dependabot-go_modules 0.212.0 → 0.213.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/go_modules/file_fetcher.rb +4 -0
- data/lib/dependabot/go_modules/file_parser.rb +1 -1
- data/lib/dependabot/go_modules/file_updater/go_mod_updater.rb +10 -10
- data/lib/dependabot/go_modules/requirement.rb +3 -3
- data/lib/dependabot/go_modules/resolvability_errors.rb +1 -1
- data/lib/dependabot/go_modules/update_checker/latest_version_finder.rb +3 -3
- data/lib/dependabot/go_modules/version.rb +1 -1
- metadata +13 -55
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: fa899f6cb84134185a0301e5527097c6ca4508807512764f8f4cd733c45effbb
|
|
4
|
+
data.tar.gz: 4718f6bf91b3fbd5cf757a4f6de78defd584df38d8a9814be3b10fa236d17cfa
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 24fa02bcc6e1f89000adf4405a6efc921e6bd3e0c7f2e92a8771e5fc77d1508034fbcc8efe0d5adebcb0243cd878761944ac1e61d6495206c907888261506a4b
|
|
7
|
+
data.tar.gz: d6846ea7a5d4c423101fada0f5d4f11024f093e67a9f79ea8d5b3413920a0b6b0f45ec687456d04fd5d120af035b8040e2c2bb6190dfbb88c7e9c94193a2376a
|
|
@@ -12,7 +12,7 @@ require "dependabot/file_parsers/base"
|
|
|
12
12
|
module Dependabot
|
|
13
13
|
module GoModules
|
|
14
14
|
class FileParser < Dependabot::FileParsers::Base
|
|
15
|
-
GIT_VERSION_REGEX = /^v\d+\.\d+\.\d+-.*-(?<sha>[0-9a-f]{12})
|
|
15
|
+
GIT_VERSION_REGEX = /^v\d+\.\d+\.\d+-.*-(?<sha>[0-9a-f]{12})$/
|
|
16
16
|
|
|
17
17
|
def parse
|
|
18
18
|
dependency_set = Dependabot::FileParsers::Base::DependencySet.new
|
|
@@ -13,7 +13,7 @@ module Dependabot
|
|
|
13
13
|
class GoModUpdater
|
|
14
14
|
RESOLVABILITY_ERROR_REGEXES = [
|
|
15
15
|
# The checksum in go.sum does not match the downloaded content
|
|
16
|
-
/verifying .*: checksum mismatch
|
|
16
|
+
/verifying .*: checksum mismatch/,
|
|
17
17
|
/go(?: get)?: .*: go.mod has post-v\d+ module path/
|
|
18
18
|
].freeze
|
|
19
19
|
|
|
@@ -21,19 +21,19 @@ module Dependabot
|
|
|
21
21
|
/fatal: The remote end hung up unexpectedly/,
|
|
22
22
|
/repository '.+' not found/,
|
|
23
23
|
# (Private) module could not be fetched
|
|
24
|
-
/go(?: get)?: .*: git (fetch|ls-remote) .*: exit status 128/m
|
|
24
|
+
/go(?: get)?: .*: git (fetch|ls-remote) .*: exit status 128/m,
|
|
25
25
|
# (Private) module could not be found
|
|
26
|
-
/cannot find module providing package
|
|
26
|
+
/cannot find module providing package/,
|
|
27
27
|
# Package in module was likely renamed or removed
|
|
28
|
-
/module .* found \(.*\), but does not contain package/m
|
|
28
|
+
/module .* found \(.*\), but does not contain package/m,
|
|
29
29
|
# Package pseudo-version does not match the version-control metadata
|
|
30
30
|
# https://golang.google.cn/doc/go1.13#version-validation
|
|
31
|
-
/go(?: get)?: .*: invalid pseudo-version/m
|
|
31
|
+
/go(?: get)?: .*: invalid pseudo-version/m,
|
|
32
32
|
# Package does not exist, has been pulled or cannot be reached due to
|
|
33
33
|
# auth problems with either git or the go proxy
|
|
34
|
-
/go(?: get)?: .*: unknown revision/m
|
|
34
|
+
/go(?: get)?: .*: unknown revision/m,
|
|
35
35
|
# Package pointing to a proxy that 404s
|
|
36
|
-
/go(?: get)?: .*: unrecognized import path/m
|
|
36
|
+
/go(?: get)?: .*: unrecognized import path/m
|
|
37
37
|
].freeze
|
|
38
38
|
|
|
39
39
|
MODULE_PATH_MISMATCH_REGEXES = [
|
|
@@ -43,11 +43,11 @@ module Dependabot
|
|
|
43
43
|
].freeze
|
|
44
44
|
|
|
45
45
|
OUT_OF_DISK_REGEXES = [
|
|
46
|
-
%r{input/output error}
|
|
47
|
-
/no space left on device
|
|
46
|
+
%r{input/output error},
|
|
47
|
+
/no space left on device/
|
|
48
48
|
].freeze
|
|
49
49
|
|
|
50
|
-
GO_MOD_VERSION = /^go 1\.[\d]
|
|
50
|
+
GO_MOD_VERSION = /^go 1\.[\d]+$/
|
|
51
51
|
|
|
52
52
|
def initialize(dependencies:, credentials:, repo_contents_path:,
|
|
53
53
|
directory:, options:)
|
|
@@ -12,15 +12,15 @@ require "dependabot/go_modules/version"
|
|
|
12
12
|
module Dependabot
|
|
13
13
|
module GoModules
|
|
14
14
|
class Requirement < Gem::Requirement
|
|
15
|
-
WILDCARD_REGEX = /(?:\.|^)[xX*]
|
|
16
|
-
OR_SEPARATOR = /(?<=[a-zA-Z0-9*])\s*\|{2}
|
|
15
|
+
WILDCARD_REGEX = /(?:\.|^)[xX*]/
|
|
16
|
+
OR_SEPARATOR = /(?<=[a-zA-Z0-9*])\s*\|{2}/
|
|
17
17
|
|
|
18
18
|
# Override the version pattern to allow a 'v' prefix
|
|
19
19
|
quoted = OPS.keys.map { |k| Regexp.quote(k) }.join("|")
|
|
20
20
|
version_pattern = "v?#{Version::VERSION_PATTERN}"
|
|
21
21
|
|
|
22
22
|
PATTERN_RAW = "\\s*(#{quoted})?\\s*(#{version_pattern})\\s*"
|
|
23
|
-
PATTERN = /\A#{PATTERN_RAW}\z
|
|
23
|
+
PATTERN = /\A#{PATTERN_RAW}\z/
|
|
24
24
|
|
|
25
25
|
# Use GoModules::Version rather than Gem::Version to ensure that
|
|
26
26
|
# pre-release versions aren't transformed.
|
|
@@ -22,10 +22,10 @@ module Dependabot
|
|
|
22
22
|
/unrecognized import path/,
|
|
23
23
|
/malformed module path/,
|
|
24
24
|
# (Private) module could not be fetched
|
|
25
|
-
/module .*: git ls-remote .*: exit status 128/m
|
|
25
|
+
/module .*: git ls-remote .*: exit status 128/m
|
|
26
26
|
].freeze
|
|
27
|
-
INVALID_VERSION_REGEX = /version "[^"]+" invalid/m
|
|
28
|
-
PSEUDO_VERSION_REGEX = /\b\d{14}-[0-9a-f]{12}
|
|
27
|
+
INVALID_VERSION_REGEX = /version "[^"]+" invalid/m
|
|
28
|
+
PSEUDO_VERSION_REGEX = /\b\d{14}-[0-9a-f]{12}$/
|
|
29
29
|
|
|
30
30
|
def initialize(dependency:, dependency_files:, credentials:,
|
|
31
31
|
ignored_versions:, security_advisories:, raise_on_ignored: false,
|
|
@@ -13,7 +13,7 @@ module Dependabot
|
|
|
13
13
|
VERSION_PATTERN = '[0-9]+[0-9a-zA-Z]*(?>\.[0-9a-zA-Z]+)*' \
|
|
14
14
|
'(-[0-9A-Za-z-]+(\.[0-9a-zA-Z-]+)*)?' \
|
|
15
15
|
'(\+incompatible)?'
|
|
16
|
-
ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z
|
|
16
|
+
ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/
|
|
17
17
|
|
|
18
18
|
def self.correct?(version)
|
|
19
19
|
version = version.gsub(/^v/, "") if version.is_a?(String)
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-go_modules
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.213.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-10-31 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,42 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.213.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
27
|
-
- !ruby/object:Gem::Dependency
|
|
28
|
-
name: debase
|
|
29
|
-
requirement: !ruby/object:Gem::Requirement
|
|
30
|
-
requirements:
|
|
31
|
-
- - '='
|
|
32
|
-
- !ruby/object:Gem::Version
|
|
33
|
-
version: 0.2.3
|
|
34
|
-
type: :development
|
|
35
|
-
prerelease: false
|
|
36
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
37
|
-
requirements:
|
|
38
|
-
- - '='
|
|
39
|
-
- !ruby/object:Gem::Version
|
|
40
|
-
version: 0.2.3
|
|
41
|
-
- !ruby/object:Gem::Dependency
|
|
42
|
-
name: debase-ruby_core_source
|
|
43
|
-
requirement: !ruby/object:Gem::Requirement
|
|
44
|
-
requirements:
|
|
45
|
-
- - '='
|
|
46
|
-
- !ruby/object:Gem::Version
|
|
47
|
-
version: 0.10.16
|
|
48
|
-
type: :development
|
|
49
|
-
prerelease: false
|
|
50
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
51
|
-
requirements:
|
|
52
|
-
- - '='
|
|
53
|
-
- !ruby/object:Gem::Version
|
|
54
|
-
version: 0.10.16
|
|
26
|
+
version: 0.213.0
|
|
55
27
|
- !ruby/object:Gem::Dependency
|
|
56
28
|
name: debug
|
|
57
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -86,14 +58,14 @@ dependencies:
|
|
|
86
58
|
requirements:
|
|
87
59
|
- - "~>"
|
|
88
60
|
- !ruby/object:Gem::Version
|
|
89
|
-
version: 3.
|
|
61
|
+
version: 3.13.0
|
|
90
62
|
type: :development
|
|
91
63
|
prerelease: false
|
|
92
64
|
version_requirements: !ruby/object:Gem::Requirement
|
|
93
65
|
requirements:
|
|
94
66
|
- - "~>"
|
|
95
67
|
- !ruby/object:Gem::Version
|
|
96
|
-
version: 3.
|
|
68
|
+
version: 3.13.0
|
|
97
69
|
- !ruby/object:Gem::Dependency
|
|
98
70
|
name: rake
|
|
99
71
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -142,42 +114,28 @@ dependencies:
|
|
|
142
114
|
requirements:
|
|
143
115
|
- - "~>"
|
|
144
116
|
- !ruby/object:Gem::Version
|
|
145
|
-
version: 1.
|
|
117
|
+
version: 1.37.1
|
|
146
118
|
type: :development
|
|
147
119
|
prerelease: false
|
|
148
120
|
version_requirements: !ruby/object:Gem::Requirement
|
|
149
121
|
requirements:
|
|
150
122
|
- - "~>"
|
|
151
123
|
- !ruby/object:Gem::Version
|
|
152
|
-
version: 1.
|
|
124
|
+
version: 1.37.1
|
|
153
125
|
- !ruby/object:Gem::Dependency
|
|
154
126
|
name: rubocop-performance
|
|
155
127
|
requirement: !ruby/object:Gem::Requirement
|
|
156
128
|
requirements:
|
|
157
129
|
- - "~>"
|
|
158
130
|
- !ruby/object:Gem::Version
|
|
159
|
-
version: 1.
|
|
160
|
-
type: :development
|
|
161
|
-
prerelease: false
|
|
162
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
163
|
-
requirements:
|
|
164
|
-
- - "~>"
|
|
165
|
-
- !ruby/object:Gem::Version
|
|
166
|
-
version: 1.14.2
|
|
167
|
-
- !ruby/object:Gem::Dependency
|
|
168
|
-
name: ruby-debug-ide
|
|
169
|
-
requirement: !ruby/object:Gem::Requirement
|
|
170
|
-
requirements:
|
|
171
|
-
- - "~>"
|
|
172
|
-
- !ruby/object:Gem::Version
|
|
173
|
-
version: 0.7.3
|
|
131
|
+
version: 1.15.0
|
|
174
132
|
type: :development
|
|
175
133
|
prerelease: false
|
|
176
134
|
version_requirements: !ruby/object:Gem::Requirement
|
|
177
135
|
requirements:
|
|
178
136
|
- - "~>"
|
|
179
137
|
- !ruby/object:Gem::Version
|
|
180
|
-
version:
|
|
138
|
+
version: 1.15.0
|
|
181
139
|
- !ruby/object:Gem::Dependency
|
|
182
140
|
name: simplecov
|
|
183
141
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -287,14 +245,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
287
245
|
requirements:
|
|
288
246
|
- - ">="
|
|
289
247
|
- !ruby/object:Gem::Version
|
|
290
|
-
version:
|
|
248
|
+
version: 3.1.0
|
|
291
249
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
292
250
|
requirements:
|
|
293
251
|
- - ">="
|
|
294
252
|
- !ruby/object:Gem::Version
|
|
295
|
-
version:
|
|
253
|
+
version: 3.1.0
|
|
296
254
|
requirements: []
|
|
297
|
-
rubygems_version: 3.
|
|
255
|
+
rubygems_version: 3.3.7
|
|
298
256
|
signing_key:
|
|
299
257
|
specification_version: 4
|
|
300
258
|
summary: Go modules support for dependabot
|