dependabot-github_actions 0.267.0 → 0.268.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/github_actions/file_updater.rb +2 -0
  3. data/lib/dependabot/github_actions/update_checker.rb +2 -1
  4. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b2726ec2b4746403a221eed42c7c80ecbaa058f2b0ed3ded067473dc42cbf7ed
4
- data.tar.gz: 1e1ea813c71e834d2d8fbbcf45257b82eaa323be97c90b9c1d4281fde3493d33
3
+ metadata.gz: f7ddc73ea15972422c0081802c1b31074978e0c389e9455e55e0e4878cb03cfd
4
+ data.tar.gz: 7e18157417351ae5ee3de0e9c1478847266483ce6e13dd90429a981f99b1aaf1
5
5
  SHA512:
6
- metadata.gz: d87a58f9ed3e45db5328f3a41ebbf7bb2092ec3054a7be6667f83dd7b1ea9d47dfcacad8233ecab83195620eb8c8cae3c18eaa111fbaa782aa8363866f544a4f
7
- data.tar.gz: b64b20d67c5b6b7001e32f4530e7e3eb3cd8607e55e75b2665f2158a07060682676cbf391d0f505614d0d5403618482952db7a055a15c39eb788ecba6f6b6485
6
+ metadata.gz: b419b3d74cc65a31dcd7cb109194b3235ad91f73d1300ae9e91b25783b90afe2e6942c76e1737897000728d24d5ca3c4b45e62fcfcb019e52dc357a21bf51c5a
7
+ data.tar.gz: 2e420a0fe4acb0f9bd6f5a317e596245016e5b888fc3eb3d0720e4b368ed8605ae7b060cb2c1e49ca14d19a302c51414ed03bee388d29d0c28e81aa50a83c85b
data/lib/dependabot/github_actions/file_updater.rb CHANGED
@@ -118,6 +118,8 @@ module Dependabot
118
118
  return unless comment.end_with? previous_version
119
119
 
120
120
  new_version_tag = git_checker.most_specific_version_tag_for_sha(new_ref)
121
+ return unless new_version_tag
122
+
121
123
  new_version = version_class.new(new_version_tag).to_s
122
124
  comment.gsub(previous_version, new_version)
123
125
  end
data/lib/dependabot/github_actions/update_checker.rb CHANGED
@@ -76,7 +76,8 @@ module Dependabot
76
76
  sig { returns(T::Array[Dependabot::SecurityAdvisory]) }
77
77
  def active_advisories
78
78
  security_advisories.select do |advisory|
79
- advisory.vulnerable?(version_class.new(git_commit_checker.most_specific_tag_equivalent_to_pinned_ref))
79
+ version = git_commit_checker.most_specific_tag_equivalent_to_pinned_ref
80
+ version.nil? ? false : advisory.vulnerable?(version_class.new(version))
80
81
  end
81
82
  end
82
83
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-github_actions
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.267.0
4
+ version: 0.268.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-07-25 00:00:00.000000000 Z
11
+ date: 2024-08-02 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.267.0
19
+ version: 0.268.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.267.0
26
+ version: 0.268.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -255,7 +255,7 @@ licenses:
255
255
  - MIT
256
256
  metadata:
257
257
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
258
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.267.0
258
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.268.0
259
259
  post_install_message:
260
260
  rdoc_options: []
261
261
  require_paths: