dependabot-terraform 0.221.0 → 0.223.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9e9f38b65648ee780d0bdc90d8780bd5b6c3bdf6e047253887cc96e95cc612ac
-  data.tar.gz: 54de1274d6091f433c240f584caff03082aad9854188dacec53c9964fba335d2
+  metadata.gz: f32719a4c6d6c1d5861998b0a6bb7174906ef8c0d7c921e0fb2bf6554ebe7c12
+  data.tar.gz: 8cca6f8e43aa766ce636b924d68ff063786aa20f049fab003671f3a7dd75bc4f
 SHA512:
-  metadata.gz: 9e47fa030d2edc560155ec51f9aa7b6f40f9077680a106b237c3fc4623c091812142fc486bbebfbde059e29ee550f21c11ed98c61359f9aa1df2d874d8c3cc97
-  data.tar.gz: aef7c4207120ab5785e4875a63d06e70ea5f962e41a824f5bb1584ea4b72a5c202d86e6373c874a5606c5bb9a62f868000f0f2f8aaee6554b1753d9e002e5a8a
+  metadata.gz: 36987323b03b92c1249cfb4d326ae750a7fe2fdccb681f7ff934228224d821c1c47eb863913f9b4e9035e330092317d0bdec0aa752b11662338abcae380e0c72
+  data.tar.gz: d3b8803c5347aae404699f60a9faa7044f49eface32945d7a728c5cc09b26aa813d4b02ad29ce5ec35fd42c0fb9039a04e743b5fa62d002d9719b964254b5dde

data/lib/dependabot/terraform/file_parser.rb

@@ -68,7 +68,11 @@ module Dependabot
           modules.each do |details|
             next unless details["source"]
 
-            dependency_set << build_terragrunt_dependency(file, details)
+            source = source_from(details)
+            # Cannot update nil (interpolation sources) or local path modules, skip
+            next if source.nil? || source[:type] == "path"
+
+            dependency_set << build_terragrunt_dependency(file, source)
           end
         end
       end
@@ -141,15 +145,8 @@ module Dependabot
         details.is_a?(String)
       end
 
-      def build_terragrunt_dependency(file, details)
-        source = source_from(details)
-        dep_name =
-          if Source.from_url(source[:url])
-            Source.from_url(source[:url]).repo
-          else
-            source[:url]
-          end
-
+      def build_terragrunt_dependency(file, source)
+        dep_name = Source.from_url(source[:url]) ? Source.from_url(source[:url]).repo : source[:url]
         version = version_from_ref(source[:ref])
 
         Dependency.new(
@@ -178,6 +175,8 @@ module Dependabot
             git_source_details_from(bare_source)
           when :registry
             registry_source_details_from(bare_source)
+          when :interpolation
+            return nil
           end
 
         source_details[:proxy_url] = raw_source if raw_source != bare_source
@@ -261,6 +260,7 @@ module Dependabot
 
       # rubocop:disable Metrics/PerceivedComplexity
       def source_type(source_string)
+        return :interpolation if source_string.include?("${")
         return :path if source_string.start_with?(".")
         return :github if source_string.start_with?("github.com/")
         return :bitbucket if source_string.start_with?("bitbucket.org/")

data/lib/dependabot/terraform/metadata_finder.rb

@@ -21,13 +21,7 @@ module Dependabot
       end
 
       def new_source_type
-        sources =
-          dependency.requirements.map { |r| r.fetch(:source) }.uniq.compact
-
-        return "default" if sources.empty?
-        raise "Multiple sources! #{sources.join(', ')}" if sources.count > 1
-
-        sources.first[:type] || sources.first.fetch("type")
+        dependency.source_type
       end
 
       def find_source_from_git_url

data/lib/dependabot/terraform/requirement.rb

@@ -11,7 +11,7 @@ module Dependabot
       # optional 'v' prefix to release tag names, which Terraform supports.
       # https://www.terraform.io/docs/registry/modules/publish.html#requirements
       OPERATORS = OPS.keys.map { |key| Regexp.quote(key) }.join("|").freeze
-      PATTERN_RAW = "\\s*(#{OPERATORS})?\\s*v?(#{Gem::Version::VERSION_PATTERN})\\s*"
+      PATTERN_RAW = "\\s*(#{OPERATORS})?\\s*v?(#{Gem::Version::VERSION_PATTERN})\\s*".freeze
       PATTERN = /\A#{PATTERN_RAW}\z/
 
       def self.parse(obj)

data/lib/dependabot/terraform/update_checker.rb

@@ -169,11 +169,7 @@ module Dependabot
       end
 
       def dependency_source_details
-        sources = eligible_sources_from(dependency.requirements)
-
-        raise "Multiple sources! #{sources.join(', ')}" if sources.count > 1
-
-        sources.first
+        dependency.source_details(allowed_types: ELIGIBLE_SOURCE_TYPES)
       end
 
       def git_dependency?
@@ -189,13 +185,6 @@ module Dependabot
             raise_on_ignored: raise_on_ignored
           )
       end
-
-      def eligible_sources_from(requirements)
-        requirements.
-          map { |r| r.fetch(:source) }.
-          select { |source| ELIGIBLE_SOURCE_TYPES.include?(source[:type].to_s) }.
-          uniq.compact
-      end
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-terraform
 version: !ruby/object:Gem::Version
-  version: 0.221.0
+  version: 0.223.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-07-13 00:00:00.000000000 Z
+date: 2023-07-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.221.0
+        version: 0.223.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.221.0
+        version: 0.223.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -203,7 +203,7 @@ licenses:
 - Nonstandard
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.221.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.223.0
 post_install_message: 
 rdoc_options: []
 require_paths: