dependabot-go_modules 0.212.0 → 0.214.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9a4dc6858676aa3f1b955c586842f791cb99b2685f6c4c1254481bef52e4fcd3
4
- data.tar.gz: e1d58699f368c4d17982156b7a485cf5c7ce10c261abb1754f832dbbec9f0b0d
3
+ metadata.gz: 5825bfefc09a4e3ef05bf5286f52f1de9825c0d7ffd3e34b3281c67847b67bc4
4
+ data.tar.gz: 2eedaaa966c5b7d76e09ee6dc2747a2f3e02b169391de945f3ea8a78a0dbd73b
5
5
  SHA512:
6
- metadata.gz: c24e914689efc47b2bf3faffd11cef23f9b0f07804a79d90177aa7e5600b7dd8666316330d7e13e3d4efb489a2082d53837e9baeb4a4bdc3c148603fe2554d65
7
- data.tar.gz: b019db2774816b9f78d687494ad12ee3119aef1158e63acf31df12cce09f4baca7f58763d61d578216930d612576070dd23cef788424ed6c873e5f7f392360ad
6
+ metadata.gz: 5bf996465ae67751493da4cb2fd27c9db2a128551e41328be4cdd5ee654f373d8b2938d9449dada9c7e5eae9c2f203a6d6367cb9de66d4c4c9e7cc21bdecb5af
7
+ data.tar.gz: 48873014f7eaf642d5010e449fa04081eca67e0d7dc039f1687476dddf152a514cbd21c0ff1b73ad720eecd0d9bca3012104657f6708f86c52391cdb0793bf74
@@ -47,6 +47,10 @@ module Dependabot
47
47
  def go_sum
48
48
  @go_sum ||= fetch_file_if_present("go.sum")
49
49
  end
50
+
51
+ def recurse_submodules_when_cloning?
52
+ true
53
+ end
50
54
  end
51
55
  end
52
56
  end
@@ -12,7 +12,7 @@ require "dependabot/file_parsers/base"
12
12
  module Dependabot
13
13
  module GoModules
14
14
  class FileParser < Dependabot::FileParsers::Base
15
- GIT_VERSION_REGEX = /^v\d+\.\d+\.\d+-.*-(?<sha>[0-9a-f]{12})$/.freeze
15
+ GIT_VERSION_REGEX = /^v\d+\.\d+\.\d+-.*-(?<sha>[0-9a-f]{12})$/
16
16
 
17
17
  def parse
18
18
  dependency_set = Dependabot::FileParsers::Base::DependencySet.new
@@ -135,6 +135,9 @@ module Dependabot
135
135
  }
136
136
  rescue Dependabot::SharedHelpers::HelperSubprocessFailed => e
137
137
  if e.message == "Cannot detect VCS"
138
+ # if the dependency is locally replaced, this is not a fatal error
139
+ return { type: "default", source: dep["Path"] } if dependency_has_local_replacement(dep)
140
+
138
141
  msg = e.message + " for #{dep['Path']}. Attempted to detect VCS " \
139
142
  "because the version looks like a git revision: " \
140
143
  "#{dep['Version']}"
@@ -179,6 +182,18 @@ module Dependabot
179
182
  end
180
183
  false
181
184
  end
185
+
186
+ def dependency_has_local_replacement(details)
187
+ if manifest["Replace"]
188
+ has_local_replacement = manifest["Replace"].find do |replace|
189
+ replace["New"]["Path"].start_with?("./", "../") &&
190
+ replace["Old"]["Path"] == details["Path"]
191
+ end
192
+
193
+ return true if has_local_replacement
194
+ end
195
+ false
196
+ end
182
197
  end
183
198
  end
184
199
  end
@@ -13,7 +13,7 @@ module Dependabot
13
13
  class GoModUpdater
14
14
  RESOLVABILITY_ERROR_REGEXES = [
15
15
  # The checksum in go.sum does not match the downloaded content
16
- /verifying .*: checksum mismatch/.freeze,
16
+ /verifying .*: checksum mismatch/,
17
17
  /go(?: get)?: .*: go.mod has post-v\d+ module path/
18
18
  ].freeze
19
19
 
@@ -21,19 +21,19 @@ module Dependabot
21
21
  /fatal: The remote end hung up unexpectedly/,
22
22
  /repository '.+' not found/,
23
23
  # (Private) module could not be fetched
24
- /go(?: get)?: .*: git (fetch|ls-remote) .*: exit status 128/m.freeze,
24
+ /go(?: get)?: .*: git (fetch|ls-remote) .*: exit status 128/m,
25
25
  # (Private) module could not be found
26
- /cannot find module providing package/.freeze,
26
+ /cannot find module providing package/,
27
27
  # Package in module was likely renamed or removed
28
- /module .* found \(.*\), but does not contain package/m.freeze,
28
+ /module .* found \(.*\), but does not contain package/m,
29
29
  # Package pseudo-version does not match the version-control metadata
30
30
  # https://golang.google.cn/doc/go1.13#version-validation
31
- /go(?: get)?: .*: invalid pseudo-version/m.freeze,
31
+ /go(?: get)?: .*: invalid pseudo-version/m,
32
32
  # Package does not exist, has been pulled or cannot be reached due to
33
33
  # auth problems with either git or the go proxy
34
- /go(?: get)?: .*: unknown revision/m.freeze,
34
+ /go(?: get)?: .*: unknown revision/m,
35
35
  # Package pointing to a proxy that 404s
36
- /go(?: get)?: .*: unrecognized import path/m.freeze
36
+ /go(?: get)?: .*: unrecognized import path/m
37
37
  ].freeze
38
38
 
39
39
  MODULE_PATH_MISMATCH_REGEXES = [
@@ -43,11 +43,11 @@ module Dependabot
43
43
  ].freeze
44
44
 
45
45
  OUT_OF_DISK_REGEXES = [
46
- %r{input/output error}.freeze,
47
- /no space left on device/.freeze
46
+ %r{input/output error},
47
+ /no space left on device/
48
48
  ].freeze
49
49
 
50
- GO_MOD_VERSION = /^go 1\.[\d]+$/.freeze
50
+ GO_MOD_VERSION = /^go 1\.[\d]+$/
51
51
 
52
52
  def initialize(dependencies:, credentials:, repo_contents_path:,
53
53
  directory:, options:)
@@ -12,15 +12,15 @@ require "dependabot/go_modules/version"
12
12
  module Dependabot
13
13
  module GoModules
14
14
  class Requirement < Gem::Requirement
15
- WILDCARD_REGEX = /(?:\.|^)[xX*]/.freeze
16
- OR_SEPARATOR = /(?<=[a-zA-Z0-9*])\s*\|{2}/.freeze
15
+ WILDCARD_REGEX = /(?:\.|^)[xX*]/
16
+ OR_SEPARATOR = /(?<=[a-zA-Z0-9*])\s*\|{2}/
17
17
 
18
18
  # Override the version pattern to allow a 'v' prefix
19
19
  quoted = OPS.keys.map { |k| Regexp.quote(k) }.join("|")
20
20
  version_pattern = "v?#{Version::VERSION_PATTERN}"
21
21
 
22
22
  PATTERN_RAW = "\\s*(#{quoted})?\\s*(#{version_pattern})\\s*"
23
- PATTERN = /\A#{PATTERN_RAW}\z/.freeze
23
+ PATTERN = /\A#{PATTERN_RAW}\z/
24
24
 
25
25
  # Use GoModules::Version rather than Gem::Version to ensure that
26
26
  # pre-release versions aren't transformed.
@@ -3,7 +3,7 @@
3
3
  module Dependabot
4
4
  module GoModules
5
5
  module ResolvabilityErrors
6
- GITHUB_REPO_REGEX = %r{github.com/[^:@]*}.freeze
6
+ GITHUB_REPO_REGEX = %r{github.com/[^:@]*}
7
7
 
8
8
  def self.handle(message, credentials:, goprivate:)
9
9
  mod_path = message.scan(GITHUB_REPO_REGEX).last
@@ -22,10 +22,10 @@ module Dependabot
22
22
  /unrecognized import path/,
23
23
  /malformed module path/,
24
24
  # (Private) module could not be fetched
25
- /module .*: git ls-remote .*: exit status 128/m.freeze
25
+ /module .*: git ls-remote .*: exit status 128/m
26
26
  ].freeze
27
- INVALID_VERSION_REGEX = /version "[^"]+" invalid/m.freeze
28
- PSEUDO_VERSION_REGEX = /\b\d{14}-[0-9a-f]{12}$/.freeze
27
+ INVALID_VERSION_REGEX = /version "[^"]+" invalid/m
28
+ PSEUDO_VERSION_REGEX = /\b\d{14}-[0-9a-f]{12}$/
29
29
 
30
30
  def initialize(dependency:, dependency_files:, credentials:,
31
31
  ignored_versions:, security_advisories:, raise_on_ignored: false,
@@ -143,10 +143,10 @@ module Dependabot
143
143
  end
144
144
 
145
145
  def filter_lower_versions(versions_array)
146
- return versions_array unless dependency.version && version_class.correct?(dependency.version)
146
+ return versions_array unless dependency.numeric_version
147
147
 
148
148
  versions_array.
149
- select { |version| version > version_class.new(dependency.version) }
149
+ select { |version| version > dependency.numeric_version }
150
150
  end
151
151
 
152
152
  def filter_ignored_versions(versions_array)
@@ -162,9 +162,8 @@ module Dependabot
162
162
  def wants_prerelease?
163
163
  @wants_prerelease ||=
164
164
  begin
165
- current_version = dependency.version
166
- current_version && version_class.correct?(current_version) &&
167
- version_class.new(current_version).prerelease?
165
+ current_version = dependency.numeric_version
166
+ current_version&.prerelease?
168
167
  end
169
168
  end
170
169
 
@@ -21,7 +21,7 @@ module Dependabot
21
21
  unless dependency.top_level?
22
22
  return unless dependency.version
23
23
 
24
- return version_class.new(dependency.version)
24
+ return current_version
25
25
  end
26
26
 
27
27
  latest_version_finder.latest_version
@@ -40,7 +40,7 @@ module Dependabot
40
40
  unless dependency.top_level?
41
41
  return unless dependency.version
42
42
 
43
- return version_class.new(dependency.version)
43
+ return current_version
44
44
  end
45
45
 
46
46
  lowest_security_fix_version
@@ -13,7 +13,7 @@ module Dependabot
13
13
  VERSION_PATTERN = '[0-9]+[0-9a-zA-Z]*(?>\.[0-9a-zA-Z]+)*' \
14
14
  '(-[0-9A-Za-z-]+(\.[0-9a-zA-Z-]+)*)?' \
15
15
  '(\+incompatible)?'
16
- ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/.freeze
16
+ ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/
17
17
 
