dependabot-go_modules 0.215.0 → 0.216.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/go.mod +1 -1
- data/lib/dependabot/go_modules/file_fetcher.rb +11 -2
- data/lib/dependabot/go_modules/file_parser.rb +9 -68
- data/lib/dependabot/go_modules/file_updater/go_mod_updater.rb +20 -5
- data/lib/dependabot/go_modules/file_updater.rb +6 -1
- data/lib/dependabot/go_modules/metadata_finder.rb +1 -38
- data/lib/dependabot/go_modules/path_converter.rb +0 -50
- data/lib/dependabot/go_modules/update_checker/latest_version_finder.rb +11 -5
- data/lib/dependabot/go_modules/update_checker.rb +2 -35
- data/lib/dependabot/go_modules/version.rb +2 -1
- metadata +35 -32
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 5ce14da8132843f24f4fe7252d3236184a8af451c2a8de9c53d7e64d69b6e694
|
4
|
+
data.tar.gz: d79638429d7815e7325bc3bf35c6acfbf932e1642fdd26232bd272a2a568c35e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 236a2b718e573f78f2c0a9388702a67ce8dc6e67390e9d11da0124cb527e9ce2d78918bdbb65ebd13c2d51963b46de821bb947e80e766f2bb95df1694ef622a0
|
7
|
+
data.tar.gz: b0ee24269dee9be22ad5f553f53afc93a9e5910f4a9b98cdc916351222035e8e4d711f5535be329cd9c7003863b12ba433c469b86c059fc309e63a9e202ea20e
|
data/helpers/go.mod
CHANGED
@@ -14,6 +14,17 @@ module Dependabot
|
|
14
14
|
"Repo must contain a go.mod."
|
15
15
|
end
|
16
16
|
|
17
|
+
def package_manager_version
|
18
|
+
return nil unless go_mod
|
19
|
+
|
20
|
+
{
|
21
|
+
ecosystem: "gomod",
|
22
|
+
package_managers: {
|
23
|
+
"gomod" => go_mod.content.match(/^go\s(\d+\.\d+)/)&.captures&.first || "unknown"
|
24
|
+
}
|
25
|
+
}
|
26
|
+
end
|
27
|
+
|
17
28
|
private
|
18
29
|
|
19
30
|
def fetch_files
|
@@ -32,10 +43,8 @@ module Dependabot
|
|
32
43
|
end
|
33
44
|
|
34
45
|
fetched_files = [go_mod]
|
35
|
-
|
36
46
|
# Fetch the (optional) go.sum
|
37
47
|
fetched_files << go_sum if go_sum
|
38
|
-
|
39
48
|
fetched_files
|
40
49
|
end
|
41
50
|
end
|
@@ -12,8 +12,6 @@ require "dependabot/file_parsers/base"
|
|
12
12
|
module Dependabot
|
13
13
|
module GoModules
|
14
14
|
class FileParser < Dependabot::FileParsers::Base
|
15
|
-
GIT_VERSION_REGEX = /^v\d+\.\d+\.\d+-.*-(?<sha>[0-9a-f]{12})$/
|
16
|
-
|
17
15
|
def parse
|
18
16
|
dependency_set = Dependabot::FileParsers::Base::DependencySet.new
|
19
17
|
|
@@ -35,16 +33,11 @@ module Dependabot
|
|
35
33
|
end
|
36
34
|
|
37
35
|
def dependency_from_details(details)
|
38
|
-
source =
|
39
|
-
if rev_identifier?(details) then git_source(details)
|
40
|
-
else
|
41
|
-
{ type: "default", source: details["Path"] }
|
42
|
-
end
|
43
|
-
|
36
|
+
source = { type: "default", source: details["Path"] }
|
44
37
|
version = details["Version"]&.sub(/^v?/, "")
|
45
38
|
|
46
39
|
reqs = [{
|
47
|
-
requirement:
|
40
|
+
requirement: details["Version"],
|
48
41
|
file: go_mod.name,
|
49
42
|
source: source,
|
50
43
|
groups: []
|
@@ -53,7 +46,7 @@ module Dependabot
|
|
53
46
|
Dependency.new(
|
54
47
|
name: details["Path"],
|
55
48
|
version: version,
|
56
|
-
requirements: details["Indirect"]
|
49
|
+
requirements: details["Indirect"] ? [] : reqs,
|
57
50
|
package_manager: "go_modules"
|
58
51
|
)
|
59
52
|
end
|
@@ -115,54 +108,14 @@ module Dependabot
|
|
115
108
|
raise Dependabot::DependencyFileNotParseable.new(go_mod.path, msg)
|
116
109
|
end
|
117
110
|
|
118
|
-
def rev_identifier?(dep)
|
119
|
-
dep["Version"]&.match?(GIT_VERSION_REGEX)
|
120
|
-
end
|
121
|
-
|
122
|
-
def git_source(dep)
|
123
|
-
url = PathConverter.git_url_for_path(dep["Path"])
|
124
|
-
|
125
|
-
# Currently, we have no way of knowing whether the commit tagged
|
126
|
-
# is being used because a branch is being followed or because a
|
127
|
-
# particular ref is in use. We *assume* that a particular ref is in
|
128
|
-
# use (which means we'll only propose updates when its included in
|
129
|
-
# a release)
|
130
|
-
{
|
131
|
-
type: "git",
|
132
|
-
url: url || dep["Path"],
|
133
|
-
ref: git_revision(dep),
|
134
|
-
branch: nil
|
135
|
-
}
|
136
|
-
rescue Dependabot::SharedHelpers::HelperSubprocessFailed => e
|
137
|
-
if e.message == "Cannot detect VCS"
|
138
|
-
# if the dependency is locally replaced, this is not a fatal error
|
139
|
-
return { type: "default", source: dep["Path"] } if dependency_has_local_replacement(dep)
|
140
|
-
|
141
|
-
msg = e.message + " for #{dep['Path']}. Attempted to detect VCS " \
|
142
|
-
"because the version looks like a git revision: " \
|
143
|
-
"#{dep['Version']}"
|
144
|
-
raise Dependabot::DependencyFileNotResolvable, msg
|
145
|
-
end
|
146
|
-
|
147
|
-
raise
|
148
|
-
end
|
149
|
-
|
150
|
-
def git_revision(dep)
|
151
|
-
raw_version = dep.fetch("Version")
|
152
|
-
return raw_version unless raw_version.match?(GIT_VERSION_REGEX)
|
153
|
-
|
154
|
-
raw_version.match(GIT_VERSION_REGEX).named_captures.fetch("sha")
|
155
|
-
end
|
156
|
-
|
157
111
|
def skip_dependency?(dep)
|
158
|
-
|
112
|
+
# Updating replaced dependencies is not supported
|
113
|
+
return true if dependency_is_replaced(dep)
|
159
114
|
|
160
|
-
|
161
|
-
|
162
|
-
|
163
|
-
|
164
|
-
false
|
165
|
-
end
|
115
|
+
path_uri = URI.parse("https://#{dep['Path']}")
|
116
|
+
!path_uri.host.include?(".")
|
117
|
+
rescue URI::InvalidURIError
|
118
|
+
false
|
166
119
|
end
|
167
120
|
|
168
121
|
def dependency_is_replaced(details)
|
@@ -182,18 +135,6 @@ module Dependabot
|
|
182
135
|
end
|
183
136
|
false
|
184
137
|
end
|
185
|
-
|
186
|
-
def dependency_has_local_replacement(details)
|
187
|
-
if manifest["Replace"]
|
188
|
-
has_local_replacement = manifest["Replace"].find do |replace|
|
189
|
-
replace["New"]["Path"].start_with?("./", "../") &&
|
190
|
-
replace["Old"]["Path"] == details["Path"]
|
191
|
-
end
|
192
|
-
|
193
|
-
return true if has_local_replacement
|
194
|
-
end
|
195
|
-
false
|
196
|
-
end
|
197
138
|
end
|
198
139
|
end
|
199
140
|
end
|
@@ -2,6 +2,7 @@
|
|
2
2
|
|
3
3
|
require "dependabot/shared_helpers"
|
4
4
|
require "dependabot/errors"
|
5
|
+
require "dependabot/logger"
|
5
6
|
require "dependabot/go_modules/file_updater"
|
6
7
|
require "dependabot/go_modules/native_helpers"
|
7
8
|
require "dependabot/go_modules/replace_stubber"
|
@@ -14,12 +15,25 @@ module Dependabot
|
|
14
15
|
RESOLVABILITY_ERROR_REGEXES = [
|
15
16
|
# The checksum in go.sum does not match the downloaded content
|
16
17
|
/verifying .*: checksum mismatch/,
|
17
|
-
/go(?: get)?: .*: go.mod has post-v\d+ module path
|
18
|
+
/go(?: get)?: .*: go.mod has post-v\d+ module path/,
|
19
|
+
# The Go tool is suggesting the user should run go mod tidy
|
20
|
+
/go mod tidy/,
|
21
|
+
# Something wrong in the chain of go.mod/go.sum files
|
22
|
+
# These are often fixable with go mod tidy too.
|
23
|
+
/no required module provides package/,
|
24
|
+
/missing go\.sum entry for module providing package/,
|
25
|
+
/malformed module path/,
|
26
|
+
/used for two different module paths/,
|
27
|
+
# https://github.com/golang/go/issues/56494
|
28
|
+
/can't find reason for requirement on/,
|
29
|
+
# import path doesn't exist
|
30
|
+
/package \S+ is not in GOROOT/
|
18
31
|
].freeze
|
19
32
|
|
20
33
|
REPO_RESOLVABILITY_ERROR_REGEXES = [
|
21
34
|
/fatal: The remote end hung up unexpectedly/,
|
22
35
|
/repository '.+' not found/,
|
36
|
+
%r{net/http: TLS handshake timeout},
|
23
37
|
# (Private) module could not be fetched
|
24
38
|
/go(?: get)?: .*: git (fetch|ls-remote) .*: exit status 128/m,
|
25
39
|
# (Private) module could not be found
|
@@ -139,10 +153,11 @@ module Dependabot
|
|
139
153
|
command = "go mod tidy -e"
|
140
154
|
|
141
155
|
# we explicitly don't raise an error for 'go mod tidy' and silently
|
142
|
-
# continue here. `go mod tidy` shouldn't block
|
143
|
-
# because there are some edge cases where it's OK to fail
|
144
|
-
# generated files not available yet to us).
|
145
|
-
Open3.capture3(environment, command)
|
156
|
+
# continue with an info log here. `go mod tidy` shouldn't block
|
157
|
+
# updating versions because there are some edge cases where it's OK to fail
|
158
|
+
# (such as generated files not available yet to us).
|
159
|
+
_, stderr, status = Open3.capture3(environment, command)
|
160
|
+
Dependabot.logger.info "Failed to `go mod tidy`: #{stderr}" unless status.success?
|
146
161
|
end
|
147
162
|
|
148
163
|
def run_go_vendor
|
@@ -28,7 +28,7 @@ module Dependabot
|
|
28
28
|
def updated_dependency_files
|
29
29
|
updated_files = []
|
30
30
|
|
31
|
-
if go_mod &&
|
31
|
+
if go_mod && dependency_changed?(go_mod)
|
32
32
|
updated_files <<
|
33
33
|
updated_file(
|
34
34
|
file: go_mod,
|
@@ -56,6 +56,11 @@ module Dependabot
|
|
56
56
|
|
57
57
|
private
|
58
58
|
|
59
|
+
def dependency_changed?(go_mod)
|
60
|
+
# file_changed? only checks for changed requirements. Need to check for indirect dep version changes too.
|
61
|
+
file_changed?(go_mod) || dependencies.any? { |dep| dep.previous_version != dep.version }
|
62
|
+
end
|
63
|
+
|
59
64
|
def check_required_files
|
60
65
|
return if go_mod
|
61
66
|
|
@@ -10,46 +10,9 @@ module Dependabot
|
|
10
10
|
private
|
11
11
|
|
12
12
|
def look_up_source
|
13
|
-
|
14
|
-
|
15
|
-
path_str = (specified_source_string || dependency.name)
|
16
|
-
url = Dependabot::GoModules::PathConverter.
|
17
|
-
git_url_for_path_without_go_helper(path_str)
|
13
|
+
url = Dependabot::GoModules::PathConverter.git_url_for_path(dependency.name)
|
18
14
|
Source.from_url(url) if url
|
19
15
|
end
|
20
|
-
|
21
|
-
def git_dependency?
|
22
|
-
return false unless declared_source_details
|
23
|
-
|
24
|
-
dependency_type =
|
25
|
-
declared_source_details.fetch(:type, nil) ||
|
26
|
-
declared_source_details.fetch("type")
|
27
|
-
|
28
|
-
dependency_type == "git"
|
29
|
-
end
|
30
|
-
|
31
|
-
def look_up_git_dependency_source
|
32
|
-
specified_url =
|
33
|
-
declared_source_details.fetch(:url, nil) ||
|
34
|
-
declared_source_details.fetch("url")
|
35
|
-
|
36
|
-
Source.from_url(specified_url)
|
37
|
-
end
|
38
|
-
|
39
|
-
def specified_source_string
|
40
|
-
declared_source_details&.fetch(:source, nil) ||
|
41
|
-
declared_source_details&.fetch("source", nil)
|
42
|
-
end
|
43
|
-
|
44
|
-
def declared_source_details
|
45
|
-
sources = dependency.requirements.
|
46
|
-
map { |r| r.fetch(:source) }.
|
47
|
-
uniq.compact
|
48
|
-
|
49
|
-
raise "Multiple sources! #{sources.join(', ')}" if sources.count > 1
|
50
|
-
|
51
|
-
sources.first
|
52
|
-
end
|
53
16
|
end
|
54
17
|
end
|
55
18
|
end
|
@@ -1,10 +1,5 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require "excon"
|
4
|
-
require "nokogiri"
|
5
|
-
|
6
|
-
require "dependabot/registry_client"
|
7
|
-
require "dependabot/source"
|
8
3
|
require "dependabot/go_modules/native_helpers"
|
9
4
|
|
10
5
|
module Dependabot
|
@@ -20,51 +15,6 @@ module Dependabot
|
|
20
15
|
args: { import: import_path }
|
21
16
|
)
|
22
17
|
end
|
23
|
-
|
24
|
-
# rubocop:disable Metrics/PerceivedComplexity
|
25
|
-
# Used in dependabot-backend, which doesn't have access to any Go
|
26
|
-
# helpers.
|
27
|
-
# TODO: remove the need for this.
|
28
|
-
def self.git_url_for_path_without_go_helper(path)
|
29
|
-
# Save a query by manually converting golang.org/x names
|
30
|
-
tmp_path = path.gsub(%r{^golang\.org/x}, "github.com/golang")
|
31
|
-
|
32
|
-
# Currently, Dependabot::Source.new will return `nil` if it can't
|
33
|
-
# find a git SCH associated with a path. If it is ever extended to
|
34
|
-
# handle non-git sources we'll need to add an additional check here.
|
35
|
-
return Source.from_url(tmp_path).url if Source.from_url(tmp_path)
|
36
|
-
return "https://#{tmp_path}" if tmp_path.end_with?(".git")
|
37
|
-
return unless (metadata_response = fetch_path_metadata(path))
|
38
|
-
|
39
|
-
# Look for a GitHub, Bitbucket or GitLab URL in the response
|
40
|
-
metadata_response.scan(Dependabot::Source::SOURCE_REGEX) do
|
41
|
-
source_url = Regexp.last_match.to_s
|
42
|
-
return Source.from_url(source_url).url
|
43
|
-
end
|
44
|
-
|
45
|
-
# If none are found, parse the response and return the go-import path
|
46
|
-
doc = Nokogiri::XML(metadata_response)
|
47
|
-
doc.remove_namespaces!
|
48
|
-
import_details =
|
49
|
-
doc.xpath("//meta").
|
50
|
-
find { |n| n.attributes["name"]&.value == "go-import" }&.
|
51
|
-
attributes&.fetch("content")&.value&.split(/\s+/)
|
52
|
-
return unless import_details && import_details[1] == "git"
|
53
|
-
|
54
|
-
import_details[2]
|
55
|
-
end
|
56
|
-
# rubocop:enable Metrics/PerceivedComplexity
|
57
|
-
|
58
|
-
def self.fetch_path_metadata(path)
|
59
|
-
# TODO: This is not robust! Instead, we should shell out to Go and
|
60
|
-
# use https://github.com/Masterminds/vcs.
|
61
|
-
response = Dependabot::RegistryClient.get(url: "https://#{path}?go-get=1")
|
62
|
-
|
63
|
-
return unless response.status == 200
|
64
|
-
|
65
|
-
response.body
|
66
|
-
end
|
67
|
-
private_class_method :fetch_path_metadata
|
68
18
|
end
|
69
19
|
end
|
70
20
|
end
|
@@ -52,18 +52,16 @@ module Dependabot
|
|
52
52
|
attr_reader :dependency, :dependency_files, :credentials, :ignored_versions, :security_advisories
|
53
53
|
|
54
54
|
def fetch_latest_version
|
55
|
-
return dependency.version if PSEUDO_VERSION_REGEX.match?(dependency.version)
|
56
|
-
|
57
55
|
candidate_versions = available_versions
|
58
56
|
candidate_versions = filter_prerelease_versions(candidate_versions)
|
59
57
|
candidate_versions = filter_ignored_versions(candidate_versions)
|
58
|
+
# Adding the psuedo-version to the list to avoid downgrades
|
59
|
+
candidate_versions << dependency.version if PSEUDO_VERSION_REGEX.match?(dependency.version)
|
60
60
|
|
61
61
|
candidate_versions.max
|
62
62
|
end
|
63
63
|
|
64
64
|
def fetch_lowest_security_fix_version
|
65
|
-
return dependency.version if PSEUDO_VERSION_REGEX.match?(dependency.version)
|
66
|
-
|
67
65
|
relevant_versions = available_versions
|
68
66
|
relevant_versions = filter_prerelease_versions(relevant_versions)
|
69
67
|
relevant_versions = Dependabot::UpdateCheckers::VersionFilters.filter_vulnerable_versions(relevant_versions,
|
@@ -75,6 +73,10 @@ module Dependabot
|
|
75
73
|
end
|
76
74
|
|
77
75
|
def available_versions
|
76
|
+
@available_versions ||= fetch_available_versions
|
77
|
+
end
|
78
|
+
|
79
|
+
def fetch_available_versions
|
78
80
|
SharedHelpers.in_a_temporary_directory do
|
79
81
|
SharedHelpers.with_git_configured(credentials: credentials) do
|
80
82
|
manifest = parse_manifest
|
@@ -90,7 +92,11 @@ module Dependabot
|
|
90
92
|
# Turn off the module proxy for private dependencies
|
91
93
|
env = { "GOPRIVATE" => @goprivate }
|
92
94
|
|
93
|
-
versions_json = SharedHelpers.run_shell_command(
|
95
|
+
versions_json = SharedHelpers.run_shell_command(
|
96
|
+
"go list -m -versions -json #{dependency.name}",
|
97
|
+
fingerprint: "go list -m -versions -json <dependency_name>",
|
98
|
+
env: env
|
99
|
+
)
|
94
100
|
version_strings = JSON.parse(versions_json)["Versions"]
|
95
101
|
|
96
102
|
return [version_class.new(dependency.version)] if version_strings.nil?
