dependabot-go_modules 0.238.0 → 0.240.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/build +1 -1
  3. data/lib/dependabot/go_modules/file_fetcher.rb +0 -10
  4. data/lib/dependabot/go_modules/file_updater/go_mod_updater.rb +2 -6
  5. data/lib/dependabot/go_modules/file_updater.rb +1 -0
  6. data/lib/dependabot/go_modules/requirement.rb +7 -1
  7. data/lib/dependabot/go_modules/resolvability_errors.rb +3 -1
  8. data/lib/dependabot/go_modules/update_checker/latest_version_finder.rb +5 -12
  9. data/lib/dependabot/go_modules/update_checker.rb +0 -1
  10. metadata +21 -7
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: aafc8c6dc3de357f6dd46215df056d9ed63c9a06ae75d6d9348dbed9475acc4c
4
- data.tar.gz: 3acd7132da5d9bd135a2d98325bed9b9f9062726f2435d0aac4112f2152cae2b
3
+ metadata.gz: 529ab6a43cd91b307fc18e1e33f3de1d69c5ac312b975277d007c3b8cbc92c02
4
+ data.tar.gz: 036bd9736ad3510a1687838c1e1b2cb3ac997a0d255ff447cf81603f89148984
5
5
  SHA512:
6
- metadata.gz: 31c804033f042f08f0d46ad68a6608f9393c123d9b48f45da499df7cd746188c425fa424ccb78ac6147c8a96b8cf588f60cb5a62d2d15c11ed0f646ef70e1ea4
7
- data.tar.gz: 71974b91e0f8dacaf930a4e79ad727b8cacc6eb1c48c18715ce85c63a0101829ff3efcb4764e773b488d8ae08dba90aa9e296dd93a52669dde66e04f7c26188b
6
+ metadata.gz: b0172d9f2438553394fd84169561e6c0385d89c8c46d689cd6bdf8c9da8d56b865a2dbef84ee2e4f19e2f52170e0526329585e3292a33846ff1494a45a49554a
7
+ data.tar.gz: 9b2fc02ce1900450f28d73412c898424d0e3ab8219e683f0cda8095e7185ffd332967158a0bfb553c923452a093736c79b3db11b22aecbace032f1113e7302ae
data/helpers/build CHANGED
@@ -1,4 +1,4 @@
1
- #!/bin/bash
1
+ #!/usr/bin/env bash
2
2
 
3
3
  set -e
4
4
 
data/lib/dependabot/go_modules/file_fetcher.rb CHANGED
@@ -20,8 +20,6 @@ module Dependabot
20
20
  end
21
21
 
22
22
  def ecosystem_versions
23
- return nil unless go_mod
24
-
25
23
  {
26
24
  package_managers: {
27
25
  "gomod" => go_mod.content.match(/^go\s(\d+\.\d+)/)&.captures&.first || "unknown"
@@ -37,14 +35,6 @@ module Dependabot
37
35
  directory,
38
36
  clone_repo_contents
39
37
  ) do
40
- unless go_mod
41
- raise(
42
- Dependabot::DependencyFileNotFound,
43
- Pathname.new(File.join(directory, "go.mod"))
44
- .cleanpath.to_path
45
- )
46
- end
47
-
48
38
  fetched_files = [go_mod]
49
39
  # Fetch the (optional) go.sum
50
40
  fetched_files << go_sum if go_sum
data/lib/dependabot/go_modules/file_updater/go_mod_updater.rb CHANGED
@@ -5,7 +5,6 @@ require "dependabot/shared_helpers"
5
5
  require "dependabot/errors"
6
6
  require "dependabot/logger"
7
7
  require "dependabot/go_modules/file_updater"
8
- require "dependabot/go_modules/native_helpers"
9
8
  require "dependabot/go_modules/replace_stubber"
10
9
  require "dependabot/go_modules/resolvability_errors"
11
10
 
@@ -250,7 +249,7 @@ module Dependabot
250
249
  write_go_mod(body)
251
250
  end
252
251
 
253
- def handle_subprocess_error(stderr) # rubocop:disable Metrics/AbcSize
252
+ def handle_subprocess_error(stderr)
254
253
  stderr = stderr.gsub(Dir.getwd, "")
255
254
 
256
255
  # Package version doesn't match the module major version
@@ -265,10 +264,7 @@ module Dependabot
265
264
  end
266
265
 
267
266
  repo_error_regex = REPO_RESOLVABILITY_ERROR_REGEXES.find { |r| stderr =~ r }
268
- if repo_error_regex
269
- error_message = filter_error_message(message: stderr, regex: repo_error_regex)
270
- ResolvabilityErrors.handle(error_message, goprivate: @goprivate)
271
- end
267
+ ResolvabilityErrors.handle(stderr, goprivate: @goprivate) if repo_error_regex
272
268
 
273
269
  path_regex = MODULE_PATH_MISMATCH_REGEXES.find { |r| stderr =~ r }
274
270
  if path_regex
data/lib/dependabot/go_modules/file_updater.rb CHANGED
@@ -84,6 +84,7 @@ module Dependabot
84
84
  SharedHelpers.with_git_configured(credentials: []) do
85
85
  `git config --global user.email "no-reply@github.com"`
86
86
  `git config --global user.name "Dependabot"`
87
+ `git config --global init.defaultBranch "placeholder-default-branch"`
87
88
  `git init .`
88
89
  `git add .`
89
90
  `git commit -m'fake repo_contents_path'`
data/lib/dependabot/go_modules/requirement.rb CHANGED
@@ -7,12 +7,17 @@
7
7
  # - https://github.com/golang/dep/blob/master/docs/Gopkg.toml.md #
8
8
  ################################################################################
9
9
 
10
+ require "sorbet-runtime"
11
+
12
+ require "dependabot/requirement"
10
13
  require "dependabot/utils"
11
14
  require "dependabot/go_modules/version"
12
15
 
13
16
  module Dependabot
14
17
  module GoModules
15
- class Requirement < Gem::Requirement
18
+ class Requirement < Dependabot::Requirement
19
+ extend T::Sig
20
+
16
21
  WILDCARD_REGEX = /(?:\.|^)[xX*]/
17
22
  OR_SEPARATOR = /(?<=[a-zA-Z0-9*])\s*\|{2}/
18
23
 
@@ -40,6 +45,7 @@ module Dependabot
40
45
 
41
46
  # Returns an array of requirements. At least one requirement from the
42
47
  # returned array must be satisfied for a version to be valid.
48
+ sig { override.params(requirement_string: T.nilable(String)).returns(T::Array[Requirement]) }
43
49
  def self.requirements_array(requirement_string)
44
50
  return [new(nil)] if requirement_string.nil?
45
51
 
data/lib/dependabot/go_modules/resolvability_errors.rb CHANGED
@@ -8,7 +8,9 @@ module Dependabot
8
8
 
9
9
  def self.handle(message, goprivate:)
10
10
  mod_path = message.scan(GITHUB_REPO_REGEX).last
11
- raise Dependabot::DependencyFileNotResolvable, message unless mod_path
11
+ unless mod_path && message.include?("If this is a private repository")
12
+ raise Dependabot::DependencyFileNotResolvable, message
13
+ end
12
14
 
13
15
  # Module not found on github.com - query for _any_ version to know if it
14
16
  # doesn't exist (or is private) or we were just given a bad revision by this manifest
data/lib/dependabot/go_modules/update_checker/latest_version_finder.rb CHANGED
@@ -25,7 +25,10 @@ module Dependabot
25
25
  # (Private) module could not be fetched
26
26
  /module .*: git ls-remote .*: exit status 128/m
27
27
  ].freeze
28
- INVALID_VERSION_REGEX = /version "[^"]+" invalid/m
28
+ # The module was retracted from the proxy
29
+ # OR the version of Go required is greater than what Dependabot supports
30
+ # OR other go.mod version errors
31
+ INVALID_VERSION_REGEX = /(go: loading module retractions for)|(version "[^"]+" invalid)/m
29
32
  PSEUDO_VERSION_REGEX = /\b\d{14}-[0-9a-f]{12}$/
30
33
 
31
34
  def initialize(dependency:, dependency_files:, credentials:,
@@ -111,17 +114,7 @@ module Dependabot
111
114
  retry_count += 1
112
115
  retry if transitory_failure?(e) && retry_count < 2
113
116
 
114
- handle_subprocess_error(e)
115
- end
116
-
117
- def handle_subprocess_error(error)
118
- if RESOLVABILITY_ERROR_REGEXES.any? { |rgx| error.message =~ rgx }
119
- ResolvabilityErrors.handle(error.message, goprivate: @goprivate)
120
- elsif INVALID_VERSION_REGEX.match?(error.message)
121
- raise Dependabot::DependencyFileNotResolvable, error.message
122
- end
123
-
124
- raise
117
+ ResolvabilityErrors.handle(e.message, goprivate: @goprivate)
125
118
  end
126
119
 
127
120
  def transitory_failure?(error)
data/lib/dependabot/go_modules/update_checker.rb CHANGED
@@ -5,7 +5,6 @@ require "dependabot/update_checkers"
5
5
  require "dependabot/update_checkers/base"
6
6
  require "dependabot/shared_helpers"
7
7
  require "dependabot/errors"
8
- require "dependabot/go_modules/native_helpers"
9
8
  require "dependabot/go_modules/version"
10
9
 
11
10
  module Dependabot
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-go_modules
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.238.0
4
+ version: 0.240.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-12-07 00:00:00.000000000 Z
11
+ date: 2024-01-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.238.0
19
+ version: 0.240.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.238.0
26
+ version: 0.240.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -114,14 +114,14 @@ dependencies:
114
114
  requirements:
115
115
  - - "~>"
116
116
  - !ruby/object:Gem::Version
117
- version: 1.57.2
117
+ version: 1.58.0
118
118
  type: :development
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - "~>"
123
123
  - !ruby/object:Gem::Version
124
- version: 1.57.2
124
+ version: 1.58.0
125
125
  - !ruby/object:Gem::Dependency
126
126
  name: rubocop-performance
127
127
  requirement: !ruby/object:Gem::Requirement
@@ -206,6 +206,20 @@ dependencies:
206
206
  - - "~>"
207
207
  - !ruby/object:Gem::Version
208
208
  version: '3.18'
209
+ - !ruby/object:Gem::Dependency
210
+ name: webrick
211
+ requirement: !ruby/object:Gem::Requirement
212
+ requirements:
213
+ - - ">="
214
+ - !ruby/object:Gem::Version
215
+ version: '1.7'
216
+ type: :development
217
+ prerelease: false
218
+ version_requirements: !ruby/object:Gem::Requirement
219
+ requirements:
220
+ - - ">="
221
+ - !ruby/object:Gem::Version
222
+ version: '1.7'
209
223
  description: Dependabot-Go_Modules provides support for bumping Go Modules versions
210
224
  via Dependabot. If you want support for multiple package managers, you probably
211
225
  want the meta-gem dependabot-omnibus.
@@ -239,7 +253,7 @@ licenses:
239
253
  - Nonstandard
240
254
  metadata:
241
255
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
242
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.238.0
256
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.240.0
243
257
  post_install_message:
244
258
  rdoc_options: []
245
259
  require_paths: