dependabot-docker 0.289.0 → 0.291.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e9d40354c44fc0bebd57a0a708cecaee3202ae92a4dbe375b69702f59d8ee865
|
|
4
|
+
data.tar.gz: 353eec248695139e105bf21a08e861d25a3f8fabf437ec67d9622761c691fabf
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b15172a30d7bd6d95753a608ee79747883313db8bc9e06c16254349cdb13550423c19aca5da682798037c3e60ca0420d3f86e9398501fbcb008f91ab0bdf3236
|
|
7
|
+
data.tar.gz: 7d73f8a846ee0286f83edec6a144a012c7328d589f544cbb8aaa9ebc4700cdfa6e320480b6c3699167222766755257874fe965e91a077866189d633d274ef846
|
|
@@ -13,7 +13,7 @@ module Dependabot
|
|
|
13
13
|
extend T::Helpers
|
|
14
14
|
|
|
15
15
|
YAML_REGEXP = /^[^\.].*\.ya?ml$/i
|
|
16
|
-
DOCKER_REGEXP = /dockerfile/i
|
|
16
|
+
DOCKER_REGEXP = /dockerfile|containerfile/i
|
|
17
17
|
|
|
18
18
|
sig { override.params(filenames: T::Array[String]).returns(T::Boolean) }
|
|
19
19
|
def self.required_files_in?(filenames)
|
|
@@ -23,7 +23,7 @@ module Dependabot
|
|
|
23
23
|
|
|
24
24
|
sig { override.returns(String) }
|
|
25
25
|
def self.required_files_message
|
|
26
|
-
"Repo must contain a Dockerfile or Kubernetes YAML files."
|
|
26
|
+
"Repo must contain a Dockerfile, Containerfile, or Kubernetes YAML files."
|
|
27
27
|
end
|
|
28
28
|
|
|
29
29
|
sig { override.returns(T::Array[DependencyFile]) }
|
|
@@ -42,6 +42,7 @@ module Dependabot
|
|
|
42
42
|
|
|
43
43
|
IMAGE_SPEC = %r{^(#{REGISTRY}/)?#{IMAGE}#{TAG}?(?:@sha256:#{DIGEST})?#{NAME}?}x
|
|
44
44
|
|
|
45
|
+
# rubocop:disable Metrics/AbcSize
|
|
45
46
|
sig { override.returns(T::Array[Dependabot::Dependency]) }
|
|
46
47
|
def parse
|
|
47
48
|
dependency_set = DependencySet.new
|
|
@@ -71,11 +72,20 @@ module Dependabot
|
|
|
71
72
|
end
|
|
72
73
|
|
|
73
74
|
manifest_files.each do |file|
|
|
75
|
+
if file.content && T.must(file.content).start_with?("\uFEFF")
|
|
76
|
+
# 0xFEFF is the encoding for the byte order mark (BOM). If a YAML file is loaded with a BOM it will parse
|
|
77
|
+
# successfully, but will only load the first line. To prevent this nearly empty object from being returned,
|
|
78
|
+
# the BOM is manually detected and reported as a parse error.
|
|
79
|
+
file_path = Pathname.new(file.directory).join(file.name).cleanpath.to_path
|
|
80
|
+
msg = "The file appears to have been saved with a byte order mark (BOM). This will prevent proper parsing."
|
|
81
|
+
raise Dependabot::DependencyFileNotParseable.new(file_path, msg)
|
|
82
|
+
end
|
|
74
83
|
dependency_set += workfile_file_dependencies(file)
|
|
75
84
|
end
|
|
76
85
|
|
|
77
86
|
dependency_set.dependencies
|
|
78
87
|
end
|
|
88
|
+
# rubocop:enable Metrics/AbcSize
|
|
79
89
|
|
|
80
90
|
private
|
|
81
91
|
|
|
@@ -15,7 +15,7 @@ module Dependabot
|
|
|
15
15
|
FROM_REGEX = /FROM(\s+--platform\=\S+)?/i
|
|
16
16
|
|
|
17
17
|
YAML_REGEXP = /^[^\.].*\.ya?ml$/i
|
|
18
|
-
DOCKER_REGEXP = /
|
|
18
|
+
DOCKER_REGEXP = /(docker|container)file/i
|
|
19
19
|
|
|
20
20
|
sig { override.returns(T::Array[Regexp]) }
|
|
21
21
|
def self.updated_files_regex
|
|
@@ -63,7 +63,7 @@ module Dependabot
|
|
|
63
63
|
# Just check if there are any files at all.
|
|
64
64
|
return if dependency_files.any?
|
|
65
65
|
|
|
66
|
-
raise "No Dockerfile!"
|
|
66
|
+
raise "No Dockerfile or Containerfile!"
|
|
67
67
|
end
|
|
68
68
|
|
|
69
69
|
sig { params(file: Dependabot::DependencyFile).returns(String) }
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-docker
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.291.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-12-
|
|
11
|
+
date: 2024-12-19 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.291.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.291.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -258,8 +258,8 @@ licenses:
|
|
|
258
258
|
- MIT
|
|
259
259
|
metadata:
|
|
260
260
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
261
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
262
|
-
post_install_message:
|
|
261
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.291.0
|
|
262
|
+
post_install_message:
|
|
263
263
|
rdoc_options: []
|
|
264
264
|
require_paths:
|
|
265
265
|
- lib
|
|
@@ -275,7 +275,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
275
275
|
version: 3.1.0
|
|
276
276
|
requirements: []
|
|
277
277
|
rubygems_version: 3.5.9
|
|
278
|
-
signing_key:
|
|
278
|
+
signing_key:
|
|
279
279
|
specification_version: 4
|
|
280
280
|
summary: Provides Dependabot support for Docker
|
|
281
281
|
test_files: []
|