dependabot-go_modules 0.161.0 → 0.163.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/go.mod +1 -1
- data/helpers/go.sum +2 -2
- data/lib/dependabot/go_modules/file_parser.rb +29 -7
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 11af423613136b9709f2b02d91d8c2d0c1e129d405e07370760a357d4578a7a1
|
|
4
|
+
data.tar.gz: 6f0ec0aa75867c686a3b4ddcbdb82948f03daf6ca33710741623b69d69f5c48f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3f48e2d80de95069e219f79c0e0d597b69c6c19db2969cce03f4b8edeef4324dadc1c4841a271e9305baf22e6f4727aa0b31f244869bd89865a4f833973bd91b
|
|
7
|
+
data.tar.gz: 03cb5281e811b8a2a1f6429f1eb13faf61d34993bed2e28991d48431f4397ef7d5167e12b1911e4c45846d85dcf5dc20d419e18f8a431f12691a150a41d0309d
|
data/helpers/go.mod
CHANGED
data/helpers/go.sum
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
github.com/Masterminds/vcs v1.13.1 h1:NL3G1X7/7xduQtA2sJLpVpfHTNBALVNSjob6KEjPXNQ=
|
|
2
2
|
github.com/Masterminds/vcs v1.13.1/go.mod h1:N09YCmOQr6RLxC6UNHzuVwAdodYbbnycGHSmwVJjcKA=
|
|
3
|
-
github.com/dependabot/gomodules-extracted v1.4.
|
|
4
|
-
github.com/dependabot/gomodules-extracted v1.4.
|
|
3
|
+
github.com/dependabot/gomodules-extracted v1.4.2 h1:3IxvHARuuSojSNUHguc6kzWgs+uQN3fdRCowJMU1kDE=
|
|
4
|
+
github.com/dependabot/gomodules-extracted v1.4.2/go.mod h1:cpzrmDX1COyhSDQXHfkRMw0STb0vmguBFqmrkr51h1I=
|
|
5
5
|
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
|
|
6
6
|
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 h1:ObdrDkeb4kJdCP557AjRjq69pTHfNouLtWZG7j9rPN8=
|
|
7
7
|
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
|
|
@@ -52,7 +52,7 @@ module Dependabot
|
|
|
52
52
|
Dependency.new(
|
|
53
53
|
name: details["Path"],
|
|
54
54
|
version: version,
|
|
55
|
-
requirements: details["Indirect"] ? [] : reqs,
|
|
55
|
+
requirements: details["Indirect"] || dependency_is_replaced(details) ? [] : reqs,
|
|
56
56
|
package_manager: "go_modules"
|
|
57
57
|
)
|
|
58
58
|
end
|
|
@@ -92,6 +92,15 @@ module Dependabot
|
|
|
92
92
|
|
|
93
93
|
def local_replacements
|
|
94
94
|
@local_replacements ||=
|
|
95
|
+
# Find all the local replacements, and return them with a stub path
|
|
96
|
+
# we can use in their place. Using generated paths is safer as it
|
|
97
|
+
# means we don't need to worry about references to parent
|
|
98
|
+
# directories, etc.
|
|
99
|
+
ReplaceStubber.new(repo_contents_path).stub_paths(manifest, go_mod.directory)
|
|
100
|
+
end
|
|
101
|
+
|
|
102
|
+
def manifest
|
|
103
|
+
@manifest ||=
|
|
95
104
|
SharedHelpers.in_a_temporary_directory do |path|
|
|
96
105
|
File.write("go.mod", go_mod.content)
|
|
97
106
|
|
|
@@ -106,12 +115,7 @@ module Dependabot
|
|
|
106
115
|
stdout, stderr, status = Open3.capture3(env, command)
|
|
107
116
|
handle_parser_error(path, stderr) unless status.success?
|
|
108
117
|
|
|
109
|
-
|
|
110
|
-
# we can use in their place. Using generated paths is safer as it
|
|
111
|
-
# means we don't need to worry about references to parent
|
|
112
|
-
# directories, etc.
|
|
113
|
-
manifest = JSON.parse(stdout)
|
|
114
|
-
ReplaceStubber.new(repo_contents_path).stub_paths(manifest, go_mod.directory)
|
|
118
|
+
JSON.parse(stdout)
|
|
115
119
|
end
|
|
116
120
|
end
|
|
117
121
|
|
|
@@ -172,6 +176,24 @@ module Dependabot
|
|
|
172
176
|
false
|
|
173
177
|
end
|
|
174
178
|
end
|
|
179
|
+
|
|
180
|
+
def dependency_is_replaced(details)
|
|
181
|
+
# Mark dependency as replaced if the requested dependency has a
|
|
182
|
+
# "replace" directive and that either has the same version, or no
|
|
183
|
+
# version mentioned. This mimics the behaviour of go get -u, and
|
|
184
|
+
# prevents that we change dependency versions without any impact since
|
|
185
|
+
# the actual version that is being imported is defined by the replace
|
|
186
|
+
# directive.
|
|
187
|
+
if manifest["Replace"]
|
|
188
|
+
dep_replace = manifest["Replace"].find do |replace|
|
|
189
|
+
replace["Old"]["Path"] == details["Path"] &&
|
|
190
|
+
(!replace["Old"]["Version"] || replace["Old"]["Version"] == details["Version"])
|
|
191
|
+
end
|
|
192
|
+
|
|
193
|
+
return true if dep_replace
|
|
194
|
+
end
|
|
195
|
+
false
|
|
196
|
+
end
|
|
175
197
|
end
|
|
176
198
|
end
|
|
177
199
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-go_modules
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.163.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-10-07 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.163.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.163.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|