dependabot-docker 0.310.0 → 0.311.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 57070c1086b297af5847fa9c3851b5b9c6128b2f0cb0a21bcd817ed0c66c1bc1
|
|
4
|
+
data.tar.gz: 1e0ee5153a89687bf943e2fba153d89c5ab534f35ffe74027be9dc2e770763cb
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7030f632d7fea1a2e2fcdf2ab85d96e199fbca0f1cd6b8eaa8ab81f3f2022779b5410c554eedf2262ef11bcbe2895d9f6ccbdf05a6983e663a8746e99a9854b0
|
|
7
|
+
data.tar.gz: 831318ce346686285096409a5a04db14c7bc192f368c3e86782aa37650959f1192b5c6a7b6ab9847ed04917da38379394daad57b7dd3dca66a5405bebd51ead8
|
|
@@ -427,7 +427,7 @@ module Dependabot
|
|
|
427
427
|
|
|
428
428
|
sig { params(tag: String).returns(T.nilable(String)) }
|
|
429
429
|
def fetch_digest_of(tag)
|
|
430
|
-
docker_registry_client.manifest_digest(docker_repo_name, tag)
|
|
430
|
+
docker_registry_client.manifest_digest(docker_repo_name, tag)&.delete_prefix("sha256:")
|
|
431
431
|
rescue *transient_docker_errors => e
|
|
432
432
|
attempt ||= 1
|
|
433
433
|
attempt += 1
|
|
@@ -33,13 +33,7 @@ module Dependabot
|
|
|
33
33
|
|
|
34
34
|
sig { params(parsed_line: T::Hash[String, T.nilable(String)]).returns(T.nilable(String)) }
|
|
35
35
|
def version_from(parsed_line)
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
if parsed_line.fetch("tag") && parsed_line.fetch("digest")
|
|
39
|
-
"#{parsed_line.fetch('tag')}@sha256:#{parsed_line.fetch('digest')}"
|
|
40
|
-
else
|
|
41
|
-
parsed_line.fetch("tag") || "sha256:#{parsed_line.fetch('digest')}"
|
|
42
|
-
end
|
|
36
|
+
parsed_line.fetch("tag") || parsed_line.fetch("digest")
|
|
43
37
|
end
|
|
44
38
|
|
|
45
39
|
sig { params(parsed_line: T::Hash[String, T.nilable(String)]).returns(T::Hash[String, T.nilable(String)]) }
|
|
@@ -48,7 +42,7 @@ module Dependabot
|
|
|
48
42
|
|
|
49
43
|
source[:registry] = parsed_line.fetch("registry") if parsed_line.fetch("registry")
|
|
50
44
|
source[:tag] = parsed_line.fetch("tag") if parsed_line.fetch("tag")
|
|
51
|
-
source[:digest] =
|
|
45
|
+
source[:digest] = parsed_line.fetch("digest") if parsed_line.fetch("digest")
|
|
52
46
|
|
|
53
47
|
source
|
|
54
48
|
end
|
|
@@ -66,6 +66,7 @@ module Dependabot
|
|
|
66
66
|
updated_content
|
|
67
67
|
end
|
|
68
68
|
|
|
69
|
+
# rubocop:disable Metrics/MethodLength
|
|
69
70
|
sig do
|
|
70
71
|
params(previous_content: String, old_source: T::Hash[Symbol, T.nilable(String)],
|
|
71
72
|
new_source: T::Hash[Symbol, T.nilable(String)]).returns(String)
|
|
@@ -92,7 +93,7 @@ module Dependabot
|
|
|
92
93
|
end
|
|
93
94
|
old_declaration +=
|
|
94
95
|
if specified_with_digest?(old_source)
|
|
95
|
-
"
|
|
96
|
+
"@sha256:#{old_digest}"
|
|
96
97
|
else
|
|
97
98
|
""
|
|
98
99
|
end
|
|
@@ -112,8 +113,11 @@ module Dependabot
|
|
|
112
113
|
|
|
113
114
|
old_dec = old_dec.gsub(":#{old_tag}", ":#{new_tag}") unless old_tag.to_s.empty?
|
|
114
115
|
old_dec
|
|
116
|
+
.gsub("@sha256:#{old_digest}", "@sha256:#{new_digest}")
|
|
117
|
+
.gsub(":#{old_tag}", ":#{new_tag}")
|
|
115
118
|
end
|
|
116
119
|
end
|
|
120
|
+
# rubocop:enable Metrics/MethodLength
|
|
117
121
|
|
|
118
122
|
sig { params(escaped_declaration: String).returns(Regexp) }
|
|
119
123
|
def build_old_declaration_regex(escaped_declaration)
|
|
@@ -167,7 +171,7 @@ module Dependabot
|
|
|
167
171
|
def new_yaml_image(file)
|
|
168
172
|
element = T.must(dependency).requirements.find { |r| r[:file] == file.name }
|
|
169
173
|
prefix = element&.dig(:source, :registry) ? "#{element.fetch(:source)[:registry]}/" : ""
|
|
170
|
-
digest = element&.dig(:source, :digest) ? "
|
|
174
|
+
digest = element&.dig(:source, :digest) ? "@sha256:#{element.fetch(:source)[:digest]}" : ""
|
|
171
175
|
tag = element&.dig(:source, :tag) ? ":#{element.fetch(:source)[:tag]}" : ""
|
|
172
176
|
"#{prefix}#{T.must(dependency).name}#{tag}#{digest}"
|
|
173
177
|
end
|
|
@@ -176,7 +180,7 @@ module Dependabot
|
|
|
176
180
|
def old_yaml_images(file)
|
|
177
181
|
T.must(previous_requirements(file)).map do |r|
|
|
178
182
|
prefix = r.fetch(:source)[:registry] ? "#{r.fetch(:source)[:registry]}/" : ""
|
|
179
|
-
digest = r.fetch(:source)[:digest] ? "
|
|
183
|
+
digest = r.fetch(:source)[:digest] ? "@sha256:#{r.fetch(:source)[:digest]}" : ""
|
|
180
184
|
tag = r.fetch(:source)[:tag] ? ":#{r.fetch(:source)[:tag]}" : ""
|
|
181
185
|
"#{prefix}#{T.must(dependency).name}#{tag}#{digest}"
|
|
182
186
|
end
|
|
@@ -186,7 +190,7 @@ module Dependabot
|
|
|
186
190
|
def old_helm_tags(file)
|
|
187
191
|
T.must(previous_requirements(file)).map do |r|
|
|
188
192
|
tag = r.fetch(:source)[:tag] || ""
|
|
189
|
-
digest = r.fetch(:source)[:digest] ? "
|
|
193
|
+
digest = r.fetch(:source)[:digest] ? "@sha256:#{r.fetch(:source)[:digest]}" : ""
|
|
190
194
|
"#{tag}#{digest}"
|
|
191
195
|
end
|
|
192
196
|
end
|
|
@@ -195,7 +199,7 @@ module Dependabot
|
|
|
195
199
|
def new_helm_tag(file)
|
|
196
200
|
element = T.must(dependency).requirements.find { |r| r[:file] == file.name }
|
|
197
201
|
tag = T.must(element).dig(:source, :tag) || ""
|
|
198
|
-
digest = T.must(element).dig(:source, :digest) ? "
|
|
202
|
+
digest = T.must(element).dig(:source, :digest) ? "@sha256:#{T.must(element).dig(:source, :digest)}" : ""
|
|
199
203
|
"#{tag}#{digest}"
|
|
200
204
|
end
|
|
201
205
|
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-docker
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.311.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
bindir: bin
|
|
9
9
|
cert_chain: []
|
|
10
|
-
date: 2025-
|
|
10
|
+
date: 2025-05-01 00:00:00.000000000 Z
|
|
11
11
|
dependencies:
|
|
12
12
|
- !ruby/object:Gem::Dependency
|
|
13
13
|
name: dependabot-common
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.311.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.311.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: debug
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -223,16 +223,16 @@ dependencies:
|
|
|
223
223
|
name: webrick
|
|
224
224
|
requirement: !ruby/object:Gem::Requirement
|
|
225
225
|
requirements:
|
|
226
|
-
- - "
|
|
226
|
+
- - "~>"
|
|
227
227
|
- !ruby/object:Gem::Version
|
|
228
|
-
version: '1.
|
|
228
|
+
version: '1.9'
|
|
229
229
|
type: :development
|
|
230
230
|
prerelease: false
|
|
231
231
|
version_requirements: !ruby/object:Gem::Requirement
|
|
232
232
|
requirements:
|
|
233
|
-
- - "
|
|
233
|
+
- - "~>"
|
|
234
234
|
- !ruby/object:Gem::Version
|
|
235
|
-
version: '1.
|
|
235
|
+
version: '1.9'
|
|
236
236
|
description: Dependabot-Docker provides support for bumping Docker image tags via
|
|
237
237
|
Dependabot. If you want support for multiple package managers, you probably want
|
|
238
238
|
the meta-gem dependabot-omnibus.
|
|
@@ -261,7 +261,7 @@ licenses:
|
|
|
261
261
|
- MIT
|
|
262
262
|
metadata:
|
|
263
263
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
264
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
264
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.311.0
|
|
265
265
|
rdoc_options: []
|
|
266
266
|
require_paths:
|
|
267
267
|
- lib
|