dependabot-docker 0.137.2 → 0.138.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/docker/update_checker.rb +44 -34
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2b7ac7299b2071200e004890983096b009024591bab81cc953cd77de3f6f37d2
|
|
4
|
+
data.tar.gz: ff92a602b7896a75937dff9388dfedc56e622a0c79edafd1cda33fe40ca69a0d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 5958d0c40cda55ee92489f2d4ee1d6361b1d7086f74604eb649ee8b21f6419cb79515466406406a1db0862de9d4feec00345937f6e6cfe239d10d8c18613fb65
|
|
7
|
+
data.tar.gz: 9f9456b9e064b43853f605500ae91fe7e263d640304ba77c31e5be3db58d24ef8031119d83a930657479d0ebf31af9e430a8bfdc4f181852ccaad3e9fe19653e
|
|
@@ -29,7 +29,7 @@ module DockerRegistry2
|
|
|
29
29
|
headers["Accept"] = %w(
|
|
30
30
|
application/vnd.docker.distribution.manifest.v2+json
|
|
31
31
|
application/vnd.docker.distribution.manifest.list.v2+json
|
|
32
|
-
application/json
|
|
32
|
+
application/json
|
|
33
33
|
).join(",")
|
|
34
34
|
end
|
|
35
35
|
headers["Content-Type"] = "application/vnd.docker.distribution.manifest.v2+json" unless payload.nil?
|
|
@@ -57,7 +57,7 @@ module Dependabot
|
|
|
57
57
|
/x.freeze
|
|
58
58
|
|
|
59
59
|
def latest_version
|
|
60
|
-
|
|
60
|
+
fetch_latest_version(dependency.version)
|
|
61
61
|
end
|
|
62
62
|
|
|
63
63
|
def latest_resolvable_version
|
|
@@ -74,7 +74,7 @@ module Dependabot
|
|
|
74
74
|
dependency.requirements.map do |req|
|
|
75
75
|
updated_source = req.fetch(:source).dup
|
|
76
76
|
updated_source[:digest] = updated_digest if req[:source][:digest]
|
|
77
|
-
updated_source[:tag] =
|
|
77
|
+
updated_source[:tag] = fetch_latest_version(req[:source][:tag]) if req[:source][:tag]
|
|
78
78
|
|
|
79
79
|
req.merge(source: updated_source)
|
|
80
80
|
end
|
|
@@ -97,17 +97,22 @@ module Dependabot
|
|
|
97
97
|
|
|
98
98
|
def version_up_to_date?
|
|
99
99
|
# If the tag isn't up-to-date then we can definitely update
|
|
100
|
-
return false if version_tag_up_to_date? == false
|
|
100
|
+
return false if version_tag_up_to_date?(dependency.version) == false
|
|
101
|
+
return false if dependency.requirements.any? do |req|
|
|
102
|
+
version_tag_up_to_date?(req.fetch(:source, {})[:tag]) == false
|
|
103
|
+
end
|
|
101
104
|
|
|
102
105
|
# Otherwise, if the Dockerfile specifies a digest check that that is
|
|
103
106
|
# up-to-date
|
|
104
107
|
digest_up_to_date?
|
|
105
108
|
end
|
|
106
109
|
|
|
107
|
-
def version_tag_up_to_date?
|
|
108
|
-
return unless
|
|
110
|
+
def version_tag_up_to_date?(version)
|
|
111
|
+
return unless version&.match?(NAME_WITH_VERSION)
|
|
109
112
|
|
|
110
|
-
|
|
113
|
+
latest_version = fetch_latest_version(version)
|
|
114
|
+
|
|
115
|
+
old_v = numeric_version_from(version)
|
|
111
116
|
latest_v = numeric_version_from(latest_version)
|
|
112
117
|
|
|
113
118
|
return true if version_class.new(latest_v) <= version_class.new(old_v)
|
|
@@ -117,7 +122,7 @@ module Dependabot
|
|
|
117
122
|
# digests are also unequal. Avoids 'updating' ruby-2 -> ruby-2.5.1
|
|
118
123
|
return false if old_v.split(".").count == latest_v.split(".").count
|
|
119
124
|
|
|
120
|
-
digest_of(
|
|
125
|
+
digest_of(version) == digest_of(latest_version)
|
|
121
126
|
end
|
|
122
127
|
|
|
123
128
|
def digest_up_to_date?
|
|
@@ -131,34 +136,39 @@ module Dependabot
|
|
|
131
136
|
|
|
132
137
|
# NOTE: It's important that this *always* returns a version (even if
|
|
133
138
|
# it's the existing one) as it is what we later check the digest of.
|
|
134
|
-
def fetch_latest_version
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
candidate_tags
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
max_by do |tag|
|
|
152
|
-
[version_class.new(numeric_version_from(tag)), tag.length]
|
|
139
|
+
def fetch_latest_version(version)
|
|
140
|
+
@versions ||= {}
|
|
141
|
+
return @versions[version] if @versions.key?(version)
|
|
142
|
+
|
|
143
|
+
@versions[version] = begin
|
|
144
|
+
return version unless version.match?(NAME_WITH_VERSION)
|
|
145
|
+
|
|
146
|
+
# Prune out any downgrade tags before checking for pre-releases
|
|
147
|
+
# (which requires a call to the registry for each tag, so can be slow)
|
|
148
|
+
candidate_tags = comparable_tags_from_registry(version)
|
|
149
|
+
non_downgrade_tags = remove_version_downgrades(candidate_tags, version)
|
|
150
|
+
candidate_tags = non_downgrade_tags if non_downgrade_tags.any?
|
|
151
|
+
|
|
152
|
+
unless prerelease?(version)
|
|
153
|
+
candidate_tags =
|
|
154
|
+
candidate_tags.
|
|
155
|
+
reject { |tag| prerelease?(tag) }
|
|
153
156
|
end
|
|
154
157
|
|
|
155
|
-
|
|
158
|
+
latest_tag =
|
|
159
|
+
filter_ignored(candidate_tags).
|
|
160
|
+
max_by do |tag|
|
|
161
|
+
[version_class.new(numeric_version_from(tag)), tag.length]
|
|
162
|
+
end
|
|
163
|
+
|
|
164
|
+
latest_tag || version
|
|
165
|
+
end
|
|
156
166
|
end
|
|
157
167
|
|
|
158
|
-
def comparable_tags_from_registry
|
|
159
|
-
original_prefix = prefix_of(
|
|
160
|
-
original_suffix = suffix_of(
|
|
161
|
-
original_format = format_of(
|
|
168
|
+
def comparable_tags_from_registry(version)
|
|
169
|
+
original_prefix = prefix_of(version)
|
|
170
|
+
original_suffix = suffix_of(version)
|
|
171
|
+
original_format = format_of(version)
|
|
162
172
|
|
|
163
173
|
tags_from_registry.
|
|
164
174
|
select { |tag| tag.match?(NAME_WITH_VERSION) }.
|
|
@@ -168,10 +178,10 @@ module Dependabot
|
|
|
168
178
|
reject { |tag| commit_sha_suffix?(tag) }
|
|
169
179
|
end
|
|
170
180
|
|
|
171
|
-
def remove_version_downgrades(candidate_tags)
|
|
181
|
+
def remove_version_downgrades(candidate_tags, version)
|
|
172
182
|
candidate_tags.select do |tag|
|
|
173
183
|
version_class.new(numeric_version_from(tag)) >=
|
|
174
|
-
version_class.new(numeric_version_from(
|
|
184
|
+
version_class.new(numeric_version_from(version))
|
|
175
185
|
end
|
|
176
186
|
end
|
|
177
187
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-docker
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.138.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-03-
|
|
11
|
+
date: 2021-03-25 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.138.4
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.138.4
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|