?(version_class.new(git_commit_checker.most_specific_tag_equivalent_to_pinned_ref))
+          version = git_commit_checker.most_specific_tag_equivalent_to_pinned_ref
+          version.nil? ? false : advisory.vulnerable?(version_class.new(version))
         end
       end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-github_actions
 version: !ruby/object:Gem::Version
-  version: 0.267.0
+  version: 0.270.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-07-25 00:00:00.000000000 Z
+date: 2024-08-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.267.0
+        version: 0.270.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.267.0
+        version: 0.270.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -255,7 +255,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.267.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.270.0
 post_install_message: 
 rdoc_options: []
 require_paths: