dependabot-go_modules 0.212.0 → 0.214.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/go_modules/file_fetcher.rb +4 -0
- data/lib/dependabot/go_modules/file_parser.rb +16 -1
- data/lib/dependabot/go_modules/file_updater/go_mod_updater.rb +10 -10
- data/lib/dependabot/go_modules/requirement.rb +3 -3
- data/lib/dependabot/go_modules/resolvability_errors.rb +1 -1
- data/lib/dependabot/go_modules/update_checker/latest_version_finder.rb +7 -8
- data/lib/dependabot/go_modules/update_checker.rb +2 -2
- data/lib/dependabot/go_modules/version.rb +1 -1
- metadata +13 -55
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5825bfefc09a4e3ef05bf5286f52f1de9825c0d7ffd3e34b3281c67847b67bc4
|
|
4
|
+
data.tar.gz: 2eedaaa966c5b7d76e09ee6dc2747a2f3e02b169391de945f3ea8a78a0dbd73b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 5bf996465ae67751493da4cb2fd27c9db2a128551e41328be4cdd5ee654f373d8b2938d9449dada9c7e5eae9c2f203a6d6367cb9de66d4c4c9e7cc21bdecb5af
|
|
7
|
+
data.tar.gz: 48873014f7eaf642d5010e449fa04081eca67e0d7dc039f1687476dddf152a514cbd21c0ff1b73ad720eecd0d9bca3012104657f6708f86c52391cdb0793bf74
|
|
@@ -12,7 +12,7 @@ require "dependabot/file_parsers/base"
|
|
|
12
12
|
module Dependabot
|
|
13
13
|
module GoModules
|
|
14
14
|
class FileParser < Dependabot::FileParsers::Base
|
|
15
|
-
GIT_VERSION_REGEX = /^v\d+\.\d+\.\d+-.*-(?<sha>[0-9a-f]{12})
|
|
15
|
+
GIT_VERSION_REGEX = /^v\d+\.\d+\.\d+-.*-(?<sha>[0-9a-f]{12})$/
|
|
16
16
|
|
|
17
17
|
def parse
|
|
18
18
|
dependency_set = Dependabot::FileParsers::Base::DependencySet.new
|
|
@@ -135,6 +135,9 @@ module Dependabot
|
|
|
135
135
|
}
|
|
136
136
|
rescue Dependabot::SharedHelpers::HelperSubprocessFailed => e
|
|
137
137
|
if e.message == "Cannot detect VCS"
|
|
138
|
+
# if the dependency is locally replaced, this is not a fatal error
|
|
139
|
+
return { type: "default", source: dep["Path"] } if dependency_has_local_replacement(dep)
|
|
140
|
+
|
|
138
141
|
msg = e.message + " for #{dep['Path']}. Attempted to detect VCS " \
|
|
139
142
|
"because the version looks like a git revision: " \
|
|
140
143
|
"#{dep['Version']}"
|
|
@@ -179,6 +182,18 @@ module Dependabot
|
|
|
179
182
|
end
|
|
180
183
|
false
|
|
181
184
|
end
|
|
185
|
+
|
|
186
|
+
def dependency_has_local_replacement(details)
|
|
187
|
+
if manifest["Replace"]
|
|
188
|
+
has_local_replacement = manifest["Replace"].find do |replace|
|
|
189
|
+
replace["New"]["Path"].start_with?("./", "../") &&
|
|
190
|
+
replace["Old"]["Path"] == details["Path"]
|
|
191
|
+
end
|
|
192
|
+
|
|
193
|
+
return true if has_local_replacement
|
|
194
|
+
end
|
|
195
|
+
false
|
|
196
|
+
end
|
|
182
197
|
end
|
|
183
198
|
end
|
|
184
199
|
end
|
|
@@ -13,7 +13,7 @@ module Dependabot
|
|
|
13
13
|
class GoModUpdater
|
|
14
14
|
RESOLVABILITY_ERROR_REGEXES = [
|
|
15
15
|
# The checksum in go.sum does not match the downloaded content
|
|
16
|
-
/verifying .*: checksum mismatch
|
|
16
|
+
/verifying .*: checksum mismatch/,
|
|
17
17
|
/go(?: get)?: .*: go.mod has post-v\d+ module path/
|
|
18
18
|
].freeze
|
|
19
19
|
|
|
@@ -21,19 +21,19 @@ module Dependabot
|
|
|
21
21
|
/fatal: The remote end hung up unexpectedly/,
|
|
22
22
|
/repository '.+' not found/,
|
|
23
23
|
# (Private) module could not be fetched
|
|
24
|
-
/go(?: get)?: .*: git (fetch|ls-remote) .*: exit status 128/m
|
|
24
|
+
/go(?: get)?: .*: git (fetch|ls-remote) .*: exit status 128/m,
|
|
25
25
|
# (Private) module could not be found
|
|
26
|
-
/cannot find module providing package
|
|
26
|
+
/cannot find module providing package/,
|
|
27
27
|
# Package in module was likely renamed or removed
|
|
28
|
-
/module .* found \(.*\), but does not contain package/m
|
|
28
|
+
/module .* found \(.*\), but does not contain package/m,
|
|
29
29
|
# Package pseudo-version does not match the version-control metadata
|
|
30
30
|
# https://golang.google.cn/doc/go1.13#version-validation
|
|
31
|
-
/go(?: get)?: .*: invalid pseudo-version/m
|
|
31
|
+
/go(?: get)?: .*: invalid pseudo-version/m,
|
|
32
32
|
# Package does not exist, has been pulled or cannot be reached due to
|
|
33
33
|
# auth problems with either git or the go proxy
|
|
34
|
-
/go(?: get)?: .*: unknown revision/m
|
|
34
|
+
/go(?: get)?: .*: unknown revision/m,
|
|
35
35
|
# Package pointing to a proxy that 404s
|
|
36
|
-
/go(?: get)?: .*: unrecognized import path/m
|
|
36
|
+
/go(?: get)?: .*: unrecognized import path/m
|
|
37
37
|
].freeze
|
|
38
38
|
|
|
39
39
|
MODULE_PATH_MISMATCH_REGEXES = [
|
|
@@ -43,11 +43,11 @@ module Dependabot
|
|
|
43
43
|
].freeze
|
|
44
44
|
|
|
45
45
|
OUT_OF_DISK_REGEXES = [
|
|
46
|
-
%r{input/output error}
|
|
47
|
-
/no space left on device
|
|
46
|
+
%r{input/output error},
|
|
47
|
+
/no space left on device/
|
|
48
48
|
].freeze
|
|
49
49
|
|
|
50
|
-
GO_MOD_VERSION = /^go 1\.[\d]
|
|
50
|
+
GO_MOD_VERSION = /^go 1\.[\d]+$/
|
|
51
51
|
|
|
52
52
|
def initialize(dependencies:, credentials:, repo_contents_path:,
|
|
53
53
|
directory:, options:)
|
|
@@ -12,15 +12,15 @@ require "dependabot/go_modules/version"
|
|
|
12
12
|
module Dependabot
|
|
13
13
|
module GoModules
|
|
14
14
|
class Requirement < Gem::Requirement
|
|
15
|
-
WILDCARD_REGEX = /(?:\.|^)[xX*]
|
|
16
|
-
OR_SEPARATOR = /(?<=[a-zA-Z0-9*])\s*\|{2}
|
|
15
|
+
WILDCARD_REGEX = /(?:\.|^)[xX*]/
|
|
16
|
+
OR_SEPARATOR = /(?<=[a-zA-Z0-9*])\s*\|{2}/
|
|
17
17
|
|
|
18
18
|
# Override the version pattern to allow a 'v' prefix
|
|
19
19
|
quoted = OPS.keys.map { |k| Regexp.quote(k) }.join("|")
|
|
20
20
|
version_pattern = "v?#{Version::VERSION_PATTERN}"
|
|
21
21
|
|
|
22
22
|
PATTERN_RAW = "\\s*(#{quoted})?\\s*(#{version_pattern})\\s*"
|
|
23
|
-
PATTERN = /\A#{PATTERN_RAW}\z
|
|
23
|
+
PATTERN = /\A#{PATTERN_RAW}\z/
|
|
24
24
|
|
|
25
25
|
# Use GoModules::Version rather than Gem::Version to ensure that
|
|
26
26
|
# pre-release versions aren't transformed.
|
|
@@ -22,10 +22,10 @@ module Dependabot
|
|
|
22
22
|
/unrecognized import path/,
|
|
23
23
|
/malformed module path/,
|
|
24
24
|
# (Private) module could not be fetched
|
|
25
|
-
/module .*: git ls-remote .*: exit status 128/m
|
|
25
|
+
/module .*: git ls-remote .*: exit status 128/m
|
|
26
26
|
].freeze
|
|
27
|
-
INVALID_VERSION_REGEX = /version "[^"]+" invalid/m
|
|
28
|
-
PSEUDO_VERSION_REGEX = /\b\d{14}-[0-9a-f]{12}
|
|
27
|
+
INVALID_VERSION_REGEX = /version "[^"]+" invalid/m
|
|
28
|
+
PSEUDO_VERSION_REGEX = /\b\d{14}-[0-9a-f]{12}$/
|
|
29
29
|
|
|
30
30
|
def initialize(dependency:, dependency_files:, credentials:,
|
|
31
31
|
ignored_versions:, security_advisories:, raise_on_ignored: false,
|
|
@@ -143,10 +143,10 @@ module Dependabot
|
|
|
143
143
|
end
|
|
144
144
|
|
|
145
145
|
def filter_lower_versions(versions_array)
|
|
146
|
-
return versions_array unless dependency.
|
|
146
|
+
return versions_array unless dependency.numeric_version
|
|
147
147
|
|
|
148
148
|
versions_array.
|
|
149
|
-
select { |version| version >
|
|
149
|
+
select { |version| version > dependency.numeric_version }
|
|
150
150
|
end
|
|
151
151
|
|
|
152
152
|
def filter_ignored_versions(versions_array)
|
|
@@ -162,9 +162,8 @@ module Dependabot
|
|
|
162
162
|
def wants_prerelease?
|
|
163
163
|
@wants_prerelease ||=
|
|
164
164
|
begin
|
|
165
|
-
current_version = dependency.
|
|
166
|
-
current_version
|
|
167
|
-
version_class.new(current_version).prerelease?
|
|
165
|
+
current_version = dependency.numeric_version
|
|
166
|
+
current_version&.prerelease?
|
|
168
167
|
end
|
|
169
168
|
end
|
|
170
169
|
|
|
@@ -21,7 +21,7 @@ module Dependabot
|
|
|
21
21
|
unless dependency.top_level?
|
|
22
22
|
return unless dependency.version
|
|
23
23
|
|
|
24
|
-
return
|
|
24
|
+
return current_version
|
|
25
25
|
end
|
|
26
26
|
|
|
27
27
|
latest_version_finder.latest_version
|
|
@@ -40,7 +40,7 @@ module Dependabot
|
|
|
40
40
|
unless dependency.top_level?
|
|
41
41
|
return unless dependency.version
|
|
42
42
|
|
|
43
|
-
return
|
|
43
|
+
return current_version
|
|
44
44
|
end
|
|
45
45
|
|
|
46
46
|
lowest_security_fix_version
|
|
@@ -13,7 +13,7 @@ module Dependabot
|
|
|
13
13
|
VERSION_PATTERN = '[0-9]+[0-9a-zA-Z]*(?>\.[0-9a-zA-Z]+)*' \
|
|
14
14
|
'(-[0-9A-Za-z-]+(\.[0-9a-zA-Z-]+)*)?' \
|
|
15
15
|
'(\+incompatible)?'
|
|
16
|
-
ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z
|
|
16
|
+
ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/
|
|
17
17
|
|
|
18
18
|
def self.correct?(version)
|
|
19
19
|
version = version.gsub(/^v/, "") if version.is_a?(String)
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-go_modules
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.214.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-12-01 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,42 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.214.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
27
|
-
- !ruby/object:Gem::Dependency
|
|
28
|
-
name: debase
|
|
29
|
-
requirement: !ruby/object:Gem::Requirement
|
|
30
|
-
requirements:
|
|
31
|
-
- - '='
|
|
32
|
-
- !ruby/object:Gem::Version
|
|
33
|
-
version: 0.2.3
|
|
34
|
-
type: :development
|
|
35
|
-
prerelease: false
|
|
36
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
37
|
-
requirements:
|
|
38
|
-
- - '='
|
|
39
|
-
- !ruby/object:Gem::Version
|
|
40
|
-
version: 0.2.3
|
|
41
|
-
- !ruby/object:Gem::Dependency
|
|
42
|
-
name: debase-ruby_core_source
|
|
43
|
-
requirement: !ruby/object:Gem::Requirement
|
|
44
|
-
requirements:
|
|
45
|
-
- - '='
|
|
46
|
-
- !ruby/object:Gem::Version
|
|
47
|
-
version: 0.10.16
|
|
48
|
-
type: :development
|
|
49
|
-
prerelease: false
|
|
50
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
51
|
-
requirements:
|
|
52
|
-
- - '='
|
|
53
|
-
- !ruby/object:Gem::Version
|
|
54
|
-
version: 0.10.16
|
|
26
|
+
version: 0.214.0
|
|
55
27
|
- !ruby/object:Gem::Dependency
|
|
56
28
|
name: debug
|
|
57
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -86,14 +58,14 @@ dependencies:
|
|
|
86
58
|
requirements:
|
|
87
59
|
- - "~>"
|
|
88
60
|
- !ruby/object:Gem::Version
|
|
89
|
-
version:
|
|
61
|
+
version: 4.0.0
|
|
90
62
|
type: :development
|
|
91
63
|
prerelease: false
|
|
92
64
|
version_requirements: !ruby/object:Gem::Requirement
|
|
93
65
|
requirements:
|
|
94
66
|
- - "~>"
|
|
95
67
|
- !ruby/object:Gem::Version
|
|
96
|
-
version:
|
|
68
|
+
version: 4.0.0
|
|
97
69
|
- !ruby/object:Gem::Dependency
|
|
98
70
|
name: rake
|
|
99
71
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -142,42 +114,28 @@ dependencies:
|
|
|
142
114
|
requirements:
|
|
143
115
|
- - "~>"
|
|
144
116
|
- !ruby/object:Gem::Version
|
|
145
|
-
version: 1.
|
|
117
|
+
version: 1.39.0
|
|
146
118
|
type: :development
|
|
147
119
|
prerelease: false
|
|
148
120
|
version_requirements: !ruby/object:Gem::Requirement
|
|
149
121
|
requirements:
|
|
150
122
|
- - "~>"
|
|
151
123
|
- !ruby/object:Gem::Version
|
|
152
|
-
version: 1.
|
|
124
|
+
version: 1.39.0
|
|
153
125
|
- !ruby/object:Gem::Dependency
|
|
154
126
|
name: rubocop-performance
|
|
155
127
|
requirement: !ruby/object:Gem::Requirement
|
|
156
128
|
requirements:
|
|
157
129
|
- - "~>"
|
|
158
130
|
- !ruby/object:Gem::Version
|
|
159
|
-
version: 1.
|
|
160
|
-
type: :development
|
|
161
|
-
prerelease: false
|
|
162
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
163
|
-
requirements:
|
|
164
|
-
- - "~>"
|
|
165
|
-
- !ruby/object:Gem::Version
|
|
166
|
-
version: 1.14.2
|
|
167
|
-
- !ruby/object:Gem::Dependency
|
|
168
|
-
name: ruby-debug-ide
|
|
169
|
-
requirement: !ruby/object:Gem::Requirement
|
|
170
|
-
requirements:
|
|
171
|
-
- - "~>"
|
|
172
|
-
- !ruby/object:Gem::Version
|
|
173
|
-
version: 0.7.3
|
|
131
|
+
version: 1.15.0
|
|
174
132
|
type: :development
|
|
175
133
|
prerelease: false
|
|
176
134
|
version_requirements: !ruby/object:Gem::Requirement
|
|
177
135
|
requirements:
|
|
178
136
|
- - "~>"
|
|
179
137
|
- !ruby/object:Gem::Version
|
|
180
|
-
version:
|
|
138
|
+
version: 1.15.0
|
|
181
139
|
- !ruby/object:Gem::Dependency
|
|
182
140
|
name: simplecov
|
|
183
141
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -287,14 +245,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
287
245
|
requirements:
|
|
288
246
|
- - ">="
|
|
289
247
|
- !ruby/object:Gem::Version
|
|
290
|
-
version:
|
|
248
|
+
version: 3.1.0
|
|
291
249
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
292
250
|
requirements:
|
|
293
251
|
- - ">="
|
|
294
252
|
- !ruby/object:Gem::Version
|
|
295
|
-
version:
|
|
253
|
+
version: 3.1.0
|
|
296
254
|
requirements: []
|
|
297
|
-
rubygems_version: 3.
|
|
255
|
+
rubygems_version: 3.3.7
|
|
298
256
|
signing_key:
|
|
299
257
|
specification_version: 4
|
|
300
258
|
summary: Go modules support for dependabot
|