dependabot-terraform 0.211.0 → 0.213.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e5e39f5c5608fe88a35657b085c5bad6e4162b8e3ded2e537cb96928eb489de3
4
- data.tar.gz: ccbff9498afab19c9def1fa7e26ac752a50f4c2add9c610e11288ca64b981f34
3
+ metadata.gz: ea09f7b5541cb5d4312fc3a71c476238017f1a581fa310e81101e34cf394ad35
4
+ data.tar.gz: c8ba129b49830caf26533b356c5753ff96822d5a7ca25427de53885fc0fd908d
5
5
  SHA512:
6
- metadata.gz: 5c95fca4138a969b8ef650e9332fabf205324502afac11b62947a92bdf0f32e05f2181d3e9b601027408ff6da67c46ba29a68c89c6900cc5e7c3d86866f36ec8
7
- data.tar.gz: 8e45fecde37f713824dd1b2268f54899849399a34662feb1cf369147a6cde4ccd8aeb3ae27e8218e104e6fba36c037290da61648c6d4aaa6f5e489b3c999ee78
6
+ metadata.gz: 6078a25195ced921328ca94c4e26a6d7dcdb6e9e9b6435fdf4f5ffa4513376fbd9c0dc41accfc945a8f242db4a63dd2f8413f32fb61913eff8d0308ff9728542
7
+ data.tar.gz: b073da62d0f06cedaef1867b2f589d434bb265dd6a22507c654d7638182010c98b00dd788bd5d0d1dc1dae0dd6bb38806c115b1648174194af74dd851ddafabf
@@ -10,7 +10,7 @@ module Dependabot
10
10
  include FileSelector
11
11
 
12
12
  # https://www.terraform.io/docs/language/modules/sources.html#local-paths
13
- LOCAL_PATH_SOURCE = %r{source\s*=\s*['"](?<path>..?\/[^'"]+)}.freeze
13
+ LOCAL_PATH_SOURCE = %r{source\s*=\s*['"](?<path>..?\/[^'"]+)}
14
14
 
15
15
  def self.required_files_in?(filenames)
16
16
  filenames.any? { |f| f.end_with?(".tf", ".hcl") }
@@ -24,7 +24,7 @@ module Dependabot
24
24
  DEFAULT_REGISTRY = "registry.terraform.io"
25
25
  DEFAULT_NAMESPACE = "hashicorp"
26
26
  # https://www.terraform.io/docs/language/providers/requirements.html#source-addresses
27
- PROVIDER_SOURCE_ADDRESS = %r{\A((?<hostname>.+)/)?(?<namespace>.+)/(?<name>.+)\z}.freeze
27
+ PROVIDER_SOURCE_ADDRESS = %r{\A((?<hostname>.+)/)?(?<namespace>.+)/(?<name>.+)\z}
28
28
 
29
29
  def parse
30
30
  dependency_set = DependencySet.new
@@ -129,8 +129,8 @@ module Dependabot
129
129
  def deprecated_provider_error(file)
130
130
  raise Dependabot::DependencyFileNotParseable.new(
131
131
  file.path,
132
- "This terraform provider syntax is now deprecated.\n"\
133
- "See https://www.terraform.io/docs/language/providers/requirements.html "\
132
+ "This terraform provider syntax is now deprecated.\n" \
133
+ "See https://www.terraform.io/docs/language/providers/requirements.html " \
134
134
  "for the new Terraform v0.13+ provider syntax."
135
135
  )
136
136
  end
@@ -262,7 +262,7 @@ module Dependabot
262
262
  return :path if source_string.start_with?(".")
263
263
  return :github if source_string.start_with?("github.com/")
264
264
  return :bitbucket if source_string.start_with?("bitbucket.org/")
265
- return :git if source_string.start_with?("git::") || source_string.start_with?("git@")
265
+ return :git if source_string.start_with?("git::", "git@")
266
266
  return :mercurial if source_string.start_with?("hg::")
267
267
  return :s3 if source_string.start_with?("s3::")
268
268
 
@@ -11,9 +11,9 @@ module Dependabot
11
11
  class FileUpdater < Dependabot::FileUpdaters::Base
12
12
  include FileSelector
13
13
 
14
- PRIVATE_MODULE_ERROR = /Could not download module.*code from\n.*\"(?<repo>\S+)\":/.freeze
15
- MODULE_NOT_INSTALLED_ERROR = /Module not installed.*module\s*\"(?<mod>\S+)\"/m.freeze
16
- GIT_HTTPS_PREFIX = %r{^git::https://}.freeze
14
+ PRIVATE_MODULE_ERROR = /Could not download module.*code from\n.*\"(?<repo>\S+)\":/
15
+ MODULE_NOT_INSTALLED_ERROR = /Module not installed.*module\s*\"(?<mod>\S+)\"/m
16
+ GIT_HTTPS_PREFIX = %r{^git::https://}
17
17
 
18
18
  def self.updated_files_regex
19
19
  [/\.tf$/, /\.hcl$/]
@@ -48,6 +48,30 @@ module Dependabot
48
48
 
49
49
  private
50
50
 
51
+ # Terraform allows to use a module from the same source multiple times
52
+ # To detect any changes in dependencies we need to overwrite an implementation from the base class
53
+ #
54
+ # Example (for simplicity other parameters are skipped):
55
+ # previous_requirements = [{requirement: "0.9.1"}, {requirement: "0.11.0"}]
56
+ # requirements = [{requirement: "0.11.0"}, {requirement: "0.11.0"}]
57
+ #
58
+ # Simple difference between arrays gives:
59
+ # requirements - previous_requirements
60
+ # => []
61
+ # which loses an information that one of our requirements has changed.
62
+ #
63
+ # By using symmetric difference:
64
+ # (requirements - previous_requirements) | (previous_requirements - requirements)
65
+ # => [{requirement: "0.9.1"}]
66
+ # we can detect that change.
67
+ def requirement_changed?(file, dependency)
68
+ changed_requirements =
69
+ (dependency.requirements - dependency.previous_requirements) |
70
+ (dependency.previous_requirements - dependency.requirements)
71
+
72
+ changed_requirements.any? { |f| f[:file] == file.name }
73
+ end
74
+
51
75
  def updated_terraform_file_content(file)
52
76
  content = file.content.dup
53
77
 
@@ -65,7 +89,7 @@ module Dependabot
65
89
  when "registry", "provider"
66
90
  update_registry_declaration(new_req, old_req, content)
67
91
  else
68
- raise "Don't know how to update a #{new_req[:source][:type]} "\
92
+ raise "Don't know how to update a #{new_req[:source][:type]} " \
69
93
  "declaration!"
70
94
  end
71
95
  end
@@ -89,7 +113,7 @@ module Dependabot
89
113
 
90
114
  def update_registry_declaration(new_req, old_req, updated_content)
91
115
  regex = new_req[:source][:type] == "provider" ? provider_declaration_regex : registry_declaration_regex
92
- updated_content.sub!(regex) do |regex_match|
116
+ updated_content.gsub!(regex) do |regex_match|
93
117
  regex_match.sub(/^\s*version\s*=.*/) do |req_line_match|
94
118
  req_line_match.sub(old_req[:requirement], new_req[:requirement])
95
119
  end
@@ -313,7 +337,7 @@ module Dependabot
313
337
  end
314
338
 
315
339
  def registry_host_for(dependency)
316
- source = dependency.requirements.map { |r| r[:source] }.compact.first
340
+ source = dependency.requirements.filter_map { |r| r[:source] }.first
317
341
  source[:registry_hostname] || source["registry_hostname"] || "registry.terraform.io"
318
342
  end
319
343
 
@@ -31,14 +31,14 @@ module Dependabot
31
31
  end
32
32
 
33
33
  def find_source_from_git_url
34
- info = dependency.requirements.map { |r| r[:source] }.compact.first
34
+ info = dependency.requirements.filter_map { |r| r[:source] }.first
35
35
 
36
36
  url = info[:url] || info.fetch("url")
37
37
  Source.from_url(url)
38
38
  end
39
39
 
40
40
  def find_source_from_registry_details
41
- info = dependency.requirements.map { |r| r[:source] }.compact.first
41
+ info = dependency.requirements.filter_map { |r| r[:source] }.first
42
42
  hostname = info[:registry_hostname] || info["registry_hostname"]
43
43
 
44
44
  RegistryClient.
@@ -104,9 +104,7 @@ module Dependabot
104
104
 
105
105
  source_url = response.headers.fetch("X-Terraform-Get")
106
106
  source_url = URI.join(download_url, source_url) if
107
- source_url.start_with?("/") ||
108
- source_url.start_with?("./") ||
109
- source_url.start_with?("../")
107
+ source_url.start_with?("/", "./", "../")
110
108
  source_url = RegistryClient.get_proxied_source(source_url) if source_url
111
109
  when "provider", "providers"
112
110
  response = http_get(URI.join(base_url, "#{dependency.name}/#{dependency.version}"))
@@ -12,7 +12,7 @@ module Dependabot
12
12
  # https://www.terraform.io/docs/registry/modules/publish.html#requirements
13
13
  OPERATORS = OPS.keys.map { |key| Regexp.quote(key) }.join("|").freeze
14
14
  PATTERN_RAW = "\\s*(#{OPERATORS})?\\s*v?(#{Gem::Version::VERSION_PATTERN})\\s*"
15
- PATTERN = /\A#{PATTERN_RAW}\z/.freeze
15
+ PATTERN = /\A#{PATTERN_RAW}\z/
16
16
 
17
17
  def self.parse(obj)
18
18
  return ["=", Version.new(obj.to_s)] if obj.is_a?(Gem::Version)
@@ -27,7 +27,7 @@ module Dependabot
27
27
  [matches[1] || "=", Terraform::Version.new(matches[2])]
28
28
  end
29
29
 
30
- # For consistency with other langauges, we define a requirements array.
30
+ # For consistency with other languages, we define a requirements array.
31
31
  # Terraform doesn't have an `OR` separator for requirements, so it
32
32
  # always contains a single element.
33
33
  def self.requirements_array(requirement_string)
@@ -130,7 +130,7 @@ module Dependabot
130
130
 
131
131
  def at_same_precision(new_version, old_version)
132
132
  release_precision =
133
- old_version.to_s.split(".").select { |i| i.match?(/^\d+$/) }.count
133
+ old_version.to_s.split(".").count { |i| i.match?(/^\d+$/) }
134
134
  prerelease_precision =
135
135
  old_version.to_s.split(".").count - release_precision
136
136
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-terraform
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.211.0
4
+ version: 0.213.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-08-23 00:00:00.000000000 Z
11
+ date: 2022-10-31 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,42 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.211.0
19
+ version: 0.213.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.211.0
27
- - !ruby/object:Gem::Dependency
28
- name: debase
29
- requirement: !ruby/object:Gem::Requirement
30
- requirements:
31
- - - '='
32
- - !ruby/object:Gem::Version
33
- version: 0.2.3
34
- type: :development
35
- prerelease: false
36
- version_requirements: !ruby/object:Gem::Requirement
37
- requirements:
38
- - - '='
39
- - !ruby/object:Gem::Version
40
- version: 0.2.3
41
- - !ruby/object:Gem::Dependency
42
- name: debase-ruby_core_source
43
- requirement: !ruby/object:Gem::Requirement
44
- requirements:
45
- - - '='
46
- - !ruby/object:Gem::Version
47
- version: 0.10.16
48
- type: :development
49
- prerelease: false
50
- version_requirements: !ruby/object:Gem::Requirement
51
- requirements:
52
- - - '='
53
- - !ruby/object:Gem::Version
54
- version: 0.10.16
26
+ version: 0.213.0
55
27
  - !ruby/object:Gem::Dependency
56
28
  name: debug
57
29
  requirement: !ruby/object:Gem::Requirement
@@ -86,14 +58,14 @@ dependencies:
86
58
  requirements:
87
59
  - - "~>"
88
60
  - !ruby/object:Gem::Version
89
- version: 3.11.1
61
+ version: 3.13.0
90
62
  type: :development
91
63
  prerelease: false
92
64
  version_requirements: !ruby/object:Gem::Requirement
93
65
  requirements:
94
66
  - - "~>"
95
67
  - !ruby/object:Gem::Version
96
- version: 3.11.1
68
+ version: 3.13.0
97
69
  - !ruby/object:Gem::Dependency
98
70
  name: rake
99
71
  requirement: !ruby/object:Gem::Requirement
@@ -142,28 +114,28 @@ dependencies:
142
114
  requirements:
143
115
  - - "~>"
144
116
  - !ruby/object:Gem::Version
145
- version: 1.35.1
117
+ version: 1.37.1
146
118
  type: :development
147
119
  prerelease: false
148
120
  version_requirements: !ruby/object:Gem::Requirement
149
121
  requirements:
150
122
  - - "~>"
151
123
  - !ruby/object:Gem::Version
152
- version: 1.35.1
124
+ version: 1.37.1
153
125
  - !ruby/object:Gem::Dependency
154
- name: ruby-debug-ide
126
+ name: rubocop-performance
155
127
  requirement: !ruby/object:Gem::Requirement
156
128
  requirements:
157
129
  - - "~>"
158
130
  - !ruby/object:Gem::Version
159
- version: 0.7.3
131
+ version: 1.15.0
160
132
  type: :development
161
133
  prerelease: false
162
134
  version_requirements: !ruby/object:Gem::Requirement
163
135
  requirements:
164
136
  - - "~>"
165
137
  - !ruby/object:Gem::Version
166
- version: 0.7.3
138
+ version: 1.15.0
167
139
  - !ruby/object:Gem::Dependency
168
140
  name: simplecov
169
141
  requirement: !ruby/object:Gem::Requirement
@@ -265,14 +237,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
265
237
  requirements:
266
238
  - - ">="
267
239
  - !ruby/object:Gem::Version
268
- version: 2.7.0
240
+ version: 3.1.0
269
241
  required_rubygems_version: !ruby/object:Gem::Requirement
270
242
  requirements:
271
243
  - - ">="
272
244
  - !ruby/object:Gem::Version
273
- version: 2.7.0
245
+ version: 3.1.0
274
246
  requirements: []
275
- rubygems_version: 3.1.6
247
+ rubygems_version: 3.3.7
276
248
  signing_key:
277
249
  specification_version: 4
278
250
  summary: Terraform support for dependabot