dependabot-go_modules 0.212.0 → 0.214.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/go_modules/file_fetcher.rb +4 -0
- data/lib/dependabot/go_modules/file_parser.rb +16 -1
- data/lib/dependabot/go_modules/file_updater/go_mod_updater.rb +10 -10
- data/lib/dependabot/go_modules/requirement.rb +3 -3
- data/lib/dependabot/go_modules/resolvability_errors.rb +1 -1
- data/lib/dependabot/go_modules/update_checker/latest_version_finder.rb +7 -8
- data/lib/dependabot/go_modules/update_checker.rb +2 -2
- data/lib/dependabot/go_modules/version.rb +1 -1
- metadata +13 -55
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 5825bfefc09a4e3ef05bf5286f52f1de9825c0d7ffd3e34b3281c67847b67bc4
|
4
|
+
data.tar.gz: 2eedaaa966c5b7d76e09ee6dc2747a2f3e02b169391de945f3ea8a78a0dbd73b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 5bf996465ae67751493da4cb2fd27c9db2a128551e41328be4cdd5ee654f373d8b2938d9449dada9c7e5eae9c2f203a6d6367cb9de66d4c4c9e7cc21bdecb5af
|
7
|
+
data.tar.gz: 48873014f7eaf642d5010e449fa04081eca67e0d7dc039f1687476dddf152a514cbd21c0ff1b73ad720eecd0d9bca3012104657f6708f86c52391cdb0793bf74
|
@@ -12,7 +12,7 @@ require "dependabot/file_parsers/base"
|
|
12
12
|
module Dependabot
|
13
13
|
module GoModules
|
14
14
|
class FileParser < Dependabot::FileParsers::Base
|
15
|
-
GIT_VERSION_REGEX = /^v\d+\.\d+\.\d+-.*-(?<sha>[0-9a-f]{12})
|
15
|
+
GIT_VERSION_REGEX = /^v\d+\.\d+\.\d+-.*-(?<sha>[0-9a-f]{12})$/
|
16
16
|
|
17
17
|
def parse
|
18
18
|
dependency_set = Dependabot::FileParsers::Base::DependencySet.new
|
@@ -135,6 +135,9 @@ module Dependabot
|
|
135
135
|
}
|
136
136
|
rescue Dependabot::SharedHelpers::HelperSubprocessFailed => e
|
137
137
|
if e.message == "Cannot detect VCS"
|
138
|
+
# if the dependency is locally replaced, this is not a fatal error
|
139
|
+
return { type: "default", source: dep["Path"] } if dependency_has_local_replacement(dep)
|
140
|
+
|
138
141
|
msg = e.message + " for #{dep['Path']}. Attempted to detect VCS " \
|
139
142
|
"because the version looks like a git revision: " \
|
140
143
|
"#{dep['Version']}"
|
@@ -179,6 +182,18 @@ module Dependabot
|
|
179
182
|
end
|
180
183
|
false
|
181
184
|
end
|
185
|
+
|
186
|
+
def dependency_has_local_replacement(details)
|
187
|
+
if manifest["Replace"]
|
188
|
+
has_local_replacement = manifest["Replace"].find do |replace|
|
189
|
+
replace["New"]["Path"].start_with?("./", "../") &&
|
190
|
+
replace["Old"]["Path"] == details["Path"]
|
191
|
+
end
|
192
|
+
|
193
|
+
return true if has_local_replacement
|
194
|
+
end
|
195
|
+
false
|
196
|
+
end
|
182
197
|
end
|
183
198
|
end
|
184
199
|
end
|
@@ -13,7 +13,7 @@ module Dependabot
|
|
13
13
|
class GoModUpdater
|
14
14
|
RESOLVABILITY_ERROR_REGEXES = [
|
15
15
|
# The checksum in go.sum does not match the downloaded content
|
16
|
-
/verifying .*: checksum mismatch
|
16
|
+
/verifying .*: checksum mismatch/,
|
17
17
|
/go(?: get)?: .*: go.mod has post-v\d+ module path/
|
18
18
|
].freeze
|
19
19
|
|
@@ -21,19 +21,19 @@ module Dependabot
|
|
21
21
|
/fatal: The remote end hung up unexpectedly/,
|
22
22
|
/repository '.+' not found/,
|
23
23
|
# (Private) module could not be fetched
|
24
|
-
/go(?: get)?: .*: git (fetch|ls-remote) .*: exit status 128/m
|
24
|
+
/go(?: get)?: .*: git (fetch|ls-remote) .*: exit status 128/m,
|
25
25
|
# (Private) module could not be found
|
26
|
-
/cannot find module providing package
|
26
|
+
/cannot find module providing package/,
|
27
27
|
# Package in module was likely renamed or removed
|
28
|
-
/module .* found \(.*\), but does not contain package/m
|
28
|
+
/module .* found \(.*\), but does not contain package/m,
|
29
29
|
# Package pseudo-version does not match the version-control metadata
|
30
30
|
# https://golang.google.cn/doc/go1.13#version-validation
|
31
|
-
/go(?: get)?: .*: invalid pseudo-version/m
|
31
|
+
/go(?: get)?: .*: invalid pseudo-version/m,
|
32
32
|
# Package does not exist, has been pulled or cannot be reached due to
|
33
33
|
# auth problems with either git or the go proxy
|
34
|
-
/go(?: get)?: .*: unknown revision/m
|
34
|
+
/go(?: get)?: .*: unknown revision/m,
|
35
35
|
# Package pointing to a proxy that 404s
|
36
|
-
/go(?: get)?: .*: unrecognized import path/m
|
36
|
+
/go(?: get)?: .*: unrecognized import path/m
|
37
37
|
].freeze
|
38
38
|
|
39
39
|
MODULE_PATH_MISMATCH_REGEXES = [
|
@@ -43,11 +43,11 @@ module Dependabot
|
|
43
43
|
].freeze
|
44
44
|
|
45
45
|
OUT_OF_DISK_REGEXES = [
|
46
|
-
%r{input/output error}
|
47
|
-
/no space left on device
|
46
|
+
%r{input/output error},
|
47
|
+
/no space left on device/
|
48
48
|
].freeze
|
49
49
|
|
50
|
-
GO_MOD_VERSION = /^go 1\.[\d]
|
50
|
+
GO_MOD_VERSION = /^go 1\.[\d]+$/
|
51
51
|
|
52
52
|
def initialize(dependencies:, credentials:, repo_contents_path:,
|
53
53
|
directory:, options:)
|
@@ -12,15 +12,15 @@ require "dependabot/go_modules/version"
|
|
12
12
|
module Dependabot
|
13
13
|
module GoModules
|
14
14
|
class Requirement < Gem::Requirement
|
15
|
-
WILDCARD_REGEX = /(?:\.|^)[xX*]
|
16
|
-
OR_SEPARATOR = /(?<=[a-zA-Z0-9*])\s*\|{2}
|
15
|
+
WILDCARD_REGEX = /(?:\.|^)[xX*]/
|
16
|
+
OR_SEPARATOR = /(?<=[a-zA-Z0-9*])\s*\|{2}/
|
17
17
|
|
18
18
|
# Override the version pattern to allow a 'v' prefix
|
19
19
|
quoted = OPS.keys.map { |k| Regexp.quote(k) }.join("|")
|
20
20
|
version_pattern = "v?#{Version::VERSION_PATTERN}"
|
21
21
|
|
22
22
|
PATTERN_RAW = "\\s*(#{quoted})?\\s*(#{version_pattern})\\s*"
|
23
|
-
PATTERN = /\A#{PATTERN_RAW}\z
|
23
|
+
PATTERN = /\A#{PATTERN_RAW}\z/
|
24
24
|
|
25
25
|
# Use GoModules::Version rather than Gem::Version to ensure that
|
26
26
|
# pre-release versions aren't transformed.
|
@@ -22,10 +22,10 @@ module Dependabot
|
|
22
22
|
/unrecognized import path/,
|
23
23
|
/malformed module path/,
|
24
24
|
# (Private) module could not be fetched
|
25
|
-
/module .*: git ls-remote .*: exit status 128/m
|
25
|
+
/module .*: git ls-remote .*: exit status 128/m
|
26
26
|
].freeze
|
27
|
-
INVALID_VERSION_REGEX = /version "[^"]+" invalid/m
|
28
|
-
PSEUDO_VERSION_REGEX = /\b\d{14}-[0-9a-f]{12}
|
27
|
+
INVALID_VERSION_REGEX = /version "[^"]+" invalid/m
|
28
|
+
PSEUDO_VERSION_REGEX = /\b\d{14}-[0-9a-f]{12}$/
|
29
29
|
|
30
30
|
def initialize(dependency:, dependency_files:, credentials:,
|
31
31
|
ignored_versions:, security_advisories:, raise_on_ignored: false,
|
@@ -143,10 +143,10 @@ module Dependabot
|
|
143
143
|
end
|
144
144
|
|
145
145
|
def filter_lower_versions(versions_array)
|
146
|
-
return versions_array unless dependency.
|
146
|
+
return versions_array unless dependency.numeric_version
|
147
147
|
|
148
148
|
versions_array.
|
149
|
-
select { |version| version >
|
149
|
+
select { |version| version > dependency.numeric_version }
|
150
150
|
end
|
151
151
|
|
152
152
|
def filter_ignored_versions(versions_array)
|
@@ -162,9 +162,8 @@ module Dependabot
|
|
162
162
|
def wants_prerelease?
|
163
163
|
@wants_prerelease ||=
|
164
164
|
begin
|
165
|
-
current_version = dependency.
|
166
|
-
current_version
|
167
|
-
version_class.new(current_version).prerelease?
|
165
|
+
current_version = dependency.numeric_version
|
166
|
+
current_version&.prerelease?
|
168
167
|
end
|
169
168
|
end
|
170
169
|
|
@@ -21,7 +21,7 @@ module Dependabot
|
|
21
21
|
unless dependency.top_level?
|
22
22
|
return unless dependency.version
|
23
23
|
|
24
|
-
return
|
24
|
+
return current_version
|
25
25
|
end
|
26
26
|
|
27
27
|
latest_version_finder.latest_version
|
@@ -40,7 +40,7 @@ module Dependabot
|
|
40
40
|
unless dependency.top_level?
|
41
41
|
return unless dependency.version
|
42
42
|
|
43
|
-
return
|
43
|
+
return current_version
|
44
44
|
end
|
45
45
|
|
46
46
|
lowest_security_fix_version
|
@@ -13,7 +13,7 @@ module Dependabot
|
|
13
13
|
VERSION_PATTERN = '[0-9]+[0-9a-zA-Z]*(?>\.[0-9a-zA-Z]+)*' \
|
14
14
|
'(-[0-9A-Za-z-]+(\.[0-9a-zA-Z-]+)*)?' \
|
15
15
|
'(\+incompatible)?'
|
16
|
-
ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z
|
16
|
+
ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/
|
17
17
|
|
18
18
|
def self.correct?(version)
|
19
19
|
version = version.gsub(/^v/, "") if version.is_a?(String)
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-go_modules
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.214.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-12-01 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,42 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.214.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
27
|
-
- !ruby/object:Gem::Dependency
|
28
|
-
name: debase
|
29
|
-
requirement: !ruby/object:Gem::Requirement
|
30
|
-
requirements:
|
31
|
-
- - '='
|
32
|
-
- !ruby/object:Gem::Version
|
33
|
-
version: 0.2.3
|
34
|
-
type: :development
|
35
|
-
prerelease: false
|
36
|
-
version_requirements: !ruby/object:Gem::Requirement
|
37
|
-
requirements:
|
38
|
-
- - '='
|
39
|
-
- !ruby/object:Gem::Version
|
40
|
-
version: 0.2.3
|
41
|
-
- !ruby/object:Gem::Dependency
|
42
|
-
name: debase-ruby_core_source
|
43
|
-
requirement: !ruby/object:Gem::Requirement
|
44
|
-
requirements:
|
45
|
-
- - '='
|
46
|
-
- !ruby/object:Gem::Version
|
47
|
-
version: 0.10.16
|
48
|
-
type: :development
|
49
|
-
prerelease: false
|
50
|
-
version_requirements: !ruby/object:Gem::Requirement
|
51
|
-
requirements:
|
52
|
-
- - '='
|
53
|
-
- !ruby/object:Gem::Version
|
54
|
-
version: 0.10.16
|
26
|
+
version: 0.214.0
|
55
27
|
- !ruby/object:Gem::Dependency
|
56
28
|
name: debug
|
57
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -86,14 +58,14 @@ dependencies:
|
|
86
58
|
requirements:
|
87
59
|
- - "~>"
|
88
60
|
- !ruby/object:Gem::Version
|
89
|
-
version:
|
61
|
+
version: 4.0.0
|
90
62
|
type: :development
|
91
63
|
prerelease: false
|
92
64
|
version_requirements: !ruby/object:Gem::Requirement
|
93
65
|
requirements:
|
94
66
|
- - "~>"
|
95
67
|
- !ruby/object:Gem::Version
|
96
|
-
version:
|
68
|
+
version: 4.0.0
|
97
69
|
- !ruby/object:Gem::Dependency
|
98
70
|
name: rake
|
99
71
|
requirement: !ruby/object:Gem::Requirement
|
@@ -142,42 +114,28 @@ dependencies:
|
|
142
114
|
requirements:
|
143
115
|
- - "~>"
|
144
116
|
- !ruby/object:Gem::Version
|
145
|
-
version: 1.
|
117
|
+
version: 1.39.0
|
146
118
|
type: :development
|
147
119
|
prerelease: false
|
148
120
|
version_requirements: !ruby/object:Gem::Requirement
|
149
121
|
requirements:
|
150
122
|
- - "~>"
|
151
123
|
- !ruby/object:Gem::Version
|
152
|
-
version: 1.
|
124
|
+
version: 1.39.0
|
153
125
|
- !ruby/object:Gem::Dependency
|
154
126
|
name: rubocop-performance
|
155
127
|
requirement: !ruby/object:Gem::Requirement
|
156
128
|
requirements:
|
157
129
|
- - "~>"
|
158
130
|
- !ruby/object:Gem::Version
|
159
|
-
version: 1.
|
160
|
-
type: :development
|
161
|
-
prerelease: false
|
162
|
-
version_requirements: !ruby/object:Gem::Requirement
|
163
|
-
requirements:
|
164
|
-
- - "~>"
|
165
|
-
- !ruby/object:Gem::Version
|
166
|
-
version: 1.14.2
|
167
|
-
- !ruby/object:Gem::Dependency
|
168
|
-
name: ruby-debug-ide
|
169
|
-
requirement: !ruby/object:Gem::Requirement
|
170
|
-
requirements:
|
171
|
-
- - "~>"
|
172
|
-
- !ruby/object:Gem::Version
|
173
|
-
version: 0.7.3
|
131
|
+
version: 1.15.0
|
174
132
|
type: :development
|
175
133
|
prerelease: false
|
176
134
|
version_requirements: !ruby/object:Gem::Requirement
|
177
135
|
requirements:
|
178
136
|
- - "~>"
|
179
137
|
- !ruby/object:Gem::Version
|
180
|
-
version:
|
138
|
+
version: 1.15.0
|
181
139
|
- !ruby/object:Gem::Dependency
|
182
140
|
name: simplecov
|
183
141
|
requirement: !ruby/object:Gem::Requirement
|
@@ -287,14 +245,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
287
245
|
requirements:
|
288
246
|
- - ">="
|
289
247
|
- !ruby/object:Gem::Version
|
290
|
-
version:
|
248
|
+
version: 3.1.0
|
291
249
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
292
250
|
requirements:
|
293
251
|
- - ">="
|
294
252
|
- !ruby/object:Gem::Version
|
295
|
-
version:
|
253
|
+
version: 3.1.0
|
296
254
|
requirements: []
|
297
|
-
rubygems_version: 3.
|
255
|
+
rubygems_version: 3.3.7
|
298
256
|
signing_key:
|
299
257
|
specification_version: 4
|
300
258
|
summary: Go modules support for dependabot
|