dependabot-go_modules 0.334.0 → 0.335.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '08453d63809b6a9def977ae0431502c5cbf48dd009a527faabb309abe6cf2dda'
-  data.tar.gz: f18381ae9e6ada87ffb25a719a570936c0f1eb810d65ce0ad81be6374e508e62
+  metadata.gz: 0ba2ffbc3f930196b6230efea8a5d574e83b4be246dcdf3a7c9dcd6014aec870
+  data.tar.gz: fb9667f95fef7bf2f302f39032ddc57a74588d6b7f398c65112d27a839c50d9b
 SHA512:
-  metadata.gz: 15f6333c88a8710ff37b8fd0a631a349e878dcb24ce854e66a9eabcd8f60dadf1b2ce5f13ba51097cd6cbdcc919488ca360237c1986a693dc1207912e7a738a2
-  data.tar.gz: d8cf9ce7b1a7b2e3a91c1affff8b20d1e1fc919323dd60908c3cf8d8e6f10e9f153b206480eed033c5715b565b8c098ab028e9a76431be2415d00ec9ee69e600
+  metadata.gz: 6c89d1331a852edcfe8ce57885022a5971d088b964e400e87ccb5bf4273e0978881ba76a9a52706b806dc5ae298cb168c090c937ee4b77c07acb3883932ae8fc
+  data.tar.gz: 61fe3e6273a93c9f529f2475ed6eaf5e8480a477a1a20ddf45b5788b88537a559ce5857e0bf1ee7b07db07ff6925cf1c34b49f33dc8d58d18a90fa1c4c22261e

data/lib/dependabot/go_modules/dependency_grapher.rb

@@ -0,0 +1,57 @@
+# typed: strict
+# frozen_string_literal: true
+
+require "sorbet-runtime"
+
+require "dependabot/dependency_graphers"
+require "dependabot/dependency_graphers/base"
+
+module Dependabot
+  module GoModules
+    class DependencyGrapher < Dependabot::DependencyGraphers::Base
+      sig { override.returns(Dependabot::DependencyFile) }
+      def relevant_dependency_file
+        raise DependabotError, "No go.mod present in dependency files." unless go_mod
+
+        T.must(go_mod)
+      end
+
+      private
+
+      # TODO: Build subdependency in this class and assign here -or- assign metadata in the parser
+      #
+      # We can do whichever makes most sense on a case-by-case basis, for Go the trade off on
+      # doing this in the parser shouldn't add a huge overhead.
+      sig { override.params(dependency: Dependabot::Dependency).returns(T::Array[String]) }
+      def fetch_subdependencies(dependency)
+        dependency.metadata.fetch(:depends_on, [])
+      end
+
+      sig { returns(T.nilable(Dependabot::DependencyFile)) }
+      def go_mod
+        return @go_mod if defined?(@go_mod)
+
+        @go_mod = T.let(
+          @dependency_files.find { |f| f.name = "go.mod" },
+          T.nilable(Dependabot::DependencyFile)
+        )
+      end
+
+      # In Go, the `v` is considered a canonical part of the version and omitting it can make
+      # comparisons tricky
+      sig { params(dependency: Dependabot::Dependency).returns(String) }
+      def purl_version_for(dependency)
+        return "" unless dependency.version
+
+        "@v#{dependency.version}"
+      end
+
+      sig { override.params(_dependency: Dependabot::Dependency).returns(String) }
+      def purl_pkg_for(_dependency)
+        "golang"
+      end
+    end
+  end
+end
+
+Dependabot::DependencyGraphers.register("go_modules", Dependabot::GoModules::DependencyGrapher)

data/lib/dependabot/go_modules/file_parser.rb

@@ -21,12 +21,23 @@ module Dependabot
       extend T::Sig
 
       sig do
-        params(dependency_files: T::Array[Dependabot::DependencyFile], source: T.nilable(Dependabot::Source),
-               repo_contents_path: T.nilable(String), credentials: T::Array[Dependabot::Credential],
-               reject_external_code: T::Boolean, options: T::Hash[Symbol, T.untyped]).void
+        params(
+          dependency_files: T::Array[Dependabot::DependencyFile],
+          source: T.nilable(Dependabot::Source),
+          repo_contents_path: T.nilable(String),
+          credentials: T::Array[Dependabot::Credential],
+          reject_external_code: T::Boolean,
+          options: T::Hash[Symbol, T.untyped]
+        ).void
       end
-      def initialize(dependency_files:, source: nil, repo_contents_path: nil,
-                     credentials: [], reject_external_code: false, options: {})
+      def initialize(
+        dependency_files:,
+        source: nil,
+        repo_contents_path: nil,
+        credentials: [],
+        reject_external_code: false,
+        options: {}
+      )
         super
 
         set_go_environment_variables
@@ -49,13 +60,16 @@ module Dependabot
 
       sig { returns(Ecosystem) }
       def ecosystem
-        @ecosystem ||= T.let(begin
-          Ecosystem.new(
-            name: ECOSYSTEM,
-            package_manager: package_manager,
-            language: language
-          )
-        end, T.nilable(Dependabot::Ecosystem))
+        @ecosystem ||= T.let(
+          begin
+            Ecosystem.new(
+              name: ECOSYSTEM,
+              package_manager: package_manager,
+              language: language
+            )
+          end,
+          T.nilable(Dependabot::Ecosystem)
+        )
       end
 
       private
@@ -97,9 +111,12 @@ module Dependabot
 
       sig { returns(T::Array[Dependabot::Credential]) }
       def goproxy_credentials
-        @goproxy_credentials ||= T.let(credentials.select do |cred|
-          cred["type"] == "goproxy_server"
-        end, T.nilable(T::Array[Dependabot::Credential]))
+        @goproxy_credentials ||= T.let(
+          credentials.select do |cred|
+            cred["type"] == "goproxy_server"
+          end,
+          T.nilable(T::Array[Dependabot::Credential])
+        )
       end
 
       sig { returns(Ecosystem::VersionManager) }
@@ -112,24 +129,30 @@ module Dependabot
 
       sig { returns(T.nilable(Ecosystem::VersionManager)) }
       def language
-        @language ||= T.let(begin
-          Language.new(go_version)
-        end, T.nilable(Dependabot::GoModules::Language))
+        @language ||= T.let(
+          go_version ? Language.new(T.must(go_version)) : nil,
+          T.nilable(Dependabot::GoModules::Language)
+        )
       end
 
-      sig { returns(String) }
+      sig { returns(T.nilable(String)) }
       def go_version
-        @go_version ||= T.let(T.must(go_mod&.content&.match(/^go\s(\d+\.\d+(.\d+)*)/)&.captures&.first),
-                              T.nilable(String))
+        @go_version ||= T.let(
+          go_mod&.content&.match(/^go\s(\d+\.\d+(.\d+)*)/)&.captures&.first,
+          T.nilable(String)
+        )
       end
 
       sig { returns(T.nilable(String)) }
       def go_toolchain_version
-        @go_toolchain_version ||= T.let(begin
-          # Checks version based on the GOTOOLCHAIN in ENV
-          version = SharedHelpers.run_shell_command("go version")
-          version.match(/go\s*(\d+\.\d+(.\d+)*)/)&.captures&.first
-        end, T.nilable(String))
+        @go_toolchain_version ||= T.let(
+          begin
+            # Checks version based on the GOTOOLCHAIN in ENV
+            version = SharedHelpers.run_shell_command("go version")
+            version.match(/go\s*(\d+\.\d+(.\d+)*)/)&.captures&.first
+          end,
+          T.nilable(String)
+        )
       end
 
       sig { returns(T.nilable(Dependabot::DependencyFile)) }
@@ -170,23 +193,26 @@ module Dependabot
       sig { returns(T::Array[T::Hash[String, T.untyped]]) }
       def required_packages
         @required_packages ||=
-          T.let(SharedHelpers.in_a_temporary_directory do |path|
-            # Create a fake empty module for each local module so that
-            # `go mod edit` works, even if some modules have been `replace`d with
-            # a local module that we don't have access to.
-            local_replacements.each do |_, stub_path|
-              FileUtils.mkdir_p(stub_path)
-              FileUtils.touch(File.join(stub_path, "go.mod"))
-            end
-
-            File.write("go.mod", go_mod_content)
-
-            command = "go mod edit -json"
-
-            stdout, stderr, status = Open3.capture3(command)
-            handle_parser_error(path, stderr) unless status.success?
-            JSON.parse(stdout)["Require"] || []
-          end, T.nilable(T::Array[T::Hash[String, T.untyped]]))
+          T.let(
+            SharedHelpers.in_a_temporary_directory do |path|
+              # Create a fake empty module for each local module so that
+              # `go mod edit` works, even if some modules have been `replace`d with
+              # a local module that we don't have access to.
+              local_replacements.each do |_, stub_path|
+                FileUtils.mkdir_p(stub_path)
+                FileUtils.touch(File.join(stub_path, "go.mod"))
+              end
+
+              File.write("go.mod", go_mod_content)
+
+              command = "go mod edit -json"
+
+              stdout, stderr, status = Open3.capture3(command)
+              handle_parser_error(path, stderr) unless status.success?
+              JSON.parse(stdout)["Require"] || []
+            end,
+            T.nilable(T::Array[T::Hash[String, T.untyped]])
+          )
       end
 
       sig { returns(T::Hash[String, String]) }
@@ -196,25 +222,30 @@ module Dependabot
           # we can use in their place. Using generated paths is safer as it
           # means we don't need to worry about references to parent
           # directories, etc.
-          T.let(ReplaceStubber.new(repo_contents_path).stub_paths(manifest, go_mod&.directory),
-                T.nilable(T::Hash[String, String]))
+          T.let(
+            ReplaceStubber.new(repo_contents_path).stub_paths(manifest, go_mod&.directory),
+            T.nilable(T::Hash[String, String])
+          )
       end
 
       sig { returns(T::Hash[String, T.untyped]) }
       def manifest
         @manifest ||=
-          T.let(SharedHelpers.in_a_temporary_directory do |path|
-                  File.write("go.mod", go_mod&.content)
+          T.let(
+            SharedHelpers.in_a_temporary_directory do |path|
+              File.write("go.mod", go_mod&.content)
 
-                  # Parse the go.mod to get a JSON representation of the replace
-                  # directives
-                  command = "go mod edit -json"
+              # Parse the go.mod to get a JSON representation of the replace
+              # directives
+              command = "go mod edit -json"
 
-                  stdout, stderr, status = Open3.capture3(command)
-                  handle_parser_error(path, stderr) unless status.success?
+              stdout, stderr, status = Open3.capture3(command)
+              handle_parser_error(path, stderr) unless status.success?
 
-                  JSON.parse(stdout)
-                end, T.nilable(T::Hash[String, T.untyped]))
+              JSON.parse(stdout)
+            end,
+            T.nilable(T::Hash[String, T.untyped])
+          )
       end
 
       sig { returns(T.nilable(String)) }

data/lib/dependabot/go_modules/file_updater/go_mod_updater.rb

@@ -16,58 +16,70 @@ module Dependabot
       class GoModUpdater
         extend T::Sig
 
-        RESOLVABILITY_ERROR_REGEXES = T.let([
-          # The checksum in go.sum does not match the downloaded content
-          /verifying .*: checksum mismatch/,
-          /go(?: get)?: .*: go.mod has post-v\d+ module path/,
-          # The Go tool is suggesting the user should run go mod tidy
-          /go mod tidy/,
-          # Something wrong in the chain of go.mod/go.sum files
-          # These are often fixable with go mod tidy too.
-          /no required module provides package/,
-          /missing go\.sum entry for module providing package/,
-          /missing go\.sum entry for go\.mod file/m,
-          /malformed module path/,
-          /used for two different module paths/,
-          # https://github.com/golang/go/issues/56494
-          /can't find reason for requirement on/,
-          # import path doesn't exist
-          /package \S+ is not in GOROOT/
-        ].freeze, T::Array[Regexp])
-
-        REPO_RESOLVABILITY_ERROR_REGEXES = T.let([
-          /fatal: The remote end hung up unexpectedly/,
-          /repository '.+' not found/,
-          %r{net/http: TLS handshake timeout},
-          # (Private) module could not be fetched
-          /go(?: get)?: .*: git (fetch|ls-remote) .*: exit status 128/m,
-          # (Private) module could not be found
-          /cannot find module providing package/,
-          # Package in module was likely renamed or removed
-          /module.*found.*but does not contain package/m,
-          # Package pseudo-version does not match the version-control metadata
-          # https://golang.google.cn/doc/go1.13#version-validation
-          /go(?: get)?: .*: invalid pseudo-version/m,
-          # Package does not exist, has been pulled or cannot be reached due to
-          # auth problems with either git or the go proxy
-          /go(?: get)?: .*: unknown revision/m,
-          # Package pointing to a proxy that 404s
-          /go(?: get)?: .*: unrecognized import path/m,
-          # Package not being referenced correctly
-          /go:.*imports.*package.+is not in std/m
-        ].freeze, T::Array[Regexp])
-
-        MODULE_PATH_MISMATCH_REGEXES = T.let([
-          /go(?: get)?: ([^@\s]+)(?:@[^\s]+)?: .* has non-.* module path "(.*)" at/,
-          /go(?: get)?: ([^@\s]+)(?:@[^\s]+)?: .* unexpected module path "(.*)"/,
-          /go(?: get)?: ([^@\s]+)(?:@[^\s]+)?:? .* declares its path as: ([\S]*)/m
-        ].freeze, T::Array[Regexp])
-
-        OUT_OF_DISK_REGEXES = T.let([
-          %r{input/output error},
-          /no space left on device/,
-          /Out of diskspace/
-        ].freeze, T::Array[Regexp])
+        RESOLVABILITY_ERROR_REGEXES = T.let(
+          [
+            # The checksum in go.sum does not match the downloaded content
+            /verifying .*: checksum mismatch/,
+            /go(?: get)?: .*: go.mod has post-v\d+ module path/,
+            # The Go tool is suggesting the user should run go mod tidy
+            /go mod tidy/,
+            # Something wrong in the chain of go.mod/go.sum files
+            # These are often fixable with go mod tidy too.
+            /no required module provides package/,
+            /missing go\.sum entry for module providing package/,
+            /missing go\.sum entry for go\.mod file/m,
+            /malformed module path/,
+            /used for two different module paths/,
+            # https://github.com/golang/go/issues/56494
+            /can't find reason for requirement on/,
+            # import path doesn't exist
+            /package \S+ is not in GOROOT/
+          ].freeze,
+          T::Array[Regexp]
+        )
+
+        REPO_RESOLVABILITY_ERROR_REGEXES = T.let(
+          [
+            /fatal: The remote end hung up unexpectedly/,
+            /repository '.+' not found/,
+            %r{net/http: TLS handshake timeout},
+            # (Private) module could not be fetched
+            /go(?: get)?: .*: git (fetch|ls-remote) .*: exit status 128/m,
+            # (Private) module could not be found
+            /cannot find module providing package/,
+            # Package in module was likely renamed or removed
+            /module.*found.*but does not contain package/m,
+            # Package pseudo-version does not match the version-control metadata
+            # https://golang.google.cn/doc/go1.13#version-validation
+            /go(?: get)?: .*: invalid pseudo-version/m,
+            # Package does not exist, has been pulled or cannot be reached due to
+            # auth problems with either git or the go proxy
+            /go(?: get)?: .*: unknown revision/m,
+            # Package pointing to a proxy that 404s
+            /go(?: get)?: .*: unrecognized import path/m,
+            # Package not being referenced correctly
+            /go:.*imports.*package.+is not in std/m
+          ].freeze,
+          T::Array[Regexp]
+        )
+
+        MODULE_PATH_MISMATCH_REGEXES = T.let(
+          [
+            /go(?: get)?: ([^@\s]+)(?:@[^\s]+)?: .* has non-.* module path "(.*)" at/,
+            /go(?: get)?: ([^@\s]+)(?:@[^\s]+)?: .* unexpected module path "(.*)"/,
+            /go(?: get)?: ([^@\s]+)(?:@[^\s]+)?:? .* declares its path as: ([\S]*)/m
+          ].freeze,
+          T::Array[Regexp]
+        )
+
+        OUT_OF_DISK_REGEXES = T.let(
+          [
+            %r{input/output error},
+            /no space left on device/,
+            /Out of diskspace/
+          ].freeze,
+          T::Array[Regexp]
+        )
 
         GO_LANG = "Go"
 
@@ -87,8 +99,14 @@ module Dependabot
             options: T::Hash[Symbol, T.untyped]
           ).void
         end
-        def initialize(dependencies:, dependency_files:, credentials:, repo_contents_path:,
-                       directory:, options:)
+        def initialize(
+          dependencies:,
+          dependency_files:,
+          credentials:,
+          repo_contents_path:,
+          directory:,
+          options:
+        )
           @dependencies = dependencies
           @dependency_files = dependency_files
           @credentials = credentials
@@ -273,8 +291,11 @@ module Dependabot
         sig { params(manifest: T::Hash[String, T.untyped]).returns(T::Hash[String, String]) }
         def replace_directive_substitutions(manifest)
           @replace_directive_substitutions ||=
-            T.let(Dependabot::GoModules::ReplaceStubber.new(repo_contents_path)
-                                                 .stub_paths(manifest, directory), T.nilable(T::Hash[String, String]))
+            T.let(
+              Dependabot::GoModules::ReplaceStubber.new(repo_contents_path)
+                                                               .stub_paths(manifest, directory),
+              T.nilable(T::Hash[String, String])
+            )
         end
 
         sig { params(substitutions: T::Hash[String, String]).void }
@@ -324,8 +345,11 @@ module Dependabot
           end
 
           if (matches = stderr.match(GO_VERSION_MISMATCH))
-            raise Dependabot::ToolVersionNotSupported.new(GO_LANG, T.must(matches[:current_ver]),
-                                                          T.must(matches[:req_ver]))
+            raise Dependabot::ToolVersionNotSupported.new(
+              GO_LANG,
+              T.must(matches[:current_ver]),
+              T.must(matches[:req_ver])
+            )
           end
 
           # We don't know what happened so we raise a generic error

data/lib/dependabot/go_modules/package/package_details_fetcher.rb

@@ -157,7 +157,8 @@ module Dependabot
             Dependabot::Package::PackageDetails.new(
               dependency: dependency,
               releases: releases.reverse.uniq(&:version)
-            ), T.nilable(Dependabot::Package::PackageDetails)
+            ),
+            T.nilable(Dependabot::Package::PackageDetails)
           )
         end
       end

data/lib/dependabot/go_modules/replace_stubber.rb

@@ -59,8 +59,10 @@ module Dependabot
 
       sig { params(directory: T.nilable(String)).returns(Pathname) }
       def module_pathname(directory)
-        @module_pathname ||= T.let(Pathname.new(@repo_contents_path).join(T.must(directory).sub(%r{^/}, "")),
-                                   T.nilable(Pathname))
+        @module_pathname ||= T.let(
+          Pathname.new(@repo_contents_path).join(T.must(directory).sub(%r{^/}, "")),
+          T.nilable(Pathname)
+        )
       end
     end
   end

data/lib/dependabot/go_modules/update_checker/latest_version_finder.rb

@@ -84,8 +84,10 @@ module Dependabot
                   .returns(T.nilable(Dependabot::Version))
         end
         def latest_version(language_version: nil)
-          @latest_version ||= T.let(fetch_latest_version(language_version: language_version),
-                                    T.nilable(Dependabot::Version))
+          @latest_version ||= T.let(
+            fetch_latest_version(language_version: language_version),
+            T.nilable(Dependabot::Version)
+          )
         end
 
         sig do
@@ -93,8 +95,10 @@ module Dependabot
                   .returns(T.nilable(Dependabot::Version))
         end
         def lowest_security_fix_version(language_version: nil)
-          @lowest_security_fix_version ||= T.let(fetch_lowest_security_fix_version(language_version: language_version),
-                                                 T.nilable(Dependabot::Version))
+          @lowest_security_fix_version ||= T.let(
+            fetch_lowest_security_fix_version(language_version: language_version),
+            T.nilable(Dependabot::Version)
+          )
         end
 
         sig { override.returns(T::Boolean) }
@@ -124,11 +128,14 @@ module Dependabot
 
         sig { returns(T::Array[Dependabot::Package::PackageRelease]) }
         def available_versions_details
-          @available_versions_details ||= T.let(Package::PackageDetailsFetcher.new(
-            dependency: dependency,
-            dependency_files: dependency_files,
-            credentials: credentials
-          ).fetch_available_versions, T.nilable(T::Array[Dependabot::Package::PackageRelease]))
+          @available_versions_details ||= T.let(
+            Package::PackageDetailsFetcher.new(
+              dependency: dependency,
+              dependency_files: dependency_files,
+              credentials: credentials
+            ).fetch_available_versions,
+            T.nilable(T::Array[Dependabot::Package::PackageRelease])
+          )
         end
 
         # rubocop:disable Lint/UnusedMethodArgument
@@ -214,8 +221,10 @@ module Dependabot
           passed_days = passed_seconds / DAY_IN_SECONDS
 
           if passed_days < days
-            Dependabot.logger.info("Version #{release.version}, Release date: #{release.released_at}." \
-                                   " Days since release: #{passed_days} (cooldown days: #{days})")
+            Dependabot.logger.info(
+              "Version #{release.version}, Release date: #{release.released_at}." \
+              " Days since release: #{passed_days} (cooldown days: #{days})"
+            )
           end
 
           # Check if the release is within the cooldown period
@@ -231,7 +240,8 @@ module Dependabot
             Dependabot::Package::PackageDetails.new(
               dependency: dependency,
               releases: available_versions_details.reverse.uniq(&:version)
-            ), T.nilable(Dependabot::Package::PackageDetails)
+            ),
+            T.nilable(Dependabot::Package::PackageDetails)
           )
         end
 
@@ -242,8 +252,10 @@ module Dependabot
         def fetch_lowest_security_fix_version(language_version: nil)
           relevant_versions = available_versions_details
           relevant_versions = filter_prerelease_versions(relevant_versions)
-          relevant_versions = Dependabot::UpdateCheckers::VersionFilters.filter_vulnerable_versions(relevant_versions,
-                                                                                                    security_advisories)
+          relevant_versions = Dependabot::UpdateCheckers::VersionFilters.filter_vulnerable_versions(
+            relevant_versions,
+            security_advisories
+          )
           relevant_versions = filter_ignored_versions(relevant_versions)
           relevant_versions = filter_lower_versions(relevant_versions)
 

data/lib/dependabot/go_modules.rb

@@ -3,6 +3,7 @@
 
 # These all need to be required so the various classes can be registered in a
 # lookup table of package manager names to concrete classes.
+require "dependabot/go_modules/dependency_grapher"
 require "dependabot/go_modules/file_fetcher"
 require "dependabot/go_modules/file_parser"
 require "dependabot/go_modules/update_checker"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-go_modules
 version: !ruby/object:Gem::Version
-  version: 0.334.0
+  version: 0.335.0
 platform: ruby
 authors:
 - Dependabot
@@ -15,14 +15,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.334.0
+        version: 0.335.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.334.0
+        version: 0.335.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -113,56 +113,56 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.67'
+        version: '1.80'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.67'
+        version: '1.80'
 - !ruby/object:Gem::Dependency
   name: rubocop-performance
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.22'
+        version: '1.26'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.22'
+        version: '1.26'
 - !ruby/object:Gem::Dependency
   name: rubocop-rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.29'
+        version: '3.7'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.29'
+        version: '3.7'
 - !ruby/object:Gem::Dependency
   name: rubocop-sorbet
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.8'
+        version: '0.10'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.8'
+        version: '0.10'
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -250,6 +250,7 @@ files:
 - helpers/main.go
 - helpers/version_test.go
 - lib/dependabot/go_modules.rb
+- lib/dependabot/go_modules/dependency_grapher.rb
 - lib/dependabot/go_modules/file_fetcher.rb
 - lib/dependabot/go_modules/file_parser.rb
 - lib/dependabot/go_modules/file_updater.rb
@@ -271,7 +272,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.334.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.335.0
 rdoc_options: []
 require_paths:
 - lib