dependabot-docker 0.235.0 → 0.237.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2ee0f465e1956f66ab257358ae18109b4c99ffcc6d0cc898b0bcf63a233be756
|
4
|
+
data.tar.gz: a2d1202209b70f51a04327460e5bb8b1a0053f40d3aa2cfa0ce2219170a8a467
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 28eb1c0b65e43ed4ff71952c8d77c70319e7127cee827052a1e2b02d537153d5af2ec1698d89f0554073fbebf0e64711780d04a87c6dde77ed0626cfb42165f3
|
7
|
+
data.tar.gz: bf928c4fb9e5a3de42d953630b72f186eccf083d18b54ba921d038ee6d8aabb383b4e9ba396616190d9d8ca7ba759a3545e2dcc6bfd058c762c10127d62f72f5
|
@@ -1,6 +1,7 @@
|
|
1
1
|
# typed: false
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
|
+
require "sorbet-runtime"
|
4
5
|
require "dependabot/docker/utils/helpers"
|
5
6
|
require "dependabot/file_fetchers"
|
6
7
|
require "dependabot/file_fetchers/base"
|
@@ -8,6 +9,9 @@ require "dependabot/file_fetchers/base"
|
|
8
9
|
module Dependabot
|
9
10
|
module Docker
|
10
11
|
class FileFetcher < Dependabot::FileFetchers::Base
|
12
|
+
extend T::Sig
|
13
|
+
extend T::Helpers
|
14
|
+
|
11
15
|
YAML_REGEXP = /^[^\.]+\.ya?ml$/i
|
12
16
|
DOCKER_REGEXP = /dockerfile/i
|
13
17
|
|
@@ -20,8 +24,7 @@ module Dependabot
|
|
20
24
|
"Repo must contain a Dockerfile or Kubernetes YAML files."
|
21
25
|
end
|
22
26
|
|
23
|
-
|
24
|
-
|
27
|
+
sig { override.returns(T::Array[DependencyFile]) }
|
25
28
|
def fetch_files
|
26
29
|
fetched_files = []
|
27
30
|
fetched_files += correctly_encoded_dockerfiles
|
@@ -48,6 +51,8 @@ module Dependabot
|
|
48
51
|
end
|
49
52
|
end
|
50
53
|
|
54
|
+
private
|
55
|
+
|
51
56
|
def dockerfiles
|
52
57
|
@dockerfiles ||=
|
53
58
|
repo_contents(raise_errors: false)
|
@@ -33,7 +33,7 @@ module Dependabot
|
|
33
33
|
end
|
34
34
|
|
35
35
|
def looks_like_prerelease?
|
36
|
-
numeric_version.
|
36
|
+
numeric_version.match?(/[a-zA-Z]/)
|
37
37
|
end
|
38
38
|
|
39
39
|
def comparable_to?(other)
|
@@ -110,7 +110,7 @@ module Dependabot
|
|
110
110
|
def numeric_version
|
111
111
|
return unless comparable?
|
112
112
|
|
113
|
-
version.gsub(/-[a-z]+/, "").downcase
|
113
|
+
version.gsub(/kb/i, "").gsub(/-[a-z]+/, "").downcase
|
114
114
|
end
|
115
115
|
|
116
116
|
def precision
|
@@ -258,8 +258,10 @@ module Dependabot
|
|
258
258
|
return false unless latest_tag
|
259
259
|
|
260
260
|
if comparable_version_from(tag) > comparable_version_from(latest_tag)
|
261
|
-
Dependabot.logger.info
|
262
|
-
|
261
|
+
Dependabot.logger.info \
|
262
|
+
"The `latest` tag points to the same image as the `#{latest_tag.name}` image, " \
|
263
|
+
"so dependabot is treating `#{tag.name}` as a pre-release. " \
|
264
|
+
"The `latest` tag needs to point to `#{tag.name}` for Dependabot to consider it."
|
263
265
|
|
264
266
|
true
|
265
267
|
else
|
@@ -3,6 +3,7 @@
|
|
3
3
|
|
4
4
|
require "dependabot/version"
|
5
5
|
require "dependabot/utils"
|
6
|
+
require "dependabot/docker/tag"
|
6
7
|
|
7
8
|
module Dependabot
|
8
9
|
module Docker
|
@@ -14,9 +15,13 @@ module Dependabot
|
|
14
15
|
class Version < Dependabot::Version
|
15
16
|
def initialize(version)
|
16
17
|
release_part, update_part = version.split("_", 2)
|
18
|
+
release_part = release_part.sub("v", "")
|
17
19
|
|
18
|
-
|
20
|
+
# The numeric_version is needed here to validate the version string (ex: 20.9.0-alpine3.18)
|
21
|
+
# when the call is made via Depenedabot Api to convert the image version to semver.
|
22
|
+
release_part = Tag.new(release_part).numeric_version
|
19
23
|
|
24
|
+
@release_part = Dependabot::Version.new(release_part.tr("-", "."))
|
20
25
|
@update_part = Dependabot::Version.new(update_part&.start_with?(/[0-9]/) ? update_part : 0)
|
21
26
|
|
22
27
|
super(@release_part)
|
data/lib/dependabot/docker.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-docker
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.237.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-
|
11
|
+
date: 2023-11-21 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.237.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.237.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -94,20 +94,34 @@ dependencies:
|
|
94
94
|
- - "~>"
|
95
95
|
- !ruby/object:Gem::Version
|
96
96
|
version: '1.3'
|
97
|
+
- !ruby/object:Gem::Dependency
|
98
|
+
name: rspec-sorbet
|
99
|
+
requirement: !ruby/object:Gem::Requirement
|
100
|
+
requirements:
|
101
|
+
- - "~>"
|
102
|
+
- !ruby/object:Gem::Version
|
103
|
+
version: 1.9.2
|
104
|
+
type: :development
|
105
|
+
prerelease: false
|
106
|
+
version_requirements: !ruby/object:Gem::Requirement
|
107
|
+
requirements:
|
108
|
+
- - "~>"
|
109
|
+
- !ruby/object:Gem::Version
|
110
|
+
version: 1.9.2
|
97
111
|
- !ruby/object:Gem::Dependency
|
98
112
|
name: rubocop
|
99
113
|
requirement: !ruby/object:Gem::Requirement
|
100
114
|
requirements:
|
101
115
|
- - "~>"
|
102
116
|
- !ruby/object:Gem::Version
|
103
|
-
version: 1.
|
117
|
+
version: 1.57.2
|
104
118
|
type: :development
|
105
119
|
prerelease: false
|
106
120
|
version_requirements: !ruby/object:Gem::Requirement
|
107
121
|
requirements:
|
108
122
|
- - "~>"
|
109
123
|
- !ruby/object:Gem::Version
|
110
|
-
version: 1.
|
124
|
+
version: 1.57.2
|
111
125
|
- !ruby/object:Gem::Dependency
|
112
126
|
name: rubocop-performance
|
113
127
|
requirement: !ruby/object:Gem::Requirement
|
@@ -216,7 +230,7 @@ licenses:
|
|
216
230
|
- Nonstandard
|
217
231
|
metadata:
|
218
232
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
219
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
233
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.237.0
|
220
234
|
post_install_message:
|
221
235
|
rdoc_options: []
|
222
236
|
require_paths:
|