dependabot-docker 0.237.0 → 0.238.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 2ee0f465e1956f66ab257358ae18109b4c99ffcc6d0cc898b0bcf63a233be756
4
- data.tar.gz: a2d1202209b70f51a04327460e5bb8b1a0053f40d3aa2cfa0ce2219170a8a467
3
+ metadata.gz: 69bb77e9d2f9e7ba40fcb0e22d511c145a476f3f63552cf6eead115d6a65a752
4
+ data.tar.gz: 775a23cba49f525d5093629661c161d4deae5354daf52c8a5444f4cd6f3cdd09
5
5
  SHA512:
6
- metadata.gz: 28eb1c0b65e43ed4ff71952c8d77c70319e7127cee827052a1e2b02d537153d5af2ec1698d89f0554073fbebf0e64711780d04a87c6dde77ed0626cfb42165f3
7
- data.tar.gz: bf928c4fb9e5a3de42d953630b72f186eccf083d18b54ba921d038ee6d8aabb383b4e9ba396616190d9d8ca7ba759a3545e2dcc6bfd058c762c10127d62f72f5
6
+ metadata.gz: 96b9846927942ae465ab404247ad68f2cab7eaaa7e9301daec8153971154bb8a92f7be966f31ceb6e71dd0ca5a8685fcc032871257303ba35d11bef00833ce5a
7
+ data.tar.gz: 72c9b25b755bef30169f6428a66df7be98a02e35cc77e60d3a99e8cbf8c1d2a3ea4ba00d7bccdfe367d147f8287045f106a18267c76b80806fd18dcfbe88a155
@@ -24,12 +24,14 @@ module Dependabot
24
24
 
25
25
  FROM = /FROM/i
26
26
  PLATFORM = /--platform\=(?<platform>\S+)/
27
- TAG = /:(?<tag>[\w][\w.-]{0,127})/
27
+ TAG_NO_PREFIX = /(?<tag>[\w][\w.-]{0,127})/
28
+ TAG = /:#{TAG_NO_PREFIX}/
28
29
  DIGEST = /(?<digest>[0-9a-f]{64})/
29
30
  NAME = /\s+AS\s+(?<name>[\w-]+)/
30
31
  FROM_LINE =
31
32
  %r{^#{FROM}\s+(#{PLATFORM}\s+)?(#{REGISTRY}/)?
32
33
  #{IMAGE}#{TAG}?(?:@sha256:#{DIGEST})?#{NAME}?}x
34
+ TAG_WITH_DIGEST = /^#{TAG_NO_PREFIX}(?:@sha256:#{DIGEST})?/x
33
35
 
34
36
  AWS_ECR_URL = /dkr\.ecr\.(?<region>[^.]+)\.amazonaws\.com/
35
37
 
@@ -50,7 +52,7 @@ module Dependabot
50
52
 
51
53
  dependency_set << Dependency.new(
52
54
  name: parsed_from_line.fetch("image"),
53
- version: version.sub(/^v/, ""),
55
+ version: version,
54
56
  package_manager: "docker",
55
57
  requirements: [
56
58
  requirement: nil,
@@ -127,7 +129,7 @@ module Dependabot
127
129
  def build_image_dependency(file, details, version)
128
130
  Dependency.new(
129
131
  name: details.fetch("image"),
130
- version: version.sub(/^v/, ""),
132
+ version: version,
131
133
  package_manager: "docker",
132
134
  requirements: [
133
135
  requirement: nil,
@@ -168,18 +170,20 @@ module Dependabot
168
170
 
169
171
  def parse_helm(img_hash)
170
172
  repo = img_hash.fetch("repository", nil)
171
- tag = img_hash.key?("tag") ? img_hash.fetch("tag", nil) : img_hash.fetch("version", nil)
173
+ tag_value = img_hash.key?("tag") ? img_hash.fetch("tag", nil) : img_hash.fetch("version", nil)
172
174
  registry = img_hash.fetch("registry", nil)
173
175
 
174
- if !repo.nil? && !registry.nil? && !tag.nil?
175
- ["#{registry}/#{repo}:#{tag}"]
176
- elsif !repo.nil? && !tag.nil?
177
- ["#{repo}:#{tag}"]
178
- elsif !repo.nil?
179
- [repo]
180
- else
181
- []
182
- end
176
+ tag_details = tag_value.to_s.match(TAG_WITH_DIGEST).named_captures
177
+ tag = tag_details["tag"]
178
+ digest = tag_details["digest"]
179
+
180
+ return [] unless repo
181
+ return [repo] unless tag
182
+
183
+ image = "#{repo}:#{tag}"
184
+ image.prepend("#{registry}/") if registry
185
+ image.append("@sha256:#{digest}/") if digest
186
+ [image]
183
187
  end
184
188
  end
185
189
  end
@@ -158,7 +158,7 @@ module Dependabot
158
158
  old_tags.each do |old_tag|
159
159
  old_tag_regex = /^\s+(?:-\s)?(?:tag|version):\s+["']?#{old_tag}["']?(?=\s|$)/
160
160
  modified_content = modified_content.gsub(old_tag_regex) do |old_img_tag|
161
- old_img_tag.gsub(old_tag.to_s, new_yaml_tag(file).to_s)
161
+ old_img_tag.gsub(old_tag.to_s, new_helm_tag(file).to_s)
162
162
  end
163
163
  end
164
164
  modified_content
@@ -187,11 +187,6 @@ module Dependabot
187
187
  "#{prefix}#{dependency.name}#{tag}#{digest}"
188
188
  end
189
189
 
190
- def new_yaml_tag(file)
191
- element = dependency.requirements.find { |r| r[:file] == file.name }
192
- element.fetch(:source)[:tag] || ""
193
- end
194
-
195
190
  def old_yaml_images(file)
196
191
  previous_requirements(file).map do |r|
197
192
  prefix = r.fetch(:source)[:registry] ? "#{r.fetch(:source)[:registry]}/" : ""
@@ -203,10 +198,19 @@ module Dependabot
203
198
 
204
199
  def old_helm_tags(file)
205
200
  previous_requirements(file).map do |r|
206
- r.fetch(:source)[:tag] || ""
201
+ tag = r.fetch(:source)[:tag] || ""
202
+ digest = r.fetch(:source)[:digest] ? "@sha256:#{r.fetch(:source)[:digest]}" : ""
203
+ "#{tag}#{digest}"
207
204
  end
208
205
  end
209
206
 
207
+ def new_helm_tag(file)
208
+ element = dependency.requirements.find { |r| r[:file] == file.name }
209
+ tag = element.fetch(:source)[:tag] || ""
210
+ digest = element.fetch(:source)[:digest] ? "@sha256:#{element.fetch(:source)[:digest]}" : ""
211
+ "#{tag}#{digest}"
212
+ end
213
+
210
214
  def requirements(file)
211
215
  dependency.requirements
212
216
  .select { |r| r[:file] == file.name }
@@ -9,8 +9,8 @@ module Dependabot
9
9
  WORDS_WITH_BUILD = /(?:(?:-[a-z]+)+-[0-9]+)+/
10
10
  VERSION_REGEX = /v?(?<version>[0-9]+(?:\.[0-9]+)*(?:_[0-9]+|\.[a-z0-9]+|#{WORDS_WITH_BUILD}|-(?:kb)?[0-9]+)*)/i
11
11
  VERSION_WITH_SFX = /^#{VERSION_REGEX}(?<suffix>-[a-z][a-z0-9.\-]*)?$/i
12
- VERSION_WITH_PFX = /^(?<prefix>[a-z][a-z0-9.\-]*-)?#{VERSION_REGEX}$/i
13
- VERSION_WITH_PFX_AND_SFX = /^(?<prefix>[a-z\-]+-)?#{VERSION_REGEX}(?<suffix>-[a-z\-]+)?$/i
12
+ VERSION_WITH_PFX = /^(?<prefix>[a-z][a-z0-9.\-_]*-)?#{VERSION_REGEX}$/i
13
+ VERSION_WITH_PFX_AND_SFX = /^(?<prefix>[a-z\-_]+-)?#{VERSION_REGEX}(?<suffix>-[a-z\-]+)?$/i
14
14
  NAME_WITH_VERSION =
15
15
  /
16
16
  #{VERSION_WITH_PFX}|
@@ -88,9 +88,9 @@ module Dependabot
88
88
  end
89
89
 
90
90
  def format
91
- return :year_month if version.match?(/^[12]\d{3}(?:[.\-]|$)/)
92
- return :year_month_day if version.match?(/^[12]\d{5}(?:[.\-]|$)/)
93
91
  return :sha_suffixed if name.match?(/(^|\-g?)[0-9a-f]{7,}$/)
92
+ return :year_month if version.match?(/^[12]\d{3}(?:[.\-]|$)/)
93
+ return :year_month_day if version.match?(/^[12](?:\d{5}|\d{7})(?:[.\-]|$)/)
94
94
  return :build_num if version.match?(/^\d+$/)
95
95
 
96
96
  # As an example, "21-ea-32", "22-ea-7", and "22-ea-jdk-nanoserver-1809"
@@ -13,13 +13,17 @@ module Dependabot
13
13
  # for a description of Java versions.
14
14
  #
15
15
  class Version < Dependabot::Version
16
+ # The regex has limits for the 0,255 and 1,255 repetitions to avoid infinite limits which makes codeql angry.
17
+ # A docker image cannot be longer than 255 characters anyways.
18
+ DOCKER_VERSION_REGEX = /^(?<prefix>[a-z._\-]{0,255})[_\-v]?(?<version>.{1,255})$/
19
+
16
20
  def initialize(version)
17
- release_part, update_part = version.split("_", 2)
18
- release_part = release_part.sub("v", "")
21
+ parsed_version = version.match(DOCKER_VERSION_REGEX)
22
+ release_part, update_part = parsed_version[:version].split("_", 2)
19
23
 
20
24
  # The numeric_version is needed here to validate the version string (ex: 20.9.0-alpine3.18)
21
25
  # when the call is made via Depenedabot Api to convert the image version to semver.
22
- release_part = Tag.new(release_part).numeric_version
26
+ release_part = Tag.new(release_part.chomp(".").chomp("-").chomp("_")).numeric_version
23
27
 
24
28
  @release_part = Dependabot::Version.new(release_part.tr("-", "."))
25
29
  @update_part = Dependabot::Version.new(update_part&.start_with?(/[0-9]/) ? update_part : 0)
@@ -32,8 +36,11 @@ module Dependabot
32
36
 
33
37
  # We can't call new here because Gem::Version calls self.correct? in its initialize method
34
38
  # causing an infinite loop, so instead we check if the release_part of the version is correct
35
- release_part, = version.split("_", 2)
36
- release_part = release_part.sub("v", "").tr("-", ".")
39
+ parsed_version = version.match(DOCKER_VERSION_REGEX)
40
+ return false if parsed_version.nil?
41
+
42
+ release_part, = parsed_version[:version].split("_", 2)
43
+ release_part = Tag.new(release_part.chomp(".").chomp("-").chomp("_")).numeric_version || parsed_version
37
44
  super(release_part)
38
45
  rescue ArgumentError
39
46
  # if we can't instantiate a version, it can't be correct
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-docker
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.237.0
4
+ version: 0.238.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-11-21 00:00:00.000000000 Z
11
+ date: 2023-12-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.237.0
19
+ version: 0.238.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.237.0
26
+ version: 0.238.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -230,7 +230,7 @@ licenses:
230
230
  - Nonstandard
231
231
  metadata:
232
232
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
233
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.237.0
233
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.238.0
234
234
  post_install_message:
235
235
  rdoc_options: []
236
236
  require_paths: