dependabot-docker 0.138.2 → 0.138.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/docker/update_checker.rb +43 -33
  3. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4313615ae9f2f6c0efeb65418663ec45f1f7965a7ea412981a209c5803b59e2d
4
- data.tar.gz: 6f2006a43be48e68099eb3962a97d8bd1476c7f05442db26ec7b71949e01607f
3
+ metadata.gz: d88ce872558055c71518eaa80e23150aca1fe94212eacbf067083af1d0250463
4
+ data.tar.gz: 0fc78d88b2e32001ebf7c53ab13f9d2e796569390f4c60c000fa91c3e5e825fb
5
5
  SHA512:
6
- metadata.gz: 20bf85790d52e25abe3232a2e1c034196b507562f23e741e753530ca33363d89ec60d440c292307f5bc567946e7538ab5bc429ea7883e409b7930866814dabc4
7
- data.tar.gz: 4a9f1a48ad19b1676fb8d6486e00f0076101b9fb079b65b61b4f3586977ff4e6d6f39cbef93fd12e5bb0276f6231acfe2aad13f99f96dcea9001cad6a0c6a90b
6
+ metadata.gz: 610c7f511581e85ac612d8b562f409066f0cdf0beab8f5bf3db8aa074b3c6175d47fa2493394c66e042e2082157244a6fe6857f5b392d5cbaf6109334998d2ab
7
+ data.tar.gz: d5aa74eeb0708e040b0112b5fd65cc6e9f4f065bdaaddf4ef0781cce7759155f4e2766a380ed0798d68ca07f1084f7f11eb2d20552e9b6d33576b3f6378bc9c3
data/lib/dependabot/docker/update_checker.rb CHANGED
@@ -57,7 +57,7 @@ module Dependabot
57
57
  /x.freeze
58
58
 
59
59
  def latest_version
60
- @latest_version ||= fetch_latest_version
60
+ fetch_latest_version(dependency.version)
61
61
  end
62
62
 
63
63
  def latest_resolvable_version
@@ -74,7 +74,7 @@ module Dependabot
74
74
  dependency.requirements.map do |req|
75
75
  updated_source = req.fetch(:source).dup
76
76
  updated_source[:digest] = updated_digest if req[:source][:digest]
77
- updated_source[:tag] = latest_version if req[:source][:tag]
77
+ updated_source[:tag] = fetch_latest_version(req[:source][:tag]) if req[:source][:tag]
78
78
 
79
79
  req.merge(source: updated_source)
80
80
  end
@@ -97,17 +97,22 @@ module Dependabot
97
97
 
98
98
  def version_up_to_date?
99
99
  # If the tag isn't up-to-date then we can definitely update
100
- return false if version_tag_up_to_date? == false
100
+ return false if version_tag_up_to_date?(dependency.version) == false
101
+ return false if dependency.requirements.any? do |req|
102
+ version_tag_up_to_date?(req.fetch(:source, {})[:tag]) == false
103
+ end
101
104
 
102
105
  # Otherwise, if the Dockerfile specifies a digest check that that is
103
106
  # up-to-date
104
107
  digest_up_to_date?
105
108
  end
106
109
 
107
- def version_tag_up_to_date?
108
- return unless dependency.version.match?(NAME_WITH_VERSION)
110
+ def version_tag_up_to_date?(version)
111
+ return unless version&.match?(NAME_WITH_VERSION)
109
112
 
110
- old_v = numeric_version_from(dependency.version)
113
+ latest_version = fetch_latest_version(version)
114
+
115
+ old_v = numeric_version_from(version)
111
116
  latest_v = numeric_version_from(latest_version)
112
117
 
113
118
  return true if version_class.new(latest_v) <= version_class.new(old_v)
@@ -117,7 +122,7 @@ module Dependabot
117
122
  # digests are also unequal. Avoids 'updating' ruby-2 -> ruby-2.5.1
118
123
  return false if old_v.split(".").count == latest_v.split(".").count
119
124
 
120
- digest_of(dependency.version) == digest_of(latest_version)
125
+ digest_of(version) == digest_of(latest_version)
121
126
  end
122
127
 
123
128
  def digest_up_to_date?
@@ -131,34 +136,39 @@ module Dependabot
131
136
 
132
137
  # NOTE: It's important that this *always* returns a version (even if
133
138
  # it's the existing one) as it is what we later check the digest of.
134
- def fetch_latest_version
135
- return dependency.version unless dependency.version.match?(NAME_WITH_VERSION)
136
-
137
- # Prune out any downgrade tags before checking for pre-releases
138
- # (which requires a call to the registry for each tag, so can be slow)
139
- candidate_tags = comparable_tags_from_registry
140
- non_downgrade_tags = remove_version_downgrades(candidate_tags)
141
- candidate_tags = non_downgrade_tags if non_downgrade_tags.any?
142
-
143
- unless prerelease?(dependency.version)
144
- candidate_tags =
145
- candidate_tags.
146
- reject { |tag| prerelease?(tag) }
147
- end
148
-
149
- latest_tag =
150
- filter_ignored(candidate_tags).
151
- max_by do |tag|
152
- [version_class.new(numeric_version_from(tag)), tag.length]
139
+ def fetch_latest_version(version)
140
+ @versions ||= {}
141
+ return @versions[version] if @versions.key?(version)
142
+
143
+ @versions[version] = begin
144
+ return version unless version.match?(NAME_WITH_VERSION)
145
+
146
+ # Prune out any downgrade tags before checking for pre-releases
147
+ # (which requires a call to the registry for each tag, so can be slow)
148
+ candidate_tags = comparable_tags_from_registry(version)
149
+ non_downgrade_tags = remove_version_downgrades(candidate_tags, version)
150
+ candidate_tags = non_downgrade_tags if non_downgrade_tags.any?
151
+
152
+ unless prerelease?(version)
153
+ candidate_tags =
154
+ candidate_tags.
155
+ reject { |tag| prerelease?(tag) }
153
156
  end
154
157
 
155
- latest_tag || dependency.version
158
+ latest_tag =
159
+ filter_ignored(candidate_tags).
160
+ max_by do |tag|
161
+ [version_class.new(numeric_version_from(tag)), tag.length]
162
+ end
163
+
164
+ latest_tag || version
165
+ end
156
166
  end
157
167
 
158
- def comparable_tags_from_registry
159
- original_prefix = prefix_of(dependency.version)
160
- original_suffix = suffix_of(dependency.version)
161
- original_format = format_of(dependency.version)
168
+ def comparable_tags_from_registry(version)
169
+ original_prefix = prefix_of(version)
170
+ original_suffix = suffix_of(version)
171
+ original_format = format_of(version)
162
172
 
163
173
  tags_from_registry.
164
174
  select { |tag| tag.match?(NAME_WITH_VERSION) }.
@@ -168,10 +178,10 @@ module Dependabot
168
178
  reject { |tag| commit_sha_suffix?(tag) }
169
179
  end
170
180
 
171
- def remove_version_downgrades(candidate_tags)
181
+ def remove_version_downgrades(candidate_tags, version)
172
182
  candidate_tags.select do |tag|
173
183
  version_class.new(numeric_version_from(tag)) >=
174
- version_class.new(numeric_version_from(dependency.version))
184
+ version_class.new(numeric_version_from(version))
175
185
  end
176
186
  end
177
187
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-docker
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.138.2
4
+ version: 0.138.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-03-23 00:00:00.000000000 Z
11
+ date: 2021-03-24 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.138.2
19
+ version: 0.138.3
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.138.2
26
+ version: 0.138.3
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement