dependabot-go_modules 0.211.0 → 0.213.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/go_modules/file_fetcher.rb +4 -0
  3. data/lib/dependabot/go_modules/file_parser.rb +4 -4
  4. data/lib/dependabot/go_modules/file_updater/go_mod_updater.rb +13 -15
  5. data/lib/dependabot/go_modules/file_updater.rb +1 -1
  6. data/lib/dependabot/go_modules/replace_stubber.rb +3 -5
  7. data/lib/dependabot/go_modules/requirement.rb +3 -3
  8. data/lib/dependabot/go_modules/resolvability_errors.rb +1 -1
  9. data/lib/dependabot/go_modules/update_checker/latest_version_finder.rb +6 -6
  10. data/lib/dependabot/go_modules/version.rb +1 -1
  11. metadata +14 -42
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e2fd2d0b1e09d48b7bea41af75ff0c823f7fa97f3fc428f6961ca09c1f0a7473
4
- data.tar.gz: c4c938fd3210c4c84f8e946afc04aacdb4b332099697a52476fab15020f02af4
3
+ metadata.gz: fa899f6cb84134185a0301e5527097c6ca4508807512764f8f4cd733c45effbb
4
+ data.tar.gz: 4718f6bf91b3fbd5cf757a4f6de78defd584df38d8a9814be3b10fa236d17cfa
5
5
  SHA512:
6
- metadata.gz: da1c93d034f2ce7ff361b6f8972a7b8f71f68a29d0f2451bc0a4e5b6a7613d9e8e875f1f4adb6e8c78efe8e8aab11366cbeb43ae472b77205f0bb06ae55cbb14
7
- data.tar.gz: f09ef513ea9835d19f85ed2e9fb82076cf1120d39f5bfb35b4a60c8ad1b16ffe01797e85bf648df35540c08312414284dd6fb962e891ab6cab4eddcfec85ec7c
6
+ metadata.gz: 24fa02bcc6e1f89000adf4405a6efc921e6bd3e0c7f2e92a8771e5fc77d1508034fbcc8efe0d5adebcb0243cd878761944ac1e61d6495206c907888261506a4b
7
+ data.tar.gz: d6846ea7a5d4c423101fada0f5d4f11024f093e67a9f79ea8d5b3413920a0b6b0f45ec687456d04fd5d120af035b8040e2c2bb6190dfbb88c7e9c94193a2376a
data/lib/dependabot/go_modules/file_fetcher.rb CHANGED
@@ -47,6 +47,10 @@ module Dependabot
47
47
  def go_sum
48
48
  @go_sum ||= fetch_file_if_present("go.sum")
49
49
  end
50
+
51
+ def recurse_submodules_when_cloning?
52
+ true
53
+ end
50
54
  end
51
55
  end
52
56
  end
data/lib/dependabot/go_modules/file_parser.rb CHANGED
@@ -12,7 +12,7 @@ require "dependabot/file_parsers/base"
12
12
  module Dependabot
13
13
  module GoModules
14
14
  class FileParser < Dependabot::FileParsers::Base
15
- GIT_VERSION_REGEX = /^v\d+\.\d+\.\d+-.*-(?<sha>[0-9a-f]{12})$/.freeze
15
+ GIT_VERSION_REGEX = /^v\d+\.\d+\.\d+-.*-(?<sha>[0-9a-f]{12})$/
16
16
 
17
17
  def parse
18
18
  dependency_set = Dependabot::FileParsers::Base::DependencySet.new
@@ -65,7 +65,7 @@ module Dependabot
65
65
  # `go mod edit` works, even if some modules have been `replace`d with
66
66
  # a local module that we don't have access to.
67
67
  local_replacements.each do |_, stub_path|
68
- Dir.mkdir(stub_path) unless Dir.exist?(stub_path)
68
+ FileUtils.mkdir_p(stub_path)
69
69
  FileUtils.touch(File.join(stub_path, "go.mod"))
70
70
  end
71
71
 
@@ -135,8 +135,8 @@ module Dependabot
135
135
  }
136
136
  rescue Dependabot::SharedHelpers::HelperSubprocessFailed => e
137
137
  if e.message == "Cannot detect VCS"
138
- msg = e.message + " for #{dep['Path']}. Attempted to detect VCS "\
139
- "because the version looks like a git revision: "\
138
+ msg = e.message + " for #{dep['Path']}. Attempted to detect VCS " \
139
+ "because the version looks like a git revision: " \
140
140
  "#{dep['Version']}"
141
141
  raise Dependabot::DependencyFileNotResolvable, msg
142
142
  end
data/lib/dependabot/go_modules/file_updater/go_mod_updater.rb CHANGED
@@ -13,7 +13,7 @@ module Dependabot
13
13
  class GoModUpdater
14
14
  RESOLVABILITY_ERROR_REGEXES = [
15
15
  # The checksum in go.sum does not match the downloaded content
16
- /verifying .*: checksum mismatch/.freeze,
16
+ /verifying .*: checksum mismatch/,
17
17
  /go(?: get)?: .*: go.mod has post-v\d+ module path/
18
18
  ].freeze
19
19
 
@@ -21,19 +21,19 @@ module Dependabot
21
21
  /fatal: The remote end hung up unexpectedly/,
22
22
  /repository '.+' not found/,
23
23
  # (Private) module could not be fetched
24
- /go(?: get)?: .*: git (fetch|ls-remote) .*: exit status 128/m.freeze,
24
+ /go(?: get)?: .*: git (fetch|ls-remote) .*: exit status 128/m,
25
25
  # (Private) module could not be found
26
- /cannot find module providing package/.freeze,
26
+ /cannot find module providing package/,
27
27
  # Package in module was likely renamed or removed
28
- /module .* found \(.*\), but does not contain package/m.freeze,
28
+ /module .* found \(.*\), but does not contain package/m,
29
29
  # Package pseudo-version does not match the version-control metadata
30
30
  # https://golang.google.cn/doc/go1.13#version-validation
31
- /go(?: get)?: .*: invalid pseudo-version/m.freeze,
31
+ /go(?: get)?: .*: invalid pseudo-version/m,
32
32
  # Package does not exist, has been pulled or cannot be reached due to
33
33
  # auth problems with either git or the go proxy
34
- /go(?: get)?: .*: unknown revision/m.freeze,
34
+ /go(?: get)?: .*: unknown revision/m,
35
35
  # Package pointing to a proxy that 404s
36
- /go(?: get)?: .*: unrecognized import path/m.freeze
36
+ /go(?: get)?: .*: unrecognized import path/m
37
37
  ].freeze
38
38
 
39
39
  MODULE_PATH_MISMATCH_REGEXES = [
@@ -43,11 +43,11 @@ module Dependabot
43
43
  ].freeze
44
44
 
45
45
  OUT_OF_DISK_REGEXES = [
46
- %r{input/output error}.freeze,
47
- /no space left on device/.freeze
46
+ %r{input/output error},
47
+ /no space left on device/
48
48
  ].freeze
49
49
 
50
- GO_MOD_VERSION = /^go 1\.[\d]+$/.freeze
50
+ GO_MOD_VERSION = /^go 1\.[\d]+$/
51
51
 
52
52
  def initialize(dependencies:, credentials:, repo_contents_path:,
53
53
  directory:, options:)
@@ -175,7 +175,7 @@ module Dependabot
175
175
  _, stderr, status = Open3.capture3(environment, command)
176
176
  handle_subprocess_error(stderr) unless status.success?
177
177
  ensure
178
- File.delete(tmp_go_file) if File.exist?(tmp_go_file)
178
+ FileUtils.rm_f(tmp_go_file)
179
179
  end
180
180
 
181
181
  def parse_manifest
@@ -188,9 +188,7 @@ module Dependabot
188
188
 
189
189
  def in_repo_path(&block)
190
190
  SharedHelpers.in_a_temporary_repo_directory(directory, repo_contents_path) do
191
- SharedHelpers.with_git_configured(credentials: credentials) do
192
- block.call
193
- end
191
+ SharedHelpers.with_git_configured(credentials: credentials, &block)
194
192
  end
195
193
  end
196
194
 
@@ -199,7 +197,7 @@ module Dependabot
199
197
  # `go get` works, even if some modules have been `replace`d
200
198
  # with a local module that we don't have access to.
201
199
  stub_paths.each do |stub_path|
202
- Dir.mkdir(stub_path) unless Dir.exist?(stub_path)
200
+ FileUtils.mkdir_p(stub_path)
203
201
  FileUtils.touch(File.join(stub_path, "go.mod"))
204
202
  FileUtils.touch(File.join(stub_path, "main.go"))
205
203
  end
data/lib/dependabot/go_modules/file_updater.rb CHANGED
@@ -70,7 +70,7 @@ module Dependabot
70
70
  dependency_files.each do |file|
71
71
  path = File.join(@repo_contents_path, directory, file.name)
72
72
  path = Pathname.new(path).expand_path
73
- FileUtils.mkdir_p(path.dirname) unless Dir.exist?(path.dirname)
73
+ FileUtils.mkdir_p(path.dirname)
74
74
  File.write(path, file.content)
75
75
  end
76
76
 
data/lib/dependabot/go_modules/replace_stubber.rb CHANGED
@@ -17,11 +17,9 @@ module Dependabot
17
17
 
18
18
  def stub_paths(manifest, directory)
19
19
  (manifest["Replace"] || []).
20
- map { |r| r["New"]["Path"] }.
21
- compact.
20
+ filter_map { |r| r["New"]["Path"] }.
22
21
  select { |p| stub_replace_path?(p, directory) }.
23
- map { |p| [p, "./" + Digest::SHA2.hexdigest(p)] }.
24
- to_h
22
+ to_h { |p| [p, "./" + Digest::SHA2.hexdigest(p)] }
25
23
  end
26
24
 
27
25
  private
@@ -44,7 +42,7 @@ module Dependabot
44
42
 
45
43
  def relative_replacement_path?(path)
46
44
  # https://golang.org/ref/mod#go-mod-file-replace
47
- path.start_with?("./") || path.start_with?("../")
45
+ path.start_with?("./", "../")
48
46
  end
49
47
 
50
48
  def module_pathname(directory)
data/lib/dependabot/go_modules/requirement.rb CHANGED
@@ -12,15 +12,15 @@ require "dependabot/go_modules/version"
12
12
  module Dependabot
13
13
  module GoModules
14
14
  class Requirement < Gem::Requirement
15
- WILDCARD_REGEX = /(?:\.|^)[xX*]/.freeze
16
- OR_SEPARATOR = /(?<=[a-zA-Z0-9*])\s*\|{2}/.freeze
15
+ WILDCARD_REGEX = /(?:\.|^)[xX*]/
16
+ OR_SEPARATOR = /(?<=[a-zA-Z0-9*])\s*\|{2}/
17
17
 
18
18
  # Override the version pattern to allow a 'v' prefix
19
19
  quoted = OPS.keys.map { |k| Regexp.quote(k) }.join("|")
20
20
  version_pattern = "v?#{Version::VERSION_PATTERN}"
21
21
 
22
22
  PATTERN_RAW = "\\s*(#{quoted})?\\s*(#{version_pattern})\\s*"
23
- PATTERN = /\A#{PATTERN_RAW}\z/.freeze
23
+ PATTERN = /\A#{PATTERN_RAW}\z/
24
24
 
25
25
  # Use GoModules::Version rather than Gem::Version to ensure that
26
26
  # pre-release versions aren't transformed.
data/lib/dependabot/go_modules/resolvability_errors.rb CHANGED
@@ -3,7 +3,7 @@
3
3
  module Dependabot
4
4
  module GoModules
5
5
  module ResolvabilityErrors
6
- GITHUB_REPO_REGEX = %r{github.com/[^:@]*}.freeze
6
+ GITHUB_REPO_REGEX = %r{github.com/[^:@]*}
7
7
 
8
8
  def self.handle(message, credentials:, goprivate:)
9
9
  mod_path = message.scan(GITHUB_REPO_REGEX).last
data/lib/dependabot/go_modules/update_checker/latest_version_finder.rb CHANGED
@@ -22,10 +22,10 @@ module Dependabot
22
22
  /unrecognized import path/,
23
23
  /malformed module path/,
24
24
  # (Private) module could not be fetched
25
- /module .*: git ls-remote .*: exit status 128/m.freeze
25
+ /module .*: git ls-remote .*: exit status 128/m
26
26
  ].freeze
27
- INVALID_VERSION_REGEX = /version "[^"]+" invalid/m.freeze
28
- PSEUDO_VERSION_REGEX = /\b\d{14}-[0-9a-f]{12}$/.freeze
27
+ INVALID_VERSION_REGEX = /version "[^"]+" invalid/m
28
+ PSEUDO_VERSION_REGEX = /\b\d{14}-[0-9a-f]{12}$/
29
29
 
30
30
  def initialize(dependency:, dependency_files:, credentials:,
31
31
  ignored_versions:, security_advisories:, raise_on_ignored: false,
@@ -52,7 +52,7 @@ module Dependabot
52
52
  attr_reader :dependency, :dependency_files, :credentials, :ignored_versions, :security_advisories
53
53
 
54
54
  def fetch_latest_version
55
- return dependency.version if dependency.version =~ PSEUDO_VERSION_REGEX
55
+ return dependency.version if PSEUDO_VERSION_REGEX.match?(dependency.version)
56
56
 
57
57
  candidate_versions = available_versions
58
58
  candidate_versions = filter_prerelease_versions(candidate_versions)
@@ -62,7 +62,7 @@ module Dependabot
62
62
  end
63
63
 
64
64
  def fetch_lowest_security_fix_version
65
- return dependency.version if dependency.version =~ PSEUDO_VERSION_REGEX
65
+ return dependency.version if PSEUDO_VERSION_REGEX.match?(dependency.version)
66
66
 
67
67
  relevant_versions = available_versions
68
68
  relevant_versions = filter_prerelease_versions(relevant_versions)
@@ -110,7 +110,7 @@ module Dependabot
110
110
  def handle_subprocess_error(error)
111
111
  if RESOLVABILITY_ERROR_REGEXES.any? { |rgx| error.message =~ rgx }
112
112
  ResolvabilityErrors.handle(error.message, credentials: credentials, goprivate: @goprivate)
113
- elsif INVALID_VERSION_REGEX =~ error.message
113
+ elsif INVALID_VERSION_REGEX.match?(error.message)
114
114
  raise Dependabot::DependencyFileNotResolvable, error.message
115
115
  end
116
116
 
data/lib/dependabot/go_modules/version.rb CHANGED
@@ -13,7 +13,7 @@ module Dependabot
13
13
  VERSION_PATTERN = '[0-9]+[0-9a-zA-Z]*(?>\.[0-9a-zA-Z]+)*' \
14
14
  '(-[0-9A-Za-z-]+(\.[0-9a-zA-Z-]+)*)?' \
15
15
  '(\+incompatible)?'
16
- ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/.freeze
16
+ ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/
17
17
 
18
18
  def self.correct?(version)
19
19
  version = version.gsub(/^v/, "") if version.is_a?(String)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-go_modules
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.211.0
4
+ version: 0.213.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-08-23 00:00:00.000000000 Z
11
+ date: 2022-10-31 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,42 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.211.0
19
+ version: 0.213.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.211.0
27
- - !ruby/object:Gem::Dependency
28
- name: debase
29
- requirement: !ruby/object:Gem::Requirement
30
- requirements:
31
- - - '='
32
- - !ruby/object:Gem::Version
33
- version: 0.2.3
34
- type: :development
35
- prerelease: false
36
- version_requirements: !ruby/object:Gem::Requirement
37
- requirements:
38
- - - '='
39
- - !ruby/object:Gem::Version
40
- version: 0.2.3
41
- - !ruby/object:Gem::Dependency
42
- name: debase-ruby_core_source
43
- requirement: !ruby/object:Gem::Requirement
44
- requirements:
45
- - - '='
46
- - !ruby/object:Gem::Version
47
- version: 0.10.16
48
- type: :development
49
- prerelease: false
50
- version_requirements: !ruby/object:Gem::Requirement
51
- requirements:
52
- - - '='
53
- - !ruby/object:Gem::Version
54
- version: 0.10.16
26
+ version: 0.213.0
55
27
  - !ruby/object:Gem::Dependency
56
28
  name: debug
57
29
  requirement: !ruby/object:Gem::Requirement
@@ -86,14 +58,14 @@ dependencies:
86
58
  requirements:
87
59
  - - "~>"
88
60
  - !ruby/object:Gem::Version
89
- version: 3.11.1
61
+ version: 3.13.0
90
62
  type: :development
91
63
  prerelease: false
92
64
  version_requirements: !ruby/object:Gem::Requirement
93
65
  requirements:
94
66
  - - "~>"
95
67
  - !ruby/object:Gem::Version
96
- version: 3.11.1
68
+ version: 3.13.0
97
69
  - !ruby/object:Gem::Dependency
98
70
  name: rake
99
71
  requirement: !ruby/object:Gem::Requirement
@@ -142,28 +114,28 @@ dependencies:
142
114
  requirements:
143
115
  - - "~>"
144
116
  - !ruby/object:Gem::Version
145
- version: 1.35.1
117
+ version: 1.37.1
146
118
  type: :development
147
119
  prerelease: false
148
120
  version_requirements: !ruby/object:Gem::Requirement
149
121
  requirements:
150
122
  - - "~>"
151
123
  - !ruby/object:Gem::Version
152
- version: 1.35.1
124
+ version: 1.37.1
153
125
  - !ruby/object:Gem::Dependency
154
- name: ruby-debug-ide
126
+ name: rubocop-performance
155
127
  requirement: !ruby/object:Gem::Requirement
156
128
  requirements:
157
129
  - - "~>"
158
130
  - !ruby/object:Gem::Version
159
- version: 0.7.3
131
+ version: 1.15.0
160
132
  type: :development
161
133
  prerelease: false
162
134
  version_requirements: !ruby/object:Gem::Requirement
163
135
  requirements:
164
136
  - - "~>"
165
137
  - !ruby/object:Gem::Version
166
- version: 0.7.3
138
+ version: 1.15.0
167
139
  - !ruby/object:Gem::Dependency
168
140
  name: simplecov
169
141
  requirement: !ruby/object:Gem::Requirement
@@ -273,14 +245,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
273
245
  requirements:
274
246
  - - ">="
275
247
  - !ruby/object:Gem::Version
276
- version: 2.7.0
248
+ version: 3.1.0
277
249
  required_rubygems_version: !ruby/object:Gem::Requirement
278
250
  requirements:
279
251
  - - ">="
280
252
  - !ruby/object:Gem::Version
281
- version: 2.7.0
253
+ version: 3.1.0
282
254
  requirements: []
283
- rubygems_version: 3.1.6
255
+ rubygems_version: 3.3.7
284
256
  signing_key:
285
257
  specification_version: 4
286
258
  summary: Go modules support for dependabot