dependabot-docker 0.225.0 → 0.227.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/docker/tag.rb +40 -5
  3. data/lib/dependabot/docker/update_checker.rb +16 -31
  4. metadata +7 -7
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: bed9be20b5dafebe413d70b16a5940bb474b89b2eeaab9501f824f66c3d6ac90
4
- data.tar.gz: f6ac3c022f82f6bbccbe7a7ed29d7b15eef4412e7a5f802ae7161bb39fbb3fca
3
+ metadata.gz: 81fe8e185f867be1dcd353520cacf3d605bf5f345b89f8707589fff41f8bb28d
4
+ data.tar.gz: b3b8b762d9b97cc90020a0e93eb25e3618159f6f5c5e5079723757b3176d0682
5
5
  SHA512:
6
- metadata.gz: e5d888a8c7c67653d554bfcaa24ecb7e532812000c0b89297303f9521195d5711bbca95b2cd66e19e460730e15f72ac67227f0ffcac99b3f3cf08a4c3cea9605
7
- data.tar.gz: e1679c8e2220b27daa88ffc948296b2927e37ab11a475d1e7520d54c940a91f72d1b37ff6bfde5c7c11ea31ac9cbd6381542d3d3188202e33fbe905e7c82fcfa
6
+ metadata.gz: 1fc30d0ccb0da9a0541d2acc4f19533ae9a602c96c55c68f3890efa24880243e58b7dba01bfb497d737921c95ae6c4b584921451b6cd161daaebac0dbe39cf31
7
+ data.tar.gz: 50b8e85fbd2244f1a26d04abbfcff010c5b5bcc0b6dc0755cd31a58d2cd60163c9a05f5f3e0650a0f24094d53ec6be5d685e419c0c106cbfa2426031ca225645
data/lib/dependabot/docker/tag.rb CHANGED
@@ -5,7 +5,8 @@ require "dependabot/docker/file_parser"
5
5
  module Dependabot
6
6
  module Docker
7
7
  class Tag
8
- VERSION_REGEX = /v?(?<version>[0-9]+(?:\.[0-9]+)*(?:_[0-9]+|\.[a-z0-9]+|-(?:kb)?[0-9]+)*)/i
8
+ WORDS_WITH_BUILD = /(?:(?:-[a-z]+)+-[0-9]+)+/
9
+ VERSION_REGEX = /v?(?<version>[0-9]+(?:\.[0-9]+)*(?:_[0-9]+|\.[a-z0-9]+|#{WORDS_WITH_BUILD}|-(?:kb)?[0-9]+)*)/i
9
10
  VERSION_WITH_SFX = /^#{VERSION_REGEX}(?<suffix>-[a-z][a-z0-9.\-]*)?$/i
10
11
  VERSION_WITH_PFX = /^(?<prefix>[a-z][a-z0-9.\-]*-)?#{VERSION_REGEX}$/i
11
12
  VERSION_WITH_PFX_AND_SFX = /^(?<prefix>[a-z\-]+-)?#{VERSION_REGEX}(?<suffix>-[a-z\-]+)?$/i
@@ -30,6 +31,25 @@ module Dependabot
30
31
  name.match?(FileParser::DIGEST)
31
32
  end
32
33
 
34
+ def looks_like_prerelease?
35
+ numeric_version.gsub(/kb/i, "").match?(/[a-zA-Z]/)
36
+ end
37
+
38
+ def comparable_to?(other)
39
+ return false unless comparable?
40
+
41
+ other_prefix = other.prefix
42
+ other_suffix = other.suffix
43
+ other_format = other.format
44
+
45
+ equal_prefix = prefix == other_prefix
46
+ equal_format = format == other_format
47
+ return equal_prefix && equal_format if other_format == :sha_suffixed
48
+
49
+ equal_suffix = suffix == other_suffix
50
+ equal_prefix && equal_format && equal_suffix
51
+ end
52
+
33
53
  def comparable?
34
54
  name.match?(NAME_WITH_VERSION)
35
55
  end
@@ -62,11 +82,26 @@ module Dependabot
62
82
  name.match(NAME_WITH_VERSION).named_captures.fetch("suffix")
63
83
  end
64
84
 
85
+ def version
86
+ name.match(NAME_WITH_VERSION).named_captures.fetch("version")
87
+ end
88
+
65
89
  def format
66
- return :year_month if numeric_version.match?(/^[12]\d{3}(?:[.\-]|$)/)
67
- return :year_month_day if numeric_version.match?(/^[12]\d{5}(?:[.\-]|$)/)
90
+ return :year_month if version.match?(/^[12]\d{3}(?:[.\-]|$)/)
91
+ return :year_month_day if version.match?(/^[12]\d{5}(?:[.\-]|$)/)
68
92
  return :sha_suffixed if name.match?(/(^|\-g?)[0-9a-f]{7,}$/)
69
- return :build_num if numeric_version.match?(/^\d+$/)
93
+ return :build_num if version.match?(/^\d+$/)
94
+
95
+ # As an example, "21-ea-32", "22-ea-7", and "22-ea-jdk-nanoserver-1809"
96
+ # are mapped to "<version>-ea-<build_num>", "<version>-ea-<build_num>",
97
+ # and "<version>-ea-jdk-nanoserver-<build_num>" respectively.
98
+ #
99
+ # That means only "22-ea-7" will be considered as a viable update
100
+ # candidate for "21-ea-32", since it's the only one that respects that
101
+ # format.
102
+ if version.match?(WORDS_WITH_BUILD)
103
+ return :"<version>#{version.match(WORDS_WITH_BUILD).to_s.gsub(/-[0-9]+/, "-<build_num>")}"
104
+ end
70
105
 
71
106
  :normal
72
107
  end
@@ -74,7 +109,7 @@ module Dependabot
74
109
  def numeric_version
75
110
  return unless comparable?
76
111
 
77
- name.match(NAME_WITH_VERSION).named_captures.fetch("version").downcase
112
+ version.gsub(/-[a-z]+/, "").downcase
78
113
  end
79
114
 
80
115
  def precision
data/lib/dependabot/docker/update_checker.rb CHANGED
@@ -82,10 +82,7 @@ module Dependabot
82
82
 
83
83
  latest_tag = latest_tag_from(version)
84
84
 
85
- old_v = version_tag.numeric_version
86
- latest_v = latest_tag.numeric_version
87
-
88
- version_class.new(latest_v) <= version_class.new(old_v)
85
+ comparable_version_from(latest_tag) <= comparable_version_from(version_tag)
89
86
  end
90
87
 
91
88
  def digest_up_to_date?
@@ -151,18 +148,7 @@ module Dependabot
151
148
  end
152
149
 
153
150
  def comparable_tags_from_registry(original_tag)
154
- original_prefix = original_tag.prefix
155
- original_suffix = original_tag.suffix
156
- original_format = original_tag.format
157
-
158
- candidate_tags =
159
- tags_from_registry.
160
- select(&:comparable?).
161
- select { |tag| tag.prefix == original_prefix }.
162
- select { |tag| tag.format == original_format }
163
- return candidate_tags if original_format == :sha_suffixed
164
-
165
- candidate_tags.select { |tag| tag.suffix == original_suffix }
151
+ tags_from_registry.select { |tag| tag.comparable_to?(original_tag) }
166
152
  end
167
153
 
168
154
  def remove_version_downgrades(candidate_tags, version_tag)
@@ -185,19 +171,14 @@ module Dependabot
185
171
  end
186
172
  end
187
173
 
188
- def version_of_latest_tag
174
+ def latest_tag
189
175
  return unless latest_digest
190
176
 
191
- candidate_tag =
192
- tags_from_registry.
177
+ tags_from_registry.
193
178
  select(&:canonical?).
194
179
  sort_by { |t| comparable_version_from(t) }.
195
180
  reverse.
196
181
  find { |t| digest_of(t.name) == latest_digest }
197
-
198
- return unless candidate_tag
199
-
200
- comparable_version_from(candidate_tag)
201
182
  end
202
183
 
203
184
  def updated_digest
@@ -245,7 +226,7 @@ module Dependabot
245
226
  end
246
227
 
247
228
  def fetch_digest_of(tag)
248
- docker_registry_client.digest(docker_repo_name, tag)&.delete_prefix("sha256:")
229
+ docker_registry_client.manifest_digest(docker_repo_name, tag)&.delete_prefix("sha256:")
249
230
  rescue *transient_docker_errors => e
250
231
  attempt ||= 1
251
232
  attempt += 1
@@ -270,15 +251,19 @@ module Dependabot
270
251
  end
271
252
 
272
253
  def prerelease?(tag)
273
- return true if tag.numeric_version.gsub(/kb/i, "").match?(/[a-zA-Z]/)
254
+ return true if tag.looks_like_prerelease?
255
+
256
+ # Compare the numeric version against the version of the `latest` tag.
257
+ return false unless latest_tag
274
258
 
275
- # If we're dealing with a numeric version we can compare it against
276
- # the digest for the `latest` tag.
277
- return false unless tag.numeric_version
278
- return false unless latest_digest
279
- return false unless version_of_latest_tag
259
+ if comparable_version_from(tag) > comparable_version_from(latest_tag)
260
+ Dependabot.logger.info "Tag with non-prerelease version name #{tag.name} detected as prerelease, " \
261
+ "because it sorts higher than #{latest_tag.name}."
280
262
 
281
- comparable_version_from(tag) > version_of_latest_tag
263
+ true
264
+ else
265
+ false
266
+ end
282
267
  end
283
268
 
284
269
  def comparable_version_from(tag)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-docker
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.225.0
4
+ version: 0.227.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-07-31 00:00:00.000000000 Z
11
+ date: 2023-08-18 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.225.0
19
+ version: 0.227.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.225.0
26
+ version: 0.227.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -128,14 +128,14 @@ dependencies:
128
128
  requirements:
129
129
  - - "~>"
130
130
  - !ruby/object:Gem::Version
131
- version: 1.17.1
131
+ version: 1.19.0
132
132
  type: :development
133
133
  prerelease: false
134
134
  version_requirements: !ruby/object:Gem::Requirement
135
135
  requirements:
136
136
  - - "~>"
137
137
  - !ruby/object:Gem::Version
138
- version: 1.17.1
138
+ version: 1.19.0
139
139
  - !ruby/object:Gem::Dependency
140
140
  name: stackprof
141
141
  requirement: !ruby/object:Gem::Requirement
@@ -202,7 +202,7 @@ licenses:
202
202
  - Nonstandard
203
203
  metadata:
204
204
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
205
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.225.0
205
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.227.0
206
206
  post_install_message:
207
207
  rdoc_options: []
208
208
  require_paths: