dependabot-go_modules 0.180.2 → 0.180.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 59318c7635e68d4c720c7d0a1c14a46793a979e122e82501213e7a0ec3233912
-  data.tar.gz: e6edc5e8cdf317c1e9c7bcf6b546665c02115aad1ee643d45bce6f0406426188
+  metadata.gz: d8875353aa53c65cbe91d98f7dab9b4987129705927e8bf4c678574fa7726e23
+  data.tar.gz: 1a4fc070c1643aa7b5fe3e43a5f7c4e0e3a04c7f43ade16abcb8231cea7aee2b
 SHA512:
-  metadata.gz: a43d0c00ed043018e87ab6be9429cb2306a288902ee09017a17c3d1fdb99d17635006012d68de0ed56ec535a86d8bd8f7beaf3fb4da27861a32e5209ebc76a94
-  data.tar.gz: 9056990aad88c5ff1703ee54a5324563bb17932d578ac8b059c964480e98ad40a59bd2f76c62760c305aaa3650ff9d7a0d12aac9aef4a43488bd74fed4a8e24e
+  metadata.gz: b8684c125e2dacc7884e4985652938da57dbbfbd5b8691d7d38d61d0b089d42fba1f773f59cf5e1885f15c4af3319c3497f99cbf8e68dde7c89cecb8219e1c76
+  data.tar.gz: aa159b3c0ba5c5c812a7056005047fab5062b3b5cdd61d9f5c894c2a7aa4cb443f2d4ed9bc31f95c2380baa4bbf4c9c22d6d457bc1622bea124c2f08712387ef

data/helpers/go.mod

@@ -2,4 +2,4 @@ module github.com/dependabot/dependabot-core/go_modules/helpers
 
 go 1.18
 
-require github.com/Masterminds/vcs v1.13.1
+require github.com/Masterminds/vcs v1.13.3

data/helpers/go.sum

@@ -1,2 +1,2 @@
-github.com/Masterminds/vcs v1.13.1 h1:NL3G1X7/7xduQtA2sJLpVpfHTNBALVNSjob6KEjPXNQ=
-github.com/Masterminds/vcs v1.13.1/go.mod h1:N09YCmOQr6RLxC6UNHzuVwAdodYbbnycGHSmwVJjcKA=
+github.com/Masterminds/vcs v1.13.3 h1:IIA2aBdXvfbIM+yl/eTnL4hb1XwdpvuQLglAix1gweE=
+github.com/Masterminds/vcs v1.13.3/go.mod h1:TiE7xuEjl1N4j016moRd6vezp6e6Lz23gypeXfzXeW8=

data/lib/dependabot/go_modules/file_fetcher.rb

@@ -36,10 +36,6 @@ module Dependabot
           # Fetch the (optional) go.sum
           fetched_files << go_sum if go_sum
 
-          # Fetch the main.go file if present, as this will later identify
-          # this repo as an app.
-          fetched_files << main if main
-
           fetched_files
         end
       end
@@ -51,27 +47,6 @@ module Dependabot
       def go_sum
         @go_sum ||= fetch_file_if_present("go.sum")
       end
-
-      def main
-        return @main if defined?(@main)
-
-        go_files = Dir.glob("*.go")
-
-        go_files.each do |filename|
-          file_content = File.read(filename)
-          next unless file_content.match?(/\s*package\s+main/)
-
-          return @main = DependencyFile.new(
-            name: Pathname.new(filename).cleanpath.to_path,
-            directory: "/",
-            type: "package_main",
-            support_file: true,
-            content: file_content
-          )
-        end
-
-        nil
-      end
     end
   end
 end

data/lib/dependabot/go_modules/file_updater/go_mod_updater.rb

@@ -21,24 +21,24 @@ module Dependabot
           /fatal: The remote end hung up unexpectedly/,
           /repository '.+' not found/,
           # (Private) module could not be fetched
-          /go: .*: git (fetch|ls-remote) .*: exit status 128/m.freeze,
+          /go(?: get)?: .*: git (fetch|ls-remote) .*: exit status 128/m.freeze,
           # (Private) module could not be found
           /cannot find module providing package/.freeze,
           # Package in module was likely renamed or removed
           /module .* found \(.*\), but does not contain package/m.freeze,
           # Package pseudo-version does not match the version-control metadata
           # https://golang.google.cn/doc/go1.13#version-validation
-          /go: .*: invalid pseudo-version/m.freeze,
+          /go(?: get)?: .*: invalid pseudo-version/m.freeze,
           # Package does not exist, has been pulled or cannot be reached due to
           # auth problems with either git or the go proxy
-          /go: .*: unknown revision/m.freeze,
+          /go(?: get)?: .*: unknown revision/m.freeze,
           # Package pointing to a proxy that 404s
-          /go: .*: unrecognized import path/m.freeze
+          /go(?: get)?: .*: unrecognized import path/m.freeze
         ].freeze
 
         MODULE_PATH_MISMATCH_REGEXES = [
           /go(?: get)?: ([^@\s]+)(?:@[^\s]+)?: .* has non-.* module path "(.*)" at/,
-          /go: ([^@\s]+)(?:@[^\s]+)?: .* unexpected module path "(.*)"/,
+          /go(?: get)?: ([^@\s]+)(?:@[^\s]+)?: .* unexpected module path "(.*)"/,
           /go(?: get)?: ([^@\s]+)(?:@[^\s]+)?:? .* declares its path as: ([\S]*)/m
         ].freeze
 

data/lib/dependabot/go_modules/update_checker.rb

@@ -92,10 +92,6 @@ module Dependabot
         git_dependency?
       end
 
-      def library?
-        dependency_files.none? { |f| f.type == "package_main" }
-      end
-
       def version_from_tag(tag)
         # To compare with the current version we either use the commit SHA
         # (if that's what the parser picked up) or the tag name.

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-go_modules
 version: !ruby/object:Gem::Version
-  version: 0.180.2
+  version: 0.180.5
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-03-28 00:00:00.000000000 Z
+date: 2022-04-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.180.2
+        version: 0.180.5
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.180.2
+        version: 0.180.5
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement