RubyGems - dependabot-terraform - Versions diffs - 0.355.0 → 0.356.0 - Mend

dependabot-terraform 0.355.0 → 0.356.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

checksums.yaml +4 -4
data/lib/dependabot/terraform/file_fetcher.rb +3 -2
data/lib/dependabot/terraform/file_parser.rb +19 -15
metadata +4 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 497ab4c2e4b30eca7ed11e7b9c15090b2f29d69f0b67d5ef9286b35f891c5f10
-  data.tar.gz: 710c33ab898506ed3eb251c37e7fcdc6051dc591a159b8d80ae488242d8ff80f
+  metadata.gz: 485f0c51697c444294035390f365f8a66637ad10ed5886aa74ff24cecf6199a2
+  data.tar.gz: 232bfe93f311d7719bb1d83d1e512e27d2227cd986715b97f52ed7a48f1701a7
 SHA512:
-  metadata.gz: b6f8678f63d5ca935a26eb1d3cd4fc3d627af53960acf7c6516a269c1be709367a484db12d27b74906bfa81f106bf78c502cadd4a13a68934fa8348556eaef04
-  data.tar.gz: 14a51b3141578046624ee83be558dc3865e6ef98b90d31a2d268f4e469a8c513e59146fee9e94482c0f705cbe0fa1f39da135013011efd32b7b7224757b25262
+  metadata.gz: 857fd141f3e8a1ed8911e740c702e80dc36b554262ff461c1ce8f5462a3eb2e162e0b740ea87e01f7b4ba8a2284c3c780a117fca979d8adbd2585273abcb40a4
+  data.tar.gz: 5bb77bfc5bf25f604ed305cdd23be83d8c0d4ff98bd69b42b80b91214bfe48f4bdae154fd36c5ef0ab493507e6b0095a981e82f796c0e9f440521e46596f7e25

data/lib/dependabot/terraform/file_fetcher.rb CHANGED Viewed

@@ -94,8 +94,9 @@ module Dependabot
           end
         end
-        # NOTE: The `support_file` attribute is not used but we set this to
-        # match what we do in other ecosystems
+        # NOTE: Mark local module files as support files. The FileParser will
+        # still parse provider requirements from these files, but will skip
+        # module declarations (since we can't update local path modules)
         terraform_files.tap { |fs| fs.each { |f| f.support_file = true } }
       end

data/lib/dependabot/terraform/file_parser.rb CHANGED Viewed

@@ -61,27 +61,31 @@ module Dependabot
       sig { params(dependency_set: Dependabot::FileParsers::Base::DependencySet).void }
       def parse_terraform_files(dependency_set)
         terraform_files.each do |file|
-          next if file.support_file?
-          modules = parsed_file(file).fetch("module", {})
-          # If override.tf files are present, we need to merge the modules
-          if override_terraform_files.any?
-            override_terraform_files.each do |override_file|
-              override_modules = parsed_file(override_file).fetch("module", {})
-              modules = merge_modules(override_modules, modules)
+          # Process module declarations only for non-support files
+          # (we can't update local path modules in support files)
+          unless file.support_file?
+            modules = parsed_file(file).fetch("module", {})
+            # If override.tf files are present, we need to merge the modules
+            if override_terraform_files.any?
+              override_terraform_files.each do |override_file|
+                override_modules = parsed_file(override_file).fetch("module", {})
+                modules = merge_modules(override_modules, modules)
+              end
             end
-          end
-          modules.each do |name, details|
-            details = details.first
+            modules.each do |name, details|
+              details = details.first
-            source = source_from(details)
-            # Cannot update local path modules, skip
-            next if source && source[:type] == "path"
+              source = source_from(details)
+              # Cannot update local path modules, skip
+              next if source && source[:type] == "path"
-            dependency_set << build_terraform_dependency(file, name, T.must(source), details)
+              dependency_set << build_terraform_dependency(file, name, T.must(source), details)
+            end
           end
+          # Always process provider requirements, even in support files
+          # (nested local modules can have their own provider requirements)
           parsed_file(file).fetch("terraform", []).each do |terraform|
             required_providers = terraform.fetch("required_providers", {})
             required_providers.each do |provider|

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-terraform
 version: !ruby/object:Gem::Version
-  version: 0.355.0
+  version: 0.356.0
 platform: ruby
 authors:
 - Dependabot
@@ -15,14 +15,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.355.0
+        version: 0.356.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.355.0
+        version: 0.356.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -262,7 +262,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.355.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.356.0
 rdoc_options: []
 require_paths:
 - lib