dependabot-opentofu 0.383.0 → 0.385.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: fc4253cdce3171a37489fb046de7882875e655c15b56732bebf43a754546ab4a
4
- data.tar.gz: ea6af31292e7683f9a0d5948efe78df36a4cdb1f77589bc86fb2f18e6a6bcb05
3
+ metadata.gz: 3bb80d0b504e093127b1fc9a74f482b8a8b73f99698c968bfd0e8b1c198dd026
4
+ data.tar.gz: fa2816fbf5b4108eb4bbe9e3acbe13efb6a7dee9aafc385af73ecb404233ed76
5
5
  SHA512:
6
- metadata.gz: 7d9d8a564be61e229656b4d3e86a0bd366e07aa2cffdda3e244f067db8f5d2b640c8301cee04362eb60189674a5affe9c148a0408370884771667cd9bd3a7bc7
7
- data.tar.gz: 3250c78283dbe1f3f045bec1e1be132464038696c9ddf16feab9b5181310a1f8fee05070e33cc9fd8dea179b99baf2ec39ba8e5eae5d26bc46cb13a4a50a6163
6
+ metadata.gz: bb7b69e38138d4ea57b94df897078e63dbc9bab27ac79d8e6dd5c63528ddc4c1a890afeb18c97688e77d9bd4976304ba13b7cfffd4522c1c2c6b4b489f9a0b28
7
+ data.tar.gz: 8fa4575d341d81acbd5a242e800590f6b8326d84cb55c58bcf4b8d84a81c74d53c59425f7676ba2dd4a7c29dfbc7640ad99cbf9520a892b1ffbdf23940a76475
@@ -346,11 +346,11 @@ module Dependabot
346
346
  # sub-module path; only the bare repo is queryable for tags.
347
347
  artifact_identifier, subdirectory = uri_part.split(%r{(?<!:)//}, 2)
348
348
 
349
- qs = CGI.parse(query_part)
349
+ qs = URI.decode_www_form(query_part).to_h
350
350
  # Treat `?tag=` or `?digest=` (empty value) the same as the param
351
351
  # being absent, so we don't propagate "" as a usable version.
352
- tag = qs["tag"].first&.then { |v| v.empty? ? nil : v }
353
- digest = qs["digest"].first&.then { |v| v.empty? ? nil : v }
352
+ tag = qs["tag"]&.then { |v| v.empty? ? nil : v }
353
+ digest = qs["digest"]&.then { |v| v.empty? ? nil : v }
354
354
 
355
355
  if tag && digest
356
356
  raise DependencyFileNotEvaluatable,
@@ -3,7 +3,6 @@
3
3
 
4
4
  require "json"
5
5
  require "time"
6
- require "cgi"
7
6
  require "excon"
8
7
  require "sorbet-runtime"
9
8
  require "dependabot/swift"
@@ -185,7 +185,7 @@ module Dependabot
185
185
  return nil unless response.status == 204
186
186
 
187
187
  source_url = response.headers.fetch("X-OpenTofu-Get")
188
- source_url = URI.join(download_url, source_url) if
188
+ source_url = URI.join(download_url, source_url).to_s if
189
189
  source_url.start_with?("/", "./", "../")
190
190
  source_url = RegistryClient.get_proxied_source(source_url) if source_url
191
191
  when "provider", "providers"
@@ -233,8 +233,8 @@ module Dependabot
233
233
  ).returns(Excon::Response)
234
234
  end
235
235
  def self.oci_get(url, host:, credentials:)
236
- cred = credentials.find do |c|
237
- c["type"] == "opentofu_registry" && (c["host"] == host || c["registry"] == host)
236
+ cred = credentials.reverse_each.find do |c|
237
+ ACCEPTED_CREDENTIAL_TYPES.include?(c["type"]) && (c["host"] == host || c["registry"] == host)
238
238
  end
239
239
 
240
240
  headers = {}
@@ -299,11 +299,7 @@ module Dependabot
299
299
 
300
300
  sig { returns(T::Hash[String, T::Hash[Symbol, T.untyped]]) }
301
301
  def self.oci_token_cache
302
- @oci_token_cache = T.let(
303
- @oci_token_cache,
304
- T.nilable(T::Hash[String, T::Hash[Symbol, T.untyped]])
305
- )
306
- @oci_token_cache ||= {}
302
+ @oci_token_cache ||= T.let({}, T.nilable(T::Hash[String, T::Hash[Symbol, T.untyped]]))
307
303
  end
308
304
  private_class_method :oci_token_cache
309
305
 
@@ -99,7 +99,7 @@ module Dependabot
99
99
  sig { returns(T::Array[Dependabot::DependencyRequirement]) }
100
100
  attr_reader :requirements
101
101
 
102
- sig { returns(Dependabot::Opentofu::Version) }
102
+ sig { returns(T.nilable(Dependabot::Opentofu::Version)) }
103
103
  attr_reader :latest_version
104
104
 
105
105
  sig { returns(T.nilable(String)) }
@@ -133,12 +133,15 @@ module Dependabot
133
133
  def update_registry_requirement(req)
134
134
  return req if req.fetch(:requirement).nil?
135
135
 
136
+ latest = latest_version
137
+ return req if latest.nil?
138
+
136
139
  string_req = req.fetch(:requirement).strip
137
140
  ruby_req = requirement_class.new(string_req)
138
- return req if ruby_req.satisfied_by?(latest_version)
141
+ return req if ruby_req.satisfied_by?(latest)
139
142
 
140
143
  new_req =
141
- if ruby_req.exact? then latest_version.to_s
144
+ if ruby_req.exact? then latest.to_s
142
145
  elsif string_req.start_with?("~>")
143
146
  update_twiddle_version(string_req).to_s
144
147
  else
@@ -153,18 +156,19 @@ module Dependabot
153
156
  def update_twiddle_version(req_string)
154
157
  old_version = requirement_class.new(req_string)
155
158
  .requirements.first.last
156
- updated_version = at_same_precision(latest_version, old_version)
159
+ updated_version = at_same_precision(T.must(latest_version), old_version)
157
160
  req_string.sub(old_version.to_s, updated_version)
158
161
  end
159
162
 
160
163
  sig { params(req_string: String).returns(T::Array[Dependabot::Opentofu::Requirement]) }
161
164
  def update_range(req_string)
165
+ latest = T.must(latest_version)
162
166
  requirement_class.new(req_string).requirements.flat_map do |r|
163
167
  ruby_req = requirement_class.new(r.join(" "))
164
- next ruby_req if ruby_req.satisfied_by?(latest_version)
168
+ next ruby_req if ruby_req.satisfied_by?(latest)
165
169
 
166
170
  case op = ruby_req.requirements.first.first
167
- when "<", "<=" then [update_greatest_version(ruby_req, latest_version)]
171
+ when "<", "<=" then [update_greatest_version(ruby_req, latest)]
168
172
  when "!=" then []
169
173
  else raise "Unexpected operation for unsatisfied req: #{op}"
170
174
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-opentofu
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.383.0
4
+ version: 0.385.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -15,14 +15,14 @@ dependencies:
15
15
  requirements:
16
16
  - - '='
17
17
  - !ruby/object:Gem::Version
18
- version: 0.383.0
18
+ version: 0.385.0
19
19
  type: :runtime
20
20
  prerelease: false
21
21
  version_requirements: !ruby/object:Gem::Requirement
22
22
  requirements:
23
23
  - - '='
24
24
  - !ruby/object:Gem::Version
25
- version: 0.383.0
25
+ version: 0.385.0
26
26
  - !ruby/object:Gem::Dependency
27
27
  name: debug
28
28
  requirement: !ruby/object:Gem::Requirement
@@ -262,7 +262,7 @@ licenses:
262
262
  - MIT
263
263
  metadata:
264
264
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
265
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.383.0
265
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.385.0
266
266
  rdoc_options: []
267
267
  require_paths:
268
268
  - lib
@@ -277,7 +277,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
277
277
  - !ruby/object:Gem::Version
278
278
  version: 3.3.0
279
279
  requirements: []
280
- rubygems_version: 3.7.2
280
+ rubygems_version: 4.0.14
281
281
  specification_version: 4
282
282
  summary: Provides Dependabot support for OpenTofu
283
283
  test_files: []