npm - eslint-plugin-github-actions-2 - Versions diffs - 1.0.5 → 1.0.6 - Mend

eslint-plugin-github-actions-2 1.0.5 → 1.0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/plugin.cjs CHANGED Viewed

@@ -39,7 +39,7 @@ var yamlParser = __toESM(require("yaml-eslint-parser"), 1);
 var package_default = {
   $schema: "https://www.schemastore.org/package.json",
   name: "eslint-plugin-github-actions-2",
-  version: "1.0.5",
+  version: "1.0.6",
   private: false,
   description: "ESLint plugin for GitHub Actions workflow quality, reliability, and security rules.",
   keywords: [
@@ -6913,6 +6913,7 @@ var require_dependabot_labels_default = rule68;
 // dist/rules/require-dependabot-open-pull-requests-limit.js
 var rule69 = {
   create(context) {
+    const reportedGroupNames = /* @__PURE__ */ new Set();
     return {
       Program() {
         const root = getDependabotRoot(context);
@@ -6921,6 +6922,30 @@ var rule69 = {
         }
         for (const update of getDependabotUpdateEntries(root)) {
           const limitPair = getMappingPair(update.mapping, "open-pull-requests-limit");
+          if (update.multiEcosystemGroup !== null) {
+            if (limitPair !== null) {
+              context.report({
+                data: {
+                  updateLabel: getDependabotUpdateLabel(update)
+                },
+                messageId: "unsupportedOpenPullRequestsLimitOnGroupedUpdate",
+                node: limitPair.key
+              });
+            }
+            const groupMapping = getDependabotReferencedGroup(root, update);
+            const groupLimitPair = groupMapping === null ? null : getMappingPair(groupMapping, "open-pull-requests-limit");
+            if (groupLimitPair !== null && !reportedGroupNames.has(update.multiEcosystemGroup)) {
+              reportedGroupNames.add(update.multiEcosystemGroup);
+              context.report({
+                data: {
+                  groupName: update.multiEcosystemGroup
+                },
+                messageId: "unsupportedOpenPullRequestsLimitOnGroup",
+                node: groupLimitPair.key
+              });
+            }
+            continue;
+          }
           const limitValue = getScalarNumberValue(limitPair?.value ?? null);
           if (limitValue !== null) {
             continue;
@@ -6943,7 +6968,7 @@ var rule69 = {
         "github-actions.configs.all",
         "github-actions.configs.dependabot"
       ],
-      description: "require Dependabot update entries to define `open-pull-requests-limit`.",
+      description: "require standalone Dependabot update entries to define `open-pull-requests-limit`.",
       dialects: ["Dependabot configuration"],
       frozen: false,
       recommended: true,
@@ -6953,7 +6978,9 @@ var rule69 = {
       url: "https://nick2bad4u.github.io/eslint-plugin-github-actions-2/docs/rules/require-dependabot-open-pull-requests-limit"
     },
     messages: {
-      missingOpenPullRequestsLimit: "{{updateLabel}} should define `open-pull-requests-limit` so Dependabot pull request volume is explicitly controlled."
+      missingOpenPullRequestsLimit: "{{updateLabel}} should define `open-pull-requests-limit` so Dependabot pull request volume is explicitly controlled.",
+      unsupportedOpenPullRequestsLimitOnGroup: "Multi-ecosystem group '{{groupName}}' should not define `open-pull-requests-limit`. Grouped updates already consolidate into a single Dependabot pull request.",
+      unsupportedOpenPullRequestsLimitOnGroupedUpdate: "{{updateLabel}} uses `multi-ecosystem-group` and should not define `open-pull-requests-limit`. Grouped updates already consolidate into a single Dependabot pull request."
     },
     schema: [],
     type: "suggestion"