dependabot-go_modules 0.209.0 → 0.212.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/go_modules/file_parser.rb +3 -3
- data/lib/dependabot/go_modules/file_updater/go_mod_updater.rb +3 -5
- data/lib/dependabot/go_modules/file_updater.rb +1 -1
- data/lib/dependabot/go_modules/replace_stubber.rb +3 -5
- data/lib/dependabot/go_modules/update_checker/latest_version_finder.rb +3 -3
- metadata +34 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9a4dc6858676aa3f1b955c586842f791cb99b2685f6c4c1254481bef52e4fcd3
|
4
|
+
data.tar.gz: e1d58699f368c4d17982156b7a485cf5c7ce10c261abb1754f832dbbec9f0b0d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: c24e914689efc47b2bf3faffd11cef23f9b0f07804a79d90177aa7e5600b7dd8666316330d7e13e3d4efb489a2082d53837e9baeb4a4bdc3c148603fe2554d65
|
7
|
+
data.tar.gz: b019db2774816b9f78d687494ad12ee3119aef1158e63acf31df12cce09f4baca7f58763d61d578216930d612576070dd23cef788424ed6c873e5f7f392360ad
|
@@ -65,7 +65,7 @@ module Dependabot
|
|
65
65
|
# `go mod edit` works, even if some modules have been `replace`d with
|
66
66
|
# a local module that we don't have access to.
|
67
67
|
local_replacements.each do |_, stub_path|
|
68
|
-
|
68
|
+
FileUtils.mkdir_p(stub_path)
|
69
69
|
FileUtils.touch(File.join(stub_path, "go.mod"))
|
70
70
|
end
|
71
71
|
|
@@ -135,8 +135,8 @@ module Dependabot
|
|
135
135
|
}
|
136
136
|
rescue Dependabot::SharedHelpers::HelperSubprocessFailed => e
|
137
137
|
if e.message == "Cannot detect VCS"
|
138
|
-
msg = e.message + " for #{dep['Path']}. Attempted to detect VCS "\
|
139
|
-
"because the version looks like a git revision: "\
|
138
|
+
msg = e.message + " for #{dep['Path']}. Attempted to detect VCS " \
|
139
|
+
"because the version looks like a git revision: " \
|
140
140
|
"#{dep['Version']}"
|
141
141
|
raise Dependabot::DependencyFileNotResolvable, msg
|
142
142
|
end
|
@@ -175,7 +175,7 @@ module Dependabot
|
|
175
175
|
_, stderr, status = Open3.capture3(environment, command)
|
176
176
|
handle_subprocess_error(stderr) unless status.success?
|
177
177
|
ensure
|
178
|
-
|
178
|
+
FileUtils.rm_f(tmp_go_file)
|
179
179
|
end
|
180
180
|
|
181
181
|
def parse_manifest
|
@@ -188,9 +188,7 @@ module Dependabot
|
|
188
188
|
|
189
189
|
def in_repo_path(&block)
|
190
190
|
SharedHelpers.in_a_temporary_repo_directory(directory, repo_contents_path) do
|
191
|
-
SharedHelpers.with_git_configured(credentials: credentials)
|
192
|
-
block.call
|
193
|
-
end
|
191
|
+
SharedHelpers.with_git_configured(credentials: credentials, &block)
|
194
192
|
end
|
195
193
|
end
|
196
194
|
|
@@ -199,7 +197,7 @@ module Dependabot
|
|
199
197
|
# `go get` works, even if some modules have been `replace`d
|
200
198
|
# with a local module that we don't have access to.
|
201
199
|
stub_paths.each do |stub_path|
|
202
|
-
|
200
|
+
FileUtils.mkdir_p(stub_path)
|
203
201
|
FileUtils.touch(File.join(stub_path, "go.mod"))
|
204
202
|
FileUtils.touch(File.join(stub_path, "main.go"))
|
205
203
|
end
|
@@ -70,7 +70,7 @@ module Dependabot
|
|
70
70
|
dependency_files.each do |file|
|
71
71
|
path = File.join(@repo_contents_path, directory, file.name)
|
72
72
|
path = Pathname.new(path).expand_path
|
73
|
-
FileUtils.mkdir_p(path.dirname)
|
73
|
+
FileUtils.mkdir_p(path.dirname)
|
74
74
|
File.write(path, file.content)
|
75
75
|
end
|
76
76
|
|
@@ -17,11 +17,9 @@ module Dependabot
|
|
17
17
|
|
18
18
|
def stub_paths(manifest, directory)
|
19
19
|
(manifest["Replace"] || []).
|
20
|
-
|
21
|
-
compact.
|
20
|
+
filter_map { |r| r["New"]["Path"] }.
|
22
21
|
select { |p| stub_replace_path?(p, directory) }.
|
23
|
-
|
24
|
-
to_h
|
22
|
+
to_h { |p| [p, "./" + Digest::SHA2.hexdigest(p)] }
|
25
23
|
end
|
26
24
|
|
27
25
|
private
|
@@ -44,7 +42,7 @@ module Dependabot
|
|
44
42
|
|
45
43
|
def relative_replacement_path?(path)
|
46
44
|
# https://golang.org/ref/mod#go-mod-file-replace
|
47
|
-
path.start_with?("./"
|
45
|
+
path.start_with?("./", "../")
|
48
46
|
end
|
49
47
|
|
50
48
|
def module_pathname(directory)
|
@@ -52,7 +52,7 @@ module Dependabot
|
|
52
52
|
attr_reader :dependency, :dependency_files, :credentials, :ignored_versions, :security_advisories
|
53
53
|
|
54
54
|
def fetch_latest_version
|
55
|
-
return dependency.version if dependency.version
|
55
|
+
return dependency.version if PSEUDO_VERSION_REGEX.match?(dependency.version)
|
56
56
|
|
57
57
|
candidate_versions = available_versions
|
58
58
|
candidate_versions = filter_prerelease_versions(candidate_versions)
|
@@ -62,7 +62,7 @@ module Dependabot
|
|
62
62
|
end
|
63
63
|
|
64
64
|
def fetch_lowest_security_fix_version
|
65
|
-
return dependency.version if dependency.version
|
65
|
+
return dependency.version if PSEUDO_VERSION_REGEX.match?(dependency.version)
|
66
66
|
|
67
67
|
relevant_versions = available_versions
|
68
68
|
relevant_versions = filter_prerelease_versions(relevant_versions)
|
@@ -110,7 +110,7 @@ module Dependabot
|
|
110
110
|
def handle_subprocess_error(error)
|
111
111
|
if RESOLVABILITY_ERROR_REGEXES.any? { |rgx| error.message =~ rgx }
|
112
112
|
ResolvabilityErrors.handle(error.message, credentials: credentials, goprivate: @goprivate)
|
113
|
-
elsif INVALID_VERSION_REGEX
|
113
|
+
elsif INVALID_VERSION_REGEX.match?(error.message)
|
114
114
|
raise Dependabot::DependencyFileNotResolvable, error.message
|
115
115
|
end
|
116
116
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-go_modules
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.212.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-09-06 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.212.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.212.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debase
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -80,6 +80,20 @@ dependencies:
|
|
80
80
|
- - "~>"
|
81
81
|
- !ruby/object:Gem::Version
|
82
82
|
version: '2.0'
|
83
|
+
- !ruby/object:Gem::Dependency
|
84
|
+
name: parallel_tests
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
86
|
+
requirements:
|
87
|
+
- - "~>"
|
88
|
+
- !ruby/object:Gem::Version
|
89
|
+
version: 3.12.0
|
90
|
+
type: :development
|
91
|
+
prerelease: false
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
93
|
+
requirements:
|
94
|
+
- - "~>"
|
95
|
+
- !ruby/object:Gem::Version
|
96
|
+
version: 3.12.0
|
83
97
|
- !ruby/object:Gem::Dependency
|
84
98
|
name: rake
|
85
99
|
requirement: !ruby/object:Gem::Requirement
|
@@ -128,14 +142,28 @@ dependencies:
|
|
128
142
|
requirements:
|
129
143
|
- - "~>"
|
130
144
|
- !ruby/object:Gem::Version
|
131
|
-
version: 1.
|
145
|
+
version: 1.36.0
|
146
|
+
type: :development
|
147
|
+
prerelease: false
|
148
|
+
version_requirements: !ruby/object:Gem::Requirement
|
149
|
+
requirements:
|
150
|
+
- - "~>"
|
151
|
+
- !ruby/object:Gem::Version
|
152
|
+
version: 1.36.0
|
153
|
+
- !ruby/object:Gem::Dependency
|
154
|
+
name: rubocop-performance
|
155
|
+
requirement: !ruby/object:Gem::Requirement
|
156
|
+
requirements:
|
157
|
+
- - "~>"
|
158
|
+
- !ruby/object:Gem::Version
|
159
|
+
version: 1.14.2
|
132
160
|
type: :development
|
133
161
|
prerelease: false
|
134
162
|
version_requirements: !ruby/object:Gem::Requirement
|
135
163
|
requirements:
|
136
164
|
- - "~>"
|
137
165
|
- !ruby/object:Gem::Version
|
138
|
-
version: 1.
|
166
|
+
version: 1.14.2
|
139
167
|
- !ruby/object:Gem::Dependency
|
140
168
|
name: ruby-debug-ide
|
141
169
|
requirement: !ruby/object:Gem::Requirement
|