dependabot-docker 0.308.0 → 0.309.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b5ace65f27d0e36a51171e52901faae1a9789e32c13b0c3706811919dc386d25
|
|
4
|
+
data.tar.gz: d5f5343ff0cef86c53ee7b36f4c5b1335f30022d2d8148cfcf64c8d17fee6010
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: fc21838afc4fc26997d7aa6ee3d4d74e17632512d81c3adbb784bb847cbefbff6ef0e6db47607fc9e24fa19fcf87b09cad218a384e70e81bb48e38ba112a4d87
|
|
7
|
+
data.tar.gz: f4b23db54586036756d46e25fadd8c34aa7826173f3b10882c6177c625977a2788f5aa0d53a91cff89a3b349f58c5c2be5fbd96a7b25e72500a86d2c99a81067
|
|
@@ -427,7 +427,7 @@ module Dependabot
|
|
|
427
427
|
|
|
428
428
|
sig { params(tag: String).returns(T.nilable(String)) }
|
|
429
429
|
def fetch_digest_of(tag)
|
|
430
|
-
docker_registry_client.manifest_digest(docker_repo_name, tag)
|
|
430
|
+
docker_registry_client.manifest_digest(docker_repo_name, tag)
|
|
431
431
|
rescue *transient_docker_errors => e
|
|
432
432
|
attempt ||= 1
|
|
433
433
|
attempt += 1
|
|
@@ -33,7 +33,13 @@ module Dependabot
|
|
|
33
33
|
|
|
34
34
|
sig { params(parsed_line: T::Hash[String, T.nilable(String)]).returns(T.nilable(String)) }
|
|
35
35
|
def version_from(parsed_line)
|
|
36
|
-
parsed_line.fetch("tag") || parsed_line.fetch("digest")
|
|
36
|
+
return nil unless parsed_line.fetch("tag") || parsed_line.fetch("digest")
|
|
37
|
+
|
|
38
|
+
if parsed_line.fetch("tag") && parsed_line.fetch("digest")
|
|
39
|
+
"#{parsed_line.fetch('tag')}@sha256:#{parsed_line.fetch('digest')}"
|
|
40
|
+
else
|
|
41
|
+
parsed_line.fetch("tag") || "sha256:#{parsed_line.fetch('digest')}"
|
|
42
|
+
end
|
|
37
43
|
end
|
|
38
44
|
|
|
39
45
|
sig { params(parsed_line: T::Hash[String, T.nilable(String)]).returns(T::Hash[String, T.nilable(String)]) }
|
|
@@ -42,7 +48,7 @@ module Dependabot
|
|
|
42
48
|
|
|
43
49
|
source[:registry] = parsed_line.fetch("registry") if parsed_line.fetch("registry")
|
|
44
50
|
source[:tag] = parsed_line.fetch("tag") if parsed_line.fetch("tag")
|
|
45
|
-
source[:digest] = parsed_line.fetch(
|
|
51
|
+
source[:digest] = "sha256:#{parsed_line.fetch('digest')}" if parsed_line.fetch("digest")
|
|
46
52
|
|
|
47
53
|
source
|
|
48
54
|
end
|
|
@@ -70,7 +70,7 @@ module Dependabot
|
|
|
70
70
|
params(previous_content: String, old_source: T::Hash[Symbol, T.nilable(String)],
|
|
71
71
|
new_source: T::Hash[Symbol, T.nilable(String)]).returns(String)
|
|
72
72
|
end
|
|
73
|
-
def update_digest_and_tag(previous_content, old_source, new_source)
|
|
73
|
+
def update_digest_and_tag(previous_content, old_source, new_source) # rubocop:disable Metrics/PerceivedComplexity
|
|
74
74
|
old_digest = old_source[:digest]
|
|
75
75
|
new_digest = new_source[:digest]
|
|
76
76
|
|
|
@@ -92,7 +92,7 @@ module Dependabot
|
|
|
92
92
|
end
|
|
93
93
|
old_declaration +=
|
|
94
94
|
if specified_with_digest?(old_source)
|
|
95
|
-
"
|
|
95
|
+
"@#{old_digest}"
|
|
96
96
|
else
|
|
97
97
|
""
|
|
98
98
|
end
|
|
@@ -102,9 +102,16 @@ module Dependabot
|
|
|
102
102
|
old_declaration_regex = build_old_declaration_regex(escaped_declaration)
|
|
103
103
|
|
|
104
104
|
previous_content.gsub(old_declaration_regex) do |old_dec|
|
|
105
|
+
old_digest = old_digest.sub("sha256:", "") if old_digest&.start_with?("sha256:")
|
|
106
|
+
new_digest = new_digest.sub("sha256:", "") if new_digest&.start_with?("sha256:")
|
|
107
|
+
|
|
108
|
+
unless old_digest.to_s.empty?
