dependabot-docker 0.237.0 → 0.238.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/docker/file_parser.rb +17 -13
- data/lib/dependabot/docker/file_updater.rb +11 -7
- data/lib/dependabot/docker/tag.rb +4 -4
- data/lib/dependabot/docker/version.rb +12 -5
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 69bb77e9d2f9e7ba40fcb0e22d511c145a476f3f63552cf6eead115d6a65a752
|
|
4
|
+
data.tar.gz: 775a23cba49f525d5093629661c161d4deae5354daf52c8a5444f4cd6f3cdd09
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 96b9846927942ae465ab404247ad68f2cab7eaaa7e9301daec8153971154bb8a92f7be966f31ceb6e71dd0ca5a8685fcc032871257303ba35d11bef00833ce5a
|
|
7
|
+
data.tar.gz: 72c9b25b755bef30169f6428a66df7be98a02e35cc77e60d3a99e8cbf8c1d2a3ea4ba00d7bccdfe367d147f8287045f106a18267c76b80806fd18dcfbe88a155
|
|
@@ -24,12 +24,14 @@ module Dependabot
|
|
|
24
24
|
|
|
25
25
|
FROM = /FROM/i
|
|
26
26
|
PLATFORM = /--platform\=(?<platform>\S+)/
|
|
27
|
-
|
|
27
|
+
TAG_NO_PREFIX = /(?<tag>[\w][\w.-]{0,127})/
|
|
28
|
+
TAG = /:#{TAG_NO_PREFIX}/
|
|
28
29
|
DIGEST = /(?<digest>[0-9a-f]{64})/
|
|
29
30
|
NAME = /\s+AS\s+(?<name>[\w-]+)/
|
|
30
31
|
FROM_LINE =
|
|
31
32
|
%r{^#{FROM}\s+(#{PLATFORM}\s+)?(#{REGISTRY}/)?
|
|
32
33
|
#{IMAGE}#{TAG}?(?:@sha256:#{DIGEST})?#{NAME}?}x
|
|
34
|
+
TAG_WITH_DIGEST = /^#{TAG_NO_PREFIX}(?:@sha256:#{DIGEST})?/x
|
|
33
35
|
|
|
34
36
|
AWS_ECR_URL = /dkr\.ecr\.(?<region>[^.]+)\.amazonaws\.com/
|
|
35
37
|
|
|
@@ -50,7 +52,7 @@ module Dependabot
|
|
|
50
52
|
|
|
51
53
|
dependency_set << Dependency.new(
|
|
52
54
|
name: parsed_from_line.fetch("image"),
|
|
53
|
-
version: version
|
|
55
|
+
version: version,
|
|
54
56
|
package_manager: "docker",
|
|
55
57
|
requirements: [
|
|
56
58
|
requirement: nil,
|
|
@@ -127,7 +129,7 @@ module Dependabot
|
|
|
127
129
|
def build_image_dependency(file, details, version)
|
|
128
130
|
Dependency.new(
|
|
129
131
|
name: details.fetch("image"),
|
|
130
|
-
version: version
|
|
132
|
+
version: version,
|
|
131
133
|
package_manager: "docker",
|
|
132
134
|
requirements: [
|
|
133
135
|
requirement: nil,
|
|
@@ -168,18 +170,20 @@ module Dependabot
|
|
|
168
170
|
|
|
169
171
|
def parse_helm(img_hash)
|
|
170
172
|
repo = img_hash.fetch("repository", nil)
|
|
171
|
-
|
|
173
|
+
tag_value = img_hash.key?("tag") ? img_hash.fetch("tag", nil) : img_hash.fetch("version", nil)
|
|
172
174
|
registry = img_hash.fetch("registry", nil)
|
|
173
175
|
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
|
|
176
|
+
tag_details = tag_value.to_s.match(TAG_WITH_DIGEST).named_captures
|
|
177
|
+
tag = tag_details["tag"]
|
|
178
|
+
digest = tag_details["digest"]
|
|
179
|
+
|
|
180
|
+
return [] unless repo
|
|
181
|
+
return [repo] unless tag
|
|
182
|
+
|
|
183
|
+
image = "#{repo}:#{tag}"
|
|
184
|
+
image.prepend("#{registry}/") if registry
|
|
185
|
+
image.append("@sha256:#{digest}/") if digest
|
|
186
|
+
[image]
|
|
183
187
|
end
|
|
184
188
|
end
|
|
185
