dependabot-go_modules 0.129.3 → 0.129.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 53bdc10b2ee34e677da5df98559e3cc54eb18ce95f5a2f773499492e26f0edee
-  data.tar.gz: 9417a94e65c0b2d2589a5074e49cdf8c778389cf6ffc67647414a069445c0f82
+  metadata.gz: d8f7a2c4bb77e9289dd8673f71692a0ad30600fa56a924057b13c0539c2abbf1
+  data.tar.gz: 0c532fbe591362a72d8a063f91b0a416cbbd788c806a248d4d94ddcb60371edf
 SHA512:
-  metadata.gz: '00558e919ce1329a7b4223ee1442c6f04bb9914673b4e22c21f18805aa85b7261be393a854d36458e5a5633a46f6c90bad870e008d5fce50e183dd78a4275e2d'
-  data.tar.gz: 7b287dccd8110ec517e505afdf585355f7b780f376650a4202397bb8149cce8f9ec0edd66257c2b70a9b39bcc097f5d17993768fc439bdcb9ceafb796ff83616
+  metadata.gz: 4fa94982678e5c4a78481f43b90ecbf882da31bacddf3fbe34aa51f0d47e50a09a26d72d626d9fa6d8f832a6e21d7205568a4a9a8e1049f10df4d6a1ade7f25a
+  data.tar.gz: c0e66a28d79c1e82747e8844887332ff3da98c1c3914bf6a4d911c112e61be3df70bd68daa60069e045329b831daf1faa50b4586fa176717acb58dcd4c40a7e5

data/lib/dependabot/go_modules/file_parser.rb

@@ -77,7 +77,7 @@ module Dependabot
 
             stdout, stderr, status = Open3.capture3(env, command)
             handle_parser_error(path, stderr) unless status.success?
-            JSON.parse(stdout)["Require"]
+            JSON.parse(stdout)["Require"] || []
           rescue Dependabot::DependencyFileNotResolvable
             # We sometimes see this error if a host times out.
             # In such cases, retrying (a maximum of 3 times) may fix it.

data/lib/dependabot/go_modules/file_updater/go_mod_updater.rb

@@ -4,6 +4,7 @@ require "dependabot/shared_helpers"
 require "dependabot/errors"
 require "dependabot/go_modules/file_updater"
 require "dependabot/go_modules/native_helpers"
+require "dependabot/go_modules/resolvability_errors"
 
 module Dependabot
   module GoModules
@@ -14,19 +15,21 @@ module Dependabot
         ENVIRONMENT = { "GOPRIVATE" => "*" }.freeze
 
         RESOLVABILITY_ERROR_REGEXES = [
-          # (Private) module could not be fetched
-          /go: .*: git fetch .*: exit status 128/.freeze,
           # The checksum in go.sum does not match the dowloaded content
           /verifying .*: checksum mismatch/.freeze,
+          /go: .*: go.mod has post-v\d+ module path/
+        ].freeze
+
+        REPO_RESOLVABILITY_ERROR_REGEXES = [
+          # (Private) module could not be fetched
+          /go: .*: git fetch .*: exit status 128/.freeze,
           # (Private) module could not be found
           /cannot find module providing package/.freeze,
           # Package in module was likely renamed or removed
           /module .* found \(.*\), but does not contain package/m.freeze,
           # Package does not exist, has been pulled or cannot be reached due to
           # auth problems with either git or the go proxy
-          /go: .*: unknown revision/m.freeze,
-          # Package version doesn't match the module major version
-          /go: .*: go.mod has post-v\d+ module path/m.freeze
+          /go: .*: unknown revision/m.freeze
         ].freeze
 
         MODULE_PATH_MISMATCH_REGEXES = [
@@ -263,13 +266,22 @@ module Dependabot
           write_go_mod(body)
         end
 
+        # rubocop:disable Metrics/AbcSize
+        # rubocop:disable Metrics/PerceivedComplexity
         def handle_subprocess_error(stderr)
           stderr = stderr.gsub(Dir.getwd, "")
 
+          # Package version doesn't match the module major version
           error_regex = RESOLVABILITY_ERROR_REGEXES.find { |r| stderr =~ r }
           if error_regex
             lines = stderr.lines.drop_while { |l| error_regex !~ l }
-            raise Dependabot::DependencyFileNotResolvable.new, lines.join
+            raise Dependabot::DependencyFileNotResolvable, lines.join
+          end
+
+          repo_error_regex = REPO_RESOLVABILITY_ERROR_REGEXES.find { |r| stderr =~ r }
+          if repo_error_regex
+            lines = stderr.lines.drop_while { |l| repo_error_regex !~ l }
+            ResolvabilityErrors.handle(lines.join, credentials: credentials)
           end
 
           path_regex = MODULE_PATH_MISMATCH_REGEXES.find { |r| stderr =~ r }
@@ -289,6 +301,8 @@ module Dependabot
           msg = stderr.lines.last(10).join.strip
           raise Dependabot::DependabotError, msg
         end
+        # rubocop:enable Metrics/PerceivedComplexity
+        # rubocop:enable Metrics/AbcSize
 
         def go_mod_path
           return "go.mod" if directory == "/"

data/lib/dependabot/go_modules/resolvability_errors.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+module Dependabot
+  module GoModules
+    module ResolvabilityErrors
+      GITHUB_REPO_REGEX = %r{github.com/[^:@]*}.freeze
+
+      def self.handle(message, credentials:)
+        mod_path = message.scan(GITHUB_REPO_REGEX).first
+        raise Dependabot::DependencyFileNotResolvable, message unless mod_path
+
+        # Module not found on github.com - query for _any_ version to know if it
+        # doesn't exist (or is private) or we were just given a bad revision by this manifest
+        SharedHelpers.in_a_temporary_directory do
+          SharedHelpers.with_git_configured(credentials: credentials) do
+            File.write("go.mod", "module dummy\n")
+
+            env = { "GOPRIVATE" => "*" }
+            _, _, status = Open3.capture3(env, SharedHelpers.escape_command("go get #{mod_path}"))
+            raise Dependabot::DependencyFileNotResolvable, message if status.success?
+
+            mod_split = mod_path.split("/")
+            repo_path = if mod_split.size > 3
+                          mod_split[0..2].join("/")
+                        else
+                          mod_path
+                        end
+            raise Dependabot::GitDependenciesNotReachable, [repo_path]
+          end
+        end
+      end
+    end
+  end
+end

data/lib/dependabot/go_modules/update_checker.rb

@@ -5,6 +5,7 @@ require "dependabot/update_checkers/base"
 require "dependabot/shared_helpers"
 require "dependabot/errors"
 require "dependabot/go_modules/native_helpers"
+require "dependabot/go_modules/resolvability_errors"
 require "dependabot/go_modules/version"
 
 module Dependabot
@@ -14,7 +15,8 @@ module Dependabot
         # Package url/proxy doesn't include any redirect meta tags
         /no go-import meta tags/,
         # Package url 404s
-        /404 Not Found/
+        /404 Not Found/,
+        /Repository not found/
       ].freeze
 
       def latest_resolvable_version
@@ -86,7 +88,7 @@ module Dependabot
 
       def handle_subprocess_error(error)
         if RESOLVABILITY_ERROR_REGEXES.any? { |rgx| error.message =~ rgx }
-          raise Dependabot::DependencyFileNotResolvable, error.message
+          ResolvabilityErrors.handle(error.message, credentials: credentials)
         end
 
         raise

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-go_modules
 version: !ruby/object:Gem::Version
-  version: 0.129.3
+  version: 0.129.4
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-01-05 00:00:00.000000000 Z
+date: 2021-01-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.129.3
+        version: 0.129.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.129.3
+        version: 0.129.4
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
@@ -191,6 +191,7 @@ files:
 - lib/dependabot/go_modules/native_helpers.rb
 - lib/dependabot/go_modules/path_converter.rb
 - lib/dependabot/go_modules/requirement.rb
+- lib/dependabot/go_modules/resolvability_errors.rb
 - lib/dependabot/go_modules/update_checker.rb
 - lib/dependabot/go_modules/version.rb
 homepage: https://github.com/dependabot/dependabot-core