dependabot-go_modules 0.310.0 → 0.311.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz: '
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: '087090666b622798f189304a67e8383de5dbeddaaddec1f12ad0d9493310a578'
|
|
4
|
+
data.tar.gz: c88dfb340497920aefa89a4ba79813755c2a273e1a617205ede0d95f6592d7e2
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8d2f0abb657659d6876e4690d1ec120f6f378e6ba1fd9b193ef8f1cffbc5874726ca8153b0cf652d9d1765ae6fad98ea918e8b45e7dd4eeb6e9e95cf1bdebba2
|
|
7
|
+
data.tar.gz: 6aaafa90636a7f22b115b36f83ec11a2f271d19c2ffdee3feb7e7842a53f8ccbec4e182334f1948c16aed724e30db733e10950dab4dc52602477ef72f4ac1060
|
|
@@ -94,13 +94,13 @@ module Dependabot
|
|
|
94
94
|
return [package_release(version: T.must(dependency.version))] if version_strings.nil?
|
|
95
95
|
|
|
96
96
|
version_info = version_strings.select { |v| version_class.correct?(v) }
|
|
97
|
-
.map { |
|
|
97
|
+
.map { |version| version }
|
|
98
98
|
|
|
99
99
|
package_releases = []
|
|
100
100
|
|
|
101
101
|
version_info.map do |version|
|
|
102
102
|
package_releases << package_release(
|
|
103
|
-
version: version
|
|
103
|
+
version: version
|
|
104
104
|
)
|
|
105
105
|
end
|
|
106
106
|
|
|
@@ -136,7 +136,8 @@ module Dependabot
|
|
|
136
136
|
end
|
|
137
137
|
def package_release(version:)
|
|
138
138
|
Dependabot::Package::PackageRelease.new(
|
|
139
|
-
version: GoModules::Version.new(version)
|
|
139
|
+
version: GoModules::Version.new(version),
|
|
140
|
+
details: { "version_string" => version }
|
|
140
141
|
)
|
|
141
142
|
end
|
|
142
143
|
|
|
@@ -47,7 +47,8 @@ module Dependabot
|
|
|
47
47
|
ignored_versions: T::Array[String],
|
|
48
48
|
security_advisories: T::Array[Dependabot::SecurityAdvisory],
|
|
49
49
|
goprivate: String,
|
|
50
|
-
raise_on_ignored: T::Boolean
|
|
50
|
+
raise_on_ignored: T::Boolean,
|
|
51
|
+
cooldown_options: T.nilable(Dependabot::Package::ReleaseCooldownOptions)
|
|
51
52
|
)
|
|
52
53
|
.void
|
|
53
54
|
end
|
|
@@ -58,7 +59,8 @@ module Dependabot
|
|
|
58
59
|
ignored_versions:,
|
|
59
60
|
security_advisories:,
|
|
60
61
|
goprivate:,
|
|
61
|
-
raise_on_ignored: false
|
|
62
|
+
raise_on_ignored: false,
|
|
63
|
+
cooldown_options: nil
|
|
62
64
|
)
|
|
63
65
|
@dependency = dependency
|
|
64
66
|
@dependency_files = dependency_files
|
|
@@ -67,6 +69,17 @@ module Dependabot
|
|
|
67
69
|
@security_advisories = security_advisories
|
|
68
70
|
@raise_on_ignored = raise_on_ignored
|
|
69
71
|
@goprivate = goprivate
|
|
72
|
+
@cooldown_options = cooldown_options
|
|
73
|
+
super(
|
|
74
|
+
dependency: dependency,
|
|
75
|
+
dependency_files: dependency_files,
|
|
76
|
+
credentials: credentials,
|
|
77
|
+
ignored_versions: ignored_versions,
|
|
78
|
+
security_advisories: security_advisories,
|
|
79
|
+
cooldown_options: cooldown_options,
|
|
80
|
+
raise_on_ignored: raise_on_ignored,
|
|
81
|
+
options: {}
|
|
82
|
+
)
|
|
70
83
|
end
|
|
71
84
|
|
|
72
85
|
sig do
|
|
@@ -87,6 +100,11 @@ module Dependabot
|
|
|
87
100
|
T.nilable(Dependabot::Version))
|
|
88
101
|
end
|
|
89
102
|
|
|
103
|
+
sig { override.returns(T::Boolean) }
|
|
104
|
+
def cooldown_enabled?
|
|
105
|
+
Dependabot::Experiments.enabled?(:enable_cooldown_for_gomodules)
|
|
106
|
+
end
|
|
107
|
+
|
|
90
108
|
private
|
|
91
109
|
|
|
92
110
|
sig { returns(Dependabot::Dependency) }
|
|
@@ -107,6 +125,19 @@ module Dependabot
|
|
|
107
125
|
sig { returns(String) }
|
|
108
126
|
attr_reader :goprivate
|
|
109
127
|
|
|
128
|
+
sig { returns(T.nilable(Dependabot::Package::ReleaseCooldownOptions)) }
|
|
129
|
+
attr_reader :cooldown_options
|
|
130
|
+
|
|
131
|
+
sig { returns(T::Array[Dependabot::Package::PackageRelease]) }
|
|
132
|
+
def available_versions_details
|
|
133
|
+
@available_versions_details ||= T.let(Package::PackageDetailsFetcher.new(
|
|
134
|
+
dependency: dependency,
|
|
135
|
+
dependency_files: dependency_files,
|
|
136
|
+
credentials: credentials,
|
|
137
|
+
goprivate: goprivate
|
|
138
|
+
).fetch_available_versions, T.nilable(T::Array[Dependabot::Package::PackageRelease]))
|
|
139
|
+
end
|
|
140
|
+
|
|
110
141
|
# rubocop:disable Lint/UnusedMethodArgument
|
|
111
142
|
sig do
|
|
112
143
|
params(language_version: T.nilable(T.any(String, Dependabot::Version)))
|
|
@@ -116,6 +147,7 @@ module Dependabot
|
|
|
116
147
|
candidate_versions = available_versions_details
|
|
117
148
|
candidate_versions = filter_prerelease_versions(candidate_versions)
|
|
118
149
|
candidate_versions = filter_ignored_versions(candidate_versions)
|
|
150
|
+
candidate_versions = lazy_filter_cooldown_versions(candidate_versions)
|
|
119
151
|
# Adding the psuedo-version to the list to avoid downgrades
|
|
120
152
|
if PSEUDO_VERSION_REGEX.match?(dependency.version)
|
|
121
153
|
candidate_versions << Dependabot::Package::PackageRelease.new(
|
|
@@ -126,6 +158,81 @@ module Dependabot
|
|
|
126
158
|
candidate_versions.max_by(&:version)&.version
|
|
127
159
|
end
|
|
128
160
|
|
|
161
|
+
sig do
|
|
162
|
+
params(releases: T::Array[Dependabot::Package::PackageRelease], check_max: T::Boolean)
|
|
163
|
+
.returns(T::Array[Dependabot::Package::PackageRelease])
|
|
164
|
+
end
|
|
165
|
+
def lazy_filter_cooldown_versions(releases, check_max: true)
|
|
166
|
+
return releases unless cooldown_enabled?
|
|
167
|
+
return releases unless cooldown_options
|
|
168
|
+
|
|
169
|
+
Dependabot.logger.info("Initializing cooldown filter")
|
|
170
|
+
|
|
171
|
+
sorted_releases = if check_max
|
|
172
|
+
releases.sort_by(&:version).reverse
|
|
173
|
+
else
|
|
174
|
+
releases.sort_by(&:version)
|
|
175
|
+
end
|
|
176
|
+
|
|
177
|
+
filtered_versions = []
|
|
178
|
+
cooldown_filtered_versions = 0
|
|
179
|
+
|
|
180
|
+
# Iterate through the sorted versions lazily, filtering out cooldown versions
|
|
181
|
+
sorted_releases.each do |release|
|
|
182
|
+
if in_cooldown_period?(release)
|
|
183
|
+
Dependabot.logger.info("Filtered out (cooldown) : #{release}")
|
|
184
|
+
cooldown_filtered_versions += 1
|
|
185
|
+
next
|
|
186
|
+
end
|
|
187
|
+
|
|
188
|
+
filtered_versions << release
|
|
189
|
+
break
|
|
190
|
+
end
|
|
191
|
+
|
|
192
|
+
Dependabot.logger.info("Filtered out #{cooldown_filtered_versions} version(s) due to cooldown")
|
|
193
|
+
|
|
194
|
+
filtered_versions
|
|
195
|
+
end
|
|
196
|
+
|
|
197
|
+
# rubocop:disable Metrics/AbcSize
|
|
198
|
+
sig { params(release: Dependabot::Package::PackageRelease).returns(T::Boolean) }
|
|
199
|
+
def in_cooldown_period?(release)
|
|
200
|
+
env = { "GOPRIVATE" => @goprivate }
|
|
201
|
+
|
|
202
|
+
begin
|
|
203
|
+
release_info = SharedHelpers.run_shell_command(
|
|
204
|
+
"go list -m -json #{dependency.name}@#{release.details.[]('version_string')}",
|
|
205
|
+
fingerprint: "go list -m -json <dependency_name>",
|
|
206
|
+
env: env
|
|
207
|
+
)
|
|
208
|
+
rescue Dependabot::SharedHelpers::HelperSubprocessFailed => e
|
|
209
|
+
Dependabot.logger.info("Error while fetching release date info: #{e.message}")
|
|
210
|
+
return false
|
|
211
|
+
end
|
|
212
|
+
|
|
213
|
+
release.instance_variable_set(
|
|
214
|
+
:@released_at, JSON.parse(release_info)["Time"] ? Time.parse(JSON.parse(release_info)["Time"]) : nil
