dependabot-docker 0.235.0 → 0.237.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: cc10540cbe05aa8ec73184817977c47789525a705c85e3a1421b7486cacb466e
4
- data.tar.gz: 710fc716cce86257288bdff6b25aa7b958a50d6358d2e398adb69ee4be73e7ba
3
+ metadata.gz: 2ee0f465e1956f66ab257358ae18109b4c99ffcc6d0cc898b0bcf63a233be756
4
+ data.tar.gz: a2d1202209b70f51a04327460e5bb8b1a0053f40d3aa2cfa0ce2219170a8a467
5
5
  SHA512:
6
- metadata.gz: c5b8dd25e211dd926402f3461c3712eace28f149f6ced2f9d7558906dd50529f3138eaa5e841efea98d6ff5a1ea53df0a082d15a5c09c4a1f198a56e3beb747c
7
- data.tar.gz: ebe2385c66bf98f3a92e9b3f554f049e11109713c68db034738f2767349b545b52ddd81d34ca8bd02441c579a4fd5c112323537e0d36c82947de2351b02dbaff
6
+ metadata.gz: 28eb1c0b65e43ed4ff71952c8d77c70319e7127cee827052a1e2b02d537153d5af2ec1698d89f0554073fbebf0e64711780d04a87c6dde77ed0626cfb42165f3
7
+ data.tar.gz: bf928c4fb9e5a3de42d953630b72f186eccf083d18b54ba921d038ee6d8aabb383b4e9ba396616190d9d8ca7ba759a3545e2dcc6bfd058c762c10127d62f72f5
@@ -1,6 +1,7 @@
1
1
  # typed: false
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "sorbet-runtime"
4
5
  require "dependabot/docker/utils/helpers"
5
6
  require "dependabot/file_fetchers"
6
7
  require "dependabot/file_fetchers/base"
@@ -8,6 +9,9 @@ require "dependabot/file_fetchers/base"
8
9
  module Dependabot
9
10
  module Docker
10
11
  class FileFetcher < Dependabot::FileFetchers::Base
12
+ extend T::Sig
13
+ extend T::Helpers
14
+
11
15
  YAML_REGEXP = /^[^\.]+\.ya?ml$/i
12
16
  DOCKER_REGEXP = /dockerfile/i
13
17
 
@@ -20,8 +24,7 @@ module Dependabot
20
24
  "Repo must contain a Dockerfile or Kubernetes YAML files."
21
25
  end
22
26
 
23
- private
24
-
27
+ sig { override.returns(T::Array[DependencyFile]) }
25
28
  def fetch_files
26
29
  fetched_files = []
27
30
  fetched_files += correctly_encoded_dockerfiles
@@ -48,6 +51,8 @@ module Dependabot
48
51
  end
49
52
  end
50
53
 
54
+ private
55
+
51
56
  def dockerfiles
52
57
  @dockerfiles ||=
53
58
  repo_contents(raise_errors: false)
@@ -33,7 +33,7 @@ module Dependabot
33
33
  end
34
34
 
35
35
  def looks_like_prerelease?
36
- numeric_version.gsub(/kb/i, "").match?(/[a-zA-Z]/)
36
+ numeric_version.match?(/[a-zA-Z]/)
37
37
  end
38
38
 
39
39
  def comparable_to?(other)
@@ -110,7 +110,7 @@ module Dependabot
110
110
  def numeric_version
111
111
  return unless comparable?
112
112
 
113
- version.gsub(/-[a-z]+/, "").downcase
113
+ version.gsub(/kb/i, "").gsub(/-[a-z]+/, "").downcase
114
114
  end
115
115
 
116
116
  def precision
@@ -258,8 +258,10 @@ module Dependabot
258
258
  return false unless latest_tag
259
259
 
260
260
  if comparable_version_from(tag) > comparable_version_from(latest_tag)
261
- Dependabot.logger.info "Tag with non-prerelease version name #{tag.name} detected as prerelease, " \
262
- "because it sorts higher than #{latest_tag.name}."
261
+ Dependabot.logger.info \
262
+ "The `latest` tag points to the same image as the `#{latest_tag.name}` image, " \
263
+ "so dependabot is treating `#{tag.name}` as a pre-release. " \
264
+ "The `latest` tag needs to point to `#{tag.name}` for Dependabot to consider it."
263
265
 
264
266
  true
265
267
  else
@@ -3,6 +3,7 @@
3
3
 
4
4
  require "dependabot/version"
5
5
  require "dependabot/utils"
6
+ require "dependabot/docker/tag"
6
7
 
7
8
  module Dependabot
8
9
  module Docker
@@ -14,9 +15,13 @@ module Dependabot
14
15
  class Version < Dependabot::Version
15
16
  def initialize(version)
16
17
  release_part, update_part = version.split("_", 2)
18
+ release_part = release_part.sub("v", "")
17
19
 
18
- @release_part = Dependabot::Version.new(release_part.sub("v", "").tr("-", "."))
20
+ # The numeric_version is needed here to validate the version string (ex: 20.9.0-alpine3.18)
21
+ # when the call is made via Depenedabot Api to convert the image version to semver.
22
+ release_part = Tag.new(release_part).numeric_version
19
23
 
24
+ @release_part = Dependabot::Version.new(release_part.tr("-", "."))
20
25
  @update_part = Dependabot::Version.new(update_part&.start_with?(/[0-9]/) ? update_part : 0)
21
26
 
22
27
  super(@release_part)
@@ -1,4 +1,4 @@
1
- # typed: true
1
+ # typed: strong
2
2
  # frozen_string_literal: true
3
3
 
4
4
  # These all need to be required so the various classes can be registered in a
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-docker
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.235.0
4
+ version: 0.237.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-10-19 00:00:00.000000000 Z
11
+ date: 2023-11-21 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.235.0
19
+ version: 0.237.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.235.0
26
+ version: 0.237.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -94,20 +94,34 @@ dependencies:
94
94
  - - "~>"
95
95
  - !ruby/object:Gem::Version
96
96
  version: '1.3'
97
+ - !ruby/object:Gem::Dependency
98
+ name: rspec-sorbet
99
+ requirement: !ruby/object:Gem::Requirement
100
+ requirements:
101
+ - - "~>"
102
+ - !ruby/object:Gem::Version
103
+ version: 1.9.2
104
+ type: :development
105
+ prerelease: false
106
+ version_requirements: !ruby/object:Gem::Requirement
107
+ requirements:
108
+ - - "~>"
109
+ - !ruby/object:Gem::Version
110
+ version: 1.9.2
97
111
  - !ruby/object:Gem::Dependency
98
112
  name: rubocop
99
113
  requirement: !ruby/object:Gem::Requirement
100
114
  requirements:
101
115
  - - "~>"
102
116
  - !ruby/object:Gem::Version
103
- version: 1.56.0
117
+ version: 1.57.2
104
118
  type: :development
105
119
  prerelease: false
106
120
  version_requirements: !ruby/object:Gem::Requirement
107
121
  requirements:
108
122
  - - "~>"
109
123
  - !ruby/object:Gem::Version
110
- version: 1.56.0
124
+ version: 1.57.2
111
125
  - !ruby/object:Gem::Dependency
112
126
  name: rubocop-performance
113
127
  requirement: !ruby/object:Gem::Requirement
@@ -216,7 +230,7 @@ licenses:
216
230
  - Nonstandard
217
231
  metadata:
218
232
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
219
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.235.0
233
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.237.0
220
234
  post_install_message:
221
235
  rdoc_options: []
222
236
  require_paths: