RubyGems - dependabot-go_modules - Versions diffs - 0.143.4 → 0.145.1 - Mend

dependabot-go_modules 0.143.4 → 0.145.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

checksums.yaml +4 -4
data/helpers/Makefile +2 -2
data/helpers/build +2 -2
data/helpers/go.mod +2 -9
data/helpers/go.sum +2 -3
data/helpers/main.go +3 -3
data/helpers/updatechecker/main.go +13 -37
data/helpers/updater/helpers.go +16 -8
data/helpers/updater/main.go +3 -1
data/lib/dependabot/go_modules/file_parser.rb +15 -6
data/lib/dependabot/go_modules/file_updater/go_mod_updater.rb +3 -31
data/lib/dependabot/go_modules/replace_stubber.rb +55 -0
data/lib/dependabot/go_modules/update_checker.rb +9 -59
data/lib/dependabot/go_modules/update_checker/latest_version_finder.rb +147 -0
metadata +6 -6
data/helpers/updater/go.mod +0 -3
data/helpers/updater/go.sum +0 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 634cfc305bc5c7d70b21feac922bcbf09227e909a2ba52639e6851c51ac42654
-  data.tar.gz: 52941d31f57f634afd6e352999cc9e7caab5859202875bcef7ef12e55fbbf9b9
+  metadata.gz: e3550327e043cedb78207a2adc2118caec2ce9b489899c781060529f8c9603ba
+  data.tar.gz: 0f8dd232a699b2a5dbd4af229ae0cc377fad47b6a1d482650658261f63f818c2
 SHA512:
-  metadata.gz: 26f33e30a83add19480f377c195da26770cf7d8f49d02981fae4aeb1a126ff34686e4a8977a5f6055f3e7f1e82014e2969d8492ba92c14fc1179a1e7dffb201e
-  data.tar.gz: f705fcdc3f4fc295c1161d0bc9f72a678bf08dd07dd8b97a88fee07bfb75e7bc9feb300846ced59de02cf70b44d79412860c8022d7ce741e761c498dfc4737ab
+  metadata.gz: a183b6d5a4904b4726f6c41b75db08b0a46f024142c312506e4f9d7e5676e8274941c3c170f66f0f24e70b09b8dee3a434653d62cbbd144d73e01adf081a7dab
+  data.tar.gz: 3f66295d4afd99494995640be323a003e86ede3577ca8618da606e07606411026ddd31ef9ab33ede89ad7ab6de4bf011de4f886eecedd25e9000a76f7ec0fe8c

data/helpers/Makefile CHANGED Viewed

@@ -3,7 +3,7 @@
 all: darwin linux
 darwin:
-	GO111MODULE=on GOOS=darwin GOARCH=amd64 go build -o go-helpers.darwin64 .
+	GOOS=darwin GOARCH=amd64 go build -o go-helpers.darwin64 .
 linux:
-	GO111MODULE=on GOOS=linux GOARCH=amd64  go build -o go-helpers.linux64 .
+	GOOS=linux GOARCH=amd64  go build -o go-helpers.linux64 .

data/helpers/build CHANGED Viewed

@@ -23,5 +23,5 @@ cd $helpers_dir
 os="$(uname -s | tr '[:upper:]' '[:lower:]')"
 echo "building $install_dir/bin/helper"
-GO111MODULE=on GOOS="$os" GOARCH=amd64 go build -o "$install_dir/bin/helper" .
-go clean -cache -modcache
+GOOS="$os" GOARCH=amd64 go build -o "$install_dir/bin/helper" .
+go clean -cache -modcache

data/helpers/go.mod CHANGED Viewed

@@ -1,16 +1,9 @@
 module github.com/dependabot/dependabot-core/go_modules/helpers
-go 1.13
+go 1.16
 require (
 	github.com/Masterminds/vcs v1.13.1
-	github.com/dependabot/dependabot-core/go_modules/helpers/updater v0.0.0
-	github.com/dependabot/gomodules-extracted v1.2.0
+	github.com/dependabot/gomodules-extracted v1.3.0
 	golang.org/x/mod v0.4.2
 )
-replace github.com/dependabot/dependabot-core/go_modules/helpers/importresolver => ./importresolver
-replace github.com/dependabot/dependabot-core/go_modules/helpers/updater => ./updater
-replace github.com/dependabot/dependabot-core/go_modules/helpers/updatechecker => ./updatechecker

data/helpers/go.sum CHANGED Viewed

@@ -1,8 +1,7 @@
 github.com/Masterminds/vcs v1.13.1 h1:NL3G1X7/7xduQtA2sJLpVpfHTNBALVNSjob6KEjPXNQ=
 github.com/Masterminds/vcs v1.13.1/go.mod h1:N09YCmOQr6RLxC6UNHzuVwAdodYbbnycGHSmwVJjcKA=
-github.com/dependabot/gomodules-extracted v0.0.0-20181020215834-1b2f850478a3/go.mod h1:+dRXSrUymjpT4yzKtn1QmeknT1S/yAHRr35en18dHp8=
-github.com/dependabot/gomodules-extracted v1.2.0 h1:K/gTyOyhasOt4cjULvOPNiD3MAFGytp4F7e39aB+0Y0=
-github.com/dependabot/gomodules-extracted v1.2.0/go.mod h1:3NWkH8KcZVDM87JuZI8hCZzYbjfUSz98EZI53qjgMgY=
+github.com/dependabot/gomodules-extracted v1.3.0 h1:Rsnl5uR+wjE+7ontePia/B3p48aBRsyEhyNrzCwbkaw=
+github.com/dependabot/gomodules-extracted v1.3.0/go.mod h1:cpzrmDX1COyhSDQXHfkRMw0STb0vmguBFqmrkr51h1I=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 h1:ObdrDkeb4kJdCP557AjRjq69pTHfNouLtWZG7j9rPN8=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=

data/helpers/main.go CHANGED Viewed

@@ -33,10 +33,10 @@ func main() {
 		funcErr error
 	)
 	switch helperParams.Function {
-	case "getUpdatedVersion":
+	case "getVersions":
 		var args updatechecker.Args
 		parseArgs(helperParams.Args, &args)
-		funcOut, funcErr = updatechecker.GetUpdatedVersion(&args)
+		funcOut, funcErr = updatechecker.GetVersions(&args)
 	case "updateDependencyFile":
 		var args updater.Args
 		parseArgs(helperParams.Args, &args)
@@ -46,7 +46,7 @@ func main() {
 		parseArgs(helperParams.Args, &args)
 		funcOut, funcErr = importresolver.VCSRemoteForImport(&args)
 	default:
-		abort(fmt.Errorf("Unrecognised function '%s'", helperParams.Function))
+		abort(fmt.Errorf("unrecognised function '%s'", helperParams.Function))
 	}
 	if funcErr != nil {

data/helpers/updatechecker/main.go CHANGED Viewed

@@ -1,9 +1,9 @@
 package updatechecker
 import (
+	"context"
 	"errors"
 	"io/ioutil"
-	"regexp"
 	"github.com/dependabot/gomodules-extracted/cmd/go/_internal_/modfetch"
 	"github.com/dependabot/gomodules-extracted/cmd/go/_internal_/modload"
@@ -11,44 +11,27 @@ import (
 	"golang.org/x/mod/semver"
 )
-var (
-	pseudoVersionRegexp = regexp.MustCompile(`\b\d{14}-[0-9a-f]{12}$`)
-)
 type Dependency struct {
-	Name     string `json:"name"`
-	Version  string `json:"version"`
-	Indirect bool   `json:"indirect"`
-}
-type IgnoreRange struct {
-	MinVersionInclusive string `json:"min_version_inclusive"`
-	MaxVersionExclusive string `json:"max_version_exclusive"`
+	Name    string `json:"name"`
+	Version string `json:"version"`
 }
 type Args struct {
-	Dependency   *Dependency    `json:"dependency"`
-	IgnoreRanges []*IgnoreRange `json:"ignore_ranges"`
+	Dependency *Dependency `json:"dependency"`
 }
-func GetUpdatedVersion(args *Args) (interface{}, error) {
+// GetVersions returns a list of versions for the given dependency that
+// are within the same major version.
+func GetVersions(args *Args) (interface{}, error) {
 	if args.Dependency == nil {
 		return nil, errors.New("Expected args.dependency to not be nil")
 	}
 	currentVersion := args.Dependency.Version
-	currentPrerelease := semver.Prerelease(currentVersion)
-	if pseudoVersionRegexp.MatchString(currentPrerelease) {
-		return currentVersion, nil
-	}
-	modload.InitMod()
-	repo, err := modfetch.Lookup("direct", args.Dependency.Name)
-	if err != nil {
-		return nil, err
-	}
+	modload.LoadModFile(context.Background())
+	repo := modfetch.Lookup("direct", args.Dependency.Name)
 	versions, err := repo.Versions("")
 	if err != nil {
 		return nil, err
@@ -60,7 +43,8 @@ func GetUpdatedVersion(args *Args) (interface{}, error) {
 	}
 	currentMajor := semver.Major(currentVersion)
-	latestVersion := args.Dependency.Version
+	var candidateVersions []string
 Outer:
 	for _, v := range versions {
@@ -68,24 +52,16 @@ Outer:
 			continue
 		}
-		if semver.Compare(v, latestVersion) < 1 {
-			continue
-		}
-		if currentPrerelease == "" && semver.Prerelease(v) != "" {
-			continue
-		}
 		for _, exclude := range excludes {
 			if v == exclude {
 				continue Outer
 			}
 		}
-		latestVersion = v
+		candidateVersions = append(candidateVersions, v)
 	}
-	return latestVersion, nil
+	return candidateVersions, nil
 }
 func goModExcludes(dependency string) ([]string, error) {

data/helpers/updater/helpers.go CHANGED Viewed

@@ -6,7 +6,11 @@ import (
 	"golang.org/x/mod/modfile"
 )
-// Private methods lifted from the `modfile` package
+// Private methods lifted from the `modfile` package.
+// Last synced: 4/28/2021 from:
+// https://github.com/golang/mod/blob/858fdbee9c245c8109c359106e89c6b8d321f19c/modfile/rule.go
+var slashSlash = []byte("//")
 // setIndirect sets line to have (or not have) a "// indirect" comment.
 func setIndirect(line *modfile.Line, indirect bool) {
@@ -20,13 +24,17 @@ func setIndirect(line *modfile.Line, indirect bool) {
 			line.Suffix = []modfile.Comment{{Token: "// indirect", Suffix: true}}
 			return
 		}
-		// Insert at beginning of existing comment.
 		com := &line.Suffix[0]
-		space := " "
-		if len(com.Token) > 2 && com.Token[2] == ' ' || com.Token[2] == '\t' {
-			space = ""
+		text := strings.TrimSpace(strings.TrimPrefix(com.Token, string(slashSlash)))
+		if text == "" {
+			// Empty comment.
+			com.Token = "// indirect"
+			return
 		}
-		com.Token = "// indirect;" + space + com.Token[2:]
+		// Insert at beginning of existing comment.
+		com.Token = "// indirect; " + text
 		return
 	}
@@ -52,6 +60,6 @@ func isIndirect(line *modfile.Line) bool {
 	if len(line.Suffix) == 0 {
 		return false
 	}
-	f := strings.Fields(line.Suffix[0].Token)
-	return (len(f) == 2 && f[1] == "indirect" || len(f) > 2 && f[1] == "indirect;") && f[0] == "//"
+	f := strings.Fields(strings.TrimPrefix(line.Suffix[0].Token, string(slashSlash)))
+	return (len(f) == 1 && f[0] == "indirect" || len(f) > 1 && f[0] == "indirect;")
 }

