dependabot-go_modules 0.124.3 → 0.124.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/helpers/go.mod +2 -1
- data/helpers/go.sum +18 -2
- data/helpers/updatechecker/main.go +3 -3
- data/helpers/updater/helpers.go +1 -1
- data/helpers/updater/main.go +1 -1
- data/lib/dependabot/go_modules/file_parser.rb +9 -0
- data/lib/dependabot/go_modules/file_updater.rb +15 -8
- data/lib/dependabot/go_modules/file_updater/go_mod_updater.rb +12 -5
- data/lib/dependabot/go_modules/update_checker.rb +16 -0
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 17303a29055154e6e1f75f9ade480635bea7a634aacdd852ff7a4bb18d36984b
|
|
4
|
+
data.tar.gz: 77e537003972d9bc9965afae2fd5215d9fa39e0b44acd4a45e757a8fe0289bfd
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 5910bd20e04702aa076a5caa8818d5ba5d24f602396679db3795dd6ab9fdc58038c0e951012f328b82adde59c545accfa468fec047b4a373f47189d5a05d5a60
|
|
7
|
+
data.tar.gz: 2f05c29468e8f471859b350df1b0ce8a632ceaf91341e3f18b4f28e9b6cb51dc3e994407ba5128507acdaa686375ac98a1bb32b096528f2a74f27b53ff64a915
|
data/helpers/go.mod
CHANGED
|
@@ -5,7 +5,8 @@ go 1.13
|
|
|
5
5
|
require (
|
|
6
6
|
github.com/Masterminds/vcs v1.13.1
|
|
7
7
|
github.com/dependabot/dependabot-core/go_modules/helpers/updater v0.0.0
|
|
8
|
-
github.com/dependabot/gomodules-extracted v1.
|
|
8
|
+
github.com/dependabot/gomodules-extracted v1.2.0
|
|
9
|
+
golang.org/x/mod v0.3.0
|
|
9
10
|
)
|
|
10
11
|
|
|
11
12
|
replace github.com/dependabot/dependabot-core/go_modules/helpers/importresolver => ./importresolver
|
data/helpers/go.sum
CHANGED
|
@@ -2,5 +2,21 @@ github.com/Masterminds/vcs v1.13.1 h1:NL3G1X7/7xduQtA2sJLpVpfHTNBALVNSjob6KEjPXN
|
|
|
2
2
|
github.com/Masterminds/vcs v1.13.1/go.mod h1:N09YCmOQr6RLxC6UNHzuVwAdodYbbnycGHSmwVJjcKA=
|
|
3
3
|
github.com/dependabot/gomodules-extracted v0.0.0-20181020215834-1b2f850478a3 h1:Xj2leY0FVyZuo+p59vkIWG3dIqo+QtjskT5O1iTiywA=
|
|
4
4
|
github.com/dependabot/gomodules-extracted v0.0.0-20181020215834-1b2f850478a3/go.mod h1:+dRXSrUymjpT4yzKtn1QmeknT1S/yAHRr35en18dHp8=
|
|
5
|
-
github.com/dependabot/gomodules-extracted v1.
|
|
6
|
-
github.com/dependabot/gomodules-extracted v1.
|
|
5
|
+
github.com/dependabot/gomodules-extracted v1.2.0 h1:K/gTyOyhasOt4cjULvOPNiD3MAFGytp4F7e39aB+0Y0=
|
|
6
|
+
github.com/dependabot/gomodules-extracted v1.2.0/go.mod h1:3NWkH8KcZVDM87JuZI8hCZzYbjfUSz98EZI53qjgMgY=
|
|
7
|
+
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
|
|
8
|
+
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 h1:ObdrDkeb4kJdCP557AjRjq69pTHfNouLtWZG7j9rPN8=
|
|
9
|
+
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
|
|
10
|
+
golang.org/x/mod v0.3.0 h1:RM4zey1++hCTbCVQfnWeKs9/IEsaBLA8vTkd0WVtmH4=
|
|
11
|
+
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
|
|
12
|
+
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
|
13
|
+
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
|
14
|
+
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
|
15
|
+
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
|
16
|
+
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
|
17
|
+
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
|
18
|
+
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e h1:aZzprAO9/8oim3qStq3wc1Xuxx4QmAGriC4VU4ojemQ=
|
|
19
|
+
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
|
|
20
|
+
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
|
21
|
+
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898 h1:/atklqdjdhuosWIl6AIbOeHJjicWYPqR9bpxqxYG2pA=
|
|
22
|
+
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
|
@@ -6,9 +6,9 @@ import (
|
|
|
6
6
|
"regexp"
|
|
7
7
|
|
|
8
8
|
"github.com/dependabot/gomodules-extracted/cmd/go/_internal_/modfetch"
|
|
9
|
-
"github.com/dependabot/gomodules-extracted/cmd/go/_internal_/modfile"
|
|
10
9
|
"github.com/dependabot/gomodules-extracted/cmd/go/_internal_/modload"
|
|
11
|
-
"
|
|
10
|
+
"golang.org/x/mod/modfile"
|
|
11
|
+
"golang.org/x/mod/semver"
|
|
12
12
|
)
|
|
13
13
|
|
|
14
14
|
var (
|
|
@@ -44,7 +44,7 @@ func GetUpdatedVersion(args *Args) (interface{}, error) {
|
|
|
44
44
|
|
|
45
45
|
modload.InitMod()
|
|
46
46
|
|
|
47
|
-
repo, err := modfetch.Lookup(args.Dependency.Name)
|
|
47
|
+
repo, err := modfetch.Lookup("direct", args.Dependency.Name)
|
|
48
48
|
if err != nil {
|
|
49
49
|
return nil, err
|
|
50
50
|
}
|
data/helpers/updater/helpers.go
CHANGED
data/helpers/updater/main.go
CHANGED
|
@@ -174,6 +174,15 @@ module Dependabot
|
|
|
174
174
|
ref: git_revision(dep),
|
|
175
175
|
branch: nil
|
|
176
176
|
}
|
|
177
|
+
rescue Dependabot::SharedHelpers::HelperSubprocessFailed => e
|
|
178
|
+
if e.message == "Cannot detect VCS"
|
|
179
|
+
msg = e.message + " for #{dep['Path']}. Attempted to detect VCS "\
|
|
180
|
+
"because the version looks like a git revision: "\
|
|
181
|
+
"#{dep['Version']}"
|
|
182
|
+
raise Dependabot::DependencyFileNotResolvable, msg
|
|
183
|
+
end
|
|
184
|
+
|
|
185
|
+
raise
|
|
177
186
|
end
|
|
178
187
|
|
|
179
188
|
def git_revision(dep)
|
|
@@ -42,8 +42,7 @@ module Dependabot
|
|
|
42
42
|
)
|
|
43
43
|
end
|
|
44
44
|
|
|
45
|
-
vendor_updater.
|
|
46
|
-
updated_vendor_cache_files(base_directory: directory).
|
|
45
|
+
vendor_updater.updated_vendor_cache_files(base_directory: directory).
|
|
47
46
|
each do |file|
|
|
48
47
|
updated_files << file
|
|
49
48
|
end
|
|
@@ -65,15 +64,23 @@ module Dependabot
|
|
|
65
64
|
def use_repo_contents_stub
|
|
66
65
|
@repo_contents_stub = true
|
|
67
66
|
@repo_contents_path = Dir.mktmpdir
|
|
67
|
+
|
|
68
68
|
Dir.chdir(@repo_contents_path) do
|
|
69
69
|
dependency_files.each do |file|
|
|
70
|
-
File.
|
|
70
|
+
path = File.join(@repo_contents_path, directory, file.name)
|
|
71
|
+
path = Pathname.new(path).expand_path
|
|
72
|
+
FileUtils.mkdir_p(path.dirname) unless Dir.exist?(path.dirname)
|
|
73
|
+
File.write(path, file.content)
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
# Only used to create a backup git config that's reset
|
|
77
|
+
SharedHelpers.with_git_configured(credentials: []) do
|
|
78
|
+
`git config --global user.email "no-reply@github.com"`
|
|
79
|
+
`git config --global user.name "Dependabot"`
|
|
80
|
+
`git init .`
|
|
81
|
+
`git add .`
|
|
82
|
+
`git commit -m'fake repo_contents_path'`
|
|
71
83
|
end
|
|
72
|
-
`git config --global user.email "no-reply@github.com"`
|
|
73
|
-
`git config --global user.name "Dependabot"`
|
|
74
|
-
`git init .`
|
|
75
|
-
`git add .`
|
|
76
|
-
`git commit -m'fake repo_contents_path'`
|
|
77
84
|
end
|
|
78
85
|
end
|
|
79
86
|
|
|
@@ -21,7 +21,12 @@ module Dependabot
|
|
|
21
21
|
# (Private) module could not be found
|
|
22
22
|
/cannot find module providing package/.freeze,
|
|
23
23
|
# Package in module was likely renamed or removed
|
|
24
|
-
/module .* found \(.*\), but does not contain package/m.freeze
|
|
24
|
+
/module .* found \(.*\), but does not contain package/m.freeze,
|
|
25
|
+
# Package does not exist, has been pulled or cannot be reached due to
|
|
26
|
+
# auth problems with either git or the go proxy
|
|
27
|
+
/go: .*: unknown revision/m.freeze,
|
|
28
|
+
# Package version doesn't match the module major version
|
|
29
|
+
/go: .*: go.mod has post-v1 module path/m.freeze
|
|
25
30
|
].freeze
|
|
26
31
|
|
|
27
32
|
MODULE_PATH_MISMATCH_REGEXES = [
|
|
@@ -148,10 +153,12 @@ module Dependabot
|
|
|
148
153
|
def run_go_get
|
|
149
154
|
tmp_go_file = "#{SecureRandom.hex}.go"
|
|
150
155
|
|
|
151
|
-
|
|
152
|
-
File.
