dependabot-go_modules 0.211.0 → 0.213.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e2fd2d0b1e09d48b7bea41af75ff0c823f7fa97f3fc428f6961ca09c1f0a7473
4
- data.tar.gz: c4c938fd3210c4c84f8e946afc04aacdb4b332099697a52476fab15020f02af4
3
+ metadata.gz: fa899f6cb84134185a0301e5527097c6ca4508807512764f8f4cd733c45effbb
4
+ data.tar.gz: 4718f6bf91b3fbd5cf757a4f6de78defd584df38d8a9814be3b10fa236d17cfa
5
5
  SHA512:
6
- metadata.gz: da1c93d034f2ce7ff361b6f8972a7b8f71f68a29d0f2451bc0a4e5b6a7613d9e8e875f1f4adb6e8c78efe8e8aab11366cbeb43ae472b77205f0bb06ae55cbb14
7
- data.tar.gz: f09ef513ea9835d19f85ed2e9fb82076cf1120d39f5bfb35b4a60c8ad1b16ffe01797e85bf648df35540c08312414284dd6fb962e891ab6cab4eddcfec85ec7c
6
+ metadata.gz: 24fa02bcc6e1f89000adf4405a6efc921e6bd3e0c7f2e92a8771e5fc77d1508034fbcc8efe0d5adebcb0243cd878761944ac1e61d6495206c907888261506a4b
7
+ data.tar.gz: d6846ea7a5d4c423101fada0f5d4f11024f093e67a9f79ea8d5b3413920a0b6b0f45ec687456d04fd5d120af035b8040e2c2bb6190dfbb88c7e9c94193a2376a
@@ -47,6 +47,10 @@ module Dependabot
47
47
  def go_sum
48
48
  @go_sum ||= fetch_file_if_present("go.sum")
49
49
  end
50
+
51
+ def recurse_submodules_when_cloning?
52
+ true
53
+ end
50
54
  end
51
55
  end
52
56
  end
@@ -12,7 +12,7 @@ require "dependabot/file_parsers/base"
12
12
  module Dependabot
13
13
  module GoModules
14
14
  class FileParser < Dependabot::FileParsers::Base
15
- GIT_VERSION_REGEX = /^v\d+\.\d+\.\d+-.*-(?<sha>[0-9a-f]{12})$/.freeze
15
+ GIT_VERSION_REGEX = /^v\d+\.\d+\.\d+-.*-(?<sha>[0-9a-f]{12})$/
16
16
 
17
17
  def parse
18
18
  dependency_set = Dependabot::FileParsers::Base::DependencySet.new
@@ -65,7 +65,7 @@ module Dependabot
65
65
  # `go mod edit` works, even if some modules have been `replace`d with
66
66
  # a local module that we don't have access to.
67
67
  local_replacements.each do |_, stub_path|
68
- Dir.mkdir(stub_path) unless Dir.exist?(stub_path)
68
+ FileUtils.mkdir_p(stub_path)
69
69
  FileUtils.touch(File.join(stub_path, "go.mod"))
70
70
  end
71
71
 
@@ -135,8 +135,8 @@ module Dependabot
135
135
  }
136
136
  rescue Dependabot::SharedHelpers::HelperSubprocessFailed => e
137
137
  if e.message == "Cannot detect VCS"
138
- msg = e.message + " for #{dep['Path']}. Attempted to detect VCS "\
139
- "because the version looks like a git revision: "\
138
+ msg = e.message + " for #{dep['Path']}. Attempted to detect VCS " \
139
+ "because the version looks like a git revision: " \
140
140
  "#{dep['Version']}"
141
141
  raise Dependabot::DependencyFileNotResolvable, msg
142
142
  end
@@ -13,7 +13,7 @@ module Dependabot
13
13
  class GoModUpdater
14
14
  RESOLVABILITY_ERROR_REGEXES = [
15
15
  # The checksum in go.sum does not match the downloaded content
16
- /verifying .*: checksum mismatch/.freeze,
16
+ /verifying .*: checksum mismatch/,
17
17
  /go(?: get)?: .*: go.mod has post-v\d+ module path/
18
18
  ].freeze
19
19
 
@@ -21,19 +21,19 @@ module Dependabot
21
21
  /fatal: The remote end hung up unexpectedly/,
22
22
  /repository '.+' not found/,
23
23
  # (Private) module could not be fetched
24
- /go(?: get)?: .*: git (fetch|ls-remote) .*: exit status 128/m.freeze,
24
+ /go(?: get)?: .*: git (fetch|ls-remote) .*: exit status 128/m,
25
25
  # (Private) module could not be found
26
- /cannot find module providing package/.freeze,
26
+ /cannot find module providing package/,
27
27
  # Package in module was likely renamed or removed
28
- /module .* found \(.*\), but does not contain package/m.freeze,
28
+ /module .* found \(.*\), but does not contain package/m,
29
29
  # Package pseudo-version does not match the version-control metadata
30
30
  # https://golang.google.cn/doc/go1.13#version-validation
31
- /go(?: get)?: .*: invalid pseudo-version/m.freeze,
31
+ /go(?: get)?: .*: invalid pseudo-version/m,
32
32
  # Package does not exist, has been pulled or cannot be reached due to
33
33
  # auth problems with either git or the go proxy
34
- /go(?: get)?: .*: unknown revision/m.freeze,
34
+ /go(?: get)?: .*: unknown revision/m,
35
35
  # Package pointing to a proxy that 404s
36
- /go(?: get)?: .*: unrecognized import path/m.freeze
36
+ /go(?: get)?: .*: unrecognized import path/m
37
37
  ].freeze
38
38
 
39
39
  MODULE_PATH_MISMATCH_REGEXES = [
@@ -43,11 +43,11 @@ module Dependabot
43
43
  ].freeze
44
44
 
45
45
  OUT_OF_DISK_REGEXES = [
46
- %r{input/output error}.freeze,
47
- /no space left on device/.freeze
46
+ %r{input/output error},
47
+ /no space left on device/
48
48
  ].freeze
49
49
 
50
- GO_MOD_VERSION = /^go 1\.[\d]+$/.freeze
50
+ GO_MOD_VERSION = /^go 1\.[\d]+$/
51
51
 
52
52
  def initialize(dependencies:, credentials:, repo_contents_path:,
53
53
  directory:, options:)
@@ -175,7 +175,7 @@ module Dependabot
175
175
  _, stderr, status = Open3.capture3(environment, command)
176
176
  handle_subprocess_error(stderr) unless status.success?
177
177
  ensure
178
- File.delete(tmp_go_file) if File.exist?(tmp_go_file)
178
+ FileUtils.rm_f(tmp_go_file)
179
179
  end
180
180
 
181
181
  def parse_manifest
@@ -188,9 +188,7 @@ module Dependabot
188
188
 
189
189
  def in_repo_path(&block)
190
190
  SharedHelpers.in_a_temporary_repo_directory(directory, repo_contents_path) do
191
- SharedHelpers.with_git_configured(credentials: credentials) do
192
- block.call
193
- end
191
+ SharedHelpers.with_git_configured(credentials: credentials, &block)
194
192
  end
195
193
  end
196
194
 
@@ -199,7 +197,7 @@ module Dependabot
199
197
  # `go get` works, even if some modules have been `replace`d
200
198
  # with a local module that we don't have access to.
201
199
  stub_paths.each do |stub_path|
202
- Dir.mkdir(stub_path) unless Dir.exist?(stub_path)
200
+ FileUtils.mkdir_p(stub_path)
203
201
  FileUtils.touch(File.join(stub_path, "go.mod"))
204
202
  FileUtils.touch(File.join(stub_path, "main.go"))
205
203
  end
@@ -70,7 +70,7 @@ module Dependabot
70
70
  dependency_files.each do |file|
71
71
  path = File.join(@repo_contents_path, directory, file.name)
72
72
  path = Pathname.new(path).expand_path
73
- FileUtils.mkdir_p(path.dirname) unless Dir.exist?(path.dirname)
73
+ FileUtils.mkdir_p(path.dirname)
74
74
  File.write(path, file.content)
75
75
  end
76
76
 
@@ -17,11 +17,9 @@ module Dependabot
17
17
 
18
18
  def stub_paths(manifest, directory)
19
19
  (manifest["Replace"] || []).
20
- map { |r| r["New"]["Path"] }.
21
- compact.
20
+ filter_map { |r| r["New"]["Path"] }.
22
21
  select { |p| stub_replace_path?(p, directory) }.
23
- map { |p| [p, "./" + Digest::SHA2.hexdigest(p)] }.
24
- to_h
22
+ to_h { |p| [p, "./" + Digest::SHA2.hexdigest(p)] }
25
23
  end
26
24
 