|
|
109
|
+
old_dec = old_dec.gsub("@sha256:#{old_digest}", "@sha256:#{new_digest}")
|
|
110
|
+
old_dec = old_dec.gsub("@#{old_digest}", "@#{new_digest}")
|
|
111
|
+
end
|
|
112
|
+
|
|
113
|
+
old_dec = old_dec.gsub(":#{old_tag}", ":#{new_tag}") unless old_tag.to_s.empty?
|
|
105
114
|
old_dec
|
|
106
|
-
.gsub("@sha256:#{old_digest}", "@sha256:#{new_digest}")
|
|
107
|
-
.gsub(":#{old_tag}", ":#{new_tag}")
|
|
108
115
|
end
|
|
109
116
|
end
|
|
110
117
|
|
|
@@ -160,7 +167,7 @@ module Dependabot
|
|
|
160
167
|
def new_yaml_image(file)
|
|
161
168
|
element = T.must(dependency).requirements.find { |r| r[:file] == file.name }
|
|
162
169
|
prefix = element&.dig(:source, :registry) ? "#{element.fetch(:source)[:registry]}/" : ""
|
|
163
|
-
digest = element&.dig(:source, :digest) ? "
|
|
170
|
+
digest = element&.dig(:source, :digest) ? "@#{element.fetch(:source)[:digest]}" : ""
|
|
164
171
|
tag = element&.dig(:source, :tag) ? ":#{element.fetch(:source)[:tag]}" : ""
|
|
165
172
|
"#{prefix}#{T.must(dependency).name}#{tag}#{digest}"
|
|
166
173
|
end
|
|
@@ -169,7 +176,7 @@ module Dependabot
|
|
|
169
176
|
def old_yaml_images(file)
|
|
170
177
|
T.must(previous_requirements(file)).map do |r|
|
|
171
178
|
prefix = r.fetch(:source)[:registry] ? "#{r.fetch(:source)[:registry]}/" : ""
|
|
172
|
-
digest = r.fetch(:source)[:digest] ? "
|
|
179
|
+
digest = r.fetch(:source)[:digest] ? "@#{r.fetch(:source)[:digest]}" : ""
|
|
173
180
|
tag = r.fetch(:source)[:tag] ? ":#{r.fetch(:source)[:tag]}" : ""
|
|
174
181
|
"#{prefix}#{T.must(dependency).name}#{tag}#{digest}"
|
|
175
182
|
end
|
|
@@ -179,7 +186,7 @@ module Dependabot
|
|
|
179
186
|
def old_helm_tags(file)
|
|
180
187
|
T.must(previous_requirements(file)).map do |r|
|
|
181
188
|
tag = r.fetch(:source)[:tag] || ""
|
|
182
|
-
digest = r.fetch(:source)[:digest] ? "
|
|
189
|
+
digest = r.fetch(:source)[:digest] ? "@#{r.fetch(:source)[:digest]}" : ""
|
|
183
190
|
"#{tag}#{digest}"
|
|
184
191
|
end
|
|
185
192
|
end
|
|
@@ -188,7 +195,7 @@ module Dependabot
|
|
|
188
195
|
def new_helm_tag(file)
|
|
189
196
|
element = T.must(dependency).requirements.find { |r| r[:file] == file.name }
|
|
190
197
|
tag = T.must(element).dig(:source, :tag) || ""
|
|
191
|
-
digest = T.must(element).dig(:source, :digest) ? "
|
|
198
|
+
digest = T.must(element).dig(:source, :digest) ? "@#{T.must(element).dig(:source, :digest)}" : ""
|
|
192
199
|
"#{tag}#{digest}"
|
|
193
200
|
end
|
|
194
201
|
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-docker
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.309.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
bindir: bin
|
|
9
9
|
cert_chain: []
|
|
10
|
-
date: 2025-04-
|
|
10
|
+
date: 2025-04-17 00:00:00.000000000 Z
|
|
11
11
|
dependencies:
|
|
12
12
|
- !ruby/object:Gem::Dependency
|
|
13
13
|
name: dependabot-common
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.309.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.309.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: debug
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -261,7 +261,7 @@ licenses:
|
|
|
261
261
|
- MIT
|
|
262
262
|
metadata:
|
|
263
263
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
264
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
264
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.309.0
|
|
265
265
|
rdoc_options: []
|
|
266
266
|
require_paths:
|
|
267
267
|
- lib
|