dependabot-go_modules 0.239.0 → 0.241.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/go_modules/file_fetcher.rb +0 -10
  3. data/lib/dependabot/go_modules/file_updater/go_mod_updater.rb +2 -5
  4. data/lib/dependabot/go_modules/resolvability_errors.rb +3 -1
  5. data/lib/dependabot/go_modules/update_checker/latest_version_finder.rb +5 -12
  6. metadata +19 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 10eb41f98ea1a9ad7102bf60c006aa650e5c62a67e360a4c0e3319bd5a122e2b
4
- data.tar.gz: eb7260afc262b3ff8873df1ba601f20c98a4f732065c175b584b89d55b4f7bcd
3
+ metadata.gz: 859d1dc61b8e61d2c94699a3ab3f5a2751ced227471b2ca133b96d273993c48b
4
+ data.tar.gz: caf9dfc722a2cac83a63b6eb2413e7a5f6c6346fee1ac4a4cc16aa6cc1735d7d
5
5
  SHA512:
6
- metadata.gz: 172d7f7de572fe7d54984c3184ff817ba21505020d0126a437eae851d3d9fccce38e6abfdc030b4efc820ecac0031cd161ff459d169bafa190158fb8926ea18d
7
- data.tar.gz: 7baaab1827185336b53b44b6f760ae5b59dfa9bdaddb6e99a7fab9e838846d3eab51dc705f1c3b8e487a0a941ffcdaed22333e4fa74b87651b5a7ea830e4d113
6
+ metadata.gz: 1b3c0a8ec3a59419a82afddd973115675f97ac29d7392698f7aa0e310df8adc97ef1f2749d147d18068ab04b1cfb3f79c850ec7c4964f789fa02b1cb0d05fd36
7
+ data.tar.gz: ccd5e8fdc6e115b41853db74677e903b9c614aa3055979890fffffe44a01d26f3456196bace8e9e6e00e78cdad89f4246c0ed05d9d115c3e00d0af8d4f4fb3bd
data/lib/dependabot/go_modules/file_fetcher.rb CHANGED
@@ -20,8 +20,6 @@ module Dependabot
20
20
  end
21
21
 
22
22
  def ecosystem_versions
23
- return nil unless go_mod
24
-
25
23
  {
26
24
  package_managers: {
27
25
  "gomod" => go_mod.content.match(/^go\s(\d+\.\d+)/)&.captures&.first || "unknown"
@@ -37,14 +35,6 @@ module Dependabot
37
35
  directory,
38
36
  clone_repo_contents
39
37
  ) do
40
- unless go_mod
41
- raise(
42
- Dependabot::DependencyFileNotFound,
43
- Pathname.new(File.join(directory, "go.mod"))
44
- .cleanpath.to_path
45
- )
46
- end
47
-
48
38
  fetched_files = [go_mod]
49
39
  # Fetch the (optional) go.sum
50
40
  fetched_files << go_sum if go_sum
data/lib/dependabot/go_modules/file_updater/go_mod_updater.rb CHANGED
@@ -249,7 +249,7 @@ module Dependabot
249
249
  write_go_mod(body)
250
250
  end
251
251
 
252
- def handle_subprocess_error(stderr) # rubocop:disable Metrics/AbcSize
252
+ def handle_subprocess_error(stderr)
253
253
  stderr = stderr.gsub(Dir.getwd, "")
254
254
 
255
255
  # Package version doesn't match the module major version
@@ -264,10 +264,7 @@ module Dependabot
264
264
  end
265
265
 
266
266
  repo_error_regex = REPO_RESOLVABILITY_ERROR_REGEXES.find { |r| stderr =~ r }
267
- if repo_error_regex
268
- error_message = filter_error_message(message: stderr, regex: repo_error_regex)
269
- ResolvabilityErrors.handle(error_message, goprivate: @goprivate)
270
- end
267
+ ResolvabilityErrors.handle(stderr, goprivate: @goprivate) if repo_error_regex
271
268
 
