RubyGems - dependabot-github_actions - Versions diffs - 0.370.0 → 0.372.0 - Mend

dependabot-github_actions 0.370.0 → 0.372.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

checksums.yaml +4 -4
data/lib/dependabot/github_actions/update_checker/latest_version_finder.rb +24 -0
data/lib/dependabot/github_actions/update_checker.rb +5 -4
metadata +4 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 60b1582449d8037e14c46cf4a635c84695e07b733ade709fb75efd4733d84154
-  data.tar.gz: 7728581d335018578ecad6c8e5cfc3a3fb9f3c9713a47496a89ddd8ff96c9261
+  metadata.gz: e28681fb34bf0edef592e8b625e69ad1a8959dfb6d781b2e4adc611588851f43
+  data.tar.gz: 6149b53e56384fc60bfc668a9f57f132516c9d56953f7f766e0d0d5b2333912c
 SHA512:
-  metadata.gz: bfc08d4dd588ecc482dd2bea842ea5c110d407d25d1a13945e96f39be8e8aefc20358b840351c7813b8265f9a3276220cea7acb2b6e110d0bd17eea932ffb082
-  data.tar.gz: cc646daed9e46c070bafb8367e44b9f82a7c8f1c4c2190ea91b4eb680686370f375b1a374e4f193d6f43404facb7867e6f6b861741a6efb675725df786c99fb8
+  metadata.gz: 67c48162d1bee25f3fa61b5118c92329b2f9915e258336c5b0040d78059790787d003c2d7b90f77f55fe8176e07c4c8629b36cd035a05dfa3e4e82891c55f225
+  data.tar.gz: bb3c402a62f62257b18d94f98e28de61e0f2bc4c66d9b6f56f2690c83c9db982892cd0fda94dad62298a4281e9f66ebae6aed1e849bf9ae9d4eb563c239414f2

data/lib/dependabot/github_actions/update_checker/latest_version_finder.rb CHANGED Viewed

@@ -102,6 +102,30 @@ module Dependabot
           available_latest_version_tag
         end
+        sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
+        def latest_version_tag_respecting_cooldown
+          return @latest_version_tag_respecting_cooldown if defined?(@latest_version_tag_respecting_cooldown)
+          @latest_version_tag_respecting_cooldown = T.let(
+            begin
+              selected_release = latest_release_version
+              if selected_release.nil? || selected_release.is_a?(String)
+                nil
+              else
+                latest_tag = available_latest_version_tag
+                if latest_tag&.fetch(:version) == selected_release
+                  latest_tag
+                else
+                  T.must(package_details_fetcher)
+                   .allowed_version_tags_with_release_dates
+                   .find { |tag_hash| tag_hash.fetch(:version) == selected_release }
+                end
+              end
+            end,
+            T.nilable(T::Hash[Symbol, T.untyped])
+          )
+        end
         private
         sig { returns(T.nilable(Dependabot::GithubActions::Package::PackageDetailsFetcher)) }

data/lib/dependabot/github_actions/update_checker.rb CHANGED Viewed

@@ -152,7 +152,7 @@ module Dependabot
         # Return the git tag if updating a pinned version
         if source_git_commit_checker.pinned_ref_looks_like_version? &&
-           (new_tag = T.must(latest_version_finder).latest_version_tag)
+           (new_tag = T.must(latest_version_finder).latest_version_tag_respecting_cooldown)
           return new_tag.fetch(:tag)
         end
@@ -168,11 +168,12 @@ module Dependabot
       sig { params(source_checker: Dependabot::GitCommitChecker).returns(T.nilable(String)) }
       def latest_commit_sha(source_checker)
-        new_tag = T.must(latest_version_finder).latest_version_tag
-        return unless new_tag
+        latest_tag = T.must(latest_version_finder).latest_version_tag
+        return unless latest_tag
         if source_checker.local_tag_for_pinned_sha
-          new_tag.fetch(:commit_sha)
+          new_tag = T.must(latest_version_finder).latest_version_tag_respecting_cooldown
+          new_tag&.fetch(:commit_sha)
         else
           latest_commit_for_pinned_ref
         end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-github_actions
 version: !ruby/object:Gem::Version
-  version: 0.370.0
+  version: 0.372.0
 platform: ruby
 authors:
 - Dependabot
@@ -15,14 +15,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.370.0
+        version: 0.372.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.370.0
+        version: 0.372.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -259,7 +259,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.370.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.372.0
 rdoc_options: []
 require_paths:
 - lib