dependabot-docker 0.145.4 → 0.146.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/docker/file_parser.rb +13 -30
- data/lib/dependabot/docker/update_checker.rb +9 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 60910ee73d4a6742a2a2286a1b26b34c2dc2e1f8c36a76561fd8459eec62dcb3
|
|
4
|
+
data.tar.gz: ea44ba12dd979555f48491a2fadbe34c9376f6866ca844e85f32db43b39de76c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2e55164d3ac950f270f1b9af44dd59ac7b2952077637dfd8d5beea650ec85f8812b13a7e7c228aae98566862a61aea01cb91fac231d634c993cec1ac293ea854
|
|
7
|
+
data.tar.gz: c1fa06cc9d9c5f5fca2a14828da657e8b182d50ad6badc0ed930a476d748691ad230666fc779a20d8d4bddf383e75e5d7ce1ad897a9126fc99ace2f5fd7a0974
|
|
@@ -7,7 +7,6 @@ require "dependabot/file_parsers"
|
|
|
7
7
|
require "dependabot/file_parsers/base"
|
|
8
8
|
require "dependabot/errors"
|
|
9
9
|
require "dependabot/docker/utils/credentials_finder"
|
|
10
|
-
require "dependabot/docker/update_checker"
|
|
11
10
|
|
|
12
11
|
module Dependabot
|
|
13
12
|
module Docker
|
|
@@ -36,7 +35,7 @@ module Dependabot
|
|
|
36
35
|
AWS_ECR_URL = /dkr\.ecr\.(?<region>[^.]+).amazonaws\.com/.freeze
|
|
37
36
|
|
|
38
37
|
def parse
|
|
39
|
-
|
|
38
|
+
dependency_set = DependencySet.new
|
|
40
39
|
|
|
41
40
|
dockerfiles.each do |dockerfile|
|
|
42
41
|
dockerfile.content.each_line do |line|
|
|
@@ -48,29 +47,21 @@ module Dependabot
|
|
|
48
47
|
version = version_from(parsed_from_line)
|
|
49
48
|
next unless version
|
|
50
49
|
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
else
|
|
63
|
-
dependencies[dep_uniq_key] = Dependency.new(
|
|
64
|
-
name: name,
|
|
65
|
-
version: version,
|
|
66
|
-
package_manager: "docker",
|
|
67
|
-
requirements: [requirement]
|
|
68
|
-
)
|
|
69
|
-
end
|
|
50
|
+
dependency_set << Dependency.new(
|
|
51
|
+
name: parsed_from_line.fetch("image"),
|
|
52
|
+
version: version,
|
|
53
|
+
package_manager: "docker",
|
|
54
|
+
requirements: [
|
|
55
|
+
requirement: nil,
|
|
56
|
+
groups: [],
|
|
57
|
+
file: dockerfile.name,
|
|
58
|
+
source: source_from(parsed_from_line)
|
|
59
|
+
]
|
|
60
|
+
)
|
|
70
61
|
end
|
|
71
62
|
end
|
|
72
63
|
|
|
73
|
-
dependencies
|
|
64
|
+
dependency_set.dependencies
|
|
74
65
|
end
|
|
75
66
|
|
|
76
67
|
private
|
|
@@ -163,14 +154,6 @@ module Dependabot
|
|
|
163
154
|
|
|
164
155
|
raise "No Dockerfile!"
|
|
165
156
|
end
|
|
166
|
-
|
|
167
|
-
def dep_key(name, version)
|
|
168
|
-
m = version.match(Dependabot::Docker::UpdateChecker::NAME_WITH_VERSION)
|
|
169
|
-
return name unless m
|
|
170
|
-
|
|
171
|
-
captures = m.named_captures
|
|
172
|
-
[name, captures.fetch("prefix"), captures.fetch("suffix")].compact.join(":")
|
|
173
|
-
end
|
|
174
157
|
end
|
|
175
158
|
end
|
|
176
159
|
end
|
|
@@ -359,10 +359,18 @@ module Dependabot
|
|
|
359
359
|
version = version_class.new(numeric_version_from(tag))
|
|
360
360
|
ignore_requirements.any? { |r| r.satisfied_by?(version) }
|
|
361
361
|
end
|
|
362
|
-
|
|
362
|
+
if @raise_on_ignored && filter_lower_versions(filtered).empty? && filter_lower_versions(candidate_tags).any?
|
|
363
|
+
raise AllVersionsIgnored
|
|
364
|
+
end
|
|
363
365
|
|
|
364
366
|
filtered
|
|
365
367
|
end
|
|
368
|
+
|
|
369
|
+
def filter_lower_versions(tags)
|
|
370
|
+
versions_array = tags.map { |tag| version_class.new(numeric_version_from(tag)) }
|
|
371
|
+
versions_array.
|
|
372
|
+
select { |version| version > version_class.new(numeric_version_from(dependency.version)) }
|
|
373
|
+
end
|
|
366
374
|
end
|
|
367
375
|
end
|
|
368
376
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-docker
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.146.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-05-
|
|
11
|
+
date: 2021-05-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.146.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.146.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|