diff --git a/common/lib/dependabot/git_commit_checker.rb b/common/lib/dependabot/git_commit_checker.rb index 6c9c007ed87..73642763339 100644 --- a/common/lib/dependabot/git_commit_checker.rb +++ b/common/lib/dependabot/git_commit_checker.rb @@ -111,6 +111,14 @@ def local_tag_for_latest_version max_local_tag(allowed_version_tags) end + def local_tags_for_allowed_versions_matching_existing_precision + select_matching_existing_precision(allowed_version_tags).map { |t| to_local_tag(t) } + end + + def local_tags_for_allowed_versions + allowed_version_tags.map { |t| to_local_tag(t) } + end + def allowed_version_tags allowed_versions(local_tags) end @@ -137,13 +145,14 @@ def filter_lower_versions(tags) end end - def local_tag_for_pinned_version - ref = dependency_source_details.fetch(:ref) - tags = local_tags.select { |t| t.commit_sha == ref && version_class.correct?(t.name) }. - sort_by { |t| version_class.new(t.name) } - return if tags.empty? + def most_specific_tag_equivalent_to_pinned_ref + commit_sha = head_commit_for_local_branch(dependency_source_details.fetch(:ref)) + most_specific_version_tag_for_sha(commit_sha) + end - tags[-1].name + def local_tag_for_pinned_sha + commit_sha = dependency_source_details.fetch(:ref) + most_specific_version_tag_for_sha(commit_sha) end def git_repo_reachable? @@ -158,10 +167,7 @@ def git_repo_reachable? attr_reader :dependency, :credentials, :ignored_versions def max_local_tag_for_current_precision(tags) - current_precision = precision(dependency.version) - - # Find the latest version with the same precision as the pinned version. - max_local_tag(tags.select { |tag| precision(scan_version(tag.name)) == current_precision }) + max_local_tag(select_matching_existing_precision(tags)) end def max_local_tag(tags) @@ -170,10 +176,25 @@ def max_local_tag(tags) to_local_tag(max_version_tag) end + # Find the latest version with the same precision as the pinned version. + def select_matching_existing_precision(tags) + current_precision = precision(dependency.version) + + tags.select { |tag| precision(scan_version(tag.name)) == current_precision } + end + def precision(version) version.split(".").length end + def most_specific_version_tag_for_sha(commit_sha) + tags = local_tags.select { |t| t.commit_sha == commit_sha && version_class.correct?(t.name) }. + sort_by { |t| version_class.new(t.name) } + return if tags.empty? + + tags[-1].name + end + def allowed_versions(local_tags) tags = local_tags. diff --git a/common/lib/dependabot/update_checkers/base.rb b/common/lib/dependabot/update_checkers/base.rb index 8a3603083a8..31c927252a9 100644 --- a/common/lib/dependabot/update_checkers/base.rb +++ b/common/lib/dependabot/update_checkers/base.rb @@ -137,7 +137,7 @@ def vulnerable? # Can't (currently) detect whether git dependencies are vulnerable return false if existing_version_is_sha? - security_advisories.any? { |a| a.vulnerable?(current_version) } + active_advisories.any? end def ignore_requirements @@ -146,6 +146,10 @@ def ignore_requirements private + def active_advisories + security_advisories.select { |a| a.vulnerable?(current_version) } + end + def latest_version_resolvable_with_full_unlock? raise NotImplementedError end diff --git a/common/spec/dependabot/git_commit_checker_spec.rb b/common/spec/dependabot/git_commit_checker_spec.rb index 35ffe3a8672..3bd09d8b7bb 100644 --- a/common/spec/dependabot/git_commit_checker_spec.rb +++ b/common/spec/dependabot/git_commit_checker_spec.rb @@ -1230,8 +1230,8 @@ end end - describe "#local_tag_for_pinned_version" do - subject { checker.local_tag_for_pinned_version } + describe "#local_tag_for_pinned_sha" do + subject { checker.local_tag_for_pinned_sha } context "with a git commit pin" do let(:source) do @@ -1289,6 +1289,45 @@ end end + describe "#most_specific_tag_equivalent_to_pinned_ref" do + subject { checker.most_specific_tag_equivalent_to_pinned_ref } + + let(:source) do + { + type: "git", + url: "https://github.com/actions/checkout", + branch: "main", + ref: source_ref + } + end + + let(:repo_url) { "https://github.com/actions/checkout.git" } + let(:service_pack_url) { repo_url + "/info/refs?service=git-upload-pack" } + before do + stub_request(:get, service_pack_url). + to_return( + status: 200, + body: fixture("git", "upload_packs", upload_pack_fixture), + headers: { + "content-type" => "application/x-git-upload-pack-advertisement" + } + ) + end + let(:upload_pack_fixture) { "actions-checkout-moving-v2" } + + context "for a moving major tag" do + let(:source_ref) { "v2" } + + it { is_expected.to eq("v2.3.4") } + end + + context "for a fixed patch tag" do + let(:source_ref) { "v2.3.4" } + + it { is_expected.to eq("v2.3.4") } + end + end + describe "#git_repo_reachable?" do subject { checker.git_repo_reachable? } diff --git a/common/spec/fixtures/git/upload_packs/actions-checkout-moving-v2 b/common/spec/fixtures/git/upload_packs/actions-checkout-moving-v2 new file mode 100644 index 00000000000..48093ad3751 Binary files /dev/null and b/common/spec/fixtures/git/upload_packs/actions-checkout-moving-v2 differ diff --git a/github_actions/lib/dependabot/github_actions/file_parser.rb b/github_actions/lib/dependabot/github_actions/file_parser.rb index 97f3dc5564e..64500eb4625 100644 --- a/github_actions/lib/dependabot/github_actions/file_parser.rb +++ b/github_actions/lib/dependabot/github_actions/file_parser.rb @@ -94,7 +94,7 @@ def resolve_git_tags(dependency_set) git_checker = Dependabot::GitCommitChecker.new(dependency: dep, credentials: credentials) next unless git_checker.pinned_ref_looks_like_commit_sha? - resolved = git_checker.local_tag_for_pinned_version + resolved = git_checker.local_tag_for_pinned_sha next if resolved.nil? || !version_class.correct?(resolved) # Build a Dependency with the resolved version, and rely on DependencySet's merge diff --git a/github_actions/lib/dependabot/github_actions/update_checker.rb b/github_actions/lib/dependabot/github_actions/update_checker.rb index 362e79fa1ec..6271cf3cddc 100644 --- a/github_actions/lib/dependabot/github_actions/update_checker.rb +++ b/github_actions/lib/dependabot/github_actions/update_checker.rb @@ -2,6 +2,7 @@ require "dependabot/update_checkers" require "dependabot/update_checkers/base" +require "dependabot/update_checkers/version_filters" require "dependabot/errors" require "dependabot/github_actions/version" require "dependabot/github_actions/requirement" @@ -23,6 +24,15 @@ def latest_resolvable_version_with_no_unlock dependency.version end + def lowest_security_fix_version + @lowest_security_fix_version ||= fetch_lowest_security_fix_version + end + + def lowest_resolvable_security_fix_version + # Resolvability isn't an issue for GitHub Actions. + lowest_security_fix_version + end + def updated_requirements # rubocop:disable Metrics/PerceivedComplexity previous = dependency_source_details updated = updated_source @@ -42,6 +52,12 @@ def updated_requirements # rubocop:disable Metrics/PerceivedComplexity private + def active_advisories + security_advisories.select do |advisory| + advisory.vulnerable?(version_class.new(git_commit_checker.most_specific_tag_equivalent_to_pinned_ref)) + end + end + def latest_version_resolvable_with_full_unlock? # Full unlock checks aren't relevant for GitHub Actions false @@ -82,6 +98,37 @@ def fetch_latest_version_for_git_dependency nil end + def fetch_lowest_security_fix_version + # TODO: Support Docker sources + return unless git_dependency? + + fetch_lowest_security_fix_version_for_git_dependency + end + + def fetch_lowest_security_fix_version_for_git_dependency + lowest_security_fix_version_tag.fetch(:version) + end + + def lowest_security_fix_version_tag + @lowest_security_fix_version_tag ||= begin + tags_matching_precision = git_commit_checker.local_tags_for_allowed_versions_matching_existing_precision + lowest_fixed_version = find_lowest_secure_version(tags_matching_precision) + if lowest_fixed_version + lowest_fixed_version + else + tags = git_commit_checker.local_tags_for_allowed_versions + find_lowest_secure_version(tags) + end + end + end + + def find_lowest_secure_version(tags) + relevant_tags = Dependabot::UpdateCheckers::VersionFilters.filter_vulnerable_versions(tags, security_advisories) + relevant_tags = filter_lower_tags(relevant_tags) + + relevant_tags.min_by { |tag| tag.fetch(:version) } + end + def latest_commit_for_pinned_ref @latest_commit_for_pinned_ref ||= begin head_commit_for_ref_sha = git_commit_checker.head_commit_for_pinned_ref @@ -114,10 +161,22 @@ def latest_version_tag end end + def filter_lower_tags(tags_array) + return tags_array unless current_version + + tags_array. + select { |tag| tag.fetch(:version) > current_version } + end + def updated_source # TODO: Support Docker sources return dependency_source_details unless git_dependency? + if vulnerable? && + (new_tag = lowest_security_fix_version_tag) + return dependency_source_details.merge(ref: new_tag.fetch(:tag)) + end + # Update the git tag if updating a pinned version if git_commit_checker.pinned_ref_looks_like_version? && (new_tag = latest_version_tag) && diff --git a/github_actions/spec/dependabot/github_actions/update_checker_spec.rb b/github_actions/spec/dependabot/github_actions/update_checker_spec.rb index ea68a34ac53..3ceda2bae97 100644 --- a/github_actions/spec/dependabot/github_actions/update_checker_spec.rb +++ b/github_actions/spec/dependabot/github_actions/update_checker_spec.rb @@ -14,10 +14,12 @@ dependency: dependency, dependency_files: [], credentials: github_credentials, + security_advisories: security_advisories, ignored_versions: ignored_versions, raise_on_ignored: raise_on_ignored ) end + let(:security_advisories) { [] } let(:ignored_versions) { [] } let(:raise_on_ignored) { false } @@ -30,7 +32,7 @@ groups: [], file: ".github/workflows/workflow.yml", source: dependency_source, - metadata: { declaration_string: "actions/setup-node@master" } + metadata: { declaration_string: "#{dependency_name}@master" } }], package_manager: "github_actions" ) @@ -44,14 +46,14 @@ let(:dependency_source) do { type: "git", - url: "https://github.com/actions/setup-node", + url: "https://github.com/#{dependency_name}", ref: reference, branch: nil } end let(:reference) { "master" } let(:service_pack_url) do - "https://github.com/actions/setup-node.git/info/refs" \ + "https://github.com/#{dependency_name}.git/info/refs" \ "?service=git-upload-pack" end let(:git_commit_checker) do @@ -370,29 +372,9 @@ end context "given a realworld repository", :vcr do - let(:dependency) do - Dependabot::Dependency.new( - name: dependency_name, - version: dependency_version, - requirements: [{ - requirement: nil, - groups: [], - file: ".github/workflows/main.yml", - source: dependency_source - }], - package_manager: "github_actions" - ) - end + let(:upload_pack_fixture) { "github-action-push-to-another-repository" } let(:dependency_name) { "dependabot-fixtures/github-action-push-to-another-repository" } let(:dependency_version) { nil } - let(:dependency_source) do - { - type: "git", - url: "https://github.com/dependabot-fixtures/github-action-push-to-another-repository", - ref: reference, - branch: nil - } - end let(:latest_commit_in_main) { "9e487f29582587eeb4837c0552c886bb0644b6b9" } let(:latest_commit_in_devel) { "c7563454dd4fbe0ea69095188860a62a19658a04" } @@ -506,6 +488,65 @@ it { is_expected.to eq("delegate") } end + describe "#lowest_security_fix_version" do + subject(:lowest_security_fix_version) { checker.lowest_security_fix_version } + + let(:upload_pack_fixture) { "ghas-to-csv" } + + let(:dependency_version) { "0.4.0" } + let(:dependency_name) { "some-natalie/ghas-to-csv" } + + let(:security_advisories) do + [ + Dependabot::SecurityAdvisory.new( + dependency_name: dependency_name, + package_manager: "github_actions", + vulnerable_versions: ["< 1.0"] + ) + ] + end + + context "when a supported newer version is available" do + it "updates to the least new supported version" do + is_expected.to eq(Dependabot::GithubActions::Version.new("1.0.0")) + end + end + + context "with ignored versions" do + let(:ignored_versions) { ["= 1.0.0"] } + + it "doesn't return ignored versions" do + is_expected.to eq(Dependabot::GithubActions::Version.new("2.0.0")) + end + end + + context "when there are non vulnerable versions lower that the current version" do + let(:upload_pack_fixture) { "ghas-to-csv" } + let(:dependency_version) { "1.0" } + + let(:security_advisories) do + [ + Dependabot::SecurityAdvisory.new( + dependency_name: dependency_name, + package_manager: "github_actions", + vulnerable_versions: ["< 0.4", "> 1.1, < 2.0"] + ) + ] + end + + it "stil proposes an upgrade" do + is_expected.to eq(Dependabot::GithubActions::Version.new("2.0.0")) + end + end + end + + describe "#lowest_resolvable_security_fix_version" do + subject(:lowest_resolvable_security_fix_version) { checker.lowest_resolvable_security_fix_version } + + before { allow(checker).to receive(:lowest_security_fix_version).and_return("delegate") } + it { is_expected.to eq("delegate") } + end + describe "#updated_requirements" do subject { checker.updated_requirements } @@ -657,6 +698,93 @@ end end + context "given a dependency with a vulnerable tag reference" do + let(:upload_pack_fixture) { "ghas-to-csv" } + let(:dependency_name) { "some-natalie/ghas-to-csv" } + let(:reference) { "v0.4.0" } + + let(:security_advisories) do + [ + Dependabot::SecurityAdvisory.new( + dependency_name: dependency_name, + package_manager: "github_actions", + vulnerable_versions: ["< 1.0"] + ) + ] + end + + let(:expected_requirements) do + [{ + requirement: nil, + groups: [], + file: ".github/workflows/workflow.yml", + source: { + type: "git", + url: "https://github.com/#{dependency_name}", + ref: "v1", + branch: nil + }, + metadata: { declaration_string: "#{dependency_name}@master" } + }] + end + + it { is_expected.to eq(expected_requirements) } + end + + context "given a vulnerable dependency with a major tag reference" do + let(:dependency_name) { "kartverket/github-workflows" } + let(:reference) { "v2" } + + let(:security_advisories) do + [ + Dependabot::SecurityAdvisory.new( + dependency_name: dependency_name, + package_manager: "github_actions", + vulnerable_versions: ["< 2.7.5"] + ) + ] + end + + context "vulnerable because the major tag has not been moved" do + context "when impossible to keep precision" do + let(:upload_pack_fixture) { "github-workflows" } + + it "changes precision to avoid the vulnerability" do + expect(subject.first[:source][:ref]).to eq("v2.7.5") + end + end + + context "when possible to keep precision" do + let(:upload_pack_fixture) { "github-workflows-with-v3" } + + it "bumps to the lowest fixed version that keeps precision" do + expect(subject.first[:source][:ref]).to eq("v3") + end + end + end + end + + context "given a non vulnerable dependency with a major tag reference" do + let(:dependency_name) { "hashicorp/vault-action" } + let(:reference) { "v2" } + + let(:security_advisories) do + [ + Dependabot::SecurityAdvisory.new( + dependency_name: dependency_name, + package_manager: "github_actions", + vulnerable_versions: ["< 2.2.0"] + ) + ] + end + + let(:upload_pack_fixture) { "vault-action" } + + it "stays on the current major" do + expect(subject.first[:source][:ref]).to eq("v2") + end + end + context "given a dependency with a tag reference with a major version upgrade available" do let(:upload_pack_fixture) { "setup-node-v2" } diff --git a/github_actions/spec/fixtures/git/upload_packs/ghas-to-csv b/github_actions/spec/fixtures/git/upload_packs/ghas-to-csv new file mode 100644 index 00000000000..8fd6bb01d61 Binary files /dev/null and b/github_actions/spec/fixtures/git/upload_packs/ghas-to-csv differ diff --git a/github_actions/spec/fixtures/git/upload_packs/github-action-push-to-another-repository b/github_actions/spec/fixtures/git/upload_packs/github-action-push-to-another-repository new file mode 100644 index 00000000000..b17e8351292 Binary files /dev/null and b/github_actions/spec/fixtures/git/upload_packs/github-action-push-to-another-repository differ diff --git a/github_actions/spec/fixtures/git/upload_packs/github-workflows b/github_actions/spec/fixtures/git/upload_packs/github-workflows new file mode 100644 index 00000000000..fa3330ea700 Binary files /dev/null and b/github_actions/spec/fixtures/git/upload_packs/github-workflows differ diff --git a/github_actions/spec/fixtures/git/upload_packs/github-workflows-v2-moved b/github_actions/spec/fixtures/git/upload_packs/github-workflows-v2-moved new file mode 100644 index 00000000000..f7768cea3ad Binary files /dev/null and b/github_actions/spec/fixtures/git/upload_packs/github-workflows-v2-moved differ diff --git a/github_actions/spec/fixtures/git/upload_packs/github-workflows-with-v3 b/github_actions/spec/fixtures/git/upload_packs/github-workflows-with-v3 new file mode 100644 index 00000000000..80e710b2732 Binary files /dev/null and b/github_actions/spec/fixtures/git/upload_packs/github-workflows-with-v3 differ diff --git a/github_actions/spec/fixtures/git/upload_packs/vault-action b/github_actions/spec/fixtures/git/upload_packs/vault-action new file mode 100644 index 00000000000..1fdde0d061b Binary files /dev/null and b/github_actions/spec/fixtures/git/upload_packs/vault-action differ diff --git a/github_actions/spec/fixtures/vcr_cassettes/Dependabot_GithubActions_UpdateChecker/_latest_version/given_a_realworld_repository/when_pinned_to_an_out_of_date_commit_in_a_non_default_branch/returns_the_expected_value.yml b/github_actions/spec/fixtures/vcr_cassettes/Dependabot_GithubActions_UpdateChecker/_latest_version/given_a_realworld_repository/when_pinned_to_an_out_of_date_commit_in_a_non_default_branch/returns_the_expected_value.yml index 4fd4a691077..98cfd1387bc 100644 --- a/github_actions/spec/fixtures/vcr_cassettes/Dependabot_GithubActions_UpdateChecker/_latest_version/given_a_realworld_repository/when_pinned_to_an_out_of_date_commit_in_a_non_default_branch/returns_the_expected_value.yml +++ b/github_actions/spec/fixtures/vcr_cassettes/Dependabot_GithubActions_UpdateChecker/_latest_version/given_a_realworld_repository/when_pinned_to_an_out_of_date_commit_in_a_non_default_branch/returns_the_expected_value.yml @@ -1,109 +1,5 @@ --- http_interactions: -- request: - method: get - uri: https://github.com/dependabot-fixtures/github-action-push-to-another-repository.git/info/refs?service=git-upload-pack - body: - encoding: US-ASCII - string: '' - headers: - user-agent: - - dependabot-core/0.213.0 excon/0.94.0 ruby/3.1.2 (aarch64-linux) (+https://github.com/dependabot/dependabot-core) - response: - status: - code: 200 - message: OK - headers: - server: - - GitHub Babel 2.0 - content-type: - - application/x-git-upload-pack-advertisement - content-security-policy: - - default-src 'none'; sandbox - expires: - - Fri, 01 Jan 1980 00:00:00 GMT - pragma: - - no-cache - cache-control: - - no-cache, max-age=0, must-revalidate - vary: - - Accept-Encoding - x-frame-options: - - DENY - x-github-request-id: - - 0A8E:8AC4:1974968:1A0B50F:636E3B6B - body: - encoding: ASCII-8BIT - string: "001e# service=git-upload-pack\n000001549e487f29582587eeb4837c0552c886bb0644b6b9 - HEAD\0multi_ack thin-pack side-band side-band-64k ofs-delta shallow deepen-since - deepen-not deepen-relative no-progress include-tag multi_ack_detailed allow-tip-sha1-in-want - allow-reachable-sha1-in-want no-done symref=HEAD:refs/heads/main filter object-format=sha1 - agent=git/github-gfe630fe0f311\n00480d608f8ef76d25976130a63cbe7f8db3945189e2 - refs/heads/composite-1.5.1\n00418aa8ad206e57bae695f9fcdc82c71fa0c01a148e refs/heads/debug-78\n003ec7563454dd4fbe0ea69095188860a62a19658a04 - refs/heads/devel\n004e12e7eb93014f59be062fc72c51708ac1e079a3ac refs/heads/improve-documentation\n003d9e487f29582587eeb4837c0552c886bb0644b6b9 - refs/heads/main\n003f940a2857e598a6392bd336330b07416c1ae8ea1f refs/heads/master\n0045e4d57da60ecdc216eff9885b0330de99b2485dbf - refs/heads/new-template\n0047b5ac509f7b2dc62ec43608515039593fae596689 refs/heads/ssh-deploy-key\n004fc26a144ee1d285425915bd6151f7d883999cd9e2 - refs/heads/stricter-shell-options\n0078c26a144ee1d285425915bd6151f7d883999cd9e2 - refs/heads/stricter_shell_option-commit_message-documentation_improvements\n0046e89946750758f3bca4d80d6a1b2b536ce33d4260 - refs/heads/update-readme\n003aea532627535451757c1793514eed939e4683d45a refs/tags/v1\n003c1cfade9aa388629e9cf79a8b8c35ae100efd1f5d - refs/tags/v1.1\n003f637125d2256c6612875516875c0e715afb799614 refs/tags/v1.1^{}\n003c976916018a4108195b74a5663a045141c6708c79 - refs/tags/v1.2\n003c8e9bfb00e6687c3f5cbc272c09b9dd2c27c7720c refs/tags/v1.3\n003c164a872083db0b1bb8cac1628f43e512716dceee - refs/tags/v1.4\n003e483689a71cf9d3a0bbdd79d23e00646ef4124391 refs/tags/v1.4.1\n003eac0bb2c8f9246ed4df2994ad799cef891fc07c62 - refs/tags/v1.4.2\n003cf8f86f8d8fa988b561a263ad18bec22173325f13 refs/tags/v1.5\n003e74596b72fae72d9b7b79e1b2992863c0f595c801 - refs/tags/v1.5.1\n0000" - recorded_at: Fri, 11 Nov 2022 12:09:15 GMT -- request: - method: get - uri: https://github.com/dependabot-fixtures/github-action-push-to-another-repository.git/info/refs?service=git-upload-pack - body: - encoding: US-ASCII - string: '' - headers: - user-agent: - - dependabot-core/0.213.0 excon/0.94.0 ruby/3.1.2 (aarch64-linux) (+https://github.com/dependabot/dependabot-core) - response: - status: - code: 200 - message: OK - headers: - server: - - GitHub Babel 2.0 - content-type: - - application/x-git-upload-pack-advertisement - content-security-policy: - - default-src 'none'; sandbox - expires: - - Fri, 01 Jan 1980 00:00:00 GMT - pragma: - - no-cache - cache-control: - - no-cache, max-age=0, must-revalidate - vary: - - Accept-Encoding - x-frame-options: - - DENY - x-github-request-id: - - 0A8F:14E9:180EF5E:18A2A47:636E3B6B - body: - encoding: ASCII-8BIT - string: "001e# service=git-upload-pack\n000001549e487f29582587eeb4837c0552c886bb0644b6b9 - HEAD\0multi_ack thin-pack side-band side-band-64k ofs-delta shallow deepen-since - deepen-not deepen-relative no-progress include-tag multi_ack_detailed allow-tip-sha1-in-want - allow-reachable-sha1-in-want no-done symref=HEAD:refs/heads/main filter object-format=sha1 - agent=git/github-gfe630fe0f311\n00480d608f8ef76d25976130a63cbe7f8db3945189e2 - refs/heads/composite-1.5.1\n00418aa8ad206e57bae695f9fcdc82c71fa0c01a148e refs/heads/debug-78\n003ec7563454dd4fbe0ea69095188860a62a19658a04 - refs/heads/devel\n004e12e7eb93014f59be062fc72c51708ac1e079a3ac refs/heads/improve-documentation\n003d9e487f29582587eeb4837c0552c886bb0644b6b9 - refs/heads/main\n003f940a2857e598a6392bd336330b07416c1ae8ea1f refs/heads/master\n0045e4d57da60ecdc216eff9885b0330de99b2485dbf - refs/heads/new-template\n0047b5ac509f7b2dc62ec43608515039593fae596689 refs/heads/ssh-deploy-key\n004fc26a144ee1d285425915bd6151f7d883999cd9e2 - refs/heads/stricter-shell-options\n0078c26a144ee1d285425915bd6151f7d883999cd9e2 - refs/heads/stricter_shell_option-commit_message-documentation_improvements\n0046e89946750758f3bca4d80d6a1b2b536ce33d4260 - refs/heads/update-readme\n003aea532627535451757c1793514eed939e4683d45a refs/tags/v1\n003c1cfade9aa388629e9cf79a8b8c35ae100efd1f5d - refs/tags/v1.1\n003f637125d2256c6612875516875c0e715afb799614 refs/tags/v1.1^{}\n003c976916018a4108195b74a5663a045141c6708c79 - refs/tags/v1.2\n003c8e9bfb00e6687c3f5cbc272c09b9dd2c27c7720c refs/tags/v1.3\n003c164a872083db0b1bb8cac1628f43e512716dceee - refs/tags/v1.4\n003e483689a71cf9d3a0bbdd79d23e00646ef4124391 refs/tags/v1.4.1\n003eac0bb2c8f9246ed4df2994ad799cef891fc07c62 - refs/tags/v1.4.2\n003cf8f86f8d8fa988b561a263ad18bec22173325f13 refs/tags/v1.5\n003e74596b72fae72d9b7b79e1b2992863c0f595c801 - refs/tags/v1.5.1\n0000" - recorded_at: Fri, 11 Nov 2022 12:09:16 GMT - request: method: get uri: https://api.github.com/repos/dependabot-fixtures/github-action-push-to-another-repository/compare/v1.5.1...96e7dec17bbeed08477b9edab6c3a573614b829d @@ -127,7 +23,7 @@ http_interactions: server: - GitHub.com date: - - Fri, 11 Nov 2022 12:09:16 GMT + - Fri, 11 Nov 2022 15:24:16 GMT content-type: - application/json; charset=utf-8 transfer-encoding: @@ -154,7 +50,7 @@ http_interactions: x-ratelimit-remaining: - '4975' x-ratelimit-reset: - - '1668171026' + - '1668183118' x-ratelimit-used: - '25' x-ratelimit-resource: @@ -179,7 +75,7 @@ http_interactions: content-security-policy: - default-src 'none' x-github-request-id: - - 0A90:4732:14EB6C6:1539DE9:636E3B6C + - 0BF9:C378:2069DEC:20E08DD:636E6920 body: encoding: ASCII-8BIT string: '{"url":"https://api.github.com/repos/dependabot-fixtures/github-action-push-to-another-repository/compare/v1.5.1...96e7dec17bbeed08477b9edab6c3a573614b829d","html_url":"https://github.com/dependabot-fixtures/github-action-push-to-another-repository/compare/v1.5.1...96e7dec17bbeed08477b9edab6c3a573614b829d","permalink_url":"https://github.com/dependabot-fixtures/github-action-push-to-another-repository/compare/dependabot-fixtures:74596b7...dependabot-fixtures:96e7dec","diff_url":"https://github.com/dependabot-fixtures/github-action-push-to-another-repository/compare/v1.5.1...96e7dec17bbeed08477b9edab6c3a573614b829d.diff","patch_url":"https://github.com/dependabot-fixtures/github-action-push-to-another-repository/compare/v1.5.1...96e7dec17bbeed08477b9edab6c3a573614b829d.patch","base_commit":{"sha":"74596b72fae72d9b7b79e1b2992863c0f595c801","node_id":"C_kwDOIalVntoAKDc0NTk2YjcyZmFlNzJkOWI3Yjc5ZTFiMjk5Mjg2M2MwZjU5NWM4MDE","commit":{"author":{"name":"Carles @@ -202,7 +98,7 @@ http_interactions: TODO: review before releasing it as a version\n+git config --global --add safe.directory /\n+\n echo \"[+] Cloning destination git repository $DESTINATION_REPOSITORY_NAME\"\n # Setup git\n git config --global user.email \"$USER_EMAIL\""}]}' - recorded_at: Fri, 11 Nov 2022 12:09:16 GMT + recorded_at: Fri, 11 Nov 2022 15:24:16 GMT - request: method: get uri: https://api.github.com/repos/dependabot-fixtures/github-action-push-to-another-repository/compare/v1.5.1...96e7dec17bbeed08477b9edab6c3a573614b829d @@ -226,7 +122,7 @@ http_interactions: server: - GitHub.com date: - - Fri, 11 Nov 2022 12:09:16 GMT + - Fri, 11 Nov 2022 15:24:17 GMT content-type: - application/json; charset=utf-8 transfer-encoding: @@ -253,7 +149,7 @@ http_interactions: x-ratelimit-remaining: - '4974' x-ratelimit-reset: - - '1668171026' + - '1668183118' x-ratelimit-used: - '26' x-ratelimit-resource: @@ -278,7 +174,7 @@ http_interactions: content-security-policy: - default-src 'none' x-github-request-id: - - 0A91:8F6B:12899D0:12D71CE:636E3B6C + - 0BFA:5A6E:938687:95F18A:636E6920 body: encoding: ASCII-8BIT string: '{"url":"https://api.github.com/repos/dependabot-fixtures/github-action-push-to-another-repository/compare/v1.5.1...96e7dec17bbeed08477b9edab6c3a573614b829d","html_url":"https://github.com/dependabot-fixtures/github-action-push-to-another-repository/compare/v1.5.1...96e7dec17bbeed08477b9edab6c3a573614b829d","permalink_url":"https://github.com/dependabot-fixtures/github-action-push-to-another-repository/compare/dependabot-fixtures:74596b7...dependabot-fixtures:96e7dec","diff_url":"https://github.com/dependabot-fixtures/github-action-push-to-another-repository/compare/v1.5.1...96e7dec17bbeed08477b9edab6c3a573614b829d.diff","patch_url":"https://github.com/dependabot-fixtures/github-action-push-to-another-repository/compare/v1.5.1...96e7dec17bbeed08477b9edab6c3a573614b829d.patch","base_commit":{"sha":"74596b72fae72d9b7b79e1b2992863c0f595c801","node_id":"C_kwDOIalVntoAKDc0NTk2YjcyZmFlNzJkOWI3Yjc5ZTFiMjk5Mjg2M2MwZjU5NWM4MDE","commit":{"author":{"name":"Carles @@ -301,5 +197,5 @@ http_interactions: TODO: review before releasing it as a version\n+git config --global --add safe.directory /\n+\n echo \"[+] Cloning destination git repository $DESTINATION_REPOSITORY_NAME\"\n # Setup git\n git config --global user.email \"$USER_EMAIL\""}]}' - recorded_at: Fri, 11 Nov 2022 12:09:16 GMT + recorded_at: Fri, 11 Nov 2022 15:24:17 GMT recorded_with: VCR 6.1.0 diff --git a/github_actions/spec/fixtures/vcr_cassettes/Dependabot_GithubActions_UpdateChecker/_latest_version/given_a_realworld_repository/when_pinned_to_an_out_of_date_commit_in_the_default_branch/returns_the_expected_value.yml b/github_actions/spec/fixtures/vcr_cassettes/Dependabot_GithubActions_UpdateChecker/_latest_version/given_a_realworld_repository/when_pinned_to_an_out_of_date_commit_in_the_default_branch/returns_the_expected_value.yml index cfec72b9ecc..a6f9294fe56 100644 --- a/github_actions/spec/fixtures/vcr_cassettes/Dependabot_GithubActions_UpdateChecker/_latest_version/given_a_realworld_repository/when_pinned_to_an_out_of_date_commit_in_the_default_branch/returns_the_expected_value.yml +++ b/github_actions/spec/fixtures/vcr_cassettes/Dependabot_GithubActions_UpdateChecker/_latest_version/given_a_realworld_repository/when_pinned_to_an_out_of_date_commit_in_the_default_branch/returns_the_expected_value.yml @@ -1,109 +1,5 @@ --- http_interactions: -- request: - method: get - uri: https://github.com/dependabot-fixtures/github-action-push-to-another-repository.git/info/refs?service=git-upload-pack - body: - encoding: US-ASCII - string: '' - headers: - user-agent: - - dependabot-core/0.213.0 excon/0.94.0 ruby/3.1.2 (aarch64-linux) (+https://github.com/dependabot/dependabot-core) - response: - status: - code: 200 - message: OK - headers: - server: - - GitHub Babel 2.0 - content-type: - - application/x-git-upload-pack-advertisement - content-security-policy: - - default-src 'none'; sandbox - expires: - - Fri, 01 Jan 1980 00:00:00 GMT - pragma: - - no-cache - cache-control: - - no-cache, max-age=0, must-revalidate - vary: - - Accept-Encoding - x-frame-options: - - DENY - x-github-request-id: - - 0A89:13BCF:18488DF:18DEC9B:636E3B69 - body: - encoding: ASCII-8BIT - string: "001e# service=git-upload-pack\n000001549e487f29582587eeb4837c0552c886bb0644b6b9 - HEAD\0multi_ack thin-pack side-band side-band-64k ofs-delta shallow deepen-since - deepen-not deepen-relative no-progress include-tag multi_ack_detailed allow-tip-sha1-in-want - allow-reachable-sha1-in-want no-done symref=HEAD:refs/heads/main filter object-format=sha1 - agent=git/github-gfe630fe0f311\n00480d608f8ef76d25976130a63cbe7f8db3945189e2 - refs/heads/composite-1.5.1\n00418aa8ad206e57bae695f9fcdc82c71fa0c01a148e refs/heads/debug-78\n003ec7563454dd4fbe0ea69095188860a62a19658a04 - refs/heads/devel\n004e12e7eb93014f59be062fc72c51708ac1e079a3ac refs/heads/improve-documentation\n003d9e487f29582587eeb4837c0552c886bb0644b6b9 - refs/heads/main\n003f940a2857e598a6392bd336330b07416c1ae8ea1f refs/heads/master\n0045e4d57da60ecdc216eff9885b0330de99b2485dbf - refs/heads/new-template\n0047b5ac509f7b2dc62ec43608515039593fae596689 refs/heads/ssh-deploy-key\n004fc26a144ee1d285425915bd6151f7d883999cd9e2 - refs/heads/stricter-shell-options\n0078c26a144ee1d285425915bd6151f7d883999cd9e2 - refs/heads/stricter_shell_option-commit_message-documentation_improvements\n0046e89946750758f3bca4d80d6a1b2b536ce33d4260 - refs/heads/update-readme\n003aea532627535451757c1793514eed939e4683d45a refs/tags/v1\n003c1cfade9aa388629e9cf79a8b8c35ae100efd1f5d - refs/tags/v1.1\n003f637125d2256c6612875516875c0e715afb799614 refs/tags/v1.1^{}\n003c976916018a4108195b74a5663a045141c6708c79 - refs/tags/v1.2\n003c8e9bfb00e6687c3f5cbc272c09b9dd2c27c7720c refs/tags/v1.3\n003c164a872083db0b1bb8cac1628f43e512716dceee - refs/tags/v1.4\n003e483689a71cf9d3a0bbdd79d23e00646ef4124391 refs/tags/v1.4.1\n003eac0bb2c8f9246ed4df2994ad799cef891fc07c62 - refs/tags/v1.4.2\n003cf8f86f8d8fa988b561a263ad18bec22173325f13 refs/tags/v1.5\n003e74596b72fae72d9b7b79e1b2992863c0f595c801 - refs/tags/v1.5.1\n0000" - recorded_at: Fri, 11 Nov 2022 12:09:13 GMT -- request: - method: get - uri: https://github.com/dependabot-fixtures/github-action-push-to-another-repository.git/info/refs?service=git-upload-pack - body: - encoding: US-ASCII - string: '' - headers: - user-agent: - - dependabot-core/0.213.0 excon/0.94.0 ruby/3.1.2 (aarch64-linux) (+https://github.com/dependabot/dependabot-core) - response: - status: - code: 200 - message: OK - headers: - server: - - GitHub Babel 2.0 - content-type: - - application/x-git-upload-pack-advertisement - content-security-policy: - - default-src 'none'; sandbox - expires: - - Fri, 01 Jan 1980 00:00:00 GMT - pragma: - - no-cache - cache-control: - - no-cache, max-age=0, must-revalidate - vary: - - Accept-Encoding - x-frame-options: - - DENY - x-github-request-id: - - 0A8A:C431:18D38E2:1969198:636E3B69 - body: - encoding: ASCII-8BIT - string: "001e# service=git-upload-pack\n000001549e487f29582587eeb4837c0552c886bb0644b6b9 - HEAD\0multi_ack thin-pack side-band side-band-64k ofs-delta shallow deepen-since - deepen-not deepen-relative no-progress include-tag multi_ack_detailed allow-tip-sha1-in-want - allow-reachable-sha1-in-want no-done symref=HEAD:refs/heads/main filter object-format=sha1 - agent=git/github-gfe630fe0f311\n00480d608f8ef76d25976130a63cbe7f8db3945189e2 - refs/heads/composite-1.5.1\n00418aa8ad206e57bae695f9fcdc82c71fa0c01a148e refs/heads/debug-78\n003ec7563454dd4fbe0ea69095188860a62a19658a04 - refs/heads/devel\n004e12e7eb93014f59be062fc72c51708ac1e079a3ac refs/heads/improve-documentation\n003d9e487f29582587eeb4837c0552c886bb0644b6b9 - refs/heads/main\n003f940a2857e598a6392bd336330b07416c1ae8ea1f refs/heads/master\n0045e4d57da60ecdc216eff9885b0330de99b2485dbf - refs/heads/new-template\n0047b5ac509f7b2dc62ec43608515039593fae596689 refs/heads/ssh-deploy-key\n004fc26a144ee1d285425915bd6151f7d883999cd9e2 - refs/heads/stricter-shell-options\n0078c26a144ee1d285425915bd6151f7d883999cd9e2 - refs/heads/stricter_shell_option-commit_message-documentation_improvements\n0046e89946750758f3bca4d80d6a1b2b536ce33d4260 - refs/heads/update-readme\n003aea532627535451757c1793514eed939e4683d45a refs/tags/v1\n003c1cfade9aa388629e9cf79a8b8c35ae100efd1f5d - refs/tags/v1.1\n003f637125d2256c6612875516875c0e715afb799614 refs/tags/v1.1^{}\n003c976916018a4108195b74a5663a045141c6708c79 - refs/tags/v1.2\n003c8e9bfb00e6687c3f5cbc272c09b9dd2c27c7720c refs/tags/v1.3\n003c164a872083db0b1bb8cac1628f43e512716dceee - refs/tags/v1.4\n003e483689a71cf9d3a0bbdd79d23e00646ef4124391 refs/tags/v1.4.1\n003eac0bb2c8f9246ed4df2994ad799cef891fc07c62 - refs/tags/v1.4.2\n003cf8f86f8d8fa988b561a263ad18bec22173325f13 refs/tags/v1.5\n003e74596b72fae72d9b7b79e1b2992863c0f595c801 - refs/tags/v1.5.1\n0000" - recorded_at: Fri, 11 Nov 2022 12:09:13 GMT - request: method: get uri: https://api.github.com/repos/dependabot-fixtures/github-action-push-to-another-repository/compare/v1.5.1...f4b9c90516ad3bdcfdc6f4fcf8ba937d0bd40465 @@ -127,7 +23,7 @@ http_interactions: server: - GitHub.com date: - - Fri, 11 Nov 2022 12:09:13 GMT + - Fri, 11 Nov 2022 15:24:19 GMT content-type: - application/json; charset=utf-8 transfer-encoding: @@ -152,11 +48,11 @@ http_interactions: x-ratelimit-limit: - '5000' x-ratelimit-remaining: - - '4977' + - '4971' x-ratelimit-reset: - - '1668171026' + - '1668183118' x-ratelimit-used: - - '23' + - '29' x-ratelimit-resource: - core access-control-expose-headers: @@ -179,7 +75,7 @@ http_interactions: content-security-policy: - default-src 'none' x-github-request-id: - - 0A8B:CB3D:151B2FF:156927E:636E3B69 + - 0BFF:8F6B:1D3E841:1DB5545:636E6923 body: encoding: ASCII-8BIT string: '{"url":"https://api.github.com/repos/dependabot-fixtures/github-action-push-to-another-repository/compare/v1.5.1...f4b9c90516ad3bdcfdc6f4fcf8ba937d0bd40465","html_url":"https://github.com/dependabot-fixtures/github-action-push-to-another-repository/compare/v1.5.1...f4b9c90516ad3bdcfdc6f4fcf8ba937d0bd40465","permalink_url":"https://github.com/dependabot-fixtures/github-action-push-to-another-repository/compare/dependabot-fixtures:74596b7...dependabot-fixtures:f4b9c90","diff_url":"https://github.com/dependabot-fixtures/github-action-push-to-another-repository/compare/v1.5.1...f4b9c90516ad3bdcfdc6f4fcf8ba937d0bd40465.diff","patch_url":"https://github.com/dependabot-fixtures/github-action-push-to-another-repository/compare/v1.5.1...f4b9c90516ad3bdcfdc6f4fcf8ba937d0bd40465.patch","base_commit":{"sha":"74596b72fae72d9b7b79e1b2992863c0f595c801","node_id":"C_kwDOIalVntoAKDc0NTk2YjcyZmFlNzJkOWI3Yjc5ZTFiMjk5Mjg2M2MwZjU5NWM4MDE","commit":{"author":{"name":"Carles @@ -210,7 +106,7 @@ http_interactions: } || {\n \techo \"::error::Could not clone the destination repository. Command:\"\n \techo \"::error::git clone --single-branch --branch $TARGET_BRANCH $GIT_CMD_REPOSITORY $CLONE_DIR\""}]}' - recorded_at: Fri, 11 Nov 2022 12:09:14 GMT + recorded_at: Fri, 11 Nov 2022 15:24:19 GMT - request: method: get uri: https://api.github.com/repos/dependabot-fixtures/github-action-push-to-another-repository/compare/v1.5.1...f4b9c90516ad3bdcfdc6f4fcf8ba937d0bd40465 @@ -234,7 +130,7 @@ http_interactions: server: - GitHub.com date: - - Fri, 11 Nov 2022 12:09:14 GMT + - Fri, 11 Nov 2022 15:24:20 GMT content-type: - application/json; charset=utf-8 transfer-encoding: @@ -259,11 +155,11 @@ http_interactions: x-ratelimit-limit: - '5000' x-ratelimit-remaining: - - '4976' + - '4970' x-ratelimit-reset: - - '1668171026' + - '1668183118' x-ratelimit-used: - - '24' + - '30' x-ratelimit-resource: - core access-control-expose-headers: @@ -286,7 +182,7 @@ http_interactions: content-security-policy: - default-src 'none' x-github-request-id: - - 0A8C:8A0B:15651A5:15B290B:636E3B6A + - '0800:C728:22596A4:22D2809:636E6923' body: encoding: ASCII-8BIT string: '{"url":"https://api.github.com/repos/dependabot-fixtures/github-action-push-to-another-repository/compare/v1.5.1...f4b9c90516ad3bdcfdc6f4fcf8ba937d0bd40465","html_url":"https://github.com/dependabot-fixtures/github-action-push-to-another-repository/compare/v1.5.1...f4b9c90516ad3bdcfdc6f4fcf8ba937d0bd40465","permalink_url":"https://github.com/dependabot-fixtures/github-action-push-to-another-repository/compare/dependabot-fixtures:74596b7...dependabot-fixtures:f4b9c90","diff_url":"https://github.com/dependabot-fixtures/github-action-push-to-another-repository/compare/v1.5.1...f4b9c90516ad3bdcfdc6f4fcf8ba937d0bd40465.diff","patch_url":"https://github.com/dependabot-fixtures/github-action-push-to-another-repository/compare/v1.5.1...f4b9c90516ad3bdcfdc6f4fcf8ba937d0bd40465.patch","base_commit":{"sha":"74596b72fae72d9b7b79e1b2992863c0f595c801","node_id":"C_kwDOIalVntoAKDc0NTk2YjcyZmFlNzJkOWI3Yjc5ZTFiMjk5Mjg2M2MwZjU5NWM4MDE","commit":{"author":{"name":"Carles @@ -317,5 +213,5 @@ http_interactions: } || {\n \techo \"::error::Could not clone the destination repository. Command:\"\n \techo \"::error::git clone --single-branch --branch $TARGET_BRANCH $GIT_CMD_REPOSITORY $CLONE_DIR\""}]}' - recorded_at: Fri, 11 Nov 2022 12:09:14 GMT + recorded_at: Fri, 11 Nov 2022 15:24:20 GMT recorded_with: VCR 6.1.0 diff --git a/github_actions/spec/fixtures/vcr_cassettes/Dependabot_GithubActions_UpdateChecker/_latest_version/given_a_realworld_repository/when_pinned_to_an_up_to_date_commit_in_a_non_default_branch/returns_the_expected_value.yml b/github_actions/spec/fixtures/vcr_cassettes/Dependabot_GithubActions_UpdateChecker/_latest_version/given_a_realworld_repository/when_pinned_to_an_up_to_date_commit_in_a_non_default_branch/returns_the_expected_value.yml index bb30b8c20e4..515d89d55f5 100644 --- a/github_actions/spec/fixtures/vcr_cassettes/Dependabot_GithubActions_UpdateChecker/_latest_version/given_a_realworld_repository/when_pinned_to_an_up_to_date_commit_in_a_non_default_branch/returns_the_expected_value.yml +++ b/github_actions/spec/fixtures/vcr_cassettes/Dependabot_GithubActions_UpdateChecker/_latest_version/given_a_realworld_repository/when_pinned_to_an_up_to_date_commit_in_a_non_default_branch/returns_the_expected_value.yml @@ -1,109 +1,5 @@ --- http_interactions: -- request: - method: get - uri: https://github.com/dependabot-fixtures/github-action-push-to-another-repository.git/info/refs?service=git-upload-pack - body: - encoding: US-ASCII - string: '' - headers: - user-agent: - - dependabot-core/0.213.0 excon/0.94.0 ruby/3.1.2 (aarch64-linux) (+https://github.com/dependabot/dependabot-core) - response: - status: - code: 200 - message: OK - headers: - server: - - GitHub Babel 2.0 - content-type: - - application/x-git-upload-pack-advertisement - content-security-policy: - - default-src 'none'; sandbox - expires: - - Fri, 01 Jan 1980 00:00:00 GMT - pragma: - - no-cache - cache-control: - - no-cache, max-age=0, must-revalidate - vary: - - Accept-Encoding - x-frame-options: - - DENY - x-github-request-id: - - 0A83:DA5A:18DD7EB:19725C6:636E3B66 - body: - encoding: ASCII-8BIT - string: "001e# service=git-upload-pack\n000001549e487f29582587eeb4837c0552c886bb0644b6b9 - HEAD\0multi_ack thin-pack side-band side-band-64k ofs-delta shallow deepen-since - deepen-not deepen-relative no-progress include-tag multi_ack_detailed allow-tip-sha1-in-want - allow-reachable-sha1-in-want no-done symref=HEAD:refs/heads/main filter object-format=sha1 - agent=git/github-gfe630fe0f311\n00480d608f8ef76d25976130a63cbe7f8db3945189e2 - refs/heads/composite-1.5.1\n00418aa8ad206e57bae695f9fcdc82c71fa0c01a148e refs/heads/debug-78\n003ec7563454dd4fbe0ea69095188860a62a19658a04 - refs/heads/devel\n004e12e7eb93014f59be062fc72c51708ac1e079a3ac refs/heads/improve-documentation\n003d9e487f29582587eeb4837c0552c886bb0644b6b9 - refs/heads/main\n003f940a2857e598a6392bd336330b07416c1ae8ea1f refs/heads/master\n0045e4d57da60ecdc216eff9885b0330de99b2485dbf - refs/heads/new-template\n0047b5ac509f7b2dc62ec43608515039593fae596689 refs/heads/ssh-deploy-key\n004fc26a144ee1d285425915bd6151f7d883999cd9e2 - refs/heads/stricter-shell-options\n0078c26a144ee1d285425915bd6151f7d883999cd9e2 - refs/heads/stricter_shell_option-commit_message-documentation_improvements\n0046e89946750758f3bca4d80d6a1b2b536ce33d4260 - refs/heads/update-readme\n003aea532627535451757c1793514eed939e4683d45a refs/tags/v1\n003c1cfade9aa388629e9cf79a8b8c35ae100efd1f5d - refs/tags/v1.1\n003f637125d2256c6612875516875c0e715afb799614 refs/tags/v1.1^{}\n003c976916018a4108195b74a5663a045141c6708c79 - refs/tags/v1.2\n003c8e9bfb00e6687c3f5cbc272c09b9dd2c27c7720c refs/tags/v1.3\n003c164a872083db0b1bb8cac1628f43e512716dceee - refs/tags/v1.4\n003e483689a71cf9d3a0bbdd79d23e00646ef4124391 refs/tags/v1.4.1\n003eac0bb2c8f9246ed4df2994ad799cef891fc07c62 - refs/tags/v1.4.2\n003cf8f86f8d8fa988b561a263ad18bec22173325f13 refs/tags/v1.5\n003e74596b72fae72d9b7b79e1b2992863c0f595c801 - refs/tags/v1.5.1\n0000" - recorded_at: Fri, 11 Nov 2022 12:09:10 GMT -- request: - method: get - uri: https://github.com/dependabot-fixtures/github-action-push-to-another-repository.git/info/refs?service=git-upload-pack - body: - encoding: US-ASCII - string: '' - headers: - user-agent: - - dependabot-core/0.213.0 excon/0.94.0 ruby/3.1.2 (aarch64-linux) (+https://github.com/dependabot/dependabot-core) - response: - status: - code: 200 - message: OK - headers: - server: - - GitHub Babel 2.0 - content-type: - - application/x-git-upload-pack-advertisement - content-security-policy: - - default-src 'none'; sandbox - expires: - - Fri, 01 Jan 1980 00:00:00 GMT - pragma: - - no-cache - cache-control: - - no-cache, max-age=0, must-revalidate - vary: - - Accept-Encoding - x-frame-options: - - DENY - x-github-request-id: - - 0A84:CBE5:191E495:19B4013:636E3B66 - body: - encoding: ASCII-8BIT - string: "001e# service=git-upload-pack\n000001549e487f29582587eeb4837c0552c886bb0644b6b9 - HEAD\0multi_ack thin-pack side-band side-band-64k ofs-delta shallow deepen-since - deepen-not deepen-relative no-progress include-tag multi_ack_detailed allow-tip-sha1-in-want - allow-reachable-sha1-in-want no-done symref=HEAD:refs/heads/main filter object-format=sha1 - agent=git/github-gfe630fe0f311\n00480d608f8ef76d25976130a63cbe7f8db3945189e2 - refs/heads/composite-1.5.1\n00418aa8ad206e57bae695f9fcdc82c71fa0c01a148e refs/heads/debug-78\n003ec7563454dd4fbe0ea69095188860a62a19658a04 - refs/heads/devel\n004e12e7eb93014f59be062fc72c51708ac1e079a3ac refs/heads/improve-documentation\n003d9e487f29582587eeb4837c0552c886bb0644b6b9 - refs/heads/main\n003f940a2857e598a6392bd336330b07416c1ae8ea1f refs/heads/master\n0045e4d57da60ecdc216eff9885b0330de99b2485dbf - refs/heads/new-template\n0047b5ac509f7b2dc62ec43608515039593fae596689 refs/heads/ssh-deploy-key\n004fc26a144ee1d285425915bd6151f7d883999cd9e2 - refs/heads/stricter-shell-options\n0078c26a144ee1d285425915bd6151f7d883999cd9e2 - refs/heads/stricter_shell_option-commit_message-documentation_improvements\n0046e89946750758f3bca4d80d6a1b2b536ce33d4260 - refs/heads/update-readme\n003aea532627535451757c1793514eed939e4683d45a refs/tags/v1\n003c1cfade9aa388629e9cf79a8b8c35ae100efd1f5d - refs/tags/v1.1\n003f637125d2256c6612875516875c0e715afb799614 refs/tags/v1.1^{}\n003c976916018a4108195b74a5663a045141c6708c79 - refs/tags/v1.2\n003c8e9bfb00e6687c3f5cbc272c09b9dd2c27c7720c refs/tags/v1.3\n003c164a872083db0b1bb8cac1628f43e512716dceee - refs/tags/v1.4\n003e483689a71cf9d3a0bbdd79d23e00646ef4124391 refs/tags/v1.4.1\n003eac0bb2c8f9246ed4df2994ad799cef891fc07c62 - refs/tags/v1.4.2\n003cf8f86f8d8fa988b561a263ad18bec22173325f13 refs/tags/v1.5\n003e74596b72fae72d9b7b79e1b2992863c0f595c801 - refs/tags/v1.5.1\n0000" - recorded_at: Fri, 11 Nov 2022 12:09:11 GMT - request: method: get uri: https://api.github.com/repos/dependabot-fixtures/github-action-push-to-another-repository/compare/v1.5.1...c7563454dd4fbe0ea69095188860a62a19658a04 @@ -127,7 +23,7 @@ http_interactions: server: - GitHub.com date: - - Fri, 11 Nov 2022 12:09:11 GMT + - Fri, 11 Nov 2022 15:24:15 GMT content-type: - application/json; charset=utf-8 transfer-encoding: @@ -152,11 +48,11 @@ http_interactions: x-ratelimit-limit: - '5000' x-ratelimit-remaining: - - '4979' + - '4977' x-ratelimit-reset: - - '1668171026' + - '1668183118' x-ratelimit-used: - - '21' + - '23' x-ratelimit-resource: - core access-control-expose-headers: @@ -179,7 +75,7 @@ http_interactions: content-security-policy: - default-src 'none' x-github-request-id: - - 0A86:CB3D:151A846:156879F:636E3B67 + - 0BF7:D9A1:1FF39BD:2069A73:636E691F body: encoding: ASCII-8BIT string: '{"url":"https://api.github.com/repos/dependabot-fixtures/github-action-push-to-another-repository/compare/v1.5.1...c7563454dd4fbe0ea69095188860a62a19658a04","html_url":"https://github.com/dependabot-fixtures/github-action-push-to-another-repository/compare/v1.5.1...c7563454dd4fbe0ea69095188860a62a19658a04","permalink_url":"https://github.com/dependabot-fixtures/github-action-push-to-another-repository/compare/dependabot-fixtures:74596b7...dependabot-fixtures:c756345","diff_url":"https://github.com/dependabot-fixtures/github-action-push-to-another-repository/compare/v1.5.1...c7563454dd4fbe0ea69095188860a62a19658a04.diff","patch_url":"https://github.com/dependabot-fixtures/github-action-push-to-another-repository/compare/v1.5.1...c7563454dd4fbe0ea69095188860a62a19658a04.patch","base_commit":{"sha":"74596b72fae72d9b7b79e1b2992863c0f595c801","node_id":"C_kwDOIalVntoAKDc0NTk2YjcyZmFlNzJkOWI3Yjc5ZTFiMjk5Mjg2M2MwZjU5NWM4MDE","commit":{"author":{"name":"Carles @@ -231,7 +127,7 @@ http_interactions: TODO: review before releasing it as a version\n+git config --global --add safe.directory \"$CLONE_DIR\"\n+\n echo \"[+] Adding git commit\"\n git add .\n "}]}' - recorded_at: Fri, 11 Nov 2022 12:09:11 GMT + recorded_at: Fri, 11 Nov 2022 15:24:15 GMT - request: method: get uri: https://api.github.com/repos/dependabot-fixtures/github-action-push-to-another-repository/compare/v1.5.1...c7563454dd4fbe0ea69095188860a62a19658a04 @@ -255,7 +151,7 @@ http_interactions: server: - GitHub.com date: - - Fri, 11 Nov 2022 12:09:11 GMT + - Fri, 11 Nov 2022 15:24:16 GMT content-type: - application/json; charset=utf-8 transfer-encoding: @@ -280,11 +176,11 @@ http_interactions: x-ratelimit-limit: - '5000' x-ratelimit-remaining: - - '4978' + - '4976' x-ratelimit-reset: - - '1668171026' + - '1668183118' x-ratelimit-used: - - '22' + - '24' x-ratelimit-resource: - core access-control-expose-headers: @@ -307,7 +203,7 @@ http_interactions: content-security-policy: - default-src 'none' x-github-request-id: - - 0A87:ECB4:1406F27:14542A0:636E3B67 + - 0BF8:8F6B:1D3DB27:1DB480E:636E691F body: encoding: ASCII-8BIT string: '{"url":"https://api.github.com/repos/dependabot-fixtures/github-action-push-to-another-repository/compare/v1.5.1...c7563454dd4fbe0ea69095188860a62a19658a04","html_url":"https://github.com/dependabot-fixtures/github-action-push-to-another-repository/compare/v1.5.1...c7563454dd4fbe0ea69095188860a62a19658a04","permalink_url":"https://github.com/dependabot-fixtures/github-action-push-to-another-repository/compare/dependabot-fixtures:74596b7...dependabot-fixtures:c756345","diff_url":"https://github.com/dependabot-fixtures/github-action-push-to-another-repository/compare/v1.5.1...c7563454dd4fbe0ea69095188860a62a19658a04.diff","patch_url":"https://github.com/dependabot-fixtures/github-action-push-to-another-repository/compare/v1.5.1...c7563454dd4fbe0ea69095188860a62a19658a04.patch","base_commit":{"sha":"74596b72fae72d9b7b79e1b2992863c0f595c801","node_id":"C_kwDOIalVntoAKDc0NTk2YjcyZmFlNzJkOWI3Yjc5ZTFiMjk5Mjg2M2MwZjU5NWM4MDE","commit":{"author":{"name":"Carles @@ -359,5 +255,5 @@ http_interactions: TODO: review before releasing it as a version\n+git config --global --add safe.directory \"$CLONE_DIR\"\n+\n echo \"[+] Adding git commit\"\n git add .\n "}]}' - recorded_at: Fri, 11 Nov 2022 12:09:12 GMT + recorded_at: Fri, 11 Nov 2022 15:24:16 GMT recorded_with: VCR 6.1.0 diff --git a/github_actions/spec/fixtures/vcr_cassettes/Dependabot_GithubActions_UpdateChecker/_latest_version/given_a_realworld_repository/when_pinned_to_an_up_to_date_commit_in_the_default_branch/returns_the_expected_value.yml b/github_actions/spec/fixtures/vcr_cassettes/Dependabot_GithubActions_UpdateChecker/_latest_version/given_a_realworld_repository/when_pinned_to_an_up_to_date_commit_in_the_default_branch/returns_the_expected_value.yml index 048f16a275f..b143788efd8 100644 --- a/github_actions/spec/fixtures/vcr_cassettes/Dependabot_GithubActions_UpdateChecker/_latest_version/given_a_realworld_repository/when_pinned_to_an_up_to_date_commit_in_the_default_branch/returns_the_expected_value.yml +++ b/github_actions/spec/fixtures/vcr_cassettes/Dependabot_GithubActions_UpdateChecker/_latest_version/given_a_realworld_repository/when_pinned_to_an_up_to_date_commit_in_the_default_branch/returns_the_expected_value.yml @@ -1,109 +1,5 @@ --- http_interactions: -- request: - method: get - uri: https://github.com/dependabot-fixtures/github-action-push-to-another-repository.git/info/refs?service=git-upload-pack - body: - encoding: US-ASCII - string: '' - headers: - user-agent: - - dependabot-core/0.213.0 excon/0.94.0 ruby/3.1.2 (aarch64-linux) (+https://github.com/dependabot/dependabot-core) - response: - status: - code: 200 - message: OK - headers: - server: - - GitHub Babel 2.0 - content-type: - - application/x-git-upload-pack-advertisement - content-security-policy: - - default-src 'none'; sandbox - expires: - - Fri, 01 Jan 1980 00:00:00 GMT - pragma: - - no-cache - cache-control: - - no-cache, max-age=0, must-revalidate - vary: - - Accept-Encoding - x-frame-options: - - DENY - x-github-request-id: - - 0A96:79A2:191A8FB:19B1CD4:636E3B6E - body: - encoding: ASCII-8BIT - string: "001e# service=git-upload-pack\n000001549e487f29582587eeb4837c0552c886bb0644b6b9 - HEAD\0multi_ack thin-pack side-band side-band-64k ofs-delta shallow deepen-since - deepen-not deepen-relative no-progress include-tag multi_ack_detailed allow-tip-sha1-in-want - allow-reachable-sha1-in-want no-done symref=HEAD:refs/heads/main filter object-format=sha1 - agent=git/github-gfe630fe0f311\n00480d608f8ef76d25976130a63cbe7f8db3945189e2 - refs/heads/composite-1.5.1\n00418aa8ad206e57bae695f9fcdc82c71fa0c01a148e refs/heads/debug-78\n003ec7563454dd4fbe0ea69095188860a62a19658a04 - refs/heads/devel\n004e12e7eb93014f59be062fc72c51708ac1e079a3ac refs/heads/improve-documentation\n003d9e487f29582587eeb4837c0552c886bb0644b6b9 - refs/heads/main\n003f940a2857e598a6392bd336330b07416c1ae8ea1f refs/heads/master\n0045e4d57da60ecdc216eff9885b0330de99b2485dbf - refs/heads/new-template\n0047b5ac509f7b2dc62ec43608515039593fae596689 refs/heads/ssh-deploy-key\n004fc26a144ee1d285425915bd6151f7d883999cd9e2 - refs/heads/stricter-shell-options\n0078c26a144ee1d285425915bd6151f7d883999cd9e2 - refs/heads/stricter_shell_option-commit_message-documentation_improvements\n0046e89946750758f3bca4d80d6a1b2b536ce33d4260 - refs/heads/update-readme\n003aea532627535451757c1793514eed939e4683d45a refs/tags/v1\n003c1cfade9aa388629e9cf79a8b8c35ae100efd1f5d - refs/tags/v1.1\n003f637125d2256c6612875516875c0e715afb799614 refs/tags/v1.1^{}\n003c976916018a4108195b74a5663a045141c6708c79 - refs/tags/v1.2\n003c8e9bfb00e6687c3f5cbc272c09b9dd2c27c7720c refs/tags/v1.3\n003c164a872083db0b1bb8cac1628f43e512716dceee - refs/tags/v1.4\n003e483689a71cf9d3a0bbdd79d23e00646ef4124391 refs/tags/v1.4.1\n003eac0bb2c8f9246ed4df2994ad799cef891fc07c62 - refs/tags/v1.4.2\n003cf8f86f8d8fa988b561a263ad18bec22173325f13 refs/tags/v1.5\n003e74596b72fae72d9b7b79e1b2992863c0f595c801 - refs/tags/v1.5.1\n0000" - recorded_at: Fri, 11 Nov 2022 12:09:18 GMT -- request: - method: get - uri: https://github.com/dependabot-fixtures/github-action-push-to-another-repository.git/info/refs?service=git-upload-pack - body: - encoding: US-ASCII - string: '' - headers: - user-agent: - - dependabot-core/0.213.0 excon/0.94.0 ruby/3.1.2 (aarch64-linux) (+https://github.com/dependabot/dependabot-core) - response: - status: - code: 200 - message: OK - headers: - server: - - GitHub Babel 2.0 - content-type: - - application/x-git-upload-pack-advertisement - content-security-policy: - - default-src 'none'; sandbox - expires: - - Fri, 01 Jan 1980 00:00:00 GMT - pragma: - - no-cache - cache-control: - - no-cache, max-age=0, must-revalidate - vary: - - Accept-Encoding - x-frame-options: - - DENY - x-github-request-id: - - 0A97:8AC4:197581A:1A0C3E8:636E3B6E - body: - encoding: ASCII-8BIT - string: "001e# service=git-upload-pack\n000001549e487f29582587eeb4837c0552c886bb0644b6b9 - HEAD\0multi_ack thin-pack side-band side-band-64k ofs-delta shallow deepen-since - deepen-not deepen-relative no-progress include-tag multi_ack_detailed allow-tip-sha1-in-want - allow-reachable-sha1-in-want no-done symref=HEAD:refs/heads/main filter object-format=sha1 - agent=git/github-gfe630fe0f311\n00480d608f8ef76d25976130a63cbe7f8db3945189e2 - refs/heads/composite-1.5.1\n00418aa8ad206e57bae695f9fcdc82c71fa0c01a148e refs/heads/debug-78\n003ec7563454dd4fbe0ea69095188860a62a19658a04 - refs/heads/devel\n004e12e7eb93014f59be062fc72c51708ac1e079a3ac refs/heads/improve-documentation\n003d9e487f29582587eeb4837c0552c886bb0644b6b9 - refs/heads/main\n003f940a2857e598a6392bd336330b07416c1ae8ea1f refs/heads/master\n0045e4d57da60ecdc216eff9885b0330de99b2485dbf - refs/heads/new-template\n0047b5ac509f7b2dc62ec43608515039593fae596689 refs/heads/ssh-deploy-key\n004fc26a144ee1d285425915bd6151f7d883999cd9e2 - refs/heads/stricter-shell-options\n0078c26a144ee1d285425915bd6151f7d883999cd9e2 - refs/heads/stricter_shell_option-commit_message-documentation_improvements\n0046e89946750758f3bca4d80d6a1b2b536ce33d4260 - refs/heads/update-readme\n003aea532627535451757c1793514eed939e4683d45a refs/tags/v1\n003c1cfade9aa388629e9cf79a8b8c35ae100efd1f5d - refs/tags/v1.1\n003f637125d2256c6612875516875c0e715afb799614 refs/tags/v1.1^{}\n003c976916018a4108195b74a5663a045141c6708c79 - refs/tags/v1.2\n003c8e9bfb00e6687c3f5cbc272c09b9dd2c27c7720c refs/tags/v1.3\n003c164a872083db0b1bb8cac1628f43e512716dceee - refs/tags/v1.4\n003e483689a71cf9d3a0bbdd79d23e00646ef4124391 refs/tags/v1.4.1\n003eac0bb2c8f9246ed4df2994ad799cef891fc07c62 - refs/tags/v1.4.2\n003cf8f86f8d8fa988b561a263ad18bec22173325f13 refs/tags/v1.5\n003e74596b72fae72d9b7b79e1b2992863c0f595c801 - refs/tags/v1.5.1\n0000" - recorded_at: Fri, 11 Nov 2022 12:09:18 GMT - request: method: get uri: https://api.github.com/repos/dependabot-fixtures/github-action-push-to-another-repository/compare/v1.5.1...9e487f29582587eeb4837c0552c886bb0644b6b9 @@ -127,7 +23,7 @@ http_interactions: server: - GitHub.com date: - - Fri, 11 Nov 2022 12:09:18 GMT + - Fri, 11 Nov 2022 15:24:18 GMT content-type: - application/json; charset=utf-8 transfer-encoding: @@ -154,7 +50,7 @@ http_interactions: x-ratelimit-remaining: - '4973' x-ratelimit-reset: - - '1668171026' + - '1668183118' x-ratelimit-used: - '27' x-ratelimit-resource: @@ -179,7 +75,7 @@ http_interactions: content-security-policy: - default-src 'none' x-github-request-id: - - 0A98:CB3D:151C8AE:156A878:636E3B6E + - 0BFD:CB3D:20DCEF3:2154613:636E6922 body: encoding: ASCII-8BIT string: '{"url":"https://api.github.com/repos/dependabot-fixtures/github-action-push-to-another-repository/compare/v1.5.1...9e487f29582587eeb4837c0552c886bb0644b6b9","html_url":"https://github.com/dependabot-fixtures/github-action-push-to-another-repository/compare/v1.5.1...9e487f29582587eeb4837c0552c886bb0644b6b9","permalink_url":"https://github.com/dependabot-fixtures/github-action-push-to-another-repository/compare/dependabot-fixtures:74596b7...dependabot-fixtures:9e487f2","diff_url":"https://github.com/dependabot-fixtures/github-action-push-to-another-repository/compare/v1.5.1...9e487f29582587eeb4837c0552c886bb0644b6b9.diff","patch_url":"https://github.com/dependabot-fixtures/github-action-push-to-another-repository/compare/v1.5.1...9e487f29582587eeb4837c0552c886bb0644b6b9.patch","base_commit":{"sha":"74596b72fae72d9b7b79e1b2992863c0f595c801","node_id":"C_kwDOIalVntoAKDc0NTk2YjcyZmFlNzJkOWI3Yjc5ZTFiMjk5Mjg2M2MwZjU5NWM4MDE","commit":{"author":{"name":"Carles @@ -222,7 +118,7 @@ http_interactions: } || {\n \techo \"::error::Could not clone the destination repository. Command:\"\n \techo \"::error::git clone --single-branch --branch $TARGET_BRANCH $GIT_CMD_REPOSITORY $CLONE_DIR\""}]}' - recorded_at: Fri, 11 Nov 2022 12:09:19 GMT + recorded_at: Fri, 11 Nov 2022 15:24:18 GMT - request: method: get uri: https://api.github.com/repos/dependabot-fixtures/github-action-push-to-another-repository/compare/v1.5.1...9e487f29582587eeb4837c0552c886bb0644b6b9 @@ -246,7 +142,7 @@ http_interactions: server: - GitHub.com date: - - Fri, 11 Nov 2022 12:09:19 GMT + - Fri, 11 Nov 2022 15:24:19 GMT content-type: - application/json; charset=utf-8 transfer-encoding: @@ -273,7 +169,7 @@ http_interactions: x-ratelimit-remaining: - '4972' x-ratelimit-reset: - - '1668171026' + - '1668183118' x-ratelimit-used: - '28' x-ratelimit-resource: @@ -298,7 +194,7 @@ http_interactions: content-security-policy: - default-src 'none' x-github-request-id: - - 0A99:0CD4:D41EAA:D7990A:636E3B6F + - 0BFE:13B37:2288FD8:23041DA:636E6922 body: encoding: ASCII-8BIT string: '{"url":"https://api.github.com/repos/dependabot-fixtures/github-action-push-to-another-repository/compare/v1.5.1...9e487f29582587eeb4837c0552c886bb0644b6b9","html_url":"https://github.com/dependabot-fixtures/github-action-push-to-another-repository/compare/v1.5.1...9e487f29582587eeb4837c0552c886bb0644b6b9","permalink_url":"https://github.com/dependabot-fixtures/github-action-push-to-another-repository/compare/dependabot-fixtures:74596b7...dependabot-fixtures:9e487f2","diff_url":"https://github.com/dependabot-fixtures/github-action-push-to-another-repository/compare/v1.5.1...9e487f29582587eeb4837c0552c886bb0644b6b9.diff","patch_url":"https://github.com/dependabot-fixtures/github-action-push-to-another-repository/compare/v1.5.1...9e487f29582587eeb4837c0552c886bb0644b6b9.patch","base_commit":{"sha":"74596b72fae72d9b7b79e1b2992863c0f595c801","node_id":"C_kwDOIalVntoAKDc0NTk2YjcyZmFlNzJkOWI3Yjc5ZTFiMjk5Mjg2M2MwZjU5NWM4MDE","commit":{"author":{"name":"Carles @@ -341,5 +237,5 @@ http_interactions: } || {\n \techo \"::error::Could not clone the destination repository. Command:\"\n \techo \"::error::git clone --single-branch --branch $TARGET_BRANCH $GIT_CMD_REPOSITORY $CLONE_DIR\""}]}' - recorded_at: Fri, 11 Nov 2022 12:09:19 GMT + recorded_at: Fri, 11 Nov 2022 15:24:19 GMT recorded_with: VCR 6.1.0