RubyGems - dependabot-docker - Versions diffs - 0.298.0 → 0.299.1 - Mend

dependabot-docker 0.298.0 → 0.299.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

checksums.yaml +4 -4
data/lib/dependabot/docker/update_checker.rb +59 -1
metadata +5 -5

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ec6f718cb35e66a3d05aeb2b358f3119d6a7eb903caaab6fdab5c0986a0fe4ad
-  data.tar.gz: bc36d5f6cd3b3fcd9ea121f85dfcd69728b3986f9ad31b48bb1a1c6b43b2f7ac
+  metadata.gz: 2f294237b69d9c9f9c47fb443e513d018226479f81d723b637add866aaddd9c8
+  data.tar.gz: c6cc3c1680c0f4a9f9cf6e4008163434a685c6e6a8ee56f88289a92bda87d352
 SHA512:
-  metadata.gz: b4eb32ebd6ab05aa29c5d6bd7d59508307557658e5d9c03051b8fc5894ee6032e697c7396df20344b09ee9332e34756348cf8101232062991c9477dc22136176
-  data.tar.gz: 30df940974d700495f43649a8240dc4f3c608d2605104981d0bec0c14cdeb70c2e8d5bfb891eca26944bbbbfb516aedb68b9c8177e6c169c032b77e4d17f918d
+  metadata.gz: e4ef61b9f8659899a2200b77d6d7f2e42fe4d0496821f9be6a2d1dcaa74acc7e238fae7d0696244a48c8ddbc1825f120f4dde972272e9cfa03ac0218490adc5e
+  data.tar.gz: 3dcd7acb353c124beb6828e9d7fdbfec9b462bf3a296a69cc55bf6f412ea78e7eeb68f529a9d088843b7e2354f90ecdcb6ffac52b919bafbb9a7b30c7de5f56c

data/lib/dependabot/docker/update_checker.rb CHANGED Viewed

@@ -167,7 +167,65 @@ module Dependabot
       sig { params(original_tag: Dependabot::Docker::Tag).returns(T::Array[Dependabot::Docker::Tag]) }
       def comparable_tags_from_registry(original_tag)
+        unless Experiments.enabled?(:docker_tag_component_comparison)
+          return tags_from_registry.select { |tag| tag.comparable_to?(original_tag) }
+        end
+        common_components = identify_common_components(tags_from_registry)
+        original_components = extract_tag_components(original_tag.name, common_components)
+        Dependabot.logger.info("Original tag components: #{original_components.join(',')}")
         tags_from_registry.select { |tag| tag.comparable_to?(original_tag) }
+        tags_from_registry.select do |tag|
+          tag.comparable_to?(original_tag) &&
+            (original_components.empty? ||
+              compatible_components?(extract_tag_components(tag.name, common_components), original_components))
+        end
+      end
+      sig { params(tags: T::Array[Dependabot::Docker::Tag]).returns(T::Array[String]) }
+      def identify_common_components(tags)
+        tag_parts = tags.map do |tag|
+          # replace version parts with VERSION
+          processed_tag = tag.name.gsub(/\d+\.\d+\.\d+_\d+/, "VERSION")
+          parts = processed_tag.split(%r{[-\./]})
+          parts.reject(&:empty?)
+        end
+        part_counts = tag_parts.flatten.tally
+        part_counts.select do |part|
+          part.length > 1 &&
+            part != "VERSION" &&
+            !version_related_pattern?(part)
+        end.keys
+      end
+      sig { params(part: String).returns(T::Boolean) }
+      def version_related_pattern?(part)
+        patterns = {
+          number: /^\d+$/,
+          semver: /^\d+\.\d+$/,
+          v_prefix: /^v\d+/,
+          version_marker: /^(rc|jre)$/,
+          prerelease: /^(?=.*\d)(?=.*[a-z])[a-z\d]+$/i,
+          sha: /^g[0-9a-f]{5,}$/,
+          timestamp: /^\d{8,14}$/,
+          underscore_parts: /\d+_\d+/
+        }
+        patterns.values.any? { |pattern| part.match?(pattern) }
+      end
+      sig { params(tag_name: String, common_components: T::Array[String]).returns(T::Array[String]) }
+      def extract_tag_components(tag_name, common_components)
+        common_components.select { |component| tag_name.match?(/\b#{Regexp.escape(component)}\b/) }
+      end
+      sig { params(tag_components: T::Array[String], original_components: T::Array[String]).returns(T::Boolean) }
+      def compatible_components?(tag_components, original_components)
+        tag_components.sort == original_components.sort
       end
       sig do
@@ -379,7 +437,7 @@ module Dependabot
       # Defaults from https://github.com/deitch/docker_registry2/blob/bfde04144f0b7fd63c156a1aca83efe19ee78ffd/lib/registry/registry.rb#L26-L27
       DEFAULT_DOCKER_OPEN_TIMEOUT_IN_SECONDS = 2
-      DEFAULT_DOCKER_READ_TIMEOUT_IN_SECONDS = 5
+      DEFAULT_DOCKER_READ_TIMEOUT_IN_SECONDS = 60
       sig { returns(DockerRegistry2::Registry) }
       def docker_registry_client

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-docker
 version: !ruby/object:Gem::Version
-  version: 0.298.0
+  version: 0.299.1
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-02-20 00:00:00.000000000 Z
+date: 2025-02-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.298.0
+        version: 0.299.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.298.0
+        version: 0.299.1
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -262,7 +262,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.298.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.299.1
 post_install_message:
 rdoc_options: []
 require_paths: