dependabot-github_actions 0.267.0 → 0.270.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b2726ec2b4746403a221eed42c7c80ecbaa058f2b0ed3ded067473dc42cbf7ed
4
- data.tar.gz: 1e1ea813c71e834d2d8fbbcf45257b82eaa323be97c90b9c1d4281fde3493d33
3
+ metadata.gz: 5db73134b465481476d9633842287d37d71a1625093cdfb3f5e9cb0b5d12ff9f
4
+ data.tar.gz: a1ac08c16e6f2d282e45084c72316a81c933505f730aea10173eaedbabc70dcb
5
5
  SHA512:
6
- metadata.gz: d87a58f9ed3e45db5328f3a41ebbf7bb2092ec3054a7be6667f83dd7b1ea9d47dfcacad8233ecab83195620eb8c8cae3c18eaa111fbaa782aa8363866f544a4f
7
- data.tar.gz: b64b20d67c5b6b7001e32f4530e7e3eb3cd8607e55e75b2665f2158a07060682676cbf391d0f505614d0d5403618482952db7a055a15c39eb788ecba6f6b6485
6
+ metadata.gz: 0fabd8aede6fd962f44657d911e799023a9845a7d023dfa6c635def23b45620e2cbc9f3361a648b3b557dcc3186126b351fea97990580574412539100696e104
7
+ data.tar.gz: 3309e9013fc6c5aa9cd56acf6deede876cad74c427c45f75808377de55416afb30219920d06d9a7f25ffb5621bb6326b0dc359ed49b71d369583cc545aa5b56b
@@ -12,9 +12,14 @@ module Dependabot
12
12
  class FileUpdater < Dependabot::FileUpdaters::Base
13
13
  extend T::Sig
14
14
 
15
- sig { override.returns(T::Array[Regexp]) }
16
- def self.updated_files_regex
17
- [%r{\.github/workflows/.+\.ya?ml$}]
15
+ sig { override.params(allowlist_enabled: T::Boolean).returns(T::Array[Regexp]) }
16
+ def self.updated_files_regex(allowlist_enabled = false)
17
+ if allowlist_enabled
18
+ [%r{\.github/workflows?/.+\.ya?ml$}]
19
+ else
20
+ # Old regex. After 100% rollout of the allowlist, this will be removed.
21
+ [%r{\.github/workflows/.+\.ya?ml$}]
22
+ end
18
23
  end
19
24
 
20
25
  sig { override.returns(T::Array[Dependabot::DependencyFile]) }
@@ -118,6 +123,8 @@ module Dependabot
118
123
  return unless comment.end_with? previous_version
119
124
 
120
125
  new_version_tag = git_checker.most_specific_version_tag_for_sha(new_ref)
126
+ return unless new_version_tag
127
+
121
128
  new_version = version_class.new(new_version_tag).to_s
122
129
  comment.gsub(previous_version, new_version)
123
130
  end
@@ -76,7 +76,8 @@ module Dependabot
76
76
  sig { returns(T::Array[Dependabot::SecurityAdvisory]) }
77
77
  def active_advisories
78
78
  security_advisories.select do |advisory|
79
- advisory.vulnerable?(version_class.new(git_commit_checker.most_specific_tag_equivalent_to_pinned_ref))
79
+ version = git_commit_checker.most_specific_tag_equivalent_to_pinned_ref
80
+ version.nil? ? false : advisory.vulnerable?(version_class.new(version))
80
81
  end
81
82
  end
82
83
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-github_actions
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.267.0
4
+ version: 0.270.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-07-25 00:00:00.000000000 Z
11
+ date: 2024-08-15 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.267.0
19
+ version: 0.270.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.267.0
26
+ version: 0.270.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -255,7 +255,7 @@ licenses:
255
255
  - MIT
256
256
  metadata:
257
257
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
258
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.267.0
258
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.270.0
259
259
  post_install_message:
260
260
  rdoc_options: []
261
261
  require_paths: