dependabot-go_modules 0.124.0 → 0.124.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/helpers/go.mod +2 -1
- data/helpers/go.sum +18 -2
- data/helpers/updatechecker/main.go +3 -3
- data/helpers/updater/helpers.go +1 -1
- data/helpers/updater/main.go +1 -1
- data/lib/dependabot/go_modules/file_parser.rb +9 -0
- data/lib/dependabot/go_modules/file_updater.rb +15 -8
- data/lib/dependabot/go_modules/file_updater/go_mod_updater.rb +10 -5
- data/lib/dependabot/go_modules/update_checker.rb +16 -0
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ba7d076d63977048ff74175bebb2b741e420a2a7e0bdd9405624fb9f41693a49
|
|
4
|
+
data.tar.gz: ca15ee23fb0d747360f46dc3c3b63c6efe5d6e4326fa2e42d6dacae390cc426f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4c79bb431a51fdef3612cf997c414a945c2fdcbf4a538dfce31dc9aab01a5b9fa58169048aacad5052f333b26ba52591af81893a95e1af4aa928fc7723a151a1
|
|
7
|
+
data.tar.gz: d25550d90b1caf944f3652c036e30b69ade9265b31de704cbde55f57a549d8e971a052d05cc6a44f7e446f2dbb40a39bab97e18b5f25ea2a61adb744ac6c6513
|
data/helpers/go.mod
CHANGED
|
@@ -5,7 +5,8 @@ go 1.13
|
|
|
5
5
|
require (
|
|
6
6
|
github.com/Masterminds/vcs v1.13.1
|
|
7
7
|
github.com/dependabot/dependabot-core/go_modules/helpers/updater v0.0.0
|
|
8
|
-
github.com/dependabot/gomodules-extracted v1.
|
|
8
|
+
github.com/dependabot/gomodules-extracted v1.2.0
|
|
9
|
+
golang.org/x/mod v0.3.0
|
|
9
10
|
)
|
|
10
11
|
|
|
11
12
|
replace github.com/dependabot/dependabot-core/go_modules/helpers/importresolver => ./importresolver
|
data/helpers/go.sum
CHANGED
|
@@ -2,5 +2,21 @@ github.com/Masterminds/vcs v1.13.1 h1:NL3G1X7/7xduQtA2sJLpVpfHTNBALVNSjob6KEjPXN
|
|
|
2
2
|
github.com/Masterminds/vcs v1.13.1/go.mod h1:N09YCmOQr6RLxC6UNHzuVwAdodYbbnycGHSmwVJjcKA=
|
|
3
3
|
github.com/dependabot/gomodules-extracted v0.0.0-20181020215834-1b2f850478a3 h1:Xj2leY0FVyZuo+p59vkIWG3dIqo+QtjskT5O1iTiywA=
|
|
4
4
|
github.com/dependabot/gomodules-extracted v0.0.0-20181020215834-1b2f850478a3/go.mod h1:+dRXSrUymjpT4yzKtn1QmeknT1S/yAHRr35en18dHp8=
|
|
5
|
-
github.com/dependabot/gomodules-extracted v1.
|
|
6
|
-
github.com/dependabot/gomodules-extracted v1.
