dependabot-docker 0.289.0 → 0.290.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8e08bbdd27d39f453431bf25cd6bb78de4490f0df16d99d8f12033b79fa67433
-  data.tar.gz: 8d3bae25eb9c18991a22e2ed43ab02ac9863e5ceee6310ed983e8902c0d20017
+  metadata.gz: d99a2861324f6213a743ff4aad9303e135806d09a93cab25abef12ab4c44642f
+  data.tar.gz: aed1067329c752076af6816578efefa308ae45615facb06abec834319ebab893
 SHA512:
-  metadata.gz: 2c40cfb759f8b158892746f46a304bb70cc88752ca894a6b024721f651053d39cbcf5aa9b7f8a670d0684c3e27b9866965ad5e9cdf382d0faa43ad27c7a86532
-  data.tar.gz: 1d7226666f999d331d4ed1a43e6cfd4812ce7d9d20e4d2de5218326ad86640f2f6d227a0665ef62b4de3e6763a44a8d5703b09023c51c6967bfe6cdbf76970c8
+  metadata.gz: 417929017e946beafadd5e24a61e3173a3a4783276d4fe22c4cfdb21ca3e913982c5bcb89a50a920f1f8979bee7784733af52b3daae14dc33d31fd1603ec03b0
+  data.tar.gz: 53e124eb706ec360e558c386aeb64d2042ea8c7d7dd77a5d926b6f13363693568c6d5ee1dd511dbce6137198380e66b176972e0034129ff3fab3db7aa8ae8ce4

data/lib/dependabot/docker/file_parser.rb

@@ -42,6 +42,7 @@ module Dependabot
 
       IMAGE_SPEC = %r{^(#{REGISTRY}/)?#{IMAGE}#{TAG}?(?:@sha256:#{DIGEST})?#{NAME}?}x
 
+      # rubocop:disable Metrics/AbcSize
       sig { override.returns(T::Array[Dependabot::Dependency]) }
       def parse
         dependency_set = DependencySet.new
@@ -71,11 +72,20 @@ module Dependabot
         end
 
         manifest_files.each do |file|
+          if file.content && T.must(file.content).start_with?("\uFEFF")
+            # 0xFEFF is the encoding for the byte order mark (BOM).  If a YAML file is loaded with a BOM it will parse
+            # successfully, but will only load the first line.  To prevent this nearly empty object from being returned,
+            # the BOM is manually detected and reported as a parse error.
+            file_path = Pathname.new(file.directory).join(file.name).cleanpath.to_path
+            msg = "The file appears to have been saved with a byte order mark (BOM).  This will prevent proper parsing."
+            raise Dependabot::DependencyFileNotParseable.new(file_path, msg)
+          end
           dependency_set += workfile_file_dependencies(file)
         end
 
         dependency_set.dependencies
       end
+      # rubocop:enable Metrics/AbcSize
 
       private
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-docker
 version: !ruby/object:Gem::Version
-  version: 0.289.0
+  version: 0.290.0
 platform: ruby
 authors:
 - Dependabot
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-12-05 00:00:00.000000000 Z
+date: 2024-12-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.289.0
+        version: 0.290.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.289.0
+        version: 0.290.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -258,8 +258,8 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.289.0
-post_install_message: 
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.290.0
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -275,7 +275,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: 3.1.0
 requirements: []
 rubygems_version: 3.5.9
-signing_key: 
+signing_key:
 specification_version: 4
 summary: Provides Dependabot support for Docker
 test_files: []