272
269
  path_regex = MODULE_PATH_MISMATCH_REGEXES.find { |r| stderr =~ r }
273
270
  if path_regex
data/lib/dependabot/go_modules/resolvability_errors.rb CHANGED
@@ -8,7 +8,9 @@ module Dependabot
8
8
 
9
9
  def self.handle(message, goprivate:)
10
10
  mod_path = message.scan(GITHUB_REPO_REGEX).last
11
- raise Dependabot::DependencyFileNotResolvable, message unless mod_path
11
+ unless mod_path && message.include?("If this is a private repository")
12
+ raise Dependabot::DependencyFileNotResolvable, message
13
+ end
12
14
 
13
15
  # Module not found on github.com - query for _any_ version to know if it
14
16
  # doesn't exist (or is private) or we were just given a bad revision by this manifest
data/lib/dependabot/go_modules/update_checker/latest_version_finder.rb CHANGED
@@ -25,7 +25,10 @@ module Dependabot
25
25
  # (Private) module could not be fetched
26
26
  /module .*: git ls-remote .*: exit status 128/m
27
27
  ].freeze
28
- INVALID_VERSION_REGEX = /version "[^"]+" invalid/m
28
+ # The module was retracted from the proxy
29
+ # OR the version of Go required is greater than what Dependabot supports
30
+ # OR other go.mod version errors
31
+ INVALID_VERSION_REGEX = /(go: loading module retractions for)|(version "[^"]+" invalid)/m
29
32
  PSEUDO_VERSION_REGEX = /\b\d{14}-[0-9a-f]{12}$/
30
33
 
31
34
  def initialize(dependency:, dependency_files:, credentials:,
@@ -111,17 +114,7 @@ module Dependabot
111
114
  retry_count += 1
112
115
  retry if transitory_failure?(e) && retry_count < 2
113
116
 
114
- handle_subprocess_error(e)
115
- end
116
-
117
- def handle_subprocess_error(error)
118
- if RESOLVABILITY_ERROR_REGEXES.any? { |rgx| error.message =~ rgx }
119
- ResolvabilityErrors.handle(error.message, goprivate: @goprivate)
120
- elsif INVALID_VERSION_REGEX.match?(error.message)
121
- raise Dependabot::DependencyFileNotResolvable, error.message
122
- end
123
-
124
- raise
117
+ ResolvabilityErrors.handle(e.message, goprivate: @goprivate)
125
118
  end
126
119
 
127
120
  def transitory_failure?(error)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-go_modules
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.239.0
4
+ version: 0.241.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-12-28 00:00:00.000000000 Z
11
+ date: 2024-01-18 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.239.0
19
+ version: 0.241.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.239.0
26
+ version: 0.241.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -206,6 +206,20 @@ dependencies:
206
206
  - - "~>"
207
207
  - !ruby/object:Gem::Version
208
208
  version: '3.18'
209
+ - !ruby/object:Gem::Dependency
210
+ name: webrick
211
+ requirement: !ruby/object:Gem::Requirement
212
+ requirements:
213
+ - - ">="
214
+ - !ruby/object:Gem::Version
215
+ version: '1.7'
216
+ type: :development
217
+ prerelease: false
218
+ version_requirements: !ruby/object:Gem::Requirement
219
+ requirements:
220
+ - - ">="
221
+ - !ruby/object:Gem::Version
222
+ version: '1.7'
209
223
  description: Dependabot-Go_Modules provides support for bumping Go Modules versions
210
224
  via Dependabot. If you want support for multiple package managers, you probably
211
225
  want the meta-gem dependabot-omnibus.
@@ -239,7 +253,7 @@ licenses:
239
253
  - Nonstandard
240
254
  metadata:
241
255
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
242
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.239.0
256
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.241.0
243
257
  post_install_message:
244
258
  rdoc_options: []
245
259
  require_paths: