dependabot-terraform 0.238.0 → 0.239.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/helpers/build +1 -1
- data/lib/dependabot/terraform/file_fetcher.rb +4 -4
- data/lib/dependabot/terraform/file_parser.rb +5 -5
- data/lib/dependabot/terraform/file_selector.rb +4 -4
- data/lib/dependabot/terraform/file_updater.rb +4 -4
- data/lib/dependabot/terraform/requirement.rb +5 -1
- metadata +7 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 0fc372ab0339341103308ddb84e56c94d147c1e7c1ff776722ab5b86d41a6a8c
|
|
4
|
+
data.tar.gz: 25bbf1dedb8b95cd8c13750da572437ae206e748afdd9cee948aaee6bca7a42a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: cf73ed34fc35157ec759d747bbdd676250970e45139e751de4f79f23cd61abb982fa78db5bb83ca883dfd0003e918bdb28a75a98ea987cd6fc1bf037dd5098f1
|
|
7
|
+
data.tar.gz: 4de0c5e257d190b4fa97fd31ba791732697324b2c076e01009672b3b4dc1048719d6786b5e4937808fdc477c95a13a156a75e5d26f83cc9251b434b31cfc808e
|
data/helpers/build
CHANGED
|
@@ -31,7 +31,7 @@ module Dependabot
|
|
|
31
31
|
fetched_files += terraform_files
|
|
32
32
|
fetched_files += terragrunt_files
|
|
33
33
|
fetched_files += local_path_module_files(terraform_files)
|
|
34
|
-
fetched_files += [
|
|
34
|
+
fetched_files += [lockfile] if lockfile
|
|
35
35
|
|
|
36
36
|
return fetched_files if fetched_files.any?
|
|
37
37
|
|
|
@@ -86,10 +86,10 @@ module Dependabot
|
|
|
86
86
|
end
|
|
87
87
|
end
|
|
88
88
|
|
|
89
|
-
def
|
|
90
|
-
return @
|
|
89
|
+
def lockfile
|
|
90
|
+
return @lockfile if defined?(@lockfile)
|
|
91
91
|
|
|
92
|
-
@
|
|
92
|
+
@lockfile = fetch_file_if_present(".terraform.lock.hcl")
|
|
93
93
|
end
|
|
94
94
|
end
|
|
95
95
|
end
|
|
@@ -359,17 +359,17 @@ module Dependabot
|
|
|
359
359
|
def determine_version_for(hostname, namespace, name, constraint)
|
|
360
360
|
return constraint if constraint&.match?(/\A\d/)
|
|
361
361
|
|
|
362
|
-
|
|
362
|
+
lockfile_content
|
|
363
363
|
.dig("provider", "#{hostname}/#{namespace}/#{name}", 0, "version")
|
|
364
364
|
end
|
|
365
365
|
|
|
366
|
-
def
|
|
367
|
-
@
|
|
366
|
+
def lockfile_content
|
|
367
|
+
@lockfile_content ||=
|
|
368
368
|
begin
|
|
369
|
-
|
|
369
|
+
lockfile = dependency_files.find do |file|
|
|
370
370
|
file.name == ".terraform.lock.hcl"
|
|
371
371
|
end
|
|
372
|
-
|
|
372
|
+
lockfile ? parsed_file(lockfile) : {}
|
|
373
373
|
end
|
|
374
374
|
end
|
|
375
375
|
end
|
|
@@ -13,14 +13,14 @@ module FileSelector
|
|
|
13
13
|
end
|
|
14
14
|
|
|
15
15
|
def terragrunt_file?(file_name)
|
|
16
|
-
!
|
|
16
|
+
!lockfile?(file_name) && file_name.end_with?(".hcl")
|
|
17
17
|
end
|
|
18
18
|
|
|
19
|
-
def
|
|
19
|
+
def lockfile?(filename)
|
|
20
20
|
filename == ".terraform.lock.hcl"
|
|
21
21
|
end
|
|
22
22
|
|
|
23
|
-
def
|
|
24
|
-
dependency_files.find { |f|
|
|
23
|
+
def lockfile
|
|
24
|
+
dependency_files.find { |f| lockfile?(f.name) }
|
|
25
25
|
end
|
|
26
26
|
end
|
|
@@ -36,8 +36,8 @@ module Dependabot
|
|
|
36
36
|
end
|
|
37
37
|
updated_lockfile_content = update_lockfile_declaration(updated_files)
|
|
38
38
|
|
|
39
|
-
if updated_lockfile_content &&
|
|
40
|
-
updated_files << updated_file(file:
|
|
39
|
+
if updated_lockfile_content && lockfile.content != updated_lockfile_content
|
|
40
|
+
updated_files << updated_file(file: lockfile, content: updated_lockfile_content)
|
|
41
41
|
end
|
|
42
42
|
|
|
43
43
|
updated_files.compact!
|
|
@@ -138,7 +138,7 @@ module Dependabot
|
|
|
138
138
|
end
|
|
139
139
|
|
|
140
140
|
def lockfile_details(new_req)
|
|
141
|
-
content =
|
|
141
|
+
content = lockfile.content.dup
|
|
142
142
|
provider_source = new_req[:source][:registry_hostname] + "/" + new_req[:source][:module_identifier]
|
|
143
143
|
declaration_regex = lockfile_declaration_regex(provider_source)
|
|
144
144
|
|
|
@@ -217,7 +217,7 @@ module Dependabot
|
|
|
217
217
|
end
|
|
218
218
|
|
|
219
219
|
def update_lockfile_declaration(updated_manifest_files) # rubocop:disable Metrics/AbcSize, Metrics/PerceivedComplexity
|
|
220
|
-
return if
|
|
220
|
+
return if lockfile.nil?
|
|
221
221
|
|
|
222
222
|
new_req = dependency.requirements.first
|
|
223
223
|
# NOTE: Only providers are inlcuded in the lockfile, modules are not
|
|
@@ -1,13 +1,16 @@
|
|
|
1
1
|
# typed: true
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require "sorbet-runtime"
|
|
5
|
+
|
|
6
|
+
require "dependabot/requirement"
|
|
4
7
|
require "dependabot/utils"
|
|
5
8
|
require "dependabot/terraform/version"
|
|
6
9
|
|
|
7
10
|
# Just ensures that Terraform requirements use Terraform versions
|
|
8
11
|
module Dependabot
|
|
9
12
|
module Terraform
|
|
10
|
-
class Requirement <
|
|
13
|
+
class Requirement < Dependabot::Requirement
|
|
11
14
|
# Override regex PATTERN from Gem::Requirement to add support for the
|
|
12
15
|
# optional 'v' prefix to release tag names, which Terraform supports.
|
|
13
16
|
# https://www.terraform.io/docs/registry/modules/publish.html#requirements
|
|
@@ -31,6 +34,7 @@ module Dependabot
|
|
|
31
34
|
# For consistency with other languages, we define a requirements array.
|
|
32
35
|
# Terraform doesn't have an `OR` separator for requirements, so it
|
|
33
36
|
# always contains a single element.
|
|
37
|
+
sig { override.params(requirement_string: T.nilable(String)).returns(T::Array[Requirement]) }
|
|
34
38
|
def self.requirements_array(requirement_string)
|
|
35
39
|
[new(requirement_string)]
|
|
36
40
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-terraform
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.239.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-12-
|
|
11
|
+
date: 2023-12-28 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.239.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.239.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -114,14 +114,14 @@ dependencies:
|
|
|
114
114
|
requirements:
|
|
115
115
|
- - "~>"
|
|
116
116
|
- !ruby/object:Gem::Version
|
|
117
|
-
version: 1.
|
|
117
|
+
version: 1.58.0
|
|
118
118
|
type: :development
|
|
119
119
|
prerelease: false
|
|
120
120
|
version_requirements: !ruby/object:Gem::Requirement
|
|
121
121
|
requirements:
|
|
122
122
|
- - "~>"
|
|
123
123
|
- !ruby/object:Gem::Version
|
|
124
|
-
version: 1.
|
|
124
|
+
version: 1.58.0
|
|
125
125
|
- !ruby/object:Gem::Dependency
|
|
126
126
|
name: rubocop-performance
|
|
127
127
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -231,7 +231,7 @@ licenses:
|
|
|
231
231
|
- Nonstandard
|
|
232
232
|
metadata:
|
|
233
233
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
234
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
234
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.239.0
|
|
235
235
|
post_install_message:
|
|
236
236
|
rdoc_options: []
|
|
237
237
|
require_paths:
|