dependabot-go_modules 0.143.5 → 0.145.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/go.mod +1 -1
  3. data/helpers/go.sum +2 -2
  4. data/helpers/main.go +3 -3
  5. data/helpers/updatechecker/main.go +13 -37
  6. data/lib/dependabot/go_modules/file_parser.rb +15 -6
  7. data/lib/dependabot/go_modules/file_updater/go_mod_updater.rb +5 -34
  8. data/lib/dependabot/go_modules/replace_stubber.rb +55 -0
  9. data/lib/dependabot/go_modules/update_checker.rb +8 -58
  10. data/lib/dependabot/go_modules/update_checker/latest_version_finder.rb +147 -0
  11. metadata +8 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9e7f7d52aa2101f758f1b5041a69ec480f43b6afa40cbcc466a2a4ca7c6c5f1d
4
- data.tar.gz: bc50731b3e23f20bfd368fcad0beeb11ce84ff1d8ebefcb7379d04a6454a8555
3
+ metadata.gz: b779c3bba35dda1f0f11bc48c930bc8123cb64b7b43b97091edbf3c708b5fe09
4
+ data.tar.gz: b702947eeaa5b11b30388acaf39d844f892c52b8c441fedadc22d46670dfee82
5
5
  SHA512:
6
- metadata.gz: 823c06ca3d150db110e23bbb06940993af989fb57b401dbe4739f557c86da2ed4dd1494054a7dbc7723cbe063d3813cdd66d55c78fcc3f18eeb25a4a66db5d67
7
- data.tar.gz: a86a90214f579be6cc32c6a1932d2db80ef3925e2418b627a5fdc412e005a68953f379783a4246e536574a91c05b8ffeb043e7c29ddf370fe41d2f425badd975
6
+ metadata.gz: 6666a43f964189b6cf3e7a1db3f50de3dbac26036c1c451992247ebe315594cf3a7d71b94e5b580e4cfb52c00b3ad8ccc9cb92cb342b1484471779a58bc8a83a
7
+ data.tar.gz: 9c6156ab6fae18da32f57ee48ed3e15d152a6c474ba3a9e45ef7bbff8a7e71d42f018f9637d2a99b9026e741cd27f44d23cb7dba270907f157df4f85591cd218
data/helpers/go.mod CHANGED
@@ -4,6 +4,6 @@ go 1.16
4
4
 
5
5
  require (
6
6
  github.com/Masterminds/vcs v1.13.1
7
- github.com/dependabot/gomodules-extracted v1.2.0
7
+ github.com/dependabot/gomodules-extracted v1.3.0
8
8
  golang.org/x/mod v0.4.2
9
9
  )
data/helpers/go.sum CHANGED
@@ -1,7 +1,7 @@
1
1
  github.com/Masterminds/vcs v1.13.1 h1:NL3G1X7/7xduQtA2sJLpVpfHTNBALVNSjob6KEjPXNQ=
2
2
  github.com/Masterminds/vcs v1.13.1/go.mod h1:N09YCmOQr6RLxC6UNHzuVwAdodYbbnycGHSmwVJjcKA=
3
- github.com/dependabot/gomodules-extracted v1.2.0 h1:K/gTyOyhasOt4cjULvOPNiD3MAFGytp4F7e39aB+0Y0=
4
- github.com/dependabot/gomodules-extracted v1.2.0/go.mod h1:3NWkH8KcZVDM87JuZI8hCZzYbjfUSz98EZI53qjgMgY=
3
+ github.com/dependabot/gomodules-extracted v1.3.0 h1:Rsnl5uR+wjE+7ontePia/B3p48aBRsyEhyNrzCwbkaw=
4
+ github.com/dependabot/gomodules-extracted v1.3.0/go.mod h1:cpzrmDX1COyhSDQXHfkRMw0STb0vmguBFqmrkr51h1I=
5
5
  golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
6
6
  golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 h1:ObdrDkeb4kJdCP557AjRjq69pTHfNouLtWZG7j9rPN8=
7
7
  golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
data/helpers/main.go CHANGED
@@ -33,10 +33,10 @@ func main() {
33
33
  funcErr error
34
34
  )
35
35
  switch helperParams.Function {
36
- case "getUpdatedVersion":
36
+ case "getVersions":
37
37
  var args updatechecker.Args
38
38
  parseArgs(helperParams.Args, &args)
39
- funcOut, funcErr = updatechecker.GetUpdatedVersion(&args)
39
+ funcOut, funcErr = updatechecker.GetVersions(&args)
40
40
  case "updateDependencyFile":
41
41
  var args updater.Args
42
42
  parseArgs(helperParams.Args, &args)
@@ -46,7 +46,7 @@ func main() {
46
46
  parseArgs(helperParams.Args, &args)
47
47
  funcOut, funcErr = importresolver.VCSRemoteForImport(&args)
48
48
  default:
49
- abort(fmt.Errorf("Unrecognised function '%s'", helperParams.Function))
49
+ abort(fmt.Errorf("unrecognised function '%s'", helperParams.Function))
50
50
  }
51
51
 
52
52
  if funcErr != nil {
data/helpers/updatechecker/main.go CHANGED
@@ -1,9 +1,9 @@
1
1
  package updatechecker
2
2
 
3
3
  import (
4
+ "context"
4
5
  "errors"
5
6
  "io/ioutil"
6
- "regexp"
7
7
 
8
8
  "github.com/dependabot/gomodules-extracted/cmd/go/_internal_/modfetch"
9
9
  "github.com/dependabot/gomodules-extracted/cmd/go/_internal_/modload"
@@ -11,44 +11,27 @@ import (
11
11
  "golang.org/x/mod/semver"
12
12
  )
13
13
 
14
- var (
15
- pseudoVersionRegexp = regexp.MustCompile(`\b\d{14}-[0-9a-f]{12}$`)
16
- )
17
-
18
14
  type Dependency struct {
19
- Name string `json:"name"`
20
- Version string `json:"version"`
21
- Indirect bool `json:"indirect"`
22
- }
23
-
24
- type IgnoreRange struct {
25
- MinVersionInclusive string `json:"min_version_inclusive"`
26
- MaxVersionExclusive string `json:"max_version_exclusive"`
15
+ Name string `json:"name"`
16
+ Version string `json:"version"`
27
17
  }
28
18
 
29
19
  type Args struct {
30
- Dependency *Dependency `json:"dependency"`
31
- IgnoreRanges []*IgnoreRange `json:"ignore_ranges"`
20
+ Dependency *Dependency `json:"dependency"`
32
21
  }
33
22
 
34
- func GetUpdatedVersion(args *Args) (interface{}, error) {
23
+ // GetVersions returns a list of versions for the given dependency that
24
+ // are within the same major version.
25
+ func GetVersions(args *Args) (interface{}, error) {
35
26
  if args.Dependency == nil {
36
27
  return nil, errors.New("Expected args.dependency to not be nil")
37
28
  }
38
29
 
39
30
  currentVersion := args.Dependency.Version
40
- currentPrerelease := semver.Prerelease(currentVersion)
41
- if pseudoVersionRegexp.MatchString(currentPrerelease) {
42
- return currentVersion, nil
43
- }
44
-
45
- modload.InitMod()
46
31
 
47
- repo, err := modfetch.Lookup("direct", args.Dependency.Name)
48
- if err != nil {
49
- return nil, err
50
- }
32
+ modload.LoadModFile(context.Background())
51
33
 
34
+ repo := modfetch.Lookup("direct", args.Dependency.Name)
52
35
  versions, err := repo.Versions("")
53
36
  if err != nil {
54
37
  return nil, err
@@ -60,7 +43,8 @@ func GetUpdatedVersion(args *Args) (interface{}, error) {
60
43
  }
61
44
 
62
45
  currentMajor := semver.Major(currentVersion)
63
- latestVersion := args.Dependency.Version
46
+
47
+ var candidateVersions []string
64
48
 
65
49
  Outer:
66
50
  for _, v := range versions {
@@ -68,24 +52,16 @@ Outer:
68
52
  continue
69
53
  }
70
54
 
71
- if semver.Compare(v, latestVersion) < 1 {
72
- continue
73
- }
74
-
75
- if currentPrerelease == "" && semver.Prerelease(v) != "" {
76
- continue
77
- }
78
-
79
55
  for _, exclude := range excludes {
80
56
  if v == exclude {
81
57
  continue Outer
82
58
  }
83
59
  }
84
60
 
85
- latestVersion = v
61
+ candidateVersions = append(candidateVersions, v)
86
62
  }
87
63
 
88
- return latestVersion, nil
64
+ return candidateVersions, nil
89
65
  }
90
66
 
91
67
  func goModExcludes(dependency string) ([]string, error) {
data/lib/dependabot/go_modules/file_parser.rb CHANGED
@@ -4,6 +4,7 @@ require "open3"
4
4
  require "dependabot/dependency"
5
5
  require "dependabot/file_parsers/base/dependency_set"
6
6
  require "dependabot/go_modules/path_converter"
7
+ require "dependabot/go_modules/replace_stubber"
7
8
  require "dependabot/errors"
8
9
  require "dependabot/file_parsers"
9
10
  require "dependabot/file_parsers/base"
@@ -17,7 +18,7 @@ module Dependabot
17
18
  dependency_set = Dependabot::FileParsers::Base::DependencySet.new
18
19
 
19
20
  required_packages.each do |dep|
20
- dependency_set << dependency_from_details(dep) unless dep["Indirect"]
21
+ dependency_set << dependency_from_details(dep) unless skip_dependency?(dep)
21
22
  end
22
23
 
23
24
  dependency_set.dependencies
@@ -109,11 +110,8 @@ module Dependabot
109
110
  # we can use in their place. Using generated paths is safer as it
110
111
  # means we don't need to worry about references to parent
111
112
  # directories, etc.
112
- (JSON.parse(stdout)["Replace"] || []).
113
- map { |r| r["New"]["Path"] }.
114
- compact.
115
- select { |p| p.start_with?(".") || p.start_with?("/") }.
116
- map { |p| [p, "./" + Digest::SHA2.hexdigest(p)] }
113
+ manifest = JSON.parse(stdout)
114
+ ReplaceStubber.new(repo_contents_path).stub_paths(manifest, go_mod.directory)
117
115
  end
118
116
  end
119
117
 
@@ -163,6 +161,17 @@ module Dependabot
163
161
 
164
162
  raw_version.match(GIT_VERSION_REGEX).named_captures.fetch("sha")
165
163
  end
164
+
165
+ def skip_dependency?(dep)
166
+ return true if dep["Indirect"]
167
+
168
+ begin
169
+ path_uri = URI.parse("https://#{dep['Path']}")
170
+ !path_uri.host.include?(".")
171
+ rescue URI::InvalidURIError
172
+ false
173
+ end
174
+ end
166
175
  end
167
176
  end
168
177
  end
data/lib/dependabot/go_modules/file_updater/go_mod_updater.rb CHANGED
@@ -4,6 +4,7 @@ require "dependabot/shared_helpers"
4
4
  require "dependabot/errors"
5
5
  require "dependabot/go_modules/file_updater"
6
6
  require "dependabot/go_modules/native_helpers"
7
+ require "dependabot/go_modules/replace_stubber"
7
8
  require "dependabot/go_modules/resolvability_errors"
8
9
 
9
10
  module Dependabot
@@ -38,10 +39,9 @@ module Dependabot
38
39
  ].freeze
39
40
 
40
41
  MODULE_PATH_MISMATCH_REGEXES = [
41
- /go get: \S+ updating to\n\s+\S+\sparsing\sgo.mod:\n\s+module declares its path as: \S+\n\s+but was required as: \S+/,
42
42
  /go: ([^@\s]+)(?:@[^\s]+)?: .* has non-.* module path "(.*)" at/,
43
43
  /go: ([^@\s]+)(?:@[^\s]+)?: .* unexpected module path "(.*)"/,
44
- /go: ([^@\s]+)(?:@[^\s]+)?: .* declares its path as: ([\S]*)/m
44
+ /go(?: get)?: ([^@\s]+)(?:@[^\s]+)?:? .* declares its path as: ([\S]*)/m
45
45
  ].freeze
46
46
 
47
47
  OUT_OF_DISK_REGEXES = [
@@ -222,37 +222,8 @@ module Dependabot
222
222
  # process afterwards.
223
223
  def replace_directive_substitutions(manifest)
224
224
  @replace_directive_substitutions ||=
225
- (manifest["Replace"] || []).
226
- map { |r| r["New"]["Path"] }.
227
- compact.
228
- select { |p| stub_replace_path?(p) }.
229
- map { |p| [p, "./" + Digest::SHA2.hexdigest(p)] }.
230
- to_h
231
- end
232
-
233
- # returns true if the provided path should be replaced with a stub
234
- def stub_replace_path?(path)
235
- return true if absolute_path?(path)
236
- return false unless relative_replacement_path?(path)
237
-
238
- resolved_path = module_pathname.join(path).realpath
239
- inside_repo_contents_path = resolved_path.to_s.start_with?(repo_contents_path.to_s)
240
- !inside_repo_contents_path
241
- rescue Errno::ENOENT
242
- true
243
- end
244
-
245
- def absolute_path?(path)
246
- path.start_with?("/")
247
- end
248
-
249
- def relative_replacement_path?(path)
250
- # https://golang.org/ref/mod#go-mod-file-replace
251
- path.start_with?("./") || path.start_with?("../")
252
- end
253
-
254
- def module_pathname
255
- @module_pathname ||= Pathname.new(repo_contents_path).join(directory.sub(%r{^/}, ""))
225
+ Dependabot::GoModules::ReplaceStubber.new(repo_contents_path).
226
+ stub_paths(manifest, directory)
256
227
  end
257
228
 
258
229
  def substitute_all(substitutions)
@@ -263,7 +234,7 @@ module Dependabot
263
234
  write_go_mod(body)
264
235
  end
265
236
 
266
- def handle_subprocess_error(stderr)
237
+ def handle_subprocess_error(stderr) # rubocop:disable Metrics/AbcSize
267
238
  stderr = stderr.gsub(Dir.getwd, "")
268
239
 
269
240
  # Package version doesn't match the module major version
data/lib/dependabot/go_modules/replace_stubber.rb ADDED
@@ -0,0 +1,55 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Dependabot
4
+ module GoModules
5
+ # Given a go.mod file, find all `replace` directives pointing to a path
6
+ # on the local filesystem outside of the current checkout, and return a hash
7
+ # mapping the original path to a hash of the path.
8
+ #
9
+ # This lets us substitute all parts of the go.mod that are dependent on
10
+ # the layout of the filesystem with a structure we can reproduce (i.e.
11
+ # no paths such as ../../../foo), run the Go tooling, then reverse the
12
+ # process afterwards.
13
+ class ReplaceStubber
14
+ def initialize(repo_contents_path)
15
+ @repo_contents_path = repo_contents_path
16
+ end
17
+
18
+ def stub_paths(manifest, directory)
19
+ (manifest["Replace"] || []).
20
+ map { |r| r["New"]["Path"] }.
21
+ compact.
22
+ select { |p| stub_replace_path?(p, directory) }.
23
+ map { |p| [p, "./" + Digest::SHA2.hexdigest(p)] }.
24
+ to_h
25
+ end
26
+
27
+ private
28
+
29
+ def stub_replace_path?(path, directory)
30
+ return true if absolute_path?(path)
31
+ return false unless relative_replacement_path?(path)
32
+ return true if @repo_contents_path.nil?
33
+
34
+ resolved_path = module_pathname(directory).join(path).realpath
35
+ inside_repo_contents_path = resolved_path.to_s.start_with?(@repo_contents_path.to_s)
36
+ !inside_repo_contents_path
37
+ rescue Errno::ENOENT
38
+ true
39
+ end
40
+
41
+ def absolute_path?(path)
42
+ path.start_with?("/")
43
+ end
44
+
45
+ def relative_replacement_path?(path)
46
+ # https://golang.org/ref/mod#go-mod-file-replace
47
+ path.start_with?("./") || path.start_with?("../")
48
+ end
49
+
50
+ def module_pathname(directory)
51
+ @module_pathname ||= Pathname.new(@repo_contents_path).join(directory.sub(%r{^/}, ""))
52
+ end
53
+ end
54
+ end
55
+ end
data/lib/dependabot/go_modules/update_checker.rb CHANGED
@@ -5,19 +5,12 @@ require "dependabot/update_checkers/base"
5
5
  require "dependabot/shared_helpers"
6
6
  require "dependabot/errors"
7
7
  require "dependabot/go_modules/native_helpers"
8
- require "dependabot/go_modules/resolvability_errors"
9
8
  require "dependabot/go_modules/version"
10
9
 
11
10
  module Dependabot
12
11
  module GoModules
13
12
  class UpdateChecker < Dependabot::UpdateCheckers::Base
14
- RESOLVABILITY_ERROR_REGEXES = [
15
- # Package url/proxy doesn't include any redirect meta tags
16
- /no go-import meta tags/,
17
- # Package url 404s
18
- /404 Not Found/,
19
- /Repository not found/
20
- ].freeze
13
+ require_relative "update_checker/latest_version_finder"
21
14
 
22
15
  def latest_resolvable_version
23
16
  # We don't yet support updating indirect dependencies for go_modules
@@ -32,7 +25,13 @@ module Dependabot
32
25
  end
33
26
 
34
27
  @latest_resolvable_version ||=
35
- version_class.new(find_latest_resolvable_version.gsub(/^v/, ""))
28
+ LatestVersionFinder.new(
29
+ dependency: dependency,
30
+ dependency_files: dependency_files,
31
+ credentials: credentials,
32
+ ignored_versions: ignored_versions,
33
+ raise_on_ignored: raise_on_ignored
34
+ ).latest_version
36
35
  end
37
36
 
38
37
  # This is currently used to short-circuit latest_resolvable_version,
@@ -55,51 +54,6 @@ module Dependabot
55
54
 
56
55
  private
57
56
 
58
- def find_latest_resolvable_version
59
- SharedHelpers.in_a_temporary_directory do
60
- SharedHelpers.with_git_configured(credentials: credentials) do
61
- File.write("go.mod", go_mod.content)
62
-
63
- # Turn off the module proxy for now, as it's causing issues with
64
- # private git dependencies
65
- env = { "GOPRIVATE" => "*" }
66
-
67
- SharedHelpers.run_helper_subprocess(
68
- command: NativeHelpers.helper_path,
69
- env: env,
70
- function: "getUpdatedVersion",
71
- args: {
72
- dependency: {
73
- name: dependency.name,
74
- version: "v" + dependency.version,
75
- indirect: dependency.requirements.empty?
76
- }
77
- }
78
- )
79
- end
80
- end
81
- rescue SharedHelpers::HelperSubprocessFailed => e
82
- retry_count ||= 0
83
- retry_count += 1
84
- retry if transitory_failure?(e) && retry_count < 2
85
-
86
- handle_subprocess_error(e)
87
- end
88
-
89
- def handle_subprocess_error(error)
90
- if RESOLVABILITY_ERROR_REGEXES.any? { |rgx| error.message =~ rgx }
91
- ResolvabilityErrors.handle(error.message, credentials: credentials)
92
- end
93
-
94
- raise
95
- end
96
-
97
- def transitory_failure?(error)
98
- return true if error.message.include?("EOF")
99
-
100
- error.message.include?("Internal Server Error")
101
- end
102
-
103
57
  def latest_version_resolvable_with_full_unlock?
104
58
  # Full unlock checks aren't implemented for Go (yet)
105
59
  false
@@ -136,10 +90,6 @@ module Dependabot
136
90
  { type: "default", source: dependency.name }
137
91
  end
138
92
 
139
- def go_mod
140
- @go_mod ||= dependency_files.find { |f| f.name == "go.mod" }
141
- end
142
-
143
93
  def git_commit_checker
144
94
  @git_commit_checker ||=
145
95
  GitCommitChecker.new(
data/lib/dependabot/go_modules/update_checker/latest_version_finder.rb ADDED
@@ -0,0 +1,147 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "excon"
4
+
5
+ require "dependabot/shared_helpers"
6
+ require "dependabot/errors"
7
+ require "dependabot/go_modules/requirement"
8
+ require "dependabot/go_modules/resolvability_errors"
9
+
10
+ module Dependabot
11
+ module GoModules
12
+ class UpdateChecker
13
+ class LatestVersionFinder
14
+ RESOLVABILITY_ERROR_REGEXES = [
15
+ # Package url/proxy doesn't include any redirect meta tags
16
+ /no go-import meta tags/,
17
+ # Package url 404s
18
+ /404 Not Found/,
19
+ /Repository not found/,
20
+ /unrecognized import path/
21
+ ].freeze
22
+ PSEUDO_VERSION_REGEX = /\b\d{14}-[0-9a-f]{12}$/.freeze
23
+
24
+ def initialize(dependency:, dependency_files:, credentials:,
25
+ ignored_versions:, raise_on_ignored: false)
26
+ @dependency = dependency
27
+ @dependency_files = dependency_files
28
+ @credentials = credentials
29
+ @ignored_versions = ignored_versions
30
+ @raise_on_ignored = raise_on_ignored
31
+ end
32
+
33
+ def latest_version
34
+ @latest_version ||= fetch_latest_version
35
+ end
36
+
37
+ private
38
+
39
+ attr_reader :dependency, :dependency_files, :credentials, :ignored_versions
40
+
41
+ def fetch_latest_version
42
+ return dependency.version if dependency.version =~ PSEUDO_VERSION_REGEX
43
+
44
+ candidate_versions = available_versions
45
+ candidate_versions = filter_prerelease_versions(candidate_versions)
46
+ candidate_versions = filter_lower_versions(candidate_versions)
47
+ candidate_versions = filter_ignored_versions(candidate_versions)
48
+
49
+ candidate_versions.max
50
+ end
51
+
52
+ def available_versions
53
+ SharedHelpers.in_a_temporary_directory do
54
+ SharedHelpers.with_git_configured(credentials: credentials) do
55
+ File.write("go.mod", go_mod.content)
56
+
57
+ # Turn off the module proxy for now, as it's causing issues with
58
+ # private git dependencies
59
+ env = { "GOPRIVATE" => "*" }
60
+
61
+ version_strings = SharedHelpers.run_helper_subprocess(
62
+ command: NativeHelpers.helper_path,
63
+ env: env,
64
+ function: "getVersions",
65
+ args: {
66
+ dependency: {
67
+ name: dependency.name,
68
+ version: "v" + dependency.version
69
+ }
70
+ }
71
+ )
72
+
73
+ version_strings.select { |v| version_class.correct?(v) }.
74
+ map { |v| version_class.new(v) }
75
+ end
76
+ end
77
+ rescue SharedHelpers::HelperSubprocessFailed => e
78
+ retry_count ||= 0
79
+ retry_count += 1
80
+ retry if transitory_failure?(e) && retry_count < 2
81
+
82
+ handle_subprocess_error(e)
83
+ end
84
+
85
+ def handle_subprocess_error(error)
86
+ if RESOLVABILITY_ERROR_REGEXES.any? { |rgx| error.message =~ rgx }
87
+ ResolvabilityErrors.handle(error.message, credentials: credentials)
88
+ end
89
+
90
+ raise
91
+ end
92
+
93
+ def transitory_failure?(error)
94
+ return true if error.message.include?("EOF")
95
+
96
+ error.message.include?("Internal Server Error")
97
+ end
98
+
99
+ def go_mod
100
+ @go_mod ||= dependency_files.find { |f| f.name == "go.mod" }
101
+ end
102
+
103
+ def filter_prerelease_versions(versions_array)
104
+ return versions_array if wants_prerelease?
105
+
106
+ versions_array.reject(&:prerelease?)
107
+ end
108
+
109
+ def filter_lower_versions(versions_array)
110
+ versions_array.
111
+ select { |version| version >= version_class.new(dependency.version) }
112
+ end
113
+
114
+ def filter_ignored_versions(versions_array)
115
+ filtered = versions_array.
116
+ reject { |v| ignore_requirements.any? { |r| r.satisfied_by?(v) } }
117
+ raise AllVersionsIgnored if @raise_on_ignored && filtered.empty? && versions_array.any?
118
+
119
+ filtered
120
+ end
121
+
122
+ def wants_prerelease?
123
+ @wants_prerelease ||=
124
+ begin
125
+ current_version = dependency.version
126
+ current_version && version_class.correct?(current_version) &&
127
+ version_class.new(current_version).prerelease?
128
+ end
129
+ end
130
+
131
+ def ignore_requirements
132
+ ignored_versions.flat_map { |req| requirement_class.requirements_array(req) }
133
+ end
134
+
135
+ def requirement_class
136
+ Utils.requirement_class_for_package_manager(
137
+ dependency.package_manager
138
+ )
139
+ end
140
+
141
+ def version_class
142
+ Utils.version_class_for_package_manager(dependency.package_manager)
143
+ end
144
+ end
145
+ end
146
+ end
147
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-go_modules
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.143.5
4
+ version: 0.145.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-04-29 00:00:00.000000000 Z
11
+ date: 2021-05-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.143.5
19
+ version: 0.145.2
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.143.5
26
+ version: 0.145.2
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -100,14 +100,14 @@ dependencies:
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: 1.13.0
103
+ version: 1.14.0
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: 1.13.0
110
+ version: 1.14.0
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: simplecov
113
113
  requirement: !ruby/object:Gem::Requirement
@@ -202,9 +202,11 @@ files:
202
202
  - lib/dependabot/go_modules/metadata_finder.rb
203
203
  - lib/dependabot/go_modules/native_helpers.rb
204
204
  - lib/dependabot/go_modules/path_converter.rb
205
+ - lib/dependabot/go_modules/replace_stubber.rb
205
206
  - lib/dependabot/go_modules/requirement.rb
206
207
  - lib/dependabot/go_modules/resolvability_errors.rb
207
208
  - lib/dependabot/go_modules/update_checker.rb
209
+ - lib/dependabot/go_modules/update_checker/latest_version_finder.rb
208
210
  - lib/dependabot/go_modules/version.rb
209
211
  homepage: https://github.com/dependabot/dependabot-core
210
212
  licenses: