dependabot-github_actions 0.208.0 → 0.209.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/github_actions/update_checker.rb +9 -12
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 95383a0b46d57e16120c3f9ca4b15b77d860fa6c24da4060e432fd9a268314fd
|
|
4
|
+
data.tar.gz: bad06cf26e78be9c5f35cad2533968bd427132d49a964bd83f05463ebd3c91fd
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 15ebf9cabe2fab309c9de7713941971acde38167c61f470cfd36b28de965039f43f97cea06d21638fe2bd118681ca8705ad61d3f650ce52469848e68dd5ee611
|
|
7
|
+
data.tar.gz: d310c382ed24f57f1bce4e75a8fafa94bd8eaf0207ecd55f9fe89a61cb735279db3ffb75fdb86c1ca27d6b72b880ded7cf7499879cbdcfd2a33c984a1561376c
|
|
@@ -70,13 +70,10 @@ module Dependabot
|
|
|
70
70
|
return latest_version
|
|
71
71
|
end
|
|
72
72
|
|
|
73
|
-
# If the dependency is pinned to a commit SHA
|
|
74
|
-
#
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
if git_commit_checker.pinned_ref_looks_like_commit_sha? &&
|
|
78
|
-
(latest_tag = git_commit_checker.local_tag_for_latest_version) &&
|
|
79
|
-
git_commit_checker.branch_or_ref_in_release?(latest_tag[:version])
|
|
73
|
+
# If the dependency is pinned to a commit SHA, we return a *version* so
|
|
74
|
+
# that we get nice behaviour in PullRequestCreator::MessageBuilder
|
|
75
|
+
if git_commit_checker.pinned_ref_looks_like_commit_sha?
|
|
76
|
+
latest_tag = git_commit_checker.local_tag_for_latest_version
|
|
80
77
|
return latest_tag.fetch(:version)
|
|
81
78
|
end
|
|
82
79
|
|
|
@@ -122,12 +119,12 @@ module Dependabot
|
|
|
122
119
|
return dependency_source_details.merge(ref: new_tag.fetch(:tag))
|
|
123
120
|
end
|
|
124
121
|
|
|
125
|
-
|
|
122
|
+
latest_tag = git_commit_checker.local_tag_for_latest_version
|
|
123
|
+
|
|
124
|
+
# Update the pinned git commit if one is available
|
|
126
125
|
if git_commit_checker.pinned_ref_looks_like_commit_sha? &&
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
(latest_commit = latest_tag.fetch(:commit_sha)) != current_commit
|
|
130
|
-
return dependency_source_details.merge(ref: latest_commit)
|
|
126
|
+
latest_tag.fetch(:commit_sha) != current_commit
|
|
127
|
+
return dependency_source_details.merge(ref: latest_tag.fetch(:commit_sha))
|
|
131
128
|
end
|
|
132
129
|
|
|
133
130
|
# Otherwise return the original source
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-github_actions
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.209.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-08-
|
|
11
|
+
date: 2022-08-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.209.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.209.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debase
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|