dependabot-go_modules 0.162.0 → 0.163.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/go.mod +2 -2
- data/helpers/go.sum +4 -4
- data/lib/dependabot/go_modules/file_parser.rb +29 -7
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: bdfb4eacbdae87ba38737db94e4e51fe552a0c69aa19e31031be52d0ac8f59c0
|
|
4
|
+
data.tar.gz: 0b1e28c6038a99ce129e44789da9aa5e0bba283505cf3c7a836ff6828a3513a8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 67100787e080baccd6fd10b1c047ea26d8218afae2b8973be38bd7b73ee0a179e9b3cb612ed0eace940f51b4f510ad52bae28f827d07dd812de2332231a07a75
|
|
7
|
+
data.tar.gz: 29d8ab45efd54e572b6afee6bccf6d224a2b39ece979f4d5f35fdfb1c203724fee2182f2d2676765370f0b8e519cefe3e129ff63d5be1cff8a90dae0ad5d54b7
|
data/helpers/go.mod
CHANGED
data/helpers/go.sum
CHANGED
|
@@ -1,12 +1,12 @@
|
|
|
1
1
|
github.com/Masterminds/vcs v1.13.1 h1:NL3G1X7/7xduQtA2sJLpVpfHTNBALVNSjob6KEjPXNQ=
|
|
2
2
|
github.com/Masterminds/vcs v1.13.1/go.mod h1:N09YCmOQr6RLxC6UNHzuVwAdodYbbnycGHSmwVJjcKA=
|
|
3
|
-
github.com/dependabot/gomodules-extracted v1.4.
|
|
4
|
-
github.com/dependabot/gomodules-extracted v1.4.
|
|
3
|
+
github.com/dependabot/gomodules-extracted v1.4.2 h1:3IxvHARuuSojSNUHguc6kzWgs+uQN3fdRCowJMU1kDE=
|
|
4
|
+
github.com/dependabot/gomodules-extracted v1.4.2/go.mod h1:cpzrmDX1COyhSDQXHfkRMw0STb0vmguBFqmrkr51h1I=
|
|
5
5
|
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
|
|
6
6
|
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 h1:ObdrDkeb4kJdCP557AjRjq69pTHfNouLtWZG7j9rPN8=
|
|
7
7
|
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
|
|
8
|
-
golang.org/x/mod v0.5.
|
|
9
|
-
golang.org/x/mod v0.5.
|
|
8
|
+
golang.org/x/mod v0.5.1 h1:OJxoQ/rynoF0dcCdI7cLPktw/hR2cueqYfjm43oqK38=
|
|
9
|
+
golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
|
|
10
10
|
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
|
11
11
|
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
|
12
12
|
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
|
@@ -52,7 +52,7 @@ module Dependabot
|
|
|
52
52
|
Dependency.new(
|
|
53
53
|
name: details["Path"],
|
|
54
54
|
version: version,
|
|
55
|
-
requirements: details["Indirect"] ? [] : reqs,
|
|
55
|
+
requirements: details["Indirect"] || dependency_is_replaced(details) ? [] : reqs,
|
|
56
56
|
package_manager: "go_modules"
|
|
57
57
|
)
|
|
58
58
|
end
|
|
@@ -92,6 +92,15 @@ module Dependabot
|
|
|
92
92
|
|
|
93
93
|
def local_replacements
|
|
94
94
|
@local_replacements ||=
|
|
95
|
+
# Find all the local replacements, and return them with a stub path
|
|
96
|
+
# we can use in their place. Using generated paths is safer as it
|
|
97
|
+
# means we don't need to worry about references to parent
|
|
98
|
+
# directories, etc.
|
|
99
|
+
ReplaceStubber.new(repo_contents_path).stub_paths(manifest, go_mod.directory)
|
|
100
|
+
end
|
|
101
|
+
|
|
102
|
+
def manifest
|
|
103
|
+
@manifest ||=
|
|
95
104
|
SharedHelpers.in_a_temporary_directory do |path|
|
|
96
105
|
File.write("go.mod", go_mod.content)
|
|
97
106
|
|
|
@@ -106,12 +115,7 @@ module Dependabot
|
|
|
106
115
|
stdout, stderr, status = Open3.capture3(env, command)
|
|
107
116
|
handle_parser_error(path, stderr) unless status.success?
|
|
108
117
|
|
|
109
|
-
|
|
110
|
-
# we can use in their place. Using generated paths is safer as it
|
|
111
|
-
# means we don't need to worry about references to parent
|
|
112
|
-
# directories, etc.
|
|
113
|
-
manifest = JSON.parse(stdout)
|
|
114
|
-
ReplaceStubber.new(repo_contents_path).stub_paths(manifest, go_mod.directory)
|
|
118
|
+
JSON.parse(stdout)
|
|
115
119
|
end
|
|
116
120
|
end
|
|
117
121
|
|
|
@@ -172,6 +176,24 @@ module Dependabot
|
|
|
172
176
|
false
|
|
173
177
|
end
|
|
174
178
|
end
|
|
179
|
+
|
|
180
|
+
def dependency_is_replaced(details)
|
|
181
|
+
# Mark dependency as replaced if the requested dependency has a
|
|
182
|
+
# "replace" directive and that either has the same version, or no
|
|
183
|
+
# version mentioned. This mimics the behaviour of go get -u, and
|
|
184
|
+
# prevents that we change dependency versions without any impact since
|
|
185
|
+
# the actual version that is being imported is defined by the replace
|
|
186
|
+
# directive.
|
|
187
|
+
if manifest["Replace"]
|
|
188
|
+
dep_replace = manifest["Replace"].find do |replace|
|
|
189
|
+
replace["Old"]["Path"] == details["Path"] &&
|
|
190
|
+
(!replace["Old"]["Version"] || replace["Old"]["Version"] == details["Version"])
|
|
191
|
+
end
|
|
192
|
+
|
|
193
|
+
return true if dep_replace
|
|
194
|
+
end
|
|
195
|
+
false
|
|
196
|
+
end
|
|
175
197
|
end
|
|
176
198
|
end
|
|
177
199
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-go_modules
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.163.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-11-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.163.1
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.163.1
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|