189
|
end
|
|
@@ -158,7 +158,7 @@ module Dependabot
|
|
|
158
158
|
old_tags.each do |old_tag|
|
|
159
159
|
old_tag_regex = /^\s+(?:-\s)?(?:tag|version):\s+["']?#{old_tag}["']?(?=\s|$)/
|
|
160
160
|
modified_content = modified_content.gsub(old_tag_regex) do |old_img_tag|
|
|
161
|
-
old_img_tag.gsub(old_tag.to_s,
|
|
161
|
+
old_img_tag.gsub(old_tag.to_s, new_helm_tag(file).to_s)
|
|
162
162
|
end
|
|
163
163
|
end
|
|
164
164
|
modified_content
|
|
@@ -187,11 +187,6 @@ module Dependabot
|
|
|
187
187
|
"#{prefix}#{dependency.name}#{tag}#{digest}"
|
|
188
188
|
end
|
|
189
189
|
|
|
190
|
-
def new_yaml_tag(file)
|
|
191
|
-
element = dependency.requirements.find { |r| r[:file] == file.name }
|
|
192
|
-
element.fetch(:source)[:tag] || ""
|
|
193
|
-
end
|
|
194
|
-
|
|
195
190
|
def old_yaml_images(file)
|
|
196
191
|
previous_requirements(file).map do |r|
|
|
197
192
|
prefix = r.fetch(:source)[:registry] ? "#{r.fetch(:source)[:registry]}/" : ""
|
|
@@ -203,10 +198,19 @@ module Dependabot
|
|
|
203
198
|
|
|
204
199
|
def old_helm_tags(file)
|
|
205
200
|
previous_requirements(file).map do |r|
|
|
206
|
-
r.fetch(:source)[:tag] || ""
|
|
201
|
+
tag = r.fetch(:source)[:tag] || ""
|
|
202
|
+
digest = r.fetch(:source)[:digest] ? "@sha256:#{r.fetch(:source)[:digest]}" : ""
|
|
203
|
+
"#{tag}#{digest}"
|
|
207
204
|
end
|
|
208
205
|
end
|
|
209
206
|
|
|
207
|
+
def new_helm_tag(file)
|
|
208
|
+
element = dependency.requirements.find { |r| r[:file] == file.name }
|
|
209
|
+
tag = element.fetch(:source)[:tag] || ""
|
|
210
|
+
digest = element.fetch(:source)[:digest] ? "@sha256:#{element.fetch(:source)[:digest]}" : ""
|
|
211
|
+
"#{tag}#{digest}"
|
|
212
|
+
end
|
|
213
|
+
|
|
210
214
|
def requirements(file)
|
|
211
215
|
dependency.requirements
|
|
212
216
|
.select { |r| r[:file] == file.name }
|
|
@@ -9,8 +9,8 @@ module Dependabot
|
|
|
9
9
|
WORDS_WITH_BUILD = /(?:(?:-[a-z]+)+-[0-9]+)+/
|
|
10
10
|
VERSION_REGEX = /v?(?<version>[0-9]+(?:\.[0-9]+)*(?:_[0-9]+|\.[a-z0-9]+|#{WORDS_WITH_BUILD}|-(?:kb)?[0-9]+)*)/i
|
|
11
11
|
VERSION_WITH_SFX = /^#{VERSION_REGEX}(?<suffix>-[a-z][a-z0-9.\-]*)?$/i
|
|
12
|
-
VERSION_WITH_PFX = /^(?<prefix>[a-z][a-z0-9.\-]*-)?#{VERSION_REGEX}$/i
|
|
13
|
-
VERSION_WITH_PFX_AND_SFX = /^(?<prefix>[a-z\-]+-)?#{VERSION_REGEX}(?<suffix>-[a-z\-]+)?$/i
|
|
12
|
+
VERSION_WITH_PFX = /^(?<prefix>[a-z][a-z0-9.\-_]*-)?#{VERSION_REGEX}$/i
|
|
13
|
+
VERSION_WITH_PFX_AND_SFX = /^(?<prefix>[a-z\-_]+-)?#{VERSION_REGEX}(?<suffix>-[a-z\-]+)?$/i
|
|
14
14
|
NAME_WITH_VERSION =
|
|
15
15
|
/
|
|
16
16
|
#{VERSION_WITH_PFX}|
|
|
@@ -88,9 +88,9 @@ module Dependabot
|
|
|
88
88
|
end
|
|
89
89
|
|
|
90
90
|
def format
|
|
91
|
-
return :year_month if version.match?(/^[12]\d{3}(?:[.\-]|$)/)
|
|
92
|
-
return :year_month_day if version.match?(/^[12]\d{5}(?:[.\-]|$)/)
|
|
93
91
|
return :sha_suffixed if name.match?(/(^|\-g?)[0-9a-f]{7,}$/)
|
|
92
|
+
return :year_month if version.match?(/^[12]\d{3}(?:[.\-]|$)/)
|
|
93
|
+
return :year_month_day if version.match?(/^[12](?:\d{5}|\d{7})(?:[.\-]|$)/)
|
|
94
94
|
return :build_num if version.match?(/^\d+$/)
|
|
95
95
|
|
|
96
96
|
# As an example, "21-ea-32", "22-ea-7", and "22-ea-jdk-nanoserver-1809"
|
|
@@ -13,13 +13,17 @@ module Dependabot
|
|
|
13
13
|
# for a description of Java versions.
|
|
14
14
|
#
|
|
15
15
|
class Version < Dependabot::Version
|
|
16
|
+
# The regex has limits for the 0,255 and 1,255 repetitions to avoid infinite limits which makes codeql angry.
|
|
17
|
+
# A docker image cannot be longer than 255 characters anyways.
|
|
18
|
+
DOCKER_VERSION_REGEX = /^(?<prefix>[a-z._\-]{0,255})[_\-v]?(?<version>.{1,255})$/
|
|
19
|
+
|
|
16
20
|
def initialize(version)
|
|
17
|
-
|
|
18
|
-
release_part =
|
|
21
|
+
parsed_version = version.match(DOCKER_VERSION_REGEX)
|
|
22
|
+
release_part, update_part = parsed_version[:version].split("_", 2)
|
|
19
23
|
|
|
20
24
|
# The numeric_version is needed here to validate the version string (ex: 20.9.0-alpine3.18)
|
|
21
25
|
# when the call is made via Depenedabot Api to convert the image version to semver.
|
|
22
|
-
release_part = Tag.new(release_part).numeric_version
|
|
26
|
+
release_part = Tag.new(release_part.chomp(".").chomp("-").chomp("_")).numeric_version
|
|
23
27
|
|
|
24
28
|
@release_part = Dependabot::Version.new(release_part.tr("-", "."))
|
|
25
29
|
@update_part = Dependabot::Version.new(update_part&.start_with?(/[0-9]/) ? update_part : 0)
|
|
@@ -32,8 +36,11 @@ module Dependabot
|
|
|
32
36
|
|
|
33
37
|
# We can't call new here because Gem::Version calls self.correct? in its initialize method
|
|
34
38
|
# causing an infinite loop, so instead we check if the release_part of the version is correct
|
|
35
|
-
|
|
36
|
-
|
|
39
|
+
parsed_version = version.match(DOCKER_VERSION_REGEX)
|
|
40
|
+
return false if parsed_version.nil?
|
|
41
|
+
|
|
42
|
+
release_part, = parsed_version[:version].split("_", 2)
|
|
43
|
+
release_part = Tag.new(release_part.chomp(".").chomp("-").chomp("_")).numeric_version || parsed_version
|
|
37
44
|
super(release_part)
|
|
38
45
|
rescue ArgumentError
|
|
39
46
|
# if we can't instantiate a version, it can't be correct
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-docker
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.238.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-
|
|
11
|
+
date: 2023-12-07 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.238.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.238.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -230,7 +230,7 @@ licenses:
|
|
|
230
230
|
- Nonstandard
|
|
231
231
|
metadata:
|
|
232
232
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
233
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
233
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.238.0
|
|
234
234
|
post_install_message:
|
|
235
235
|
rdoc_options: []
|
|
236
236
|
require_paths:
|