data/helpers/updater/main.go CHANGED Viewed

@@ -28,7 +28,9 @@ func UpdateDependencyFile(args *Args) (interface{}, error) {
 	}
 	for _, dep := range args.Dependencies {
-		f.AddRequire(dep.Name, dep.Version)
+		if err := f.AddRequire(dep.Name, dep.Version); err != nil {
+			return nil, err
+		}
 	}
 	for _, r := range f.Require {

data/lib/dependabot/go_modules/file_parser.rb CHANGED Viewed

@@ -4,6 +4,7 @@ require "open3"
 require "dependabot/dependency"
 require "dependabot/file_parsers/base/dependency_set"
 require "dependabot/go_modules/path_converter"
+require "dependabot/go_modules/replace_stubber"
 require "dependabot/errors"
 require "dependabot/file_parsers"
 require "dependabot/file_parsers/base"
@@ -17,7 +18,7 @@ module Dependabot
         dependency_set = Dependabot::FileParsers::Base::DependencySet.new
         required_packages.each do |dep|
-          dependency_set << dependency_from_details(dep) unless dep["Indirect"]
+          dependency_set << dependency_from_details(dep) unless skip_dependency?(dep)
         end
         dependency_set.dependencies
@@ -109,11 +110,8 @@ module Dependabot
             # we can use in their place. Using generated paths is safer as it
             # means we don't need to worry about references to parent
             # directories, etc.
-            (JSON.parse(stdout)["Replace"] || []).
-              map { |r| r["New"]["Path"] }.
-              compact.
-              select { |p| p.start_with?(".") || p.start_with?("/") }.
-              map { |p| [p, "./" + Digest::SHA2.hexdigest(p)] }
+            manifest = JSON.parse(stdout)
+            ReplaceStubber.new(repo_contents_path).stub_paths(manifest, go_mod.directory)
           end
       end
@@ -163,6 +161,17 @@ module Dependabot
         raw_version.match(GIT_VERSION_REGEX).named_captures.fetch("sha")
       end
+      def skip_dependency?(dep)
+        return true if dep["Indirect"]
+        begin
+          path_uri = URI.parse("https://#{dep['Path']}")
+          !path_uri.host.include?(".")
+        rescue URI::InvalidURIError
+          false
+        end
+      end
     end
   end
 end

data/lib/dependabot/go_modules/file_updater/go_mod_updater.rb CHANGED Viewed

@@ -4,6 +4,7 @@ require "dependabot/shared_helpers"
 require "dependabot/errors"
 require "dependabot/go_modules/file_updater"
 require "dependabot/go_modules/native_helpers"
+require "dependabot/go_modules/replace_stubber"
 require "dependabot/go_modules/resolvability_errors"
 module Dependabot
@@ -222,37 +223,8 @@ module Dependabot
         # process afterwards.
         def replace_directive_substitutions(manifest)
           @replace_directive_substitutions ||=
-            (manifest["Replace"] || []).
-            map { |r| r["New"]["Path"] }.
-            compact.
-            select { |p| stub_replace_path?(p) }.
-            map { |p| [p, "./" + Digest::SHA2.hexdigest(p)] }.
-            to_h
-        end
-        # returns true if the provided path should be replaced with a stub
-        def stub_replace_path?(path)
-          return true if absolute_path?(path)
-          return false unless relative_replacement_path?(path)
-          resolved_path = module_pathname.join(path).realpath
-          inside_repo_contents_path = resolved_path.to_s.start_with?(repo_contents_path.to_s)
-          !inside_repo_contents_path
-        rescue Errno::ENOENT
-          true
-        end
-        def absolute_path?(path)
-          path.start_with?("/")
-        end
-        def relative_replacement_path?(path)
-          # https://golang.org/ref/mod#go-mod-file-replace
-          path.start_with?("./") || path.start_with?("../")
-        end
-        def module_pathname
-          @module_pathname ||= Pathname.new(repo_contents_path).join(directory.sub(%r{^/}, ""))
+            Dependabot::GoModules::ReplaceStubber.new(repo_contents_path).
+            stub_paths(manifest, directory)
         end
         def substitute_all(substitutions)

