dependabot-go_modules 0.129.1 → 0.129.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9a5732b46b502a7660d58467755acc033f3eddd7ac90d457401479dc21985504
|
|
4
|
+
data.tar.gz: 70b7dc19d8f80346f8300ce48995e68e425e79e4a33ff6b33f80d3cf09c34321
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8b21e2f1b812745f68fe053aaa3e20735e56c5f50d060a896db9484087ffd1ee091ae22039e4d384ac9aefdc66561c657cda30aad5dab53a62a6f833a1305dbc
|
|
7
|
+
data.tar.gz: d75ca92c24e867137de528fb58db6a100333fb6089e487c5511e4438087f9b71abc8c8a4e5249eed543cc0548ffafa6703ddd8db193f3a7402a80e85487767c3
|
|
@@ -16,17 +16,8 @@ module Dependabot
|
|
|
16
16
|
def parse
|
|
17
17
|
dependency_set = Dependabot::FileParsers::Base::DependencySet.new
|
|
18
18
|
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
group_by { |line| line == "{\n" ? i += 1 : i }
|
|
22
|
-
deps = chunks.values.map { |chunk| JSON.parse(chunk.join) }
|
|
23
|
-
|
|
24
|
-
deps.each do |dep|
|
|
25
|
-
# The project itself appears in this list as "Main"
|
|
26
|
-
next if dep["Main"]
|
|
27
|
-
|
|
28
|
-
dependency = dependency_from_details(dep)
|
|
29
|
-
dependency_set << dependency if dependency
|
|
19
|
+
required_packages.each do |dep|
|
|
20
|
+
dependency_set << dependency_from_details(dep) unless dep["Indirect"]
|
|
30
21
|
end
|
|
31
22
|
|
|
32
23
|
dependency_set.dependencies
|
|
@@ -65,39 +56,36 @@ module Dependabot
|
|
|
65
56
|
)
|
|
66
57
|
end
|
|
67
58
|
|
|
68
|
-
def
|
|
69
|
-
@
|
|
59
|
+
def required_packages
|
|
60
|
+
@required_packages ||=
|
|
70
61
|
SharedHelpers.in_a_temporary_directory do |path|
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
FileUtils.touch(File.join(stub_path, "go.mod"))
|
|
78
|
-
end
|
|
79
|
-
|
|
80
|
-
File.write("go.mod", go_mod_content)
|
|
81
|
-
|
|
82
|
-
command = "go mod edit -print > /dev/null"
|
|
83
|
-
command += " && go list -m -json all"
|
|
84
|
-
|
|
85
|
-
# Turn off the module proxy for now, as it's causing issues with
|
|
86
|
-
# private git dependencies
|
|
87
|
-
env = { "GOPRIVATE" => "*" }
|
|
88
|
-
|
|
89
|
-
stdout, stderr, status = Open3.capture3(env, command)
|
|
90
|
-
handle_parser_error(path, stderr) unless status.success?
|
|
91
|
-
stdout
|
|
92
|
-
rescue Dependabot::DependencyFileNotResolvable
|
|
93
|
-
# We sometimes see this error if a host times out.
|
|
94
|
-
# In such cases, retrying (a maximum of 3 times) may fix it.
|
|
95
|
-
retry_count ||= 0
|
|
96
|
-
raise if retry_count >= 3
|
|
97
|
-
|
|
98
|
-
retry_count += 1
|
|
99
|
-
retry
|
|
62
|
+
# Create a fake empty module for each local module so that
|
|
63
|
+
# `go mod edit` works, even if some modules have been `replace`d with
|
|
64
|
+
# a local module that we don't have access to.
|
|
65
|
+
local_replacements.each do |_, stub_path|
|
|
66
|
+
Dir.mkdir(stub_path) unless Dir.exist?(stub_path)
|
|
67
|
+
FileUtils.touch(File.join(stub_path, "go.mod"))
|
|
100
68
|
end
|
|
69
|
+
|
|
70
|
+
File.write("go.mod", go_mod_content)
|
|
71
|
+
|
|
72
|
+
command = "go mod edit -json"
|
|
73
|
+
|
|
74
|
+
# Turn off the module proxy for now, as it's causing issues with
|
|
75
|
+
# private git dependencies
|
|
76
|
+
env = { "GOPRIVATE" => "*" }
|
|
77
|
+
|
|
78
|
+
stdout, stderr, status = Open3.capture3(env, command)
|
|
79
|
+
handle_parser_error(path, stderr) unless status.success?
|
|
80
|
+
JSON.parse(stdout)["Require"]
|
|
81
|
+
rescue Dependabot::DependencyFileNotResolvable
|
|
82
|
+
# We sometimes see this error if a host times out.
|
|
83
|
+
# In such cases, retrying (a maximum of 3 times) may fix it.
|
|
84
|
+
retry_count ||= 0
|
|
85
|
+
raise if retry_count >= 3
|
|
86
|
+
|
|
87
|
+
retry_count += 1
|
|
88
|
+
retry
|
|
101
89
|
end
|
|
102
90
|
end
|
|
103
91
|
|
|
@@ -135,52 +123,9 @@ module Dependabot
|
|
|
135
123
|
end
|
|
136
124
|
end
|
|
137
125
|
|
|
138
|
-
GIT_ERROR_REGEX = /go: .*: git fetch .*: exit status 128/m.freeze
|
|
139
126
|
def handle_parser_error(path, stderr)
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
line = stderr.lines.grep(/unknown revision/).first.strip
|
|
143
|
-
handle_github_unknown_revision(line) if line.start_with?("go: github.com/")
|
|
144
|
-
raise Dependabot::DependencyFileNotResolvable, line
|
|
145
|
-
when /go: .*: unrecognized import path/m
|
|
146
|
-
line = stderr.lines.grep(/unrecognized import/).first
|
|
147
|
-
raise Dependabot::DependencyFileNotResolvable, line.strip
|
|
148
|
-
when /go: errors parsing go.mod/m
|
|
149
|
-
msg = stderr.gsub(path.to_s, "").strip
|
|
150
|
-
raise Dependabot::DependencyFileNotParseable.new(go_mod.path, msg)
|
|
151
|
-
when GIT_ERROR_REGEX
|
|
152
|
-
lines = stderr.lines.drop_while { |l| GIT_ERROR_REGEX !~ l }
|
|
153
|
-
raise Dependabot::DependencyFileNotResolvable.new, lines.join
|
|
154
|
-
else
|
|
155
|
-
msg = stderr.gsub(path.to_s, "").strip
|
|
156
|
-
raise Dependabot::DependencyFileNotParseable.new(go_mod.path, msg)
|
|
157
|
-
end
|
|
158
|
-
end
|
|
159
|
-
|
|
160
|
-
GITHUB_REPO_REGEX = %r{github.com/[^@]*}.freeze
|
|
161
|
-
def handle_github_unknown_revision(line)
|
|
162
|
-
mod_path = line.scan(GITHUB_REPO_REGEX).first
|
|
163
|
-
return unless mod_path
|
|
164
|
-
|
|
165
|
-
# Query for _any_ version of this module, to know if it doesn't exist (or is private)
|
|
166
|
-
# or we were just given a bad revision by this manifest
|
|
167
|
-
SharedHelpers.in_a_temporary_directory do
|
|
168
|
-
SharedHelpers.with_git_configured(credentials: credentials) do
|
|
169
|
-
File.write("go.mod", "module dummy\n")
|
|
170
|
-
|
|
171
|
-
env = { "GOPRIVATE" => "*" }
|
|
172
|
-
_, _, status = Open3.capture3(env, SharedHelpers.escape_command("go get #{mod_path}"))
|
|
173
|
-
raise Dependabot::DependencyFileNotResolvable, line if status.success?
|
|
174
|
-
|
|
175
|
-
mod_split = mod_path.split("/")
|
|
176
|
-
repo_path = if mod_split.size > 3
|
|
177
|
-
mod_split[0..2].join("/")
|
|
178
|
-
else
|
|
179
|
-
mod_path
|
|
180
|
-
end
|
|
181
|
-
raise Dependabot::GitDependenciesNotReachable, [repo_path]
|
|
182
|
-
end
|
|
183
|
-
end
|
|
127
|
+
msg = stderr.gsub(path.to_s, "").strip
|
|
128
|
+
raise Dependabot::DependencyFileNotParseable.new(go_mod.path, msg)
|
|
184
129
|
end
|
|
185
130
|
|
|
186
131
|
def rev_identifier?(dep)
|
|
@@ -40,6 +40,8 @@ module Dependabot
|
|
|
40
40
|
/no space left on device/.freeze
|
|
41
41
|
].freeze
|
|
42
42
|
|
|
43
|
+
GO_MOD_VERSION = /^go 1\.[\d]+$/.freeze
|
|
44
|
+
|
|
43
45
|
def initialize(dependencies:, credentials:, repo_contents_path:,
|
|
44
46
|
directory:, options:)
|
|
45
47
|
@dependencies = dependencies
|
|
@@ -67,10 +69,9 @@ module Dependabot
|
|
|
67
69
|
@updated_files ||= update_files
|
|
68
70
|
end
|
|
69
71
|
|
|
70
|
-
def update_files # rubocop:disable Metrics/AbcSize
|
|
72
|
+
def update_files # rubocop:disable Metrics/AbcSize, Metrics/PerceivedComplexity
|
|
71
73
|
in_repo_path do
|
|
72
74
|
# Map paths in local replace directives to path hashes
|
|
73
|
-
|
|
74
75
|
original_go_mod = File.read("go.mod")
|
|
75
76
|
original_manifest = parse_manifest
|
|
76
77
|
original_go_sum = File.read("go.sum") if File.exist?("go.sum")
|
|
@@ -87,35 +88,36 @@ module Dependabot
|
|
|
87
88
|
# Then run `go get` to pick up other changes to the file caused by
|
|
88
89
|
# the upgrade
|
|
89
90
|
run_go_get
|
|
90
|
-
run_go_vendor
|
|
91
|
-
run_go_mod_tidy
|
|
92
|
-
|
|
93
|
-
# At this point, the go.mod returned from run_go_get contains the
|
|
94
|
-
# correct set of modules, but running `go get` can change the file
|
|
95
|
-
# in undesirable ways (such as injecting the current Go version),
|
|
96
|
-
# so we need to update the original go.mod with the updated set of
|
|
97
|
-
# requirements rather than using the regenerated file directly
|
|
98
|
-
original_reqs = original_manifest["Require"] || []
|
|
99
|
-
updated_reqs = parse_manifest["Require"] || []
|
|
100
|
-
|
|
101
|
-
original_paths = original_reqs.map { |r| r["Path"] }
|
|
102
|
-
updated_paths = updated_reqs.map { |r| r["Path"] }
|
|
103
|
-
req_paths_to_remove = original_paths - updated_paths
|
|
104
|
-
|
|
105
|
-
# Put back the original content before we replace just the updated
|
|
106
|
-
# dependencies.
|
|
107
|
-
write_go_mod(original_go_mod)
|
|
108
91
|
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
92
|
+
# If we stubbed modules, don't run `go mod {tidy,vendor}` as
|
|
93
|
+
# dependencies are incomplete
|
|
94
|
+
if substitutions.empty?
|
|
95
|
+
run_go_mod_tidy
|
|
96
|
+
run_go_vendor
|
|
97
|
+
else
|
|
98
|
+
substitute_all(substitutions.invert)
|
|
99
|
+
end
|
|
115
100
|
|
|
116
101
|
updated_go_sum = original_go_sum ? File.read("go.sum") : nil
|
|
117
102
|
updated_go_mod = File.read("go.mod")
|
|
118
103
|
|
|
104
|
+
# running "go get" may inject the current go version, remove it
|
|
105
|
+
original_go_version = original_go_mod.match(GO_MOD_VERSION)&.to_a&.first
|
|
106
|
+
updated_go_version = updated_go_mod.match(GO_MOD_VERSION)&.to_a&.first
|
|
107
|
+
if original_go_version != updated_go_version
|
|
108
|
+
go_mod_lines = updated_go_mod.lines
|
|
109
|
+
go_mod_lines.each_with_index do |line, i|
|
|
110
|
+
next unless line&.match?(GO_MOD_VERSION)
|
|
111
|
+
|
|
112
|
+
# replace with the original version
|
|
113
|
+
go_mod_lines[i] = original_go_version
|
|
114
|
+
# avoid a stranded newline if there was no version originally
|
|
115
|
+
go_mod_lines[i + 1] = nil if original_go_version.nil?
|
|
116
|
+
end
|
|
117
|
+
|
|
118
|
+
updated_go_mod = go_mod_lines.compact.join
|
|
119
|
+
end
|
|
120
|
+
|
|
119
121
|
{ go_mod: updated_go_mod, go_sum: updated_go_sum }
|
|
120
122
|
end
|
|
121
123
|
end
|
|
@@ -184,24 +186,6 @@ module Dependabot
|
|
|
184
186
|
JSON.parse(stdout) || {}
|
|
185
187
|
end
|
|
186
188
|
|
|
187
|
-
def remove_requirements(requirement_paths)
|
|
188
|
-
requirement_paths.each do |path|
|
|
189
|
-
escaped_path = Shellwords.escape(path)
|
|
190
|
-
command = "go mod edit -droprequire #{escaped_path}"
|
|
191
|
-
_, stderr, status = Open3.capture3(ENVIRONMENT, command)
|
|
192
|
-
handle_subprocess_error(stderr) unless status.success?
|
|
193
|
-
end
|
|
194
|
-
end
|
|
195
|
-
|
|
196
|
-
def add_requirements(requirements)
|
|
197
|
-
requirements.each do |r|
|
|
198
|
-
escaped_req = Shellwords.escape("#{r['Path']}@#{r['Version']}")
|
|
199
|
-
command = "go mod edit -require #{escaped_req}"
|
|
200
|
-
_, stderr, status = Open3.capture3(ENVIRONMENT, command)
|
|
201
|
-
handle_subprocess_error(stderr) unless status.success?
|
|
202
|
-
end
|
|
203
|
-
end
|
|
204
|
-
|
|
205
189
|
def in_repo_path(&block)
|
|
206
190
|
SharedHelpers.
|
|
207
191
|
in_a_temporary_repo_directory(directory, repo_contents_path) do
|
|
@@ -268,7 +252,7 @@ module Dependabot
|
|
|
268
252
|
end
|
|
269
253
|
|
|
270
254
|
def module_pathname
|
|
271
|
-
@module_pathname ||= Pathname.new(repo_contents_path).join(directory)
|
|
255
|
+
@module_pathname ||= Pathname.new(repo_contents_path).join(directory.sub(%r{^/}, ""))
|
|
272
256
|
end
|
|
273
257
|
|
|
274
258
|
def substitute_all(substitutions)
|
|
@@ -312,24 +296,6 @@ module Dependabot
|
|
|
312
296
|
File.join(directory, "go.mod")
|
|
313
297
|
end
|
|
314
298
|
|
|
315
|
-
def requirement_to_dependency_obj(req)
|
|
316
|
-
# This is an approximation - we're not correctly populating `source`
|
|
317
|
-
# for instance, but it's only to plug the requirement into the
|
|
318
|
-
# `update_go_mod` method so this mapping doesn't need to be perfect
|
|
319
|
-
dep_req = {
|
|
320
|
-
file: "go.mod",
|
|
321
|
-
requirement: req["Version"],
|
|
322
|
-
groups: [],
|
|
323
|
-
source: nil
|
|
324
|
-
}
|
|
325
|
-
Dependency.new(
|
|
326
|
-
name: req["Path"],
|
|
327
|
-
version: req["Version"],
|
|
328
|
-
requirements: req["Indirect"] ? [] : [dep_req],
|
|
329
|
-
package_manager: "go_modules"
|
|
330
|
-
)
|
|
331
|
-
end
|
|
332
|
-
|
|
333
299
|
def write_go_mod(body)
|
|
334
300
|
File.write("go.mod", body)
|
|
335
301
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-go_modules
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.129.
|
|
4
|
+
version: 0.129.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2021-01-04 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.129.
|
|
19
|
+
version: 0.129.2
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.129.
|
|
26
|
+
version: 0.129.2
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -100,28 +100,28 @@ dependencies:
|
|
|
100
100
|
requirements:
|
|
101
101
|
- - "~>"
|
|
102
102
|
- !ruby/object:Gem::Version
|
|
103
|
-
version: 1.
|
|
103
|
+
version: 1.7.0
|
|
104
104
|
type: :development
|
|
105
105
|
prerelease: false
|
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
|
107
107
|
requirements:
|
|
108
108
|
- - "~>"
|
|
109
109
|
- !ruby/object:Gem::Version
|
|
110
|
-
version: 1.
|
|
110
|
+
version: 1.7.0
|
|
111
111
|
- !ruby/object:Gem::Dependency
|
|
112
112
|
name: simplecov
|
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|
|
114
114
|
requirements:
|
|
115
115
|
- - "~>"
|
|
116
116
|
- !ruby/object:Gem::Version
|
|
117
|
-
version: 0.
|
|
117
|
+
version: 0.21.0
|
|
118
118
|
type: :development
|
|
119
119
|
prerelease: false
|
|
120
120
|
version_requirements: !ruby/object:Gem::Requirement
|
|
121
121
|
requirements:
|
|
122
122
|
- - "~>"
|
|
123
123
|
- !ruby/object:Gem::Version
|
|
124
|
-
version: 0.
|
|
124
|
+
version: 0.21.0
|
|
125
125
|
- !ruby/object:Gem::Dependency
|
|
126
126
|
name: simplecov-console
|
|
127
127
|
requirement: !ruby/object:Gem::Requirement
|