RubyGems - dependabot-core - Versions diffs - 0.76.11 → 0.77.0 - Mend

dependabot-core 0.76.11 → 0.77.0

Files changed (15) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +4 -0
data/lib/dependabot/file_fetchers.rb +0 -2
data/lib/dependabot/file_parsers.rb +0 -2
data/lib/dependabot/file_updaters.rb +0 -2
data/lib/dependabot/metadata_finders.rb +0 -2
data/lib/dependabot/update_checkers.rb +0 -2
data/lib/dependabot/version.rb +1 -1
metadata +1 -7
data/lib/dependabot/file_fetchers/docker/docker.rb +0 -40
data/lib/dependabot/file_parsers/docker/docker.rb +0 -164
data/lib/dependabot/file_updaters/docker/docker.rb +0 -133
data/lib/dependabot/metadata_finders/docker/docker.rb +0 -18
data/lib/dependabot/update_checkers/docker/docker.rb +0 -290
data/lib/dependabot/utils/docker/credentials_finder.rb +0 -65

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a5a81bf12f28897fd225b92b4e37e0476b0896fcc58685457173f696f3010c44
-  data.tar.gz: b30ff79c7eb025531e5d559270f7f13b06d4a0fd099f478a3019a9ad9fa2fe63
+  metadata.gz: 643315e66fbeb494837f087852166010e52b5c24daf7ff8c459bbf660b0d4d63
+  data.tar.gz: cfff2982eda91bc92af1e374d0a7071610ef4d9ace6024185ebffc1c28cc01b5
 SHA512:
-  metadata.gz: b1379cee6737a8d68f06463024c9793f1db3ffc0750af144e358e717ae8fab08febb492c7ff4638bd8b74980d257cf7ca50d901be33f51e757409dc5ee68c8cc
-  data.tar.gz: 527956ec32bea4528e5868d2168cd9ac5c23331783a8da287393a00b7a669dee2a8cfdb91066bbd315deb93dd23b623c0f4461e2ff177d2eda1bfb33ca7e2f4f
+  metadata.gz: e5436d554912bd92166d5580fd7737fad37b69feb0a7acef0d5fe1f3e3c465ce62ea03580486a0ddd3a5ca1dd3e3dee8f3e7d65743f34a3e25089b3af98b1b3d
+  data.tar.gz: 0deffbebb24d5c99233a0522305fb911e9111bd466bf2f7aa54f4494cd917e4c9c8f34ba4ae4c11c29d1879bdb4b1e905a46b1397903f4a40f858c120a23d077

data/CHANGELOG.md CHANGED

@@ -1,3 +1,7 @@
+## v0.77.0, 7 December 2018
+- Move Docker support to a separate gem
 ## v0.76.11, 7 December 2018
 - Python: Ignore dependencies that we had to insert a version for

data/lib/dependabot/file_fetchers.rb CHANGED

@@ -7,7 +7,6 @@ require "dependabot/file_fetchers/java/maven"
 require "dependabot/file_fetchers/java/gradle"
 require "dependabot/file_fetchers/php/composer"
 require "dependabot/file_fetchers/git/submodules"
-require "dependabot/file_fetchers/docker/docker"
 require "dependabot/file_fetchers/elixir/hex"
 require "dependabot/file_fetchers/rust/cargo"
 require "dependabot/file_fetchers/dotnet/nuget"
@@ -25,7 +24,6 @@ module Dependabot
       "pip" => FileFetchers::Python::Pip,
       "composer" => FileFetchers::Php::Composer,
       "submodules" => FileFetchers::Git::Submodules,
-      "docker" => FileFetchers::Docker::Docker,
       "hex" => FileFetchers::Elixir::Hex,
       "cargo" => FileFetchers::Rust::Cargo,
       "nuget" => FileFetchers::Dotnet::Nuget,

data/lib/dependabot/file_parsers.rb CHANGED

@@ -7,7 +7,6 @@ require "dependabot/file_parsers/java/maven"
 require "dependabot/file_parsers/java/gradle"
 require "dependabot/file_parsers/php/composer"
 require "dependabot/file_parsers/git/submodules"
-require "dependabot/file_parsers/docker/docker"
 require "dependabot/file_parsers/elixir/hex"
 require "dependabot/file_parsers/rust/cargo"
 require "dependabot/file_parsers/dotnet/nuget"
@@ -25,7 +24,6 @@ module Dependabot
       "pip" => FileParsers::Python::Pip,
       "composer" => FileParsers::Php::Composer,
       "submodules" => FileParsers::Git::Submodules,
-      "docker" => FileParsers::Docker::Docker,
       "hex" => FileParsers::Elixir::Hex,
       "cargo" => FileParsers::Rust::Cargo,
       "nuget" => FileParsers::Dotnet::Nuget,

data/lib/dependabot/file_updaters.rb CHANGED

@@ -7,7 +7,6 @@ require "dependabot/file_updaters/java/maven"
 require "dependabot/file_updaters/java/gradle"
 require "dependabot/file_updaters/php/composer"
 require "dependabot/file_updaters/git/submodules"
-require "dependabot/file_updaters/docker/docker"
 require "dependabot/file_updaters/elixir/hex"
 require "dependabot/file_updaters/rust/cargo"
 require "dependabot/file_updaters/dotnet/nuget"
@@ -25,7 +24,6 @@ module Dependabot
       "pip" => FileUpdaters::Python::Pip,
       "composer" => FileUpdaters::Php::Composer,
       "submodules" => FileUpdaters::Git::Submodules,
-      "docker" => FileUpdaters::Docker::Docker,
       "hex" => FileUpdaters::Elixir::Hex,
       "cargo" => FileUpdaters::Rust::Cargo,
       "nuget" => FileUpdaters::Dotnet::Nuget,

data/lib/dependabot/metadata_finders.rb CHANGED

@@ -6,7 +6,6 @@ require "dependabot/metadata_finders/java_script/npm_and_yarn"
 require "dependabot/metadata_finders/java/maven"
 require "dependabot/metadata_finders/php/composer"
 require "dependabot/metadata_finders/git/submodules"
-require "dependabot/metadata_finders/docker/docker"
 require "dependabot/metadata_finders/elixir/hex"
 require "dependabot/metadata_finders/rust/cargo"
 require "dependabot/metadata_finders/dotnet/nuget"
@@ -23,7 +22,6 @@ module Dependabot
       "pip" => MetadataFinders::Python::Pip,
       "composer" => MetadataFinders::Php::Composer,
       "submodules" => MetadataFinders::Git::Submodules,
-      "docker" => MetadataFinders::Docker::Docker,
       "hex" => MetadataFinders::Elixir::Hex,
       "cargo" => MetadataFinders::Rust::Cargo,
       "nuget" => MetadataFinders::Dotnet::Nuget,

data/lib/dependabot/update_checkers.rb CHANGED

@@ -7,7 +7,6 @@ require "dependabot/update_checkers/java/maven"
 require "dependabot/update_checkers/java/gradle"
 require "dependabot/update_checkers/php/composer"
 require "dependabot/update_checkers/git/submodules"
-require "dependabot/update_checkers/docker/docker"
 require "dependabot/update_checkers/elixir/hex"
 require "dependabot/update_checkers/rust/cargo"
 require "dependabot/update_checkers/dotnet/nuget"
@@ -25,7 +24,6 @@ module Dependabot
       "pip" => UpdateCheckers::Python::Pip,
       "composer" => UpdateCheckers::Php::Composer,
       "submodules" => UpdateCheckers::Git::Submodules,
-      "docker" => UpdateCheckers::Docker::Docker,
       "hex" => UpdateCheckers::Elixir::Hex,
       "cargo" => UpdateCheckers::Rust::Cargo,
       "nuget" => UpdateCheckers::Dotnet::Nuget,

data/lib/dependabot/version.rb CHANGED

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Dependabot
-  VERSION = "0.76.11"
+  VERSION = "0.77.0"
 end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-core
 version: !ruby/object:Gem::Version
-  version: 0.76.11
+  version: 0.77.0
 platform: ruby
 authors:
 - Dependabot
@@ -380,7 +380,6 @@ files:
 - lib/dependabot/file_fetchers.rb
 - lib/dependabot/file_fetchers/README.md
 - lib/dependabot/file_fetchers/base.rb
-- lib/dependabot/file_fetchers/docker/docker.rb
 - lib/dependabot/file_fetchers/dotnet/nuget.rb
 - lib/dependabot/file_fetchers/dotnet/nuget/import_paths_finder.rb
 - lib/dependabot/file_fetchers/dotnet/nuget/sln_project_paths_finder.rb
@@ -405,7 +404,6 @@ files:
 - lib/dependabot/file_parsers/README.md
 - lib/dependabot/file_parsers/base.rb
 - lib/dependabot/file_parsers/base/dependency_set.rb
-- lib/dependabot/file_parsers/docker/docker.rb
 - lib/dependabot/file_parsers/dotnet/nuget.rb
 - lib/dependabot/file_parsers/dotnet/nuget/packages_config_parser.rb
 - lib/dependabot/file_parsers/dotnet/nuget/project_file_parser.rb
@@ -435,7 +433,6 @@ files:
 - lib/dependabot/file_updaters.rb
 - lib/dependabot/file_updaters/README.md
 - lib/dependabot/file_updaters/base.rb
-- lib/dependabot/file_updaters/docker/docker.rb
 - lib/dependabot/file_updaters/dotnet/nuget.rb
 - lib/dependabot/file_updaters/dotnet/nuget/packages_config_declaration_finder.rb
 - lib/dependabot/file_updaters/dotnet/nuget/project_file_declaration_finder.rb
@@ -499,7 +496,6 @@ files:
 - lib/dependabot/metadata_finders/base/changelog_pruner.rb
 - lib/dependabot/metadata_finders/base/commits_finder.rb
 - lib/dependabot/metadata_finders/base/release_finder.rb
-- lib/dependabot/metadata_finders/docker/docker.rb
 - lib/dependabot/metadata_finders/dotnet/nuget.rb
 - lib/dependabot/metadata_finders/elixir/hex.rb
 - lib/dependabot/metadata_finders/elm/elm_package.rb
@@ -525,7 +521,6 @@ files:
 - lib/dependabot/update_checkers.rb
 - lib/dependabot/update_checkers/README.md
 - lib/dependabot/update_checkers/base.rb
-- lib/dependabot/update_checkers/docker/docker.rb
 - lib/dependabot/update_checkers/dotnet/nuget.rb
 - lib/dependabot/update_checkers/dotnet/nuget/property_updater.rb
 - lib/dependabot/update_checkers/dotnet/nuget/repository_finder.rb
@@ -583,7 +578,6 @@ files:
 - lib/dependabot/update_checkers/rust/cargo/requirements_updater.rb
 - lib/dependabot/update_checkers/rust/cargo/version_resolver.rb
 - lib/dependabot/utils.rb
-- lib/dependabot/utils/docker/credentials_finder.rb
 - lib/dependabot/utils/dotnet/requirement.rb
 - lib/dependabot/utils/dotnet/version.rb
 - lib/dependabot/utils/elixir/requirement.rb

data/lib/dependabot/file_fetchers/docker/docker.rb DELETED

@@ -1,40 +0,0 @@
-# frozen_string_literal: true
-require "dependabot/file_fetchers/base"
-module Dependabot
-  module FileFetchers
-    module Docker
-      class Docker < Dependabot::FileFetchers::Base
-        def self.required_files_in?(filenames)
-          filenames.any? { |f| f.match?(/dockerfile/i) }
-        end
-        def self.required_files_message
-          "Repo must contain a Dockerfile."
-        end
-        private
-        def fetch_files
-          fetched_files = []
-          fetched_files += dockerfiles
-          return fetched_files if fetched_files.any?
-          raise(
-            Dependabot::DependencyFileNotFound,
-            File.join(directory, "Dockerfile")
-          )
-        end
-        def dockerfiles
-          @dockerfiles ||=
-            repo_contents(raise_errors: false).
-            select { |f| f.type == "file" && f.name.match?(/dockerfile/i) }.
-            map { |f| fetch_file_from_host(f.name) }
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/file_parsers/docker/docker.rb DELETED

@@ -1,164 +0,0 @@
-# frozen_string_literal: true
-require "docker_registry2"
-require "dependabot/dependency"
-require "dependabot/file_parsers/base"
-require "dependabot/errors"
-require "dependabot/utils/docker/credentials_finder"
-module Dependabot
-  module FileParsers
-    module Docker
-      class Docker < Dependabot::FileParsers::Base
-        require "dependabot/file_parsers/base/dependency_set"
-        # Detials of Docker regular expressions is at
-        # https://github.com/docker/distribution/blob/master/reference/regexp.go
-        DOMAIN_COMPONENT =
-          /(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])/.freeze
-        DOMAIN = /(?:#{DOMAIN_COMPONENT}(?:\.#{DOMAIN_COMPONENT})+)/.freeze
-        REGISTRY = /(?<registry>#{DOMAIN}(?::[0-9]+)?)/.freeze
-        NAME_COMPONENT = /(?:[a-z0-9]+(?:(?:[._]|__|[-]*)[a-z0-9]+)*)/.freeze
-        IMAGE = %r{(?<image>#{NAME_COMPONENT}(?:/#{NAME_COMPONENT})*)}.freeze
-        FROM = /[Ff][Rr][Oo][Mm]/.freeze
-        TAG = /:(?<tag>[\w][\w.-]{0,127})/.freeze
-        DIGEST = /@(?<digest>[^\s]+)/.freeze
-        NAME = /\s+AS\s+(?<name>[a-zA-Z0-9_-]+)/.freeze
-        FROM_LINE =
-          %r{^#{FROM}\s+(#{REGISTRY}/)?#{IMAGE}#{TAG}?#{DIGEST}?#{NAME}?}.freeze
-        AWS_ECR_URL = /dkr\.ecr\.(?<region>[^.]+).amazonaws\.com/.freeze
-        def parse
-          dependency_set = DependencySet.new
-          dockerfiles.each do |dockerfile|
-            dockerfile.content.each_line do |line|
-              next unless FROM_LINE.match?(line)
-              parsed_from_line = FROM_LINE.match(line).named_captures
-              version = version_from(parsed_from_line)
-              next unless version
-              dependency_set << Dependency.new(
-                name: parsed_from_line.fetch("image"),
-                version: version,
-                package_manager: "docker",
-                requirements: [
-                  requirement: nil,
-                  groups: [],
-                  file: dockerfile.name,
-                  source: source_from(parsed_from_line)
-                ]
-              )
-            end
-          end
-          dependency_set.dependencies
-        end
-        private
-        def dockerfiles
-          # The Docker file fetcher only fetches Dockerfiles, so no need to
-          # filter here
-          dependency_files
-        end
-        def version_from(parsed_from_line)
-          return parsed_from_line.fetch("tag") if parsed_from_line.fetch("tag")
-          version_from_digest(
-            registry: parsed_from_line.fetch("registry"),
-            image: parsed_from_line.fetch("image"),
-            digest: parsed_from_line.fetch("digest")
-          )
-        end
-        def source_from(parsed_from_line)
-          source = {}
-          if parsed_from_line.fetch("registry")
-            source[:registry] = parsed_from_line.fetch("registry")
-          end
-          if parsed_from_line.fetch("tag")
-            source[:tag] = parsed_from_line.fetch("tag")
-          end
-          if parsed_from_line.fetch("digest")
-            source[:digest] = parsed_from_line.fetch("digest")
-          end
-          source
-        end
-        def version_from_digest(registry:, image:, digest:)
-          return unless digest
-          repo = docker_repo_name(image, registry)
-          registry_client = docker_registry_client(registry)
-          registry_client.tags(repo).fetch("tags").find do |tag|
-            digest == registry_client.digest(repo, tag)
-          rescue DockerRegistry2::NotFound
-            # Shouldn't happen, but it does. Example of existing tag with
-            # no manifest is "library/python", "2-windowsservercore".
-            false
-          end
-        rescue DockerRegistry2::RegistryAuthenticationException,
-               RestClient::Forbidden
-          raise if standard_registry?(registry)
-          raise PrivateSourceAuthenticationFailure, registry
-        end
-        def docker_repo_name(image, registry)
-          return image unless standard_registry?(registry)
-          return image unless image.split("/").count < 2
-          "library/#{image}"
-        end
-        def docker_registry_client(registry)
-          if registry
-            credentials = registry_credentials(registry)
-            DockerRegistry2::Registry.new(
-              "https://#{registry}",
-              user: credentials&.fetch("username"),
-              password: credentials&.fetch("password")
-            )
-          else
-            DockerRegistry2::Registry.new("https://registry.hub.docker.com")
-          end
-        end
-        def registry_credentials(registry_url)
-          credentials_finder.credentials_for_registry(registry_url)
-        end
-        def credentials_finder
-          @credentials_finder ||=
-            Utils::Docker::CredentialsFinder.new(credentials)
-        end
-        def standard_registry?(registry)
-          return true if registry.nil?
-          registry == "registry.hub.docker.com"
-        end
-        def check_required_files
-          # Just check if there are any files at all.
-          return if dependency_files.any?
-          raise "No Dockerfile!"
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/file_updaters/docker/docker.rb DELETED

