dependabot-go_modules 0.212.0 → 0.213.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/go_modules/file_fetcher.rb +4 -0
  3. data/lib/dependabot/go_modules/file_parser.rb +1 -1
  4. data/lib/dependabot/go_modules/file_updater/go_mod_updater.rb +10 -10
  5. data/lib/dependabot/go_modules/requirement.rb +3 -3
  6. data/lib/dependabot/go_modules/resolvability_errors.rb +1 -1
  7. data/lib/dependabot/go_modules/update_checker/latest_version_finder.rb +3 -3
  8. data/lib/dependabot/go_modules/version.rb +1 -1
  9. metadata +13 -55
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9a4dc6858676aa3f1b955c586842f791cb99b2685f6c4c1254481bef52e4fcd3
4
- data.tar.gz: e1d58699f368c4d17982156b7a485cf5c7ce10c261abb1754f832dbbec9f0b0d
3
+ metadata.gz: fa899f6cb84134185a0301e5527097c6ca4508807512764f8f4cd733c45effbb
4
+ data.tar.gz: 4718f6bf91b3fbd5cf757a4f6de78defd584df38d8a9814be3b10fa236d17cfa
5
5
  SHA512:
6
- metadata.gz: c24e914689efc47b2bf3faffd11cef23f9b0f07804a79d90177aa7e5600b7dd8666316330d7e13e3d4efb489a2082d53837e9baeb4a4bdc3c148603fe2554d65
7
- data.tar.gz: b019db2774816b9f78d687494ad12ee3119aef1158e63acf31df12cce09f4baca7f58763d61d578216930d612576070dd23cef788424ed6c873e5f7f392360ad
6
+ metadata.gz: 24fa02bcc6e1f89000adf4405a6efc921e6bd3e0c7f2e92a8771e5fc77d1508034fbcc8efe0d5adebcb0243cd878761944ac1e61d6495206c907888261506a4b
7
+ data.tar.gz: d6846ea7a5d4c423101fada0f5d4f11024f093e67a9f79ea8d5b3413920a0b6b0f45ec687456d04fd5d120af035b8040e2c2bb6190dfbb88c7e9c94193a2376a
data/lib/dependabot/go_modules/file_fetcher.rb CHANGED
@@ -47,6 +47,10 @@ module Dependabot
47
47
  def go_sum
48
48
  @go_sum ||= fetch_file_if_present("go.sum")
49
49
  end
50
+
51
+ def recurse_submodules_when_cloning?
52
+ true
53
+ end
50
54
  end
51
55
  end
52
56
  end
data/lib/dependabot/go_modules/file_parser.rb CHANGED
@@ -12,7 +12,7 @@ require "dependabot/file_parsers/base"
12
12
  module Dependabot
13
13
  module GoModules
14
14
  class FileParser < Dependabot::FileParsers::Base
15
- GIT_VERSION_REGEX = /^v\d+\.\d+\.\d+-.*-(?<sha>[0-9a-f]{12})$/.freeze
15
+ GIT_VERSION_REGEX = /^v\d+\.\d+\.\d+-.*-(?<sha>[0-9a-f]{12})$/
16
16
 
17
17
  def parse
18
18
  dependency_set = Dependabot::FileParsers::Base::DependencySet.new
data/lib/dependabot/go_modules/file_updater/go_mod_updater.rb CHANGED
@@ -13,7 +13,7 @@ module Dependabot
13
13
  class GoModUpdater
14
14
  RESOLVABILITY_ERROR_REGEXES = [
15
15
  # The checksum in go.sum does not match the downloaded content
16
- /verifying .*: checksum mismatch/.freeze,
16
+ /verifying .*: checksum mismatch/,
17
17
  /go(?: get)?: .*: go.mod has post-v\d+ module path/
18
18
  ].freeze
19
19
 
@@ -21,19 +21,19 @@ module Dependabot
21
21
  /fatal: The remote end hung up unexpectedly/,
22
22
  /repository '.+' not found/,
23
23
  # (Private) module could not be fetched
24
- /go(?: get)?: .*: git (fetch|ls-remote) .*: exit status 128/m.freeze,
24
+ /go(?: get)?: .*: git (fetch|ls-remote) .*: exit status 128/m,
25
25
  # (Private) module could not be found
26
- /cannot find module providing package/.freeze,
26
+ /cannot find module providing package/,
27
27
  # Package in module was likely renamed or removed
28
- /module .* found \(.*\), but does not contain package/m.freeze,
28
+ /module .* found \(.*\), but does not contain package/m,
29
29
  # Package pseudo-version does not match the version-control metadata
30
30
  # https://golang.google.cn/doc/go1.13#version-validation
31
- /go(?: get)?: .*: invalid pseudo-version/m.freeze,
31
+ /go(?: get)?: .*: invalid pseudo-version/m,
32
32
  # Package does not exist, has been pulled or cannot be reached due to
33
33
  # auth problems with either git or the go proxy
34
- /go(?: get)?: .*: unknown revision/m.freeze,
34
+ /go(?: get)?: .*: unknown revision/m,
35
35
  # Package pointing to a proxy that 404s
36
- /go(?: get)?: .*: unrecognized import path/m.freeze
36
+ /go(?: get)?: .*: unrecognized import path/m
37
37
  ].freeze
38
38
 
39
39
  MODULE_PATH_MISMATCH_REGEXES = [
@@ -43,11 +43,11 @@ module Dependabot
43
43
  ].freeze
44
44
 
45
45
  OUT_OF_DISK_REGEXES = [
46
- %r{input/output error}.freeze,
47
- /no space left on device/.freeze
46
+ %r{input/output error},
47
+ /no space left on device/
48
48
  ].freeze
49
49
 
50
- GO_MOD_VERSION = /^go 1\.[\d]+$/.freeze
50
+ GO_MOD_VERSION = /^go 1\.[\d]+$/
51
51
 
52
52
  def initialize(dependencies:, credentials:, repo_contents_path:,
53
53
  directory:, options:)
data/lib/dependabot/go_modules/requirement.rb CHANGED
@@ -12,15 +12,15 @@ require "dependabot/go_modules/version"
12
12
  module Dependabot
13
13
  module GoModules
14
14
  class Requirement < Gem::Requirement
15
- WILDCARD_REGEX = /(?:\.|^)[xX*]/.freeze
16
- OR_SEPARATOR = /(?<=[a-zA-Z0-9*])\s*\|{2}/.freeze
15
+ WILDCARD_REGEX = /(?:\.|^)[xX*]/
16
+ OR_SEPARATOR = /(?<=[a-zA-Z0-9*])\s*\|{2}/
17
17
 
18
18
  # Override the version pattern to allow a 'v' prefix
19
19
  quoted = OPS.keys.map { |k| Regexp.quote(k) }.join("|")
20
20
  version_pattern = "v?#{Version::VERSION_PATTERN}"
21
21
 
22
22
  PATTERN_RAW = "\\s*(#{quoted})?\\s*(#{version_pattern})\\s*"
23
- PATTERN = /\A#{PATTERN_RAW}\z/.freeze
23
+ PATTERN = /\A#{PATTERN_RAW}\z/
24
24
 
25
25
  # Use GoModules::Version rather than Gem::Version to ensure that
26
26
  # pre-release versions aren't transformed.
data/lib/dependabot/go_modules/resolvability_errors.rb CHANGED
@@ -3,7 +3,7 @@
3
3
  module Dependabot
4
4
  module GoModules
5
5
  module ResolvabilityErrors
6
- GITHUB_REPO_REGEX = %r{github.com/[^:@]*}.freeze
6
+ GITHUB_REPO_REGEX = %r{github.com/[^:@]*}
7
7
 
8
8
  def self.handle(message, credentials:, goprivate:)
9
9
  mod_path = message.scan(GITHUB_REPO_REGEX).last
data/lib/dependabot/go_modules/update_checker/latest_version_finder.rb CHANGED
@@ -22,10 +22,10 @@ module Dependabot
22
22
  /unrecognized import path/,
23
23
  /malformed module path/,
24
24
  # (Private) module could not be fetched
25
- /module .*: git ls-remote .*: exit status 128/m.freeze
25
+ /module .*: git ls-remote .*: exit status 128/m
26
26
  ].freeze
27
- INVALID_VERSION_REGEX = /version "[^"]+" invalid/m.freeze
28
- PSEUDO_VERSION_REGEX = /\b\d{14}-[0-9a-f]{12}$/.freeze
27
+ INVALID_VERSION_REGEX = /version "[^"]+" invalid/m
28
+ PSEUDO_VERSION_REGEX = /\b\d{14}-[0-9a-f]{12}$/
29
29
 
30
30
  def initialize(dependency:, dependency_files:, credentials:,
31
31
  ignored_versions:, security_advisories:, raise_on_ignored: false,
data/lib/dependabot/go_modules/version.rb CHANGED
@@ -13,7 +13,7 @@ module Dependabot
13
13
  VERSION_PATTERN = '[0-9]+[0-9a-zA-Z]*(?>\.[0-9a-zA-Z]+)*' \
14
14
  '(-[0-9A-Za-z-]+(\.[0-9a-zA-Z-]+)*)?' \
15
15
  '(\+incompatible)?'
16
- ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/.freeze
16
+ ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/
17
17
 
18
18
  def self.correct?(version)
19
19
  version = version.gsub(/^v/, "") if version.is_a?(String)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-go_modules
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.212.0
4
+ version: 0.213.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-09-06 00:00:00.000000000 Z
11
+ date: 2022-10-31 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,42 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.212.0
19
+ version: 0.213.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.212.0
27
- - !ruby/object:Gem::Dependency
28
- name: debase
29
- requirement: !ruby/object:Gem::Requirement
30
- requirements:
31
- - - '='
32
- - !ruby/object:Gem::Version
33
- version: 0.2.3
34
- type: :development
35
- prerelease: false
36
- version_requirements: !ruby/object:Gem::Requirement
37
- requirements:
38
- - - '='
39
- - !ruby/object:Gem::Version
40
- version: 0.2.3
41
- - !ruby/object:Gem::Dependency
42
- name: debase-ruby_core_source
43
- requirement: !ruby/object:Gem::Requirement
44
- requirements:
45
- - - '='
46
- - !ruby/object:Gem::Version
47
- version: 0.10.16
48
- type: :development
49
- prerelease: false
50
- version_requirements: !ruby/object:Gem::Requirement
51
- requirements:
52
- - - '='
53
- - !ruby/object:Gem::Version
54
- version: 0.10.16
26
+ version: 0.213.0
55
27
  - !ruby/object:Gem::Dependency
56
28
  name: debug
57
29
  requirement: !ruby/object:Gem::Requirement
@@ -86,14 +58,14 @@ dependencies:
86
58
  requirements:
87
59
  - - "~>"
88
60
  - !ruby/object:Gem::Version
89
- version: 3.12.0
61
+ version: 3.13.0
90
62
  type: :development
91
63
  prerelease: false
92
64
  version_requirements: !ruby/object:Gem::Requirement
93
65
  requirements:
94
66
  - - "~>"
95
67
  - !ruby/object:Gem::Version
96
- version: 3.12.0
68
+ version: 3.13.0
97
69
  - !ruby/object:Gem::Dependency
98
70
  name: rake
99
71
  requirement: !ruby/object:Gem::Requirement
@@ -142,42 +114,28 @@ dependencies:
142
114
  requirements:
143
115
  - - "~>"
144
116
  - !ruby/object:Gem::Version
145
- version: 1.36.0
117
+ version: 1.37.1
146
118
  type: :development
147
119
  prerelease: false
148
120
  version_requirements: !ruby/object:Gem::Requirement
149
121
  requirements:
150
122
  - - "~>"
151
123
  - !ruby/object:Gem::Version
152
- version: 1.36.0
124
+ version: 1.37.1
153
125
  - !ruby/object:Gem::Dependency
154
126
  name: rubocop-performance
155
127
  requirement: !ruby/object:Gem::Requirement
156
128
  requirements:
157
129
  - - "~>"
158
130
  - !ruby/object:Gem::Version
159
- version: 1.14.2
160
- type: :development
161
- prerelease: false
162
- version_requirements: !ruby/object:Gem::Requirement
163
- requirements:
164
- - - "~>"
165
- - !ruby/object:Gem::Version
166
- version: 1.14.2
167
- - !ruby/object:Gem::Dependency
168
- name: ruby-debug-ide
169
- requirement: !ruby/object:Gem::Requirement
170
- requirements:
171
- - - "~>"
172
- - !ruby/object:Gem::Version
173
- version: 0.7.3
131
+ version: 1.15.0
174
132
  type: :development
175
133
  prerelease: false
176
134
  version_requirements: !ruby/object:Gem::Requirement
177
135
  requirements:
178
136
  - - "~>"
179
137
  - !ruby/object:Gem::Version
180
- version: 0.7.3
138
+ version: 1.15.0
181
139
  - !ruby/object:Gem::Dependency
182
140
  name: simplecov
183
141
  requirement: !ruby/object:Gem::Requirement
@@ -287,14 +245,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
287
245
  requirements:
288
246
  - - ">="
289
247
  - !ruby/object:Gem::Version
290
- version: 2.7.0
248
+ version: 3.1.0
291
249
  required_rubygems_version: !ruby/object:Gem::Requirement
292
250
  requirements:
293
251
  - - ">="
294
252
  - !ruby/object:Gem::Version
295
- version: 2.7.0
253
+ version: 3.1.0
296
254
  requirements: []
297
- rubygems_version: 3.1.6
255
+ rubygems_version: 3.3.7
298
256
  signing_key:
299
257
  specification_version: 4
300
258
  summary: Go modules support for dependabot