dependabot-github_actions 0.119.1 → 0.119.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/github_actions/update_checker.rb +4 -3
  3. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 73017c541500769d5057faba360804228400e978e8d51fc5dbcd53ce6b5e80a3
4
- data.tar.gz: f6963eb3bad8c9731c93106b8fecd0bac2c85768e6ca13ae040e498ba8a0554c
3
+ metadata.gz: b1160866c0d2c5618fbac5b14efba319d73f3601233db3f6dd8411ba8b9af5e6
4
+ data.tar.gz: cdd0e767c72e9624244bdf9252aa7e9db36e6b789bc0b816632f8644a22cbfd3
5
5
  SHA512:
6
- metadata.gz: 7ee757e3930554767f0afbb63886d6b1b0c14a77adfa99d960d5ce6ef726247b3d0612f1a8b2b7ae0fe24cfb7631934cbe02c5ab71b36586d9b5dca858974986
7
- data.tar.gz: d332d45e9266d3b6ed4536de561ac2ed87d07dcf79dca75a9a1e00fda5009ed800b56d160c7c74d3bca831d4cf288f49c420ecece64bd3ab90f48645630f0308
6
+ metadata.gz: e1f4f4c5271714b02fefa70409ccc6f7af244617ce7d5f6c5a4ebcef98a4d6f0e9175ca1adf4d30cfde09abb50bb6b257447f5791cdca0a6e371e1866ecf63e7
7
+ data.tar.gz: 6600a63d1087eae793bb2d158577ce6a499005ae5becac6812995972091b18a5b88218c82ce6d7da9c98b866b33716854024a921c3a921c4f78bf910895f7be8
data/lib/dependabot/github_actions/update_checker.rb CHANGED
@@ -90,11 +90,12 @@ module Dependabot
90
90
  return dependency_source_details.merge(ref: new_tag.fetch(:tag))
91
91
  end
92
92
 
93
- # Update the git tag if updating a pinned commit
93
+ # Update the git commit if updating a pinned commit
94
94
  if git_commit_checker.pinned_ref_looks_like_commit_sha? &&
95
95
  (latest_tag = git_commit_checker.local_tag_for_latest_version) &&
96
- git_commit_checker.branch_or_ref_in_release?(latest_tag[:version])
97
- return dependency_source_details.merge(ref: latest_tag.fetch(:tag))
96
+ git_commit_checker.branch_or_ref_in_release?(latest_tag[:version]) &&
97
+ (latest_commit = latest_tag.fetch(:commit_sha)) != current_commit
98
+ return dependency_source_details.merge(ref: latest_commit)
98
99
  end
99
100
 
100
101
  # Otherwise return the original source
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-github_actions
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.119.1
4
+ version: 0.119.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-08-28 00:00:00.000000000 Z
11
+ date: 2020-09-02 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.119.1
19
+ version: 0.119.2
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.119.1
26
+ version: 0.119.2
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement