RubyGems - dependabot-docker - Versions diffs - 0.244.0 → 0.246.0 - Mend

dependabot-docker 0.244.0 → 0.246.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/lib/dependabot/docker/file_fetcher.rb +2 -3
data/lib/dependabot/docker/file_parser.rb +3 -3
data/lib/dependabot/docker/update_checker.rb +3 -1
data/lib/dependabot/docker/utils/credentials_finder.rb +7 -1
metadata +5 -5

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c52ccd7109a9ba52a4721caab52dee265b8fbac58b014ef41f1764254d5b4ba6
-  data.tar.gz: a1c7eacd01a34f18f018dc6e2f35b3709986bf32d304c22bf0325a31dafd9791
+  metadata.gz: 00e870369360f07efa9b9cc9c6d028b163d2c42892f39e4ab307a5b9671e0262
+  data.tar.gz: bc79c8c1a1f9faffd6a0b9d54e914572afd2162f510c03de76a3b73d1be54747
 SHA512:
-  metadata.gz: 644b13f04cafb8cde3fafc549221b48acd25a536f9605a7762affa9ba6ce53c50f0151cc0aa1bb5293d4913ecc66dd074641179a4199bf60d45d45c605beeab8
-  data.tar.gz: '0085584c58c0162fa0532362f6bcf9d0d0e076a11e4fee1c8c28422a7bad80fa363b006d3498f7f83d226c75e7238530a6be3db2e0ca0eee48b8366def1750db'
+  metadata.gz: b8d4531b231f7f005f2063e1787795bbb673ffca7da8b3352c3cdc927d30c77594e7b962893645c252cdddc20c55990b974611a12c8422953881af4acfe1a108
+  data.tar.gz: c1e0231044521335cde4f10fc06b5a0b15d99f6d4e74b3b96fbfdeacf2f25297ef4bc1f074cb3a4c7c44ee2cd7b8d82ca4378bef66661d9abbca4928c9b25165

data/lib/dependabot/docker/file_fetcher.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: false
+# typed: true
 # frozen_string_literal: true
 require "sorbet-runtime"
@@ -33,8 +33,7 @@ module Dependabot
         return fetched_files if fetched_files.any?
         if incorrectly_encoded_dockerfiles.none? && incorrectly_encoded_yamlfiles.none?
-          raise(
-            Dependabot::DependencyFileNotFound,
+          raise Dependabot::DependencyFileNotFound.new(
             File.join(directory, "Dockerfile"),
             "No Dockerfiles nor Kubernetes YAML found in #{directory}"
           )

data/lib/dependabot/docker/file_parser.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: false
+# typed: true
 # frozen_string_literal: true
 require "docker_registry2"
@@ -46,14 +46,14 @@ module Dependabot
           dockerfile.content.each_line do |line|
             next unless FROM_LINE.match?(line)
-            parsed_from_line = FROM_LINE.match(line).named_captures
+            parsed_from_line = T.must(FROM_LINE.match(line)).named_captures
             parsed_from_line["registry"] = nil if parsed_from_line["registry"] == "docker.io"
             version = version_from(parsed_from_line)
             next unless version
             dependency_set << Dependency.new(
-              name: parsed_from_line.fetch("image"),
+              name: T.must(parsed_from_line.fetch("image")),
               version: version,
               package_manager: "docker",
               requirements: [

data/lib/dependabot/docker/update_checker.rb CHANGED Viewed

@@ -274,7 +274,9 @@ module Dependabot
       end
       def registry_hostname
-        return dependency.requirements.first[:source][:registry] if dependency.requirements.first[:source][:registry]
+        if dependency.requirements.first&.dig(:source, :registry)
+          return T.must(dependency.requirements.first).dig(:source, :registry)
+        end
         credentials_finder.base_registry
       end

data/lib/dependabot/docker/utils/credentials_finder.rb CHANGED Viewed

@@ -4,12 +4,15 @@
 require "aws-sdk-ecr"
 require "base64"
+require "dependabot/credential"
 require "dependabot/errors"
 module Dependabot
   module Docker
     module Utils
       class CredentialsFinder
+        extend T::Sig
         AWS_ECR_URL = /dkr\.ecr\.(?<region>[^.]+)\.amazonaws\.com/
         DEFAULT_DOCKER_HUB_REGISTRY = "registry.hub.docker.com"
@@ -17,6 +20,7 @@ module Dependabot
           @credentials = credentials
         end
+        sig { params(registry_hostname: String).returns(T.nilable(Dependabot::Credential)) }
         def credentials_for_registry(registry_hostname)
           registry_details =
             credentials
@@ -42,8 +46,10 @@ module Dependabot
         private
+        sig { returns(T::Array[Dependabot::Credential]) }
         attr_reader :credentials
+        sig { params(registry_details: Dependabot::Credential).returns(Dependabot::Credential) }
         def build_aws_credentials(registry_details)
           # If credentials have been generated from AWS we can just return them
           return registry_details if registry_details["username"] == "AWS"
@@ -75,7 +81,7 @@ module Dependabot
             ecr_client.get_authorization_token.authorization_data.first.authorization_token
           username, password =
             Base64.decode64(@authorization_tokens[registry_hostname]).split(":")
-          registry_details.merge("username" => username, "password" => password)
+          registry_details.merge(Dependabot::Credential.new({ "username" => username, "password" => password }))
         rescue Aws::Errors::MissingCredentialsError,
                Aws::ECR::Errors::UnrecognizedClientException,
                Aws::ECR::Errors::InvalidSignatureException

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-docker
 version: !ruby/object:Gem::Version
-  version: 0.244.0
+  version: 0.246.0
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-02-15 00:00:00.000000000 Z
+date: 2024-03-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.244.0
+        version: 0.246.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.244.0
+        version: 0.246.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -244,7 +244,7 @@ licenses:
 - Nonstandard
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.244.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.246.0
 post_install_message:
 rdoc_options: []
 require_paths: