dependabot-github_actions 0.267.0 → 0.268.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f7ddc73ea15972422c0081802c1b31074978e0c389e9455e55e0e4878cb03cfd
|
|
4
|
+
data.tar.gz: 7e18157417351ae5ee3de0e9c1478847266483ce6e13dd90429a981f99b1aaf1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b419b3d74cc65a31dcd7cb109194b3235ad91f73d1300ae9e91b25783b90afe2e6942c76e1737897000728d24d5ca3c4b45e62fcfcb019e52dc357a21bf51c5a
|
|
7
|
+
data.tar.gz: 2e420a0fe4acb0f9bd6f5a317e596245016e5b888fc3eb3d0720e4b368ed8605ae7b060cb2c1e49ca14d19a302c51414ed03bee388d29d0c28e81aa50a83c85b
|
|
@@ -118,6 +118,8 @@ module Dependabot
|
|
|
118
118
|
return unless comment.end_with? previous_version
|
|
119
119
|
|
|
120
120
|
new_version_tag = git_checker.most_specific_version_tag_for_sha(new_ref)
|
|
121
|
+
return unless new_version_tag
|
|
122
|
+
|
|
121
123
|
new_version = version_class.new(new_version_tag).to_s
|
|
122
124
|
comment.gsub(previous_version, new_version)
|
|
123
125
|
end
|
|
@@ -76,7 +76,8 @@ module Dependabot
|
|
|
76
76
|
sig { returns(T::Array[Dependabot::SecurityAdvisory]) }
|
|
77
77
|
def active_advisories
|
|
78
78
|
security_advisories.select do |advisory|
|
|
79
|
-
|
|
79
|
+
version = git_commit_checker.most_specific_tag_equivalent_to_pinned_ref
|
|
80
|
+
version.nil? ? false : advisory.vulnerable?(version_class.new(version))
|
|
80
81
|
end
|
|
81
82
|
end
|
|
82
83
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-github_actions
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.268.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-08-02 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.268.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.268.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -255,7 +255,7 @@ licenses:
|
|
|
255
255
|
- MIT
|
|
256
256
|
metadata:
|
|
257
257
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
258
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
258
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.268.0
|
|
259
259
|
post_install_message:
|
|
260
260
|
rdoc_options: []
|
|
261
261
|
require_paths:
|