dependabot-go_modules 0.129.3 → 0.129.4
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d8f7a2c4bb77e9289dd8673f71692a0ad30600fa56a924057b13c0539c2abbf1
|
4
|
+
data.tar.gz: 0c532fbe591362a72d8a063f91b0a416cbbd788c806a248d4d94ddcb60371edf
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4fa94982678e5c4a78481f43b90ecbf882da31bacddf3fbe34aa51f0d47e50a09a26d72d626d9fa6d8f832a6e21d7205568a4a9a8e1049f10df4d6a1ade7f25a
|
7
|
+
data.tar.gz: c0e66a28d79c1e82747e8844887332ff3da98c1c3914bf6a4d911c112e61be3df70bd68daa60069e045329b831daf1faa50b4586fa176717acb58dcd4c40a7e5
|
@@ -77,7 +77,7 @@ module Dependabot
|
|
77
77
|
|
78
78
|
stdout, stderr, status = Open3.capture3(env, command)
|
79
79
|
handle_parser_error(path, stderr) unless status.success?
|
80
|
-
JSON.parse(stdout)["Require"]
|
80
|
+
JSON.parse(stdout)["Require"] || []
|
81
81
|
rescue Dependabot::DependencyFileNotResolvable
|
82
82
|
# We sometimes see this error if a host times out.
|
83
83
|
# In such cases, retrying (a maximum of 3 times) may fix it.
|
@@ -4,6 +4,7 @@ require "dependabot/shared_helpers"
|
|
4
4
|
require "dependabot/errors"
|
5
5
|
require "dependabot/go_modules/file_updater"
|
6
6
|
require "dependabot/go_modules/native_helpers"
|
7
|
+
require "dependabot/go_modules/resolvability_errors"
|
7
8
|
|
8
9
|
module Dependabot
|
9
10
|
module GoModules
|
@@ -14,19 +15,21 @@ module Dependabot
|
|
14
15
|
ENVIRONMENT = { "GOPRIVATE" => "*" }.freeze
|
15
16
|
|
16
17
|
RESOLVABILITY_ERROR_REGEXES = [
|
17
|
-
# (Private) module could not be fetched
|
18
|
-
/go: .*: git fetch .*: exit status 128/.freeze,
|
19
18
|
# The checksum in go.sum does not match the dowloaded content
|
20
19
|
/verifying .*: checksum mismatch/.freeze,
|
20
|
+
/go: .*: go.mod has post-v\d+ module path/
|
21
|
+
].freeze
|
22
|
+
|
23
|
+
REPO_RESOLVABILITY_ERROR_REGEXES = [
|
24
|
+
# (Private) module could not be fetched
|
25
|
+
/go: .*: git fetch .*: exit status 128/.freeze,
|
21
26
|
# (Private) module could not be found
|
22
27
|
/cannot find module providing package/.freeze,
|
23
28
|
# Package in module was likely renamed or removed
|
24
29
|
/module .* found \(.*\), but does not contain package/m.freeze,
|
25
30
|
# Package does not exist, has been pulled or cannot be reached due to
|
26
31
|
# auth problems with either git or the go proxy
|
27
|
-
/go: .*: unknown revision/m.freeze
|
28
|
-
# Package version doesn't match the module major version
|
29
|
-
/go: .*: go.mod has post-v\d+ module path/m.freeze
|
32
|
+
/go: .*: unknown revision/m.freeze
|
30
33
|
].freeze
|
31
34
|
|
32
35
|
MODULE_PATH_MISMATCH_REGEXES = [
|
@@ -263,13 +266,22 @@ module Dependabot
|
|
263
266
|
write_go_mod(body)
|
264
267
|
end
|
265
268
|
|
269
|
+
# rubocop:disable Metrics/AbcSize
|
270
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
266
271
|
def handle_subprocess_error(stderr)
|
267
272
|
stderr = stderr.gsub(Dir.getwd, "")
|
268
273
|
|
274
|
+
# Package version doesn't match the module major version
|
269
275
|
error_regex = RESOLVABILITY_ERROR_REGEXES.find { |r| stderr =~ r }
|
270
276
|
if error_regex
|
271
277
|
lines = stderr.lines.drop_while { |l| error_regex !~ l }
|
272
|
-
raise Dependabot::DependencyFileNotResolvable
|
278
|
+
raise Dependabot::DependencyFileNotResolvable, lines.join
|
279
|
+
end
|
280
|
+
|
281
|
+
repo_error_regex = REPO_RESOLVABILITY_ERROR_REGEXES.find { |r| stderr =~ r }
|
282
|
+
if repo_error_regex
|
283
|
+
lines = stderr.lines.drop_while { |l| repo_error_regex !~ l }
|
284
|
+
ResolvabilityErrors.handle(lines.join, credentials: credentials)
|
273
285
|
end
|
274
286
|
|
275
287
|
path_regex = MODULE_PATH_MISMATCH_REGEXES.find { |r| stderr =~ r }
|
@@ -289,6 +301,8 @@ module Dependabot
|
|
289
301
|
msg = stderr.lines.last(10).join.strip
|
290
302
|
raise Dependabot::DependabotError, msg
|
291
303
|
end
|
304
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
305
|
+
# rubocop:enable Metrics/AbcSize
|
292
306
|
|
293
307
|
def go_mod_path
|
294
308
|
return "go.mod" if directory == "/"
|
@@ -0,0 +1,34 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Dependabot
|
4
|
+
module GoModules
|
5
|
+
module ResolvabilityErrors
|
6
|
+
GITHUB_REPO_REGEX = %r{github.com/[^:@]*}.freeze
|
7
|
+
|
8
|
+
def self.handle(message, credentials:)
|
9
|
+
mod_path = message.scan(GITHUB_REPO_REGEX).first
|
10
|
+
raise Dependabot::DependencyFileNotResolvable, message unless mod_path
|
11
|
+
|
12
|
+
# Module not found on github.com - query for _any_ version to know if it
|
13
|
+
# doesn't exist (or is private) or we were just given a bad revision by this manifest
|
14
|
+
SharedHelpers.in_a_temporary_directory do
|
15
|
+
SharedHelpers.with_git_configured(credentials: credentials) do
|
16
|
+
File.write("go.mod", "module dummy\n")
|
17
|
+
|
18
|
+
env = { "GOPRIVATE" => "*" }
|
19
|
+
_, _, status = Open3.capture3(env, SharedHelpers.escape_command("go get #{mod_path}"))
|
20
|
+
raise Dependabot::DependencyFileNotResolvable, message if status.success?
|
21
|
+
|
22
|
+
mod_split = mod_path.split("/")
|
23
|
+
repo_path = if mod_split.size > 3
|
24
|
+
mod_split[0..2].join("/")
|
25
|
+
else
|
26
|
+
mod_path
|
27
|
+
end
|
28
|
+
raise Dependabot::GitDependenciesNotReachable, [repo_path]
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
@@ -5,6 +5,7 @@ require "dependabot/update_checkers/base"
|
|
5
5
|
require "dependabot/shared_helpers"
|
6
6
|
require "dependabot/errors"
|
7
7
|
require "dependabot/go_modules/native_helpers"
|
8
|
+
require "dependabot/go_modules/resolvability_errors"
|
8
9
|
require "dependabot/go_modules/version"
|
9
10
|
|
10
11
|
module Dependabot
|
@@ -14,7 +15,8 @@ module Dependabot
|
|
14
15
|
# Package url/proxy doesn't include any redirect meta tags
|
15
16
|
/no go-import meta tags/,
|
16
17
|
# Package url 404s
|
17
|
-
/404 Not Found
|
18
|
+
/404 Not Found/,
|
19
|
+
/Repository not found/
|
18
20
|
].freeze
|
19
21
|
|
20
22
|
def latest_resolvable_version
|
@@ -86,7 +88,7 @@ module Dependabot
|
|
86
88
|
|
87
89
|
def handle_subprocess_error(error)
|
88
90
|
if RESOLVABILITY_ERROR_REGEXES.any? { |rgx| error.message =~ rgx }
|
89
|
-
|
91
|
+
ResolvabilityErrors.handle(error.message, credentials: credentials)
|
90
92
|
end
|
91
93
|
|
92
94
|
raise
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-go_modules
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.129.
|
4
|
+
version: 0.129.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-01-
|
11
|
+
date: 2021-01-06 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.129.
|
19
|
+
version: 0.129.4
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.129.
|
26
|
+
version: 0.129.4
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -191,6 +191,7 @@ files:
|
|
191
191
|
- lib/dependabot/go_modules/native_helpers.rb
|
192
192
|
- lib/dependabot/go_modules/path_converter.rb
|
193
193
|
- lib/dependabot/go_modules/requirement.rb
|
194
|
+
- lib/dependabot/go_modules/resolvability_errors.rb
|
194
195
|
- lib/dependabot/go_modules/update_checker.rb
|
195
196
|
- lib/dependabot/go_modules/version.rb
|
196
197
|
homepage: https://github.com/dependabot/dependabot-core
|