dependabot-go_modules 0.125.0 → 0.125.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/build +1 -0
  3. data/lib/dependabot/go_modules/file_parser.rb +23 -2
  4. data/lib/dependabot/go_modules/requirement.rb +1 -3
  5. data/lib/dependabot/go_modules/update_checker.rb +1 -3
  6. metadata +6 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 7f82b946870f3261b65081ac3aa1b56c3e965f986afb66d083b85204bfe19ec7
4
- data.tar.gz: b2d70637d23ce5ba04bd4f6a6d5fdef06ed9fdad1f32b87b768f5ec75d1c36a6
3
+ metadata.gz: cd62ff6232afe4365ad9b9002071442a96d4c4c162b895cc333149c3f1e91665
4
+ data.tar.gz: 573009b5dc3a1d8690fcd1443e75c34ced9770c592748e11e56d645d699bce55
5
5
  SHA512:
6
- metadata.gz: 64d513d3498bbe3d4d8e03476006bfbf3b0b431f3bda89a00746bd0da3a5f78b746b766836233245103550ff79537da5d9831f01a8f3af77cb080c8ebd854529
7
- data.tar.gz: 6a826d07d6a64d375154ddf9e4a6d075f5702f26416cf3240d5fda2a827d08aa209d9c03395e7241ae1b63f8552aa9cac7cc8908b185793260c802587f8912ed
6
+ metadata.gz: 0be90c879799b94ced28ff90d02c7a1f44faec42a6a74455bb4795bf3ededc7bbc60f8df778ee772f8933f4ecf88f2541d936ad533fc65c3a887e15a55866370
7
+ data.tar.gz: 9521cad48c80f5fe26d9679f7c0e5cb4d3f430ea32d7c8399e5ad26f04c4c5e9f4a6b9a80904c0dbd551c53568e0e1817c98e2e01c5e7870962ba0fdf71c3161
data/helpers/build CHANGED
@@ -24,3 +24,4 @@ os="$(uname -s | tr '[:upper:]' '[:lower:]')"
24
24
  echo "building $install_dir/bin/helper"
25
25
 
26
26
  GO111MODULE=on GOOS="$os" GOARCH=amd64 go build -o "$install_dir/bin/helper" .
27
+ go clean -cache -modcache
data/lib/dependabot/go_modules/file_parser.rb CHANGED
@@ -139,8 +139,9 @@ module Dependabot
139
139
  def handle_parser_error(path, stderr)
140
140
  case stderr
141
141
  when /go: .*: unknown revision/m
142
- line = stderr.lines.grep(/unknown revision/).first
143
- raise Dependabot::DependencyFileNotResolvable, line.strip
142
+ line = stderr.lines.grep(/unknown revision/).first.strip
143
+ handle_github_unknown_revision(line) if line.start_with?("go: github.com/")
144
+ raise Dependabot::DependencyFileNotResolvable, line
144
145
  when /go: .*: unrecognized import path/m
145
146
  line = stderr.lines.grep(/unrecognized import/).first
146
147
  raise Dependabot::DependencyFileNotResolvable, line.strip
@@ -156,6 +157,26 @@ module Dependabot
156
157
  end
157
158
  end
158
159
 
160
+ GITHUB_REPO_REGEX = %r{github.com/[^@]*}.freeze
161
+ def handle_github_unknown_revision(line)
162
+ repo_path = line.scan(GITHUB_REPO_REGEX).first
163
+ return unless repo_path
164
+
165
+ # Query for _any_ version of this module, to know if it doesn't exist (or is private)
166
+ # or we were just given a bad revision by this manifest
167
+ SharedHelpers.in_a_temporary_directory do
168
+ SharedHelpers.with_git_configured(credentials: credentials) do
169
+ File.write("go.mod", "module dummy\n")
170
+
171
+ env = { "GOPRIVATE" => "*" }
172
+ _, _, status = Open3.capture3(env, SharedHelpers.escape_command("go get #{repo_path}"))
173
+ raise Dependabot::DependencyFileNotResolvable, line if status.success?
174
+
175
+ raise Dependabot::GitDependenciesNotReachable, [repo_path]
176
+ end
177
+ end
178
+ end
179
+
159
180
  def rev_identifier?(dep)
160
181
  dep["Version"]&.match?(GIT_VERSION_REGEX)
161
182
  end
data/lib/dependabot/go_modules/requirement.rb CHANGED
@@ -91,9 +91,7 @@ module Dependabot
91
91
  def replace_wildcard_in_lower_bound(req_string)
92
92
  after_wildcard = false
93
93
 
94
- if req_string.start_with?("~")
95
- req_string = req_string.gsub(/(?:(?:\.|^)[xX*])(\.[xX*])+/, "")
96
- end
94
+ req_string = req_string.gsub(/(?:(?:\.|^)[xX*])(\.[xX*])+/, "") if req_string.start_with?("~")
97
95
 
98
96
  req_string.split(".").
99
97
  map do |part|
data/lib/dependabot/go_modules/update_checker.rb CHANGED
@@ -121,9 +121,7 @@ module Dependabot
121
121
  def version_from_tag(tag)
122
122
  # To compare with the current version we either use the commit SHA
123
123
  # (if that's what the parser picked up) of the tag name.
124
- if dependency.version&.match?(/^[0-9a-f]{40}$/)
125
- return tag&.fetch(:commit_sha)
126
- end
124
+ return tag&.fetch(:commit_sha) if dependency.version&.match?(/^[0-9a-f]{40}$/)
127
125
 
128
126
  tag&.fetch(:tag)
129
127
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-go_modules
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.125.0
4
+ version: 0.125.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-11-05 00:00:00.000000000 Z
11
+ date: 2020-11-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.125.0
19
+ version: 0.125.5
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.125.0
26
+ version: 0.125.5
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -128,14 +128,14 @@ dependencies:
128
128
  requirements:
129
129
  - - "~>"
130
130
  - !ruby/object:Gem::Version
131
- version: 0.7.2
131
+ version: 0.8.0
132
132
  type: :development
133
133
  prerelease: false
134
134
  version_requirements: !ruby/object:Gem::Requirement
135
135
  requirements:
136
136
  - - "~>"
137
137
  - !ruby/object:Gem::Version
138
- version: 0.7.2
138
+ version: 0.8.0
139
139
  - !ruby/object:Gem::Dependency
140
140
  name: vcr
141
141
  requirement: !ruby/object:Gem::Requirement