data/lib/dependabot/go_modules/replace_stubber.rb ADDED Viewed

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+module Dependabot
+  module GoModules
+    # Given a go.mod file, find all `replace` directives pointing to a path
+    # on the local filesystem outside of the current checkout, and return a hash
+    # mapping the original path to a hash of the path.
+    #
+    # This lets us substitute all parts of the go.mod that are dependent on
+    # the layout of the filesystem with a structure we can reproduce (i.e.
+    # no paths such as ../../../foo), run the Go tooling, then reverse the
+    # process afterwards.
+    class ReplaceStubber
+      def initialize(repo_contents_path)
+        @repo_contents_path = repo_contents_path
+      end
+      def stub_paths(manifest, directory)
+        (manifest["Replace"] || []).
+          map { |r| r["New"]["Path"] }.
+          compact.
+          select { |p| stub_replace_path?(p, directory) }.
+          map { |p| [p, "./" + Digest::SHA2.hexdigest(p)] }.
+          to_h
+      end
+      private
+      def stub_replace_path?(path, directory)
+        return true if absolute_path?(path)
+        return false unless relative_replacement_path?(path)
+        return true if @repo_contents_path.nil?
+        resolved_path = module_pathname(directory).join(path).realpath
+        inside_repo_contents_path = resolved_path.to_s.start_with?(@repo_contents_path.to_s)
+        !inside_repo_contents_path
+      rescue Errno::ENOENT
+        true
+      end
+      def absolute_path?(path)
+        path.start_with?("/")
+      end
+      def relative_replacement_path?(path)
+        # https://golang.org/ref/mod#go-mod-file-replace
+        path.start_with?("./") || path.start_with?("../")
+      end
+      def module_pathname(directory)
+        @module_pathname ||= Pathname.new(@repo_contents_path).join(directory.sub(%r{^/}, ""))
+      end
+    end
+  end
+end

data/lib/dependabot/go_modules/update_checker.rb CHANGED Viewed

@@ -5,26 +5,19 @@ require "dependabot/update_checkers/base"
 require "dependabot/shared_helpers"
 require "dependabot/errors"
 require "dependabot/go_modules/native_helpers"
-require "dependabot/go_modules/resolvability_errors"
 require "dependabot/go_modules/version"
 module Dependabot
   module GoModules
     class UpdateChecker < Dependabot::UpdateCheckers::Base
-      RESOLVABILITY_ERROR_REGEXES = [
-        # Package url/proxy doesn't include any redirect meta tags
-        /no go-import meta tags/,
-        # Package url 404s
-        /404 Not Found/,
-        /Repository not found/
-      ].freeze
+      require_relative "update_checker/latest_version_finder"
       def latest_resolvable_version
         # We don't yet support updating indirect dependencies for go_modules
         #
         # To update indirect dependencies we'll need to promote the indirect
         # dependency to the go.mod file forcing the resolver to pick this
-        # version (possibly as # indirect)
+        # version (possibly as `// indirect`)
         unless dependency.top_level?
           return unless dependency.version
@@ -32,7 +25,13 @@ module Dependabot
         end
         @latest_resolvable_version ||=
-          version_class.new(find_latest_resolvable_version.gsub(/^v/, ""))
+          LatestVersionFinder.new(
+            dependency: dependency,
+            dependency_files: dependency_files,
+            credentials: credentials,
+            ignored_versions: ignored_versions,
+            raise_on_ignored: raise_on_ignored,
+          ).latest_version
       end
       # This is currently used to short-circuit latest_resolvable_version,
@@ -55,51 +54,6 @@ module Dependabot
       private
-      def find_latest_resolvable_version
-        SharedHelpers.in_a_temporary_directory do
-          SharedHelpers.with_git_configured(credentials: credentials) do
-            File.write("go.mod", go_mod.content)
-            # Turn off the module proxy for now, as it's causing issues with
-            # private git dependencies
-            env = { "GOPRIVATE" => "*" }
-            SharedHelpers.run_helper_subprocess(
-              command: NativeHelpers.helper_path,
-              env: env,
-              function: "getUpdatedVersion",
-              args: {
-                dependency: {
-                  name: dependency.name,
-                  version: "v" + dependency.version,
-                  indirect: dependency.requirements.empty?
-                }
-              }
-            )
-          end
-        end
-      rescue SharedHelpers::HelperSubprocessFailed => e
-        retry_count ||= 0
-        retry_count += 1
-        retry if transitory_failure?(e) && retry_count < 2
-        handle_subprocess_error(e)
-      end
-      def handle_subprocess_error(error)
-        if RESOLVABILITY_ERROR_REGEXES.any? { |rgx| error.message =~ rgx }
-          ResolvabilityErrors.handle(error.message, credentials: credentials)
-        end
-        raise
-      end
-      def transitory_failure?(error)
-        return true if error.message.include?("EOF")
-        error.message.include?("Internal Server Error")
-      end
       def latest_version_resolvable_with_full_unlock?
         # Full unlock checks aren't implemented for Go (yet)
         false
@@ -136,10 +90,6 @@ module Dependabot
         { type: "default", source: dependency.name }
       end
-      def go_mod
-        @go_mod ||= dependency_files.find { |f| f.name == "go.mod" }
-      end
       def git_commit_checker
         @git_commit_checker ||=
           GitCommitChecker.new(

data/lib/dependabot/go_modules/update_checker/latest_version_finder.rb ADDED Viewed

@@ -0,0 +1,147 @@
+# frozen_string_literal: true
+require "excon"
+require "dependabot/shared_helpers"
+require "dependabot/errors"
+require "dependabot/go_modules/requirement"
+require "dependabot/go_modules/resolvability_errors"
+module Dependabot
+  module GoModules
+    class UpdateChecker
+      class LatestVersionFinder
+        RESOLVABILITY_ERROR_REGEXES = [
+          # Package url/proxy doesn't include any redirect meta tags
+          /no go-import meta tags/,
+          # Package url 404s
+          /404 Not Found/,
+          /Repository not found/,
+          /unrecognized import path/
+        ].freeze
+        PSEUDO_VERSION_REGEX = /\b\d{14}-[0-9a-f]{12}$/.freeze
+        def initialize(dependency:, dependency_files:, credentials:,
+                       ignored_versions:, raise_on_ignored: false)
+          @dependency          = dependency
+          @dependency_files    = dependency_files
+          @credentials         = credentials
+          @ignored_versions    = ignored_versions
+          @raise_on_ignored    = raise_on_ignored
+        end
+        def latest_version
+          @latest_version ||= fetch_latest_version
+        end
+        private
+        attr_reader :dependency, :dependency_files, :credentials, :ignored_versions
+        def fetch_latest_version
+          return dependency.version if dependency.version =~ PSEUDO_VERSION_REGEX
+          candidate_versions = available_versions
+          candidate_versions = filter_prerelease_versions(candidate_versions)
+          candidate_versions = filter_lower_versions(candidate_versions)
+          candidate_versions = filter_ignored_versions(candidate_versions)
+          candidate_versions.max
+        end
+        def available_versions
+          SharedHelpers.in_a_temporary_directory do
+            SharedHelpers.with_git_configured(credentials: credentials) do
+              File.write("go.mod", go_mod.content)
+              # Turn off the module proxy for now, as it's causing issues with
+              # private git dependencies
+              env = { "GOPRIVATE" => "*" }
+              version_strings = SharedHelpers.run_helper_subprocess(
+                command: NativeHelpers.helper_path,
+                env: env,
+                function: "getVersions",
+                args: {
+                  dependency: {
+                    name: dependency.name,
+                    version: "v" + dependency.version,
+                  }
+                }
+              )
+              version_strings.select { |v| version_class.correct?(v) }
+                             .map { |v| version_class.new(v) }
+            end
+          end
+        rescue SharedHelpers::HelperSubprocessFailed => e
+          retry_count ||= 0
+          retry_count += 1
+          retry if transitory_failure?(e) && retry_count < 2
+          handle_subprocess_error(e)
+        end
+        def handle_subprocess_error(error)
+          if RESOLVABILITY_ERROR_REGEXES.any? { |rgx| error.message =~ rgx }
+            ResolvabilityErrors.handle(error.message, credentials: credentials)
+          end
+          raise
+        end
+        def transitory_failure?(error)
+          return true if error.message.include?("EOF")
+          error.message.include?("Internal Server Error")
+        end
+        def go_mod
+          @go_mod ||= dependency_files.find { |f| f.name == "go.mod" }
+        end
+        def filter_prerelease_versions(versions_array)
+          return versions_array if wants_prerelease?
+          versions_array.reject(&:prerelease?)
+        end
+        def filter_lower_versions(versions_array)
+          versions_array.
+            select { |version| version >= version_class.new(dependency.version) }
+        end
+        def filter_ignored_versions(versions_array)
+          filtered = versions_array.
+                     reject { |v| ignore_requirements.any? { |r| r.satisfied_by?(v) } }
+          raise AllVersionsIgnored if @raise_on_ignored && filtered.empty? && versions_array.any?
+          filtered
+        end
+        def wants_prerelease?
+          @wants_prerelease ||=
+            begin
+              current_version = dependency.version
+              current_version && version_class.correct?(current_version) &&
+                version_class.new(current_version).prerelease?
+            end
+        end
+        def ignore_requirements
+          ignored_versions.flat_map { |req| requirement_class.requirements_array(req) }
+        end
+        def requirement_class
+          Utils.requirement_class_for_package_manager(
+            dependency.package_manager
+          )
+        end
+        def version_class
+          Utils.version_class_for_package_manager(dependency.package_manager)
+        end
+      end
+    end
+  end
+end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-go_modules
 version: !ruby/object:Gem::Version
-  version: 0.143.4
+  version: 0.145.1
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-04-26 00:00:00.000000000 Z
+date: 2021-05-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.143.4
+        version: 0.145.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.143.4
+        version: 0.145.1
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
@@ -192,8 +192,6 @@ files:
 - helpers/importresolver/main.go
 - helpers/main.go
 - helpers/updatechecker/main.go
-- helpers/updater/go.mod
-- helpers/updater/go.sum
 - helpers/updater/helpers.go
 - helpers/updater/main.go
 - lib/dependabot/go_modules.rb
@@ -204,9 +202,11 @@ files:
 - lib/dependabot/go_modules/metadata_finder.rb
 - lib/dependabot/go_modules/native_helpers.rb
 - lib/dependabot/go_modules/path_converter.rb
+- lib/dependabot/go_modules/replace_stubber.rb
 - lib/dependabot/go_modules/requirement.rb
 - lib/dependabot/go_modules/resolvability_errors.rb
 - lib/dependabot/go_modules/update_checker.rb
+- lib/dependabot/go_modules/update_checker/latest_version_finder.rb
 - lib/dependabot/go_modules/version.rb
 homepage: https://github.com/dependabot/dependabot-core
 licenses:

data/helpers/updater/go.mod DELETED Viewed

@@ -1,3 +0,0 @@
-module github.com/dependabot/dependabot-core/helpers/go/updater
-require github.com/dependabot/gomodules-extracted v0.0.0-20181020215834-1b2f850478a3

data/helpers/updater/go.sum DELETED Viewed

	@@ -1,2 +0,0 @@
1	- github.com/dependabot/gomodules-extracted v0.0.0-20181020215834-1b2f850478a3 h1:Xj2leY0FVyZuo+p59vkIWG3dIqo+QtjskT5O1iTiywA=
2	- github.com/dependabot/gomodules-extracted v0.0.0-20181020215834-1b2f850478a3/go.mod h1:+dRXSrUymjpT4yzKtn1QmeknT1S/yAHRr35en18dHp8=