dependabot-github_actions 0.208.0 → 0.209.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 21da1bc53128a7e72ef4d59ac8b02dd84835cd06a2e02cf5489f24a89d514673
-  data.tar.gz: bdaa9e9a173cd103d092c6401db5540acadf46e42217f0eb2fb80d27d3359aac
+  metadata.gz: 95383a0b46d57e16120c3f9ca4b15b77d860fa6c24da4060e432fd9a268314fd
+  data.tar.gz: bad06cf26e78be9c5f35cad2533968bd427132d49a964bd83f05463ebd3c91fd
 SHA512:
-  metadata.gz: 7ecff00184604df0f30c798b581b2f49d85f051b17d80b1a8508075b8d3029b69692e1775a0ea3321b8da9f1a3d2bd88501c5f89d6a7a3f004dc48cb2efb3a4f
-  data.tar.gz: 48e2f08a63ba6c1258d84c9980ec904968fe09dba69354c57171187f7f54e6a9d53a53659c5148fa63841f662c4ce9c39c97a3c6c19ac4053145a8e9ae0d7bb1
+  metadata.gz: 15ebf9cabe2fab309c9de7713941971acde38167c61f470cfd36b28de965039f43f97cea06d21638fe2bd118681ca8705ad61d3f650ce52469848e68dd5ee611
+  data.tar.gz: d310c382ed24f57f1bce4e75a8fafa94bd8eaf0207ecd55f9fe89a61cb735279db3ffb75fdb86c1ca27d6b72b880ded7cf7499879cbdcfd2a33c984a1561376c

data/lib/dependabot/github_actions/update_checker.rb

@@ -70,13 +70,10 @@ module Dependabot
           return latest_version
         end
 
-        # If the dependency is pinned to a commit SHA and the latest
-        # version-like tag includes that commit then we want to update to that
-        # version-like tag. We return a version (not a commit SHA) so that we
-        # get nice behaviour in PullRequestCreator::MessageBuilder
-        if git_commit_checker.pinned_ref_looks_like_commit_sha? &&
-           (latest_tag = git_commit_checker.local_tag_for_latest_version) &&
-           git_commit_checker.branch_or_ref_in_release?(latest_tag[:version])
+        # If the dependency is pinned to a commit SHA, we return a *version* so
+        # that we get nice behaviour in PullRequestCreator::MessageBuilder
+        if git_commit_checker.pinned_ref_looks_like_commit_sha?
+          latest_tag = git_commit_checker.local_tag_for_latest_version
           return latest_tag.fetch(:version)
         end
 
@@ -122,12 +119,12 @@ module Dependabot
           return dependency_source_details.merge(ref: new_tag.fetch(:tag))
         end
 
-        # Update the git commit if updating a pinned commit
+        latest_tag = git_commit_checker.local_tag_for_latest_version
+
+        # Update the pinned git commit if one is available
         if git_commit_checker.pinned_ref_looks_like_commit_sha? &&
-           (latest_tag = git_commit_checker.local_tag_for_latest_version) &&
-           git_commit_checker.branch_or_ref_in_release?(latest_tag[:version]) &&
-           (latest_commit = latest_tag.fetch(:commit_sha)) != current_commit
-          return dependency_source_details.merge(ref: latest_commit)
+           latest_tag.fetch(:commit_sha) != current_commit
+          return dependency_source_details.merge(ref: latest_tag.fetch(:commit_sha))
         end
 
         # Otherwise return the original source

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-github_actions
 version: !ruby/object:Gem::Version
-  version: 0.208.0
+  version: 0.209.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-08-16 00:00:00.000000000 Z
+date: 2022-08-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.208.0
+        version: 0.209.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.208.0
+        version: 0.209.0
 - !ruby/object:Gem::Dependency
   name: debase
   requirement: !ruby/object:Gem::Requirement