dependabot-docker 0.225.0 → 0.226.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: bed9be20b5dafebe413d70b16a5940bb474b89b2eeaab9501f824f66c3d6ac90
4
- data.tar.gz: f6ac3c022f82f6bbccbe7a7ed29d7b15eef4412e7a5f802ae7161bb39fbb3fca
3
+ metadata.gz: b32a9aefbcd623b4e2bf553b4aec6676f758f3d27f50f67f99156cc32d8206a0
4
+ data.tar.gz: f710312b8e2bed67dafabcea2b601be717292fab22301613e447a73153465703
5
5
  SHA512:
6
- metadata.gz: e5d888a8c7c67653d554bfcaa24ecb7e532812000c0b89297303f9521195d5711bbca95b2cd66e19e460730e15f72ac67227f0ffcac99b3f3cf08a4c3cea9605
7
- data.tar.gz: e1679c8e2220b27daa88ffc948296b2927e37ab11a475d1e7520d54c940a91f72d1b37ff6bfde5c7c11ea31ac9cbd6381542d3d3188202e33fbe905e7c82fcfa
6
+ metadata.gz: aa265e080fb4afd058721b5ac0bada493708327f2b5d10d35e0652b15ef0ae3b560ab890fbdd84a20ddf0a8abc7aff34d4bab56423a4b157553dc363ebed285e
7
+ data.tar.gz: 7f15e687d41a354f1a36b1e22ec899354d4f16edae0ae909e0ab2f105c57aaf3e59de48349b7005a92a13ded2cfd48ab8596434789001c62e345163d227e3894
@@ -5,7 +5,8 @@ require "dependabot/docker/file_parser"
5
5
  module Dependabot
6
6
  module Docker
7
7
  class Tag
8
- VERSION_REGEX = /v?(?<version>[0-9]+(?:\.[0-9]+)*(?:_[0-9]+|\.[a-z0-9]+|-(?:kb)?[0-9]+)*)/i
8
+ WORDS_WITH_BUILD = /(?:(?:-[a-z]+)+-[0-9]+)+/
9
+ VERSION_REGEX = /v?(?<version>[0-9]+(?:\.[0-9]+)*(?:_[0-9]+|\.[a-z0-9]+|#{WORDS_WITH_BUILD}|-(?:kb)?[0-9]+)*)/i
9
10
  VERSION_WITH_SFX = /^#{VERSION_REGEX}(?<suffix>-[a-z][a-z0-9.\-]*)?$/i
10
11
  VERSION_WITH_PFX = /^(?<prefix>[a-z][a-z0-9.\-]*-)?#{VERSION_REGEX}$/i
11
12
  VERSION_WITH_PFX_AND_SFX = /^(?<prefix>[a-z\-]+-)?#{VERSION_REGEX}(?<suffix>-[a-z\-]+)?$/i
@@ -30,6 +31,25 @@ module Dependabot
30
31
  name.match?(FileParser::DIGEST)
31
32
  end
32
33
 
34
+ def looks_like_prerelease?
35
+ numeric_version.gsub(/kb/i, "").match?(/[a-zA-Z]/)
36
+ end
37
+
38
+ def comparable_to?(other)
39
+ return false unless comparable?
40
+
41
+ other_prefix = other.prefix
42
+ other_suffix = other.suffix
43
+ other_format = other.format
44
+
45
+ equal_prefix = prefix == other_prefix
46
+ equal_format = format == other_format
47
+ return equal_prefix && equal_format if other_format == :sha_suffixed
48
+
49
+ equal_suffix = suffix == other_suffix
50
+ equal_prefix && equal_format && equal_suffix
51
+ end
52
+
33
53
  def comparable?
34
54
  name.match?(NAME_WITH_VERSION)
35
55
  end
@@ -62,11 +82,26 @@ module Dependabot
62
82
  name.match(NAME_WITH_VERSION).named_captures.fetch("suffix")
63
83
  end
64
84
 
85
+ def version
86
+ name.match(NAME_WITH_VERSION).named_captures.fetch("version")
87
+ end
88
+
65
89
  def format
66
- return :year_month if numeric_version.match?(/^[12]\d{3}(?:[.\-]|$)/)
67
- return :year_month_day if numeric_version.match?(/^[12]\d{5}(?:[.\-]|$)/)
90
+ return :year_month if version.match?(/^[12]\d{3}(?:[.\-]|$)/)
91
+ return :year_month_day if version.match?(/^[12]\d{5}(?:[.\-]|$)/)
68
92
  return :sha_suffixed if name.match?(/(^|\-g?)[0-9a-f]{7,}$/)
69
- return :build_num if numeric_version.match?(/^\d+$/)
93
+ return :build_num if version.match?(/^\d+$/)
94
+
95
+ # As an example, "21-ea-32", "22-ea-7", and "22-ea-jdk-nanoserver-1809"
96
+ # are mapped to "<version>-ea-<build_num>", "<version>-ea-<build_num>",
97
+ # and "<version>-ea-jdk-nanoserver-<build_num>" respectively.
98
+ #
99
+ # That means only "22-ea-7" will be considered as a viable update
100
+ # candidate for "21-ea-32", since it's the only one that respects that
101
+ # format.
102
+ if version.match?(WORDS_WITH_BUILD)
103
+ return :"<version>#{version.match(WORDS_WITH_BUILD).to_s.gsub(/-[0-9]+/, "-<build_num>")}"
104
+ end
70
105
 
71
106
  :normal
72
107
  end
@@ -74,7 +109,7 @@ module Dependabot
74
109
  def numeric_version
75
110
  return unless comparable?
76
111
 
77
- name.match(NAME_WITH_VERSION).named_captures.fetch("version").downcase
112
+ version.gsub(/-[a-z]+/, "").downcase
78
113
  end
79
114
 
80
115
  def precision
@@ -82,10 +82,7 @@ module Dependabot
82
82
 
83
83
  latest_tag = latest_tag_from(version)
84
84
 
85
- old_v = version_tag.numeric_version
86
- latest_v = latest_tag.numeric_version
87
-
88
- version_class.new(latest_v) <= version_class.new(old_v)
85
+ comparable_version_from(latest_tag) <= comparable_version_from(version_tag)
89
86
  end
90
87
 
91
88
  def digest_up_to_date?
@@ -151,18 +148,7 @@ module Dependabot
151
148
  end
152
149
 
153
150
  def comparable_tags_from_registry(original_tag)
154
- original_prefix = original_tag.prefix
155
- original_suffix = original_tag.suffix
156
- original_format = original_tag.format
157
-
158
- candidate_tags =
159
- tags_from_registry.
160
- select(&:comparable?).
161
- select { |tag| tag.prefix == original_prefix }.
162
- select { |tag| tag.format == original_format }
163
- return candidate_tags if original_format == :sha_suffixed
164
-
165
- candidate_tags.select { |tag| tag.suffix == original_suffix }
151
+ tags_from_registry.select { |tag| tag.comparable_to?(original_tag) }
166
152
  end
167
153
 
168
154
  def remove_version_downgrades(candidate_tags, version_tag)
@@ -245,7 +231,7 @@ module Dependabot
245
231
  end
246
232
 
247
233
  def fetch_digest_of(tag)
248
- docker_registry_client.digest(docker_repo_name, tag)&.delete_prefix("sha256:")
234
+ docker_registry_client.manifest_digest(docker_repo_name, tag)&.delete_prefix("sha256:")
249
235
  rescue *transient_docker_errors => e
250
236
  attempt ||= 1
251
237
  attempt += 1
@@ -270,11 +256,9 @@ module Dependabot
270
256
  end
271
257
 
272
258
  def prerelease?(tag)
273
- return true if tag.numeric_version.gsub(/kb/i, "").match?(/[a-zA-Z]/)
259
+ return true if tag.looks_like_prerelease?
274
260
 
275
- # If we're dealing with a numeric version we can compare it against
276
- # the digest for the `latest` tag.
277
- return false unless tag.numeric_version
261
+ # Compare the numeric version against the version of the `latest` tag.
278
262
  return false unless latest_digest
279
263
  return false unless version_of_latest_tag
280
264
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-docker
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.225.0
4
+ version: 0.226.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-07-31 00:00:00.000000000 Z
11
+ date: 2023-08-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.225.0
19
+ version: 0.226.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.225.0
26
+ version: 0.226.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -128,14 +128,14 @@ dependencies:
128
128
  requirements:
129
129
  - - "~>"
130
130
  - !ruby/object:Gem::Version
131
- version: 1.17.1
131
+ version: 1.18.0
132
132
  type: :development
133
133
  prerelease: false
134
134
  version_requirements: !ruby/object:Gem::Requirement
135
135
  requirements:
136
136
  - - "~>"
137
137
  - !ruby/object:Gem::Version
138
- version: 1.17.1
138
+ version: 1.18.0
139
139
  - !ruby/object:Gem::Dependency
140
140
  name: stackprof
141
141
  requirement: !ruby/object:Gem::Requirement
@@ -202,7 +202,7 @@ licenses:
202
202
  - Nonstandard
203
203
  metadata:
204
204
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
205
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.225.0
205
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.226.0
206
206
  post_install_message:
207
207
  rdoc_options: []
208
208
  require_paths: