dependabot-docker_compose 0.301.1 → 0.302.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f013b83f2aee3471ad04a37a2cb705587f6d9ef3feb11eaca5b3c9ca1d917ea4
|
|
4
|
+
data.tar.gz: a767ede3de68f8019646c18ada1bd62effce4e4f3207dc8fbd8daf3c57ead95b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a7024c1c406fe761d7cb42ac91eeb1d91cbf75711a2fdf58745ed70e4e299d89cae4b1e0e0f92c4b21d5911ae3f0bdc1b61d9dec49ae0a5ff063d1a020dcbd29
|
|
7
|
+
data.tar.gz: 359be8b9184d88c14615e32c6c8724463b6dd83369b70584478ee6eb71053104018fcd63a9c93c98789129663727b000fa9ca6b4e3191272e8aea4727c646859
|
|
@@ -10,7 +10,7 @@ module Dependabot
|
|
|
10
10
|
class FileParser < Dependabot::Shared::SharedFileParser
|
|
11
11
|
extend T::Sig
|
|
12
12
|
|
|
13
|
-
ENV_VAR = /\${[^}]+}/
|
|
13
|
+
ENV_VAR = /\${(?<variable_name>[^}:]+)(?:\:-(?<default_value>[^}]+))?}/
|
|
14
14
|
DIGEST = /(?<digest>[0-9a-f]{64})/
|
|
15
15
|
IMAGE_REGEX = %r{^(#{REGISTRY}/)?#{IMAGE}#{TAG}?(?:@sha256:#{DIGEST})?#{NAME}?}x
|
|
16
16
|
|
|
@@ -65,10 +65,7 @@ module Dependabot
|
|
|
65
65
|
return nil unless service
|
|
66
66
|
|
|
67
67
|
if service["image"]
|
|
68
|
-
return
|
|
69
|
-
|
|
70
|
-
match = IMAGE_REGEX.match(service["image"])
|
|
71
|
-
return match&.named_captures
|
|
68
|
+
return service_image(service["image"])
|
|
72
69
|
elsif service["build"].is_a?(Hash) && service["build"]["dockerfile_inline"]
|
|
73
70
|
return nil if service["build"]["dockerfile_inline"].match?(/^FROM\s+\${[^}]+}$/)
|
|
74
71
|
|
|
@@ -79,6 +76,20 @@ module Dependabot
|
|
|
79
76
|
nil
|
|
80
77
|
end
|
|
81
78
|
|
|
79
|
+
sig { params(image: String).returns(T.nilable(T::Hash[String, T.nilable(String)])) }
|
|
80
|
+
def service_image(image)
|
|
81
|
+
docker_image = image
|
|
82
|
+
|
|
83
|
+
if image.match?(/^#{ENV_VAR}/o)
|
|
84
|
+
default_value = ENV_VAR.match(image)&.named_captures&.fetch("default_value")
|
|
85
|
+
return unless default_value
|
|
86
|
+
|
|
87
|
+
docker_image = default_value
|
|
88
|
+
end
|
|
89
|
+
|
|
90
|
+
IMAGE_REGEX.match(docker_image)&.named_captures
|
|
91
|
+
end
|
|
92
|
+
|
|
82
93
|
sig { params(parsed_image: T::Hash[String, T.nilable(String)]).returns(T.nilable(String)) }
|
|
83
94
|
def version_from(parsed_image)
|
|
84
95
|
return nil if parsed_image["tag"]&.match?(ENV_VAR)
|
|
@@ -34,7 +34,7 @@ module Dependabot
|
|
|
34
34
|
|
|
35
35
|
sig { override.params(escaped_declaration: String).returns(Regexp) }
|
|
36
36
|
def build_old_declaration_regex(escaped_declaration)
|
|
37
|
-
%r{#{IMAGE_REGEX}\s+["']?(docker\.io/)?#{escaped_declaration}["']?(?=\s|$)}
|
|
37
|
+
%r{#{IMAGE_REGEX}\s+["']?(?:\$\{[^\}:]+:-)?(docker\.io/)?#{escaped_declaration}(?:\})?["']?(?=\s|$)}
|
|
38
38
|
end
|
|
39
39
|
|
|
40
40
|
sig { override.returns(T::Array[Dependabot::DependencyFile]) }
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-docker_compose
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.302.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2025-03-
|
|
11
|
+
date: 2025-03-20 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,28 +16,28 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.302.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.302.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: dependabot-docker
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
30
30
|
requirements:
|
|
31
31
|
- - '='
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: 0.
|
|
33
|
+
version: 0.302.0
|
|
34
34
|
type: :runtime
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
38
|
- - '='
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version: 0.
|
|
40
|
+
version: 0.302.0
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: debug
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -266,7 +266,7 @@ licenses:
|
|
|
266
266
|
- MIT
|
|
267
267
|
metadata:
|
|
268
268
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
269
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
269
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.302.0
|
|
270
270
|
post_install_message:
|
|
271
271
|
rdoc_options: []
|
|
272
272
|
require_paths:
|