dependabot-opentofu 0.382.0 → 0.384.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/opentofu/file_parser.rb +3 -3
- data/lib/dependabot/opentofu/package/package_details_fetcher.rb +0 -1
- data/lib/dependabot/opentofu/registry_client.rb +3 -7
- data/lib/dependabot/opentofu/requirements_updater.rb +19 -13
- data/lib/dependabot/opentofu/update_checker.rb +5 -7
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2a82604c26d4a240e6651632638402c50c7ae24196dc3658a1b7d3d3e3229f1c
|
|
4
|
+
data.tar.gz: 01c7e7cbb510f2d31d4183010cef5ee5254926f3c1a1538ca76a3f277000d260
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a30a2babda1cbb778c624303560a44811e06635f3625afb82e3b082146937a8bb698c6b8d53bb0903e3617faae21beb5b631932df255bde76c8049ef8e702158
|
|
7
|
+
data.tar.gz: a16f41398bf1f36d7ff4df3447de9cb2fe30ed0915b36677c6b58f47abe675e27145c7cf8e5402362cf9c801215211d54860f2daa2b2925a26bcb8e801e17918
|
|
@@ -346,11 +346,11 @@ module Dependabot
|
|
|
346
346
|
# sub-module path; only the bare repo is queryable for tags.
|
|
347
347
|
artifact_identifier, subdirectory = uri_part.split(%r{(?<!:)//}, 2)
|
|
348
348
|
|
|
349
|
-
qs =
|
|
349
|
+
qs = URI.decode_www_form(query_part).to_h
|
|
350
350
|
# Treat `?tag=` or `?digest=` (empty value) the same as the param
|
|
351
351
|
# being absent, so we don't propagate "" as a usable version.
|
|
352
|
-
tag = qs["tag"]
|
|
353
|
-
digest = qs["digest"]
|
|
352
|
+
tag = qs["tag"]&.then { |v| v.empty? ? nil : v }
|
|
353
|
+
digest = qs["digest"]&.then { |v| v.empty? ? nil : v }
|
|
354
354
|
|
|
355
355
|
if tag && digest
|
|
356
356
|
raise DependencyFileNotEvaluatable,
|
|
@@ -233,8 +233,8 @@ module Dependabot
|
|
|
233
233
|
).returns(Excon::Response)
|
|
234
234
|
end
|
|
235
235
|
def self.oci_get(url, host:, credentials:)
|
|
236
|
-
cred = credentials.find do |c|
|
|
237
|
-
c["type"]
|
|
236
|
+
cred = credentials.reverse_each.find do |c|
|
|
237
|
+
ACCEPTED_CREDENTIAL_TYPES.include?(c["type"]) && (c["host"] == host || c["registry"] == host)
|
|
238
238
|
end
|
|
239
239
|
|
|
240
240
|
headers = {}
|
|
@@ -299,11 +299,7 @@ module Dependabot
|
|
|
299
299
|
|
|
300
300
|
sig { returns(T::Hash[String, T::Hash[Symbol, T.untyped]]) }
|
|
301
301
|
def self.oci_token_cache
|
|
302
|
-
@oci_token_cache
|
|
303
|
-
@oci_token_cache,
|
|
304
|
-
T.nilable(T::Hash[String, T::Hash[Symbol, T.untyped]])
|
|
305
|
-
)
|
|
306
|
-
@oci_token_cache ||= {}
|
|
302
|
+
@oci_token_cache ||= T.let({}, T.nilable(T::Hash[String, T::Hash[Symbol, T.untyped]]))
|
|
307
303
|
end
|
|
308
304
|
private_class_method :oci_token_cache
|
|
309
305
|
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
|
|
9
9
|
require "sorbet-runtime"
|
|
10
10
|
|
|
11
|
+
require "dependabot/dependency_requirement"
|
|
11
12
|
require "dependabot/opentofu/version"
|
|
12
13
|
require "dependabot/opentofu/requirement"
|
|
13
14
|
|
|
@@ -50,18 +51,21 @@ module Dependabot
|
|
|
50
51
|
class RequirementsUpdater
|
|
51
52
|
extend T::Sig
|
|
52
53
|
|
|
53
|
-
# @param requirements [
|
|
54
|
+
# @param requirements [Array<Dependabot::DependencyRequirement>]
|
|
54
55
|
# @param latest_version [Dependabot::Opentofu::Version]
|
|
55
56
|
# @param tag_for_latest_version [String, NilClass]
|
|
56
57
|
sig do
|
|
57
58
|
params(
|
|
58
|
-
requirements: T::Array[
|
|
59
|
+
requirements: T::Array[Dependabot::DependencyRequirement],
|
|
59
60
|
latest_version: T.nilable(Dependabot::Version::VersionParameter),
|
|
60
61
|
tag_for_latest_version: T.nilable(String)
|
|
61
62
|
).void
|
|
62
63
|
end
|
|
63
64
|
def initialize(requirements:, latest_version:, tag_for_latest_version:)
|
|
64
|
-
@requirements =
|
|
65
|
+
@requirements = T.let(
|
|
66
|
+
requirements.map { |req| Dependabot::DependencyRequirement.create(req) },
|
|
67
|
+
T::Array[Dependabot::DependencyRequirement]
|
|
68
|
+
)
|
|
65
69
|
@tag_for_latest_version = tag_for_latest_version
|
|
66
70
|
|
|
67
71
|
return unless latest_version
|
|
@@ -70,12 +74,12 @@ module Dependabot
|
|
|
70
74
|
@latest_version = T.let(version_class.new(latest_version), Dependabot::Opentofu::Version)
|
|
71
75
|
end
|
|
72
76
|
|
|
73
|
-
# @return requirements [
|
|
77
|
+
# @return requirements [Array<Dependabot::DependencyRequirement>]
|
|
74
78
|
# * requirement [String, NilClass] the updated version constraint
|
|
75
79
|
# * groups [Array] no-op for OpenTofu
|
|
76
80
|
# * file [String] the file that specified this dependency
|
|
77
81
|
# * source [Hash{Symbol => String}] The updated git or registry source details
|
|
78
|
-
sig { returns(T::Array[
|
|
82
|
+
sig { returns(T::Array[Dependabot::DependencyRequirement]) }
|
|
79
83
|
def updated_requirements
|
|
80
84
|
# NOTE: Order is important here. The FileUpdater needs the updated
|
|
81
85
|
# requirement at index `i` to correspond to the previous requirement
|
|
@@ -92,7 +96,7 @@ module Dependabot
|
|
|
92
96
|
|
|
93
97
|
private
|
|
94
98
|
|
|
95
|
-
sig { returns(T::Array[
|
|
99
|
+
sig { returns(T::Array[Dependabot::DependencyRequirement]) }
|
|
96
100
|
attr_reader :requirements
|
|
97
101
|
|
|
98
102
|
sig { returns(Dependabot::Opentofu::Version) }
|
|
@@ -101,15 +105,15 @@ module Dependabot
|
|
|
101
105
|
sig { returns(T.nilable(String)) }
|
|
102
106
|
attr_reader :tag_for_latest_version
|
|
103
107
|
|
|
104
|
-
sig { params(req:
|
|
108
|
+
sig { params(req: Dependabot::DependencyRequirement).returns(Dependabot::DependencyRequirement) }
|
|
105
109
|
def update_git_requirement(req)
|
|
106
110
|
return req unless req.dig(:source, :ref)
|
|
107
111
|
return req unless tag_for_latest_version
|
|
108
112
|
|
|
109
|
-
req.merge(source: req[:source].merge(ref: tag_for_latest_version))
|
|
113
|
+
Dependabot::DependencyRequirement.create(req.merge(source: req[:source].merge(ref: tag_for_latest_version)))
|
|
110
114
|
end
|
|
111
115
|
|
|
112
|
-
sig { params(req:
|
|
116
|
+
sig { params(req: Dependabot::DependencyRequirement).returns(Dependabot::DependencyRequirement) }
|
|
113
117
|
def update_oci_requirement(req)
|
|
114
118
|
return req unless defined?(@latest_version) && @latest_version
|
|
115
119
|
return req if req.dig(:source, :digest)
|
|
@@ -118,12 +122,14 @@ module Dependabot
|
|
|
118
122
|
new_tag = latest_version.to_s
|
|
119
123
|
return req if req.dig(:source, :tag) == new_tag
|
|
120
124
|
|
|
121
|
-
|
|
122
|
-
|
|
125
|
+
Dependabot::DependencyRequirement.create(
|
|
126
|
+
req.merge(
|
|
127
|
+
source: req[:source].merge(tag: new_tag, version: new_tag)
|
|
128
|
+
)
|
|
123
129
|
)
|
|
124
130
|
end
|
|
125
131
|
|
|
126
|
-
sig { params(req:
|
|
132
|
+
sig { params(req: Dependabot::DependencyRequirement).returns(Dependabot::DependencyRequirement) }
|
|
127
133
|
def update_registry_requirement(req)
|
|
128
134
|
return req if req.fetch(:requirement).nil?
|
|
129
135
|
|
|
@@ -139,7 +145,7 @@ module Dependabot
|
|
|
139
145
|
update_range(string_req).join(", ")
|
|
140
146
|
end
|
|
141
147
|
|
|
142
|
-
req.merge(requirement: new_req)
|
|
148
|
+
Dependabot::DependencyRequirement.create(req.merge(requirement: new_req))
|
|
143
149
|
end
|
|
144
150
|
|
|
145
151
|
# Updates the version in a "~>" constraint to allow the given version
|
|
@@ -48,13 +48,11 @@ module Dependabot
|
|
|
48
48
|
|
|
49
49
|
sig { override.returns(T::Array[Dependabot::DependencyRequirement]) }
|
|
50
50
|
def updated_requirements
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
).updated_requirements
|
|
57
|
-
)
|
|
51
|
+
RequirementsUpdater.new(
|
|
52
|
+
requirements: dependency.requirements,
|
|
53
|
+
latest_version: latest_version&.to_s,
|
|
54
|
+
tag_for_latest_version: tag_for_latest_version
|
|
55
|
+
).updated_requirements
|
|
58
56
|
end
|
|
59
57
|
|
|
60
58
|
sig { returns(T::Boolean) }
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-opentofu
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.384.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.384.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.384.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: debug
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -262,7 +262,7 @@ licenses:
|
|
|
262
262
|
- MIT
|
|
263
263
|
metadata:
|
|
264
264
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
265
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
265
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.384.0
|
|
266
266
|
rdoc_options: []
|
|
267
267
|
require_paths:
|
|
268
268
|
- lib
|
|
@@ -277,7 +277,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
277
277
|
- !ruby/object:Gem::Version
|
|
278
278
|
version: 3.3.0
|
|
279
279
|
requirements: []
|
|
280
|
-
rubygems_version:
|
|
280
|
+
rubygems_version: 4.0.14
|
|
281
281
|
specification_version: 4
|
|
282
282
|
summary: Provides Dependabot support for OpenTofu
|
|
283
283
|
test_files: []
|