|
|
5
|
+
github.com/dependabot/gomodules-extracted v1.2.0 h1:K/gTyOyhasOt4cjULvOPNiD3MAFGytp4F7e39aB+0Y0=
|
|
6
|
+
github.com/dependabot/gomodules-extracted v1.2.0/go.mod h1:3NWkH8KcZVDM87JuZI8hCZzYbjfUSz98EZI53qjgMgY=
|
|
7
|
+
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
|
|
8
|
+
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 h1:ObdrDkeb4kJdCP557AjRjq69pTHfNouLtWZG7j9rPN8=
|
|
9
|
+
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
|
|
10
|
+
golang.org/x/mod v0.3.0 h1:RM4zey1++hCTbCVQfnWeKs9/IEsaBLA8vTkd0WVtmH4=
|
|
11
|
+
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
|
|
12
|
+
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
|
13
|
+
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
|
14
|
+
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
|
15
|
+
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
|
16
|
+
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
|
17
|
+
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
|
18
|
+
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e h1:aZzprAO9/8oim3qStq3wc1Xuxx4QmAGriC4VU4ojemQ=
|
|
19
|
+
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
|
|
20
|
+
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
|
21
|
+
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898 h1:/atklqdjdhuosWIl6AIbOeHJjicWYPqR9bpxqxYG2pA=
|
|
22
|
+
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
|
@@ -6,9 +6,9 @@ import (
|
|
|
6
6
|
"regexp"
|
|
7
7
|
|
|
8
8
|
"github.com/dependabot/gomodules-extracted/cmd/go/_internal_/modfetch"
|
|
9
|
-
"github.com/dependabot/gomodules-extracted/cmd/go/_internal_/modfile"
|
|
10
9
|
"github.com/dependabot/gomodules-extracted/cmd/go/_internal_/modload"
|
|
11
|
-
"
|
|
10
|
+
"golang.org/x/mod/modfile"
|
|
11
|
+
"golang.org/x/mod/semver"
|
|
12
12
|
)
|
|
13
13
|
|
|
14
14
|
var (
|
|
@@ -44,7 +44,7 @@ func GetUpdatedVersion(args *Args) (interface{}, error) {
|
|
|
44
44
|
|
|
45
45
|
modload.InitMod()
|
|
46
46
|
|
|
47
|
-
repo, err := modfetch.Lookup(args.Dependency.Name)
|
|
47
|
+
repo, err := modfetch.Lookup("direct", args.Dependency.Name)
|
|
48
48
|
if err != nil {
|
|
49
49
|
return nil, err
|
|
50
50
|
}
|
data/helpers/updater/helpers.go
CHANGED
data/helpers/updater/main.go
CHANGED
|
@@ -174,6 +174,15 @@ module Dependabot
|
|
|
174
174
|
ref: git_revision(dep),
|
|
175
175
|
branch: nil
|
|
176
176
|
}
|
|
177
|
+
rescue Dependabot::SharedHelpers::HelperSubprocessFailed => e
|
|
178
|
+
if e.message == "Cannot detect VCS"
|
|
179
|
+
msg = e.message + " for #{dep['Path']}. Attempted to detect VCS "\
|
|
180
|
+
"because the version looks like a git revision: "\
|
|
181
|
+
"#{dep['Version']}"
|
|
182
|
+
raise Dependabot::DependencyFileNotResolvable, msg
|
|
183
|
+
end
|
|
184
|
+
|
|
185
|
+
raise
|
|
177
186
|
end
|
|
178
187
|
|
|
179
188
|
def git_revision(dep)
|
|
@@ -42,8 +42,7 @@ module Dependabot
|
|
|
42
42
|
)
|
|
43
43
|
end
|
|
44
44
|
|
|
45
|
-
vendor_updater.
|
|
46
|
-
updated_vendor_cache_files(base_directory: directory).
|
|
45
|
+
vendor_updater.updated_vendor_cache_files(base_directory: directory).
|
|
47
46
|
each do |file|
|
|
48
47
|
updated_files << file
|
|
49
48
|
end
|
|
@@ -65,15 +64,23 @@ module Dependabot
|
|
|
65
64
|
def use_repo_contents_stub
|
|
66
65
|
@repo_contents_stub = true
|
|
67
66
|
@repo_contents_path = Dir.mktmpdir
|
|
67
|
+
|
|
68
68
|
Dir.chdir(@repo_contents_path) do
|
|
69
69
|
dependency_files.each do |file|
|
|
70
|
-
File.
|
|
70
|
+
path = File.join(@repo_contents_path, directory, file.name)
|
|
71
|
+
path = Pathname.new(path).expand_path
|
|
72
|
+
FileUtils.mkdir_p(path.dirname) unless Dir.exist?(path.dirname)
|
|
73
|
+
File.write(path, file.content)
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
# Only used to create a backup git config that's reset
|
|
77
|
+
SharedHelpers.with_git_configured(credentials: []) do
|
|
78
|
+
`git config --global user.email "no-reply@github.com"`
|
|
79
|
+
`git config --global user.name "Dependabot"`
|
|
80
|
+
`git init .`
|
|
81
|
+
`git add .`
|
|
82
|
+
`git commit -m'fake repo_contents_path'`
|
|
71
83
|
end
|
|
72
|
-
`git config --global user.email "no-reply@github.com"`
|
|
73
|
-
`git config --global user.name "Dependabot"`
|
|
74
|
-
`git init .`
|
|
75
|
-
`git add .`
|
|
76
|
-
`git commit -m'fake repo_contents_path'`
|
|
77
84
|
end
|
|
78
85
|
end
|
|
79
86
|
|
|
@@ -21,7 +21,10 @@ module Dependabot
|
|
|
21
21
|
# (Private) module could not be found
|
|
22
22
|
/cannot find module providing package/.freeze,
|
|
23
23
|
# Package in module was likely renamed or removed
|
|
24
|
-
/module .* found \(.*\), but does not contain package/m.freeze
|
|
24
|
+
/module .* found \(.*\), but does not contain package/m.freeze,
|
|
25
|
+
# Package does not exist, has been pulled or cannot be reached due to
|
|
26
|
+
# auth problems with either git or the go proxy
|
|
27
|
+
/go: .*: unknown revision/m.freeze
|
|
25
28
|
].freeze
|
|
26
29
|
|
|
27
30
|
MODULE_PATH_MISMATCH_REGEXES = [
|
|
@@ -148,10 +151,12 @@ module Dependabot
|
|
|
148
151
|
def run_go_get
|
|
149
152
|
tmp_go_file = "#{SecureRandom.hex}.go"
|
|
150
153
|
|
|
151
|
-
|
|
152
|
-
File.
|
|
154
|
+
package = Dir.glob("[^\._]*.go").any? do |path|
|
|
155
|
+
!File.read(path).include?("// +build")
|
|
153
156
|
end
|
|
154
157
|
|
|
158
|
+
File.write(tmp_go_file, "package dummypkg\n") unless package
|
|
159
|
+
|
|
155
160
|
_, stderr, status = Open3.capture3(ENVIRONMENT, "go get -d")
|
|
156
161
|
handle_subprocess_error(stderr) unless status.success?
|
|
157
162
|
ensure
|
|
@@ -252,9 +257,9 @@ module Dependabot
|
|
|
252
257
|
new(go_mod_path, match[1], match[2])
|
|
253
258
|
end
|
|
254
259
|
|
|
260
|
+
# We don't know what happened so we raise a generic error
|
|
255
261
|
msg = stderr.lines.last(10).join.strip
|
|
256
|
-
raise Dependabot::
|
|
257
|
-
new(go_mod_path, msg)
|
|
262
|
+
raise Dependabot::DependabotError, msg
|
|
258
263
|
end
|
|
259
264
|
|
|
260
265
|
def go_mod_path
|
|
@@ -10,6 +10,13 @@ require "dependabot/go_modules/version"
|
|
|
10
10
|
module Dependabot
|
|
11
11
|
module GoModules
|
|
12
12
|
class UpdateChecker < Dependabot::UpdateCheckers::Base
|
|
13
|
+
RESOLVABILITY_ERROR_REGEXES = [
|
|
14
|
+
# Package url/proxy doesn't include any redirect meta tags
|
|
15
|
+
/no go-import meta tags/,
|
|
16
|
+
# Package url 404s
|
|
17
|
+
/404 Not Found/
|
|
18
|
+
].freeze
|
|
19
|
+
|
|
13
20
|
def latest_resolvable_version
|
|
14
21
|
# We don't yet support updating indirect dependencies for go_modules
|
|
15
22
|
#
|
|
@@ -73,6 +80,15 @@ module Dependabot
|
|
|
73
80
|
retry_count ||= 0
|
|
74
81
|
retry_count += 1
|
|
75
82
|
retry if transitory_failure?(e) && retry_count < 2
|
|
83
|
+
|
|
84
|
+
handle_subprocess_error(e)
|
|
85
|
+
end
|
|
86
|
+
|
|
87
|
+
def handle_subprocess_error(error)
|
|
88
|
+
if RESOLVABILITY_ERROR_REGEXES.any? { |rgx| error.message =~ rgx }
|
|
89
|
+
raise Dependabot::DependencyFileNotResolvable, error.message
|
|
90
|
+
end
|
|
91
|
+
|
|
76
92
|
raise
|
|
77
93
|
end
|
|
78
94
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-go_modules
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.124.
|
|
4
|
+
version: 0.124.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-10-
|
|
11
|
+
date: 2020-10-30 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.124.
|
|
19
|
+
version: 0.124.5
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.124.
|
|
26
|
+
version: 0.124.5
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -212,7 +212,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
212
212
|
- !ruby/object:Gem::Version
|
|
213
213
|
version: 2.5.0
|
|
214
214
|
requirements: []
|
|
215
|
-
rubygems_version: 3.1.
|
|
215
|
+
rubygems_version: 3.1.4
|
|
216
216
|
signing_key:
|
|
217
217
|
specification_version: 4
|
|
218
218
|
summary: Go modules support for dependabot
|