|
|
215
|
+
)
|
|
216
|
+
|
|
217
|
+
return false unless release.released_at
|
|
218
|
+
|
|
219
|
+
current_version = version_class.correct?(dependency.version) ? version_class.new(dependency.version) : nil
|
|
220
|
+
days = cooldown_days_for(current_version, release.version)
|
|
221
|
+
|
|
222
|
+
# Calculate the number of seconds passed since the release
|
|
223
|
+
passed_seconds = Time.now.to_i - release.released_at.to_i
|
|
224
|
+
passed_days = passed_seconds / DAY_IN_SECONDS
|
|
225
|
+
|
|
226
|
+
if passed_days < days
|
|
227
|
+
Dependabot.logger.info("Version #{release.version}, Release date: #{release.released_at}." \
|
|
228
|
+
" Days since release: #{passed_days} (cooldown days: #{days})")
|
|
229
|
+
end
|
|
230
|
+
|
|
231
|
+
# Check if the release is within the cooldown period
|
|
232
|
+
passed_seconds < days * DAY_IN_SECONDS
|
|
233
|
+
end
|
|
234
|
+
# rubocop:enable Metrics/AbcSize
|
|
235
|
+
|
|
129
236
|
sig do
|
|
130
237
|
override.returns(T.nilable(Dependabot::Package::PackageDetails))
|
|
131
238
|
end
|
|
@@ -154,16 +261,6 @@ module Dependabot
|
|
|
154
261
|
end
|
|
155
262
|
# rubocop:enable Lint/UnusedMethodArgument
|
|
156
263
|
|
|
157
|
-
sig { returns(T::Array[Dependabot::Package::PackageRelease]) }
|
|
158
|
-
def available_versions_details
|
|
159
|
-
@available_versions_details ||= T.let(Package::PackageDetailsFetcher.new(
|
|
160
|
-
dependency: dependency,
|
|
161
|
-
dependency_files: dependency_files,
|
|
162
|
-
credentials: credentials,
|
|
163
|
-
goprivate: goprivate
|
|
164
|
-
).fetch_available_versions, T.nilable(T::Array[Dependabot::Package::PackageRelease]))
|
|
165
|
-
end
|
|
166
|
-
|
|
167
264
|
sig { returns(T::Boolean) }
|
|
168
265
|
def wants_prerelease?
|
|
169
266
|
@wants_prerelease ||= T.let(
|
|
@@ -66,6 +66,7 @@ module Dependabot
|
|
|
66
66
|
ignored_versions: ignored_versions,
|
|
67
67
|
security_advisories: security_advisories,
|
|
68
68
|
raise_on_ignored: raise_on_ignored,
|
|
69
|
+
cooldown_options: update_cooldown,
|
|
69
70
|
goprivate: options.fetch(:goprivate, "*")
|
|
70
71
|
),
|
|
71
72
|
T.nilable(Dependabot::GoModules::UpdateChecker::LatestVersionFinder)
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-go_modules
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.311.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
bindir: bin
|
|
9
9
|
cert_chain: []
|
|
10
|
-
date: 2025-
|
|
10
|
+
date: 2025-05-01 00:00:00.000000000 Z
|
|
11
11
|
dependencies:
|
|
12
12
|
- !ruby/object:Gem::Dependency
|
|
13
13
|
name: dependabot-common
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.311.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.311.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: debug
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -223,16 +223,16 @@ dependencies:
|
|
|
223
223
|
name: webrick
|
|
224
224
|
requirement: !ruby/object:Gem::Requirement
|
|
225
225
|
requirements:
|
|
226
|
-
- - "
|
|
226
|
+
- - "~>"
|
|
227
227
|
- !ruby/object:Gem::Version
|
|
228
|
-
version: '1.
|
|
228
|
+
version: '1.9'
|
|
229
229
|
type: :development
|
|
230
230
|
prerelease: false
|
|
231
231
|
version_requirements: !ruby/object:Gem::Requirement
|
|
232
232
|
requirements:
|
|
233
|
-
- - "
|
|
233
|
+
- - "~>"
|
|
234
234
|
- !ruby/object:Gem::Version
|
|
235
|
-
version: '1.
|
|
235
|
+
version: '1.9'
|
|
236
236
|
description: Dependabot-Go_Modules provides support for bumping Go Modules versions
|
|
237
237
|
via Dependabot. If you want support for multiple package managers, you probably
|
|
238
238
|
want the meta-gem dependabot-omnibus.
|
|
@@ -271,7 +271,7 @@ licenses:
|
|
|
271
271
|
- MIT
|
|
272
272
|
metadata:
|
|
273
273
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
274
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
274
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.311.0
|
|
275
275
|
rdoc_options: []
|
|
276
276
|
require_paths:
|
|
277
277
|
- lib
|