RubyGems - dependabot-docker - Versions diffs - 0.357.0 → 0.358.0 - Mend

dependabot-docker 0.357.0 → 0.358.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

checksums.yaml +4 -4
data/lib/dependabot/docker/tag.rb +31 -2
data/lib/dependabot/docker/update_checker.rb +17 -3
metadata +4 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f0da7bb48effe8a5b86cd862f5d2d30b8f369d7d6df87ad7fd1de3c867662973
-  data.tar.gz: 94868e4f0f7125a5191c38e7f2972de495e71bd83472a4af9fc26e5581ed026a
+  metadata.gz: 833270b93fa24ef85cea2fbd0819ad22cca0de52ef92494abde150812cb223eb
+  data.tar.gz: 51ddd06f0d81281929a636c781493d69bd082af3853862d2e9916388b7f56ed4
 SHA512:
-  metadata.gz: 88dbdf2a7461c50790a195a74310149ccf2ae5377dc062f61030e65144b508a11ae25b0969aa9e38b41ce11254cdb9d74ecb1aee419664217e5b6f1a53ccb928
-  data.tar.gz: c1910c37b0a9738b3a06d6cb76016bae3e8d79bd0849b178f7a3dd91df57939eb46e84f2cdf57143004beca0254b43df353bfa21be7a5964744256dec7839e91
+  metadata.gz: b8b00cf0309f237360aff90b7b3c75a6c81a6f2bb8b7d3c1cba93e32ae70005e4d28d15ef684f241268824c941f17670052328ce71cc8ca418032199badba6ec
+  data.tar.gz: b22d67a41edd6f4a8ee35b9b8a9254e533659000615b185840d46827669220ed5b091b9cd212ff9563f3755379fd57c82cd5d48aa68cbe214691e4a8abbcb919

data/lib/dependabot/docker/tag.rb CHANGED Viewed

@@ -38,9 +38,38 @@ module Dependabot
         name.match?(FileParser::DIGEST)
       end
-      sig { returns(T.nilable(T::Boolean)) }
+      sig { returns(T::Boolean) }
       def looks_like_prerelease?
-        numeric_version&.match?(/[a-zA-Z]/)
+        return false unless comparable?
+        # Don't treat SHA-suffixed tags as prereleases (e.g., v3.10.0-169-gfe040d3)
+        return false if format == :sha_suffixed
+        # Check for common prerelease patterns in the tag name
+        # The version regex splits things like "1.0.0-alpha" into version="1.0.0" and suffix="-alpha"
+        # So we need to check the full name or the combination of version and suffix
+        prerelease_patterns = [
+          /alpha/i,       # matches: alpha, ALPHA
+          /beta/i,        # matches: beta, BETA
+          /rc\d*/i,       # matches: rc, RC, RC1, rc2, etc.
+          /dev/i,         # matches: dev, DEV
+          /preview/i,     # matches: preview, PREVIEW
+          /\bpre\b/i,     # matches: pre, PRE as a whole word
+          /nightly/i,     # matches: nightly, NIGHTLY
+          /snapshot/i,    # matches: snapshot, SNAPSHOT
+          /canary/i,      # matches: canary, CANARY
+          /unstable/i,    # matches: unstable, UNSTABLE
+          /\d+[a-z]\d*/,  # matches: 3.15.0a2, 1.0b1 (version followed by letter and optional number)
+          /[a-z]+\d+$/,   # matches: alpha1, beta2, rc3 at the end
+          /\.post\d+/i,   # matches: .post1, .POST2 (Python PEP 440 post-release)
+          /\.dev\d+/i     # matches: .dev0, .DEV1 (Python PEP 440 development release)
+        ]
+        # Check both the version part and the suffix part
+        version_matches = version && prerelease_patterns.any? { |pattern| T.must(version).match?(pattern) }
+        suffix_matches = suffix && prerelease_patterns.any? { |pattern| T.must(suffix).match?(pattern) }
+        !!(version_matches || suffix_matches)
       end
       sig do

data/lib/dependabot/docker/update_checker.rb CHANGED Viewed

@@ -104,9 +104,23 @@ module Dependabot
       sig { returns(T::Boolean) }
       def digest_up_to_date?
         digest_requirements.all? do |req|
-          next true unless updated_digest
-          req.fetch(:source).fetch(:digest) == updated_digest
+          source = req.fetch(:source)
+          source_digest = source.fetch(:digest)
+          source_tag = source[:tag]
+          expected_digest =
+            if source_tag
+              latest_tag = latest_tag_from(source_tag)
+              digest_of(latest_tag.name)
+            else
+              updated_digest
+            end
+          # If we can't determine an expected digest (for example if the registry does not return digests)
+          # assume it's up to date
+          next true if expected_digest.nil?
+          source_digest == expected_digest
         end
       end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-docker
 version: !ruby/object:Gem::Version
-  version: 0.357.0
+  version: 0.358.0
 platform: ruby
 authors:
 - Dependabot
@@ -15,14 +15,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.357.0
+        version: 0.358.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.357.0
+        version: 0.358.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -261,7 +261,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.357.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.358.0
 rdoc_options: []
 require_paths:
 - lib