@@ -1,133 +0,0 @@
-# frozen_string_literal: true
-require "dependabot/file_updaters/base"
-require "dependabot/errors"
-module Dependabot
-  module FileUpdaters
-    module Docker
-      class Docker < Dependabot::FileUpdaters::Base
-        FROM_REGEX = /[Ff][Rr][Oo][Mm]/.freeze
-        def self.updated_files_regex
-          [/dockerfile/]
-        end
-        def updated_dependency_files
-          updated_files = []
-          dependency_files.each do |file|
-            next unless requirement_changed?(file, dependency)
-            updated_files <<
-              updated_file(
-                file: file,
-                content: updated_dockerfile_content(file)
-              )
-          end
-          updated_files.reject! { |f| dependency_files.include?(f) }
-          raise "No files changed!" if updated_files.none?
-          updated_files
-        end
-        private
-        def dependency
-          # Dockerfiles will only ever be updating a single dependency
-          dependencies.first
-        end
-        def check_required_files
-          # Just check if there are any files at all.
-          return if dependency_files.any?
-          raise "No Dockerfile!"
-        end
-        def updated_dockerfile_content(file)
-          updated_content =
-            if specified_with_digest?(file)
-              update_digest_and_tag(file)
-            else
-              update_tag(file)
-            end
-          raise "Expected content to change!" if updated_content == file.content
-          updated_content
-        end
-        def update_digest_and_tag(file)
-          old_declaration_regex = /^#{FROM_REGEX}\s+.*@#{old_digest(file)}/
-          file.content.gsub(old_declaration_regex) do |old_dec|
-            old_dec.
-              gsub("@#{old_digest(file)}", "@#{new_digest(file)}").
-              gsub(":#{dependency.previous_version}",
-                   ":#{dependency.version}")
-          end
-        end
-        def update_tag(file)
-          return unless old_tag(file)
-          old_declaration =
-            if private_registry_url(file) then "#{private_registry_url(file)}/"
-            else ""
-            end
-          old_declaration += "#{dependency.name}:#{old_tag(file)}"
-          escaped_declaration = Regexp.escape(old_declaration)
-          old_declaration_regex = /^#{FROM_REGEX}\s+#{escaped_declaration}/
-          file.content.gsub(old_declaration_regex) do |old_dec|
-            old_dec.gsub(":#{old_tag(file)}", ":#{new_tag(file)}")
-          end
-        end
-        def specified_with_digest?(file)
-          dependency.
-            requirements.
-            find { |r| r[:file] == file.name }.
-            fetch(:source)[:digest]
-        end
-        def new_digest(file)
-          return unless specified_with_digest?(file)
-          dependency.requirements.
-            find { |r| r[:file] == file.name }.
-            fetch(:source).fetch(:digest)
-        end
-        def old_digest(file)
-          return unless specified_with_digest?(file)
-          dependency.previous_requirements.
-            find { |r| r[:file] == file.name }.
-            fetch(:source).fetch(:digest)
-        end
-        def new_tag(file)
-          dependency.requirements.
-            find { |r| r[:file] == file.name }.
-            fetch(:source)[:tag]
-        end
-        def old_tag(file)
-          dependency.previous_requirements.
-            find { |r| r[:file] == file.name }.
-            fetch(:source)[:tag]
-        end
-        def private_registry_url(file)
-          dependency.requirements.
-            find { |r| r[:file] == file.name }.
-            fetch(:source)[:registry]
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/metadata_finders/docker/docker.rb DELETED

