dependabot-go_modules 0.247.0 → 0.249.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d36e0c5c346b44ce52f74be080cf7997e5d035d0b2bbe5ddb6fd0d7385663afd
4
- data.tar.gz: b6f09acb8cc803d1ccc895c67e99f8a9e440a6942c015db60e192917f8129de0
3
+ metadata.gz: 77f553b4e68fb575402246aa93d1e4a0af7ff93800c8e0fb87ef7911620fab86
4
+ data.tar.gz: 61a0572e24be4761a15df1862b690b1e55853af8f5b279402b3adf139c83d8b3
5
5
  SHA512:
6
- metadata.gz: a283d1c8db253f1e43e83778263ad3989cab65b91a9acfdd152fee674ea98d70a22558cdef913f7b2f737e7bd59c2e20df7c6254ce20ff9d5de603fc6f45fb4a
7
- data.tar.gz: 76605e017c9eb5db43a1a3ca73d5d83ae51f858058bfa5de59a06965387105057e858ef57d843efe1c339e100d0edf7e3e90d0b923dd799904a67ed36c7cf105
6
+ metadata.gz: 1f7f18f8f1634b1f79ac995a2f65bbbc851d2f910cb941879f9bd8a788b3dda1e28df82667b70c0aaf48033122342b0375e0b27713a3bc3c4e262b799e5db180
7
+ data.tar.gz: ccc34edf59769d78b49f224fcc9831042d9f13037fb5e445d1d04046c7a19dddb63bfe287eedd2aaa55f74058406bf16c09b9a0e93221e3f607fc17e662bb513
@@ -1,4 +1,4 @@
1
- # typed: true
1
+ # typed: strong
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "sorbet-runtime"
@@ -11,18 +11,21 @@ module Dependabot
11
11
  extend T::Sig
12
12
  extend T::Helpers
13
13
 
14
+ sig { override.params(filenames: T::Array[String]).returns(T::Boolean) }
14
15
  def self.required_files_in?(filenames)
15
16
  filenames.include?("go.mod")
16
17
  end
17
18
 
19
+ sig { override.returns(String) }
18
20
  def self.required_files_message
19
21
  "Repo must contain a go.mod."
20
22
  end
21
23
 
24
+ sig { override.returns(T::Hash[Symbol, T.untyped]) }
22
25
  def ecosystem_versions
23
26
  {
24
27
  package_managers: {
25
- "gomod" => go_mod.content.match(/^go\s(\d+\.\d+)/)&.captures&.first || "unknown"
28
+ "gomod" => go_mod&.content&.match(/^go\s(\d+\.\d+)/)&.captures&.first || "unknown"
26
29
  }
27
30
  }
28
31
  end
@@ -35,25 +38,23 @@ module Dependabot
35
38
  directory,
36
39
  clone_repo_contents
37
40
  ) do
38
- fetched_files = [go_mod]
41
+ fetched_files = go_mod ? [go_mod] : []
39
42
  # Fetch the (optional) go.sum
40
- fetched_files << go_sum if go_sum
43
+ fetched_files << T.must(go_sum) if go_sum
41
44
  fetched_files
42
45
  end
43
46
  end
44
47
 
45
48
  private
46
49
 
50
+ sig { returns(T.nilable(Dependabot::DependencyFile)) }
47
51
  def go_mod
48
- return @go_mod if defined?(@go_mod)
49
-
50
- @go_mod = fetch_file_if_present("go.mod")
52
+ @go_mod ||= T.let(fetch_file_if_present("go.mod"), T.nilable(Dependabot::DependencyFile))
51
53
  end
52
54
 
55
+ sig { returns(T.nilable(Dependabot::DependencyFile)) }
53
56
  def go_sum
54
- return @go_sum if defined?(@go_sum)
55
-
56
- @go_sum = fetch_file_if_present("go.sum")
57
+ @go_sum ||= T.let(fetch_file_if_present("go.sum"), T.nilable(Dependabot::DependencyFile))
57
58
  end
58
59
  end
59
60
  end
@@ -1,6 +1,8 @@
1
- # typed: false
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "sorbet-runtime"
5
+
4
6
  require "open3"
5
7
  require "dependabot/dependency"
6
8
  require "dependabot/file_parsers/base/dependency_set"
@@ -14,6 +16,9 @@ require "dependabot/go_modules/version"
14
16
  module Dependabot
15
17
  module GoModules
16
18
  class FileParser < Dependabot::FileParsers::Base
19
+ extend T::Sig
20
+
21
+ sig { override.returns(T::Array[Dependabot::Dependency]) }
17
22
  def parse
18
23
  set_gotoolchain_env
19
24
 
@@ -29,8 +34,9 @@ module Dependabot
29
34
  private
30
35
 
31
36
  # set GOTOOLCHAIN=local if go version >= 1.21
37
+ sig { void }
32
38
  def set_gotoolchain_env
33
- go_directive = go_mod.content.match(/^go\s(\d+\.\d+)/)&.captures&.first
39
+ go_directive = go_mod&.content&.match(/^go\s(\d+\.\d+)/)&.captures&.first
34
40
  return ENV["GOTOOLCHAIN"] = ENV.fetch("GO_LEGACY") unless go_directive
35
41
 
36
42
  go_version = Dependabot::GoModules::Version.new(go_directive)
@@ -41,21 +47,24 @@ module Dependabot
41
47
  end
42
48
  end
43
49
 
50
+ sig { returns(T.nilable(Dependabot::DependencyFile)) }
44
51
  def go_mod
45
- @go_mod ||= get_original_file("go.mod")
52
+ @go_mod ||= T.let(get_original_file("go.mod"), T.nilable(Dependabot::DependencyFile))
46
53
  end
47
54
 
55
+ sig { override.void }
48
56
  def check_required_files
49
57
  raise "No go.mod!" unless go_mod
50
58
  end
51
59
 
60
+ sig { params(details: T::Hash[String, T.untyped]).returns(Dependabot::Dependency) }
52
61
  def dependency_from_details(details)
53
62
  source = { type: "default", source: details["Path"] }
54
63
  version = details["Version"]&.sub(/^v?/, "")
55
64
 
56
65
  reqs = [{
57
66
  requirement: details["Version"],
58
- file: go_mod.name,
67
+ file: go_mod&.name,
59
68
  source: source,
60
69
  groups: []
61
70
  }]
@@ -68,9 +77,10 @@ module Dependabot
68
77
  )
69
78
  end
70
79
 
80
+ sig { returns(T::Array[T::Hash[String, T.untyped]]) }
71
81
  def required_packages
72
82
  @required_packages ||=
73
- SharedHelpers.in_a_temporary_directory do |path|
83
+ T.let(SharedHelpers.in_a_temporary_directory do |path|
74
84
  # Create a fake empty module for each local module so that
75
85
  # `go mod edit` works, even if some modules have been `replace`d with
76
86
  # a local module that we don't have access to.
@@ -86,55 +96,62 @@ module Dependabot
86
96
  stdout, stderr, status = Open3.capture3(command)
87
97
  handle_parser_error(path, stderr) unless status.success?
88
98
  JSON.parse(stdout)["Require"] || []
89
- end
99
+ end, T.nilable(T::Array[T::Hash[String, T.untyped]]))
90
100
  end
91
101
 
102
+ sig { returns(T::Hash[String, String]) }
92
103
  def local_replacements
93
104
  @local_replacements ||=
94
105
  # Find all the local replacements, and return them with a stub path
95
106
  # we can use in their place. Using generated paths is safer as it
96
107
  # means we don't need to worry about references to parent
97
108
  # directories, etc.
98
- ReplaceStubber.new(repo_contents_path).stub_paths(manifest, go_mod.directory)
109
+ T.let(ReplaceStubber.new(repo_contents_path).stub_paths(manifest, go_mod&.directory),
110
+ T.nilable(T::Hash[String, String]))
99
111
  end
100
112
 
113
+ sig { returns(T::Hash[String, T.untyped]) }
101
114
  def manifest
102
115
  @manifest ||=
103
- SharedHelpers.in_a_temporary_directory do |path|
104
- File.write("go.mod", go_mod.content)
116
+ T.let(SharedHelpers.in_a_temporary_directory do |path|
117
+ File.write("go.mod", go_mod&.content)
105
118
 
106
- # Parse the go.mod to get a JSON representation of the replace
107
- # directives
108
- command = "go mod edit -json"
119
+ # Parse the go.mod to get a JSON representation of the replace
120
+ # directives
121
+ command = "go mod edit -json"
109
122
 
