RubyGems - dependabot-go_modules - Versions diffs - 0.157.1 → 0.159.1 - Mend

dependabot-go_modules 0.157.1 → 0.159.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

checksums.yaml +4 -4
data/lib/dependabot/go_modules/file_updater/go_mod_updater.rb +7 -5
data/lib/dependabot/go_modules/resolvability_errors.rb +1 -1
metadata +4 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 359cce2a13b917a7df9dc80697a18ddc5b631c9a21bfd1d42ea745a5a6f6a2b9
-  data.tar.gz: ec474b1977871a8f9386af330b5d808316224c0716a1ac495aca5bab645dd1ad
+  metadata.gz: b11213f416c5225bc46bdb8674a23e4b548b96dcdc222a6e95dd208f1f773db8
+  data.tar.gz: 87ed3830ec3854ffa063ef96643dcd191465cd1194295e3254564592a655e415
 SHA512:
-  metadata.gz: d14ac5f2003e95d1a3b1abf0c37f619e52e4589c227547f69021544961d6a0260e64061bf28624a37ac6387376190fbc93d6b7ea69032686927637f3df1e96a8
-  data.tar.gz: aa4fde5d130048d28c50fbf34af6b000f43ac852c3023a2cb278b42ba7b8d2fb8ec330ef187d2fe21031cc319e2f521e72db1f14f421a522a3cb9c8910b06fb3
+  metadata.gz: 2621ca0ed607cce5e1792a2ee35db2076425e3c11e9bf318233dffb42a21195cdeaff4d06479af7ec19427f06f0b8a9f3eeac9379dbc9d57ecf25a54933a36cd
+  data.tar.gz: b03bd0204ac46169fbb3edfb74473641a6da24052f4b1c53e3e559039d0bd28f7c11526f5ef086053c8bbd34f8a84f488e45c8bfb6eeecd8b9ac1948e5f8c2db

data/lib/dependabot/go_modules/file_updater/go_mod_updater.rb CHANGED Viewed

@@ -25,7 +25,7 @@ module Dependabot
           /fatal: The remote end hung up unexpectedly/,
           /repository '.+' not found/,
           # (Private) module could not be fetched
-          /go: .*: git fetch .*: exit status 128/.freeze,
+          /go: .*: git fetch .*: exit status 128/m.freeze,
           # (Private) module could not be found
           /cannot find module providing package/.freeze,
           # Package in module was likely renamed or removed
@@ -172,6 +172,8 @@ module Dependabot
             version = "v" + dep.version.sub(/^v/i, "")
             command << " #{dep.name}@#{version}"
           end
+          command = SharedHelpers.escape_command(command)
           _, stderr, status = Open3.capture3(ENVIRONMENT, command)
           handle_subprocess_error(stderr) unless status.success?
         ensure
@@ -237,6 +239,10 @@ module Dependabot
             raise Dependabot::DependencyFileNotResolvable, error_message
           end
+          if (matches = stderr.match(/Authentication failed for '(?<url>.+)'/))
+            raise Dependabot::PrivateSourceAuthenticationFailure, matches[:url]
+          end
           repo_error_regex = REPO_RESOLVABILITY_ERROR_REGEXES.find { |r| stderr =~ r }
           if repo_error_regex
             error_message = filter_error_message(message: stderr, regex: repo_error_regex)
@@ -256,10 +262,6 @@ module Dependabot
             raise Dependabot::OutOfDisk.new, error_message
           end
-          if (matches = stderr.match(/Authentication failed for '(?<url>.+)'/))
-            raise Dependabot::PrivateSourceAuthenticationFailure, matches[:url]
-          end
           # We don't know what happened so we raise a generic error
           msg = stderr.lines.last(10).join.strip
           raise Dependabot::DependabotError, msg

data/lib/dependabot/go_modules/resolvability_errors.rb CHANGED Viewed

@@ -6,7 +6,7 @@ module Dependabot
       GITHUB_REPO_REGEX = %r{github.com/[^:@]*}.freeze
       def self.handle(message, credentials:)
-        mod_path = message.scan(GITHUB_REPO_REGEX).first
+        mod_path = message.scan(GITHUB_REPO_REGEX).last
         raise Dependabot::DependencyFileNotResolvable, message unless mod_path
         # Module not found on github.com - query for _any_ version to know if it

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-go_modules
 version: !ruby/object:Gem::Version
-  version: 0.157.1
+  version: 0.159.1
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-07-27 00:00:00.000000000 Z
+date: 2021-08-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.157.1
+        version: 0.159.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.157.1
+        version: 0.159.1
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement