dependabot-terraform 0.212.0 → 0.213.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 5c5297a1d328dc52c83ba5a78841009b5cb39925f98dc6b6ae382f561cea0ed5
4
- data.tar.gz: 74db7a25d15ca90c1304cb2acf265a9d8d6d3281c74e8ed9074cba7bea400c58
3
+ metadata.gz: ea09f7b5541cb5d4312fc3a71c476238017f1a581fa310e81101e34cf394ad35
4
+ data.tar.gz: c8ba129b49830caf26533b356c5753ff96822d5a7ca25427de53885fc0fd908d
5
5
  SHA512:
6
- metadata.gz: 80d983b46329b668eaa81022961329820768056a7fdbc175e614eb1e57c50d60fb56328b848bf02da7b324f61db847f8a30d5fa676f0e65e7213c58251d26145
7
- data.tar.gz: cd3ea4534ab64ba1bd528a8cbc4a69c79e749ca6e359d2a56583168d4f4b5e42496c602a18b65b7b3c06c668747130fb5c89127473d4ddb32815b1b6c2620d20
6
+ metadata.gz: 6078a25195ced921328ca94c4e26a6d7dcdb6e9e9b6435fdf4f5ffa4513376fbd9c0dc41accfc945a8f242db4a63dd2f8413f32fb61913eff8d0308ff9728542
7
+ data.tar.gz: b073da62d0f06cedaef1867b2f589d434bb265dd6a22507c654d7638182010c98b00dd788bd5d0d1dc1dae0dd6bb38806c115b1648174194af74dd851ddafabf
@@ -10,7 +10,7 @@ module Dependabot
10
10
  include FileSelector
11
11
 
12
12
  # https://www.terraform.io/docs/language/modules/sources.html#local-paths
13
- LOCAL_PATH_SOURCE = %r{source\s*=\s*['"](?<path>..?\/[^'"]+)}.freeze
13
+ LOCAL_PATH_SOURCE = %r{source\s*=\s*['"](?<path>..?\/[^'"]+)}
14
14
 
15
15
  def self.required_files_in?(filenames)
16
16
  filenames.any? { |f| f.end_with?(".tf", ".hcl") }
@@ -24,7 +24,7 @@ module Dependabot
24
24
  DEFAULT_REGISTRY = "registry.terraform.io"
25
25
  DEFAULT_NAMESPACE = "hashicorp"
26
26
  # https://www.terraform.io/docs/language/providers/requirements.html#source-addresses
27
- PROVIDER_SOURCE_ADDRESS = %r{\A((?<hostname>.+)/)?(?<namespace>.+)/(?<name>.+)\z}.freeze
27
+ PROVIDER_SOURCE_ADDRESS = %r{\A((?<hostname>.+)/)?(?<namespace>.+)/(?<name>.+)\z}
28
28
 
29
29
  def parse
30
30
  dependency_set = DependencySet.new
@@ -11,9 +11,9 @@ module Dependabot
11
11
  class FileUpdater < Dependabot::FileUpdaters::Base
12
12
  include FileSelector
13
13
 
14
- PRIVATE_MODULE_ERROR = /Could not download module.*code from\n.*\"(?<repo>\S+)\":/.freeze
15
- MODULE_NOT_INSTALLED_ERROR = /Module not installed.*module\s*\"(?<mod>\S+)\"/m.freeze
16
- GIT_HTTPS_PREFIX = %r{^git::https://}.freeze
14
+ PRIVATE_MODULE_ERROR = /Could not download module.*code from\n.*\"(?<repo>\S+)\":/
15
+ MODULE_NOT_INSTALLED_ERROR = /Module not installed.*module\s*\"(?<mod>\S+)\"/m
16
+ GIT_HTTPS_PREFIX = %r{^git::https://}
17
17
 
18
18
  def self.updated_files_regex
19
19
  [/\.tf$/, /\.hcl$/]
@@ -48,6 +48,30 @@ module Dependabot
48
48
 
49
49
  private
50
50
 
51
+ # Terraform allows to use a module from the same source multiple times
52
+ # To detect any changes in dependencies we need to overwrite an implementation from the base class
53
+ #
54
+ # Example (for simplicity other parameters are skipped):
55
+ # previous_requirements = [{requirement: "0.9.1"}, {requirement: "0.11.0"}]
56
+ # requirements = [{requirement: "0.11.0"}, {requirement: "0.11.0"}]
57
+ #
58
+ # Simple difference between arrays gives:
59
+ # requirements - previous_requirements
60
+ # => []
61
+ # which loses an information that one of our requirements has changed.
62
+ #
63
+ # By using symmetric difference:
64
+ # (requirements - previous_requirements) | (previous_requirements - requirements)
65
+ # => [{requirement: "0.9.1"}]
66
+ # we can detect that change.
67
+ def requirement_changed?(file, dependency)
68
+ changed_requirements =
69
+ (dependency.requirements - dependency.previous_requirements) |
70
+ (dependency.previous_requirements - dependency.requirements)
71
+
72
+ changed_requirements.any? { |f| f[:file] == file.name }
73
+ end
74
+
51
75
  def updated_terraform_file_content(file)
52
76
  content = file.content.dup
53
77
 
@@ -89,7 +113,7 @@ module Dependabot
89
113
 
90
114
  def update_registry_declaration(new_req, old_req, updated_content)
91
115
  regex = new_req[:source][:type] == "provider" ? provider_declaration_regex : registry_declaration_regex
92
- updated_content.sub!(regex) do |regex_match|
116
+ updated_content.gsub!(regex) do |regex_match|
93
117
  regex_match.sub(/^\s*version\s*=.*/) do |req_line_match|
94
118
  req_line_match.sub(old_req[:requirement], new_req[:requirement])
95
119
  end
@@ -12,7 +12,7 @@ module Dependabot
12
12
  # https://www.terraform.io/docs/registry/modules/publish.html#requirements
13
13
  OPERATORS = OPS.keys.map { |key| Regexp.quote(key) }.join("|").freeze
14
14
  PATTERN_RAW = "\\s*(#{OPERATORS})?\\s*v?(#{Gem::Version::VERSION_PATTERN})\\s*"
15
- PATTERN = /\A#{PATTERN_RAW}\z/.freeze
15
+ PATTERN = /\A#{PATTERN_RAW}\z/
16
16
 
17
17
  def self.parse(obj)
18
18
  return ["=", Version.new(obj.to_s)] if obj.is_a?(Gem::Version)
@@ -27,7 +27,7 @@ module Dependabot
27
27
  [matches[1] || "=", Terraform::Version.new(matches[2])]
28
28
  end
29
29
 
30
- # For consistency with other langauges, we define a requirements array.
30
+ # For consistency with other languages, we define a requirements array.
31
31
  # Terraform doesn't have an `OR` separator for requirements, so it
32
32
  # always contains a single element.
33
33
  def self.requirements_array(requirement_string)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-terraform
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.212.0
4
+ version: 0.213.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-09-06 00:00:00.000000000 Z
11
+ date: 2022-10-31 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,42 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.212.0
19
+ version: 0.213.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.212.0
27
- - !ruby/object:Gem::Dependency
28
- name: debase
29
- requirement: !ruby/object:Gem::Requirement
30
- requirements:
31
- - - '='
32
- - !ruby/object:Gem::Version
33
- version: 0.2.3
34
- type: :development
35
- prerelease: false
36
- version_requirements: !ruby/object:Gem::Requirement
37
- requirements:
38
- - - '='
39
- - !ruby/object:Gem::Version
40
- version: 0.2.3
41
- - !ruby/object:Gem::Dependency
42
- name: debase-ruby_core_source
43
- requirement: !ruby/object:Gem::Requirement
44
- requirements:
45
- - - '='
46
- - !ruby/object:Gem::Version
47
- version: 0.10.16
48
- type: :development
49
- prerelease: false
50
- version_requirements: !ruby/object:Gem::Requirement
51
- requirements:
52
- - - '='
53
- - !ruby/object:Gem::Version
54
- version: 0.10.16
26
+ version: 0.213.0
55
27
  - !ruby/object:Gem::Dependency
56
28
  name: debug
57
29
  requirement: !ruby/object:Gem::Requirement
@@ -86,14 +58,14 @@ dependencies:
86
58
  requirements:
87
59
  - - "~>"
88
60
  - !ruby/object:Gem::Version
89
- version: 3.12.0
61
+ version: 3.13.0
90
62
  type: :development
91
63
  prerelease: false
92
64
  version_requirements: !ruby/object:Gem::Requirement
93
65
  requirements:
94
66
  - - "~>"
95
67
  - !ruby/object:Gem::Version
96
- version: 3.12.0
68
+ version: 3.13.0
97
69
  - !ruby/object:Gem::Dependency
98
70
  name: rake
99
71
  requirement: !ruby/object:Gem::Requirement
@@ -142,42 +114,28 @@ dependencies:
142
114
  requirements:
143
115
  - - "~>"
144
116
  - !ruby/object:Gem::Version
145
- version: 1.36.0
117
+ version: 1.37.1
146
118
  type: :development
147
119
  prerelease: false
148
120
  version_requirements: !ruby/object:Gem::Requirement
149
121
  requirements:
150
122
  - - "~>"
151
123
  - !ruby/object:Gem::Version
152
- version: 1.36.0
124
+ version: 1.37.1
153
125
  - !ruby/object:Gem::Dependency
154
126
  name: rubocop-performance
155
127
  requirement: !ruby/object:Gem::Requirement
156
128
  requirements:
157
129
  - - "~>"
158
130
  - !ruby/object:Gem::Version
159
- version: 1.14.2
160
- type: :development
161
- prerelease: false
162
- version_requirements: !ruby/object:Gem::Requirement
163
- requirements:
164
- - - "~>"
165
- - !ruby/object:Gem::Version
166
- version: 1.14.2
167
- - !ruby/object:Gem::Dependency
168
- name: ruby-debug-ide
169
- requirement: !ruby/object:Gem::Requirement
170
- requirements:
171
- - - "~>"
172
- - !ruby/object:Gem::Version
173
- version: 0.7.3
131
+ version: 1.15.0
174
132
  type: :development
175
133
  prerelease: false
176
134
  version_requirements: !ruby/object:Gem::Requirement
177
135
  requirements:
178
136
  - - "~>"
179
137
  - !ruby/object:Gem::Version
180
- version: 0.7.3
138
+ version: 1.15.0
181
139
  - !ruby/object:Gem::Dependency
182
140
  name: simplecov
183
141
  requirement: !ruby/object:Gem::Requirement
@@ -279,14 +237,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
279
237
  requirements:
280
238
  - - ">="
281
239
  - !ruby/object:Gem::Version
282
- version: 2.7.0
240
+ version: 3.1.0
283
241
  required_rubygems_version: !ruby/object:Gem::Requirement
284
242
  requirements:
285
243
  - - ">="
286
244
  - !ruby/object:Gem::Version
287
- version: 2.7.0
245
+ version: 3.1.0
288
246
  requirements: []
289
- rubygems_version: 3.1.6
247
+ rubygems_version: 3.3.7
290
248
  signing_key:
291
249
  specification_version: 4
292
250
  summary: Terraform support for dependabot