-
Notifications
You must be signed in to change notification settings - Fork 975
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix version comments after quoted strings #8127
Fix version comments after quoted strings #8127
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Awesome, nice catch!
0843ecf
to
a440355
Compare
My commit verification settings are causing the commits to be flagged as "Unverified". This won't be an issue if this is squash-merged, but if not then I can rebase on Let me know if that would be helpful, depending on how PRs are merged. 👍 |
I was planning to use standard Merge, so feel free to rebase, thanks! 🙏 |
a440355
to
787ba87
Compare
Thanks for your patience! I've rebased on |
Test suite has passed. 🥳 |
@kurtmckee I just deployed this, would you be able to confirm it's now working properly? |
I don't know how to check that except to wait for Dependabot's scheduled checks on a given repo. Is there a way to trigger Dependabot against a specific repository? If not, I can set up a situation where this gets tested against a test repo. Edit: Just realized I can create a test repo with out-of-date action versions and then enable Dependabot. I'll test this out and respond back! |
That works! Also, if you go to "Insights > Dependency Graph > Dependabot" of an existing repo with dependabot enabled, you should be able to manually check for updates. Also, on an existing PR where this bug was triggered, commenting |
Awesome! Can you rebase one last time? We require up to date PRs for merging and one other PR sneaked into main while you were testing this 😅 |
Short SHAs are no longer supported by GitHub Actions.
787ba87
to
9a01d01
Compare
No worries at all. Thanks for sharing how to manually check for updates! |
Thanks so much for the fix! |
When YAML strings are quoted, Dependabot fails to update trailing version comments. For example, Dependabot will update the SHA but not the "v2.1.0" comment below:
This PR fixes the bug in the associated regex.
In addition, this PR removes a test case using a short SHA (
"01aecc"
) that is no longer updated (a problem that the test suite doesn't notice) and isn't supported by GitHub Actions anymore.It also updates a short-SHA-based test case (
"01aecc#v2.1.0"
) to use a full-length SHA so that it is more likely to catch bugs that might be introduced.Fixes #8125