fix(renovate-changesets): prevent hex digest digits from being extracted as version numbers#2019
Merged
marcusrbrown merged 7 commits intomainfrom Apr 14, 2026
Merged
Conversation
…s version numbers - Add `(?!\w)` negative lookahead to VERSION_PATTERN so leading digits of hex strings like `6a454fe` are not captured as bare version numbers - In formatVersionText, omit the redundant `(N)` parenthetical when newVersion equals majorVersion (single-digit major-only like `v4`) - Add regression tests for digest-only PR title parsing Agent-Logs-Url: https://github.com/bfra-me/.github/sessions/63b2a431-4332-434c-81d8-3bfde5876654 Co-authored-by: marcusrbrown <831617+marcusrbrown@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Fix malformed summaries for digest-only Docker updates
fix(renovate-changesets): prevent hex digest digits from being extracted as version numbers
Apr 11, 2026
bfra-me
Bot
added
documentation
Member
|
@copilot ALWAYS run quality checks before pushing up code. Fix the linter errors. |
…N to fix lint The negative lookahead was useless in middle-of-regex contexts where the version is already bounded by whitespace, arrows, or parentheses. Apply (?!\w) only to the two end-of-regex "update ... to V" patterns where it is needed to reject leading hex digits of digest hashes. Agent-Logs-Url: https://github.com/bfra-me/.github/sessions/d5b72141-582b-42e6-b7b9-e3c8cb48e499 Co-authored-by: marcusrbrown <831617+marcusrbrown@users.noreply.github.com>
Contributor
Author
Fixed in f1e62be. The |
fro-bot
approved these changes
Apr 13, 2026
Contributor
fro-bot
left a comment
fro-bot
left a comment
There was a problem hiding this comment.
Verdict: PASS
Clean, well-scoped bug fix that prevents hex digest leading digits from being falsely extracted as version numbers in Docker digest-only Renovate PRs.
Blocking issues
None
Non-blocking concerns
renovate-parser.test.ts:554— Placeholder issue URLhttps://github.com/bfra-me/.github/issues/XXXXin the regression test comment. Consider linking to the actual issue or removing the reference.
Missing tests
None — the three added tests provide solid coverage:
- Bare hex digest (
6a454fe) correctly rejected as version sha256:prefixed digest correctly yields no version- Regression guard confirming
v4major-only versions still parse correctly
Risk assessment: LOW
- The
(?!\w)negative lookahead is narrowly applied only to the twoupdate ... to VERSIONpatterns where the version sits at regex end, which is exactly where digest-hash false positives occur. - The
bump ... from V to Vand(V → V)patterns are unaffected (correctly so — their paired structure already prevents this class of false positive). - The
formatVersionTextfix forto v4 (4)→to v4is a clean deduplication of display logic with no risk to other version formats. dist/index.jschanges match the source edits exactly.- Changeset correctly targets
renovate-changesetswithpatchbump.
Run Summary
| Field | Value |
|---|---|
| Event | pull_request |
| Repository | bfra-me/.github |
| Run ID | 24325784560 |
| Cache | hit |
| Session | ses_27ae21f33ffegGQMWmfOa7nD36 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
VERSION_PATTERNapproach — move(?!\w)out of the shared constant and apply it only to the twoupdate ... to Vpatterns inTEXT_PATTERNSwhere the version sits at the end of the regex (avoiding false positives from digest hashes like6a454fe)formatVersionTextinsummary-helpers.ts— omit redundant(N)whennewVersionis a bare major digitregexp/no-useless-assertions— lookahead was always-true in middle-of-regex contexts)dist/for therenovate-changesetsactionrenovate-changesetspackage (patch)