dependabot-go_modules 0.169.8 → 0.171.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e21ca91e513159c1ef62d34b4296583c8d5d17fe8e237f1e430f9f8c1bf2f940
4
- data.tar.gz: 0ddfea1ec4847e2d0fe85bef909faf33dfde33988e07a824d90d3657ff659e4b
3
+ metadata.gz: 7bb98f9232fc60271c73a1831cc083e87c797b517df69d7ae0f6dfac3ce7296e
4
+ data.tar.gz: 022327e2aedc1847b7c61c4447bde204de83582dc7468de17c4a4998b94f5bbe
5
5
  SHA512:
6
- metadata.gz: 6006f0e765601909de84b3818dce8b50949b262424b37695e99a5ff81e59c40da4210457b458f01d185ba4a26f47147eb222efdff0146331309a3c1d85dad4dc
7
- data.tar.gz: 7c320510873c1ccf9dadd521e2742993394ba1ef9f71e2a4833e5b57f28a2b54dc1d2b1165561e54b4fb3a7daa73cf63b427954e3914e64f35fae66b2b1a0b55
6
+ metadata.gz: 5e7246519c6fdee204de424a9622ba98f385817ee50b0939a47580bb01f30d988660372edd24a35550fefed339ddd2c562563096463c21018b93a016a88a33e9
7
+ data.tar.gz: 303b4ffa79a6e3dfd15959c8154009d66039d56a0c809498dbc9b7d289b66609a80b990b88cbe170edbba8e284ef9fd7278bf7fe8132ea390f77d69b16d801bb
@@ -73,21 +73,9 @@ module Dependabot
73
73
 
74
74
  command = "go mod edit -json"
75
75
 
76
- # Turn off the module proxy for now, as it's causing issues with
77
- # private git dependencies
78
- env = { "GOPRIVATE" => "*" }
79
-
80
- stdout, stderr, status = Open3.capture3(env, command)
76
+ stdout, stderr, status = Open3.capture3(command)
81
77
  handle_parser_error(path, stderr) unless status.success?
82
78
  JSON.parse(stdout)["Require"] || []
83
- rescue Dependabot::DependencyFileNotResolvable
84
- # We sometimes see this error if a host times out.
85
- # In such cases, retrying (a maximum of 3 times) may fix it.
86
- retry_count ||= 0
87
- raise if retry_count >= 3
88
-
89
- retry_count += 1
90
- retry
91
79
  end
92
80
  end
93
81
 
@@ -109,11 +97,7 @@ module Dependabot
109
97
  # directives
110
98
  command = "go mod edit -json"
111
99
 
112
- # Turn off the module proxy for now, as it's causing issues with
113
- # private git dependencies
114
- env = { "GOPRIVATE" => "*" }
115
-
116
- stdout, stderr, status = Open3.capture3(env, command)
100
+ stdout, stderr, status = Open3.capture3(command)
117
101
  handle_parser_error(path, stderr) unless status.success?
118
102
 
119
103
  JSON.parse(stdout)
@@ -11,10 +11,6 @@ module Dependabot
11
11
  module GoModules
12
12
  class FileUpdater
13
13
  class GoModUpdater
14
- # Turn off the module proxy for now, as it's causing issues with
15
- # private git dependencies
16
- ENVIRONMENT = { "GOPRIVATE" => "*" }.freeze
17
-
18
14
  RESOLVABILITY_ERROR_REGEXES = [
19
15
  # The checksum in go.sum does not match the downloaded content
20
16
  /verifying .*: checksum mismatch/.freeze,
@@ -61,6 +57,7 @@ module Dependabot
61
57
  @directory = directory
62
58
  @tidy = options.fetch(:tidy, false)
63
59
  @vendor = options.fetch(:vendor, false)
60
+ @goprivate = options.fetch(:goprivate)
64
61
  end
65
62
 
66
63
  def updated_go_mod_content
@@ -145,14 +142,14 @@ module Dependabot
145
142
  # continue here. `go mod tidy` shouldn't block updating versions
146
143
  # because there are some edge cases where it's OK to fail (such as
147
144
  # generated files not available yet to us).
148
- Open3.capture3(ENVIRONMENT, command)
145
+ Open3.capture3(environment, command)
149
146
  end
150
147
 
151
148
  def run_go_vendor
152
149
  return unless vendor?
153
150
 
154
151
  command = "go mod vendor"
155
- _, stderr, status = Open3.capture3(ENVIRONMENT, command)
152
+ _, stderr, status = Open3.capture3(environment, command)
156
153
  handle_subprocess_error(stderr) unless status.success?
157
154
  end
158
155
 
@@ -174,7 +171,7 @@ module Dependabot
174
171
  end
175
172
  command = SharedHelpers.escape_command(command)
176
173
 
177
- _, stderr, status = Open3.capture3(ENVIRONMENT, command)
174
+ _, stderr, status = Open3.capture3(environment, command)
178
175
  handle_subprocess_error(stderr) unless status.success?
179
176
  ensure
180
177
  File.delete(tmp_go_file) if File.exist?(tmp_go_file)
@@ -182,7 +179,7 @@ module Dependabot
182
179
 
183
180
  def parse_manifest
184
181
  command = "go mod edit -json"
185
- stdout, stderr, status = Open3.capture3(ENVIRONMENT, command)
182
+ stdout, stderr, status = Open3.capture3(environment, command)
186
183
  handle_subprocess_error(stderr) unless status.success?
187
184
 
188
185
  JSON.parse(stdout) || {}
@@ -246,7 +243,7 @@ module Dependabot
246
243
  repo_error_regex = REPO_RESOLVABILITY_ERROR_REGEXES.find { |r| stderr =~ r }
247
244
  if repo_error_regex
248
245
  error_message = filter_error_message(message: stderr, regex: repo_error_regex)
249
- ResolvabilityErrors.handle(error_message, credentials: credentials)
246
+ ResolvabilityErrors.handle(error_message, credentials: credentials, goprivate: @goprivate)
250
247
  end
251
248
 
252
249
  path_regex = MODULE_PATH_MISMATCH_REGEXES.find { |r| stderr =~ r }
@@ -292,6 +289,10 @@ module Dependabot
292
289
  def vendor?
293
290
  !!@vendor
294
291
  end
292
+
293
+ def environment
294
+ { "GOPRIVATE" => @goprivate }
295
+ end
295
296
  end
296
297
  end
297
298
  end
@@ -14,6 +14,7 @@ module Dependabot
14
14
  credentials:, options: {})
15
15
  super
16
16
 
17
+ @goprivate = options.fetch(:goprivate, "*")
17
18
  use_repo_contents_stub if repo_contents_path.nil?
18
19
  end
19
20
 
@@ -114,7 +115,7 @@ module Dependabot
114
115
  credentials: credentials,
115
116
  repo_contents_path: repo_contents_path,
116
117
  directory: directory,
117
- options: { tidy: tidy?, vendor: vendor? }
118
+ options: { tidy: tidy?, vendor: vendor?, goprivate: @goprivate }
118
119
  )
119
120
  end
120
121
 
@@ -5,7 +5,7 @@ module Dependabot
5
5
  module ResolvabilityErrors
6
6
  GITHUB_REPO_REGEX = %r{github.com/[^:@]*}.freeze
7
7
 
8
- def self.handle(message, credentials:)
8
+ def self.handle(message, credentials:, goprivate:)
9
9
  mod_path = message.scan(GITHUB_REPO_REGEX).last
10
10
  raise Dependabot::DependencyFileNotResolvable, message unless mod_path
11
11
 
@@ -22,7 +22,7 @@ module Dependabot
22
22
  mod_path
23
23
  end
24
24
 
25
- env = { "GOPRIVATE" => "*" }
25
+ env = { "GOPRIVATE" => goprivate }
26
26
  _, _, status = Open3.capture3(env, SharedHelpers.escape_command("go list -m -versions #{repo_path}"))
27
27
  raise Dependabot::DependencyFileNotResolvable, message if status.success?
28
28
 
@@ -28,13 +28,15 @@ module Dependabot
28
28
  PSEUDO_VERSION_REGEX = /\b\d{14}-[0-9a-f]{12}$/.freeze
29
29
 
30
30
  def initialize(dependency:, dependency_files:, credentials:,
31
- ignored_versions:, security_advisories:, raise_on_ignored: false)
31
+ ignored_versions:, security_advisories:, raise_on_ignored: false,
32
+ goprivate:)
32
33
  @dependency = dependency
33
34
  @dependency_files = dependency_files
34
35
  @credentials = credentials
35
36
  @ignored_versions = ignored_versions
36
37
  @security_advisories = security_advisories
37
38
  @raise_on_ignored = raise_on_ignored
39
+ @goprivate = goprivate
38
40
  end
39
41
 
40
42
  def latest_version
@@ -78,16 +80,15 @@ module Dependabot
78
80
  manifest = parse_manifest
79
81
 
80
82
  # Set up an empty go.mod so 'go list -m' won't attempt to download dependencies. This
81
- # appears to be a side effect of operating with GOPRIVATE=*. We'll retain any exclude
82
- # directives to omit those versions.
83
+ # appears to be a side effect of operating with modules included in GOPRIVATE. We'll
84
+ # retain any exclude directives to omit those versions.
83
85
  File.write("go.mod", "module dummy\n")
84
86
  manifest["Exclude"]&.each do |r|
85
87
  SharedHelpers.run_shell_command("go mod edit -exclude=#{r['Path']}@#{r['Version']}")
86
88
  end
87
89
 
88
- # Turn off the module proxy for now, as it's causing issues with
89
- # private git dependencies
90
- env = { "GOPRIVATE" => "*" }
90
+ # Turn off the module proxy for private dependencies
91
+ env = { "GOPRIVATE" => @goprivate }
91
92
 
92
93
  versions_json = SharedHelpers.run_shell_command("go list -m -versions -json #{dependency.name}", env: env)
93
94
  version_strings = JSON.parse(versions_json)["Versions"]
@@ -108,7 +109,7 @@ module Dependabot
108
109
 
109
110
  def handle_subprocess_error(error)
110
111
  if RESOLVABILITY_ERROR_REGEXES.any? { |rgx| error.message =~ rgx }
111
- ResolvabilityErrors.handle(error.message, credentials: credentials)
112
+ ResolvabilityErrors.handle(error.message, credentials: credentials, goprivate: @goprivate)
112
113
  elsif INVALID_VERSION_REGEX =~ error.message
113
114
  raise Dependabot::DependencyFileNotResolvable, error.message
114
115
  end
@@ -71,7 +71,8 @@ module Dependabot
71
71
  credentials: credentials,
72
72
  ignored_versions: ignored_versions,
73
73
  security_advisories: security_advisories,
74
- raise_on_ignored: raise_on_ignored
74
+ raise_on_ignored: raise_on_ignored,
75
+ goprivate: options.fetch(:goprivate, "*")
75
76
  )
76
77
  end
77
78
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-go_modules
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.169.8
4
+ version: 0.171.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-12-21 00:00:00.000000000 Z
11
+ date: 2022-01-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,28 +16,28 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.169.8
19
+ version: 0.171.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.169.8
26
+ version: 0.171.0
27
27
  - !ruby/object:Gem::Dependency
28
- name: byebug
28
+ name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
- - - "~>"
31
+ - - ">="
32
32
  - !ruby/object:Gem::Version
33
- version: '11.0'
33
+ version: 1.0.0
34
34
  type: :development
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
- - - "~>"
38
+ - - ">="
39
39
  - !ruby/object:Gem::Version
40
- version: '11.0'
40
+ version: 1.0.0
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: gpgme
43
43
  requirement: !ruby/object:Gem::Requirement