dependabot-go_modules 0.128.0 → 0.128.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/go_modules/file_updater/go_mod_updater.rb +26 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 29da29921bc4394c205fb629cb0789c925786644cb959b46f9b2f298db09cfaf
|
|
4
|
+
data.tar.gz: 7a4d3430eedaabe4042c9ffe8e6217b012c79ede1baeeca957da44baaa507ee0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ff7112a43b6836338ff04931727b1b7868963e5adb342df5168690afb4817ff2cdc15e86d9f745e389a5c36ced024f47dc3b02666865a0f29454c9b86a1732cc
|
|
7
|
+
data.tar.gz: ade4e284555898deb7a757149be26461ebf75b4e94e1b226165cfa2bcea2a1464580e83e503528674f29436bfe47ae9e7c048af071cf3c80f789cebc1f635ccc
|
|
@@ -240,12 +240,37 @@ module Dependabot
|
|
|
240
240
|
(manifest["Replace"] || []).
|
|
241
241
|
map { |r| r["New"]["Path"] }.
|
|
242
242
|
compact.
|
|
243
|
-
select { |p|
|
|
243
|
+
select { |p| stub_replace_path?(p) }.
|
|
244
244
|
map { |p| [p, "./" + Digest::SHA2.hexdigest(p)] }.
|
|
245
245
|
to_h
|
|
246
246
|
end
|
|
247
247
|
end
|
|
248
248
|
|
|
249
|
+
# returns true if the provided path should be replaced with a stub
|
|
250
|
+
def stub_replace_path?(path)
|
|
251
|
+
return true if absolute_path?(path)
|
|
252
|
+
return false unless relative_replacement_path?(path)
|
|
253
|
+
|
|
254
|
+
resolved_path = module_pathname.join(path).realpath
|
|
255
|
+
inside_repo_contents_path = resolved_path.to_s.start_with?(repo_contents_path.to_s)
|
|
256
|
+
!inside_repo_contents_path
|
|
257
|
+
rescue Errno::ENOENT
|
|
258
|
+
true
|
|
259
|
+
end
|
|
260
|
+
|
|
261
|
+
def absolute_path?(path)
|
|
262
|
+
path.start_with?("/")
|
|
263
|
+
end
|
|
264
|
+
|
|
265
|
+
def relative_replacement_path?(path)
|
|
266
|
+
# https://golang.org/ref/mod#go-mod-file-replace
|
|
267
|
+
path.start_with?("./") || path.start_with?("../")
|
|
268
|
+
end
|
|
269
|
+
|
|
270
|
+
def module_pathname
|
|
271
|
+
@module_pathname ||= repo_contents_path.join(directory)
|
|
272
|
+
end
|
|
273
|
+
|
|
249
274
|
def substitute_all(substitutions)
|
|
250
275
|
body = substitutions.reduce(File.read("go.mod")) do |text, (a, b)|
|
|
251
276
|
text.sub(a, b)
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-go_modules
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.128.
|
|
4
|
+
version: 0.128.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.128.
|
|
19
|
+
version: 0.128.1
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.128.
|
|
26
|
+
version: 0.128.1
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|