dependabot-terraform 0.212.0 → 0.214.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4f71bc92463c650b0017996b239e934c11e142bf358346d933199809a421cdcc
|
|
4
|
+
data.tar.gz: 04cd2a28c3d5de1ba21e5b11d380e39245bba354cc5baaaa21f10469f56c7cf6
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: cf3a1762094ffe3a008ef7ed4780ddf246d84742df03aad54e94d5d9a8f200380dd8099aa7c64ce8f2db553d4066071828b4927eaad84af223d496bdee1bc07b
|
|
7
|
+
data.tar.gz: a63c4421a9c42b476ae9bfd9c21b72a096c95585875d105b880b7694ed50e2c3989a190918a0d53aecb99895ad9ec8a8b4ba7994ccf96378fb92ae3c56ab624b
|
|
@@ -10,7 +10,7 @@ module Dependabot
|
|
|
10
10
|
include FileSelector
|
|
11
11
|
|
|
12
12
|
# https://www.terraform.io/docs/language/modules/sources.html#local-paths
|
|
13
|
-
LOCAL_PATH_SOURCE = %r{source\s*=\s*['"](?<path>..?\/[^'"]+)}
|
|
13
|
+
LOCAL_PATH_SOURCE = %r{source\s*=\s*['"](?<path>..?\/[^'"]+)}
|
|
14
14
|
|
|
15
15
|
def self.required_files_in?(filenames)
|
|
16
16
|
filenames.any? { |f| f.end_with?(".tf", ".hcl") }
|
|
@@ -24,7 +24,7 @@ module Dependabot
|
|
|
24
24
|
DEFAULT_REGISTRY = "registry.terraform.io"
|
|
25
25
|
DEFAULT_NAMESPACE = "hashicorp"
|
|
26
26
|
# https://www.terraform.io/docs/language/providers/requirements.html#source-addresses
|
|
27
|
-
PROVIDER_SOURCE_ADDRESS = %r{\A((?<hostname>.+)/)?(?<namespace>.+)/(?<name>.+)\z}
|
|
27
|
+
PROVIDER_SOURCE_ADDRESS = %r{\A((?<hostname>.+)/)?(?<namespace>.+)/(?<name>.+)\z}
|
|
28
28
|
|
|
29
29
|
def parse
|
|
30
30
|
dependency_set = DependencySet.new
|
|
@@ -11,9 +11,9 @@ module Dependabot
|
|
|
11
11
|
class FileUpdater < Dependabot::FileUpdaters::Base
|
|
12
12
|
include FileSelector
|
|
13
13
|
|
|
14
|
-
PRIVATE_MODULE_ERROR = /Could not download module.*code from\n.*\"(?<repo>\S+)\"
|
|
15
|
-
MODULE_NOT_INSTALLED_ERROR = /Module not installed.*module\s*\"(?<mod>\S+)\"/m
|
|
16
|
-
GIT_HTTPS_PREFIX = %r{^git::https://}
|
|
14
|
+
PRIVATE_MODULE_ERROR = /Could not download module.*code from\n.*\"(?<repo>\S+)\":/
|
|
15
|
+
MODULE_NOT_INSTALLED_ERROR = /Module not installed.*module\s*\"(?<mod>\S+)\"/m
|
|
16
|
+
GIT_HTTPS_PREFIX = %r{^git::https://}
|
|
17
17
|
|
|
18
18
|
def self.updated_files_regex
|
|
19
19
|
[/\.tf$/, /\.hcl$/]
