dependabot-terraform 0.212.0 → 0.213.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ea09f7b5541cb5d4312fc3a71c476238017f1a581fa310e81101e34cf394ad35
|
|
4
|
+
data.tar.gz: c8ba129b49830caf26533b356c5753ff96822d5a7ca25427de53885fc0fd908d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6078a25195ced921328ca94c4e26a6d7dcdb6e9e9b6435fdf4f5ffa4513376fbd9c0dc41accfc945a8f242db4a63dd2f8413f32fb61913eff8d0308ff9728542
|
|
7
|
+
data.tar.gz: b073da62d0f06cedaef1867b2f589d434bb265dd6a22507c654d7638182010c98b00dd788bd5d0d1dc1dae0dd6bb38806c115b1648174194af74dd851ddafabf
|
|
@@ -10,7 +10,7 @@ module Dependabot
|
|
|
10
10
|
include FileSelector
|
|
11
11
|
|
|
12
12
|
# https://www.terraform.io/docs/language/modules/sources.html#local-paths
|
|
13
|
-
LOCAL_PATH_SOURCE = %r{source\s*=\s*['"](?<path>..?\/[^'"]+)}
|
|
13
|
+
LOCAL_PATH_SOURCE = %r{source\s*=\s*['"](?<path>..?\/[^'"]+)}
|
|
14
14
|
|
|
15
15
|
def self.required_files_in?(filenames)
|
|
16
16
|
filenames.any? { |f| f.end_with?(".tf", ".hcl") }
|
|
@@ -24,7 +24,7 @@ module Dependabot
|
|
|
24
24
|
DEFAULT_REGISTRY = "registry.terraform.io"
|
|
25
25
|
DEFAULT_NAMESPACE = "hashicorp"
|
|
26
26
|
# https://www.terraform.io/docs/language/providers/requirements.html#source-addresses
|
|
27
|
-
PROVIDER_SOURCE_ADDRESS = %r{\A((?<hostname>.+)/)?(?<namespace>.+)/(?<name>.+)\z}
|
|
27
|
+
PROVIDER_SOURCE_ADDRESS = %r{\A((?<hostname>.+)/)?(?<namespace>.+)/(?<name>.+)\z}
|
|
28
28
|
|
|
29
29
|
def parse
|
|
30
30
|
dependency_set = DependencySet.new
|
|
@@ -11,9 +11,9 @@ module Dependabot
|
|
|
11
11
|
class FileUpdater < Dependabot::FileUpdaters::Base
|
|
12
12
|
include FileSelector
|
|
13
13
|
|
|
14
|
-
PRIVATE_MODULE_ERROR = /Could not download module.*code from\n.*\"(?<repo>\S+)\"
|
|
15
|
-
MODULE_NOT_INSTALLED_ERROR = /Module not installed.*module\s*\"(?<mod>\S+)\"/m
|
|
16
|
-
GIT_HTTPS_PREFIX = %r{^git::https://}
|
|
14
|
+
PRIVATE_MODULE_ERROR = /Could not download module.*code from\n.*\"(?<repo>\S+)\":/
|
|
15
|
+
MODULE_NOT_INSTALLED_ERROR = /Module not installed.*module\s*\"(?<mod>\S+)\"/m
|
|
16
|
+
GIT_HTTPS_PREFIX = %r{^git::https://}
|
|
17
17
|
|
|
18
18
|
def self.updated_files_regex
|
|
19
19
|
[/\.tf$/, /\.hcl$/]
|
|
@@ -48,6 +48,30 @@ module Dependabot
|
|
|
48
48
|
|
|
49
49
|
private
|
|
50
50
|
|
|
51
|
+
# Terraform allows to use a module from the same source multiple times
|
|
52
|
+
# To detect any changes in dependencies we need to overwrite an implementation from the base class
|
|
53
|
+
#
|
|
54
|
+
# Example (for simplicity other parameters are skipped):
|
|
55
|
+
# previous_requirements = [{requirement: "0.9.1"}, {requirement: "0.11.0"}]
|
|
56
|
+
# requirements = [{requirement: "0.11.0"}, {requirement: "0.11.0"}]
|
|
57
|
+
#
|
|
58
|
+
# Simple difference between arrays gives:
|
|
59
|
+
# requirements - previous_requirements
|
|
60
|
+
# => []
|
|
61
|
+
# which loses an information that one of our requirements has changed.
|
|
62
|
+
#
|
|
63
|
+
# By using symmetric difference:
|
|
64
|
+
# (requirements - previous_requirements) | (previous_requirements - requirements)
|
|
65
|
+
# => [{requirement: "0.9.1"}]
|
|
66
|
+
# we can detect that change.
|
|
67
|
+
def requirement_changed?(file, dependency)
|
|
68
|
+
changed_requirements =
|
|
69
|
+
(dependency.requirements - dependency.previous_requirements) |
|
|
70
|
+
(dependency.previous_requirements - dependency.requirements)
|
|
71
|
+
|
|
72
|
+
changed_requirements.any? { |f| f[:file] == file.name }
|
|
73
|
+
end
|
|
74
|
+
|
|
51
75
|
def updated_terraform_file_content(file)
|
|
52
76
|
content = file.content.dup
|
|
53
77
|
|
|
@@ -89,7 +113,7 @@ module Dependabot
|
|
|
89
113
|
|
|
90
114
|
def update_registry_declaration(new_req, old_req, updated_content)
|
|
91
115
|
regex = new_req[:source][:type] == "provider" ? provider_declaration_regex : registry_declaration_regex
|
|
92
|
-
updated_content.
|
|
116
|
+
updated_content.gsub!(regex) do |regex_match|
|
|
93
117
|
regex_match.sub(/^\s*version\s*=.*/) do |req_line_match|
|
|
94
118
|
req_line_match.sub(old_req[:requirement], new_req[:requirement])
|
|
95
119
|
end
|
|
@@ -12,7 +12,7 @@ module Dependabot
|
|
|
12
12
|
# https://www.terraform.io/docs/registry/modules/publish.html#requirements
|
|
13
13
|
OPERATORS = OPS.keys.map { |key| Regexp.quote(key) }.join("|").freeze
|
|
14
14
|
PATTERN_RAW = "\\s*(#{OPERATORS})?\\s*v?(#{Gem::Version::VERSION_PATTERN})\\s*"
|
|
15
|
-
PATTERN = /\A#{PATTERN_RAW}\z
|
|
15
|
+
PATTERN = /\A#{PATTERN_RAW}\z/
|
|
16
16
|
|
|
17
17
|
def self.parse(obj)
|
|
18
18
|
return ["=", Version.new(obj.to_s)] if obj.is_a?(Gem::Version)
|
|
@@ -27,7 +27,7 @@ module Dependabot
|
|
|
27
27
|
[matches[1] || "=", Terraform::Version.new(matches[2])]
|
|
28
28
|
end
|
|
29
29
|
|
|
30
|
-
# For consistency with other
|
|
30
|
+
# For consistency with other languages, we define a requirements array.
|
|
31
31
|
# Terraform doesn't have an `OR` separator for requirements, so it
|
|
32
32
|
# always contains a single element.
|
|
33
33
|
def self.requirements_array(requirement_string)
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-terraform
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.213.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-10-31 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,42 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.213.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
27
|
-
- !ruby/object:Gem::Dependency
|
|
28
|
-
name: debase
|
|
29
|
-
requirement: !ruby/object:Gem::Requirement
|
|
30
|
-
requirements:
|
|
31
|
-
- - '='
|
|
32
|
-
- !ruby/object:Gem::Version
|
|
33
|
-
version: 0.2.3
|
|
34
|
-
type: :development
|
|
35
|
-
prerelease: false
|
|
36
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
37
|
-
requirements:
|
|
38
|
-
- - '='
|
|
39
|
-
- !ruby/object:Gem::Version
|
|
40
|
-
version: 0.2.3
|
|
41
|
-
- !ruby/object:Gem::Dependency
|
|
42
|
-
name: debase-ruby_core_source
|
|
43
|
-
requirement: !ruby/object:Gem::Requirement
|
|
44
|
-
requirements:
|
|
45
|
-
- - '='
|
|
46
|
-
- !ruby/object:Gem::Version
|
|
47
|
-
version: 0.10.16
|
|
48
|
-
type: :development
|
|
49
|
-
prerelease: false
|
|
50
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
51
|
-
requirements:
|
|
52
|
-
- - '='
|
|
53
|
-
- !ruby/object:Gem::Version
|
|
54
|
-
version: 0.10.16
|
|
26
|
+
version: 0.213.0
|
|
55
27
|
- !ruby/object:Gem::Dependency
|
|
56
28
|
name: debug
|
|
57
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -86,14 +58,14 @@ dependencies:
|
|
|
86
58
|
requirements:
|
|
87
59
|
- - "~>"
|
|
88
60
|
- !ruby/object:Gem::Version
|
|
89
|
-
version: 3.
|
|
61
|
+
version: 3.13.0
|
|
90
62
|
type: :development
|
|
91
63
|
prerelease: false
|
|
92
64
|
version_requirements: !ruby/object:Gem::Requirement
|
|
93
65
|
requirements:
|
|
94
66
|
- - "~>"
|
|
95
67
|
- !ruby/object:Gem::Version
|
|
96
|
-
version: 3.
|
|
68
|
+
version: 3.13.0
|
|
97
69
|
- !ruby/object:Gem::Dependency
|
|
98
70
|
name: rake
|
|
99
71
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -142,42 +114,28 @@ dependencies:
|
|
|
142
114
|
requirements:
|
|
143
115
|
- - "~>"
|
|
144
116
|
- !ruby/object:Gem::Version
|
|
145
|
-
version: 1.
|
|
117
|
+
version: 1.37.1
|
|
146
118
|
type: :development
|
|
147
119
|
prerelease: false
|
|
148
120
|
version_requirements: !ruby/object:Gem::Requirement
|
|
149
121
|
requirements:
|
|
150
122
|
- - "~>"
|
|
151
123
|
- !ruby/object:Gem::Version
|
|
152
|
-
version: 1.
|
|
124
|
+
version: 1.37.1
|
|
153
125
|
- !ruby/object:Gem::Dependency
|
|
154
126
|
name: rubocop-performance
|
|
155
127
|
requirement: !ruby/object:Gem::Requirement
|
|
156
128
|
requirements:
|
|
157
129
|
- - "~>"
|
|
158
130
|
- !ruby/object:Gem::Version
|
|
159
|
-
version: 1.
|
|
160
|
-
type: :development
|
|
161
|
-
prerelease: false
|
|
162
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
163
|
-
requirements:
|
|
164
|
-
- - "~>"
|
|
165
|
-
- !ruby/object:Gem::Version
|
|
166
|
-
version: 1.14.2
|
|
167
|
-
- !ruby/object:Gem::Dependency
|
|
168
|
-
name: ruby-debug-ide
|
|
169
|
-
requirement: !ruby/object:Gem::Requirement
|
|
170
|
-
requirements:
|
|
171
|
-
- - "~>"
|
|
172
|
-
- !ruby/object:Gem::Version
|
|
173
|
-
version: 0.7.3
|
|
131
|
+
version: 1.15.0
|
|
174
132
|
type: :development
|
|
175
133
|
prerelease: false
|
|
176
134
|
version_requirements: !ruby/object:Gem::Requirement
|
|
177
135
|
requirements:
|
|
178
136
|
- - "~>"
|
|
179
137
|
- !ruby/object:Gem::Version
|
|
180
|
-
version:
|
|
138
|
+
version: 1.15.0
|
|
181
139
|
- !ruby/object:Gem::Dependency
|
|
182
140
|
name: simplecov
|
|
183
141
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -279,14 +237,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
279
237
|
requirements:
|
|
280
238
|
- - ">="
|
|
281
239
|
- !ruby/object:Gem::Version
|
|
282
|
-
version:
|
|
240
|
+
version: 3.1.0
|
|
283
241
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
284
242
|
requirements:
|
|
285
243
|
- - ">="
|
|
286
244
|
- !ruby/object:Gem::Version
|
|
287
|
-
version:
|
|
245
|
+
version: 3.1.0
|
|
288
246
|
requirements: []
|
|
289
|
-
rubygems_version: 3.
|
|
247
|
+
rubygems_version: 3.3.7
|
|
290
248
|
signing_key:
|
|
291
249
|
specification_version: 4
|
|
292
250
|
summary: Terraform support for dependabot
|