dependabot-docker 0.174.0 → 0.174.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/docker/file_parser.rb +3 -20
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 8f5be4f2a5c45a357f904ce23f3d60af4a42e34db2f1d11b23ae91f2b4f800e8
|
4
|
+
data.tar.gz: e697b7b2d47caf8dc61e9f7550717028d21ddedb4c83b8e94c7a7faf7ab4b7fc
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 195fe442312c7ff739333415868a826b7815e85faab79a07cd6e55f1096f42f58b25d8e54d028a5e5bb516fb6b08f6851eb05ab6853333e1b35943619b92aa38
|
7
|
+
data.tar.gz: bf4552a2efdba5293dbacfc09af0692ec9e6a5c6ea95952dcad780800f6000dd3c71901bb09307f7440354c0bff367a48db4c227d2fd0bab25ca01030f0e6b5a
|
@@ -16,16 +16,15 @@ module Dependabot
|
|
16
16
|
# Details of Docker regular expressions is at
|
17
17
|
# https://github.com/docker/distribution/blob/master/reference/regexp.go
|
18
18
|
DOMAIN_COMPONENT =
|
19
|
-
/[[:alnum:]]|[[:alnum:]][[:alnum:]-]*[[:alnum:]]/.freeze
|
19
|
+
/(?:[[:alnum:]]|[[:alnum:]][[[:alnum:]]-]*[[:alnum:]])/.freeze
|
20
20
|
DOMAIN = /(?:#{DOMAIN_COMPONENT}(?:\.#{DOMAIN_COMPONENT})+)/.freeze
|
21
21
|
REGISTRY = /(?<registry>#{DOMAIN}(?::\d+)?)/.freeze
|
22
22
|
|
23
|
-
NAME_COMPONENT = /[a-z\d]+(?:(?:[._]|__|[-]*)[a-z\d]+)
|
23
|
+
NAME_COMPONENT = /(?:[a-z\d]+(?:(?:[._]|__|[-]*)[a-z\d]+)*)/.freeze
|
24
24
|
IMAGE = %r{(?<image>#{NAME_COMPONENT}(?:/#{NAME_COMPONENT})*)}.freeze
|
25
25
|
|
26
|
-
ARG = /ARG/i.freeze
|
27
26
|
FROM = /FROM/i.freeze
|
28
|
-
PLATFORM = /--platform
|
27
|
+
PLATFORM = /--platform\=(?<platform>\S+)/.freeze
|
29
28
|
TAG = /:(?<tag>[\w][\w.-]{0,127})/.freeze
|
30
29
|
DIGEST = /@(?<digest>[^\s]+)/.freeze
|
31
30
|
NAME = /\s+AS\s+(?<name>[\w-]+)/.freeze
|
@@ -39,16 +38,7 @@ module Dependabot
|
|
39
38
|
dependency_set = DependencySet.new
|
40
39
|
|
41
40
|
dockerfiles.each do |dockerfile|
|
42
|
-
args = {}
|
43
41
|
dockerfile.content.each_line do |line|
|
44
|
-
if ARG.match(line)
|
45
|
-
key_value = line.delete_prefix("ARG ").split("=")
|
46
|
-
next if key_value.count != 2 # The ARG has no default value that we can set
|
47
|
-
|
48
|
-
args[key_value[0]] = key_value[1].delete_suffix("\n")
|
49
|
-
next
|
50
|
-
end
|
51
|
-
line = replace_args(line, args)
|
52
42
|
next unless FROM_LINE.match?(line)
|
53
43
|
|
54
44
|
parsed_from_line = FROM_LINE.match(line).named_captures
|
@@ -76,13 +66,6 @@ module Dependabot
|
|
76
66
|
|
77
67
|
private
|
78
68
|
|
79
|
-
def replace_args(line, args)
|
80
|
-
line.gsub(/\${?\w+}?/) do |s|
|
81
|
-
escaped = s.delete_prefix("$").delete_prefix("{").delete_suffix("}")
|
82
|
-
args[escaped]
|
83
|
-
end
|
84
|
-
end
|
85
|
-
|
86
69
|
def dockerfiles
|
87
70
|
# The Docker file fetcher only fetches Dockerfiles, so no need to
|
88
71
|
# filter here
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-docker
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.174.
|
4
|
+
version: 0.174.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-02-
|
11
|
+
date: 2022-02-22 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.174.
|
19
|
+
version: 0.174.1
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.174.
|
26
|
+
version: 0.174.1
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|