dependabot-core 0.86.25 → 0.87.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a6e66bf13b402cf7fd7b581515e71ed136d3ca1f69b1e05fac82dc9c7cdda6c4
-  data.tar.gz: 85bf874a2ed62f4793bd5a1ac0d0a8d2e322d6b2bef9d15aa6ed26246a517c0c
+  metadata.gz: c2e46d1583d18b098fe5b5e15f14fd1c7cfd7c777d656cfd9848d30707b295f0
+  data.tar.gz: e004738d88222a5488e489b247184b98914645abb1fb3062f609b27a17111af0
 SHA512:
-  metadata.gz: c099e0bb79b50dfb23128451840afafd868d629c6d4b712d472265afb533c26c288ff32239cf353a55446e5f86dd3f0cccb1d7064ef20c0f911cb1474ded368a
-  data.tar.gz: c9ec5ce9b2ad8e8a619f79a6e141d385144ae373b3134213982debeb698ce4a6c29e41c8ccc0a5cf4f84f80d3795afa98f22af708689e7feb8341edd2ef46a0a
+  metadata.gz: 7cb1368c7f61de9b26efb85a29e4146c72121fa448801bdef74fd0a64ee4ae2668f83a4779fa032131eaaa7530625f76c85c2ff4f53e6caf1f7cf3e26a356047
+  data.tar.gz: ddb71c7d249b391ba49efbb257293e21ffbfafcd179f8e162ba2128d53be29bd615ac947ba1f8ed25e9467b6a9c9424bdbf2df2164a0c214c3a0dcf766fa517b

data/CHANGELOG.md

@@ -1,10 +1,12 @@
+## v0.87.0, 2 January 2019
+
+- Go (modules): reorg
+- JS: Handle requirements with an || when bumping versions
+
 ## v0.86.25, 2 January 2019
 
 - Raise RepoNotFound errors when creating PRs
-- Merge pull request #875 from dependabot/dependabot/composer/helpers/php/friendsofphp/php-cs-fixer-2.13.2
-- Bump friendsofphp/php-cs-fixer from 2.13.1 to 2.13.2 in /helpers/php
 - Python: Don't treat post-releases as pre-releases
-- Save a couple of lines
 
 ## v0.86.24, 1 January 2019
 

data/helpers/go/go.mod

@@ -2,8 +2,7 @@ module github.com/dependabot/dependabot-core/helpers/go
 
 require (
 	github.com/Masterminds/vcs v1.12.0
-	github.com/dependabot/dependabot-core/helpers/go/updater v0.0.0
-	github.com/dependabot/gomodules-extracted v0.0.0-20181020215834-1b2f850478a3
+	github.com/dependabot/dependabot-core/helpers/go/importresolver v0.0.0
 )
 
-replace github.com/dependabot/dependabot-core/helpers/go/updater => ./updater
+replace github.com/dependabot/dependabot-core/helpers/go/importresolver => ./importresolver

data/helpers/go/go.sum

@@ -1,5 +1,2 @@
 github.com/Masterminds/vcs v1.12.0 h1:bt9Hb4XlfmEfLnVA0MVz2NO0GFuMN5vX8iOWW38Xde4=
 github.com/Masterminds/vcs v1.12.0/go.mod h1:N09YCmOQr6RLxC6UNHzuVwAdodYbbnycGHSmwVJjcKA=
-github.com/dependabot/dependabot-core v0.74.6 h1:SB2Oyie+Ex9ARXLHbFrnoQSWSixAG4ORHA+s6YEvVag=
-github.com/dependabot/gomodules-extracted v0.0.0-20181020215834-1b2f850478a3 h1:Xj2leY0FVyZuo+p59vkIWG3dIqo+QtjskT5O1iTiywA=
-github.com/dependabot/gomodules-extracted v0.0.0-20181020215834-1b2f850478a3/go.mod h1:+dRXSrUymjpT4yzKtn1QmeknT1S/yAHRr35en18dHp8=

data/helpers/go/importresolver/go.mod

@@ -0,0 +1 @@
+module github.com/dependabot/dependabot-core/helpers/go/importresolver

data/helpers/go/main.go

@@ -7,8 +7,6 @@ import (
 	"os"
 
 	"github.com/dependabot/dependabot-core/helpers/go/importresolver"
-	"github.com/dependabot/dependabot-core/helpers/go/updatechecker"
-	"github.com/dependabot/dependabot-core/helpers/go/updater"
 )
 
 type HelperParams struct {
@@ -33,14 +31,6 @@ func main() {
 		funcErr error
 	)
 	switch helperParams.Function {
-	case "getUpdatedVersion":
-		var args updatechecker.Args
-		parseArgs(helperParams.Args, &args)
-		funcOut, funcErr = updatechecker.GetUpdatedVersion(&args)
-	case "updateDependencyFile":
-		var args updater.Args
-		parseArgs(helperParams.Args, &args)
-		funcOut, funcErr = updater.UpdateDependencyFile(&args)
 	case "getVcsRemoteForImport":
 		var args importresolver.Args
 		parseArgs(helperParams.Args, &args)

data/lib/dependabot/file_fetchers.rb

@@ -5,7 +5,6 @@ require "dependabot/file_fetchers/java_script/npm_and_yarn"
 require "dependabot/file_fetchers/php/composer"
 require "dependabot/file_fetchers/elixir/hex"
 require "dependabot/file_fetchers/go/dep"
-require "dependabot/file_fetchers/go/modules"
 
 module Dependabot
   module FileFetchers
@@ -14,8 +13,7 @@ module Dependabot
       "npm_and_yarn" => FileFetchers::JavaScript::NpmAndYarn,
       "composer" => FileFetchers::Php::Composer,
       "hex" => FileFetchers::Elixir::Hex,
-      "dep" => FileFetchers::Go::Dep,
-      "go_modules" => FileFetchers::Go::Modules
+      "dep" => FileFetchers::Go::Dep
     }
 
     def self.for_package_manager(package_manager)

data/lib/dependabot/file_parsers.rb

@@ -5,7 +5,6 @@ require "dependabot/file_parsers/java_script/npm_and_yarn"
 require "dependabot/file_parsers/php/composer"
 require "dependabot/file_parsers/elixir/hex"
 require "dependabot/file_parsers/go/dep"
-require "dependabot/file_parsers/go/modules"
 
 module Dependabot
   module FileParsers
@@ -14,8 +13,7 @@ module Dependabot
       "npm_and_yarn" => FileParsers::JavaScript::NpmAndYarn,
       "composer" => FileParsers::Php::Composer,
       "hex" => FileParsers::Elixir::Hex,
-      "dep" => FileParsers::Go::Dep,
-      "go_modules" => FileParsers::Go::Modules
+      "dep" => FileParsers::Go::Dep
     }
 
     def self.for_package_manager(package_manager)

data/lib/dependabot/file_updaters.rb

@@ -5,7 +5,6 @@ require "dependabot/file_updaters/java_script/npm_and_yarn"
 require "dependabot/file_updaters/php/composer"
 require "dependabot/file_updaters/elixir/hex"
 require "dependabot/file_updaters/go/dep"
-require "dependabot/file_updaters/go/modules"
 
 module Dependabot
   module FileUpdaters
@@ -14,8 +13,7 @@ module Dependabot
       "npm_and_yarn" => FileUpdaters::JavaScript::NpmAndYarn,
       "composer" => FileUpdaters::Php::Composer,
       "hex" => FileUpdaters::Elixir::Hex,
-      "dep" => FileUpdaters::Go::Dep,
-      "go_modules" => FileUpdaters::Go::Modules
+      "dep" => FileUpdaters::Go::Dep
     }
 
     def self.for_package_manager(package_manager)

data/lib/dependabot/metadata_finders.rb

@@ -13,8 +13,7 @@ module Dependabot
       "npm_and_yarn" => MetadataFinders::JavaScript::NpmAndYarn,
       "composer" => MetadataFinders::Php::Composer,
       "hex" => MetadataFinders::Elixir::Hex,
-      "dep" => MetadataFinders::Go::Dep,
-      "go_modules" => MetadataFinders::Go::Dep
+      "dep" => MetadataFinders::Go::Dep
     }
 
     def self.for_package_manager(package_manager)

data/lib/dependabot/pull_request_creator/github.rb

@@ -47,12 +47,8 @@ module Dependabot
         annotate_pull_request(pull_request)
 
         pull_request
-      rescue Octokit::Forbidden => error
-        raise unless error.message.include?("Repository was archived")
-        raise RepoArchived
-      rescue Octokit::NotFound => error
-        raise if repo_exists?
-        raise RepoNotFound
+      rescue Octokit::Error => error
+        handle_error(error)
       end
 
       private
@@ -241,6 +237,21 @@ module Dependabot
           signature_key: signature_key
         ).signature
       end
+
+      def handle_error(error)
+        case error
+        when Octokit::Forbidden
+          raise error unless error.message.include?("Repository was archived")
+
+          raise RepoArchived
+        when Octokit::NotFound
+          raise error if repo_exists?
+
+          raise RepoNotFound
+        else
+          raise error
+        end
+      end
     end
   end
 end

data/lib/dependabot/update_checkers.rb

@@ -5,7 +5,6 @@ require "dependabot/update_checkers/java_script/npm_and_yarn"
 require "dependabot/update_checkers/php/composer"
 require "dependabot/update_checkers/elixir/hex"
 require "dependabot/update_checkers/go/dep"
-require "dependabot/update_checkers/go/modules"
 
 module Dependabot
   module UpdateCheckers
@@ -14,8 +13,7 @@ module Dependabot
       "npm_and_yarn" => UpdateCheckers::JavaScript::NpmAndYarn,
       "composer" => UpdateCheckers::Php::Composer,
       "hex" => UpdateCheckers::Elixir::Hex,
-      "dep" => UpdateCheckers::Go::Dep,
-      "go_modules" => UpdateCheckers::Go::Modules
+      "dep" => UpdateCheckers::Go::Dep
     }
 
     def self.for_package_manager(package_manager)

data/lib/dependabot/update_checkers/java_script/npm_and_yarn/requirements_updater.rb

@@ -90,7 +90,8 @@ module Dependabot
               return req.merge(requirement: updated_req)
             end
 
-            req.merge(requirement: update_version_string(current_requirement))
+            reqs = current_requirement.strip.split(SEPARATOR).map(&:strip)
+            req.merge(requirement: update_version_string(reqs.first))
           end
 
           def update_version_requirement_if_needed(req)

data/lib/dependabot/utils.rb

@@ -22,8 +22,7 @@ module Dependabot
       "npm_and_yarn" => Utils::JavaScript::Version,
       "composer" => Utils::Php::Version,
       "hex" => Utils::Elixir::Version,
-      "dep" => Utils::Go::Version,
-      "go_modules" => Utils::Go::Version
+      "dep" => Utils::Go::Version
     }
 
     def self.version_class_for_package_manager(package_manager)
@@ -44,8 +43,7 @@ module Dependabot
       "npm_and_yarn" => Utils::JavaScript::Requirement,
       "composer" => Utils::Php::Requirement,
       "hex" => Utils::Elixir::Requirement,
-      "dep" => Utils::Go::Requirement,
-      "go_modules" => Utils::Go::Requirement
+      "dep" => Utils::Go::Requirement
     }
 
     def self.requirement_class_for_package_manager(package_manager)

data/lib/dependabot/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.86.25"
+  VERSION = "0.87.0"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-core
 version: !ruby/object:Gem::Version
-  version: 0.86.25
+  version: 0.87.0
 platform: ruby
 authors:
 - Dependabot
@@ -307,13 +307,9 @@ files:
 - helpers/go/Makefile
 - helpers/go/go.mod
 - helpers/go/go.sum
+- helpers/go/importresolver/go.mod
 - helpers/go/importresolver/main.go
 - helpers/go/main.go
-- helpers/go/updatechecker/main.go
-- helpers/go/updater/go.mod
-- helpers/go/updater/go.sum
-- helpers/go/updater/helpers.go
-- helpers/go/updater/main.go
 - helpers/npm/.eslintrc
 - helpers/npm/bin/run.js
 - helpers/npm/lib/helpers.js
@@ -377,7 +373,6 @@ files:
 - lib/dependabot/file_fetchers/base.rb
 - lib/dependabot/file_fetchers/elixir/hex.rb
 - lib/dependabot/file_fetchers/go/dep.rb
-- lib/dependabot/file_fetchers/go/modules.rb
 - lib/dependabot/file_fetchers/java_script/npm_and_yarn.rb
 - lib/dependabot/file_fetchers/java_script/npm_and_yarn/path_dependency_builder.rb
 - lib/dependabot/file_fetchers/php/composer.rb
@@ -391,8 +386,6 @@ files:
 - lib/dependabot/file_parsers/base/dependency_set.rb
 - lib/dependabot/file_parsers/elixir/hex.rb
 - lib/dependabot/file_parsers/go/dep.rb
-- lib/dependabot/file_parsers/go/modules.rb
-- lib/dependabot/file_parsers/go/modules/go_mod_parser.rb
 - lib/dependabot/file_parsers/java_script/npm_and_yarn.rb
 - lib/dependabot/file_parsers/php/composer.rb
 - lib/dependabot/file_parsers/ruby/bundler.rb
@@ -410,8 +403,6 @@ files:
 - lib/dependabot/file_updaters/go/dep.rb
 - lib/dependabot/file_updaters/go/dep/lockfile_updater.rb
 - lib/dependabot/file_updaters/go/dep/manifest_updater.rb
-- lib/dependabot/file_updaters/go/modules.rb
-- lib/dependabot/file_updaters/go/modules/go_mod_updater.rb
 - lib/dependabot/file_updaters/java_script/npm_and_yarn.rb
 - lib/dependabot/file_updaters/java_script/npm_and_yarn/npm_lockfile_updater.rb
 - lib/dependabot/file_updaters/java_script/npm_and_yarn/npmrc_builder.rb
@@ -466,7 +457,6 @@ files:
 - lib/dependabot/update_checkers/go/dep/latest_version_finder.rb
 - lib/dependabot/update_checkers/go/dep/requirements_updater.rb
 - lib/dependabot/update_checkers/go/dep/version_resolver.rb
-- lib/dependabot/update_checkers/go/modules.rb
 - lib/dependabot/update_checkers/java_script/npm_and_yarn.rb
 - lib/dependabot/update_checkers/java_script/npm_and_yarn/latest_version_finder.rb
 - lib/dependabot/update_checkers/java_script/npm_and_yarn/library_detector.rb

data/helpers/go/updatechecker/main.go

@@ -1,107 +0,0 @@
-package updatechecker
-
-import (
-	"errors"
-	"io/ioutil"
-
-	"github.com/dependabot/gomodules-extracted/cmd/go/_internal_/modfetch"
-	"github.com/dependabot/gomodules-extracted/cmd/go/_internal_/modfile"
-	"github.com/dependabot/gomodules-extracted/cmd/go/_internal_/modload"
-	"github.com/dependabot/gomodules-extracted/cmd/go/_internal_/semver"
-)
-
-type Dependency struct {
-	Name     string `json:"name"`
-	Version  string `json:"version"`
-	Indirect bool   `json:"indirect"`
-}
-
-type IgnoreRange struct {
-	MinVersionInclusive string `json:"min_version_inclusive"`
-	MaxVersionExclusive string `json:"max_version_exclusive"`
-}
-
-type Args struct {
-	Dependency   *Dependency    `json:"dependency"`
-	IgnoreRanges []*IgnoreRange `json:"ignore_ranges"`
-}
-
-func GetUpdatedVersion(args *Args) (interface{}, error) {
-	if args.Dependency == nil {
-		return nil, errors.New("Expected args.dependency to not be nil")
-	}
-
-	modload.InitMod()
-
-	repo, err := modfetch.Lookup(args.Dependency.Name)
-	if err != nil {
-		return nil, err
-	}
-
-	versions, err := repo.Versions("")
-	if err != nil {
-		return nil, err
-	}
-
-	excludes, err := goModExcludes(args.Dependency.Name)
-	if err != nil {
-		return nil, err
-	}
-
-	currentVersion := args.Dependency.Version
-	currentMajor := semver.Major(currentVersion)
-	currentPrerelease := semver.Prerelease(currentVersion)
-	latestVersion := args.Dependency.Version
-
-Outer:
-	for _, v := range versions {
-		if semver.Major(v) != currentMajor {
-			continue
-		}
-
-		if semver.Compare(v, latestVersion) < 1 {
-			continue
-		}
-
-		if currentPrerelease == "" && semver.Prerelease(v) != "" {
-			continue
-		}
-
-		for _, exclude := range excludes {
-			if v == exclude {
-				continue Outer
-			}
-		}
-
-		latestVersion = v
-	}
-
-	return latestVersion, nil
-}
-
-func goModExcludes(dependency string) ([]string, error) {
-	data, err := ioutil.ReadFile("go.mod")
-	if err != nil {
-		return nil, err
-	}
-
-	var f *modfile.File
-	// TODO library detection - don't consider exclude etc for libraries
-	if "library" == "true" {
-		f, err = modfile.ParseLax("go.mod", data, nil)
-	} else {
-		f, err = modfile.Parse("go.mod", data, nil)
-	}
-	if err != nil {
-		return nil, err
-	}
-
-	var excludes []string
-	for _, e := range f.Exclude {
-		if e.Mod.Path == dependency {
-			excludes = append(excludes, e.Mod.Version)
-		}
-	}
-
-	return excludes, nil
-}

