dependabot-go_modules 0.378.0 → 0.379.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7416aab2410b4a4f4f7b2f56c0034baa13956825415fc1af57a84fd383f5baa3
|
|
4
|
+
data.tar.gz: 7a36751b391d9d8d2a184098d8dd0a2ba521e1de92292b4ee059d9dd0f2c0e0b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8aa196a52e254dc86a25aca1b727b631afc931164b1ad3e842fa62a1611d82884ee0a3844010f53b9a3598a0521dda2012c2b1fa6d6bdea36e732b4fda92cb09
|
|
7
|
+
data.tar.gz: 54d75e5a9b298b855f2761e87e101ceab4686d8dfe7833493e662b7f977c93538303690d01c65f933b69b10724efa76aa41debf590af2d06fbeec3398dc995b8
|
|
@@ -85,6 +85,10 @@ module Dependabot
|
|
|
85
85
|
)
|
|
86
86
|
version_strings = JSON.parse(versions_json)["Versions"]
|
|
87
87
|
|
|
88
|
+
# If no versions found, the path may be a sub-package rather than a module root.
|
|
89
|
+
# Try progressively shorter paths to find the actual module.
|
|
90
|
+
version_strings = resolve_module_versions_from_subpath(dependency_name) if version_strings.nil?
|
|
91
|
+
|
|
88
92
|
return [package_release(version: T.must(dependency.version))] if version_strings.nil?
|
|
89
93
|
|
|
90
94
|
version_info = version_strings.select { |v| version_class.correct?(v) }
|
|
@@ -161,6 +165,36 @@ module Dependabot
|
|
|
161
165
|
dependency.version_class
|
|
162
166
|
end
|
|
163
167
|
|
|
168
|
+
sig { params(module_path: String).returns(T.nilable(T::Array[String])) }
|
|
169
|
+
def fetch_module_versions(module_path)
|
|
170
|
+
versions_json = SharedHelpers.run_shell_command(
|
|
171
|
+
"go list -m -versions -json #{module_path}",
|
|
172
|
+
fingerprint: "go list -m -versions -json <dependency_name>"
|
|
173
|
+
)
|
|
174
|
+
JSON.parse(versions_json)["Versions"]
|
|
175
|
+
end
|
|
176
|
+
|
|
177
|
+
# When a full import path (e.g. github.com/owner/repo/cmd/tool) is not a module,
|
|
178
|
+
# try progressively shorter paths to find the actual module root.
|
|
179
|
+
sig { params(full_path: String).returns(T.nilable(T::Array[String])) }
|
|
180
|
+
def resolve_module_versions_from_subpath(full_path)
|
|
181
|
+
parts = full_path.split("/")
|
|
182
|
+
# Valid Go module roots can be as short as 2 segments (e.g., k8s.io/kubernetes)
|
|
183
|
+
min_parts = 2
|
|
184
|
+
return nil if parts.length <= min_parts
|
|
185
|
+
|
|
186
|
+
(parts.length - 1).downto(min_parts).each do |i|
|
|
187
|
+
candidate = T.must(parts[0...i]).join("/")
|
|
188
|
+
Dependabot.logger.debug("Trying shorter module path: #{candidate}")
|
|
189
|
+
versions = fetch_module_versions(candidate)
|
|
190
|
+
return versions if versions&.any?
|
|
191
|
+
rescue SharedHelpers::HelperSubprocessFailed
|
|
192
|
+
next
|
|
193
|
+
end
|
|
194
|
+
|
|
195
|
+
nil
|
|
196
|
+
end
|
|
197
|
+
|
|
164
198
|
sig do
|
|
165
199
|
params(releases: T::Array[Dependabot::Package::PackageRelease])
|
|
166
200
|
.returns(Dependabot::Package::PackageDetails)
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-go_modules
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.379.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.379.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.379.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: debug
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -275,7 +275,7 @@ licenses:
|
|
|
275
275
|
- MIT
|
|
276
276
|
metadata:
|
|
277
277
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
278
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
278
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.379.0
|
|
279
279
|
rdoc_options: []
|
|
280
280
|
require_paths:
|
|
281
281
|
- lib
|