dependabot-terraform 0.290.0 → 0.292.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ea8dd2b8dfd9dd4c5ca512460b767a13581c284a9bbaa00d2de61fad786d38f6
|
4
|
+
data.tar.gz: d5f71eed2c306f2e6e260703bde77e71f8974bff141cdffa72d1d0df19a03a7d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 216e1e748db7d1b8ff96d9eef941b17603f8d1c99e46e2405deeaa4beb49a3159f3867a5693be1fdbfca1e496b12cc8a8cd1f8e2026bd8c1667cb2c1e1ad28a2
|
7
|
+
data.tar.gz: 7b8ef4ec193376ef6cf5a6f38221fa964c2d42ae2aa3f562948406ed0a2988da730b7ba48939e0bac42bebd3d3ebad330ca29b1048e044c7583cf4ab74166708
|
@@ -58,6 +58,14 @@ module Dependabot
|
|
58
58
|
def parse_terraform_files(dependency_set)
|
59
59
|
terraform_files.each do |file|
|
60
60
|
modules = parsed_file(file).fetch("module", {})
|
61
|
+
# If override.tf files are present, we need to merge the modules
|
62
|
+
if override_terraform_files.any?
|
63
|
+
override_terraform_files.each do |override_file|
|
64
|
+
override_modules = parsed_file(override_file).fetch("module", {})
|
65
|
+
modules = merge_modules(override_modules, modules)
|
66
|
+
end
|
67
|
+
end
|
68
|
+
|
61
69
|
modules.each do |name, details|
|
62
70
|
details = details.first
|
63
71
|
|
@@ -11,6 +11,9 @@ module Dependabot
|
|
11
11
|
extend T::Sig
|
12
12
|
extend T::Helpers
|
13
13
|
|
14
|
+
TF_EXTENSION = ".tf"
|
15
|
+
OVERRIDE_TF_EXTENSION = "override.tf"
|
16
|
+
|
14
17
|
abstract!
|
15
18
|
|
16
19
|
sig { abstract.returns(T::Array[Dependabot::DependencyFile]) }
|
@@ -22,7 +25,12 @@ module Dependabot
|
|
22
25
|
|
23
26
|
sig { returns(T::Array[Dependabot::DependencyFile]) }
|
24
27
|
def terraform_files
|
25
|
-
dependency_files.select { |f| f.name.end_with?(
|
28
|
+
dependency_files.select { |f| f.name.end_with?(TF_EXTENSION) && !f.name.end_with?(OVERRIDE_TF_EXTENSION) }
|
29
|
+
end
|
30
|
+
|
31
|
+
sig { returns(T::Array[Dependabot::DependencyFile]) }
|
32
|
+
def override_terraform_files
|
33
|
+
dependency_files.select { |f| f.name.end_with?(OVERRIDE_TF_EXTENSION) }
|
26
34
|
end
|
27
35
|
|
28
36
|
sig { returns(T::Array[Dependabot::DependencyFile]) }
|
@@ -34,6 +42,32 @@ module Dependabot
|
|
34
42
|
def lockfile
|
35
43
|
dependency_files.find { |f| lockfile?(f.name) }
|
36
44
|
end
|
45
|
+
|
46
|
+
sig do
|
47
|
+
params(modules: T::Hash[String, T::Array[T::Hash[String, T.untyped]]],
|
48
|
+
base_modules: T::Hash[String,
|
49
|
+
T::Array[T::Hash[String,
|
50
|
+
T.untyped]]])
|
51
|
+
.returns(T::Hash[String,
|
52
|
+
T::Array[T::Hash[String,
|
53
|
+
T.untyped]]])
|
54
|
+
end
|
55
|
+
def merge_modules(modules, base_modules)
|
56
|
+
merged_modules = base_modules.dup
|
57
|
+
|
58
|
+
modules.each do |key, value|
|
59
|
+
merged_modules[key] =
|
60
|
+
if merged_modules.key?(key)
|
61
|
+
T.must(merged_modules[key]).map do |base_value|
|
62
|
+
base_value.merge(T.must(value.first))
|
63
|
+
end
|
64
|
+
else
|
65
|
+
value
|
66
|
+
end
|
67
|
+
end
|
68
|
+
|
69
|
+
merged_modules
|
70
|
+
end
|
37
71
|
end
|
38
72
|
end
|
39
73
|
end
|
@@ -20,10 +20,10 @@ module Dependabot
|
|
20
20
|
sig { params(raw_version: String).void }
|
21
21
|
def initialize(raw_version)
|
22
22
|
super(
|
23
|
-
PACKAGE_MANAGER,
|
24
|
-
Version.new(raw_version),
|
25
|
-
DEPRECATED_TERRAFORM_VERSIONS,
|
26
|
-
SUPPORTED_TERRAFORM_VERSIONS
|
23
|
+
name: PACKAGE_MANAGER,
|
24
|
+
version: Version.new(raw_version),
|
25
|
+
deprecated_versions: DEPRECATED_TERRAFORM_VERSIONS,
|
26
|
+
supported_versions: SUPPORTED_TERRAFORM_VERSIONS
|
27
27
|
)
|
28
28
|
end
|
29
29
|
|
@@ -190,17 +190,20 @@ module Dependabot
|
|
190
190
|
op, version = requirement.requirements.first
|
191
191
|
version = version.release if version.prerelease?
|
192
192
|
|
193
|
-
|
194
|
-
|
195
|
-
|
196
|
-
|
197
|
-
if index < index_to_update
|
193
|
+
# When 'less than'/'<',
|
194
|
+
# increment the last available segment only so that the new version is within the constraint
|
195
|
+
if op == "<"
|
196
|
+
new_segments = version.segments.map.with_index do |_, index|
|
198
197
|
version_to_be_permitted.segments[index]
|
199
|
-
elsif index == index_to_update
|
200
|
-
version_to_be_permitted.segments[index].to_i + 1
|
201
|
-
else
|
202
|
-
0
|
203
198
|
end
|
199
|
+
new_segments[-1] += 1
|
200
|
+
# When 'less-than/equal'/'<=', use the new version as-is even when previously set as a non-semver version
|
201
|
+
# Terraform treats shortened versions the same as a version with any remaining segments as 0
|
202
|
+
# Example: '0.2' is treated as '0.2.0' | '1' is treated as '1.0.0'
|
203
|
+
elsif op == "<="
|
204
|
+
new_segments = version_to_be_permitted.segments
|
205
|
+
else
|
206
|
+
raise "Unexpected operation: #{op}"
|
204
207
|
end
|
205
208
|
|
206
209
|
requirement_class.new("#{op} #{new_segments.join('.')}")
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-terraform
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.292.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2025-01-09 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.292.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.292.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -261,7 +261,7 @@ licenses:
|
|
261
261
|
- MIT
|
262
262
|
metadata:
|
263
263
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
264
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
264
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.292.0
|
265
265
|
post_install_message:
|
266
266
|
rdoc_options: []
|
267
267
|
require_paths:
|
@@ -277,7 +277,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
277
277
|
- !ruby/object:Gem::Version
|
278
278
|
version: 3.1.0
|
279
279
|
requirements: []
|
280
|
-
rubygems_version: 3.5.
|
280
|
+
rubygems_version: 3.5.22
|
281
281
|
signing_key:
|
282
282
|
specification_version: 4
|
283
283
|
summary: Provides Dependabot support for Terraform
|