dependabot-go_modules 0.108.11 → 0.108.12
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/go_modules/file_updater/go_mod_updater.rb +41 -2
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ca7e5018cdc7a4ab5c37614e3cfdc55caed507148115ca6755e39c295cbc7b7e
|
|
4
|
+
data.tar.gz: e885fdfc8540135deb192e5d444c1cc1e894211eb17054d2f8b5e9c0670f3a1b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: '09da58eaaf9d9fc93666b1ef8efda1273298cf0c1713d964333378eeb94c8dd91979c7fbac9252c30396ad508c1800220388175e96cb190341253ac458c57971'
|
|
7
|
+
data.tar.gz: 908aca3630a2cd043d8b206a8702c45f306c86b19185bdffd9ac0b89c06df3e92f396381a6f07fe3e9171d907f1f80ad3768e77aa5ae7c8609d1586ab4b83643
|
|
@@ -44,12 +44,20 @@ module Dependabot
|
|
|
44
44
|
return nil unless go_sum
|
|
45
45
|
|
|
46
46
|
# This needs to be run separately so we don't nest subprocess calls
|
|
47
|
-
|
|
47
|
+
prepared_go_mod_content
|
|
48
48
|
|
|
49
49
|
@updated_go_sum_content ||=
|
|
50
50
|
SharedHelpers.in_a_temporary_directory do
|
|
51
51
|
SharedHelpers.with_git_configured(credentials: credentials) do
|
|
52
|
-
|
|
52
|
+
# Create a fake empty module for each local module so that
|
|
53
|
+
# `go get -d` works, even if some modules have been `replace`d
|
|
54
|
+
# with a local module that we don't have access to.
|
|
55
|
+
local_replacements.each do |_, stub_path|
|
|
56
|
+
Dir.mkdir(stub_path) unless Dir.exist?(stub_path)
|
|
57
|
+
FileUtils.touch(File.join(stub_path, "go.mod"))
|
|
58
|
+
end
|
|
59
|
+
|
|
60
|
+
File.write("go.mod", prepared_go_mod_content)
|
|
53
61
|
File.write("go.sum", go_sum.content)
|
|
54
62
|
File.write("main.go", dummy_main_go)
|
|
55
63
|
|
|
@@ -76,6 +84,37 @@ module Dependabot
|
|
|
76
84
|
/go: ([^@\s]+)(?:@[^\s]+)?: .* unexpected module path "(.*)"/
|
|
77
85
|
].freeze
|
|
78
86
|
|
|
87
|
+
def local_replacements
|
|
88
|
+
@local_replacements ||=
|
|
89
|
+
SharedHelpers.in_a_temporary_directory do |path|
|
|
90
|
+
File.write("go.mod", go_mod.content)
|
|
91
|
+
|
|
92
|
+
# Parse the go.mod to get a JSON representation of the replace
|
|
93
|
+
# directives
|
|
94
|
+
command = "go mod edit -json"
|
|
95
|
+
env = { "GO111MODULE" => "on" }
|
|
96
|
+
stdout, stderr, status = Open3.capture3(env, command)
|
|
97
|
+
handle_parser_error(path, stderr) unless status.success?
|
|
98
|
+
|
|
99
|
+
# Find all the local replacements, and return them with a stub
|
|
100
|
+
# path we can use in their place. Using generated paths is safer
|
|
101
|
+
# as it means we don't need to worry about references to parent
|
|
102
|
+
# directories, etc.
|
|
103
|
+
(JSON.parse(stdout)["Replace"] || []).
|
|
104
|
+
map { |r| r["New"]["Path"] }.
|
|
105
|
+
compact.
|
|
106
|
+
select { |p| p.start_with?(".") || p.start_with?("/") }.
|
|
107
|
+
map { |p| [p, "./" + Digest::SHA2.hexdigest(p)] }
|
|
108
|
+
end
|
|
109
|
+
end
|
|
110
|
+
|
|
111
|
+
def prepared_go_mod_content
|
|
112
|
+
content = updated_go_mod_content
|
|
113
|
+
local_replacements.reduce(content) do |body, (path, stub_path)|
|
|
114
|
+
body.sub(path, stub_path)
|
|
115
|
+
end
|
|
116
|
+
end
|
|
117
|
+
|
|
79
118
|
def handle_subprocess_error(path, stderr)
|
|
80
119
|
error_regex = RESOLVABILITY_ERROR_REGEXES.find { |r| stderr =~ r }
|
|
81
120
|
if error_regex
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-go_modules
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.108.
|
|
4
|
+
version: 0.108.12
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.108.
|
|
19
|
+
version: 0.108.12
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.108.
|
|
26
|
+
version: 0.108.12
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|