18
18
  def self.correct?(version)
19
19
  version = version.gsub(/^v/, "") if version.is_a?(String)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-go_modules
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.212.0
4
+ version: 0.214.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-09-06 00:00:00.000000000 Z
11
+ date: 2022-12-01 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,42 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.212.0
19
+ version: 0.214.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.212.0
27
- - !ruby/object:Gem::Dependency
28
- name: debase
29
- requirement: !ruby/object:Gem::Requirement
30
- requirements:
31
- - - '='
32
- - !ruby/object:Gem::Version
33
- version: 0.2.3
34
- type: :development
35
- prerelease: false
36
- version_requirements: !ruby/object:Gem::Requirement
37
- requirements:
38
- - - '='
39
- - !ruby/object:Gem::Version
40
- version: 0.2.3
41
- - !ruby/object:Gem::Dependency
42
- name: debase-ruby_core_source
43
- requirement: !ruby/object:Gem::Requirement
44
- requirements:
45
- - - '='
46
- - !ruby/object:Gem::Version
47
- version: 0.10.16
48
- type: :development
49
- prerelease: false
50
- version_requirements: !ruby/object:Gem::Requirement
51
- requirements:
52
- - - '='
53
- - !ruby/object:Gem::Version
54
- version: 0.10.16
26
+ version: 0.214.0
55
27
  - !ruby/object:Gem::Dependency
56
28
  name: debug
57
29
  requirement: !ruby/object:Gem::Requirement
@@ -86,14 +58,14 @@ dependencies:
86
58
  requirements:
87
59
  - - "~>"
88
60
  - !ruby/object:Gem::Version
89
- version: 3.12.0
61
+ version: 4.0.0
90
62
  type: :development
91
63
  prerelease: false
92
64
  version_requirements: !ruby/object:Gem::Requirement
93
65
  requirements:
94
66
  - - "~>"
95
67
  - !ruby/object:Gem::Version
96
- version: 3.12.0
68
+ version: 4.0.0
97
69
  - !ruby/object:Gem::Dependency
98
70
  name: rake
99
71
  requirement: !ruby/object:Gem::Requirement
@@ -142,42 +114,28 @@ dependencies:
142
114
  requirements:
143
115
  - - "~>"
144
116
  - !ruby/object:Gem::Version
145
- version: 1.36.0
117
+ version: 1.39.0
146
118
  type: :development
147
119
  prerelease: false
148
120
  version_requirements: !ruby/object:Gem::Requirement
149
121
  requirements:
150
122
  - - "~>"
151
123
  - !ruby/object:Gem::Version
152
- version: 1.36.0
124
+ version: 1.39.0
153
125
  - !ruby/object:Gem::Dependency
154
126
  name: rubocop-performance
155
127
  requirement: !ruby/object:Gem::Requirement
156
128
  requirements:
157
129
  - - "~>"
158
130
  - !ruby/object:Gem::Version
159
- version: 1.14.2
160
- type: :development
161
- prerelease: false
162
- version_requirements: !ruby/object:Gem::Requirement
163
- requirements:
164
- - - "~>"
165
- - !ruby/object:Gem::Version
166
- version: 1.14.2
167
- - !ruby/object:Gem::Dependency
168
- name: ruby-debug-ide
169
- requirement: !ruby/object:Gem::Requirement
170
- requirements:
171
- - - "~>"
172
- - !ruby/object:Gem::Version
173
- version: 0.7.3
131
+ version: 1.15.0
174
132
  type: :development
175
133
  prerelease: false
176
134
  version_requirements: !ruby/object:Gem::Requirement
177
135
  requirements:
178
136
  - - "~>"
179
137
  - !ruby/object:Gem::Version
180
- version: 0.7.3
138
+ version: 1.15.0
181
139
  - !ruby/object:Gem::Dependency
182
140
  name: simplecov
183
141
  requirement: !ruby/object:Gem::Requirement
@@ -287,14 +245,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
287
245
  requirements:
288
246
  - - ">="
289
247
  - !ruby/object:Gem::Version
290
- version: 2.7.0
248
+ version: 3.1.0
291
249
  required_rubygems_version: !ruby/object:Gem::Requirement
292
250
  requirements:
293
251
  - - ">="
294
252
  - !ruby/object:Gem::Version
295
- version: 2.7.0
253
+ version: 3.1.0
296
254
  requirements: []
297
- rubygems_version: 3.1.6
255
+ rubygems_version: 3.3.7
298
256
  signing_key:
299
257
  specification_version: 4
300
258
  summary: Go modules support for dependabot