dependabot-github_actions 0.180.3 → 0.180.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/github_actions/update_checker.rb +36 -5
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e88bf4e8b8223eb393936a7f49828fbfd9a38d381dd9635ea918188567e4a1ed
|
|
4
|
+
data.tar.gz: 83411c034a7e0c43de08f524f4c50327253d0e0357eba203b626e4df45dff970
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f6c668ced25dc550e4ae14d055b57ac3dde1f7fd3618c95d313a004efc330b509767320d1f2249d7a9f2f6d059240b28c2cf7e001e9b075f7e7fc79d2533dd92
|
|
7
|
+
data.tar.gz: c12105eded302f59fcc60cb2e856fc8fb3ad11387ea6384a866264f5f19f7a5ce9759567eb95a6486207518d817a7eaad71270ac71d23897400ce0713bb33b91
|
|
@@ -63,10 +63,8 @@ module Dependabot
|
|
|
63
63
|
|
|
64
64
|
# If the dependency is pinned to a tag that looks like a version then
|
|
65
65
|
# we want to update that tag.
|
|
66
|
-
if git_commit_checker.pinned_ref_looks_like_version? &&
|
|
67
|
-
|
|
68
|
-
latest_tag = git_commit_checker.local_tag_for_latest_version
|
|
69
|
-
latest_version = latest_tag.fetch(:version)
|
|
66
|
+
if git_commit_checker.pinned_ref_looks_like_version? && latest_version_tag
|
|
67
|
+
latest_version = latest_version_tag.fetch(:version)
|
|
70
68
|
return version_class.new(dependency.version) if shortened_semver_eq?(dependency.version, latest_version.to_s)
|
|
71
69
|
|
|
72
70
|
return latest_version
|
|
@@ -87,13 +85,39 @@ module Dependabot
|
|
|
87
85
|
nil
|
|
88
86
|
end
|
|
89
87
|
|
|
88
|
+
def latest_version_tag
|
|
89
|
+
@latest_version_tag ||= begin
|
|
90
|
+
return git_commit_checker.local_tag_for_latest_version if dependency.version.nil?
|
|
91
|
+
|
|
92
|
+
latest_tags = git_commit_checker.local_tags_for_latest_version_commit_sha
|
|
93
|
+
|
|
94
|
+
# Find the latest version with the same precision as the pinned version.
|
|
95
|
+
# Falls back to a version with the closest precision if no exact match.
|
|
96
|
+
current_dots = dependency.version.split(".").length
|
|
97
|
+
latest_tags.max do |a, b|
|
|
98
|
+
next a[:version] <=> b[:version] unless shortened_semver_version_eq?(a[:version], b[:version])
|
|
99
|
+
|
|
100
|
+
a_dots = a[:version].to_s.split(".").length
|
|
101
|
+
b_dots = b[:version].to_s.split(".").length
|
|
102
|
+
a_diff = (a_dots - current_dots).abs
|
|
103
|
+
b_diff = (b_dots - current_dots).abs
|
|
104
|
+
next -(a_diff <=> b_diff) unless a_diff == b_diff
|
|
105
|
+
|
|
106
|
+
# preference to a less specific version if we have a tie
|
|
107
|
+
next 1 if a_dots < current_dots
|
|
108
|
+
|
|
109
|
+
-1
|
|
110
|
+
end
|
|
111
|
+
end
|
|
112
|
+
end
|
|
113
|
+
|
|
90
114
|
def updated_source
|
|
91
115
|
# TODO: Support Docker sources
|
|
92
116
|
return dependency_source_details unless git_dependency?
|
|
93
117
|
|
|
94
118
|
# Update the git tag if updating a pinned version
|
|
95
119
|
if git_commit_checker.pinned_ref_looks_like_version? &&
|
|
96
|
-
(new_tag =
|
|
120
|
+
(new_tag = latest_version_tag) &&
|
|
97
121
|
new_tag.fetch(:commit_sha) != current_commit
|
|
98
122
|
return dependency_source_details.merge(ref: new_tag.fetch(:tag))
|
|
99
123
|
end
|
|
@@ -152,6 +176,13 @@ module Dependabot
|
|
|
152
176
|
|
|
153
177
|
other_split[0..base_split.length - 1] == base_split
|
|
154
178
|
end
|
|
179
|
+
|
|
180
|
+
def shortened_semver_version_eq?(base_version, other_version)
|
|
181
|
+
base = base_version.to_s
|
|
182
|
+
other = other_version.to_s
|
|
183
|
+
|
|
184
|
+
shortened_semver_eq?(base, other) || shortened_semver_eq?(other, base)
|
|
185
|
+
end
|
|
155
186
|
end
|
|
156
187
|
end
|
|
157
188
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-github_actions
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.180.
|
|
4
|
+
version: 0.180.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-04-
|
|
11
|
+
date: 2022-04-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.180.
|
|
19
|
+
version: 0.180.4
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.180.
|
|
26
|
+
version: 0.180.4
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|