dependabot-github_actions 0.146.0 → 0.146.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/github_actions/update_checker.rb +14 -2
  3. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4b11317e1dad2358be56e6ef6a39a34b21203bb4892d8ede27b76bc1b9e26d2e
4
- data.tar.gz: f5d866295306e58ea08f5f3be97fc3e1686d55f805fec4bb9e6335641f92b079
3
+ metadata.gz: f18094461826b65eab69b655ca90e8cc7e143d3d2ac9cf15f2256bf0a6d47a29
4
+ data.tar.gz: 6bad99dfc7ffcb8a06eace7894fda46a7ceb4ab94980e2a8b656f5a281bcd324
5
5
  SHA512:
6
- metadata.gz: f468a43a7257f606736445fb21fc4a61869a6e0bd190940d09e9bee28bc631af8683aae0ad1c474764b23fe2394985f51bcc6067a0fe15d4bcd12de41b14b7bf
7
- data.tar.gz: 8190e538cda08496ceeda4a6a23e0f66274df683ff38b68318577f2d0622397877f3852d77cb9281f8fcec21d8da1d303fd13ddcf0fecfed796f39346203688d
6
+ metadata.gz: f1d187ecbeafaa181f64b90d2371c6f16fe308910bb129a708087021b3cf9ba58ea9f4622608421a3ea163e16d5ef8ce56b8edef913512d936240380d9cd28bf
7
+ data.tar.gz: 1f6a313a85b15056d563f0edfb08aedf6bcc9c507dccf2ebdd9bf18aba64c279983f3bd7121e7f86941cb53a7de0dc6b8ef11534da2630eb128fb059cbb8314a
data/lib/dependabot/github_actions/update_checker.rb CHANGED
@@ -63,11 +63,13 @@ module Dependabot
63
63
 
64
64
  # If the dependency is pinned to a tag that looks like a version then
65
65
  # we want to update that tag.
66
-
67
66
  if git_commit_checker.pinned_ref_looks_like_version? &&
68
67
  git_commit_checker.local_tag_for_latest_version
69
68
  latest_tag = git_commit_checker.local_tag_for_latest_version
70
- return latest_tag.fetch(:version)
69
+ latest_version = latest_tag.fetch(:version)
70
+ return version_class.new(dependency.version) if shortened_semver_eq?(dependency.version, latest_version.to_s)
71
+
72
+ return latest_version
71
73
  end
72
74
 
73
75
  # If the dependency is pinned to a commit SHA and the latest
@@ -140,6 +142,16 @@ module Dependabot
140
142
  raise_on_ignored: raise_on_ignored
141
143
  )
142
144
  end
145
+
146
+ def shortened_semver_eq?(base, other)
147
+ return false unless base
148
+
149
+ base_split = base.split(".")
150
+ other_split = other.split(".")
151
+ return false unless base_split.length <= other_split.length
152
+
153
+ other_split[0..base_split.length - 1] == base_split
154
+ end
143
155
  end
144
156
  end
145
157
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-github_actions
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.146.0
4
+ version: 0.146.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-05-11 00:00:00.000000000 Z
11
+ date: 2021-05-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.146.0
19
+ version: 0.146.1
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.146.0
26
+ version: 0.146.1
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement