dependabot-go_modules 0.328.0 → 0.330.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/go_modules/file_fetcher.rb +9 -0
- data/lib/dependabot/go_modules/file_parser.rb +59 -0
- data/lib/dependabot/go_modules/file_updater/go_mod_updater.rb +5 -11
- data/lib/dependabot/go_modules/file_updater.rb +1 -2
- data/lib/dependabot/go_modules/package/package_details_fetcher.rb +4 -12
- data/lib/dependabot/go_modules/resolvability_errors.rb +3 -4
- data/lib/dependabot/go_modules/update_checker/latest_version_finder.rb +2 -12
- data/lib/dependabot/go_modules/update_checker.rb +2 -3
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: fd1cb0ab981e8458d9be07a6da780e5a8c886ae7953cb0a06c8635a52d79d863
|
|
4
|
+
data.tar.gz: 87a6cc8857ad1c5e1c162a74c756bbce89eb9138704a90be4c16fa96f63af78b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e2b75696b1d7a08b027a0d26702c15101b32989ba706d4cd8aa50a7cf14e4bc1dd7d5786a7745fec67731f67ccc4412f890175f877779a8634ebc90f7e7dddee
|
|
7
|
+
data.tar.gz: 62309a608616a32808e65316afb7ae41719dac413808394cb8becfe0866470ebf5faa41249a768325f12109237d3db7a769fc5f6c2bc565e8c8474843bfed241
|
|
@@ -41,6 +41,7 @@ module Dependabot
|
|
|
41
41
|
fetched_files = go_mod ? [go_mod] : []
|
|
42
42
|
# Fetch the (optional) go.sum
|
|
43
43
|
fetched_files << T.must(go_sum) if go_sum
|
|
44
|
+
fetched_files << T.must(go_env) if go_env
|
|
44
45
|
fetched_files
|
|
45
46
|
end
|
|
46
47
|
end
|
|
@@ -56,6 +57,14 @@ module Dependabot
|
|
|
56
57
|
def go_sum
|
|
57
58
|
@go_sum ||= T.let(fetch_file_if_present("go.sum"), T.nilable(Dependabot::DependencyFile))
|
|
58
59
|
end
|
|
60
|
+
|
|
61
|
+
sig { returns(T.nilable(Dependabot::DependencyFile)) }
|
|
62
|
+
def go_env
|
|
63
|
+
return @go_env if defined?(@go_env)
|
|
64
|
+
|
|
65
|
+
@go_env = T.let(fetch_support_file("go.env"), T.nilable(Dependabot::DependencyFile))
|
|
66
|
+
@go_env
|
|
67
|
+
end
|
|
59
68
|
end
|
|
60
69
|
end
|
|
61
70
|
end
|
|
@@ -20,6 +20,18 @@ module Dependabot
|
|
|
20
20
|
class FileParser < Dependabot::FileParsers::Base
|
|
21
21
|
extend T::Sig
|
|
22
22
|
|
|
23
|
+
sig do
|
|
24
|
+
params(dependency_files: T::Array[Dependabot::DependencyFile], source: T.nilable(Dependabot::Source),
|
|
25
|
+
repo_contents_path: T.nilable(String), credentials: T::Array[Dependabot::Credential],
|
|
26
|
+
reject_external_code: T::Boolean, options: T::Hash[Symbol, T.untyped]).void
|
|
27
|
+
end
|
|
28
|
+
def initialize(dependency_files:, source: nil, repo_contents_path: nil,
|
|
29
|
+
credentials: [], reject_external_code: false, options: {})
|
|
30
|
+
super
|
|
31
|
+
|
|
32
|
+
set_go_environment_variables
|
|
33
|
+
end
|
|
34
|
+
|
|
23
35
|
sig { override.returns(T::Array[Dependabot::Dependency]) }
|
|
24
36
|
def parse
|
|
25
37
|
dependency_set = Dependabot::FileParsers::Base::DependencySet.new
|
|
@@ -50,6 +62,48 @@ module Dependabot
|
|
|
50
62
|
|
|
51
63
|
private
|
|
52
64
|
|
|
65
|
+
sig { void }
|
|
66
|
+
def set_go_environment_variables
|
|
67
|
+
set_goenv_variable
|
|
68
|
+
set_goproxy_variable
|
|
69
|
+
set_goprivate_variable
|
|
70
|
+
end
|
|
71
|
+
|
|
72
|
+
sig { void }
|
|
73
|
+
def set_goenv_variable
|
|
74
|
+
return unless go_env
|
|
75
|
+
|
|
76
|
+
env_file = T.must(go_env)
|
|
77
|
+
File.write(env_file.name, env_file.content)
|
|
78
|
+
ENV["GOENV"] = Pathname.new(env_file.name).realpath.to_s
|
|
79
|
+
end
|
|
80
|
+
|
|
81
|
+
sig { void }
|
|
82
|
+
def set_goprivate_variable
|
|
83
|
+
return if go_env&.content&.include?("GOPRIVATE")
|
|
84
|
+
return if go_env&.content&.include?("GOPROXY")
|
|
85
|
+
return if goproxy_credentials.any?
|
|
86
|
+
|
|
87
|
+
goprivate = options.fetch(:goprivate, "*")
|
|
88
|
+
ENV["GOPRIVATE"] = goprivate if goprivate
|
|
89
|
+
end
|
|
90
|
+
|
|
91
|
+
sig { void }
|
|
92
|
+
def set_goproxy_variable
|
|
93
|
+
return if go_env&.content&.include?("GOPROXY")
|
|
94
|
+
return if goproxy_credentials.empty?
|
|
95
|
+
|
|
96
|
+
urls = goproxy_credentials.filter_map { |cred| cred["url"] }
|
|
97
|
+
ENV["GOPROXY"] = "#{urls.join(',')},direct"
|
|
98
|
+
end
|
|
99
|
+
|
|
100
|
+
sig { returns(T::Array[Dependabot::Credential]) }
|
|
101
|
+
def goproxy_credentials
|
|
102
|
+
@goproxy_credentials ||= T.let(credentials.select do |cred|
|
|
103
|
+
cred["type"] == "goproxy_server"
|
|
104
|
+
end, T.nilable(T::Array[Dependabot::Credential]))
|
|
105
|
+
end
|
|
106
|
+
|
|
53
107
|
sig { returns(Ecosystem::VersionManager) }
|
|
54
108
|
def package_manager
|
|
55
109
|
@package_manager ||= T.let(
|
|
@@ -85,6 +139,11 @@ module Dependabot
|
|
|
85
139
|
@go_mod ||= T.let(get_original_file("go.mod"), T.nilable(Dependabot::DependencyFile))
|
|
86
140
|
end
|
|
87
141
|
|
|
142
|
+
sig { returns(T.nilable(Dependabot::DependencyFile)) }
|
|
143
|
+
def go_env
|
|
144
|
+
@go_env ||= T.let(get_original_file("go.env"), T.nilable(Dependabot::DependencyFile))
|
|
145
|
+
end
|
|
146
|
+
|
|
88
147
|
sig { override.void }
|
|
89
148
|
def check_required_files
|
|
90
149
|
raise "No go.mod!" unless go_mod
|
|
@@ -96,7 +96,6 @@ module Dependabot
|
|
|
96
96
|
@directory = directory
|
|
97
97
|
@tidy = T.let(options.fetch(:tidy, false), T::Boolean)
|
|
98
98
|
@vendor = T.let(options.fetch(:vendor, false), T::Boolean)
|
|
99
|
-
@goprivate = T.let(options.fetch(:goprivate), T.nilable(String))
|
|
100
99
|
end
|
|
101
100
|
|
|
102
101
|
sig { returns(T.nilable(String)) }
|
|
@@ -188,7 +187,7 @@ module Dependabot
|
|
|
188
187
|
# continue with an info log here. `go mod tidy` shouldn't block
|
|
189
188
|
# updating versions because there are some edge cases where it's OK to fail
|
|
190
189
|
# (such as generated files not available yet to us).
|
|
191
|
-
_, stderr, status = Open3.capture3(
|
|
190
|
+
_, stderr, status = Open3.capture3(command)
|
|
192
191
|
if status.success?
|
|
193
192
|
Dependabot.logger.info "`go mod tidy` succeeded"
|
|
194
193
|
else
|
|
@@ -201,7 +200,7 @@ module Dependabot
|
|
|
201
200
|
return unless vendor?
|
|
202
201
|
|
|
203
202
|
command = "go mod vendor"
|
|
204
|
-
_, stderr, status = Open3.capture3(
|
|
203
|
+
_, stderr, status = Open3.capture3(command)
|
|
205
204
|
handle_subprocess_error(stderr) unless status.success?
|
|
206
205
|
end
|
|
207
206
|
|
|
@@ -225,7 +224,7 @@ module Dependabot
|
|
|
225
224
|
end
|
|
226
225
|
command = SharedHelpers.escape_command(command)
|
|
227
226
|
|
|
228
|
-
_, stderr, status = Open3.capture3(
|
|
227
|
+
_, stderr, status = Open3.capture3(command)
|
|
229
228
|
handle_subprocess_error(stderr) unless status.success?
|
|
230
229
|
ensure
|
|
231
230
|
FileUtils.rm_f(T.must(tmp_go_file))
|
|
@@ -234,7 +233,7 @@ module Dependabot
|
|
|
234
233
|
sig { returns(T::Hash[String, T.untyped]) }
|
|
235
234
|
def parse_manifest
|
|
236
235
|
command = "go mod edit -json"
|
|
237
|
-
stdout, stderr, status = Open3.capture3(
|
|
236
|
+
stdout, stderr, status = Open3.capture3(command)
|
|
238
237
|
handle_subprocess_error(stderr) unless status.success?
|
|
239
238
|
|
|
240
239
|
JSON.parse(stdout) || {}
|
|
@@ -305,7 +304,7 @@ module Dependabot
|
|
|
305
304
|
end
|
|
306
305
|
|
|
307
306
|
repo_error_regex = REPO_RESOLVABILITY_ERROR_REGEXES.find { |r| stderr =~ r }
|
|
308
|
-
ResolvabilityErrors.handle(stderr
|
|
307
|
+
ResolvabilityErrors.handle(stderr) if repo_error_regex
|
|
309
308
|
|
|
310
309
|
path_regex = MODULE_PATH_MISMATCH_REGEXES.find { |r| stderr =~ r }
|
|
311
310
|
if path_regex
|
|
@@ -366,11 +365,6 @@ module Dependabot
|
|
|
366
365
|
def vendor?
|
|
367
366
|
!!@vendor
|
|
368
367
|
end
|
|
369
|
-
|
|
370
|
-
sig { returns(T::Hash[String, T.untyped]) }
|
|
371
|
-
def environment
|
|
372
|
-
{ "GOPRIVATE" => @goprivate }
|
|
373
|
-
end
|
|
374
368
|
end
|
|
375
369
|
end
|
|
376
370
|
end
|
|
@@ -29,7 +29,6 @@ module Dependabot
|
|
|
29
29
|
def initialize(dependencies:, dependency_files:, credentials:, repo_contents_path: nil, options: {})
|
|
30
30
|
super
|
|
31
31
|
|
|
32
|
-
@goprivate = T.let(options.fetch(:goprivate, "*"), String)
|
|
33
32
|
use_repo_contents_stub if repo_contents_path.nil?
|
|
34
33
|
end
|
|
35
34
|
|
|
@@ -149,7 +148,7 @@ module Dependabot
|
|
|
149
148
|
credentials: credentials,
|
|
150
149
|
repo_contents_path: repo_contents_path,
|
|
151
150
|
directory: T.must(directory),
|
|
152
|
-
options: { tidy: tidy?, vendor: vendor
|
|
151
|
+
options: { tidy: tidy?, vendor: vendor? }
|
|
153
152
|
),
|
|
154
153
|
T.nilable(Dependabot::GoModules::FileUpdater::GoModUpdater)
|
|
155
154
|
)
|
|
@@ -41,15 +41,13 @@ module Dependabot
|
|
|
41
41
|
params(
|
|
42
42
|
dependency: Dependabot::Dependency,
|
|
43
43
|
dependency_files: T::Array[Dependabot::DependencyFile],
|
|
44
|
-
credentials: T::Array[Dependabot::Credential]
|
|
45
|
-
goprivate: String
|
|
44
|
+
credentials: T::Array[Dependabot::Credential]
|
|
46
45
|
).void
|
|
47
46
|
end
|
|
48
|
-
def initialize(dependency:, dependency_files:, credentials
|
|
47
|
+
def initialize(dependency:, dependency_files:, credentials:)
|
|
49
48
|
@dependency = dependency
|
|
50
49
|
@dependency_files = dependency_files
|
|
51
50
|
@credentials = credentials
|
|
52
|
-
@goprivate = T.let(goprivate, String)
|
|
53
51
|
|
|
54
52
|
@source_type = T.let(nil, T.nilable(String))
|
|
55
53
|
end
|
|
@@ -63,9 +61,6 @@ module Dependabot
|
|
|
63
61
|
sig { returns(T::Array[T.untyped]) }
|
|
64
62
|
attr_reader :credentials
|
|
65
63
|
|
|
66
|
-
sig { returns(String) }
|
|
67
|
-
attr_reader :goprivate
|
|
68
|
-
|
|
69
64
|
# rubocop:disable Metrics/AbcSize,Metrics/PerceivedComplexity
|
|
70
65
|
sig { returns(T::Array[Dependabot::Package::PackageRelease]) }
|
|
71
66
|
def fetch_available_versions
|
|
@@ -82,12 +77,9 @@ module Dependabot
|
|
|
82
77
|
end
|
|
83
78
|
|
|
84
79
|
# Turn off the module proxy for private dependencies
|
|
85
|
-
env = { "GOPRIVATE" => @goprivate }
|
|
86
|
-
|
|
87
80
|
versions_json = SharedHelpers.run_shell_command(
|
|
88
81
|
"go list -m -versions -json #{dependency.name}",
|
|
89
|
-
fingerprint: "go list -m -versions -json <dependency_name>"
|
|
90
|
-
env: env
|
|
82
|
+
fingerprint: "go list -m -versions -json <dependency_name>"
|
|
91
83
|
)
|
|
92
84
|
version_strings = JSON.parse(versions_json)["Versions"]
|
|
93
85
|
|
|
@@ -112,7 +104,7 @@ module Dependabot
|
|
|
112
104
|
retry_count += 1
|
|
113
105
|
retry if transitory_failure?(e) && retry_count < 2
|
|
114
106
|
|
|
115
|
-
ResolvabilityErrors.handle(e.message
|
|
107
|
+
ResolvabilityErrors.handle(e.message)
|
|
116
108
|
[package_release(version: T.must(dependency.version))]
|
|
117
109
|
end
|
|
118
110
|
# rubocop:enable Metrics/AbcSize,Metrics/PerceivedComplexity
|
|
@@ -10,8 +10,8 @@ module Dependabot
|
|
|
10
10
|
|
|
11
11
|
GITHUB_REPO_REGEX = %r{github.com/[^:@ ]*}
|
|
12
12
|
|
|
13
|
-
sig { params(message: String
|
|
14
|
-
def self.handle(message
|
|
13
|
+
sig { params(message: String).void }
|
|
14
|
+
def self.handle(message)
|
|
15
15
|
mod_path = message.scan(GITHUB_REPO_REGEX).last
|
|
16
16
|
unless mod_path && message.include?("If this is a private repository")
|
|
17
17
|
raise Dependabot::DependencyFileNotResolvable, message
|
|
@@ -30,8 +30,7 @@ module Dependabot
|
|
|
30
30
|
mod_path
|
|
31
31
|
end
|
|
32
32
|
|
|
33
|
-
|
|
34
|
-
_, _, status = Open3.capture3(env, SharedHelpers.escape_command("go list -m -versions #{repo_path}"))
|
|
33
|
+
_, _, status = Open3.capture3(SharedHelpers.escape_command("go list -m -versions #{repo_path}"))
|
|
35
34
|
raise Dependabot::DependencyFileNotResolvable, message if status.success?
|
|
36
35
|
|
|
37
36
|
raise Dependabot::GitDependenciesNotReachable, [repo_path]
|
|
@@ -46,7 +46,6 @@ module Dependabot
|
|
|
46
46
|
credentials: T::Array[Dependabot::Credential],
|
|
47
47
|
ignored_versions: T::Array[String],
|
|
48
48
|
security_advisories: T::Array[Dependabot::SecurityAdvisory],
|
|
49
|
-
goprivate: String,
|
|
50
49
|
raise_on_ignored: T::Boolean,
|
|
51
50
|
cooldown_options: T.nilable(Dependabot::Package::ReleaseCooldownOptions)
|
|
52
51
|
)
|
|
@@ -58,7 +57,6 @@ module Dependabot
|
|
|
58
57
|
credentials:,
|
|
59
58
|
ignored_versions:,
|
|
60
59
|
security_advisories:,
|
|
61
|
-
goprivate:,
|
|
62
60
|
raise_on_ignored: false,
|
|
63
61
|
cooldown_options: nil
|
|
64
62
|
)
|
|
@@ -68,7 +66,6 @@ module Dependabot
|
|
|
68
66
|
@ignored_versions = ignored_versions
|
|
69
67
|
@security_advisories = security_advisories
|
|
70
68
|
@raise_on_ignored = raise_on_ignored
|
|
71
|
-
@goprivate = goprivate
|
|
72
69
|
@cooldown_options = cooldown_options
|
|
73
70
|
super(
|
|
74
71
|
dependency: dependency,
|
|
@@ -122,9 +119,6 @@ module Dependabot
|
|
|
122
119
|
sig { returns(T::Array[Dependabot::SecurityAdvisory]) }
|
|
123
120
|
attr_reader :security_advisories
|
|
124
121
|
|
|
125
|
-
sig { returns(String) }
|
|
126
|
-
attr_reader :goprivate
|
|
127
|
-
|
|
128
122
|
sig { returns(T.nilable(Dependabot::Package::ReleaseCooldownOptions)) }
|
|
129
123
|
attr_reader :cooldown_options
|
|
130
124
|
|
|
@@ -133,8 +127,7 @@ module Dependabot
|
|
|
133
127
|
@available_versions_details ||= T.let(Package::PackageDetailsFetcher.new(
|
|
134
128
|
dependency: dependency,
|
|
135
129
|
dependency_files: dependency_files,
|
|
136
|
-
credentials: credentials
|
|
137
|
-
goprivate: goprivate
|
|
130
|
+
credentials: credentials
|
|
138
131
|
).fetch_available_versions, T.nilable(T::Array[Dependabot::Package::PackageRelease]))
|
|
139
132
|
end
|
|
140
133
|
|
|
@@ -197,13 +190,10 @@ module Dependabot
|
|
|
197
190
|
# rubocop:disable Metrics/AbcSize
|
|
198
191
|
sig { params(release: Dependabot::Package::PackageRelease).returns(T::Boolean) }
|
|
199
192
|
def in_cooldown_period?(release)
|
|
200
|
-
env = { "GOPRIVATE" => @goprivate }
|
|
201
|
-
|
|
202
193
|
begin
|
|
203
194
|
release_info = SharedHelpers.run_shell_command(
|
|
204
195
|
"go list -m -json #{dependency.name}@#{release.details.[]('version_string')}",
|
|
205
|
-
fingerprint: "go list -m -json <dependency_name>"
|
|
206
|
-
env: env
|
|
196
|
+
fingerprint: "go list -m -json <dependency_name>"
|
|
207
197
|
)
|
|
208
198
|
rescue Dependabot::SharedHelpers::HelperSubprocessFailed => e
|
|
209
199
|
Dependabot.logger.info("Error while fetching release date info: #{e.message}")
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strong
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "sorbet-runtime"
|
|
@@ -66,8 +66,7 @@ module Dependabot
|
|
|
66
66
|
ignored_versions: ignored_versions,
|
|
67
67
|
security_advisories: security_advisories,
|
|
68
68
|
raise_on_ignored: raise_on_ignored,
|
|
69
|
-
cooldown_options: update_cooldown
|
|
70
|
-
goprivate: options.fetch(:goprivate, "*")
|
|
69
|
+
cooldown_options: update_cooldown
|
|
71
70
|
),
|
|
72
71
|
T.nilable(Dependabot::GoModules::UpdateChecker::LatestVersionFinder)
|
|
73
72
|
)
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-go_modules
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.330.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.330.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.330.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: debug
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -271,7 +271,7 @@ licenses:
|
|
|
271
271
|
- MIT
|
|
272
272
|
metadata:
|
|
273
273
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
274
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
274
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.330.0
|
|
275
275
|
rdoc_options: []
|
|
276
276
|
require_paths:
|
|
277
277
|
- lib
|