dependabot-go_modules 0.377.0 → 0.378.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/go_modules/file_parser.rb +21 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: da203b1b62048d35cedc82132b37afb9253ac4a0d18bbaa25ff4675f4401d32e
|
|
4
|
+
data.tar.gz: 822f8647f4ef9250747d1ad2f5b8ac0644a2dc83bd96799341b8edc97441e4db
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: cd15284e846a0b2e8efdce0a8dee0dcb2e3d24fcd981a3cf00c132b56c57c946e69d50b631f664906daf3ed6447c16ae509d7e5f952f3dcfc8c9d39cd09923e8
|
|
7
|
+
data.tar.gz: 4065535671b4ab16eaac81f3fce31257c836a20fba2e9aff63f87f283bb52ed7020c7958ee7052726d6227fca5ef130acba8b4751e7439b033e7c6e6ff7b4295
|
|
@@ -114,10 +114,30 @@ module Dependabot
|
|
|
114
114
|
return unless go_env
|
|
115
115
|
|
|
116
116
|
env_file = T.must(go_env)
|
|
117
|
-
File.write(env_file.name, env_file.content)
|
|
117
|
+
File.write(env_file.name, sanitize_go_env_content(T.must(env_file.content)))
|
|
118
118
|
ENV["GOENV"] = Pathname.new(env_file.name).realpath.to_s
|
|
119
119
|
end
|
|
120
120
|
|
|
121
|
+
# Go's GOENV file format does not support shell-style quoting, but users
|
|
122
|
+
# commonly write values like GOPROXY="https://..." which Go reads literally
|
|
123
|
+
# (including the quotes), causing URL parse failures. Strip surrounding
|
|
124
|
+
# matching " or ' from each value.
|
|
125
|
+
sig { params(content: String).returns(String) }
|
|
126
|
+
def sanitize_go_env_content(content)
|
|
127
|
+
content.gsub(
|
|
128
|
+
/
|
|
129
|
+
^ # start of line
|
|
130
|
+
([^=\n]+) # key: one or more chars that are not = or newline
|
|
131
|
+
= # separator
|
|
132
|
+
(["']) # opening quote, captured for backreference
|
|
133
|
+
(.*) # value
|
|
134
|
+
\2 # closing quote must match opening
|
|
135
|
+
$ # end of line
|
|
136
|
+
/x,
|
|
137
|
+
'\1=\3'
|
|
138
|
+
)
|
|
139
|
+
end
|
|
140
|
+
|
|
121
141
|
sig { void }
|
|
122
142
|
def set_goprivate_variable
|
|
123
143
|
return if go_env&.content&.include?("GOPRIVATE")
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-go_modules
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.378.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.378.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.378.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: debug
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -275,7 +275,7 @@ licenses:
|
|
|
275
275
|
- MIT
|
|
276
276
|
metadata:
|
|
277
277
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
278
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
278
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.378.0
|
|
279
279
|
rdoc_options: []
|
|
280
280
|
require_paths:
|
|
281
281
|
- lib
|