@@ -1,18 +0,0 @@
-# frozen_string_literal: true
-require "dependabot/metadata_finders/base"
-module Dependabot
-  module MetadataFinders
-    module Docker
-      class Docker < Dependabot::MetadataFinders::Base
-        private
-        def look_up_source
-          # TODO: Find a way to add links to PRs
-          nil
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/update_checkers/docker/docker.rb DELETED

@@ -1,290 +0,0 @@
-# frozen_string_literal: true
-require "docker_registry2"
-require "dependabot/update_checkers/base"
-require "dependabot/errors"
-require "dependabot/utils/docker/credentials_finder"
-module Dependabot
-  module UpdateCheckers
-    module Docker
-      class Docker < Dependabot::UpdateCheckers::Base
-        VERSION_REGEX = /(?<version>[0-9]+(?:\.[a-zA-Z0-9]+)*)/.freeze
-        VERSION_WITH_SUFFIX =
-          /^#{VERSION_REGEX}(?<affix>-[a-z0-9.\-]+)?$/.freeze
-        VERSION_WITH_PREFIX =
-          /^(?<affix>[a-z0-9.\-]+-)?#{VERSION_REGEX}$/.freeze
-        NAME_WITH_VERSION =
-          /#{VERSION_WITH_PREFIX}|#{VERSION_WITH_SUFFIX}/.freeze
-        def latest_version
-          @latest_version ||= fetch_latest_version
-        end
-        def latest_resolvable_version
-          # Resolvability isn't an issue for Docker containers.
-          latest_version
-        end
-        def latest_resolvable_version_with_no_unlock
-          # No concept of "unlocking" for Docker containers
-          dependency.version
-        end
-        def updated_requirements
-          dependency.requirements.map do |req|
-            updated_source = req.fetch(:source).dup
-            updated_source[:digest] = updated_digest if req[:source][:digest]
-            updated_source[:tag] = latest_version if req[:source][:tag]
-            req.merge(source: updated_source)
-          end
-        end
-        private
-        def latest_version_resolvable_with_full_unlock?
-          # Full unlock checks aren't relevant for Dockerfiles
-          false
-        end
-        def updated_dependencies_after_full_unlock
-          raise NotImplementedError
-        end
-        def version_can_update?(*)
-          !version_up_to_date?
-        end
-        def version_up_to_date?
-          # If the tag isn't up-to-date then we can definitely update
-          return false if version_tag_up_to_date? == false
-          # Otherwise, if the Dockerfile specifies a digest check that that is
-          # up-to-date
-          digest_up_to_date?
-        end
-        def version_tag_up_to_date?
-          return unless dependency.version.match?(NAME_WITH_VERSION)
-          old_v = numeric_version_from(dependency.version)
-          latest_v = numeric_version_from(latest_version)
-          return true if version_class.new(latest_v) <= version_class.new(old_v)
-          # Check the precision of the potentially higher tag is the same as the
-          # one it would replace. In the event that it's not the same, check the
-          # digests are also unequal. Avoids 'updating' ruby-2 -> ruby-2.5.1
-          return false if old_v.split(".").count == latest_v.split(".").count
-          digest_of(dependency.version) == digest_of(latest_version)
-        end
-        def digest_up_to_date?
-          dependency.requirements.all? do |req|
-            next true unless req.fetch(:source)[:digest]
-            req.fetch(:source).fetch(:digest) == digest_of(dependency.version)
-          end
-        end
-        # Note: It's important that this *always* returns a version (even if
-        # it's the existing one) as it is what we later check the digest of.
-        def fetch_latest_version
-          unless dependency.version.match?(NAME_WITH_VERSION)
-            return dependency.version
-          end
-          # Prune out any downgrade tags before checking for pre-releases
-          # (which requires a call to the registry for each tag, so can be slow)
-          candidate_tags = comparable_tags_from_registry
-          non_downgrade_tags = remove_version_downgrades(candidate_tags)
-          candidate_tags = non_downgrade_tags if non_downgrade_tags.any?
-          wants_prerelease = prerelease?(dependency.version)
-          candidate_tags =
-            candidate_tags.
-            reject { |tag| prerelease?(tag) && !wants_prerelease }.
-            reject do |tag|
-              version = version_class.new(numeric_version_from(tag))
-              ignore_reqs.any? { |r| r.satisfied_by?(version) }
-            end
-          latest_tag =
-            candidate_tags.
-            max_by { |tag| version_class.new(numeric_version_from(tag)) }
-          latest_tag || dependency.version
-        end
-        def comparable_tags_from_registry
-          original_affix = affix_of(dependency.version)
-          tags_from_registry.
-            select { |tag| tag.match?(NAME_WITH_VERSION) }.
-            select { |tag| affix_of(tag) == original_affix }.
-            reject { |tag| commit_sha_suffix?(tag) }
-        end
-        def remove_version_downgrades(candidate_tags)
-          candidate_tags.select do |tag|
-            version_class.new(numeric_version_from(tag)) >=
-              version_class.new(numeric_version_from(dependency.version))
-          end
-        end
-        def commit_sha_suffix?(tag)
-          # Some people suffix their versions with commit SHAs. Dependabot
-          # can't order on those but will try to, so instead we should exclude
-          # them (unless there's a `latest` version pushed to the registry, in
-          # which case we'll use that to find the latest version)
-          return false unless tag.match?(/(^|\-)[0-9a-f]{7,}$/)
-          !tag.match?(/(^|\-)20[0-1]\d{5}$/)
-        end
-        def version_of_latest_tag
-          return unless latest_digest
-          tags_from_registry.
-            select { |tag| canonical_version?(tag) }.
-            select { |t| digest_of(t) == latest_digest }.
-            map { |t| version_class.new(numeric_version_from(t)) }.
-            max
-        end
-        def canonical_version?(tag)
-          return false unless numeric_version_from(tag)
-          return true if tag == numeric_version_from(tag)
-          # .NET tags are suffixed with -sdk. There may be other cases we need
-          # to consider in future, too.
-          tag == numeric_version_from(tag) + "-sdk"
-        end
-        def updated_digest
-          @updated_digest ||=
-            begin
-              docker_registry_client.digest(docker_repo_name, latest_version)
-            rescue RestClient::Exceptions::Timeout
-              attempt ||= 1
-              attempt += 1
-              raise if attempt > 3
-              retry
-            end
-        rescue DockerRegistry2::RegistryAuthenticationException,
-               RestClient::Forbidden
-          raise PrivateSourceAuthenticationFailure, registry_hostname
-        end
-        def tags_from_registry
-          @tags_from_registry ||=
-            begin
-              docker_registry_client.tags(docker_repo_name).fetch("tags")
-            rescue RestClient::Exceptions::Timeout
-              attempt ||= 1
-              attempt += 1
-              raise if attempt > 3
-              retry
-            end
-        rescue DockerRegistry2::RegistryAuthenticationException,
-               RestClient::Forbidden
-          raise PrivateSourceAuthenticationFailure, registry_hostname
-        end
-        def latest_digest
-          return unless tags_from_registry.include?("latest")
-          digest_of("latest")
-        end
-        def digest_of(tag)
-          @digests ||= {}
-          return @digests[tag] if @digests.key?(tag)
-          @digests[tag] =
-            begin
-              docker_registry_client.digest(docker_repo_name, tag)
-            rescue *transient_docker_errors => e
-              attempt ||= 1
-              attempt += 1
-              return if attempt > 3 && e.is_a?(DockerRegistry2::NotFound)
-              raise if attempt > 3
-              retry
-            end
-        end
-        def transient_docker_errors
-          [RestClient::Exceptions::Timeout, DockerRegistry2::NotFound]
-        end
-        def affix_of(tag)
-          tag.match(NAME_WITH_VERSION).named_captures.fetch("affix")
-        end
-        def prerelease?(tag)
-          return true if numeric_version_from(tag).match?(/[a-zA-Z]/)
-          # If we're dealing with a numeric version we can compare it against
-          # the digest for the `latest` tag.
-          return false unless numeric_version_from(tag)
-          return false unless latest_digest
-          return false unless version_of_latest_tag
-          version_class.new(numeric_version_from(tag)) > version_of_latest_tag
-        end
-        def numeric_version_from(tag)
-          return unless tag.match?(NAME_WITH_VERSION)
-          tag.match(NAME_WITH_VERSION).named_captures.fetch("version")
-        end
-        def registry_hostname
-          dependency.requirements.first[:source][:registry] ||
-            "registry.hub.docker.com"
-        end
-        def using_dockerhub?
-          registry_hostname == "registry.hub.docker.com"
-        end
-        def registry_credentials
-          credentials_finder.credentials_for_registry(registry_hostname)
-        end
-        def credentials_finder
-          @credentials_finder ||=
-            Utils::Docker::CredentialsFinder.new(credentials)
-        end
-        def docker_repo_name
-          return dependency.name unless using_dockerhub?
-          return dependency.name unless dependency.name.split("/").count < 2
-          "library/#{dependency.name}"
-        end
-        def docker_registry_client
-          @docker_registry_client ||=
-            DockerRegistry2::Registry.new(
-              "https://#{registry_hostname}",
-              user: registry_credentials&.fetch("username"),
-              password: registry_credentials&.fetch("password")
-            )
-        end
-        def ignore_reqs
-          # Note: we use Gem::Requirement here because ignore conditions will
-          # be passed as Ruby ranges
-          ignored_versions.map { |req| Gem::Requirement.new(req.split(",")) }
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/utils/docker/credentials_finder.rb DELETED

@@ -1,65 +0,0 @@
-# frozen_string_literal: true
-require "aws-sdk-ecr"
-require "base64"
-require "dependabot/errors"
-module Dependabot
-  module Utils
-    module Docker
-      class CredentialsFinder
-        AWS_ECR_URL = /dkr\.ecr\.(?<region>[^.]+).amazonaws\.com/.freeze
-        def initialize(credentials)
-          @credentials = credentials
-        end
-        def credentials_for_registry(registry_hostname)
-          registry_details =
-            credentials.
-            select { |cred| cred["type"] == "docker_registry" }.
-            find { |cred| cred.fetch("registry") == registry_hostname }
-          return unless registry_details
-          return registry_details unless registry_hostname.match?(AWS_ECR_URL)
-          build_aws_credentials(registry_details)
-        end
-        private
-        attr_reader :credentials
-        def build_aws_credentials(registry_details)
-          # If credentials have been generated from AWS we can just return them
-          return registry_details if registry_details.fetch("username") == "AWS"
-          # Otherwise, we need to use the provided Access Key ID and secret to
-          # generate a temporary username and password
-          aws_credentials = Aws::Credentials.new(
-            registry_details.fetch("username"),
-            registry_details.fetch("password")
-          )
-          registry_hostname = registry_details.fetch("registry")
-          region = registry_hostname.match(AWS_ECR_URL).
-                   named_captures.fetch("region")
-          @authorization_tokens ||= {}
-          @authorization_tokens[registry_hostname] ||=
-            Aws::ECR::Client.new(region: region, credentials: aws_credentials).
-            get_authorization_token.authorization_data.first.
-            authorization_token
-          username, password =
-            Base64.decode64(@authorization_tokens[registry_hostname]).split(":")
-          registry_details.merge("username" => username, "password" => password)
-        rescue Aws::Errors::MissingCredentialsError,
-               Aws::ECR::Errors::UnrecognizedClientException
-          raise PrivateSourceAuthenticationFailure, registry_hostname
-        end
-      end
-    end
-  end
-end