dependabot-docker 0.288.0 → 0.290.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c76e9cf747ebe4d634012802755bd66d6765c120cb2527ce3f408d4da724a6ab
-  data.tar.gz: '0099d92b26c86fca415a352f75322d347c9c7b4f6a62fa1ab55bf2e8d53ed20a'
+  metadata.gz: d99a2861324f6213a743ff4aad9303e135806d09a93cab25abef12ab4c44642f
+  data.tar.gz: aed1067329c752076af6816578efefa308ae45615facb06abec834319ebab893
 SHA512:
-  metadata.gz: ec42524752fd7695d4fe3d52d8894cc536a985200e3aef68131fc7ce9843696230594c055c562ed73f06a8dc77c1d2f1119fea1e7115a5ca3dee4bad0e242a99
-  data.tar.gz: 140279a244693a4f0386338125374ead4243b704b3731c38cf26218520507c47f21163a756962e5736779fd77f8c470a6cf5d99a2f2a912b0562ee8f08648595
+  metadata.gz: 417929017e946beafadd5e24a61e3173a3a4783276d4fe22c4cfdb21ca3e913982c5bcb89a50a920f1f8979bee7784733af52b3daae14dc33d31fd1603ec03b0
+  data.tar.gz: 53e124eb706ec360e558c386aeb64d2042ea8c7d7dd77a5d926b6f13363693568c6d5ee1dd511dbce6137198380e66b176972e0034129ff3fab3db7aa8ae8ce4

data/lib/dependabot/docker/file_parser.rb

@@ -42,6 +42,7 @@ module Dependabot
 
       IMAGE_SPEC = %r{^(#{REGISTRY}/)?#{IMAGE}#{TAG}?(?:@sha256:#{DIGEST})?#{NAME}?}x
 
+      # rubocop:disable Metrics/AbcSize
       sig { override.returns(T::Array[Dependabot::Dependency]) }
       def parse
         dependency_set = DependencySet.new
@@ -71,11 +72,20 @@ module Dependabot
         end
 
         manifest_files.each do |file|
+          if file.content && T.must(file.content).start_with?("\uFEFF")
+            # 0xFEFF is the encoding for the byte order mark (BOM).  If a YAML file is loaded with a BOM it will parse
+            # successfully, but will only load the first line.  To prevent this nearly empty object from being returned,
+            # the BOM is manually detected and reported as a parse error.
+            file_path = Pathname.new(file.directory).join(file.name).cleanpath.to_path
+            msg = "The file appears to have been saved with a byte order mark (BOM).  This will prevent proper parsing."
+            raise Dependabot::DependencyFileNotParseable.new(file_path, msg)
+          end
           dependency_set += workfile_file_dependencies(file)
         end
 
         dependency_set.dependencies
       end
+      # rubocop:enable Metrics/AbcSize
 
       private
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-docker
 version: !ruby/object:Gem::Version
-  version: 0.288.0
+  version: 0.290.0
 platform: ruby
 authors:
 - Dependabot
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-11-21 00:00:00.000000000 Z
+date: 2024-12-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.288.0
+        version: 0.290.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.288.0
+        version: 0.290.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -258,8 +258,8 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.288.0
-post_install_message: 
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.290.0
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -275,7 +275,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: 3.1.0
 requirements: []
 rubygems_version: 3.5.9
-signing_key: 
+signing_key:
 specification_version: 4
 summary: Provides Dependabot support for Docker
 test_files: []