110
- stdout, stderr, status = Open3.capture3(command)
111
- handle_parser_error(path, stderr) unless status.success?
123
+ stdout, stderr, status = Open3.capture3(command)
124
+ handle_parser_error(path, stderr) unless status.success?
112
125
 
113
- JSON.parse(stdout)
114
- end
126
+ JSON.parse(stdout)
127
+ end, T.nilable(T::Hash[String, T.untyped]))
115
128
  end
116
129
 
130
+ sig { returns(T.nilable(String)) }
117
131
  def go_mod_content
118
- local_replacements.reduce(go_mod.content) do |body, (path, stub_path)|
119
- body.sub(path, stub_path)
132
+ local_replacements.reduce(go_mod&.content) do |body, (path, stub_path)|
133
+ body&.sub(path, stub_path)
120
134
  end
121
135
  end
122
136
 
137
+ sig { params(path: T.any(Pathname, String), stderr: String).returns(T.noreturn) }
123
138
  def handle_parser_error(path, stderr)
124
139
  msg = stderr.gsub(path.to_s, "").strip
125
- raise Dependabot::DependencyFileNotParseable.new(go_mod.path, msg)
140
+ raise Dependabot::DependencyFileNotParseable.new(T.must(go_mod).path, msg)
126
141
  end
127
142
 
143
+ sig { params(dep: T::Hash[String, T.untyped]).returns(T::Boolean) }
128
144
  def skip_dependency?(dep)
129
145
  # Updating replaced dependencies is not supported
130
146
  return true if dependency_is_replaced(dep)
131
147
 
132
148
  path_uri = URI.parse("https://#{dep['Path']}")
133
- !path_uri.host.include?(".")
149
+ !path_uri.host&.include?(".")
134
150
  rescue URI::InvalidURIError
135
151
  false
136
152
  end
137
153
 
154
+ sig { params(details: T::Hash[String, T.untyped]).returns(T::Boolean) }
138
155
  def dependency_is_replaced(details)
139
156
  # Mark dependency as replaced if the requested dependency has a
140
157
  # "replace" directive and that either has the same version, or no
@@ -1,6 +1,8 @@
1
- # typed: false
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "sorbet-runtime"
5
+
4
6
  require "dependabot/shared_helpers"
5
7
  require "dependabot/errors"
6
8
  require "dependabot/logger"
@@ -12,7 +14,9 @@ module Dependabot
12
14
  module GoModules
13
15
  class FileUpdater
14
16
  class GoModUpdater
15
- RESOLVABILITY_ERROR_REGEXES = [
17
+ extend T::Sig
18
+
19
+ RESOLVABILITY_ERROR_REGEXES = T.let([
16
20
  # The checksum in go.sum does not match the downloaded content
17
21
  /verifying .*: checksum mismatch/,
18
22
  /go(?: get)?: .*: go.mod has post-v\d+ module path/,
@@ -28,9 +32,9 @@ module Dependabot
28
32
  /can't find reason for requirement on/,
29
33
  # import path doesn't exist
30
34
  /package \S+ is not in GOROOT/
31
- ].freeze
35
+ ].freeze, T::Array[Regexp])
32
36
 
33
- REPO_RESOLVABILITY_ERROR_REGEXES = [
37
+ REPO_RESOLVABILITY_ERROR_REGEXES = T.let([
34
38
  /fatal: The remote end hung up unexpectedly/,
35
39
  /repository '.+' not found/,
36
40
  %r{net/http: TLS handshake timeout},
@@ -48,22 +52,32 @@ module Dependabot
48
52
  /go(?: get)?: .*: unknown revision/m,
49
53
  # Package pointing to a proxy that 404s
50
54
  /go(?: get)?: .*: unrecognized import path/m
51
- ].freeze
55
+ ].freeze, T::Array[Regexp])
52
56
 
53
- MODULE_PATH_MISMATCH_REGEXES = [
57
+ MODULE_PATH_MISMATCH_REGEXES = T.let([
54
58
  /go(?: get)?: ([^@\s]+)(?:@[^\s]+)?: .* has non-.* module path "(.*)" at/,
55
59
  /go(?: get)?: ([^@\s]+)(?:@[^\s]+)?: .* unexpected module path "(.*)"/,
56
60
  /go(?: get)?: ([^@\s]+)(?:@[^\s]+)?:? .* declares its path as: ([\S]*)/m
57
- ].freeze
61
+ ].freeze, T::Array[Regexp])
58
62
 
59
- OUT_OF_DISK_REGEXES = [
63
+ OUT_OF_DISK_REGEXES = T.let([
60
64
  %r{input/output error},
61
65
  /no space left on device/,
62
66
  /Out of diskspace/
63
- ].freeze
67
+ ].freeze, T::Array[Regexp])
64
68
 
65
69
  GO_MOD_VERSION = /^go 1\.\d+(\.\d+)?$/
66
70
 
71
+ sig do
72
+ params(
73
+ dependencies: T::Array[Dependabot::Dependency],
74
+ dependency_files: T::Array[Dependabot::DependencyFile],
75
+ credentials: T::Array[Dependabot::Credential],
76
+ repo_contents_path: T.nilable(String),
77
+ directory: String,
78
+ options: T::Hash[Symbol, T.untyped]
79
+ ).void
80
+ end
67
81
  def initialize(dependencies:, dependency_files:, credentials:, repo_contents_path:,
68
82
  directory:, options:)
69
83
  @dependencies = dependencies
@@ -71,28 +85,44 @@ module Dependabot
71
85
  @credentials = credentials
72
86
  @repo_contents_path = repo_contents_path
73
87
  @directory = directory
74
- @tidy = options.fetch(:tidy, false)
75
- @vendor = options.fetch(:vendor, false)
76
- @goprivate = options.fetch(:goprivate)
88
+ @tidy = T.let(options.fetch(:tidy, false), T::Boolean)
89
+ @vendor = T.let(options.fetch(:vendor, false), T::Boolean)
90
+ @goprivate = T.let(options.fetch(:goprivate), T.nilable(String))
77
91
  end
78
92
 
93
+ sig { returns(T.nilable(String)) }
79
94
  def updated_go_mod_content
80
95
  updated_files[:go_mod]
81
96
  end
82
97
 
98
+ sig { returns(T.nilable(String)) }
83
99
  def updated_go_sum_content
84
100
  updated_files[:go_sum]
85
101
  end
86
102
 
87
103
  private
88
104
 
89
- attr_reader :dependencies, :dependency_files, :credentials, :repo_contents_path,
90
- :directory
105
+ sig { returns(T::Array[Dependabot::Dependency]) }
106
+ attr_reader :dependencies
107
+
108
+ sig { returns(T::Array[Dependabot::DependencyFile]) }
109
+ attr_reader :dependency_files
91
110
 
111
+ sig { returns(T::Array[Dependabot::Credential]) }
112
+ attr_reader :credentials
113
+
114
+ sig { returns(T.nilable(String)) }
115
+ attr_reader :repo_contents_path
116
+
117
+ sig { returns(String) }
118
+ attr_reader :directory
119
+
120
+ sig { returns(T::Hash[Symbol, String]) }
92
121
  def updated_files
93
- @updated_files ||= update_files
122
+ @updated_files ||= T.let(update_files, T.nilable(T::Hash[Symbol, String]))
94
123
  end
95
124
 
125
+ sig { returns(T::Hash[Symbol, String]) }
96
126
  def update_files # rubocop:disable Metrics/AbcSize, Metrics/PerceivedComplexity
97
127
  in_repo_path do
98
128
  # During grouped updates, the dependency_files are from a previous dependency
@@ -140,7 +170,7 @@ module Dependabot
140
170
  original_go_version = original_go_mod.match(GO_MOD_VERSION)&.to_a&.first
141
171
  updated_go_version = updated_go_mod.match(GO_MOD_VERSION)&.to_a&.first
142
172
  if original_go_version != updated_go_version
143
- go_mod_lines = updated_go_mod.lines
173
+ go_mod_lines = T.let(updated_go_mod.lines, T::Array[T.nilable(String)])
144
174
  go_mod_lines.each_with_index do |line, i|
145
175
  next unless line&.match?(GO_MOD_VERSION)
146
176
 
@@ -157,6 +187,7 @@ module Dependabot
157
187
  end
158
188
  end
159
189
 
190
+ sig { void }
160
191
  def run_go_mod_tidy
161
192
  return unless tidy?
162
193
 
@@ -170,6 +201,7 @@ module Dependabot
170
201
  Dependabot.logger.info "Failed to `go mod tidy`: #{stderr}" unless status.success?
171
202
  end
172
203
 
204
+ sig { void }
173
205
  def run_go_vendor
174
206
  return unless vendor?
175
207
 
@@ -178,6 +210,7 @@ module Dependabot
178
210
  handle_subprocess_error(stderr) unless status.success?
179
211
  end
180
212
 
213
+ sig { params(dependencies: T.untyped).void }
181
214
  def run_go_get(dependencies = [])
182
215
  # `go get` will fail if there are no go files in the directory.
183
216
  # For example, if a `//go:build` tag excludes all files when run
@@ -200,9 +233,10 @@ module Dependabot
200
233
  _, stderr, status = Open3.capture3(environment, command)
201
234
  handle_subprocess_error(stderr) unless status.success?
202
235
  ensure
203
- FileUtils.rm_f(tmp_go_file)
236
+ FileUtils.rm_f(T.must(tmp_go_file))
204
237
  end
205
238
 
239
+ sig { returns(T::Hash[String, T.untyped]) }
206
240
  def parse_manifest
207
241
  command = "go mod edit -json"
208
242
  stdout, stderr, status = Open3.capture3(environment, command)
@@ -211,12 +245,18 @@ module Dependabot
211
245
  JSON.parse(stdout) || {}
212
246
  end
213
247
 
248
+ sig do
249
+ type_parameters(:T)
250
+ .params(block: T.proc.returns(T.type_parameter(:T)))
251
+ .returns(T.type_parameter(:T))
252
+ end
214
253
  def in_repo_path(&block)
215
254
  SharedHelpers.in_a_temporary_repo_directory(directory, repo_contents_path) do
216
255
  SharedHelpers.with_git_configured(credentials: credentials, &block)
217
256
  end
218
257
  end
219
258
 
259
+ sig { params(stub_paths: T::Array[String]).void }
220
260
  def build_module_stubs(stub_paths)
221
261
  # Create a fake empty module for each local module so that
222
262
  # `go get` works, even if some modules have been `replace`d
@@ -236,12 +276,14 @@ module Dependabot
236
276
  # the layout of the filesystem with a structure we can reproduce (i.e.
237
277
  # no paths such as ../../../foo), run the Go tooling, then reverse the
238
278
  # process afterwards.
279
+ sig { params(manifest: T::Hash[String, T.untyped]).returns(T::Hash[String, String]) }
239
280
  def replace_directive_substitutions(manifest)
240
281
  @replace_directive_substitutions ||=
241
- Dependabot::GoModules::ReplaceStubber.new(repo_contents_path)
242
- .stub_paths(manifest, directory)
282
+ T.let(Dependabot::GoModules::ReplaceStubber.new(repo_contents_path)
283
+ .stub_paths(manifest, directory), T.nilable(T::Hash[String, String]))
243
284
  end
244
285
 
286
+ sig { params(substitutions: T::Hash[String, String]).void }
245
287
  def substitute_all(substitutions)
246
288
  body = substitutions.reduce(File.read("go.mod")) do |text, (a, b)|
247
289
  text.sub(a, b)
@@ -250,7 +292,8 @@ module Dependabot
250
292
  write_go_mod(body)
251
293
  end
252
294
 
253
- def handle_subprocess_error(stderr)
295
+ sig { params(stderr: String).returns(T.noreturn) }
296
+ def handle_subprocess_error(stderr) # rubocop:disable Metrics/AbcSize
254
297
  stderr = stderr.gsub(Dir.getwd, "")
255
298
 
256
299
  # Package version doesn't match the module major version
@@ -269,9 +312,9 @@ module Dependabot
269
312
 
270
313
  path_regex = MODULE_PATH_MISMATCH_REGEXES.find { |r| stderr =~ r }
271
314
  if path_regex
272
- match = path_regex.match(stderr)
315
+ match = T.must(path_regex.match(stderr))
273
316
  raise Dependabot::GoModulePathMismatch
274
- .new(go_mod_path, match[1], match[2])
317
+ .new(go_mod_path, T.must(match[1]), T.must(match[2]))
275
318
  end
276
319
 
277
320
  out_of_disk_regex = OUT_OF_DISK_REGEXES.find { |r| stderr =~ r }
@@ -285,6 +328,7 @@ module Dependabot
285
328
  raise Dependabot::DependabotError, msg
286
329
  end
287
330
 
331
+ sig { params(message: String, regex: Regexp).returns(String) }
288
332
  def filter_error_message(message:, regex:)
289
333
  lines = message.lines.select { |l| regex =~ l }
290
334
  return lines.join if lines.any?
@@ -293,24 +337,29 @@ module Dependabot
293
337
  message.match(regex).to_s
294
338
  end
295
339
 
340
+ sig { returns(String) }
296
341
  def go_mod_path
297
342
  return "go.mod" if directory == "/"
298
343
 
299
344
  File.join(directory, "go.mod")
300
345
  end
301
346
 
347
+ sig { params(body: Object).void }
302
348
  def write_go_mod(body)
303
349
  File.write("go.mod", body)
304
350
  end
305
351
 
352
+ sig { returns(T::Boolean) }
306
353
  def tidy?
307
354
  !!@tidy
308
355
  end
309
356
 
357
+ sig { returns(T::Boolean) }
310
358
  def vendor?
311
359
  !!@vendor
312
360
  end
313
361
 
362
+ sig { returns(T::Hash[String, T.untyped]) }
314
363
  def environment
315
364
  { "GOPRIVATE" => @goprivate }
316
365
  end
@@ -1,6 +1,8 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "sorbet-runtime"
5
+
4
6
  module Dependabot
5
7
  module GoModules
6
8
  # Given a go.mod file, find all `replace` directives pointing to a path
@@ -12,10 +14,16 @@ module Dependabot
12
14
  # no paths such as ../../../foo), run the Go tooling, then reverse the
13
15
  # process afterwards.
14
16
  class ReplaceStubber
17
+ extend T::Sig
18
+
19
+ sig { params(repo_contents_path: T.nilable(String)).void }
15
20
  def initialize(repo_contents_path)
16
21
  @repo_contents_path = repo_contents_path
17
22
  end
18
23
 
24
+ sig do
25
+ params(manifest: T::Hash[String, T.untyped], directory: T.nilable(String)).returns(T::Hash[String, String])
26
+ end
19
27
  def stub_paths(manifest, directory)
20
28
  (manifest["Replace"] || [])
21
29
  .filter_map { |r| r["New"]["Path"] }
@@ -25,6 +33,7 @@ module Dependabot
25
33
 
26
34
  private
27
35
 
36
+ sig { params(path: String, directory: T.nilable(String)).returns(T::Boolean) }
28
37
  def stub_replace_path?(path, directory)
29
38
  return true if absolute_path?(path)
30
39
  return false unless relative_replacement_path?(path)
@@ -37,17 +46,21 @@ module Dependabot
37
46
  true
38
47
  end
39
48
 
49
+ sig { params(path: String).returns(T::Boolean) }
40
50
  def absolute_path?(path)
41
51
  path.start_with?("/")
42
52
  end
43
53
 
54
+ sig { params(path: String).returns(T::Boolean) }
44
55
  def relative_replacement_path?(path)
45
56
  # https://golang.org/ref/mod#go-mod-file-replace
46
57
  path.start_with?("./", "../")
47
58
  end
48
59
 
60
+ sig { params(directory: T.nilable(String)).returns(Pathname) }
49
61
  def module_pathname(directory)
50
- @module_pathname ||= Pathname.new(@repo_contents_path).join(directory.sub(%r{^/}, ""))
62
+ @module_pathname ||= T.let(Pathname.new(@repo_contents_path).join(T.must(directory).sub(%r{^/}, "")),
63
+ T.nilable(Pathname))
51
64
  end
52
65
  end
53
66
  end
@@ -1,4 +1,4 @@
1
- # typed: false
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
4
  ################################################################################
@@ -25,11 +25,12 @@ module Dependabot
25
25
  quoted = OPS.keys.map { |k| Regexp.quote(k) }.join("|")
26
26
  version_pattern = "v?#{Version::VERSION_PATTERN}"
27
27
 
28
- PATTERN_RAW = "\\s*(#{quoted})?\\s*(#{version_pattern})\\s*".freeze
28
+ PATTERN_RAW = T.let("\\s*(#{quoted})?\\s*(#{version_pattern})\\s*".freeze, String)
29
29
  PATTERN = /\A#{PATTERN_RAW}\z/
30
30
 
31
31
  # Use GoModules::Version rather than Gem::Version to ensure that
32
32
  # pre-release versions aren't transformed.
33
+ sig { params(obj: T.untyped).returns([String, Gem::Version]) }
33
34
  def self.parse(obj)
34
35
  return ["=", Version.new(obj.to_s)] if obj.is_a?(Gem::Version)
35
36
 
@@ -54,9 +55,12 @@ module Dependabot
54
55
  end
55
56
  end
56
57
 
58
+ sig do
59
+ params(requirements: T.nilable(String)).void
60
+ end
57
61
  def initialize(*requirements)
58
62
  requirements = requirements.flatten.flat_map do |req_string|
59
- req_string.split(",").map(&:strip).map do |r|
63
+ req_string&.split(",")&.map(&:strip)&.map do |r|
60
64
  convert_go_constraint_to_ruby_constraint(r.strip)
61
65
  end
62
66
  end
@@ -66,6 +70,7 @@ module Dependabot
66
70
 
67
71
  private
68
72
 
73
+ sig { params(req_string: String).returns(T.any(String, T::Array[String])) }
69
74
  def convert_go_constraint_to_ruby_constraint(req_string)
70
75
  req_string = convert_wildcard_characters(req_string)
71
76
 
@@ -80,6 +85,7 @@ module Dependabot
80
85
  end
81
86
  end
82
87
 
88
+ sig { params(req_string: String).returns(String) }
83
89
  def convert_wildcard_characters(req_string)
84
90
  if req_string.match?(/^[\dv^>~]/)
85
91
  replace_wildcard_in_lower_bound(req_string)
@@ -96,8 +102,9 @@ module Dependabot
96
102
  end
97
103
  end
98
104
 
105
+ sig { params(req_string: String).returns(String) }
99
106
  def replace_wildcard_in_lower_bound(req_string)
100
- after_wildcard = false
107
+ after_wildcard = T.let(false, T::Boolean)
101
108
 
102
109
  req_string = req_string.gsub(/(?:(?:\.|^)[xX*])(\.[xX*])+/, "") if req_string.start_with?("~")
103
110
 
@@ -114,6 +121,7 @@ module Dependabot
114
121
  end.join(".")
115
122
  end
116
123
 
124
+ sig { params(req_string: String).returns(String) }
117
125
  def convert_tilde_req(req_string)
118
126
  version = req_string.gsub(/^~/, "")
119
127
  parts = version.split(".")
@@ -121,11 +129,13 @@ module Dependabot
121
129
  "~> #{parts.join('.')}"
122
130
  end
123
131
 
132
+ sig { params(req_string: String).returns(T::Array[String]) }
124
133
  def convert_hyphen_req(req_string)
125
134
  lower_bound, upper_bound = req_string.split(/\s+-\s+/)
126
135
  [">= #{lower_bound}", "<= #{upper_bound}"]
127
136
  end
128
137
 
138
+ sig { params(req_string: String).returns(String) }
129
139
  def ruby_range(req_string)
130
140
  parts = req_string.split(".")
131
141
 
@@ -142,6 +152,7 @@ module Dependabot
142
152
 
143
153
  # NOTE: Dep's caret notation implementation doesn't distinguish between
144
154
  # pre and post-1.0.0 requirements (unlike in JS)
155
+ sig { params(req_string: String).returns(T::Array[String]) }
145
156
  def convert_caret_req(req_string)
146
157
  version = req_string.gsub(/^\^?v?/, "")
147
158
  parts = version.split(".")
@@ -56,7 +56,11 @@ module Dependabot
56
56
 
57
57
  private
58
58
 
59
- attr_reader :dependency, :dependency_files, :credentials, :ignored_versions, :security_advisories
59
+ attr_reader :dependency
60
+ attr_reader :dependency_files
61
+ attr_reader :credentials
62
+ attr_reader :ignored_versions
63
+ attr_reader :security_advisories
60
64
 
61
65
  def fetch_latest_version
62
66
  candidate_versions = available_versions
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-go_modules
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.247.0
4
+ version: 0.249.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-03-14 00:00:00.000000000 Z
11
+ date: 2024-03-28 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.247.0
19
+ version: 0.249.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.247.0
26
+ version: 0.249.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -267,7 +267,7 @@ licenses:
267
267
  - Nonstandard
268
268
  metadata:
269
269
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
270
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.247.0
270
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.249.0
271
271
  post_install_message:
272
272
  rdoc_options: []
273
273
  require_paths: