RubyGems - dependabot-core - Versions diffs - 0.89.5 → 0.90.0 - Mend

dependabot-core 0.89.5 → 0.90.0

Files changed (31) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +5 -0
data/lib/dependabot/file_fetchers.rb +1 -3
data/lib/dependabot/file_parsers.rb +1 -3
data/lib/dependabot/file_updaters.rb +1 -3
data/lib/dependabot/metadata_finders.rb +1 -3
data/lib/dependabot/update_checkers.rb +1 -3
data/lib/dependabot/utils.rb +2 -6
data/lib/dependabot/version.rb +1 -1
metadata +2 -23
data/helpers/go/Makefile +0 -9
data/helpers/go/go.mod +0 -8
data/helpers/go/go.sum +0 -2
data/helpers/go/importresolver/go.mod +0 -1
data/helpers/go/importresolver/main.go +0 -34
data/helpers/go/main.go +0 -67
data/lib/dependabot/file_fetchers/go/dep.rb +0 -69
data/lib/dependabot/file_parsers/go/dep.rb +0 -188
data/lib/dependabot/file_updaters/go/dep.rb +0 -77
data/lib/dependabot/file_updaters/go/dep/lockfile_updater.rb +0 -222
data/lib/dependabot/file_updaters/go/dep/manifest_updater.rb +0 -155
data/lib/dependabot/metadata_finders/go/dep.rb +0 -56
data/lib/dependabot/update_checkers/go/dep.rb +0 -311
data/lib/dependabot/update_checkers/go/dep/file_preparer.rb +0 -221
data/lib/dependabot/update_checkers/go/dep/latest_version_finder.rb +0 -169
data/lib/dependabot/update_checkers/go/dep/requirements_updater.rb +0 -223
data/lib/dependabot/update_checkers/go/dep/version_resolver.rb +0 -168
data/lib/dependabot/utils/go/path_converter.rb +0 -74
data/lib/dependabot/utils/go/requirement.rb +0 -152
data/lib/dependabot/utils/go/shared_helper.rb +0 -20
data/lib/dependabot/utils/go/version.rb +0 -42

data/lib/dependabot/metadata_finders/go/dep.rb DELETED Viewed

@@ -1,56 +0,0 @@
-# frozen_string_literal: true
-require "dependabot/metadata_finders/base"
-require "dependabot/utils/go/path_converter"
-module Dependabot
-  module MetadataFinders
-    module Go
-      class Dep < Dependabot::MetadataFinders::Base
-        private
-        def look_up_source
-          return look_up_git_dependency_source if git_dependency?
-          path_str = (specified_source_string || dependency.name)
-          url = Dependabot::Utils::Go::PathConverter.
-                git_url_for_path_without_go_helper(path_str)
-          Source.from_url(url) if url
-        end
-        def git_dependency?
-          return false unless declared_source_details
-          dependency_type =
-            declared_source_details.fetch(:type, nil) ||
-            declared_source_details.fetch("type")
-          dependency_type == "git"
-        end
-        def look_up_git_dependency_source
-          specified_url =
-            declared_source_details.fetch(:url, nil) ||
-            declared_source_details.fetch("url")
-          Source.from_url(specified_url)
-        end
-        def specified_source_string
-          declared_source_details&.fetch(:source, nil) ||
-            declared_source_details&.fetch("source", nil)
-        end
-        def declared_source_details
-          sources = dependency.requirements.
-                    map { |r| r.fetch(:source) }.
