RubyGems - dependabot-go_modules - Versions diffs - 0.169.8 → 0.170.0 - Mend

dependabot-go_modules 0.169.8 → 0.170.0

Files changed (8) hide show

checksums.yaml +4 -4
data/lib/dependabot/go_modules/file_parser.rb +2 -18
data/lib/dependabot/go_modules/file_updater/go_mod_updater.rb +10 -9
data/lib/dependabot/go_modules/file_updater.rb +2 -1
data/lib/dependabot/go_modules/resolvability_errors.rb +2 -2
data/lib/dependabot/go_modules/update_checker/latest_version_finder.rb +8 -7
data/lib/dependabot/go_modules/update_checker.rb +2 -1
metadata +9 -9

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e21ca91e513159c1ef62d34b4296583c8d5d17fe8e237f1e430f9f8c1bf2f940
-  data.tar.gz: 0ddfea1ec4847e2d0fe85bef909faf33dfde33988e07a824d90d3657ff659e4b
+  metadata.gz: a8076e9185a4f856eadf8dcd1144e4125fefb8b7ded6ff0f13e82e09427f93dd
+  data.tar.gz: 5030acf838435a9c686a311be5ab187406d34c30826073507e6a5fec5b74ec7b
 SHA512:
-  metadata.gz: 6006f0e765601909de84b3818dce8b50949b262424b37695e99a5ff81e59c40da4210457b458f01d185ba4a26f47147eb222efdff0146331309a3c1d85dad4dc
-  data.tar.gz: 7c320510873c1ccf9dadd521e2742993394ba1ef9f71e2a4833e5b57f28a2b54dc1d2b1165561e54b4fb3a7daa73cf63b427954e3914e64f35fae66b2b1a0b55
+  metadata.gz: 6d9a30ca9c8874a36bc6d8684397c0fc4305f15f402553b649b946100d3d5cca2d5e3169bb6439c510668c63a4123bc24b4d2d166bc1b36a6f0c98a17460d822
+  data.tar.gz: 2f0ee4c2031530a9aa63b3e1be8a479f5f27bbeaf08f7e5a9079ed0b095304b45db532ccb4a391dc5b9d2c9141f1cd573c7e42c5bab7e2d5f48a4f2710384bd2

data/lib/dependabot/go_modules/file_parser.rb CHANGED Viewed

@@ -73,21 +73,9 @@ module Dependabot
             command = "go mod edit -json"
-            # Turn off the module proxy for now, as it's causing issues with
-            # private git dependencies
-            env = { "GOPRIVATE" => "*" }
-            stdout, stderr, status = Open3.capture3(env, command)
+            stdout, stderr, status = Open3.capture3(command)
             handle_parser_error(path, stderr) unless status.success?
             JSON.parse(stdout)["Require"] || []
-          rescue Dependabot::DependencyFileNotResolvable
-            # We sometimes see this error if a host times out.
-            # In such cases, retrying (a maximum of 3 times) may fix it.
-            retry_count ||= 0
-            raise if retry_count >= 3
-            retry_count += 1
-            retry
           end
       end
@@ -109,11 +97,7 @@ module Dependabot
             # directives
             command = "go mod edit -json"
-            # Turn off the module proxy for now, as it's causing issues with
-            # private git dependencies
-            env = { "GOPRIVATE" => "*" }
-            stdout, stderr, status = Open3.capture3(env, command)
+            stdout, stderr, status = Open3.capture3(command)
             handle_parser_error(path, stderr) unless status.success?
             JSON.parse(stdout)

data/lib/dependabot/go_modules/file_updater/go_mod_updater.rb CHANGED Viewed

@@ -11,10 +11,6 @@ module Dependabot
   module GoModules
     class FileUpdater
       class GoModUpdater
-        # Turn off the module proxy for now, as it's causing issues with
-        # private git dependencies
-        ENVIRONMENT = { "GOPRIVATE" => "*" }.freeze
         RESOLVABILITY_ERROR_REGEXES = [
           # The checksum in go.sum does not match the downloaded content
           /verifying .*: checksum mismatch/.freeze,
@@ -61,6 +57,7 @@ module Dependabot
           @directory = directory
           @tidy = options.fetch(:tidy, false)
           @vendor = options.fetch(:vendor, false)
+          @goprivate = options.fetch(:goprivate)
         end
         def updated_go_mod_content
@@ -145,14 +142,14 @@ module Dependabot
           # continue here. `go mod tidy` shouldn't block updating versions
           # because there are some edge cases where it's OK to fail (such as
           # generated files not available yet to us).
-          Open3.capture3(ENVIRONMENT, command)
+          Open3.capture3(environment, command)
         end
         def run_go_vendor
           return unless vendor?
           command = "go mod vendor"
-          _, stderr, status = Open3.capture3(ENVIRONMENT, command)
+          _, stderr, status = Open3.capture3(environment, command)
           handle_subprocess_error(stderr) unless status.success?
         end
@@ -174,7 +171,7 @@ module Dependabot
           end
           command = SharedHelpers.escape_command(command)
-          _, stderr, status = Open3.capture3(ENVIRONMENT, command)
+          _, stderr, status = Open3.capture3(environment, command)
           handle_subprocess_error(stderr) unless status.success?
         ensure
           File.delete(tmp_go_file) if File.exist?(tmp_go_file)
@@ -182,7 +179,7 @@ module Dependabot
         def parse_manifest
           command = "go mod edit -json"
-          stdout, stderr, status = Open3.capture3(ENVIRONMENT, command)
+          stdout, stderr, status = Open3.capture3(environment, command)
           handle_subprocess_error(stderr) unless status.success?
           JSON.parse(stdout) || {}
@@ -246,7 +243,7 @@ module Dependabot
           repo_error_regex = REPO_RESOLVABILITY_ERROR_REGEXES.find { |r| stderr =~ r }
           if repo_error_regex
             error_message = filter_error_message(message: stderr, regex: repo_error_regex)
-            ResolvabilityErrors.handle(error_message, credentials: credentials)
+            ResolvabilityErrors.handle(error_message, credentials: credentials, goprivate: @goprivate)
           end
           path_regex = MODULE_PATH_MISMATCH_REGEXES.find { |r| stderr =~ r }
@@ -292,6 +289,10 @@ module Dependabot
         def vendor?
           !!@vendor
         end
+        def environment
+          { "GOPRIVATE" => @goprivate }
+        end
       end
     end
   end

data/lib/dependabot/go_modules/file_updater.rb CHANGED Viewed

@@ -14,6 +14,7 @@ module Dependabot
                      credentials:, options: {})
         super
+        @goprivate = options.fetch(:goprivate, "*")
         use_repo_contents_stub if repo_contents_path.nil?
       end
@@ -114,7 +115,7 @@ module Dependabot
             credentials: credentials,
             repo_contents_path: repo_contents_path,
             directory: directory,
-            options: { tidy: tidy?, vendor: vendor? }
+            options: { tidy: tidy?, vendor: vendor?, goprivate: @goprivate }
           )
       end

data/lib/dependabot/go_modules/resolvability_errors.rb CHANGED Viewed

@@ -5,7 +5,7 @@ module Dependabot
     module ResolvabilityErrors
       GITHUB_REPO_REGEX = %r{github.com/[^:@]*}.freeze
-      def self.handle(message, credentials:)
+      def self.handle(message, credentials:, goprivate:)
         mod_path = message.scan(GITHUB_REPO_REGEX).last
         raise Dependabot::DependencyFileNotResolvable, message unless mod_path
@@ -22,7 +22,7 @@ module Dependabot
                           mod_path
                         end
-            env = { "GOPRIVATE" => "*" }
+            env = { "GOPRIVATE" => goprivate }
             _, _, status = Open3.capture3(env, SharedHelpers.escape_command("go list -m -versions #{repo_path}"))
             raise Dependabot::DependencyFileNotResolvable, message if status.success?

data/lib/dependabot/go_modules/update_checker/latest_version_finder.rb CHANGED Viewed

@@ -28,13 +28,15 @@ module Dependabot
         PSEUDO_VERSION_REGEX = /\b\d{14}-[0-9a-f]{12}$/.freeze
         def initialize(dependency:, dependency_files:, credentials:,
-                       ignored_versions:, security_advisories:, raise_on_ignored: false)
+                       ignored_versions:, security_advisories:, raise_on_ignored: false,
+                       goprivate:)
           @dependency          = dependency
           @dependency_files    = dependency_files
           @credentials         = credentials
           @ignored_versions    = ignored_versions
           @security_advisories = security_advisories
           @raise_on_ignored    = raise_on_ignored
+          @goprivate           = goprivate
         end
         def latest_version
@@ -78,16 +80,15 @@ module Dependabot
               manifest = parse_manifest
               # Set up an empty go.mod so 'go list -m' won't attempt to download dependencies. This
-              # appears to be a side effect of operating with GOPRIVATE=*. We'll retain any exclude
-              # directives to omit those versions.
+              # appears to be a side effect of operating with modules included in GOPRIVATE. We'll
+              # retain any exclude directives to omit those versions.
               File.write("go.mod", "module dummy\n")
               manifest["Exclude"]&.each do |r|
                 SharedHelpers.run_shell_command("go mod edit -exclude=#{r['Path']}@#{r['Version']}")
               end
-              # Turn off the module proxy for now, as it's causing issues with
-              # private git dependencies
-              env = { "GOPRIVATE" => "*" }
+              # Turn off the module proxy for private dependencies
+              env = { "GOPRIVATE" => @goprivate }
               versions_json = SharedHelpers.run_shell_command("go list -m -versions -json #{dependency.name}", env: env)
               version_strings = JSON.parse(versions_json)["Versions"]
@@ -108,7 +109,7 @@ module Dependabot
         def handle_subprocess_error(error)
           if RESOLVABILITY_ERROR_REGEXES.any? { |rgx| error.message =~ rgx }
-            ResolvabilityErrors.handle(error.message, credentials: credentials)
+            ResolvabilityErrors.handle(error.message, credentials: credentials, goprivate: @goprivate)
           elsif INVALID_VERSION_REGEX =~ error.message
             raise Dependabot::DependencyFileNotResolvable, error.message
           end

data/lib/dependabot/go_modules/update_checker.rb CHANGED Viewed

@@ -71,7 +71,8 @@ module Dependabot
             credentials: credentials,
             ignored_versions: ignored_versions,
             security_advisories: security_advisories,
-            raise_on_ignored: raise_on_ignored
+            raise_on_ignored: raise_on_ignored,
+            goprivate: options.fetch(:goprivate, "*")
           )
       end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-go_modules
 version: !ruby/object:Gem::Version
-  version: 0.169.8
+  version: 0.170.0
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-12-21 00:00:00.000000000 Z
+date: 2022-01-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.169.8
+        version: 0.170.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.169.8
+        version: 0.170.0
 - !ruby/object:Gem::Dependency
-  name: byebug
+  name: debug
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '11.0'
+        version: 1.0.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '11.0'
+        version: 1.0.0
 - !ruby/object:Gem::Dependency
   name: gpgme
   requirement: !ruby/object:Gem::Requirement