dependabot-core 0.89.5 → 0.90.0

data/lib/dependabot/utils/go/path_converter.rb

@@ -1,74 +0,0 @@
-# frozen_string_literal: true
-
-require "excon"
-require "nokogiri"
-
-require "dependabot/shared_helpers"
-require "dependabot/source"
-require "dependabot/utils/go/shared_helper"
-
-module Dependabot
-  module Utils
-    module Go
-      module PathConverter
-        def self.git_url_for_path(path)
-          # Save a query by manually converting golang.org/x names
-          import_path = path.gsub(%r{^golang\.org/x}, "github.com/golang")
-
-          SharedHelpers.run_helper_subprocess(
-            command: Go::SharedHelper.path,
-            function: "getVcsRemoteForImport",
-            args: { import: import_path }
-          )
-        end
-
-        # Used in dependabot-backend, which doesn't have access to any Go
-        # helpers.
-        # TODO: remove the need for this.
-        def self.git_url_for_path_without_go_helper(path)
-          # Save a query by manually converting golang.org/x names
-          tmp_path = path.gsub(%r{^golang\.org/x}, "github.com/golang")
-
-          # Currently, Dependabot::Source.new will return `nil` if it can't
-          # find a git SCH associated with a path. If it is ever extended to
-          # handle non-git sources we'll need to add an additional check here.
-          return Source.from_url(tmp_path).url if Source.from_url(tmp_path)
-          return "https://#{tmp_path}" if tmp_path.end_with?(".git")
-          return unless (metadata_response = fetch_path_metadata(path))
-
-          # Look for a GitHub, Bitbucket or GitLab URL in the response
-          metadata_response.scan(Dependabot::Source::SOURCE_REGEX) do
-            source_url = Regexp.last_match.to_s
-            return Source.from_url(source_url).url
-          end
-
-          # If none are found, parse the response and return the go-import path
-          doc = Nokogiri::XML(metadata_response)
-          doc.remove_namespaces!
-          import_details =
-            doc.xpath("//meta").
-            find { |n| n.attributes["name"]&.value == "go-import" }&.
-            attributes&.fetch("content")&.value&.split(/\s+/)
-          return unless import_details && import_details[1] == "git"
-
-          import_details[2]
-        end
-
-        def self.fetch_path_metadata(path)
-          # TODO: This is not robust! Instead, we should shell out to Go and
-          # use https://github.com/Masterminds/vcs.
-          response = Excon.get(
-            "https://#{path}?go-get=1",
-            idempotent: true,
-            **SharedHelpers.excon_defaults
-          )
-
-          return unless response.status == 200
-
-          response.body
-        end
-        private_class_method :fetch_path_metadata
-      end
-    end
-  end
-end

data/lib/dependabot/utils/go/requirement.rb

@@ -1,152 +0,0 @@
-# frozen_string_literal: true
-
-################################################################################
-# For more details on Go version constraints, see:                             #
-# - https://github.com/Masterminds/semver                                      #
-# - https://github.com/golang/dep/blob/master/docs/Gopkg.toml.md               #
-################################################################################
-
-require "dependabot/utils/go/version"
-
-module Dependabot
-  module Utils
-    module Go
-      class Requirement < Gem::Requirement
-        WILDCARD_REGEX = /(?:\.|^)[xX*]/.freeze
-        OR_SEPARATOR = /(?<=[a-zA-Z0-9*])\s*\|{2}/.freeze
-
-        # Override the version pattern to allow a 'v' prefix
-        quoted = OPS.keys.map { |k| Regexp.quote(k) }.join("|")
-        version_pattern = "v?#{Utils::Go::Version::VERSION_PATTERN}"
-
-        PATTERN_RAW = "\\s*(#{quoted})?\\s*(#{version_pattern})\\s*"
-        PATTERN = /\A#{PATTERN_RAW}\z/.freeze
-
-        # Use Utils::Go::Version rather than Gem::Version to ensure that
-        # pre-release versions aren't transformed.
-        def self.parse(obj)
-          if obj.is_a?(Gem::Version)
-            return ["=", Utils::Go::Version.new(obj.to_s)]
-          end
-
-          unless (matches = PATTERN.match(obj.to_s))
-            msg = "Illformed requirement [#{obj.inspect}]"
-            raise BadRequirementError, msg
-          end
-
-          return DefaultRequirement if matches[1] == ">=" && matches[2] == "0"
-
-          [matches[1] || "=", Utils::Go::Version.new(matches[2])]
-        end
-
-        # Returns an array of requirements. At least one requirement from the
-        # returned array must be satisfied for a version to be valid.
-        def self.requirements_array(requirement_string)
-          return [new(nil)] if requirement_string.nil?
-
-          requirement_string.strip.split(OR_SEPARATOR).map do |req_string|
-            new(req_string)
-          end
-        end
-
-        def initialize(*requirements)
-          requirements = requirements.flatten.flat_map do |req_string|
-            req_string.split(",").map do |r|
-              convert_go_constraint_to_ruby_constraint(r.strip)
-            end
-          end
-
-          super(requirements)
-        end
-
-        private
-
-        def convert_go_constraint_to_ruby_constraint(req_string)
-          req_string = req_string
-          req_string = convert_wildcard_characters(req_string)
-
-          if req_string.match?(WILDCARD_REGEX)
-            ruby_range(req_string.gsub(WILDCARD_REGEX, "").gsub(/^[^\d]/, ""))
-          elsif req_string.match?(/^~[^>]/) then convert_tilde_req(req_string)
-          elsif req_string.include?(" - ") then convert_hyphen_req(req_string)
-          elsif req_string.match?(/^[\dv^]/) then convert_caret_req(req_string)
-          elsif req_string.match?(/[<=>]/) then req_string
-          else ruby_range(req_string)
-          end
-        end
-
-        def convert_wildcard_characters(req_string)
-          if req_string.match?(/^[\dv^>~]/)
-            replace_wildcard_in_lower_bound(req_string)
-          elsif req_string.start_with?("<")
-            parts = req_string.split(".")
-            parts.map.with_index do |part, index|
-              next "0" if part.match?(WILDCARD_REGEX)
-              next part.to_i + 1 if parts[index + 1]&.match?(WILDCARD_REGEX)
-
-              part
-            end.join(".")
-          else
-            req_string
-          end
-        end
-
-        def replace_wildcard_in_lower_bound(req_string)
-          after_wildcard = false
-
-          if req_string.start_with?("~")
-            req_string = req_string.gsub(/(?:(?:\.|^)[xX*])(\.[xX*])+/, "")
-          end
-
-          req_string.split(".").
-            map do |part|
-              part.split("-").map.with_index do |p, i|
-                # Before we hit a wildcard we just return the existing part
-                next p unless p.match?(WILDCARD_REGEX) || after_wildcard
-
-                # On or after a wildcard we replace the version part with zero
-                after_wildcard = true
-                i.zero? ? "0" : "a"
-              end.join("-")
-            end.join(".")
-        end
-
-        def convert_tilde_req(req_string)
-          version = req_string.gsub(/^~/, "")
-          parts = version.split(".")
-          parts << "0" if parts.count < 3
-          "~> #{parts.join('.')}"
-        end
-
-        def convert_hyphen_req(req_string)
-          lower_bound, upper_bound = req_string.split(/\s+-\s+/)
-          [">= #{lower_bound}", "<= #{upper_bound}"]
-        end
-
-        def ruby_range(req_string)
-          parts = req_string.split(".")
-
-          # If we have three or more parts then this is an exact match
-          return req_string if parts.count >= 3
-
-          # If we have no parts then the version is completely unlocked
-          return ">= 0" if parts.count.zero?
-
-          # If we have fewer than three parts we do a partial match
-          parts << "0"
-          "~> #{parts.join('.')}"
-        end
-
-        # Note: Dep's caret notation implementation doesn't distinguish between
-        # pre and post-1.0.0 requirements (unlike in JS)
-        def convert_caret_req(req_string)
-          version = req_string.gsub(/^\^?v?/, "")
-          parts = version.split(".")
-          upper_bound = [parts.first.to_i + 1, 0, 0, "a"].map(&:to_s).join(".")
-
-          [">= #{version}", "< #{upper_bound}"]
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/utils/go/shared_helper.rb

@@ -1,20 +0,0 @@
-# frozen_string_literal: true
-
-module Dependabot
-  module Utils
-    module Go
-      module SharedHelper
-        def self.path
-          project_root = File.join(File.dirname(__FILE__), "../../../..")
-          platform =
-            case RbConfig::CONFIG["arch"]
-            when /linux/ then "linux"
-            when /darwin/ then "darwin"
-            else raise "Invalid platform #{RbConfig::CONFIG['arch']}"
-            end
-          File.join(project_root, "helpers/go/go-helpers.#{platform}64")
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/utils/go/version.rb

@@ -1,42 +0,0 @@
-# frozen_string_literal: true
-
-require "rubygems_version_patch"
-
-# Go pre-release versions use 1.0.1-rc1 syntax, which Gem::Version
-# converts into 1.0.1.pre.rc1. We override the `to_s` method to stop that
-# alteration.
-# Best docs are at https://github.com/Masterminds/semver
-
-module Dependabot
-  module Utils
-    module Go
-      class Version < Gem::Version
-        VERSION_PATTERN = '[0-9]+[0-9a-zA-Z]*(?>\.[0-9a-zA-Z]+)*' \
-                          '(-[0-9A-Za-z-]+(\.[0-9a-zA-Z-]+)*)?' \
-                          '(\+incompatible)?'
-        ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/.freeze
-
-        def self.correct?(version)
-          version = version.gsub(/^v/, "") if version.is_a?(String)
-          version = version.to_s.split("+").first if version.to_s.include?("+")
-          super(version)
-        end
-
-        def initialize(version)
-          @version_string = version.to_s.gsub(/^v/, "")
-          version = version.gsub(/^v/, "") if version.is_a?(String)
-          version = version.to_s.split("+").first if version.to_s.include?("+")
-          super
-        end
-
-        def inspect # :nodoc:
-          "#<#{self.class} #{@version_string.inspect}>"
-        end
-
-        def to_s
-          @version_string
-        end
-      end
-    end
-  end
-end