dependabot-go_modules 0.121.1 → 0.124.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d13f4d2b870711a4a373e4880421aca48e9a2257c6d4520326a007a352317908
|
|
4
|
+
data.tar.gz: 7724d54a036c5f8b5beb73d3a43e6d17dd5117d2fce87c9e077fc2f3e9976514
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d8ef02592caf94dcf6ee7fdd9ff78dffef8839ee94b9697c51c0ee1b6da756782500c29a9df706c6af65ef9413201659d1b7aa6610786ee61f04b57725a9d865
|
|
7
|
+
data.tar.gz: 4421f494f65e3e7dae5aa397a5cf21dcad19daf82acadeb848806771a8ada685da7e9d8dca2798b679ad5920ca197ea85469607db7865e8569da029d90622270
|
|
@@ -3,6 +3,7 @@
|
|
|
3
3
|
require "dependabot/shared_helpers"
|
|
4
4
|
require "dependabot/file_updaters"
|
|
5
5
|
require "dependabot/file_updaters/base"
|
|
6
|
+
require "dependabot/file_updaters/vendor_updater"
|
|
6
7
|
|
|
7
8
|
module Dependabot
|
|
8
9
|
module GoModules
|
|
@@ -12,22 +13,8 @@ module Dependabot
|
|
|
12
13
|
def initialize(dependencies:, dependency_files:, repo_contents_path: nil,
|
|
13
14
|
credentials:, options: {})
|
|
14
15
|
super
|
|
15
|
-
return unless repo_contents_path.nil?
|
|
16
16
|
|
|
17
|
-
|
|
18
|
-
tmp = Dir.mktmpdir
|
|
19
|
-
Dir.chdir(tmp) do
|
|
20
|
-
dependency_files.each do |file|
|
|
21
|
-
File.write(file.name, file.content)
|
|
22
|
-
end
|
|
23
|
-
`git config --global user.email "no-reply@github.com"`
|
|
24
|
-
`git config --global user.name "Dependabot"`
|
|
25
|
-
`git init .`
|
|
26
|
-
`git add .`
|
|
27
|
-
`git commit -m'fake repo_contents_path'`
|
|
28
|
-
end
|
|
29
|
-
@repo_contents_path = tmp
|
|
30
|
-
@repo_contents_stub = true
|
|
17
|
+
use_repo_contents_stub if repo_contents_path.nil?
|
|
31
18
|
end
|
|
32
19
|
|
|
33
20
|
def self.updated_files_regex
|
|
@@ -54,6 +41,12 @@ module Dependabot
|
|
|
54
41
|
content: file_updater.updated_go_sum_content
|
|
55
42
|
)
|
|
56
43
|
end
|
|
44
|
+
|
|
45
|
+
vendor_updater.
|
|
46
|
+
updated_vendor_cache_files(base_directory: directory).
|
|
47
|
+
each do |file|
|
|
48
|
+
updated_files << file
|
|
49
|
+
end
|
|
57
50
|
end
|
|
58
51
|
|
|
59
52
|
raise "No files changed!" if updated_files.none?
|
|
@@ -69,6 +62,21 @@ module Dependabot
|
|
|
69
62
|
raise "No go.mod!"
|
|
70
63
|
end
|
|
71
64
|
|
|
65
|
+
def use_repo_contents_stub
|
|
66
|
+
@repo_contents_stub = true
|
|
67
|
+
@repo_contents_path = Dir.mktmpdir
|
|
68
|
+
Dir.chdir(@repo_contents_path) do
|
|
69
|
+
dependency_files.each do |file|
|
|
70
|
+
File.write(file.name, file.content)
|
|
71
|
+
end
|
|
72
|
+
`git config --global user.email "no-reply@github.com"`
|
|
73
|
+
`git config --global user.name "Dependabot"`
|
|
74
|
+
`git init .`
|
|
75
|
+
`git add .`
|
|
76
|
+
`git commit -m'fake repo_contents_path'`
|
|
77
|
+
end
|
|
78
|
+
end
|
|
79
|
+
|
|
72
80
|
def go_mod
|
|
73
81
|
@go_mod ||= get_original_file("go.mod")
|
|
74
82
|
end
|
|
@@ -81,6 +89,17 @@ module Dependabot
|
|
|
81
89
|
dependency_files.first.directory
|
|
82
90
|
end
|
|
83
91
|
|
|
92
|
+
def vendor_dir
|
|
93
|
+
File.join(repo_contents_path, directory, "vendor")
|
|
94
|
+
end
|
|
95
|
+
|
|
96
|
+
def vendor_updater
|
|
97
|
+
Dependabot::FileUpdaters::VendorUpdater.new(
|
|
98
|
+
repo_contents_path: repo_contents_path,
|
|
99
|
+
vendor_dir: vendor_dir
|
|
100
|
+
)
|
|
101
|
+
end
|
|
102
|
+
|
|
84
103
|
def file_updater
|
|
85
104
|
@file_updater ||=
|
|
86
105
|
GoModUpdater.new(
|
|
@@ -88,9 +107,17 @@ module Dependabot
|
|
|
88
107
|
credentials: credentials,
|
|
89
108
|
repo_contents_path: repo_contents_path,
|
|
90
109
|
directory: directory,
|
|
91
|
-
tidy:
|
|
110
|
+
options: { tidy: tidy?, vendor: vendor? }
|
|
92
111
|
)
|
|
93
112
|
end
|
|
113
|
+
|
|
114
|
+
def tidy?
|
|
115
|
+
!@repo_contents_stub
|
|
116
|
+
end
|
|
117
|
+
|
|
118
|
+
def vendor?
|
|
119
|
+
File.exist?(File.join(vendor_dir, "modules.txt"))
|
|
120
|
+
end
|
|
94
121
|
end
|
|
95
122
|
end
|
|
96
123
|
end
|
|
@@ -14,9 +14,14 @@ module Dependabot
|
|
|
14
14
|
ENVIRONMENT = { "GOPRIVATE" => "*" }.freeze
|
|
15
15
|
|
|
16
16
|
RESOLVABILITY_ERROR_REGEXES = [
|
|
17
|
+
# (Private) module could not be fetched
|
|
17
18
|
/go: .*: git fetch .*: exit status 128/.freeze,
|
|
19
|
+
# The checksum in go.sum does not match the dowloaded content
|
|
18
20
|
/verifying .*: checksum mismatch/.freeze,
|
|
19
|
-
|
|
21
|
+
# (Private) module could not be found
|
|
22
|
+
/cannot find module providing package/.freeze,
|
|
23
|
+
# Package in module was likely renamed or removed
|
|
24
|
+
/module .* found \(.*\), but does not contain package/m.freeze
|
|
20
25
|
].freeze
|
|
21
26
|
|
|
22
27
|
MODULE_PATH_MISMATCH_REGEXES = [
|
|
@@ -26,12 +31,13 @@ module Dependabot
|
|
|
26
31
|
].freeze
|
|
27
32
|
|
|
28
33
|
def initialize(dependencies:, credentials:, repo_contents_path:,
|
|
29
|
-
directory:,
|
|
34
|
+
directory:, options:)
|
|
30
35
|
@dependencies = dependencies
|
|
31
36
|
@credentials = credentials
|
|
32
37
|
@repo_contents_path = repo_contents_path
|
|
33
38
|
@directory = directory
|
|
34
|
-
@tidy = tidy
|
|
39
|
+
@tidy = options.fetch(:tidy, false)
|
|
40
|
+
@vendor = options.fetch(:vendor, false)
|
|
35
41
|
end
|
|
36
42
|
|
|
37
43
|
def updated_go_mod_content
|
|
@@ -51,7 +57,7 @@ module Dependabot
|
|
|
51
57
|
@updated_files ||= update_files
|
|
52
58
|
end
|
|
53
59
|
|
|
54
|
-
def update_files
|
|
60
|
+
def update_files # rubocop:disable Metrics/AbcSize
|
|
55
61
|
in_repo_path do
|
|
56
62
|
# Map paths in local replace directives to path hashes
|
|
57
63
|
|
|
@@ -71,6 +77,7 @@ module Dependabot
|
|
|
71
77
|
# Then run `go get` to pick up other changes to the file caused by
|
|
72
78
|
# the upgrade
|
|
73
79
|
run_go_get
|
|
80
|
+
run_go_vendor
|
|
74
81
|
run_go_mod_tidy
|
|
75
82
|
|
|
76
83
|
# At this point, the go.mod returned from run_go_get contains the
|
|
@@ -111,6 +118,14 @@ module Dependabot
|
|
|
111
118
|
handle_subprocess_error(stderr) unless status.success?
|
|
112
119
|
end
|
|
113
120
|
|
|
121
|
+
def run_go_vendor
|
|
122
|
+
return unless vendor?
|
|
123
|
+
|
|
124
|
+
command = "go mod vendor"
|
|
125
|
+
_, stderr, status = Open3.capture3(ENVIRONMENT, command)
|
|
126
|
+
handle_subprocess_error(stderr) unless status.success?
|
|
127
|
+
end
|
|
128
|
+
|
|
114
129
|
def update_go_mod(dependencies)
|
|
115
130
|
deps = dependencies.map do |dep|
|
|
116
131
|
{
|
|
@@ -273,6 +288,10 @@ module Dependabot
|
|
|
273
288
|
def tidy?
|
|
274
289
|
!!@tidy
|
|
275
290
|
end
|
|
291
|
+
|
|
292
|
+
def vendor?
|
|
293
|
+
!!@vendor
|
|
294
|
+
end
|
|
276
295
|
end
|
|
277
296
|
end
|
|
278
297
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-go_modules
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.124.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-10-
|
|
11
|
+
date: 2020-10-20 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.124.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.124.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -100,14 +100,42 @@ dependencies:
|
|
|
100
100
|
requirements:
|
|
101
101
|
- - "~>"
|
|
102
102
|
- !ruby/object:Gem::Version
|
|
103
|
-
version: 0.
|
|
103
|
+
version: 0.93.0
|
|
104
104
|
type: :development
|
|
105
105
|
prerelease: false
|
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
|
107
107
|
requirements:
|
|
108
108
|
- - "~>"
|
|
109
109
|
- !ruby/object:Gem::Version
|
|
110
|
-
version: 0.
|
|
110
|
+
version: 0.93.0
|
|
111
|
+
- !ruby/object:Gem::Dependency
|
|
112
|
+
name: simplecov
|
|
113
|
+
requirement: !ruby/object:Gem::Requirement
|
|
114
|
+
requirements:
|
|
115
|
+
- - "~>"
|
|
116
|
+
- !ruby/object:Gem::Version
|
|
117
|
+
version: 0.19.0
|
|
118
|
+
type: :development
|
|
119
|
+
prerelease: false
|
|
120
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
121
|
+
requirements:
|
|
122
|
+
- - "~>"
|
|
123
|
+
- !ruby/object:Gem::Version
|
|
124
|
+
version: 0.19.0
|
|
125
|
+
- !ruby/object:Gem::Dependency
|
|
126
|
+
name: simplecov-console
|
|
127
|
+
requirement: !ruby/object:Gem::Requirement
|
|
128
|
+
requirements:
|
|
129
|
+
- - "~>"
|
|
130
|
+
- !ruby/object:Gem::Version
|
|
131
|
+
version: 0.7.2
|
|
132
|
+
type: :development
|
|
133
|
+
prerelease: false
|
|
134
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
135
|
+
requirements:
|
|
136
|
+
- - "~>"
|
|
137
|
+
- !ruby/object:Gem::Version
|
|
138
|
+
version: 0.7.2
|
|
111
139
|
- !ruby/object:Gem::Dependency
|
|
112
140
|
name: vcr
|
|
113
141
|
requirement: !ruby/object:Gem::Requirement
|