dependabot-docker 0.138.2 → 0.138.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/docker/update_checker.rb +43 -33
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d88ce872558055c71518eaa80e23150aca1fe94212eacbf067083af1d0250463
|
4
|
+
data.tar.gz: 0fc78d88b2e32001ebf7c53ab13f9d2e796569390f4c60c000fa91c3e5e825fb
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 610c7f511581e85ac612d8b562f409066f0cdf0beab8f5bf3db8aa074b3c6175d47fa2493394c66e042e2082157244a6fe6857f5b392d5cbaf6109334998d2ab
|
7
|
+
data.tar.gz: d5aa74eeb0708e040b0112b5fd65cc6e9f4f065bdaaddf4ef0781cce7759155f4e2766a380ed0798d68ca07f1084f7f11eb2d20552e9b6d33576b3f6378bc9c3
|
@@ -57,7 +57,7 @@ module Dependabot
|
|
57
57
|
/x.freeze
|
58
58
|
|
59
59
|
def latest_version
|
60
|
-
|
60
|
+
fetch_latest_version(dependency.version)
|
61
61
|
end
|
62
62
|
|
63
63
|
def latest_resolvable_version
|
@@ -74,7 +74,7 @@ module Dependabot
|
|
74
74
|
dependency.requirements.map do |req|
|
75
75
|
updated_source = req.fetch(:source).dup
|
76
76
|
updated_source[:digest] = updated_digest if req[:source][:digest]
|
77
|
-
updated_source[:tag] =
|
77
|
+
updated_source[:tag] = fetch_latest_version(req[:source][:tag]) if req[:source][:tag]
|
78
78
|
|
79
79
|
req.merge(source: updated_source)
|
80
80
|
end
|
@@ -97,17 +97,22 @@ module Dependabot
|
|
97
97
|
|
98
98
|
def version_up_to_date?
|
99
99
|
# If the tag isn't up-to-date then we can definitely update
|
100
|
-
return false if version_tag_up_to_date? == false
|
100
|
+
return false if version_tag_up_to_date?(dependency.version) == false
|
101
|
+
return false if dependency.requirements.any? do |req|
|
102
|
+
version_tag_up_to_date?(req.fetch(:source, {})[:tag]) == false
|
103
|
+
end
|
101
104
|
|
102
105
|
# Otherwise, if the Dockerfile specifies a digest check that that is
|
103
106
|
# up-to-date
|
104
107
|
digest_up_to_date?
|
105
108
|
end
|
106
109
|
|
107
|
-
def version_tag_up_to_date?
|
108
|
-
return unless
|
110
|
+
def version_tag_up_to_date?(version)
|
111
|
+
return unless version&.match?(NAME_WITH_VERSION)
|
109
112
|
|
110
|
-
|
113
|
+
latest_version = fetch_latest_version(version)
|
114
|
+
|
115
|
+
old_v = numeric_version_from(version)
|
111
116
|
latest_v = numeric_version_from(latest_version)
|
112
117
|
|
113
118
|
return true if version_class.new(latest_v) <= version_class.new(old_v)
|
@@ -117,7 +122,7 @@ module Dependabot
|
|
117
122
|
# digests are also unequal. Avoids 'updating' ruby-2 -> ruby-2.5.1
|
118
123
|
return false if old_v.split(".").count == latest_v.split(".").count
|
119
124
|
|
120
|
-
digest_of(
|
125
|
+
digest_of(version) == digest_of(latest_version)
|
121
126
|
end
|
122
127
|
|
123
128
|
def digest_up_to_date?
|
@@ -131,34 +136,39 @@ module Dependabot
|
|
131
136
|
|
132
137
|
# NOTE: It's important that this *always* returns a version (even if
|
133
138
|
# it's the existing one) as it is what we later check the digest of.
|
134
|
-
def fetch_latest_version
|
135
|
-
|
136
|
-
|
137
|
-
|
138
|
-
|
139
|
-
|
140
|
-
|
141
|
-
|
142
|
-
|
143
|
-
|
144
|
-
candidate_tags
|
145
|
-
|
146
|
-
|
147
|
-
|
148
|
-
|
149
|
-
|
150
|
-
|
151
|
-
max_by do |tag|
|
152
|
-
[version_class.new(numeric_version_from(tag)), tag.length]
|
139
|
+
def fetch_latest_version(version)
|
140
|
+
@versions ||= {}
|
141
|
+
return @versions[version] if @versions.key?(version)
|
142
|
+
|
143
|
+
@versions[version] = begin
|
144
|
+
return version unless version.match?(NAME_WITH_VERSION)
|
145
|
+
|
146
|
+
# Prune out any downgrade tags before checking for pre-releases
|
147
|
+
# (which requires a call to the registry for each tag, so can be slow)
|
148
|
+
candidate_tags = comparable_tags_from_registry(version)
|
149
|
+
non_downgrade_tags = remove_version_downgrades(candidate_tags, version)
|
150
|
+
candidate_tags = non_downgrade_tags if non_downgrade_tags.any?
|
151
|
+
|
152
|
+
unless prerelease?(version)
|
153
|
+
candidate_tags =
|
154
|
+
candidate_tags.
|
155
|
+
reject { |tag| prerelease?(tag) }
|
153
156
|
end
|
154
157
|
|
155
|
-
|
158
|
+
latest_tag =
|
159
|
+
filter_ignored(candidate_tags).
|
160
|
+
max_by do |tag|
|
161
|
+
[version_class.new(numeric_version_from(tag)), tag.length]
|
162
|
+
end
|
163
|
+
|
164
|
+
latest_tag || version
|
165
|
+
end
|
156
166
|
end
|
157
167
|
|
158
|
-
def comparable_tags_from_registry
|
159
|
-
original_prefix = prefix_of(
|
160
|
-
original_suffix = suffix_of(
|
161
|
-
original_format = format_of(
|
168
|
+
def comparable_tags_from_registry(version)
|
169
|
+
original_prefix = prefix_of(version)
|
170
|
+
original_suffix = suffix_of(version)
|
171
|
+
original_format = format_of(version)
|
162
172
|
|
163
173
|
tags_from_registry.
|
164
174
|
select { |tag| tag.match?(NAME_WITH_VERSION) }.
|
@@ -168,10 +178,10 @@ module Dependabot
|
|
168
178
|
reject { |tag| commit_sha_suffix?(tag) }
|
169
179
|
end
|
170
180
|
|
171
|
-
def remove_version_downgrades(candidate_tags)
|
181
|
+
def remove_version_downgrades(candidate_tags, version)
|
172
182
|
candidate_tags.select do |tag|
|
173
183
|
version_class.new(numeric_version_from(tag)) >=
|
174
|
-
version_class.new(numeric_version_from(
|
184
|
+
version_class.new(numeric_version_from(version))
|
175
185
|
end
|
176
186
|
end
|
177
187
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-docker
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.138.
|
4
|
+
version: 0.138.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-03-
|
11
|
+
date: 2021-03-24 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.138.
|
19
|
+
version: 0.138.3
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.138.
|
26
|
+
version: 0.138.3
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|