dependabot-go_modules 0.162.1 → 0.162.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 871a887e13cb0ae9791bac1be8ba7ec51e896b919ec3aa16ccf0c2c8345dc4f6
4
- data.tar.gz: 354f99850d95351e909947d3f38273610d15b11cb9e16f768906a90a2c8cee99
3
+ metadata.gz: 8e3c6239526bd28a624f7afb5b64255811a199b3f4a9a6b8c84ad23ca08ef34f
4
+ data.tar.gz: 261b57bd8060fa89837d3b5d2585d5e8c3a1da58c70e591e0952b6211d3206a7
5
5
  SHA512:
6
- metadata.gz: 25744cd0708b024f5d1c4581ac0b8baf693e1f0013cac871ff239a964e7c47d6d91d24b9f7f534e75a6109d3f4464f5da7031be0a57cbeaca309162191be113b
7
- data.tar.gz: 03edb2d399d5483253f437cf98b01ecfbf1c32b4abcfafe1edbde6f88fbc9c86ddf0a21775d62d5fea7cd3110c12ade88b2a006885e0ddb6c84dac2923983da9
6
+ metadata.gz: 450ceb0c75ae7da96125ff6c8b4148b17716e37c174d5e30f7fa5f996ed90a05c5aa23d8f7ae9ff3fcc85f9dbfa373fca83da1a9c99ae8a3b4acfab3fd5a9f29
7
+ data.tar.gz: e1654d8aae5907d64a2d76b027de4d169e355714c570a5ffaa2363096b2972d4c2b25f069080f47538541f68c9c9b644660999a37112dd4542753b8ba8e7721b
@@ -52,7 +52,7 @@ module Dependabot
52
52
  Dependency.new(
53
53
  name: details["Path"],
54
54
  version: version,
55
- requirements: details["Indirect"] ? [] : reqs,
55
+ requirements: details["Indirect"] || dependency_is_replaced(details) ? [] : reqs,
56
56
  package_manager: "go_modules"
57
57
  )
58
58
  end
@@ -92,6 +92,15 @@ module Dependabot
92
92
 
93
93
  def local_replacements
94
94
  @local_replacements ||=
95
+ # Find all the local replacements, and return them with a stub path
96
+ # we can use in their place. Using generated paths is safer as it
97
+ # means we don't need to worry about references to parent
98
+ # directories, etc.
99
+ ReplaceStubber.new(repo_contents_path).stub_paths(manifest, go_mod.directory)
100
+ end
101
+
102
+ def manifest
103
+ @manifest ||=
95
104
  SharedHelpers.in_a_temporary_directory do |path|
96
105
  File.write("go.mod", go_mod.content)
97
106
 
@@ -106,12 +115,7 @@ module Dependabot
106
115
  stdout, stderr, status = Open3.capture3(env, command)
107
116
  handle_parser_error(path, stderr) unless status.success?
108
117
 
109
- # Find all the local replacements, and return them with a stub path
110
- # we can use in their place. Using generated paths is safer as it
111
- # means we don't need to worry about references to parent
112
- # directories, etc.
113
- manifest = JSON.parse(stdout)
114
- ReplaceStubber.new(repo_contents_path).stub_paths(manifest, go_mod.directory)
118
+ JSON.parse(stdout)
115
119
  end
116
120
  end
117
121
 
@@ -172,6 +176,24 @@ module Dependabot
172
176
  false
173
177
  end
174
178
  end
179
+
180
+ def dependency_is_replaced(details)
181
+ # Mark dependency as replaced if the requested dependency has a
182
+ # "replace" directive and that either has the same version, or no
183
+ # version mentioned. This mimics the behaviour of go get -u, and
184
+ # prevents that we change dependency versions without any impact since
185
+ # the actual version that is being imported is defined by the replace
186
+ # directive.
187
+ if manifest["Replace"]
188
+ dep_replace = manifest["Replace"].find do |replace|
189
+ replace["Old"]["Path"] == details["Path"] &&
190
+ (!replace["Old"]["Version"] || replace["Old"]["Version"] == details["Version"])
191
+ end
192
+
193
+ return true if dep_replace
194
+ end
195
+ false
196
+ end
175
197
  end
176
198
  end
177
199
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-go_modules
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.162.1
4
+ version: 0.162.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-09-20 00:00:00.000000000 Z
11
+ date: 2021-09-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.162.1
19
+ version: 0.162.2
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.162.1
26
+ version: 0.162.2
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement