dependabot-terraform 0.290.0 → 0.292.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ea8dd2b8dfd9dd4c5ca512460b767a13581c284a9bbaa00d2de61fad786d38f6
|
|
4
|
+
data.tar.gz: d5f71eed2c306f2e6e260703bde77e71f8974bff141cdffa72d1d0df19a03a7d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 216e1e748db7d1b8ff96d9eef941b17603f8d1c99e46e2405deeaa4beb49a3159f3867a5693be1fdbfca1e496b12cc8a8cd1f8e2026bd8c1667cb2c1e1ad28a2
|
|
7
|
+
data.tar.gz: 7b8ef4ec193376ef6cf5a6f38221fa964c2d42ae2aa3f562948406ed0a2988da730b7ba48939e0bac42bebd3d3ebad330ca29b1048e044c7583cf4ab74166708
|
|
@@ -58,6 +58,14 @@ module Dependabot
|
|
|
58
58
|
def parse_terraform_files(dependency_set)
|
|
59
59
|
terraform_files.each do |file|
|
|
60
60
|
modules = parsed_file(file).fetch("module", {})
|
|
61
|
+
# If override.tf files are present, we need to merge the modules
|
|
62
|
+
if override_terraform_files.any?
|
|
63
|
+
override_terraform_files.each do |override_file|
|
|
64
|
+
override_modules = parsed_file(override_file).fetch("module", {})
|
|
65
|
+
modules = merge_modules(override_modules, modules)
|
|
66
|
+
end
|
|
67
|
+
end
|
|
68
|
+
|
|
61
69
|
modules.each do |name, details|
|
|
62
70
|
details = details.first
|
|
63
71
|
|
|
@@ -11,6 +11,9 @@ module Dependabot
|
|
|
11
11
|
extend T::Sig
|
|
12
12
|
extend T::Helpers
|
|
13
13
|
|
|
14
|
+
TF_EXTENSION = ".tf"
|
|
15
|
+
OVERRIDE_TF_EXTENSION = "override.tf"
|
|
16
|
+
|
|
14
17
|
abstract!
|
|
15
18
|
|
|
16
19
|
sig { abstract.returns(T::Array[Dependabot::DependencyFile]) }
|
|
@@ -22,7 +25,12 @@ module Dependabot
|
|
|
22
25
|
|
|
23
26
|
sig { returns(T::Array[Dependabot::DependencyFile]) }
|
|
24
27
|
def terraform_files
|
|
25
|
-
dependency_files.select { |f| f.name.end_with?(
|
|
28
|
+
dependency_files.select { |f| f.name.end_with?(TF_EXTENSION) && !f.name.end_with?(OVERRIDE_TF_EXTENSION) }
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
sig { returns(T::Array[Dependabot::DependencyFile]) }
|
|
32
|
+
def override_terraform_files
|
|
33
|
+
dependency_files.select { |f| f.name.end_with?(OVERRIDE_TF_EXTENSION) }
|
|
26
34
|
end
|
|
27
35
|
|
|
28
36
|
sig { returns(T::Array[Dependabot::DependencyFile]) }
|
|
@@ -34,6 +42,32 @@ module Dependabot
|
|
|
34
42
|
def lockfile
|
|
35
43
|
dependency_files.find { |f| lockfile?(f.name) }
|
|
36
44
|
end
|
|
45
|
+
|
|
46
|
+
sig do
|
|
47
|
+
params(modules: T::Hash[String, T::Array[T::Hash[String, T.untyped]]],
|
|
48
|
+
base_modules: T::Hash[String,
|
|
49
|
+
T::Array[T::Hash[String,
|
|
50
|
+
T.untyped]]])
|
|
51
|
+
.returns(T::Hash[String,
|
|
52
|
+
T::Array[T::Hash[String,
|
|
53
|
+
T.untyped]]])
|
|
54
|
+
end
|
|
55
|
+
def merge_modules(modules, base_modules)
|
|
56
|
+
merged_modules = base_modules.dup
|
|
57
|
+
|
|
58
|
+
modules.each do |key, value|
|
|
59
|
+
merged_modules[key] =
|
|
60
|
+
if merged_modules.key?(key)
|
|
61
|
+
T.must(merged_modules[key]).map do |base_value|
|
|
62
|
+
base_value.merge(T.must(value.first))
|
|
63
|
+
end
|
|
64
|
+
else
|
|
65
|
+
value
|
|
66
|
+
end
|
|
67
|
+
end
|
|
68
|
+
|
|
69
|
+
merged_modules
|
|
70
|
+
end
|
|
37
71
|
end
|
|
38
72
|
end
|
|
39
73
|
end
|
|
@@ -20,10 +20,10 @@ module Dependabot
|
|
|
20
20
|
sig { params(raw_version: String).void }
|
|
21
21
|
def initialize(raw_version)
|
|
22
22
|
super(
|
|
23
|
-
PACKAGE_MANAGER,
|
|
24
|
-
Version.new(raw_version),
|
|
25
|
-
DEPRECATED_TERRAFORM_VERSIONS,
|
|
26
|
-
SUPPORTED_TERRAFORM_VERSIONS
|
|
23
|
+
name: PACKAGE_MANAGER,
|
|
24
|
+
version: Version.new(raw_version),
|
|
25
|
+
deprecated_versions: DEPRECATED_TERRAFORM_VERSIONS,
|
|
26
|
+
supported_versions: SUPPORTED_TERRAFORM_VERSIONS
|
|
27
27
|
)
|
|
28
28
|
end
|
|
29
29
|
|
|
@@ -190,17 +190,20 @@ module Dependabot
|
|
|
190
190
|
op, version = requirement.requirements.first
|
|
191
191
|
version = version.release if version.prerelease?
|
|
192
192
|
|
|
193
|
-
|
|
194
|
-
|
|
195
|
-
|
|
196
|
-
|
|
197
|
-
if index < index_to_update
|
|
193
|
+
# When 'less than'/'<',
|
|
194
|
+
# increment the last available segment only so that the new version is within the constraint
|
|
195
|
+
if op == "<"
|
|
196
|
+
new_segments = version.segments.map.with_index do |_, index|
|
|
198
197
|
version_to_be_permitted.segments[index]
|
|
199
|
-
elsif index == index_to_update
|
|
200
|
-
version_to_be_permitted.segments[index].to_i + 1
|
|
201
|
-
else
|
|
202
|
-
0
|
|
203
198
|
end
|
|
199
|
+
new_segments[-1] += 1
|
|
200
|
+
# When 'less-than/equal'/'<=', use the new version as-is even when previously set as a non-semver version
|
|
201
|
+
# Terraform treats shortened versions the same as a version with any remaining segments as 0
|
|
202
|
+
# Example: '0.2' is treated as '0.2.0' | '1' is treated as '1.0.0'
|
|
203
|
+
elsif op == "<="
|
|
204
|
+
new_segments = version_to_be_permitted.segments
|
|
205
|
+
else
|
|
206
|
+
raise "Unexpected operation: #{op}"
|
|
204
207
|
end
|
|
205
208
|
|
|
206
209
|
requirement_class.new("#{op} #{new_segments.join('.')}")
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-terraform
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.292.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2025-01-09 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.292.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.292.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -261,7 +261,7 @@ licenses:
|
|
|
261
261
|
- MIT
|
|
262
262
|
metadata:
|
|
263
263
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
264
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
264
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.292.0
|
|
265
265
|
post_install_message:
|
|
266
266
|
rdoc_options: []
|
|
267
267
|
require_paths:
|
|
@@ -277,7 +277,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
277
277
|
- !ruby/object:Gem::Version
|
|
278
278
|
version: 3.1.0
|
|
279
279
|
requirements: []
|
|
280
|
-
rubygems_version: 3.5.
|
|
280
|
+
rubygems_version: 3.5.22
|
|
281
281
|
signing_key:
|
|
282
282
|
specification_version: 4
|
|
283
283
|
summary: Provides Dependabot support for Terraform
|