dependabot-go_modules 0.167.0 → 0.169.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4117f9d539bcf013eddfbf78c7e85d6a024165124c399bd9fcf9be1ecc4af4bc
4
- data.tar.gz: c371005bf3755b9c189a57b44c8be8b3c5ce058f2ecac496bd7cc0c31d1cf86d
3
+ metadata.gz: 6c18eda2ecabd0358aa0816fff08f1a5411a6aca1886707485e9f3764e2632c7
4
+ data.tar.gz: 8532033f19267cbb5b7ad2a7e00f0e4c18680de8a91473d07b2e09dcdbfeebb7
5
5
  SHA512:
6
- metadata.gz: 530e116e10bf3482299f8ad6da3fa79965c520fdcbc68fae6ab1db64922be7af43df1661122f92319079592295e0be602cd1577c333526447c0886dae32ac6e4
7
- data.tar.gz: cdb8824d926b77ea649208a26b8acd3b2edabe5c788fe2176f55db50969d9e80f8d7dce19d99e9b3d9d2aa0ad3bebba8ce76589ee57a428981776fa58e6404c9
6
+ metadata.gz: a905e2deb2abfdd01ca8d4ae9667dc0e4bff8bd0051cdbaf35bba78b9bfffad4ba94c7b637041044d4340802ad9a8be1b2a15c2ec51674a7676fd508c56c6c9f
7
+ data.tar.gz: 64258e8dba100e4e724d40f5df32942735e58adb7e3d275c179b7c47ed4c74279b89a657997d17a813079fe75538c4fd2c1f3dbb1591d1c61c3ed3badf905e76
data/helpers/go.mod CHANGED
@@ -1,9 +1,5 @@
1
1
  module github.com/dependabot/dependabot-core/go_modules/helpers
2
2
 
3
- go 1.16
3
+ go 1.17
4
4
 
5
- require (
6
- github.com/Masterminds/vcs v1.13.1
7
- github.com/dependabot/gomodules-extracted v1.4.2
8
- golang.org/x/mod v0.5.1
9
- )
5
+ require github.com/Masterminds/vcs v1.13.1
data/helpers/go.sum CHANGED
@@ -1,20 +1,2 @@
1
1
  github.com/Masterminds/vcs v1.13.1 h1:NL3G1X7/7xduQtA2sJLpVpfHTNBALVNSjob6KEjPXNQ=
2
2
  github.com/Masterminds/vcs v1.13.1/go.mod h1:N09YCmOQr6RLxC6UNHzuVwAdodYbbnycGHSmwVJjcKA=
3
- github.com/dependabot/gomodules-extracted v1.4.2 h1:3IxvHARuuSojSNUHguc6kzWgs+uQN3fdRCowJMU1kDE=
4
- github.com/dependabot/gomodules-extracted v1.4.2/go.mod h1:cpzrmDX1COyhSDQXHfkRMw0STb0vmguBFqmrkr51h1I=
5
- golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
6
- golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 h1:ObdrDkeb4kJdCP557AjRjq69pTHfNouLtWZG7j9rPN8=
7
- golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
8
- golang.org/x/mod v0.5.1 h1:OJxoQ/rynoF0dcCdI7cLPktw/hR2cueqYfjm43oqK38=
9
- golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
10
- golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
11
- golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
12
- golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
13
- golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
14
- golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
15
- golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
16
- golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e h1:aZzprAO9/8oim3qStq3wc1Xuxx4QmAGriC4VU4ojemQ=
17
- golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
18
- golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
19
- golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898 h1:/atklqdjdhuosWIl6AIbOeHJjicWYPqR9bpxqxYG2pA=
20
- golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
data/helpers/main.go CHANGED
@@ -7,7 +7,6 @@ import (
7
7
  "os"
8
8
 
9
9
  "github.com/dependabot/dependabot-core/go_modules/helpers/importresolver"
10
- "github.com/dependabot/dependabot-core/go_modules/helpers/updatechecker"
11
10
  )
12
11
 
13
12
  type HelperParams struct {
@@ -32,10 +31,6 @@ func main() {
32
31
  funcErr error
33
32
  )
34
33
  switch helperParams.Function {
35
- case "getVersions":
36
- var args updatechecker.Args
37
- parseArgs(helperParams.Args, &args)
38
- funcOut, funcErr = updatechecker.GetVersions(&args)
39
34
  case "getVcsRemoteForImport":
40
35
  var args importresolver.Args
41
36
  parseArgs(helperParams.Args, &args)
@@ -20,9 +20,11 @@ module Dependabot
20
20
  /404 Not Found/,
21
21
  /Repository not found/,
22
22
  /unrecognized import path/,
23
+ /malformed module path/,
23
24
  # (Private) module could not be fetched
24
25
  /module .*: git ls-remote .*: exit status 128/m.freeze
25
26
  ].freeze
27
+ INVALID_VERSION_REGEX = /version "[^"]+" invalid/m.freeze
26
28
  PSEUDO_VERSION_REGEX = /\b\d{14}-[0-9a-f]{12}$/.freeze
27
29
 
28
30
  def initialize(dependency:, dependency_files:, credentials:,
@@ -73,23 +75,22 @@ module Dependabot
73
75
  def available_versions
74
76
  SharedHelpers.in_a_temporary_directory do
75
77
  SharedHelpers.with_git_configured(credentials: credentials) do
76
- File.write("go.mod", go_mod.content)
78
+ manifest = parse_manifest
79
+
80
+ # Set up an empty go.mod so 'go list -m' won't attempt to download dependencies. This
81
+ # appears to be a side effect of operating with GOPRIVATE=*. We'll retain any exclude
82
+ # directives to omit those versions.
83
+ File.write("go.mod", "module dummy\n")
84
+ manifest["Exclude"]&.each do |r|
85
+ SharedHelpers.run_shell_command("go mod edit -exclude=#{r['Path']}@#{r['Version']}")
86
+ end
77
87
 
78
88
  # Turn off the module proxy for now, as it's causing issues with
79
89
  # private git dependencies
80
90
  env = { "GOPRIVATE" => "*" }
81
91
 
82
- version_strings = SharedHelpers.run_helper_subprocess(
83
- command: NativeHelpers.helper_path,
84
- env: env,
85
- function: "getVersions",
86
- args: {
87
- dependency: {
88
- name: dependency.name,
89
- version: "v" + dependency.version
90
- }
91
- }
92
- )
92
+ versions_json = SharedHelpers.run_shell_command("go list -m -versions -json #{dependency.name}", env: env)
93
+ version_strings = JSON.parse(versions_json)["Versions"]
93
94
 
94
95
  return [version_class.new(dependency.version)] if version_strings.nil?
95
96
 
@@ -108,6 +109,8 @@ module Dependabot
108
109
  def handle_subprocess_error(error)
109
110
  if RESOLVABILITY_ERROR_REGEXES.any? { |rgx| error.message =~ rgx }
110
111
  ResolvabilityErrors.handle(error.message, credentials: credentials)
112
+ elsif INVALID_VERSION_REGEX =~ error.message
113
+ raise Dependabot::DependencyFileNotResolvable, error.message
111
114
  end
112
115
 
113
116
  raise
@@ -123,6 +126,15 @@ module Dependabot
123
126
  @go_mod ||= dependency_files.find { |f| f.name == "go.mod" }
124
127
  end
125
128
 
129
+ def parse_manifest
130
+ SharedHelpers.in_a_temporary_directory do
131
+ File.write("go.mod", go_mod.content)
132
+ json = SharedHelpers.run_shell_command("go mod edit -json")
133
+
134
+ JSON.parse(json) || {}
135
+ end
136
+ end
137
+
126
138
  def filter_prerelease_versions(versions_array)
127
139
  return versions_array if wants_prerelease?
128
140
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-go_modules
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.167.0
4
+ version: 0.169.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-11-16 00:00:00.000000000 Z
11
+ date: 2021-11-30 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.167.0
19
+ version: 0.169.2
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.167.0
26
+ version: 0.169.2
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -191,7 +191,6 @@ files:
191
191
  - helpers/go.sum
192
192
  - helpers/importresolver/main.go
193
193
  - helpers/main.go
194
- - helpers/updatechecker/main.go
195
194
  - lib/dependabot/go_modules.rb
196
195
  - lib/dependabot/go_modules/file_fetcher.rb
197
196
  - lib/dependabot/go_modules/file_parser.rb
@@ -1,93 +0,0 @@
1
- package updatechecker
2
-
3
- import (
4
- "context"
5
- "errors"
6
- "io/ioutil"
7
-
8
- "github.com/dependabot/gomodules-extracted/cmd/go/_internal_/modfetch"
9
- "github.com/dependabot/gomodules-extracted/cmd/go/_internal_/modload"
10
- "golang.org/x/mod/modfile"
11
- "golang.org/x/mod/semver"
12
- )
13
-
14
- type Dependency struct {
15
- Name string `json:"name"`
16
- Version string `json:"version"`
17
- }
18
-
19
- type Args struct {
20
- Dependency *Dependency `json:"dependency"`
21
- }
22
-
23
- // GetVersions returns a list of versions for the given dependency that
24
- // are within the same major version.
25
- func GetVersions(args *Args) (interface{}, error) {
26
- if args.Dependency == nil {
27
- return nil, errors.New("Expected args.dependency to not be nil")
28
- }
29
-
30
- currentVersion := args.Dependency.Version
31
-
32
- modload.DisallowWriteGoMod()
33
- _ = modload.LoadModFile(context.Background())
34
-
35
- repo := modfetch.Lookup("direct", args.Dependency.Name)
36
- versions, err := repo.Versions("")
37
- if err != nil {
38
- return nil, err
39
- }
40
-
41
- excludes, err := goModExcludes(args.Dependency.Name)
42
- if err != nil {
43
- return nil, err
44
- }
45
-
46
- currentMajor := semver.Major(currentVersion)
47
-
48
- var candidateVersions []string
49
-
50
- Outer:
51
- for _, v := range versions {
52
- if semver.Major(v) != currentMajor {
53
- continue
54
- }
55
-
56
- for _, exclude := range excludes {
57
- if v == exclude {
58
- continue Outer
59
- }
60
- }
61
-
62
- candidateVersions = append(candidateVersions, v)
63
- }
64
-
65
- return candidateVersions, nil
66
- }
67
-
68
- func goModExcludes(dependency string) ([]string, error) {
69
- data, err := ioutil.ReadFile("go.mod")
70
- if err != nil {
71
- return nil, err
72
- }
73
-
74
- var f *modfile.File
75
- // TODO library detection - don't consider exclude etc for libraries
76
- if "library" == "true" {
77
- f, err = modfile.ParseLax("go.mod", data, nil)
78
- } else {
79
- f, err = modfile.Parse("go.mod", data, nil)
80
- }
81
- if err != nil {
82
- return nil, err
83
- }
84
-
85
- var excludes []string
86
- for _, e := range f.Exclude {
87
- if e.Mod.Path == dependency {
88
- excludes = append(excludes, e.Mod.Version)
89
- }
90
- }
91
-
92
- return excludes, nil
93
- }