RubyGems - dependabot-go_modules - Versions diffs - 0.169.8 → 0.171.0 - Mend

dependabot-go_modules 0.169.8 → 0.171.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml +4 -4
data/lib/dependabot/go_modules/file_parser.rb +2 -18
data/lib/dependabot/go_modules/file_updater/go_mod_updater.rb +10 -9
data/lib/dependabot/go_modules/file_updater.rb +2 -1
data/lib/dependabot/go_modules/resolvability_errors.rb +2 -2
data/lib/dependabot/go_modules/update_checker/latest_version_finder.rb +8 -7
data/lib/dependabot/go_modules/update_checker.rb +2 -1
metadata +9 -9

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e21ca91e513159c1ef62d34b4296583c8d5d17fe8e237f1e430f9f8c1bf2f940
-  data.tar.gz: 0ddfea1ec4847e2d0fe85bef909faf33dfde33988e07a824d90d3657ff659e4b
+  metadata.gz: 7bb98f9232fc60271c73a1831cc083e87c797b517df69d7ae0f6dfac3ce7296e
+  data.tar.gz: 022327e2aedc1847b7c61c4447bde204de83582dc7468de17c4a4998b94f5bbe
 SHA512:
-  metadata.gz: 6006f0e765601909de84b3818dce8b50949b262424b37695e99a5ff81e59c40da4210457b458f01d185ba4a26f47147eb222efdff0146331309a3c1d85dad4dc
-  data.tar.gz: 7c320510873c1ccf9dadd521e2742993394ba1ef9f71e2a4833e5b57f28a2b54dc1d2b1165561e54b4fb3a7daa73cf63b427954e3914e64f35fae66b2b1a0b55
+  metadata.gz: 5e7246519c6fdee204de424a9622ba98f385817ee50b0939a47580bb01f30d988660372edd24a35550fefed339ddd2c562563096463c21018b93a016a88a33e9
+  data.tar.gz: 303b4ffa79a6e3dfd15959c8154009d66039d56a0c809498dbc9b7d289b66609a80b990b88cbe170edbba8e284ef9fd7278bf7fe8132ea390f77d69b16d801bb

data/lib/dependabot/go_modules/file_parser.rb CHANGED Viewed

@@ -73,21 +73,9 @@ module Dependabot
             command = "go mod edit -json"
-            # Turn off the module proxy for now, as it's causing issues with
-            # private git dependencies
-            env = { "GOPRIVATE" => "*" }
-            stdout, stderr, status = Open3.capture3(env, command)
+            stdout, stderr, status = Open3.capture3(command)
             handle_parser_error(path, stderr) unless status.success?
             JSON.parse(stdout)["Require"] || []
-          rescue Dependabot::DependencyFileNotResolvable
-            # We sometimes see this error if a host times out.
-            # In such cases, retrying (a maximum of 3 times) may fix it.
-            retry_count ||= 0
-            raise if retry_count >= 3
-            retry_count += 1
-            retry
           end
       end
@@ -109,11 +97,7 @@ module Dependabot
             # directives
             command = "go mod edit -json"
-            # Turn off the module proxy for now, as it's causing issues with
-            # private git dependencies
-            env = { "GOPRIVATE" => "*" }
-            stdout, stderr, status = Open3.capture3(env, command)
+            stdout, stderr, status = Open3.capture3(command)
             handle_parser_error(path, stderr) unless status.success?
             JSON.parse(stdout)

data/lib/dependabot/go_modules/file_updater/go_mod_updater.rb CHANGED Viewed

@@ -11,10 +11,6 @@ module Dependabot
   module GoModules
     class FileUpdater
       class GoModUpdater
-        # Turn off the module proxy for now, as it's causing issues with
-        # private git dependencies
-        ENVIRONMENT = { "GOPRIVATE" => "*" }.freeze
         RESOLVABILITY_ERROR_REGEXES = [
           # The checksum in go.sum does not match the downloaded content
           /verifying .*: checksum mismatch/.freeze,
@@ -61,6 +57,7 @@ module Dependabot
           @directory = directory
           @tidy = options.fetch(:tidy, false)
           @vendor = options.fetch(:vendor, false)
+          @goprivate = options.fetch(:goprivate)
         end
         def updated_go_mod_content
@@ -145,14 +142,14 @@ module Dependabot
           # continue here. `go mod tidy` shouldn't block updating versions
           # because there are some edge cases where it's OK to fail (such as
           # generated files not available yet to us).
-          Open3.capture3(ENVIRONMENT, command)
+          Open3.capture3(environment, command)
         end
         def run_go_vendor
           return unless vendor?
           command = "go mod vendor"
-          _, stderr, status = Open3.capture3(ENVIRONMENT, command)
+          _, stderr, status = Open3.capture3(environment, command)
           handle_subprocess_error(stderr) unless status.success?
         end
@@ -174,7 +171,7 @@ module Dependabot
           end
           command = SharedHelpers.escape_command(command)
-          _, stderr, status = Open3.capture3(ENVIRONMENT, command)
+          _, stderr, status = Open3.capture3(environment, command)
           handle_subprocess_error(stderr) unless status.success?
         ensure
           File.delete(tmp_go_file) if File.exist?(tmp_go_file)
@@ -182,7 +179,7 @@ module Dependabot
         def parse_manifest
           command = "go mod edit -json"
-          stdout, stderr, status = Open3.capture3(ENVIRONMENT, command)
+          stdout, stderr, status = Open3.capture3(environment, command)
           handle_subprocess_error(stderr) unless status.success?
           JSON.parse(stdout) || {}
@@ -246,7 +243,7 @@ module Dependabot
           repo_error_regex = REPO_RESOLVABILITY_ERROR_REGEXES.find { |r| stderr =~ r }
           if repo_error_regex
             error_message = filter_error_message(message: stderr, regex: repo_error_regex)
-            ResolvabilityErrors.handle(error_message, credentials: credentials)
+            ResolvabilityErrors.handle(error_message, credentials: credentials, goprivate: @goprivate)
           end
           path_regex = MODULE_PATH_MISMATCH_REGEXES.find { |r| stderr =~ r }
@@ -292,6 +289,10 @@ module Dependabot
         def vendor?
           !!@vendor
         end
+        def environment
+          { "GOPRIVATE" => @goprivate }
+        end
       end
     end
   end

data/lib/dependabot/go_modules/file_updater.rb CHANGED Viewed

@@ -14,6 +14,7 @@ module Dependabot
                      credentials:, options: {})
         super
+        @goprivate = options.fetch(:goprivate, "*")
         use_repo_contents_stub if repo_contents_path.nil?
       end
@@ -114,7 +115,7 @@ module Dependabot
             credentials: credentials,
             repo_contents_path: repo_contents_path,
             directory: directory,
-            options: { tidy: tidy?, vendor: vendor? }
+            options: { tidy: tidy?, vendor: vendor?, goprivate: @goprivate }
           )
       end

data/lib/dependabot/go_modules/resolvability_errors.rb CHANGED Viewed

@@ -5,7 +5,7 @@ module Dependabot
     module ResolvabilityErrors
       GITHUB_REPO_REGEX = %r{github.com/[^:@]*}.freeze
-      def self.handle(message, credentials:)
+      def self.handle(message, credentials:, goprivate:)
         mod_path = message.scan(GITHUB_REPO_REGEX).last
         raise Dependabot::DependencyFileNotResolvable, message unless mod_path
@@ -22,7 +22,7 @@ module Dependabot
                           mod_path
                         end
-            env = { "GOPRIVATE" => "*" }
+            env = { "GOPRIVATE" => goprivate }
             _, _, status = Open3.capture3(env, SharedHelpers.escape_command("go list -m -versions #{repo_path}"))
             raise Dependabot::DependencyFileNotResolvable, message if status.success?

data/lib/dependabot/go_modules/update_checker/latest_version_finder.rb CHANGED Viewed

@@ -28,13 +28,15 @@ module Dependabot
         PSEUDO_VERSION_REGEX = /\b\d{14}-[0-9a-f]{12}$/.freeze
         def initialize(dependency:, dependency_files:, credentials:,
-                       ignored_versions:, security_advisories:, raise_on_ignored: false)
+                       ignored_versions:, security_advisories:, raise_on_ignored: false,
+                       goprivate:)
           @dependency          = dependency
           @dependency_files    = dependency_files
           @credentials         = credentials
           @ignored_versions    = ignored_versions
           @security_advisories = security_advisories
           @raise_on_ignored    = raise_on_ignored
+          @goprivate           = goprivate
         end
         def latest_version
@@ -78,16 +80,15 @@ module Dependabot
               manifest = parse_manifest
               # Set up an empty go.mod so 'go list -m' won't attempt to download dependencies. This
-              # appears to be a side effect of operating with GOPRIVATE=*. We'll retain any exclude
-              # directives to omit those versions.
+              # appears to be a side effect of operating with modules included in GOPRIVATE. We'll
+              # retain any exclude directives to omit those versions.
               File.write("go.mod", "module dummy\n")
               manifest["Exclude"]&.each do |r|
                 SharedHelpers.run_shell_command("go mod edit -exclude=#{r['Path']}@#{r['Version']}")
               end
-              # Turn off the module proxy for now, as it's causing issues with
-              # private git dependencies
-              env = { "GOPRIVATE" => "*" }
+              # Turn off the module proxy for private dependencies
+              env = { "GOPRIVATE" => @goprivate }
               versions_json = SharedHelpers.run_shell_command("go list -m -versions -json #{dependency.name}", env: env)
               version_strings = JSON.parse(versions_json)["Versions"]
@@ -108,7 +109,7 @@ module Dependabot
         def handle_subprocess_error(error)
           if RESOLVABILITY_ERROR_REGEXES.any? { |rgx| error.message =~ rgx }
-            ResolvabilityErrors.handle(error.message, credentials: credentials)
+            ResolvabilityErrors.handle(error.message, credentials: credentials, goprivate: @goprivate)
           elsif INVALID_VERSION_REGEX =~ error.message
             raise Dependabot::DependencyFileNotResolvable, error.message
           end

data/lib/dependabot/go_modules/update_checker.rb CHANGED Viewed

@@ -71,7 +71,8 @@ module Dependabot
             credentials: credentials,
             ignored_versions: ignored_versions,
             security_advisories: security_advisories,
-            raise_on_ignored: raise_on_ignored
+            raise_on_ignored: raise_on_ignored,
+            goprivate: options.fetch(:goprivate, "*")
           )
       end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-go_modules
 version: !ruby/object:Gem::Version
-  version: 0.169.8
+  version: 0.171.0
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-12-21 00:00:00.000000000 Z
+date: 2022-01-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.169.8
+        version: 0.171.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.169.8
+        version: 0.171.0
 - !ruby/object:Gem::Dependency
-  name: byebug
+  name: debug
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '11.0'
+        version: 1.0.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '11.0'
+        version: 1.0.0
 - !ruby/object:Gem::Dependency
   name: gpgme
   requirement: !ruby/object:Gem::Requirement