dependabot-go_modules 0.128.0 → 0.128.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/go_modules/file_updater/go_mod_updater.rb +26 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 29da29921bc4394c205fb629cb0789c925786644cb959b46f9b2f298db09cfaf
|
|
4
|
+
data.tar.gz: 7a4d3430eedaabe4042c9ffe8e6217b012c79ede1baeeca957da44baaa507ee0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ff7112a43b6836338ff04931727b1b7868963e5adb342df5168690afb4817ff2cdc15e86d9f745e389a5c36ced024f47dc3b02666865a0f29454c9b86a1732cc
|
|
7
|
+
data.tar.gz: ade4e284555898deb7a757149be26461ebf75b4e94e1b226165cfa2bcea2a1464580e83e503528674f29436bfe47ae9e7c048af071cf3c80f789cebc1f635ccc
|
|
@@ -240,12 +240,37 @@ module Dependabot
|
|
|
240
240
|
(manifest["Replace"] || []).
|
|
241
241
|
map { |r| r["New"]["Path"] }.
|
|
242
242
|
compact.
|
|
243
|
-
select { |p|
|
|
243
|
+
select { |p| stub_replace_path?(p) }.
|
|
244
244
|
map { |p| [p, "./" + Digest::SHA2.hexdigest(p)] }.
|
|
245
245
|
to_h
|
|
246
246
|
end
|
|
247
247
|
end
|
|
248
248
|
|
|
249
|
+
# returns true if the provided path should be replaced with a stub
|
|
250
|
+
def stub_replace_path?(path)
|
|
251
|
+
return true if absolute_path?(path)
|
|
252
|
+
return false unless relative_replacement_path?(path)
|
|
253
|
+
|
|
254
|
+
resolved_path = module_pathname.join(path).realpath
|
|
255
|
+
inside_repo_contents_path = resolved_path.to_s.start_with?(repo_contents_path.to_s)
|
|
256
|
+
!inside_repo_contents_path
|
|
257
|
+
rescue Errno::ENOENT
|
|
258
|
+
true
|
|
259
|
+
end
|
|
260
|
+
|
|
261
|
+
def absolute_path?(path)
|
|
262
|
+
path.start_with?("/")
|
|
263
|
+
end
|
|
264
|
+
|
|
265
|
+
def relative_replacement_path?(path)
|
|
266
|
+
# https://golang.org/ref/mod#go-mod-file-replace
|
|
267
|
+
path.start_with?("./") || path.start_with?("../")
|
|
268
|
+
end
|
|
269
|
+
|
|
270
|
+
def module_pathname
|
|
271
|
+
@module_pathname ||= repo_contents_path.join(directory)
|
|
272
|
+
end
|
|
273
|
+
|
|
249
274
|
def substitute_all(substitutions)
|
|
250
275
|
body = substitutions.reduce(File.read("go.mod")) do |text, (a, b)|
|
|
251
276
|
text.sub(a, b)
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-go_modules
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.128.
|
|
4
|
+
version: 0.128.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.128.
|
|
19
|
+
version: 0.128.1
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.128.
|
|
26
|
+
version: 0.128.1
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|