|
|
156
|
+
package = Dir.glob("[^\._]*.go").any? do |path|
|
|
157
|
+
!File.read(path).include?("// +build")
|
|
153
158
|
end
|
|
154
159
|
|
|
160
|
+
File.write(tmp_go_file, "package dummypkg\n") unless package
|
|
161
|
+
|
|
155
162
|
_, stderr, status = Open3.capture3(ENVIRONMENT, "go get -d")
|
|
156
163
|
handle_subprocess_error(stderr) unless status.success?
|
|
157
164
|
ensure
|
|
@@ -252,9 +259,9 @@ module Dependabot
|
|
|
252
259
|
new(go_mod_path, match[1], match[2])
|
|
253
260
|
end
|
|
254
261
|
|
|
262
|
+
# We don't know what happened so we raise a generic error
|
|
255
263
|
msg = stderr.lines.last(10).join.strip
|
|
256
|
-
raise Dependabot::
|
|
257
|
-
new(go_mod_path, msg)
|
|
264
|
+
raise Dependabot::DependabotError, msg
|
|
258
265
|
end
|
|
259
266
|
|
|
260
267
|
def go_mod_path
|
|
@@ -10,6 +10,13 @@ require "dependabot/go_modules/version"
|
|
|
10
10
|
module Dependabot
|
|
11
11
|
module GoModules
|
|
12
12
|
class UpdateChecker < Dependabot::UpdateCheckers::Base
|
|
13
|
+
RESOLVABILITY_ERROR_REGEXES = [
|
|
14
|
+
# Package url/proxy doesn't include any redirect meta tags
|
|
15
|
+
/no go-import meta tags/,
|
|
16
|
+
# Package url 404s
|
|
17
|
+
/404 Not Found/
|
|
18
|
+
].freeze
|
|
19
|
+
|
|
13
20
|
def latest_resolvable_version
|
|
14
21
|
# We don't yet support updating indirect dependencies for go_modules
|
|
15
22
|
#
|
|
@@ -73,6 +80,15 @@ module Dependabot
|
|
|
73
80
|
retry_count ||= 0
|
|
74
81
|
retry_count += 1
|
|
75
82
|
retry if transitory_failure?(e) && retry_count < 2
|
|
83
|
+
|
|
84
|
+
handle_subprocess_error(e)
|
|
85
|
+
end
|
|
86
|
+
|
|
87
|
+
def handle_subprocess_error(error)
|
|
88
|
+
if RESOLVABILITY_ERROR_REGEXES.any? { |rgx| error.message =~ rgx }
|
|
89
|
+
raise Dependabot::DependencyFileNotResolvable, error.message
|
|
90
|
+
end
|
|
91
|
+
|
|
76
92
|
raise
|
|
77
93
|
end
|
|
78
94
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-go_modules
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.124.
|
|
4
|
+
version: 0.124.8
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-11-04 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.124.
|
|
19
|
+
version: 0.124.8
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.124.
|
|
26
|
+
version: 0.124.8
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -212,7 +212,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
212
212
|
- !ruby/object:Gem::Version
|
|
213
213
|
version: 2.5.0
|
|
214
214
|
requirements: []
|
|
215
|
-
rubygems_version: 3.1.
|
|
215
|
+
rubygems_version: 3.1.4
|
|
216
216
|
signing_key:
|
|
217
217
|
specification_version: 4
|
|
218
218
|
summary: Go modules support for dependabot
|