dependabot-terraform 0.378.0 → 0.380.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/terraform/registry_client.rb +21 -4
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a63c9f154ae0ee26e035747e644c7fc02416c08354927708bc9879f8c6767bbc
|
|
4
|
+
data.tar.gz: 70145b36e1792566bd62c654342ad50023191ad96eda587eab85816e3e36ca0a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 46506d23ea7f792af0caedb59a8cf17b1275d83347db354982db7cb27f819cb7b06a1c34535e4725c70b99d2cb32f4bb0787dbcff6968c86085098dfdc71b553
|
|
7
|
+
data.tar.gz: 6647bbee58a30d77c488f2ea3e6c8d3af947b977c24ee24206eb8daf96050d6af1e81d851e7e0c5df2eea194a6444755fef38eb8163adc58c355ed66b6e6df3c
|
|
@@ -21,6 +21,10 @@ module Dependabot
|
|
|
21
21
|
T::Array[String]
|
|
22
22
|
)
|
|
23
23
|
PUBLIC_HOSTNAME = "registry.terraform.io"
|
|
24
|
+
CERTIFICATE_ERROR_KEYWORDS = T.let(
|
|
25
|
+
%w(certificate SSL x509 verify).freeze,
|
|
26
|
+
T::Array[String]
|
|
27
|
+
)
|
|
24
28
|
|
|
25
29
|
sig { params(hostname: String, credentials: T::Array[Dependabot::Credential]).void }
|
|
26
30
|
def initialize(hostname: PUBLIC_HOSTNAME, credentials: [])
|
|
@@ -176,10 +180,14 @@ module Dependabot
|
|
|
176
180
|
@services ||= T.let(
|
|
177
181
|
begin
|
|
178
182
|
response = http_get(url_for("/.well-known/terraform.json"))
|
|
179
|
-
if response.status == 200
|
|
180
|
-
JSON.parse(response.body)
|
|
181
|
-
|
|
183
|
+
if response.status == 200
|
|
184
|
+
response.body.empty? ? {} : JSON.parse(response.body)
|
|
185
|
+
elsif response.status == 404
|
|
182
186
|
{}
|
|
187
|
+
elsif response.status == 401
|
|
188
|
+
raise PrivateSourceAuthenticationFailure, hostname
|
|
189
|
+
else
|
|
190
|
+
raise PrivateSourceBadResponse, hostname
|
|
183
191
|
end
|
|
184
192
|
rescue JSON::ParserError => e
|
|
185
193
|
Dependabot.logger.warn("Failed to parse Terraform registry services: #{e.message}")
|
|
@@ -207,7 +215,11 @@ module Dependabot
|
|
|
207
215
|
url: url.to_s,
|
|
208
216
|
headers: headers_for(hostname)
|
|
209
217
|
)
|
|
210
|
-
rescue Excon::Error::Socket
|
|
218
|
+
rescue Excon::Error::Socket => e
|
|
219
|
+
raise PrivateSourceCertificateFailure, hostname if certificate_error?(e.message)
|
|
220
|
+
|
|
221
|
+
raise PrivateSourceBadResponse, hostname
|
|
222
|
+
rescue Excon::Error::Timeout
|
|
211
223
|
raise PrivateSourceBadResponse, hostname
|
|
212
224
|
end
|
|
213
225
|
|
|
@@ -240,6 +252,11 @@ module Dependabot
|
|
|
240
252
|
def error(message)
|
|
241
253
|
Dependabot::DependabotError.new(message)
|
|
242
254
|
end
|
|
255
|
+
|
|
256
|
+
sig { params(message: String).returns(T::Boolean) }
|
|
257
|
+
def certificate_error?(message)
|
|
258
|
+
CERTIFICATE_ERROR_KEYWORDS.any? { |keyword| message.include?(keyword) }
|
|
259
|
+
end
|
|
243
260
|
end
|
|
244
261
|
end
|
|
245
262
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-terraform
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.380.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.380.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.380.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: debug
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -263,7 +263,7 @@ licenses:
|
|
|
263
263
|
- MIT
|
|
264
264
|
metadata:
|
|
265
265
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
266
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
266
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.380.0
|
|
267
267
|
rdoc_options: []
|
|
268
268
|
require_paths:
|
|
269
269
|
- lib
|