-                    uniq.compact
-          raise "Multiple sources! #{sources.join(', ')}" if sources.count > 1
-          sources.first
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/update_checkers/go/dep.rb DELETED Viewed

@@ -1,311 +0,0 @@
-# frozen_string_literal: true
-require "toml-rb"
-require "dependabot/update_checkers/base"
-module Dependabot
-  module UpdateCheckers
-    module Go
-      class Dep < Dependabot::UpdateCheckers::Base
-        require_relative "dep/file_preparer"
-        require_relative "dep/latest_version_finder"
-        require_relative "dep/requirements_updater"
-        require_relative "dep/version_resolver"
-        def latest_version
-          @latest_version ||=
-            LatestVersionFinder.new(
-              dependency: dependency,
-              dependency_files: dependency_files,
-              credentials: credentials,
-              ignored_versions: ignored_versions
-            ).latest_version
-        end
-        def latest_resolvable_version
-          @latest_resolvable_version ||=
-            if modules_dependency?
-              latest_version
-            elsif git_dependency?
-              latest_resolvable_version_for_git_dependency
-            else
-              latest_resolvable_released_version(unlock_requirement: true)
-            end
-        end
-        def latest_resolvable_version_with_no_unlock
-          @latest_resolvable_version_with_no_unlock ||=
-            if git_dependency?
-              latest_resolvable_commit_with_unchanged_git_source
-            else
-              latest_resolvable_released_version(unlock_requirement: false)
-            end
-        end
-        def updated_requirements
-          @updated_requirements ||=
-            RequirementsUpdater.new(
-              requirements: dependency.requirements,
-              updated_source: updated_source,
-              update_strategy: requirements_update_strategy,
-              latest_version: latest_version&.to_s,
-              latest_resolvable_version: latest_resolvable_version&.to_s
-            ).updated_requirements
-        end
-        def requirements_update_strategy
-          # If passed in as an option (in the base class) honour that option
-          if @requirements_update_strategy
-            return @requirements_update_strategy.to_sym
-          end
-          # Otherwise, widen ranges for libraries and bump versions for apps
-          library? ? :widen_ranges : :bump_versions
-        end
-        private
-        def latest_version_resolvable_with_full_unlock?
-          # Full unlock checks aren't implemented for Go (yet)
-          false
-        end
-        def updated_dependencies_after_full_unlock
-          raise NotImplementedError
-        end
-        # Override the base class's check for whether this is a git dependency,
-        # since not all dep git dependencies have a SHA version (sometimes their
-        # version is the tag)
-        def existing_version_is_sha?
-          git_dependency?
-        end
-        def library?
-          dependency_files.none? { |f| f.type == "package_main" }
-        end
-        # rubocop:disable Metrics/CyclomaticComplexity
-        # rubocop:disable Metrics/PerceivedComplexity
-        def latest_resolvable_version_for_git_dependency
-          return latest_version if modules_dependency?
-          latest_release =
-            begin
-              latest_resolvable_released_version(unlock_requirement: true)
-            rescue SharedHelpers::HelperSubprocessFailed => error
-              raise unless error.message.include?("Solving failure")
-            end
-          # If there's a resolvable release that includes the current pinned
-          # ref or that the current branch is behind, we switch to that release.
-          return latest_release if git_branch_or_ref_in_release?(latest_release)
-          # Otherwise, if the gem isn't pinned, the latest version is just the
-          # latest commit for the specified branch.
-          unless git_commit_checker.pinned?
-            return latest_resolvable_commit_with_unchanged_git_source
-          end
-          # If the dependency is pinned to a tag that looks like a version then
-          # we want to update that tag.
-          if git_commit_checker.pinned_ref_looks_like_version? &&
-             latest_git_tag_is_resolvable?
-            new_tag = git_commit_checker.local_tag_for_latest_version
-            return version_from_tag(new_tag)
-          end
-          # If the dependency is pinned to a tag that doesn't look like a
-          # version then there's nothing we can do.
-          nil
-        end
-        # rubocop:enable Metrics/CyclomaticComplexity
-        # rubocop:enable Metrics/PerceivedComplexity
-        def version_from_tag(tag)
-          # To compare with the current version we either use the commit SHA
-          # (if that's what the parser picked up) of the tag name.
-          if dependency.version&.match?(/^[0-9a-f]{40}$/)
-            return tag&.fetch(:commit_sha)
-          end
-          tag&.fetch(:tag)
-        end
-        def latest_resolvable_commit_with_unchanged_git_source
-          if @commit_lookup_attempted
-            return @latest_resolvable_commit_with_unchanged_git_source
-          end
-          @commit_lookup_attempted = true
-          @latest_resolvable_commit_with_unchanged_git_source ||=
-            begin
-              prepared_files = FilePreparer.new(
-                dependency_files: dependency_files,
-                dependency: dependency,
-                unlock_requirement: false,
-                remove_git_source: false,
-                latest_allowable_version: latest_version
-              ).prepared_dependency_files
-              VersionResolver.new(
-                dependency: dependency,
-                dependency_files: prepared_files,
-                credentials: credentials
-              ).latest_resolvable_version
-            end
-        rescue SharedHelpers::HelperSubprocessFailed => error
-          # This should rescue resolvability errors in future
-          raise unless error.message.include?("Solving failure")
-        end
-        def latest_resolvable_released_version(unlock_requirement:)
-          @latest_resolvable_released_version ||= {}
-          @latest_resolvable_released_version[unlock_requirement] ||=
-            begin
-              prepared_files = FilePreparer.new(
-                dependency_files: dependency_files,
-                dependency: dependency,
-                unlock_requirement: unlock_requirement,
-                remove_git_source: git_dependency?,
-                latest_allowable_version: latest_version
-              ).prepared_dependency_files
-              VersionResolver.new(
-                dependency: dependency,
-                dependency_files: prepared_files,
-                credentials: credentials
-              ).latest_resolvable_version
-            end
-        end
-        def latest_git_tag_is_resolvable?
-          return @git_tag_resolvable if @latest_git_tag_is_resolvable_checked
-          @latest_git_tag_is_resolvable_checked = true
-          return false if git_commit_checker.local_tag_for_latest_version.nil?
-          replacement_tag = git_commit_checker.local_tag_for_latest_version
-          prepared_files = FilePreparer.new(
-            dependency: dependency,
-            dependency_files: dependency_files,
-            unlock_requirement: false,
-            remove_git_source: false,
-            replacement_git_pin: replacement_tag.fetch(:tag)
-          ).prepared_dependency_files
-          VersionResolver.new(
-            dependency: dependency,
-            dependency_files: prepared_files,
-            credentials: credentials
-          ).latest_resolvable_version
-          @git_tag_resolvable = true
-        rescue SharedHelpers::HelperSubprocessFailed => error
-          # This should rescue resolvability errors in future
-          raise unless error.message.include?("Solving failure")
-          @git_tag_resolvable = false
-        end
-        def updated_source
-          # Never need to update source, unless a git_dependency
-          return dependency_source_details unless git_dependency?
-          # Source becomes `nil` if switching to default rubygems
-          return default_source if should_switch_source_from_ref_to_release?
-          # Update the git tag if updating a pinned version
-          if git_commit_checker.pinned_ref_looks_like_version? &&
-             latest_git_tag_is_resolvable?
-            new_tag = git_commit_checker.local_tag_for_latest_version
-            return dependency_source_details.merge(ref: new_tag.fetch(:tag))
-          end
-          # Otherwise return the original source
-          dependency_source_details
-        end
-        def dependency_source_details
-          sources =
-            dependency.requirements.map { |r| r.fetch(:source) }.uniq.compact
-          raise "Multiple sources! #{sources.join(', ')}" if sources.count > 1
-          sources.first
-        end
-        def should_switch_source_from_ref_to_release?
-          return false unless git_dependency?
-          return false if latest_resolvable_version_for_git_dependency.nil?
-          Gem::Version.correct?(latest_resolvable_version_for_git_dependency)
-        end
-        def modules_dependency?
-          # If dep is being used then we use that to determine the latest
-          # version we can update to (since it will have resolvability
-          # requirements, whereas Go modules won't)
-          !dependency_in_gopkg_lock?
-        end
-        def dependency_in_gopkg_lock?
-          lockfile = dependency_files.find { |f| f.name == "Gopkg.lock" }
-          return false unless lockfile
-          parsed_file(lockfile).fetch("projects", []).any? do |details|
-            details.fetch("name") == dependency.name
-          end
-        end
-        def git_dependency?
-          git_commit_checker.git_dependency?
-        end
-        def default_source
-          if modules_dependency?
-            return { type: "default", source: dependency.name }
-          end
-          original_declaration =
-            parsed_file(manifest).
-            values_at(*FileParsers::Go::Dep::REQUIREMENT_TYPES).
-            flatten.compact.
-            find { |d| d["name"] == dependency.name }
-          {
-            type: "default",
-            source:
-              original_declaration&.fetch("source", nil) || dependency.name
-          }
-        end
-        def git_branch_or_ref_in_release?(release)
-          return false unless release
-          git_commit_checker.branch_or_ref_in_release?(release)
-        end
-        def parsed_file(file)
-          @parsed_file ||= {}
-          @parsed_file[file.name] ||= TomlRB.parse(file.content)
-        end
-        def manifest
-          @manifest ||= dependency_files.find { |f| f.name == "Gopkg.toml" }
-        end
-        def git_commit_checker
-          @git_commit_checker ||=
-            GitCommitChecker.new(
-              dependency: dependency,
-              credentials: credentials,
-              ignored_versions: ignored_versions
-            )
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/update_checkers/go/dep/file_preparer.rb DELETED Viewed

@@ -1,221 +0,0 @@
-# frozen_string_literal: true
-require "toml-rb"
-require "dependabot/dependency_file"
-require "dependabot/file_parsers/go/dep"
-require "dependabot/update_checkers/go/dep"
-module Dependabot
-  module UpdateCheckers
-    module Go
-      class Dep
-        # This class takes a set of dependency files and prepares them for use
-        # in UpdateCheckers::Go::Dep.
-        class FilePreparer
-          def initialize(dependency_files:, dependency:,
-                         remove_git_source: false,
-                         unlock_requirement: true,
-                         replacement_git_pin: nil,
-                         latest_allowable_version: nil)
-            @dependency_files         = dependency_files
-            @dependency               = dependency
-            @unlock_requirement       = unlock_requirement
-            @remove_git_source        = remove_git_source
-            @replacement_git_pin      = replacement_git_pin
-            @latest_allowable_version = latest_allowable_version
-          end
-          def prepared_dependency_files
-            files = []
-            files << manifest_for_update_check
-            files << lockfile if lockfile
-            files
-          end
-          private
-          attr_reader :dependency_files, :dependency, :replacement_git_pin,
-                      :latest_allowable_version
-          def unlock_requirement?
-            @unlock_requirement
-          end
-          def remove_git_source?
-            @remove_git_source
-          end
-          def replace_git_pin?
-            !replacement_git_pin.nil?
-          end
-          def manifest_for_update_check
-            DependencyFile.new(
-              name: manifest.name,
-              content: manifest_content_for_update_check(manifest),
-              directory: manifest.directory
-            )
-          end
-          def manifest_content_for_update_check(file)
-            content = file.content
-            content = remove_git_source(content) if remove_git_source?
-            content = replace_git_pin(content) if replace_git_pin?
-            content = replace_version_constraint(content, file.name)
-            content = add_fsnotify_override(content)
-            content
-          end
-          def remove_git_source(content)
-            parsed_manifest = TomlRB.parse(content)
-            FileParsers::Go::Dep::REQUIREMENT_TYPES.each do |type|
-              (parsed_manifest[type] || []).each do |details|
-                next unless details["name"] == dependency.name
-                details.delete("revision")
-                details.delete("branch")
-              end
-            end
-            TomlRB.dump(parsed_manifest)
-          end
-          def replace_git_pin(content)
-            parsed_manifest = TomlRB.parse(content)
-            FileParsers::Go::Dep::REQUIREMENT_TYPES.each do |type|
-              (parsed_manifest[type] || []).each do |details|
-                next unless details["name"] == dependency.name
-                raise "Invalid details! #{details}" if details["branch"]
-                if details["version"]
-                  details["version"] = replacement_git_pin
-                else
-                  details["revision"] = replacement_git_pin
-                end
-              end
-            end
-            TomlRB.dump(parsed_manifest)
-          end
-          # Note: We don't need to care about formatting in this method, since
-          # we're only using the manifest to find the latest resolvable version
-          def replace_version_constraint(content, filename)
-            parsed_manifest = TomlRB.parse(content)
-            FileParsers::Go::Dep::REQUIREMENT_TYPES.each do |type|
-              (parsed_manifest[type] || []).each do |details|
-                next unless details["name"] == dependency.name
-                next if details["revision"] || details["branch"]
-                next if replacement_git_pin
-                updated_req = temporary_requirement_for_resolution(filename)
-                details["version"] = updated_req
-              end
-            end
-            TomlRB.dump(parsed_manifest)
-          end
-          # A dep bug means we have to specify a source for gopkg.in/fsnotify.v1
-          # or we get `panic: version queue is empty` errors
-          def add_fsnotify_override(content)
-            parsed_manifest = TomlRB.parse(content)
-            overrides = parsed_manifest.fetch("override", [])
-            dep_name = "gopkg.in/fsnotify.v1"
-            override = overrides.find { |s| s["name"] == dep_name }
-            if override.nil?
-              override = { "name" => dep_name }
-              overrides << override
-            end
-            unless override["source"]
-              override["source"] = "gopkg.in/fsnotify/fsnotify.v1"
-            end
-            parsed_manifest["override"] = overrides
-            TomlRB.dump(parsed_manifest)
-          end
-          def temporary_requirement_for_resolution(filename)
-            original_req = dependency.requirements.
-                           find { |r| r.fetch(:file) == filename }&.
-                           fetch(:requirement)
-            lower_bound_req =
-              if original_req && !unlock_requirement?
-                original_req
-              else
-                ">= #{lower_bound_version}"
-              end
-            unless latest_allowable_version &&
-                   version_class.correct?(latest_allowable_version) &&
-                   version_class.new(latest_allowable_version) >=
-                   version_class.new(lower_bound_version)
-              return lower_bound_req
-            end
-            lower_bound_req + ", <= #{latest_allowable_version}"
-          end
-          def lower_bound_version
-            @lower_bound_version ||=
-              if version_from_lockfile
-                version_from_lockfile
-              else
-                version_from_requirement =
-                  dependency.requirements.map { |r| r.fetch(:requirement) }.
-                  compact.
-                  flat_map { |req_str| requirement_class.new(req_str) }.
-                  flat_map(&:requirements).
-                  reject { |req_array| req_array.first.start_with?("<") }.
-                  map(&:last).
-                  max&.to_s
-                version_from_requirement || 0
-              end
-          end
-          def version_from_lockfile
-            return unless lockfile
-            TomlRB.parse(lockfile.content).
-              fetch("projects", []).
-              find { |p| p["name"] == dependency.name }&.
-              fetch("version", nil)&.
-              sub(/^v?/, "")
-          end
-          def version_class
-            Utils.version_class_for_package_manager(dependency.package_manager)
-          end
-          def requirement_class
-            Utils.requirement_class_for_package_manager(
-              dependency.package_manager
-            )
-          end
-          def manifest
-            @manifest ||= dependency_files.find { |f| f.name == "Gopkg.toml" }
-          end
-          def lockfile
-            @lockfile ||= dependency_files.find { |f| f.name == "Gopkg.lock" }
-          end
-        end
-      end
-    end
-  end
-end