data/helpers/go/updater/go.mod

@@ -1,3 +0,0 @@
-module github.com/dependabot/dependabot-core/helpers/go/updater
-
-require github.com/dependabot/gomodules-extracted v0.0.0-20181020215834-1b2f850478a3

data/helpers/go/updater/go.sum

@@ -1,2 +0,0 @@
-github.com/dependabot/gomodules-extracted v0.0.0-20181020215834-1b2f850478a3 h1:Xj2leY0FVyZuo+p59vkIWG3dIqo+QtjskT5O1iTiywA=
-github.com/dependabot/gomodules-extracted v0.0.0-20181020215834-1b2f850478a3/go.mod h1:+dRXSrUymjpT4yzKtn1QmeknT1S/yAHRr35en18dHp8=

data/helpers/go/updater/helpers.go

@@ -1,57 +0,0 @@
-package updater
-
-import (
-	"strings"
-
-	"github.com/dependabot/gomodules-extracted/cmd/go/_internal_/modfile"
-)
-
-// Private methods lifted from the `modfile` package
-
-// setIndirect sets line to have (or not have) a "// indirect" comment.
-func setIndirect(line *modfile.Line, indirect bool) {
-	if isIndirect(line) == indirect {
-		return
-	}
-	if indirect {
-		// Adding comment.
-		if len(line.Suffix) == 0 {
-			// New comment.
-			line.Suffix = []modfile.Comment{{Token: "// indirect", Suffix: true}}
-			return
-		}
-		// Insert at beginning of existing comment.
-		com := &line.Suffix[0]
-		space := " "
-		if len(com.Token) > 2 && com.Token[2] == ' ' || com.Token[2] == '\t' {
-			space = ""
-		}
-		com.Token = "// indirect;" + space + com.Token[2:]
-		return
-	}
-
-	// Removing comment.
-	f := strings.Fields(line.Suffix[0].Token)
-	if len(f) == 2 {
-		// Remove whole comment.
-		line.Suffix = nil
-		return
-	}
-
-	// Remove comment prefix.
-	com := &line.Suffix[0]
-	i := strings.Index(com.Token, "indirect;")
-	com.Token = "//" + com.Token[i+len("indirect;"):]
-}
-
-// isIndirect reports whether line has a "// indirect" comment,
-// meaning it is in go.mod only for its effect on indirect dependencies,
-// so that it can be dropped entirely once the effective version of the
-// indirect dependency reaches the given minimum version.
-func isIndirect(line *modfile.Line) bool {
-	if len(line.Suffix) == 0 {
-		return false
-	}
-	f := strings.Fields(line.Suffix[0].Token)
-	return (len(f) == 2 && f[1] == "indirect" || len(f) > 2 && f[1] == "indirect;") && f[0] == "//"
-}

data/helpers/go/updater/main.go

@@ -1,48 +0,0 @@
-package updater
-
-import (
-	"io/ioutil"
-
-	"github.com/dependabot/gomodules-extracted/cmd/go/_internal_/modfile"
-)
-
-type Dependency struct {
-	Name     string `json:"name"`
-	Version  string `json:"version"`
-	Indirect bool   `json:"indirect"`
-}
-
-type Args struct {
-	Dependencies []Dependency `json:"dependencies"`
-}
-
-func UpdateDependencyFile(args *Args) (interface{}, error) {
-	data, err := ioutil.ReadFile("go.mod")
-	if err != nil {
-		return nil, err
-	}
-
-	f, err := modfile.Parse("go.mod", data, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	for _, dep := range args.Dependencies {
-		f.AddRequire(dep.Name, dep.Version)
-	}
-
-	for _, r := range f.Require {
-		for _, dep := range args.Dependencies {
-			if r.Mod.Path == dep.Name {
-				setIndirect(r.Syntax, dep.Indirect)
-			}
-		}
-	}
-
-	f.SortBlocks()
-	f.Cleanup()
-
-	newModFile, _ := f.Format()
-
-	return string(newModFile), nil
-}

data/lib/dependabot/file_fetchers/go/modules.rb

@@ -1,64 +0,0 @@
-# frozen_string_literal: true
-
-require "dependabot/file_fetchers/base"
-
-module Dependabot
-  module FileFetchers
-    module Go
-      class Modules < Dependabot::FileFetchers::Base
-        def self.required_files_in?(filenames)
-          filenames.include?("go.mod")
-        end
-
-        def self.required_files_message
-          "Repo must contain a go.mod."
-        end
-
-        private
-
-        def fetch_files
-          unless go_mod
-            raise(
-              Dependabot::DependencyFileNotFound,
-              File.join(directory, "go.mod")
-            )
-          end
-
-          fetched_files = [go_mod]
-
-          # Fetch the (optional) go.sum
-          fetched_files << go_sum if go_sum
-
-          # Fetch the main.go file if present, as this will later identify
-          # this repo as an app.
-          fetched_files << main if main
-
-          fetched_files
-        end
-
-        def go_mod
-          @go_mod ||= fetch_file_if_present("go.mod")
-        end
-
-        def go_sum
-          @go_sum ||= fetch_file_if_present("go.sum")
-        end
-
-        def main
-          return @main if @main
-
-          go_files = repo_contents.select { |f| f.name.end_with?(".go") }
-
-          go_files.each do |go_file|
-            file = fetch_file_from_host(go_file.name, type: "package_main")
-            next unless file.content.match?(/\s*package\s+main/)
-
-            return @main = file.tap { |f| f.support_file = true }
-          end
-
-          nil
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/file_parsers/go/modules.rb

@@ -1,34 +0,0 @@
-# frozen_string_literal: true
-
-require "dependabot/file_parsers/base"
-
-module Dependabot
-  module FileParsers
-    module Go
-      class Modules < Dependabot::FileParsers::Base
-        require_relative "modules/go_mod_parser"
-
-        def parse
-          go_mod_dependencies.dependencies
-        end
-
-        private
-
-        def go_mod_dependencies
-          @go_mod_dependencies ||=
-            Modules::GoModParser.
-            new(dependency_files: dependency_files, credentials: credentials).
-            dependency_set
-        end
-
-        def go_mod
-          @go_mod ||= get_original_file("go.mod")
-        end
-
-        def check_required_files
-          raise "No go.mod!" unless go_mod
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/file_parsers/go/modules/go_mod_parser.rb

@@ -1,134 +0,0 @@
-# frozen_string_literal: true
-
-require "open3"
-require "dependabot/dependency"
-require "dependabot/file_parsers/base/dependency_set"
-require "dependabot/file_parsers/go/modules"
-require "dependabot/utils/go/path_converter"
-require "dependabot/errors"
-
-module Dependabot
-  module FileParsers
-    module Go
-      class Modules
-        class GoModParser
-          GIT_VERSION_REGEX = /^v\d+\.\d+\.\d+-.*-(?<sha>[0-9a-f]{12})$/.freeze
-
-          def initialize(dependency_files:, credentials:)
-            @dependency_files = dependency_files
-            @credentials = credentials
-          end
-
-          def dependency_set
-            dependencies = Dependabot::FileParsers::Base::DependencySet.new
-
-            i = 0
-            chunks = module_info(go_mod).lines.
-                     group_by { |line| line == "{\n" ? i += 1 : i }
-            deps = chunks.values.map { |chunk| JSON.parse(chunk.join) }
-
-            deps.each do |dep|
-              # The project itself appears in this list as "Main"
-              next if dep["Main"]
-
-              dependency = dependency_from_details(dep)
-              dependencies << dependency if dependency
-            end
-
-            dependencies
-          end
-
-          private
-
-          attr_reader :dependency_files, :credentials
-
-          def dependency_from_details(details)
-            source =
-              if rev_identifier?(details) then git_source(details)
-              else { type: "default", source: details["Path"] }
-              end
-
-            version = details["Version"]&.sub(/^v?/, "")
-
-            reqs = [{
-              requirement: rev_identifier?(details) ? nil : details["Version"],
-              file: go_mod.name,
-              source: source,
-              groups: []
-            }]
-
-            Dependency.new(
-              name: details["Path"],
-              version: version,
-              requirements: details["Indirect"] ? [] : reqs,
-              package_manager: "dep"
-            )
-          end
-
-          def module_info(go_mod)
-            @module_info ||=
-              SharedHelpers.in_a_temporary_directory do |path|
-                SharedHelpers.with_git_configured(credentials: credentials) do
-                  File.write("go.mod", go_mod.content)
-
-                  command = "GO111MODULE=on go mod edit -print > /dev/null"
-                  command += " && GO111MODULE=on go list -m -json all"
-                  stdout, stderr, status = Open3.capture3(command)
-                  handle_parser_error(path, stderr) unless status.success?
-                  stdout
-                end
-              end
-          end
-
-          def handle_parser_error(path, stderr)
-            case stderr
-            when /go: .*: unknown revision/
-              line = stderr.lines.grep(/unknown revision/).first
-              raise Dependabot::DependencyFileNotResolvable, line.strip
-            when /go: .*: unrecognized import path/
-              line = stderr.lines.grep(/unrecognized import/).first
-              raise Dependabot::DependencyFileNotResolvable, line.strip
-            when /go: errors parsing go.mod/
-              msg = stderr.gsub(path.to_s, "").strip
-              raise Dependabot::DependencyFileNotParseable.new(go_mod.path, msg)
-            else
-              msg = stderr.gsub(path.to_s, "").strip
-              raise Dependabot::DependencyFileNotParseable.new(go_mod.path, msg)
-            end
-          end
-
-          def rev_identifier?(dep)
-            dep["Version"]&.match?(GIT_VERSION_REGEX)
-          end
-
-          def git_source(dep)
-            url = Utils::Go::PathConverter.git_url_for_path(dep["Path"])
-
-            # Currently, we have no way of knowing whether the commit tagged
-            # is being used because a branch is being followed or because a
-            # particular ref is in use. We *assume* that a particular ref is in
-            # use (which means we'll only propose updates when its included in
-            # a release)
-            {
-              type: "git",
-              url: url || dep["Path"],
-              ref: git_revision(dep),
-              branch: nil
-            }
-          end
-
-          def git_revision(dep)
-            raw_version = dep.fetch("Version")
-            return raw_version unless raw_version.match?(GIT_VERSION_REGEX)
-
-            raw_version.match(GIT_VERSION_REGEX).named_captures.fetch("sha")
-          end
-
-          def go_mod
-            @go_mod ||= dependency_files.find { |f| f.name == "go.mod" }
-          end
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/file_updaters/go/modules.rb

@@ -1,71 +0,0 @@
-# frozen_string_literal: true
-
-require "dependabot/shared_helpers"
-require "dependabot/file_updaters/base"
-
-module Dependabot
-  module FileUpdaters
-    module Go
-      class Modules < Dependabot::FileUpdaters::Base
-        require_relative "modules/go_mod_updater"
-
-        def self.updated_files_regex
-          [
-            /^go\.mod$/,
-            /^go\.sum$/
-          ]
-        end
-
-        def updated_dependency_files
-          updated_files = []
-
-          if go_mod && file_changed?(go_mod)
-            updated_files <<
-              updated_file(
-                file: go_mod,
-                content: file_updater.updated_go_mod_content
-              )
-
-            if go_sum && go_sum.content != file_updater.updated_go_sum_content
-              updated_files <<
-                updated_file(
-                  file: go_sum,
-                  content: file_updater.updated_go_sum_content
-                )
-            end
-          end
-
-          raise "No files changed!" if updated_files.none?
-
-          updated_files
-        end
-
-        private
-
-        def check_required_files
-          return if go_mod
-
-          raise "No go.mod!"
-        end
-
-        def go_mod
-          @go_mod ||= get_original_file("go.mod")
-        end
-
-        def go_sum
-          @go_sum ||= get_original_file("go.sum")
-        end
-
-        def file_updater
-          @file_updater ||=
-            Modules::GoModUpdater.new(
-              dependencies: dependencies,
-              go_mod: go_mod,
-              go_sum: go_sum,
-              credentials: credentials
-            )
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/file_updaters/go/modules/go_mod_updater.rb

@@ -1,81 +0,0 @@
-# frozen_string_literal: true
-
-require "dependabot/file_updaters/go/modules"
-require "dependabot/utils/go/shared_helper"
-
-module Dependabot
-  module FileUpdaters
-    module Go
-      class Modules
-        class GoModUpdater
-          def initialize(dependencies:, go_mod:, go_sum:, credentials:)
-            @dependencies = dependencies
-            @go_mod = go_mod
-            @go_sum = go_sum
-            @credentials = credentials
-          end
-
-          def updated_go_mod_content
-            @updated_go_mod_content ||=
-              SharedHelpers.in_a_temporary_directory do
-                SharedHelpers.with_git_configured(credentials: credentials) do
-                  File.write("go.mod", go_mod.content)
-
-                  deps = dependencies.map do |dep|
-                    {
-                      name: dep.name,
-                      version: "v" + dep.version.sub(/^v/i, ""),
-                      indirect: dep.requirements.empty?
-                    }
-                  end
-
-                  SharedHelpers.run_helper_subprocess(
-                    command: Utils::Go::SharedHelper.path,
-                    function: "updateDependencyFile",
-                    args: { dependencies: deps }
-                  )
-                end
-              end
-          end
-
-          def updated_go_sum_content
-            return nil unless go_sum
-
-            # This needs to be run separately so we don't nest subprocess calls
-            updated_go_mod_content
-
-            @updated_go_sum_content ||=
-              SharedHelpers.in_a_temporary_directory do
-                SharedHelpers.with_git_configured(credentials: credentials) do
-                  File.write("go.mod", updated_go_mod_content)
-                  File.write("go.sum", go_sum.content)
-                  File.write("main.go", dummy_main_go)
-
-                  `GO111MODULE=on go get -d`
-                  unless $CHILD_STATUS.success?
-                    raise Dependabot::DependencyFileNotParseable, go_sum.path
-                  end
-
-                  File.read("go.sum")
-                end
-              end
-          end
-
-          private
-
-          def dummy_main_go
-            lines = ["package main", "import ("]
-            dependencies.each do |dep|
-              lines << "_ \"#{dep.name}\""
-            end
-            lines << ")"
-            lines << "func main() {}"
-            lines.join("\n")
-          end
-
-          attr_reader :dependencies, :go_mod, :go_sum, :credentials
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/update_checkers/go/modules.rb

@@ -1,112 +0,0 @@
-# frozen_string_literal: true
-
-require "toml-rb"
-require "dependabot/update_checkers/base"
-require "dependabot/shared_helpers"
-require "dependabot/errors"
-require "dependabot/utils/go/version"
-require "dependabot/utils/go/shared_helper"
-
-module Dependabot
-  module UpdateCheckers
-    module Go
-      class Modules < Dependabot::UpdateCheckers::Base
-        def latest_resolvable_version
-          @latest_resolvable_version ||=
-            version_class.new(find_latest_resolvable_version.gsub(/^v/, ""))
-        end
-
-        # This is currently used to short-circuit latest_resolvable_version,
-        # with the assumption that it'll be quicker than checking
-        # resolvability. As this is quite quick in Go anyway, we just alias.
-        def latest_version
-          latest_resolvable_version
-        end
-
-        def latest_resolvable_version_with_no_unlock
-          # Irrelevant, since Go modules uses a single dependency file
-          nil
-        end
-
-        def updated_requirements
-          dependency.requirements.map do |req|
-            req.merge(requirement: latest_version)
-          end
-        end
-
-        private
-
-        def find_latest_resolvable_version
-          SharedHelpers.in_a_temporary_directory do
-            SharedHelpers.with_git_configured(credentials: credentials) do
-              File.write("go.mod", go_mod.content)
-
-              SharedHelpers.run_helper_subprocess(
-                command: "GO111MODULE=on #{Utils::Go::SharedHelper.path}",
-                function: "getUpdatedVersion",
-                args: {
-                  dependency: {
-                    name: dependency.name,
-                    version: "v" + dependency.version,
-                    indirect: dependency.requirements.empty?
-                  }
-                }
-              )
-            end
-          end
-        end
-
-        def latest_version_resolvable_with_full_unlock?
-          # Full unlock checks aren't implemented for Go (yet)
-          false
-        end
-
-        def updated_dependencies_after_full_unlock
-          raise NotImplementedError
-        end
-
-        # Override the base class's check for whether this is a git dependency,
-        # since not all dep git dependencies have a SHA version (sometimes their
-        # version is the tag)
-        def existing_version_is_sha?
-          git_dependency?
-        end
-
-        def library?
-          dependency_files.none? { |f| f.type == "package_main" }
-        end
-
-        def version_from_tag(tag)
-          # To compare with the current version we either use the commit SHA
-          # (if that's what the parser picked up) of the tag name.
-          if dependency.version&.match?(/^[0-9a-f]{40}$/)
-            return tag&.fetch(:commit_sha)
-          end
-
-          tag&.fetch(:tag)
-        end
-
-        def git_dependency?
-          git_commit_checker.git_dependency?
-        end
-
-        def default_source
-          { type: "default", source: dependency.name }
-        end
-
-        def go_mod
-          @go_mod ||= dependency_files.find { |f| f.name == "go.mod" }
-        end
-
-        def git_commit_checker
-          @git_commit_checker ||=
-            GitCommitChecker.new(
-              dependency: dependency,
-              credentials: credentials,
-              ignored_versions: ignored_versions
-            )
-        end
-      end
-    end
-  end
-end