dependabot-go_modules 0.126.0 → 0.128.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/go_modules/file_updater/go_mod_updater.rb +45 -3
- metadata +6 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 29da29921bc4394c205fb629cb0789c925786644cb959b46f9b2f298db09cfaf
|
|
4
|
+
data.tar.gz: 7a4d3430eedaabe4042c9ffe8e6217b012c79ede1baeeca957da44baaa507ee0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ff7112a43b6836338ff04931727b1b7868963e5adb342df5168690afb4817ff2cdc15e86d9f745e389a5c36ced024f47dc3b02666865a0f29454c9b86a1732cc
|
|
7
|
+
data.tar.gz: ade4e284555898deb7a757149be26461ebf75b4e94e1b226165cfa2bcea2a1464580e83e503528674f29436bfe47ae9e7c048af071cf3c80f789cebc1f635ccc
|
|
@@ -35,6 +35,11 @@ module Dependabot
|
|
|
35
35
|
/go: ([^@\s]+)(?:@[^\s]+)?: .* declares its path as: ([\S]*)/m
|
|
36
36
|
].freeze
|
|
37
37
|
|
|
38
|
+
OUT_OF_DISK_REGEXES = [
|
|
39
|
+
%r{input/output error}.freeze,
|
|
40
|
+
/no space left on device/.freeze
|
|
41
|
+
].freeze
|
|
42
|
+
|
|
38
43
|
def initialize(dependencies:, credentials:, repo_contents_path:,
|
|
39
44
|
directory:, options:)
|
|
40
45
|
@dependencies = dependencies
|
|
@@ -118,9 +123,15 @@ module Dependabot
|
|
|
118
123
|
def run_go_mod_tidy
|
|
119
124
|
return unless tidy?
|
|
120
125
|
|
|
126
|
+
# NOTE(arslan): use `go mod tidy -e` once Go 1.16 is out:
|
|
127
|
+
# https://github.com/golang/go/commit/3aa09489ab3aa13a3ac78b1ff012b148ffffe367
|
|
121
128
|
command = "go mod tidy"
|
|
122
|
-
|
|
123
|
-
|
|
129
|
+
|
|
130
|
+
# we explicitly don't raise an error for 'go mod tidy' and silently
|
|
131
|
+
# continue here. `go mod tidy` shouldn't block updating versions
|
|
132
|
+
# because there are some edge cases where it's OK to fail (such as
|
|
133
|
+
# generated files not available yet to us).
|
|
134
|
+
Open3.capture3(ENVIRONMENT, command)
|
|
124
135
|
end
|
|
125
136
|
|
|
126
137
|
def run_go_vendor
|
|
@@ -229,12 +240,37 @@ module Dependabot
|
|
|
229
240
|
(manifest["Replace"] || []).
|
|
230
241
|
map { |r| r["New"]["Path"] }.
|
|
231
242
|
compact.
|
|
232
|
-
select { |p|
|
|
243
|
+
select { |p| stub_replace_path?(p) }.
|
|
233
244
|
map { |p| [p, "./" + Digest::SHA2.hexdigest(p)] }.
|
|
234
245
|
to_h
|
|
235
246
|
end
|
|
236
247
|
end
|
|
237
248
|
|
|
249
|
+
# returns true if the provided path should be replaced with a stub
|
|
250
|
+
def stub_replace_path?(path)
|
|
251
|
+
return true if absolute_path?(path)
|
|
252
|
+
return false unless relative_replacement_path?(path)
|
|
253
|
+
|
|
254
|
+
resolved_path = module_pathname.join(path).realpath
|
|
255
|
+
inside_repo_contents_path = resolved_path.to_s.start_with?(repo_contents_path.to_s)
|
|
256
|
+
!inside_repo_contents_path
|
|
257
|
+
rescue Errno::ENOENT
|
|
258
|
+
true
|
|
259
|
+
end
|
|
260
|
+
|
|
261
|
+
def absolute_path?(path)
|
|
262
|
+
path.start_with?("/")
|
|
263
|
+
end
|
|
264
|
+
|
|
265
|
+
def relative_replacement_path?(path)
|
|
266
|
+
# https://golang.org/ref/mod#go-mod-file-replace
|
|
267
|
+
path.start_with?("./") || path.start_with?("../")
|
|
268
|
+
end
|
|
269
|
+
|
|
270
|
+
def module_pathname
|
|
271
|
+
@module_pathname ||= repo_contents_path.join(directory)
|
|
272
|
+
end
|
|
273
|
+
|
|
238
274
|
def substitute_all(substitutions)
|
|
239
275
|
body = substitutions.reduce(File.read("go.mod")) do |text, (a, b)|
|
|
240
276
|
text.sub(a, b)
|
|
@@ -259,6 +295,12 @@ module Dependabot
|
|
|
259
295
|
new(go_mod_path, match[1], match[2])
|
|
260
296
|
end
|
|
261
297
|
|
|
298
|
+
out_of_disk_regex = OUT_OF_DISK_REGEXES.find { |r| stderr =~ r }
|
|
299
|
+
if out_of_disk_regex
|
|
300
|
+
lines = stderr.lines.select { |l| out_of_disk_regex =~ l }
|
|
301
|
+
raise Dependabot::OutOfDisk.new, lines.join
|
|
302
|
+
end
|
|
303
|
+
|
|
262
304
|
# We don't know what happened so we raise a generic error
|
|
263
305
|
msg = stderr.lines.last(10).join.strip
|
|
264
306
|
raise Dependabot::DependabotError, msg
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-go_modules
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.128.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-12-
|
|
11
|
+
date: 2020-12-14 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.128.1
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.128.1
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -100,14 +100,14 @@ dependencies:
|
|
|
100
100
|
requirements:
|
|
101
101
|
- - "~>"
|
|
102
102
|
- !ruby/object:Gem::Version
|
|
103
|
-
version: 1.
|
|
103
|
+
version: 1.6.0
|
|
104
104
|
type: :development
|
|
105
105
|
prerelease: false
|
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
|
107
107
|
requirements:
|
|
108
108
|
- - "~>"
|
|
109
109
|
- !ruby/object:Gem::Version
|
|
110
|
-
version: 1.
|
|
110
|
+
version: 1.6.0
|
|
111
111
|
- !ruby/object:Gem::Dependency
|
|
112
112
|
name: simplecov
|
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|