|
|
@@ -48,6 +48,30 @@ module Dependabot
|
|
|
48
48
|
|
|
49
49
|
private
|
|
50
50
|
|
|
51
|
+
# Terraform allows to use a module from the same source multiple times
|
|
52
|
+
# To detect any changes in dependencies we need to overwrite an implementation from the base class
|
|
53
|
+
#
|
|
54
|
+
# Example (for simplicity other parameters are skipped):
|
|
55
|
+
# previous_requirements = [{requirement: "0.9.1"}, {requirement: "0.11.0"}]
|
|
56
|
+
# requirements = [{requirement: "0.11.0"}, {requirement: "0.11.0"}]
|
|
57
|
+
#
|
|
58
|
+
# Simple difference between arrays gives:
|
|
59
|
+
# requirements - previous_requirements
|
|
60
|
+
# => []
|
|
61
|
+
# which loses an information that one of our requirements has changed.
|
|
62
|
+
#
|
|
63
|
+
# By using symmetric difference:
|
|
64
|
+
# (requirements - previous_requirements) | (previous_requirements - requirements)
|
|
65
|
+
# => [{requirement: "0.9.1"}]
|
|
66
|
+
# we can detect that change.
|
|
67
|
+
def requirement_changed?(file, dependency)
|
|
68
|
+
changed_requirements =
|
|
69
|
+
(dependency.requirements - dependency.previous_requirements) |
|
|
70
|
+
(dependency.previous_requirements - dependency.requirements)
|
|
71
|
+
|
|
72
|
+
changed_requirements.any? { |f| f[:file] == file.name }
|
|
73
|
+
end
|
|
74
|
+
|
|
51
75
|
def updated_terraform_file_content(file)
|
|
52
76
|
content = file.content.dup
|
|
53
77
|
|
|
@@ -89,7 +113,7 @@ module Dependabot
|
|
|
89
113
|
|
|
90
114
|
def update_registry_declaration(new_req, old_req, updated_content)
|
|
91
115
|
regex = new_req[:source][:type] == "provider" ? provider_declaration_regex : registry_declaration_regex
|
|
92
|
-
updated_content.
|
|
116
|
+
updated_content.gsub!(regex) do |regex_match|
|
|
93
117
|
regex_match.sub(/^\s*version\s*=.*/) do |req_line_match|
|
|
94
118
|
req_line_match.sub(old_req[:requirement], new_req[:requirement])
|
|
95
119
|
end
|
|
@@ -12,7 +12,7 @@ module Dependabot
|
|
|
12
12
|
# https://www.terraform.io/docs/registry/modules/publish.html#requirements
|
|
13
13
|
OPERATORS = OPS.keys.map { |key| Regexp.quote(key) }.join("|").freeze
|
|
14
14
|
PATTERN_RAW = "\\s*(#{OPERATORS})?\\s*v?(#{Gem::Version::VERSION_PATTERN})\\s*"
|
|
15
|
-
PATTERN = /\A#{PATTERN_RAW}\z
|
|
15
|
+
PATTERN = /\A#{PATTERN_RAW}\z/
|
|
16
16
|
|
|
17
17
|
def self.parse(obj)
|
|
18
18
|
return ["=", Version.new(obj.to_s)] if obj.is_a?(Gem::Version)
|
|
@@ -27,7 +27,7 @@ module Dependabot
|
|
|
27
27
|
[matches[1] || "=", Terraform::Version.new(matches[2])]
|
|
28
28
|
end
|
|
29
29
|
|
|
30
|
-
# For consistency with other
|
|
30
|
+
# For consistency with other languages, we define a requirements array.
|
|
31
31
|
# Terraform doesn't have an `OR` separator for requirements, so it
|
|
32
32
|
# always contains a single element.
|
|
33
33
|
def self.requirements_array(requirement_string)
|
|
@@ -45,14 +45,6 @@ module Dependabot
|
|
|
45
45
|
!proxy_requirement?
|
|
46
46
|
end
|
|
47
47
|
|
|
48
|
-
def requirement_class
|
|
49
|
-
Requirement
|
|
50
|
-
end
|
|
51
|
-
|
|
52
|
-
def version_class
|
|
53
|
-
Version
|
|
54
|
-
end
|
|
55
|
-
|
|
56
48
|
private
|
|
57
49
|
|
|
58
50
|
def latest_version_resolvable_with_full_unlock?
|
|
@@ -194,9 +186,7 @@ module Dependabot
|
|
|
194
186
|
dependency: dependency,
|
|
195
187
|
credentials: credentials,
|
|
196
188
|
ignored_versions: ignored_versions,
|
|
197
|
-
raise_on_ignored: raise_on_ignored
|
|
198
|
-
requirement_class: Requirement,
|
|
199
|
-
version_class: Version
|
|
189
|
+
raise_on_ignored: raise_on_ignored
|
|
200
190
|
)
|
|
201
191
|
end
|
|
202
192
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-terraform
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.214.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-12-01 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,42 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.214.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
27
|
-
- !ruby/object:Gem::Dependency
|
|
28
|
-
name: debase
|
|
29
|
-
requirement: !ruby/object:Gem::Requirement
|
|
30
|
-
requirements:
|
|
31
|
-
- - '='
|
|
32
|
-
- !ruby/object:Gem::Version
|
|
33
|
-
version: 0.2.3
|
|
34
|
-
type: :development
|
|
35
|
-
prerelease: false
|
|
36
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
37
|
-
requirements:
|
|
38
|
-
- - '='
|
|
39
|
-
- !ruby/object:Gem::Version
|
|
40
|
-
version: 0.2.3
|
|
41
|
-
- !ruby/object:Gem::Dependency
|
|
42
|
-
name: debase-ruby_core_source
|
|
43
|
-
requirement: !ruby/object:Gem::Requirement
|
|
44
|
-
requirements:
|
|
45
|
-
- - '='
|
|
46
|
-
- !ruby/object:Gem::Version
|
|
47
|
-
version: 0.10.16
|
|
48
|
-
type: :development
|
|
49
|
-
prerelease: false
|
|
50
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
51
|
-
requirements:
|
|
52
|
-
- - '='
|
|
53
|
-
- !ruby/object:Gem::Version
|
|
54
|
-
version: 0.10.16
|
|
26
|
+
version: 0.214.0
|
|
55
27
|
- !ruby/object:Gem::Dependency
|
|
56
28
|
name: debug
|
|
57
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -86,14 +58,14 @@ dependencies:
|
|
|
86
58
|
requirements:
|
|
87
59
|
- - "~>"
|
|
88
60
|
- !ruby/object:Gem::Version
|
|
89
|
-
version:
|
|
61
|
+
version: 4.0.0
|
|
90
62
|
type: :development
|
|
91
63
|
prerelease: false
|
|
92
64
|
version_requirements: !ruby/object:Gem::Requirement
|
|
93
65
|
requirements:
|
|
94
66
|
- - "~>"
|
|
95
67
|
- !ruby/object:Gem::Version
|
|
96
|
-
version:
|
|
68
|
+
version: 4.0.0
|
|
97
69
|
- !ruby/object:Gem::Dependency
|
|
98
70
|
name: rake
|
|
99
71
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -142,42 +114,28 @@ dependencies:
|
|
|
142
114
|
requirements:
|
|
143
115
|
- - "~>"
|
|
144
116
|
- !ruby/object:Gem::Version
|
|
145
|
-
version: 1.
|
|
117
|
+
version: 1.39.0
|
|
146
118
|
type: :development
|
|
147
119
|
prerelease: false
|
|
148
120
|
version_requirements: !ruby/object:Gem::Requirement
|
|
149
121
|
requirements:
|
|
150
122
|
- - "~>"
|
|
151
123
|
- !ruby/object:Gem::Version
|
|
152
|
-
version: 1.
|
|
124
|
+
version: 1.39.0
|
|
153
125
|
- !ruby/object:Gem::Dependency
|
|
154
126
|
name: rubocop-performance
|
|
155
127
|
requirement: !ruby/object:Gem::Requirement
|
|
156
128
|
requirements:
|
|
157
129
|
- - "~>"
|
|
158
130
|
- !ruby/object:Gem::Version
|
|
159
|
-
version: 1.
|
|
160
|
-
type: :development
|
|
161
|
-
prerelease: false
|
|
162
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
163
|
-
requirements:
|
|
164
|
-
- - "~>"
|
|
165
|
-
- !ruby/object:Gem::Version
|
|
166
|
-
version: 1.14.2
|
|
167
|
-
- !ruby/object:Gem::Dependency
|
|
168
|
-
name: ruby-debug-ide
|
|
169
|
-
requirement: !ruby/object:Gem::Requirement
|
|
170
|
-
requirements:
|
|
171
|
-
- - "~>"
|
|
172
|
-
- !ruby/object:Gem::Version
|
|
173
|
-
version: 0.7.3
|
|
131
|
+
version: 1.15.0
|
|
174
132
|
type: :development
|
|
175
133
|
prerelease: false
|
|
176
134
|
version_requirements: !ruby/object:Gem::Requirement
|
|
177
135
|
requirements:
|
|
178
136
|
- - "~>"
|
|
179
137
|
- !ruby/object:Gem::Version
|
|
180
|
-
version:
|
|
138
|
+
version: 1.15.0
|
|
181
139
|
- !ruby/object:Gem::Dependency
|
|
182
140
|
name: simplecov
|
|
183
141
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -279,14 +237,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
279
237
|
requirements:
|
|
280
238
|
- - ">="
|
|
281
239
|
- !ruby/object:Gem::Version
|
|
282
|
-
version:
|
|
240
|
+
version: 3.1.0
|
|
283
241
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
284
242
|
requirements:
|
|
285
243
|
- - ">="
|
|
286
244
|
- !ruby/object:Gem::Version
|
|
287
|
-
version:
|
|
245
|
+
version: 3.1.0
|
|
288
246
|
requirements: []
|
|
289
|
-
rubygems_version: 3.
|
|
247
|
+
rubygems_version: 3.3.7
|
|
290
248
|
signing_key:
|
|
291
249
|
specification_version: 4
|
|
292
250
|
summary: Terraform support for dependabot
|