dependabot-github_actions 0.365.0 → 0.366.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/github_actions/file_updater.rb +5 -1
  3. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: '07769e888d354a6435380ebf921aabd9bbd73bf6a5c739972a3852a2c20ee06c'
4
- data.tar.gz: 2fcd411381ebdaf4f76ea5736924171518261afd097ddcea43fb36e977317293
3
+ metadata.gz: 7cf6758ec4f2dcad188ee812dcf76e053c2d4412974d3ea7f7a28899d156ab18
4
+ data.tar.gz: 55f6270926333c3036ff7aa34875bdd69998971380525db793c5b41894be1c84
5
5
  SHA512:
6
- metadata.gz: c8a255bcb814bfef9649816cbf912081307721b8eb21869ae56b5f2c46fea347bd48bccc0fae21031d9bd16040561ecad0fa2eb0b287dc5dd4ae16c6d535aa07
7
- data.tar.gz: c7663855ab22de8ed919aa89147273a267a06bd9dfbde4b75b878cf48b604a9f328c30420a31b42416a164f41ba897c16aa3607933127d044ed1597d2589c89f
6
+ metadata.gz: 469c806f43630ffe38a4d84b3ee652f03f81e4dfa827231910460f78b93764de9b3248147debf02ba66c7e63d9314255fe92acbb03d628dfbb85c58dbee72f92
7
+ data.tar.gz: 7b33f695f2f9a372af35bdd9d5b0161e37208e530971d4c9d482fdb73ea8c4f351505e66ea1654b71cf683bbd70ab3bf17ccc678b1f6463720f73dca1260641a
data/lib/dependabot/github_actions/file_updater.rb CHANGED
@@ -110,8 +110,12 @@ module Dependabot
110
110
  previous_version_tags = git_checker.most_specific_version_tags_for_sha(old_ref)
111
111
  return unless previous_version_tags.any? # There's no tag for this commit
112
112
 
113
+ # Use the most specific (longest) matching version to avoid partial replacements.
114
+ # Tags are sorted ascending, so ["v1", "v1.0", "v1.0.1"] maps to ["1", "1.0", "1.0.1"].
115
+ # Without this, "1" could match the end of "v1.0.1", causing gsub("1", "1.1") => "v1.1.0.1.1".
113
116
  previous_version = previous_version_tags.map { |tag| version_class.new(tag).to_s }
114
- .find { |version| comment.end_with? version }
117
+ .select { |version| comment.end_with?(version) }
118
+ .max_by(&:length)
115
119
  return unless previous_version
116
120
 
117
121
  new_version_tag = git_checker.most_specific_version_tag_for_sha(new_ref)
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-github_actions
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.365.0
4
+ version: 0.366.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -15,14 +15,14 @@ dependencies:
15
15
  requirements:
16
16
  - - '='
17
17
  - !ruby/object:Gem::Version
18
- version: 0.365.0
18
+ version: 0.366.0
19
19
  type: :runtime
20
20
  prerelease: false
21
21
  version_requirements: !ruby/object:Gem::Requirement
22
22
  requirements:
23
23
  - - '='
24
24
  - !ruby/object:Gem::Version
25
- version: 0.365.0
25
+ version: 0.366.0
26
26
  - !ruby/object:Gem::Dependency
27
27
  name: debug
28
28
  requirement: !ruby/object:Gem::Requirement
@@ -259,7 +259,7 @@ licenses:
259
259
  - MIT
260
260
  metadata:
261
261
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
262
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.365.0
262
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.366.0
263
263
  rdoc_options: []
264
264
  require_paths:
265
265
  - lib