27
25
  private
@@ -44,7 +42,7 @@ module Dependabot
44
42
 
45
43
  def relative_replacement_path?(path)
46
44
  # https://golang.org/ref/mod#go-mod-file-replace
47
- path.start_with?("./") || path.start_with?("../")
45
+ path.start_with?("./", "../")
48
46
  end
49
47
 
50
48
  def module_pathname(directory)
@@ -12,15 +12,15 @@ require "dependabot/go_modules/version"
12
12
  module Dependabot
13
13
  module GoModules
14
14
  class Requirement < Gem::Requirement
15
- WILDCARD_REGEX = /(?:\.|^)[xX*]/.freeze
16
- OR_SEPARATOR = /(?<=[a-zA-Z0-9*])\s*\|{2}/.freeze
15
+ WILDCARD_REGEX = /(?:\.|^)[xX*]/
16
+ OR_SEPARATOR = /(?<=[a-zA-Z0-9*])\s*\|{2}/
17
17
 
18
18
  # Override the version pattern to allow a 'v' prefix
19
19
  quoted = OPS.keys.map { |k| Regexp.quote(k) }.join("|")
20
20
  version_pattern = "v?#{Version::VERSION_PATTERN}"
21
21
 
22
22
  PATTERN_RAW = "\\s*(#{quoted})?\\s*(#{version_pattern})\\s*"
23
- PATTERN = /\A#{PATTERN_RAW}\z/.freeze
23
+ PATTERN = /\A#{PATTERN_RAW}\z/
24
24
 
25
25
  # Use GoModules::Version rather than Gem::Version to ensure that
26
26
  # pre-release versions aren't transformed.
@@ -3,7 +3,7 @@
3
3
  module Dependabot
4
4
  module GoModules
5
5
  module ResolvabilityErrors
6
- GITHUB_REPO_REGEX = %r{github.com/[^:@]*}.freeze
6
+ GITHUB_REPO_REGEX = %r{github.com/[^:@]*}
7
7
 
8
8
  def self.handle(message, credentials:, goprivate:)
9
9
  mod_path = message.scan(GITHUB_REPO_REGEX).last
@@ -22,10 +22,10 @@ module Dependabot
22
22
  /unrecognized import path/,
23
23
  /malformed module path/,
24
24
  # (Private) module could not be fetched
25
- /module .*: git ls-remote .*: exit status 128/m.freeze
25
+ /module .*: git ls-remote .*: exit status 128/m
26
26
  ].freeze
27
- INVALID_VERSION_REGEX = /version "[^"]+" invalid/m.freeze
28
- PSEUDO_VERSION_REGEX = /\b\d{14}-[0-9a-f]{12}$/.freeze
27
+ INVALID_VERSION_REGEX = /version "[^"]+" invalid/m
28
+ PSEUDO_VERSION_REGEX = /\b\d{14}-[0-9a-f]{12}$/
29
29
 
30
30
  def initialize(dependency:, dependency_files:, credentials:,
31
31
  ignored_versions:, security_advisories:, raise_on_ignored: false,
@@ -52,7 +52,7 @@ module Dependabot
52
52
  attr_reader :dependency, :dependency_files, :credentials, :ignored_versions, :security_advisories
53
53
 
54
54
  def fetch_latest_version
55
- return dependency.version if dependency.version =~ PSEUDO_VERSION_REGEX
55
+ return dependency.version if PSEUDO_VERSION_REGEX.match?(dependency.version)
56
56
 
57
57
  candidate_versions = available_versions
58
58
  candidate_versions = filter_prerelease_versions(candidate_versions)
@@ -62,7 +62,7 @@ module Dependabot
62
62
  end
63
63
 
64
64
  def fetch_lowest_security_fix_version
65
- return dependency.version if dependency.version =~ PSEUDO_VERSION_REGEX
65
+ return dependency.version if PSEUDO_VERSION_REGEX.match?(dependency.version)
66
66
 
67
67
  relevant_versions = available_versions
68
68
  relevant_versions = filter_prerelease_versions(relevant_versions)
@@ -110,7 +110,7 @@ module Dependabot
110
110
  def handle_subprocess_error(error)
111
111
  if RESOLVABILITY_ERROR_REGEXES.any? { |rgx| error.message =~ rgx }
112
112
  ResolvabilityErrors.handle(error.message, credentials: credentials, goprivate: @goprivate)
113
- elsif INVALID_VERSION_REGEX =~ error.message
113
+ elsif INVALID_VERSION_REGEX.match?(error.message)
114
114
  raise Dependabot::DependencyFileNotResolvable, error.message
115
115
  end
116
116
 
@@ -13,7 +13,7 @@ module Dependabot
13
13
  VERSION_PATTERN = '[0-9]+[0-9a-zA-Z]*(?>\.[0-9a-zA-Z]+)*' \
14
14
  '(-[0-9A-Za-z-]+(\.[0-9a-zA-Z-]+)*)?' \
15
15
  '(\+incompatible)?'
16
- ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/.freeze
16
+ ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/
17
17
 
18
18
  def self.correct?(version)
19
19
  version = version.gsub(/^v/, "") if version.is_a?(String)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-go_modules
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.211.0
4
+ version: 0.213.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-08-23 00:00:00.000000000 Z
11
+ date: 2022-10-31 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,42 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.211.0
19
+ version: 0.213.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.211.0
27
- - !ruby/object:Gem::Dependency
28
- name: debase
29
- requirement: !ruby/object:Gem::Requirement
30
- requirements:
31
- - - '='
32
- - !ruby/object:Gem::Version
33
- version: 0.2.3
34
- type: :development
35
- prerelease: false
36
- version_requirements: !ruby/object:Gem::Requirement
37
- requirements:
38
- - - '='
39
- - !ruby/object:Gem::Version
40
- version: 0.2.3
41
- - !ruby/object:Gem::Dependency
42
- name: debase-ruby_core_source
43
- requirement: !ruby/object:Gem::Requirement
44
- requirements:
45
- - - '='
46
- - !ruby/object:Gem::Version
47
- version: 0.10.16
48
- type: :development
49
- prerelease: false
50
- version_requirements: !ruby/object:Gem::Requirement
51
- requirements:
52
- - - '='
53
- - !ruby/object:Gem::Version
54
- version: 0.10.16
26
+ version: 0.213.0
55
27
  - !ruby/object:Gem::Dependency
56
28
  name: debug
57
29
  requirement: !ruby/object:Gem::Requirement
@@ -86,14 +58,14 @@ dependencies:
86
58
  requirements:
87
59
  - - "~>"
88
60
  - !ruby/object:Gem::Version
89
- version: 3.11.1
61
+ version: 3.13.0
90
62
  type: :development
91
63
  prerelease: false
92
64
  version_requirements: !ruby/object:Gem::Requirement
93
65
  requirements:
94
66
  - - "~>"
95
67
  - !ruby/object:Gem::Version
96
- version: 3.11.1
68
+ version: 3.13.0
97
69
  - !ruby/object:Gem::Dependency
98
70
  name: rake
99
71
  requirement: !ruby/object:Gem::Requirement
@@ -142,28 +114,28 @@ dependencies:
142
114
  requirements:
143
115
  - - "~>"
144
116
  - !ruby/object:Gem::Version
145
- version: 1.35.1
117
+ version: 1.37.1
146
118
  type: :development
147
119
  prerelease: false
148
120
  version_requirements: !ruby/object:Gem::Requirement
149
121
  requirements:
150
122
  - - "~>"
151
123
  - !ruby/object:Gem::Version
152
- version: 1.35.1
124
+ version: 1.37.1
153
125
  - !ruby/object:Gem::Dependency
154
- name: ruby-debug-ide
126
+ name: rubocop-performance
155
127
  requirement: !ruby/object:Gem::Requirement
156
128
  requirements:
157
129
  - - "~>"
158
130
  - !ruby/object:Gem::Version
159
- version: 0.7.3
131
+ version: 1.15.0
160
132
  type: :development
161
133
  prerelease: false
162
134
  version_requirements: !ruby/object:Gem::Requirement
163
135
  requirements:
164
136
  - - "~>"
165
137
  - !ruby/object:Gem::Version
166
- version: 0.7.3
138
+ version: 1.15.0
167
139
  - !ruby/object:Gem::Dependency
168
140
  name: simplecov
169
141
  requirement: !ruby/object:Gem::Requirement
@@ -273,14 +245,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
273
245
  requirements:
274
246
  - - ">="
275
247
  - !ruby/object:Gem::Version
276
- version: 2.7.0
248
+ version: 3.1.0
277
249
  required_rubygems_version: !ruby/object:Gem::Requirement
278
250
  requirements:
279
251
  - - ">="
280
252
  - !ruby/object:Gem::Version
281
- version: 2.7.0
253
+ version: 3.1.0
282
254
  requirements: []
283
- rubygems_version: 3.1.6
255
+ rubygems_version: 3.3.7
284
256
  signing_key:
285
257
  specification_version: 4
286
258
  summary: Go modules support for dependabot