dependabot-go_modules 0.239.0 → 0.240.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/go_modules/file_fetcher.rb +0 -10
  3. data/lib/dependabot/go_modules/file_updater/go_mod_updater.rb +2 -5
  4. data/lib/dependabot/go_modules/resolvability_errors.rb +3 -1
  5. data/lib/dependabot/go_modules/update_checker/latest_version_finder.rb +5 -12
  6. metadata +19 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 10eb41f98ea1a9ad7102bf60c006aa650e5c62a67e360a4c0e3319bd5a122e2b
4
- data.tar.gz: eb7260afc262b3ff8873df1ba601f20c98a4f732065c175b584b89d55b4f7bcd
3
+ metadata.gz: 529ab6a43cd91b307fc18e1e33f3de1d69c5ac312b975277d007c3b8cbc92c02
4
+ data.tar.gz: 036bd9736ad3510a1687838c1e1b2cb3ac997a0d255ff447cf81603f89148984
5
5
  SHA512:
6
- metadata.gz: 172d7f7de572fe7d54984c3184ff817ba21505020d0126a437eae851d3d9fccce38e6abfdc030b4efc820ecac0031cd161ff459d169bafa190158fb8926ea18d
7
- data.tar.gz: 7baaab1827185336b53b44b6f760ae5b59dfa9bdaddb6e99a7fab9e838846d3eab51dc705f1c3b8e487a0a941ffcdaed22333e4fa74b87651b5a7ea830e4d113
6
+ metadata.gz: b0172d9f2438553394fd84169561e6c0385d89c8c46d689cd6bdf8c9da8d56b865a2dbef84ee2e4f19e2f52170e0526329585e3292a33846ff1494a45a49554a
7
+ data.tar.gz: 9b2fc02ce1900450f28d73412c898424d0e3ab8219e683f0cda8095e7185ffd332967158a0bfb553c923452a093736c79b3db11b22aecbace032f1113e7302ae
data/lib/dependabot/go_modules/file_fetcher.rb CHANGED
@@ -20,8 +20,6 @@ module Dependabot
20
20
  end
21
21
 
22
22
  def ecosystem_versions
23
- return nil unless go_mod
24
-
25
23
  {
26
24
  package_managers: {
27
25
  "gomod" => go_mod.content.match(/^go\s(\d+\.\d+)/)&.captures&.first || "unknown"
@@ -37,14 +35,6 @@ module Dependabot
37
35
  directory,
38
36
  clone_repo_contents
39
37
  ) do
40
- unless go_mod
41
- raise(
42
- Dependabot::DependencyFileNotFound,
43
- Pathname.new(File.join(directory, "go.mod"))
44
- .cleanpath.to_path
45
- )
46
- end
47
-
48
38
  fetched_files = [go_mod]
49
39
  # Fetch the (optional) go.sum
50
40
  fetched_files << go_sum if go_sum
data/lib/dependabot/go_modules/file_updater/go_mod_updater.rb CHANGED
@@ -249,7 +249,7 @@ module Dependabot
249
249
  write_go_mod(body)
250
250
  end
251
251
 
252
- def handle_subprocess_error(stderr) # rubocop:disable Metrics/AbcSize
252
+ def handle_subprocess_error(stderr)
253
253
  stderr = stderr.gsub(Dir.getwd, "")
254
254
 
255
255
  # Package version doesn't match the module major version
@@ -264,10 +264,7 @@ module Dependabot
264
264
  end
265
265
 
266
266
  repo_error_regex = REPO_RESOLVABILITY_ERROR_REGEXES.find { |r| stderr =~ r }
267
- if repo_error_regex
268
- error_message = filter_error_message(message: stderr, regex: repo_error_regex)
269
- ResolvabilityErrors.handle(error_message, goprivate: @goprivate)
270
- end
267
+ ResolvabilityErrors.handle(stderr, goprivate: @goprivate) if repo_error_regex
271
268
 
272
269
  path_regex = MODULE_PATH_MISMATCH_REGEXES.find { |r| stderr =~ r }
273
270
  if path_regex
data/lib/dependabot/go_modules/resolvability_errors.rb CHANGED
@@ -8,7 +8,9 @@ module Dependabot
8
8
 
9
9
  def self.handle(message, goprivate:)
10
10
  mod_path = message.scan(GITHUB_REPO_REGEX).last
11
- raise Dependabot::DependencyFileNotResolvable, message unless mod_path
11
+ unless mod_path && message.include?("If this is a private repository")
12
+ raise Dependabot::DependencyFileNotResolvable, message
13
+ end
12
14
 
13
15
  # Module not found on github.com - query for _any_ version to know if it
14
16
  # doesn't exist (or is private) or we were just given a bad revision by this manifest
data/lib/dependabot/go_modules/update_checker/latest_version_finder.rb CHANGED
@@ -25,7 +25,10 @@ module Dependabot
25
25
  # (Private) module could not be fetched
26
26
  /module .*: git ls-remote .*: exit status 128/m
27
27
  ].freeze
28
- INVALID_VERSION_REGEX = /version "[^"]+" invalid/m
28
+ # The module was retracted from the proxy
29
+ # OR the version of Go required is greater than what Dependabot supports
30
+ # OR other go.mod version errors
31
+ INVALID_VERSION_REGEX = /(go: loading module retractions for)|(version "[^"]+" invalid)/m
29
32
  PSEUDO_VERSION_REGEX = /\b\d{14}-[0-9a-f]{12}$/
30
33
 
31
34
  def initialize(dependency:, dependency_files:, credentials:,
@@ -111,17 +114,7 @@ module Dependabot
111
114
  retry_count += 1
112
115
  retry if transitory_failure?(e) && retry_count < 2
113
116
 
114
- handle_subprocess_error(e)
115
- end
116
-
117
- def handle_subprocess_error(error)
118
- if RESOLVABILITY_ERROR_REGEXES.any? { |rgx| error.message =~ rgx }
119
- ResolvabilityErrors.handle(error.message, goprivate: @goprivate)
120
- elsif INVALID_VERSION_REGEX.match?(error.message)
121
- raise Dependabot::DependencyFileNotResolvable, error.message
122
- end
123
-
124
- raise
117
+ ResolvabilityErrors.handle(e.message, goprivate: @goprivate)
125
118
  end
126
119
 
127
120
  def transitory_failure?(error)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-go_modules
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.239.0
4
+ version: 0.240.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-12-28 00:00:00.000000000 Z
11
+ date: 2024-01-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.239.0
19
+ version: 0.240.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.239.0
26
+ version: 0.240.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -206,6 +206,20 @@ dependencies:
206
206
  - - "~>"
207
207
  - !ruby/object:Gem::Version
208
208
  version: '3.18'
209
+ - !ruby/object:Gem::Dependency
210
+ name: webrick
211
+ requirement: !ruby/object:Gem::Requirement
212
+ requirements:
213
+ - - ">="
214
+ - !ruby/object:Gem::Version
215
+ version: '1.7'
216
+ type: :development
217
+ prerelease: false
218
+ version_requirements: !ruby/object:Gem::Requirement
219
+ requirements:
220
+ - - ">="
221
+ - !ruby/object:Gem::Version
222
+ version: '1.7'
209
223
  description: Dependabot-Go_Modules provides support for bumping Go Modules versions
210
224
  via Dependabot. If you want support for multiple package managers, you probably
211
225
  want the meta-gem dependabot-omnibus.
@@ -239,7 +253,7 @@ licenses:
239
253
  - Nonstandard
240
254
  metadata:
241
255
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
242
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.239.0
256
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.240.0
243
257
  post_install_message:
244
258
  rdoc_options: []
245
259
  require_paths: