dependabot-go_modules 0.138.3 → 0.139.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/helpers/go.mod +1 -1
- data/helpers/go.sum +2 -2
- data/lib/dependabot/go_modules/file_updater/go_mod_updater.rb +23 -22
- metadata +6 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 22cf13ec824a1a13bf3540a3f870af253dc18e84d35c88e5029391acfb3d3858
|
|
4
|
+
data.tar.gz: 8c0711d3e4fae045cbce2331469de2f133e7cef53d4b8ab849920aae8480d59b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3605094cd5a5358af2cdb567b9096fced93039e20c3d11967729b7db972392665a857deadafa930303825f483ff62b7047e107fa655893b5b4ec6bd2000f2ba0
|
|
7
|
+
data.tar.gz: f9a11a6692dacd6452ed1ed9cb78dfa42f3e66f4795a8fa25b892a88685051818f2e5c62013bb0d8a94fd7956e07e1eee709254547cb7430a411d4b2b4f31196
|
data/helpers/go.mod
CHANGED
|
@@ -6,7 +6,7 @@ require (
|
|
|
6
6
|
github.com/Masterminds/vcs v1.13.1
|
|
7
7
|
github.com/dependabot/dependabot-core/go_modules/helpers/updater v0.0.0
|
|
8
8
|
github.com/dependabot/gomodules-extracted v1.2.0
|
|
9
|
-
golang.org/x/mod v0.4.
|
|
9
|
+
golang.org/x/mod v0.4.2
|
|
10
10
|
)
|
|
11
11
|
|
|
12
12
|
replace github.com/dependabot/dependabot-core/go_modules/helpers/importresolver => ./importresolver
|
data/helpers/go.sum
CHANGED
|
@@ -6,8 +6,8 @@ github.com/dependabot/gomodules-extracted v1.2.0/go.mod h1:3NWkH8KcZVDM87JuZI8hC
|
|
|
6
6
|
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
|
|
7
7
|
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 h1:ObdrDkeb4kJdCP557AjRjq69pTHfNouLtWZG7j9rPN8=
|
|
8
8
|
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
|
|
9
|
-
golang.org/x/mod v0.4.
|
|
10
|
-
golang.org/x/mod v0.4.
|
|
9
|
+
golang.org/x/mod v0.4.2 h1:Gz96sIWK3OalVv/I/qNygP42zyoKp3xptRVCWRFEBvo=
|
|
10
|
+
golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
|
|
11
11
|
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
|
12
12
|
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
|
13
13
|
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
|
@@ -27,6 +27,9 @@ module Dependabot
|
|
|
27
27
|
/cannot find module providing package/.freeze,
|
|
28
28
|
# Package in module was likely renamed or removed
|
|
29
29
|
/module .* found \(.*\), but does not contain package/m.freeze,
|
|
30
|
+
# Package pseudo-version does not match the version-control metadata
|
|
31
|
+
# https://golang.google.cn/doc/go1.13#version-validation
|
|
32
|
+
/go: .*: invalid pseudo-version/m.freeze,
|
|
30
33
|
# Package does not exist, has been pulled or cannot be reached due to
|
|
31
34
|
# auth problems with either git or the go proxy
|
|
32
35
|
/go: .*: unknown revision/m.freeze
|
|
@@ -219,18 +222,12 @@ module Dependabot
|
|
|
219
222
|
# process afterwards.
|
|
220
223
|
def replace_directive_substitutions(manifest)
|
|
221
224
|
@replace_directive_substitutions ||=
|
|
222
|
-
|
|
223
|
-
|
|
224
|
-
|
|
225
|
-
|
|
226
|
-
|
|
227
|
-
|
|
228
|
-
map { |r| r["New"]["Path"] }.
|
|
229
|
-
compact.
|
|
230
|
-
select { |p| stub_replace_path?(p) }.
|
|
231
|
-
map { |p| [p, "./" + Digest::SHA2.hexdigest(p)] }.
|
|
232
|
-
to_h
|
|
233
|
-
end
|
|
225
|
+
(manifest["Replace"] || []).
|
|
226
|
+
map { |r| r["New"]["Path"] }.
|
|
227
|
+
compact.
|
|
228
|
+
select { |p| stub_replace_path?(p) }.
|
|
229
|
+
map { |p| [p, "./" + Digest::SHA2.hexdigest(p)] }.
|
|
230
|
+
to_h
|
|
234
231
|
end
|
|
235
232
|
|
|
236
233
|
# returns true if the provided path should be replaced with a stub
|
|
@@ -266,22 +263,20 @@ module Dependabot
|
|
|
266
263
|
write_go_mod(body)
|
|
267
264
|
end
|
|
268
265
|
|
|
269
|
-
# rubocop:disable Metrics/AbcSize
|
|
270
|
-
# rubocop:disable Metrics/PerceivedComplexity
|
|
271
266
|
def handle_subprocess_error(stderr)
|
|
272
267
|
stderr = stderr.gsub(Dir.getwd, "")
|
|
273
268
|
|
|
274
269
|
# Package version doesn't match the module major version
|
|
275
270
|
error_regex = RESOLVABILITY_ERROR_REGEXES.find { |r| stderr =~ r }
|
|
276
271
|
if error_regex
|
|
277
|
-
|
|
278
|
-
raise Dependabot::DependencyFileNotResolvable,
|
|
272
|
+
error_message = filter_error_message(message: stderr, regex: error_regex)
|
|
273
|
+
raise Dependabot::DependencyFileNotResolvable, error_message
|
|
279
274
|
end
|
|
280
275
|
|
|
281
276
|
repo_error_regex = REPO_RESOLVABILITY_ERROR_REGEXES.find { |r| stderr =~ r }
|
|
282
277
|
if repo_error_regex
|
|
283
|
-
|
|
284
|
-
ResolvabilityErrors.handle(
|
|
278
|
+
error_message = filter_error_message(message: stderr, regex: repo_error_regex)
|
|
279
|
+
ResolvabilityErrors.handle(error_message, credentials: credentials)
|
|
285
280
|
end
|
|
286
281
|
|
|
287
282
|
path_regex = MODULE_PATH_MISMATCH_REGEXES.find { |r| stderr =~ r }
|
|
@@ -293,16 +288,22 @@ module Dependabot
|
|
|
293
288
|
|
|
294
289
|
out_of_disk_regex = OUT_OF_DISK_REGEXES.find { |r| stderr =~ r }
|
|
295
290
|
if out_of_disk_regex
|
|
296
|
-
|
|
297
|
-
raise Dependabot::OutOfDisk.new,
|
|
291
|
+
error_message = filter_error_message(message: stderr, regex: out_of_disk_regex)
|
|
292
|
+
raise Dependabot::OutOfDisk.new, error_message
|
|
298
293
|
end
|
|
299
294
|
|
|
300
295
|
# We don't know what happened so we raise a generic error
|
|
301
296
|
msg = stderr.lines.last(10).join.strip
|
|
302
297
|
raise Dependabot::DependabotError, msg
|
|
303
298
|
end
|
|
304
|
-
|
|
305
|
-
|
|
299
|
+
|
|
300
|
+
def filter_error_message(message:, regex:)
|
|
301
|
+
lines = message.lines.select { |l| regex =~ l }
|
|
302
|
+
return lines.join if lines.any?
|
|
303
|
+
|
|
304
|
+
# In case the regex is multi-line, match the whole string
|
|
305
|
+
message.match(regex).to_s
|
|
306
|
+
end
|
|
306
307
|
|
|
307
308
|
def go_mod_path
|
|
308
309
|
return "go.mod" if directory == "/"
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-go_modules
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.139.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-03-
|
|
11
|
+
date: 2021-03-30 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.139.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.139.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -100,14 +100,14 @@ dependencies:
|
|
|
100
100
|
requirements:
|
|
101
101
|
- - "~>"
|
|
102
102
|
- !ruby/object:Gem::Version
|
|
103
|
-
version: 1.
|
|
103
|
+
version: 1.12.0
|
|
104
104
|
type: :development
|
|
105
105
|
prerelease: false
|
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
|
107
107
|
requirements:
|
|
108
108
|
- - "~>"
|
|
109
109
|
- !ruby/object:Gem::Version
|
|
110
|
-
version: 1.
|
|
110
|
+
version: 1.12.0
|
|
111
111
|
- !ruby/object:Gem::Dependency
|
|
112
112
|
name: simplecov
|
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|