|
@@ -13,17 +13,6 @@ module Dependabot
|
|
13
13
|
require_relative "update_checker/latest_version_finder"
|
14
14
|
|
15
15
|
def latest_resolvable_version
|
16
|
-
# We don't yet support updating indirect dependencies for go_modules
|
17
|
-
#
|
18
|
-
# To update indirect dependencies we'll need to promote the indirect
|
19
|
-
# dependency to the go.mod file forcing the resolver to pick this
|
20
|
-
# version (possibly as `// indirect`)
|
21
|
-
unless dependency.top_level?
|
22
|
-
return unless dependency.version
|
23
|
-
|
24
|
-
return current_version
|
25
|
-
end
|
26
|
-
|
27
16
|
latest_version_finder.latest_version
|
28
17
|
end
|
29
18
|
|
@@ -37,12 +26,6 @@ module Dependabot
|
|
37
26
|
def lowest_resolvable_security_fix_version
|
38
27
|
raise "Dependency not vulnerable!" unless vulnerable?
|
39
28
|
|
40
|
-
unless dependency.top_level?
|
41
|
-
return unless dependency.version
|
42
|
-
|
43
|
-
return current_version
|
44
|
-
end
|
45
|
-
|
46
29
|
lowest_security_fix_version
|
47
30
|
end
|
48
31
|
|
@@ -85,11 +68,9 @@ module Dependabot
|
|
85
68
|
raise NotImplementedError
|
86
69
|
end
|
87
70
|
|
88
|
-
#
|
89
|
-
# since not all dep git dependencies have a SHA version (sometimes their
|
90
|
-
# version is the tag)
|
71
|
+
# Go only supports semver and semver-compliant pseudo-versions, so it can't be a SHA.
|
91
72
|
def existing_version_is_sha?
|
92
|
-
|
73
|
+
false
|
93
74
|
end
|
94
75
|
|
95
76
|
def version_from_tag(tag)
|
@@ -100,23 +81,9 @@ module Dependabot
|
|
100
81
|
tag&.fetch(:tag)
|
101
82
|
end
|
102
83
|
|
103
|
-
def git_dependency?
|
104
|
-
git_commit_checker.git_dependency?
|
105
|
-
end
|
106
|
-
|
107
84
|
def default_source
|
108
85
|
{ type: "default", source: dependency.name }
|
109
86
|
end
|
110
|
-
|
111
|
-
def git_commit_checker
|
112
|
-
@git_commit_checker ||=
|
113
|
-
GitCommitChecker.new(
|
114
|
-
dependency: dependency,
|
115
|
-
credentials: credentials,
|
116
|
-
ignored_versions: ignored_versions,
|
117
|
-
raise_on_ignored: raise_on_ignored
|
118
|
-
)
|
119
|
-
end
|
120
87
|
end
|
121
88
|
end
|
122
89
|
end
|
@@ -5,11 +5,12 @@
|
|
5
5
|
# alteration.
|
6
6
|
# Best docs are at https://github.com/Masterminds/semver
|
7
7
|
|
8
|
+
require "dependabot/version"
|
8
9
|
require "dependabot/utils"
|
9
10
|
|
10
11
|
module Dependabot
|
11
12
|
module GoModules
|
12
|
-
class Version <
|
13
|
+
class Version < Dependabot::Version
|
13
14
|
VERSION_PATTERN = '[0-9]+[0-9a-zA-Z]*(?>\.[0-9a-zA-Z]+)*' \
|
14
15
|
'(-[0-9A-Za-z-]+(\.[0-9a-zA-Z-]+)*)?' \
|
15
16
|
'(\+incompatible)?'
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-go_modules
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.216.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2023-04-12 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,28 +16,28 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.216.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.216.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
30
30
|
requirements:
|
31
|
-
- - "
|
31
|
+
- - "~>"
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version: 1.
|
33
|
+
version: 1.7.1
|
34
34
|
type: :development
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
|
-
- - "
|
38
|
+
- - "~>"
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version: 1.
|
40
|
+
version: 1.7.1
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: gpgme
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
@@ -58,14 +58,14 @@ dependencies:
|
|
58
58
|
requirements:
|
59
59
|
- - "~>"
|
60
60
|
- !ruby/object:Gem::Version
|
61
|
-
version: 4.
|
61
|
+
version: 4.2.0
|
62
62
|
type: :development
|
63
63
|
prerelease: false
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
65
65
|
requirements:
|
66
66
|
- - "~>"
|
67
67
|
- !ruby/object:Gem::Version
|
68
|
-
version: 4.
|
68
|
+
version: 4.2.0
|
69
69
|
- !ruby/object:Gem::Dependency
|
70
70
|
name: rake
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|
@@ -86,70 +86,70 @@ dependencies:
|
|
86
86
|
requirements:
|
87
87
|
- - "~>"
|
88
88
|
- !ruby/object:Gem::Version
|
89
|
-
version: '3.
|
89
|
+
version: '3.12'
|
90
90
|
type: :development
|
91
91
|
prerelease: false
|
92
92
|
version_requirements: !ruby/object:Gem::Requirement
|
93
93
|
requirements:
|
94
94
|
- - "~>"
|
95
95
|
- !ruby/object:Gem::Version
|
96
|
-
version: '3.
|
96
|
+
version: '3.12'
|
97
97
|
- !ruby/object:Gem::Dependency
|
98
98
|
name: rspec-its
|
99
99
|
requirement: !ruby/object:Gem::Requirement
|
100
100
|
requirements:
|
101
101
|
- - "~>"
|
102
102
|
- !ruby/object:Gem::Version
|
103
|
-
version: '1.
|
103
|
+
version: '1.3'
|
104
104
|
type: :development
|
105
105
|
prerelease: false
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
107
107
|
requirements:
|
108
108
|
- - "~>"
|
109
109
|
- !ruby/object:Gem::Version
|
110
|
-
version: '1.
|
110
|
+
version: '1.3'
|
111
111
|
- !ruby/object:Gem::Dependency
|
112
112
|
name: rubocop
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|
114
114
|
requirements:
|
115
115
|
- - "~>"
|
116
116
|
- !ruby/object:Gem::Version
|
117
|
-
version: 1.
|
117
|
+
version: 1.48.0
|
118
118
|
type: :development
|
119
119
|
prerelease: false
|
120
120
|
version_requirements: !ruby/object:Gem::Requirement
|
121
121
|
requirements:
|
122
122
|
- - "~>"
|
123
123
|
- !ruby/object:Gem::Version
|
124
|
-
version: 1.
|
124
|
+
version: 1.48.0
|
125
125
|
- !ruby/object:Gem::Dependency
|
126
126
|
name: rubocop-performance
|
127
127
|
requirement: !ruby/object:Gem::Requirement
|
128
128
|
requirements:
|
129
129
|
- - "~>"
|
130
130
|
- !ruby/object:Gem::Version
|
131
|
-
version: 1.
|
131
|
+
version: 1.17.1
|
132
132
|
type: :development
|
133
133
|
prerelease: false
|
134
134
|
version_requirements: !ruby/object:Gem::Requirement
|
135
135
|
requirements:
|
136
136
|
- - "~>"
|
137
137
|
- !ruby/object:Gem::Version
|
138
|
-
version: 1.
|
138
|
+
version: 1.17.1
|
139
139
|
- !ruby/object:Gem::Dependency
|
140
140
|
name: simplecov
|
141
141
|
requirement: !ruby/object:Gem::Requirement
|
142
142
|
requirements:
|
143
143
|
- - "~>"
|
144
144
|
- !ruby/object:Gem::Version
|
145
|
-
version: 0.
|
145
|
+
version: 0.22.0
|
146
146
|
type: :development
|
147
147
|
prerelease: false
|
148
148
|
version_requirements: !ruby/object:Gem::Requirement
|
149
149
|
requirements:
|
150
150
|
- - "~>"
|
151
151
|
- !ruby/object:Gem::Version
|
152
|
-
version: 0.
|
152
|
+
version: 0.22.0
|
153
153
|
- !ruby/object:Gem::Dependency
|
154
154
|
name: simplecov-console
|
155
155
|
requirement: !ruby/object:Gem::Requirement
|
@@ -182,33 +182,34 @@ dependencies:
|
|
182
182
|
name: vcr
|
183
183
|
requirement: !ruby/object:Gem::Requirement
|
184
184
|
requirements:
|
185
|
-
- -
|
185
|
+
- - "~>"
|
186
186
|
- !ruby/object:Gem::Version
|
187
|
-
version: 6.1
|
187
|
+
version: '6.1'
|
188
188
|
type: :development
|
189
189
|
prerelease: false
|
190
190
|
version_requirements: !ruby/object:Gem::Requirement
|
191
191
|
requirements:
|
192
|
-
- -
|
192
|
+
- - "~>"
|
193
193
|
- !ruby/object:Gem::Version
|
194
|
-
version: 6.1
|
194
|
+
version: '6.1'
|
195
195
|
- !ruby/object:Gem::Dependency
|
196
196
|
name: webmock
|
197
197
|
requirement: !ruby/object:Gem::Requirement
|
198
198
|
requirements:
|
199
199
|
- - "~>"
|
200
200
|
- !ruby/object:Gem::Version
|
201
|
-
version: '3.
|
201
|
+
version: '3.18'
|
202
202
|
type: :development
|
203
203
|
prerelease: false
|
204
204
|
version_requirements: !ruby/object:Gem::Requirement
|
205
205
|
requirements:
|
206
206
|
- - "~>"
|
207
207
|
- !ruby/object:Gem::Version
|
208
|
-
version: '3.
|
209
|
-
description:
|
210
|
-
|
211
|
-
|
208
|
+
version: '3.18'
|
209
|
+
description: Dependabot-Go_Modules provides support for bumping Go Modules versions
|
210
|
+
via Dependabot. If you want support for multiple package managers, you probably
|
211
|
+
want the meta-gem dependabot-omnibus.
|
212
|
+
email: opensource@github.com
|
212
213
|
executables: []
|
213
214
|
extensions: []
|
214
215
|
extra_rdoc_files: []
|
@@ -236,7 +237,9 @@ files:
|
|
236
237
|
homepage: https://github.com/dependabot/dependabot-core
|
237
238
|
licenses:
|
238
239
|
- Nonstandard
|
239
|
-
metadata:
|
240
|
+
metadata:
|
241
|
+
issue_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
242
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/blob/main/CHANGELOG.md
|
240
243
|
post_install_message:
|
241
244
|
rdoc_options: []
|
242
245
|
require_paths:
|
@@ -252,8 +255,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
252
255
|
- !ruby/object:Gem::Version
|
253
256
|
version: 3.1.0
|
254
257
|
requirements: []
|
255
|
-
rubygems_version: 3.3.
|
258
|
+
rubygems_version: 3.3.26
|
256
259
|
signing_key:
|
257
260
|
specification_version: 4
|
258
|
-
summary:
|
261
|
+
summary: Provides Dependabot support for Go Modules
|
259
262
|
test_files: []
|