dependabot-docker 0.310.0 → 0.312.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/docker/file_parser.rb +1 -1
  3. data/lib/dependabot/docker/update_checker.rb +1 -1
  4. data/lib/dependabot/shared/shared_file_parser.rb +2 -8
  5. data/lib/dependabot/shared/shared_file_updater.rb +9 -5
  6. metadata +27 -27
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 48d5febf4a3d2a6baea6a2aa5be06b4761f6bb8adb7ea8bd494fe1f4952efb93
4
- data.tar.gz: 74e03cca291a2bf993cd498c623b005a76210959aabd961605fd501093f60106
3
+ metadata.gz: 749d09481fe832fbbb071752e2059950cd137ef5c0901affed570039cc5d5c72
4
+ data.tar.gz: 2039969a2880596f33319f0a44bcac65b90f15f5ef592cb16f8c6728b7ccf679
5
5
  SHA512:
6
- metadata.gz: ebeb48c76a0b1597f3c814732cef817c33e0b1cca0ede1f9e2d69d3cb8c887347f74c943764b57b030be1c4a61f34b1dd300f0862785dcbef100ba3a44745dc0
7
- data.tar.gz: 4a13f579a96a53bc7aafb050c4fc301c648e59c0b612f9882752256f4d8c67e814380fccb69198f2589227a196725075fa332794b9e20573f4f6a780c2aa8593
6
+ metadata.gz: ccd8693c97d12c2c6c8592ac629d4b43f87ce72a93ccd4bfcf54f8ac35becde8afb920c626e94034be46b0633d77c3eb3fd29741bd1ea22b3e1ec63099476cbb
7
+ data.tar.gz: e63b113daa01eb05ea4cf7580dd57198cea2370bc11b206f1b803c971014d024af68dbddadf937b67bea447d23a68fa2e3a7234c34ceb1dd96b8ab0b12283b81
data/lib/dependabot/docker/file_parser.rb CHANGED
@@ -155,7 +155,7 @@ module Dependabot
155
155
 
156
156
  image = "#{repo}:#{tag}"
157
157
  image.prepend("#{registry}/") if registry
158
- image << "@#{digest}/" if digest
158
+ image << "@sha256:#{digest}/" if digest
159
159
  [image]
160
160
  end
161
161
 
data/lib/dependabot/docker/update_checker.rb CHANGED
@@ -427,7 +427,7 @@ module Dependabot
427
427
 
428
428
  sig { params(tag: String).returns(T.nilable(String)) }
429
429
  def fetch_digest_of(tag)
430
- docker_registry_client.manifest_digest(docker_repo_name, tag)
430
+ docker_registry_client.manifest_digest(docker_repo_name, tag)&.delete_prefix("sha256:")
431
431
  rescue *transient_docker_errors => e
432
432
  attempt ||= 1
433
433
  attempt += 1
data/lib/dependabot/shared/shared_file_parser.rb CHANGED
@@ -33,13 +33,7 @@ module Dependabot
33
33
 
34
34
  sig { params(parsed_line: T::Hash[String, T.nilable(String)]).returns(T.nilable(String)) }
35
35
  def version_from(parsed_line)
36
- return nil unless parsed_line.fetch("tag") || parsed_line.fetch("digest")
37
-
38
- if parsed_line.fetch("tag") && parsed_line.fetch("digest")
39
- "#{parsed_line.fetch('tag')}@sha256:#{parsed_line.fetch('digest')}"
40
- else
41
- parsed_line.fetch("tag") || "sha256:#{parsed_line.fetch('digest')}"
42
- end
36
+ parsed_line.fetch("tag") || parsed_line.fetch("digest")
43
37
  end
44
38
 
45
39
  sig { params(parsed_line: T::Hash[String, T.nilable(String)]).returns(T::Hash[String, T.nilable(String)]) }
@@ -48,7 +42,7 @@ module Dependabot
48
42
 
49
43
  source[:registry] = parsed_line.fetch("registry") if parsed_line.fetch("registry")
50
44
  source[:tag] = parsed_line.fetch("tag") if parsed_line.fetch("tag")
51
- source[:digest] = "sha256:#{parsed_line.fetch('digest')}" if parsed_line.fetch("digest")
45
+ source[:digest] = parsed_line.fetch("digest") if parsed_line.fetch("digest")
52
46
 
53
47
  source
54
48
  end
data/lib/dependabot/shared/shared_file_updater.rb CHANGED
@@ -66,6 +66,7 @@ module Dependabot
66
66
  updated_content
67
67
  end
68
68
 
69
+ # rubocop:disable Metrics/MethodLength
69
70
  sig do
70
71
  params(previous_content: String, old_source: T::Hash[Symbol, T.nilable(String)],
71
72
  new_source: T::Hash[Symbol, T.nilable(String)]).returns(String)
@@ -92,7 +93,7 @@ module Dependabot
92
93
  end
93
94
  old_declaration +=
94
95
  if specified_with_digest?(old_source)
95
- "@#{old_digest}"
96
+ "@sha256:#{old_digest}"
96
97
  else
97
98
  ""
98
99
  end
@@ -112,8 +113,11 @@ module Dependabot
112
113
 
113
114
  old_dec = old_dec.gsub(":#{old_tag}", ":#{new_tag}") unless old_tag.to_s.empty?
114
115
  old_dec
116
+ .gsub("@sha256:#{old_digest}", "@sha256:#{new_digest}")
117
+ .gsub(":#{old_tag}", ":#{new_tag}")
115
118
  end
116
119
  end
120
+ # rubocop:enable Metrics/MethodLength
117
121
 
118
122
  sig { params(escaped_declaration: String).returns(Regexp) }
119
123
  def build_old_declaration_regex(escaped_declaration)
@@ -167,7 +171,7 @@ module Dependabot
167
171
  def new_yaml_image(file)
168
172
  element = T.must(dependency).requirements.find { |r| r[:file] == file.name }
169
173
  prefix = element&.dig(:source, :registry) ? "#{element.fetch(:source)[:registry]}/" : ""
170
- digest = element&.dig(:source, :digest) ? "@#{element.fetch(:source)[:digest]}" : ""
174
+ digest = element&.dig(:source, :digest) ? "@sha256:#{element.fetch(:source)[:digest]}" : ""
171
175
  tag = element&.dig(:source, :tag) ? ":#{element.fetch(:source)[:tag]}" : ""
172
176
  "#{prefix}#{T.must(dependency).name}#{tag}#{digest}"
173
177
  end
@@ -176,7 +180,7 @@ module Dependabot
176
180
  def old_yaml_images(file)
177
181
  T.must(previous_requirements(file)).map do |r|
178
182
  prefix = r.fetch(:source)[:registry] ? "#{r.fetch(:source)[:registry]}/" : ""
179
- digest = r.fetch(:source)[:digest] ? "@#{r.fetch(:source)[:digest]}" : ""
183
+ digest = r.fetch(:source)[:digest] ? "@sha256:#{r.fetch(:source)[:digest]}" : ""
180
184
  tag = r.fetch(:source)[:tag] ? ":#{r.fetch(:source)[:tag]}" : ""
181
185
  "#{prefix}#{T.must(dependency).name}#{tag}#{digest}"
182
186
  end
@@ -186,7 +190,7 @@ module Dependabot
186
190
  def old_helm_tags(file)
187
191
  T.must(previous_requirements(file)).map do |r|
188
192
  tag = r.fetch(:source)[:tag] || ""
189
- digest = r.fetch(:source)[:digest] ? "@#{r.fetch(:source)[:digest]}" : ""
193
+ digest = r.fetch(:source)[:digest] ? "@sha256:#{r.fetch(:source)[:digest]}" : ""
190
194
  "#{tag}#{digest}"
191
195
  end
192
196
  end
@@ -195,7 +199,7 @@ module Dependabot
195
199
  def new_helm_tag(file)
196
200
  element = T.must(dependency).requirements.find { |r| r[:file] == file.name }
197
201
  tag = T.must(element).dig(:source, :tag) || ""
198
- digest = T.must(element).dig(:source, :digest) ? "@#{T.must(element).dig(:source, :digest)}" : ""
202
+ digest = T.must(element).dig(:source, :digest) ? "@sha256:#{T.must(element).dig(:source, :digest)}" : ""
199
203
  "#{tag}#{digest}"
200
204
  end
201
205
 
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-docker
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.310.0
4
+ version: 0.312.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  bindir: bin
9
9
  cert_chain: []
10
- date: 2025-04-24 00:00:00.000000000 Z
10
+ date: 2025-05-09 00:00:00.000000000 Z
11
11
  dependencies:
12
12
  - !ruby/object:Gem::Dependency
13
13
  name: dependabot-common
@@ -15,28 +15,28 @@ dependencies:
15
15
  requirements:
16
16
  - - '='
17
17
  - !ruby/object:Gem::Version
18
- version: 0.310.0
18
+ version: 0.312.0
19
19
  type: :runtime
20
20
  prerelease: false
21
21
  version_requirements: !ruby/object:Gem::Requirement
22
22
  requirements:
23
23
  - - '='
24
24
  - !ruby/object:Gem::Version
25
- version: 0.310.0
25
+ version: 0.312.0
26
26
  - !ruby/object:Gem::Dependency
27
27
  name: debug
28
28
  requirement: !ruby/object:Gem::Requirement
29
29
  requirements:
30
30
  - - "~>"
31
31
  - !ruby/object:Gem::Version
32
- version: 1.9.2
32
+ version: '1.9'
33
33
  type: :development
34
34
  prerelease: false
35
35
  version_requirements: !ruby/object:Gem::Requirement
36
36
  requirements:
37
37
  - - "~>"
38
38
  - !ruby/object:Gem::Version
39
- version: 1.9.2
39
+ version: '1.9'
40
40
  - !ruby/object:Gem::Dependency
41
41
  name: gpgme
42
42
  requirement: !ruby/object:Gem::Requirement
@@ -57,14 +57,14 @@ dependencies:
57
57
  requirements:
58
58
  - - "~>"
59
59
  - !ruby/object:Gem::Version
60
- version: '13'
60
+ version: '13.2'
61
61
  type: :development
62
62
  prerelease: false
63
63
  version_requirements: !ruby/object:Gem::Requirement
64
64
  requirements:
65
65
  - - "~>"
66
66
  - !ruby/object:Gem::Version
67
- version: '13'
67
+ version: '13.2'
68
68
  - !ruby/object:Gem::Dependency
69
69
  name: rspec
70
70
  requirement: !ruby/object:Gem::Requirement
@@ -99,98 +99,98 @@ dependencies:
99
99
  requirements:
100
100
  - - "~>"
101
101
  - !ruby/object:Gem::Version
102
- version: 1.9.2
102
+ version: '1.9'
103
103
  type: :development
104
104
  prerelease: false
105
105
  version_requirements: !ruby/object:Gem::Requirement
106
106
  requirements:
107
107
  - - "~>"
108
108
  - !ruby/object:Gem::Version
109
- version: 1.9.2
109
+ version: '1.9'
110
110
  - !ruby/object:Gem::Dependency
111
111
  name: rubocop
112
112
  requirement: !ruby/object:Gem::Requirement
113
113
  requirements:
114
114
  - - "~>"
115
115
  - !ruby/object:Gem::Version
116
- version: 1.67.0
116
+ version: '1.67'
117
117
  type: :development
118
118
  prerelease: false
119
119
  version_requirements: !ruby/object:Gem::Requirement
120
120
  requirements:
121
121
  - - "~>"
122
122
  - !ruby/object:Gem::Version
123
- version: 1.67.0
123
+ version: '1.67'
124
124
  - !ruby/object:Gem::Dependency
125
125
  name: rubocop-performance
126
126
  requirement: !ruby/object:Gem::Requirement
127
127
  requirements:
128
128
  - - "~>"
129
129
  - !ruby/object:Gem::Version
130
- version: 1.22.1
130
+ version: '1.22'
131
131
  type: :development
132
132
  prerelease: false
133
133
  version_requirements: !ruby/object:Gem::Requirement
134
134
  requirements:
135
135
  - - "~>"
136
136
  - !ruby/object:Gem::Version
137
- version: 1.22.1
137
+ version: '1.22'
138
138
  - !ruby/object:Gem::Dependency
139
139
  name: rubocop-rspec
140
140
  requirement: !ruby/object:Gem::Requirement
141
141
  requirements:
142
142
  - - "~>"
143
143
  - !ruby/object:Gem::Version
144
- version: 2.29.1
144
+ version: '2.29'
145
145
  type: :development
146
146
  prerelease: false
147
147
  version_requirements: !ruby/object:Gem::Requirement
148
148
  requirements:
149
149
  - - "~>"
150
150
  - !ruby/object:Gem::Version
151
- version: 2.29.1
151
+ version: '2.29'
152
152
  - !ruby/object:Gem::Dependency
153
153
  name: rubocop-sorbet
154
154
  requirement: !ruby/object:Gem::Requirement
155
155
  requirements:
156
156
  - - "~>"
157
157
  - !ruby/object:Gem::Version
158
- version: 0.8.7
158
+ version: '0.8'
159
159
  type: :development
160
160
  prerelease: false
161
161
  version_requirements: !ruby/object:Gem::Requirement
162
162
  requirements:
163
163
  - - "~>"
164
164
  - !ruby/object:Gem::Version
165
- version: 0.8.7
165
+ version: '0.8'
166
166
  - !ruby/object:Gem::Dependency
167
167
  name: simplecov
168
168
  requirement: !ruby/object:Gem::Requirement
169
169
  requirements:
170
170
  - - "~>"
171
171
  - !ruby/object:Gem::Version
172
- version: 0.22.0
172
+ version: '0.22'
173
173
  type: :development
174
174
  prerelease: false
175
175
  version_requirements: !ruby/object:Gem::Requirement
176
176
  requirements:
177
177
  - - "~>"
178
178
  - !ruby/object:Gem::Version
179
- version: 0.22.0
179
+ version: '0.22'
180
180
  - !ruby/object:Gem::Dependency
181
181
  name: turbo_tests
182
182
  requirement: !ruby/object:Gem::Requirement
183
183
  requirements:
184
184
  - - "~>"
185
185
  - !ruby/object:Gem::Version
186
- version: 2.2.0
186
+ version: '2.2'
187
187
  type: :development
188
188
  prerelease: false
189
189
  version_requirements: !ruby/object:Gem::Requirement
190
190
  requirements:
191
191
  - - "~>"
192
192
  - !ruby/object:Gem::Version
193
- version: 2.2.0
193
+ version: '2.2'
194
194
  - !ruby/object:Gem::Dependency
195
195
  name: vcr
196
196
  requirement: !ruby/object:Gem::Requirement
@@ -223,16 +223,16 @@ dependencies:
223
223
  name: webrick
224
224
  requirement: !ruby/object:Gem::Requirement
225
225
  requirements:
226
- - - ">="
226
+ - - "~>"
227
227
  - !ruby/object:Gem::Version
228
- version: '1.7'
228
+ version: '1.9'
229
229
  type: :development
230
230
  prerelease: false
231
231
  version_requirements: !ruby/object:Gem::Requirement
232
232
  requirements:
233
- - - ">="
233
+ - - "~>"
234
234
  - !ruby/object:Gem::Version
235
- version: '1.7'
235
+ version: '1.9'
236
236
  description: Dependabot-Docker provides support for bumping Docker image tags via
237
237
  Dependabot. If you want support for multiple package managers, you probably want
238
238
  the meta-gem dependabot-omnibus.
@@ -261,7 +261,7 @@ licenses:
261
261
  - MIT
262
262
  metadata:
263
263
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
264
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.310.0
264
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.312.0
265
265
  rdoc_options: []
266
266
  require_paths:
267
267
  - lib