dependabot-docker 0.225.0 → 0.226.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/docker/tag.rb +40 -5
- data/lib/dependabot/docker/update_checker.rb +5 -21
- metadata +7 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b32a9aefbcd623b4e2bf553b4aec6676f758f3d27f50f67f99156cc32d8206a0
|
|
4
|
+
data.tar.gz: f710312b8e2bed67dafabcea2b601be717292fab22301613e447a73153465703
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: aa265e080fb4afd058721b5ac0bada493708327f2b5d10d35e0652b15ef0ae3b560ab890fbdd84a20ddf0a8abc7aff34d4bab56423a4b157553dc363ebed285e
|
|
7
|
+
data.tar.gz: 7f15e687d41a354f1a36b1e22ec899354d4f16edae0ae909e0ab2f105c57aaf3e59de48349b7005a92a13ded2cfd48ab8596434789001c62e345163d227e3894
|
|
@@ -5,7 +5,8 @@ require "dependabot/docker/file_parser"
|
|
|
5
5
|
module Dependabot
|
|
6
6
|
module Docker
|
|
7
7
|
class Tag
|
|
8
|
-
|
|
8
|
+
WORDS_WITH_BUILD = /(?:(?:-[a-z]+)+-[0-9]+)+/
|
|
9
|
+
VERSION_REGEX = /v?(?<version>[0-9]+(?:\.[0-9]+)*(?:_[0-9]+|\.[a-z0-9]+|#{WORDS_WITH_BUILD}|-(?:kb)?[0-9]+)*)/i
|
|
9
10
|
VERSION_WITH_SFX = /^#{VERSION_REGEX}(?<suffix>-[a-z][a-z0-9.\-]*)?$/i
|
|
10
11
|
VERSION_WITH_PFX = /^(?<prefix>[a-z][a-z0-9.\-]*-)?#{VERSION_REGEX}$/i
|
|
11
12
|
VERSION_WITH_PFX_AND_SFX = /^(?<prefix>[a-z\-]+-)?#{VERSION_REGEX}(?<suffix>-[a-z\-]+)?$/i
|
|
@@ -30,6 +31,25 @@ module Dependabot
|
|
|
30
31
|
name.match?(FileParser::DIGEST)
|
|
31
32
|
end
|
|
32
33
|
|
|
34
|
+
def looks_like_prerelease?
|
|
35
|
+
numeric_version.gsub(/kb/i, "").match?(/[a-zA-Z]/)
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
def comparable_to?(other)
|
|
39
|
+
return false unless comparable?
|
|
40
|
+
|
|
41
|
+
other_prefix = other.prefix
|
|
42
|
+
other_suffix = other.suffix
|
|
43
|
+
other_format = other.format
|
|
44
|
+
|
|
45
|
+
equal_prefix = prefix == other_prefix
|
|
46
|
+
equal_format = format == other_format
|
|
47
|
+
return equal_prefix && equal_format if other_format == :sha_suffixed
|
|
48
|
+
|
|
49
|
+
equal_suffix = suffix == other_suffix
|
|
50
|
+
equal_prefix && equal_format && equal_suffix
|
|
51
|
+
end
|
|
52
|
+
|
|
33
53
|
def comparable?
|
|
34
54
|
name.match?(NAME_WITH_VERSION)
|
|
35
55
|
end
|
|
@@ -62,11 +82,26 @@ module Dependabot
|
|
|
62
82
|
name.match(NAME_WITH_VERSION).named_captures.fetch("suffix")
|
|
63
83
|
end
|
|
64
84
|
|
|
85
|
+
def version
|
|
86
|
+
name.match(NAME_WITH_VERSION).named_captures.fetch("version")
|
|
87
|
+
end
|
|
88
|
+
|
|
65
89
|
def format
|
|
66
|
-
return :year_month if
|
|
67
|
-
return :year_month_day if
|
|
90
|
+
return :year_month if version.match?(/^[12]\d{3}(?:[.\-]|$)/)
|
|
91
|
+
return :year_month_day if version.match?(/^[12]\d{5}(?:[.\-]|$)/)
|
|
68
92
|
return :sha_suffixed if name.match?(/(^|\-g?)[0-9a-f]{7,}$/)
|
|
69
|
-
return :build_num if
|
|
93
|
+
return :build_num if version.match?(/^\d+$/)
|
|
94
|
+
|
|
95
|
+
# As an example, "21-ea-32", "22-ea-7", and "22-ea-jdk-nanoserver-1809"
|
|
96
|
+
# are mapped to "<version>-ea-<build_num>", "<version>-ea-<build_num>",
|
|
97
|
+
# and "<version>-ea-jdk-nanoserver-<build_num>" respectively.
|
|
98
|
+
#
|
|
99
|
+
# That means only "22-ea-7" will be considered as a viable update
|
|
100
|
+
# candidate for "21-ea-32", since it's the only one that respects that
|
|
101
|
+
# format.
|
|
102
|
+
if version.match?(WORDS_WITH_BUILD)
|
|
103
|
+
return :"<version>#{version.match(WORDS_WITH_BUILD).to_s.gsub(/-[0-9]+/, "-<build_num>")}"
|
|
104
|
+
end
|
|
70
105
|
|
|
71
106
|
:normal
|
|
72
107
|
end
|
|
@@ -74,7 +109,7 @@ module Dependabot
|
|
|
74
109
|
def numeric_version
|
|
75
110
|
return unless comparable?
|
|
76
111
|
|
|
77
|
-
|
|
112
|
+
version.gsub(/-[a-z]+/, "").downcase
|
|
78
113
|
end
|
|
79
114
|
|
|
80
115
|
def precision
|
|
@@ -82,10 +82,7 @@ module Dependabot
|
|
|
82
82
|
|
|
83
83
|
latest_tag = latest_tag_from(version)
|
|
84
84
|
|
|
85
|
-
|
|
86
|
-
latest_v = latest_tag.numeric_version
|
|
87
|
-
|
|
88
|
-
version_class.new(latest_v) <= version_class.new(old_v)
|
|
85
|
+
comparable_version_from(latest_tag) <= comparable_version_from(version_tag)
|
|
89
86
|
end
|
|
90
87
|
|
|
91
88
|
def digest_up_to_date?
|
|
@@ -151,18 +148,7 @@ module Dependabot
|
|
|
151
148
|
end
|
|
152
149
|
|
|
153
150
|
def comparable_tags_from_registry(original_tag)
|
|
154
|
-
|
|
155
|
-
original_suffix = original_tag.suffix
|
|
156
|
-
original_format = original_tag.format
|
|
157
|
-
|
|
158
|
-
candidate_tags =
|
|
159
|
-
tags_from_registry.
|
|
160
|
-
select(&:comparable?).
|
|
161
|
-
select { |tag| tag.prefix == original_prefix }.
|
|
162
|
-
select { |tag| tag.format == original_format }
|
|
163
|
-
return candidate_tags if original_format == :sha_suffixed
|
|
164
|
-
|
|
165
|
-
candidate_tags.select { |tag| tag.suffix == original_suffix }
|
|
151
|
+
tags_from_registry.select { |tag| tag.comparable_to?(original_tag) }
|
|
166
152
|
end
|
|
167
153
|
|
|
168
154
|
def remove_version_downgrades(candidate_tags, version_tag)
|
|
@@ -245,7 +231,7 @@ module Dependabot
|
|
|
245
231
|
end
|
|
246
232
|
|
|
247
233
|
def fetch_digest_of(tag)
|
|
248
|
-
docker_registry_client.
|
|
234
|
+
docker_registry_client.manifest_digest(docker_repo_name, tag)&.delete_prefix("sha256:")
|
|
249
235
|
rescue *transient_docker_errors => e
|
|
250
236
|
attempt ||= 1
|
|
251
237
|
attempt += 1
|
|
@@ -270,11 +256,9 @@ module Dependabot
|
|
|
270
256
|
end
|
|
271
257
|
|
|
272
258
|
def prerelease?(tag)
|
|
273
|
-
return true if tag.
|
|
259
|
+
return true if tag.looks_like_prerelease?
|
|
274
260
|
|
|
275
|
-
#
|
|
276
|
-
# the digest for the `latest` tag.
|
|
277
|
-
return false unless tag.numeric_version
|
|
261
|
+
# Compare the numeric version against the version of the `latest` tag.
|
|
278
262
|
return false unless latest_digest
|
|
279
263
|
return false unless version_of_latest_tag
|
|
280
264
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-docker
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.226.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-
|
|
11
|
+
date: 2023-08-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.226.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.226.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -128,14 +128,14 @@ dependencies:
|
|
|
128
128
|
requirements:
|
|
129
129
|
- - "~>"
|
|
130
130
|
- !ruby/object:Gem::Version
|
|
131
|
-
version: 1.
|
|
131
|
+
version: 1.18.0
|
|
132
132
|
type: :development
|
|
133
133
|
prerelease: false
|
|
134
134
|
version_requirements: !ruby/object:Gem::Requirement
|
|
135
135
|
requirements:
|
|
136
136
|
- - "~>"
|
|
137
137
|
- !ruby/object:Gem::Version
|
|
138
|
-
version: 1.
|
|
138
|
+
version: 1.18.0
|
|
139
139
|
- !ruby/object:Gem::Dependency
|
|
140
140
|
name: stackprof
|
|
141
141
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -202,7 +202,7 @@ licenses:
|
|
|
202
202
|
- Nonstandard
|
|
203
203
|
metadata:
|
|
204
204
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
205
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
205
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.226.0
|
|
206
206
|
post_install_message:
|
|
207
207
|
rdoc_options: []
|
|
208
208
|
require_paths:
|