dependabot-docker 0.235.0 → 0.237.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2ee0f465e1956f66ab257358ae18109b4c99ffcc6d0cc898b0bcf63a233be756
|
|
4
|
+
data.tar.gz: a2d1202209b70f51a04327460e5bb8b1a0053f40d3aa2cfa0ce2219170a8a467
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 28eb1c0b65e43ed4ff71952c8d77c70319e7127cee827052a1e2b02d537153d5af2ec1698d89f0554073fbebf0e64711780d04a87c6dde77ed0626cfb42165f3
|
|
7
|
+
data.tar.gz: bf928c4fb9e5a3de42d953630b72f186eccf083d18b54ba921d038ee6d8aabb383b4e9ba396616190d9d8ca7ba759a3545e2dcc6bfd058c762c10127d62f72f5
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
# typed: false
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require "sorbet-runtime"
|
|
4
5
|
require "dependabot/docker/utils/helpers"
|
|
5
6
|
require "dependabot/file_fetchers"
|
|
6
7
|
require "dependabot/file_fetchers/base"
|
|
@@ -8,6 +9,9 @@ require "dependabot/file_fetchers/base"
|
|
|
8
9
|
module Dependabot
|
|
9
10
|
module Docker
|
|
10
11
|
class FileFetcher < Dependabot::FileFetchers::Base
|
|
12
|
+
extend T::Sig
|
|
13
|
+
extend T::Helpers
|
|
14
|
+
|
|
11
15
|
YAML_REGEXP = /^[^\.]+\.ya?ml$/i
|
|
12
16
|
DOCKER_REGEXP = /dockerfile/i
|
|
13
17
|
|
|
@@ -20,8 +24,7 @@ module Dependabot
|
|
|
20
24
|
"Repo must contain a Dockerfile or Kubernetes YAML files."
|
|
21
25
|
end
|
|
22
26
|
|
|
23
|
-
|
|
24
|
-
|
|
27
|
+
sig { override.returns(T::Array[DependencyFile]) }
|
|
25
28
|
def fetch_files
|
|
26
29
|
fetched_files = []
|
|
27
30
|
fetched_files += correctly_encoded_dockerfiles
|
|
@@ -48,6 +51,8 @@ module Dependabot
|
|
|
48
51
|
end
|
|
49
52
|
end
|
|
50
53
|
|
|
54
|
+
private
|
|
55
|
+
|
|
51
56
|
def dockerfiles
|
|
52
57
|
@dockerfiles ||=
|
|
53
58
|
repo_contents(raise_errors: false)
|
|
@@ -33,7 +33,7 @@ module Dependabot
|
|
|
33
33
|
end
|
|
34
34
|
|
|
35
35
|
def looks_like_prerelease?
|
|
36
|
-
numeric_version.
|
|
36
|
+
numeric_version.match?(/[a-zA-Z]/)
|
|
37
37
|
end
|
|
38
38
|
|
|
39
39
|
def comparable_to?(other)
|
|
@@ -110,7 +110,7 @@ module Dependabot
|
|
|
110
110
|
def numeric_version
|
|
111
111
|
return unless comparable?
|
|
112
112
|
|
|
113
|
-
version.gsub(/-[a-z]+/, "").downcase
|
|
113
|
+
version.gsub(/kb/i, "").gsub(/-[a-z]+/, "").downcase
|
|
114
114
|
end
|
|
115
115
|
|
|
116
116
|
def precision
|
|
@@ -258,8 +258,10 @@ module Dependabot
|
|
|
258
258
|
return false unless latest_tag
|
|
259
259
|
|
|
260
260
|
if comparable_version_from(tag) > comparable_version_from(latest_tag)
|
|
261
|
-
Dependabot.logger.info
|
|
262
|
-
|
|
261
|
+
Dependabot.logger.info \
|
|
262
|
+
"The `latest` tag points to the same image as the `#{latest_tag.name}` image, " \
|
|
263
|
+
"so dependabot is treating `#{tag.name}` as a pre-release. " \
|
|
264
|
+
"The `latest` tag needs to point to `#{tag.name}` for Dependabot to consider it."
|
|
263
265
|
|
|
264
266
|
true
|
|
265
267
|
else
|
|
@@ -3,6 +3,7 @@
|
|
|
3
3
|
|
|
4
4
|
require "dependabot/version"
|
|
5
5
|
require "dependabot/utils"
|
|
6
|
+
require "dependabot/docker/tag"
|
|
6
7
|
|
|
7
8
|
module Dependabot
|
|
8
9
|
module Docker
|
|
@@ -14,9 +15,13 @@ module Dependabot
|
|
|
14
15
|
class Version < Dependabot::Version
|
|
15
16
|
def initialize(version)
|
|
16
17
|
release_part, update_part = version.split("_", 2)
|
|
18
|
+
release_part = release_part.sub("v", "")
|
|
17
19
|
|
|
18
|
-
|
|
20
|
+
# The numeric_version is needed here to validate the version string (ex: 20.9.0-alpine3.18)
|
|
21
|
+
# when the call is made via Depenedabot Api to convert the image version to semver.
|
|
22
|
+
release_part = Tag.new(release_part).numeric_version
|
|
19
23
|
|
|
24
|
+
@release_part = Dependabot::Version.new(release_part.tr("-", "."))
|
|
20
25
|
@update_part = Dependabot::Version.new(update_part&.start_with?(/[0-9]/) ? update_part : 0)
|
|
21
26
|
|
|
22
27
|
super(@release_part)
|
data/lib/dependabot/docker.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-docker
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.237.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-
|
|
11
|
+
date: 2023-11-21 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.237.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.237.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -94,20 +94,34 @@ dependencies:
|
|
|
94
94
|
- - "~>"
|
|
95
95
|
- !ruby/object:Gem::Version
|
|
96
96
|
version: '1.3'
|
|
97
|
+
- !ruby/object:Gem::Dependency
|
|
98
|
+
name: rspec-sorbet
|
|
99
|
+
requirement: !ruby/object:Gem::Requirement
|
|
100
|
+
requirements:
|
|
101
|
+
- - "~>"
|
|
102
|
+
- !ruby/object:Gem::Version
|
|
103
|
+
version: 1.9.2
|
|
104
|
+
type: :development
|
|
105
|
+
prerelease: false
|
|
106
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
107
|
+
requirements:
|
|
108
|
+
- - "~>"
|
|
109
|
+
- !ruby/object:Gem::Version
|
|
110
|
+
version: 1.9.2
|
|
97
111
|
- !ruby/object:Gem::Dependency
|
|
98
112
|
name: rubocop
|
|
99
113
|
requirement: !ruby/object:Gem::Requirement
|
|
100
114
|
requirements:
|
|
101
115
|
- - "~>"
|
|
102
116
|
- !ruby/object:Gem::Version
|
|
103
|
-
version: 1.
|
|
117
|
+
version: 1.57.2
|
|
104
118
|
type: :development
|
|
105
119
|
prerelease: false
|
|
106
120
|
version_requirements: !ruby/object:Gem::Requirement
|
|
107
121
|
requirements:
|
|
108
122
|
- - "~>"
|
|
109
123
|
- !ruby/object:Gem::Version
|
|
110
|
-
version: 1.
|
|
124
|
+
version: 1.57.2
|
|
111
125
|
- !ruby/object:Gem::Dependency
|
|
112
126
|
name: rubocop-performance
|
|
113
127
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -216,7 +230,7 @@ licenses:
|
|
|
216
230
|
- Nonstandard
|
|
217
231
|
metadata:
|
|
218
232
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
219
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
233
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.237.0
|
|
220
234
|
post_install_message:
|
|
221
235
|
rdoc_options: []
|
|
222
236
|
require_paths:
|