dependabot-go_modules 0.363.0 → 0.364.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/helpers/go.mod +2 -2
- data/helpers/go.sum +2 -2
- data/helpers/importresolver/main.go +60 -0
- data/helpers/importresolver/main_test.go +48 -0
- data/lib/dependabot/go_modules/azure_devops_path_normalizer.rb +27 -0
- data/lib/dependabot/go_modules/file_updater.rb +1 -1
- data/lib/dependabot/go_modules/package/package_details_fetcher.rb +3 -1
- data/lib/dependabot/go_modules/requirement.rb +9 -9
- data/lib/dependabot/go_modules/update_checker/latest_version_finder.rb +3 -1
- metadata +5 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: '0549b6632e12248926b3a3b507c6ef80e389fba47bde1cf5886f0b0493a0faad'
|
|
4
|
+
data.tar.gz: 3928257803da819ec010c35031c94ad78eeacf6effc8f495b257d9b4d95b91cd
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9ae6dd6cca4e9a0dc9e7598c44978f89fcee9fae236b852957718ef0282b7d24f0578f5ef959b37790b16168ea223c78d7fb18a42a4a50fd29cd7b6aff3ef13a
|
|
7
|
+
data.tar.gz: f9e66da88dd36e4f2da7412f276edbbe296a7745034e4c6ded7d0ec5b46b6071618c21f19b7fe57a1f24087a8dd92b007b5a9b0bc3d4012255c1d6271b633ea7
|
data/helpers/go.mod
CHANGED
data/helpers/go.sum
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
1
|
github.com/Masterminds/vcs v1.13.3 h1:IIA2aBdXvfbIM+yl/eTnL4hb1XwdpvuQLglAix1gweE=
|
|
2
2
|
github.com/Masterminds/vcs v1.13.3/go.mod h1:TiE7xuEjl1N4j016moRd6vezp6e6Lz23gypeXfzXeW8=
|
|
3
|
-
golang.org/x/mod v0.
|
|
4
|
-
golang.org/x/mod v0.
|
|
3
|
+
golang.org/x/mod v0.33.0 h1:tHFzIWbBifEmbwtGz65eaWyGiGZatSrT9prnU8DbVL8=
|
|
4
|
+
golang.org/x/mod v0.33.0/go.mod h1:swjeQEj+6r7fODbD2cqrnje9PnziFuw4bmLbBZFrQ5w=
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
package importresolver
|
|
2
2
|
|
|
3
3
|
import (
|
|
4
|
+
"net/url"
|
|
4
5
|
"os"
|
|
5
6
|
"strings"
|
|
6
7
|
|
|
@@ -20,6 +21,8 @@ func VCSRemoteForImport(args *Args) (interface{}, error) {
|
|
|
20
21
|
remote = "https://" + remote
|
|
21
22
|
}
|
|
22
23
|
|
|
24
|
+
remote = normalizeAzureDevOpsURL(remote)
|
|
25
|
+
|
|
23
26
|
local, err := os.MkdirTemp("", "unused-vcs-local-dir")
|
|
24
27
|
if err != nil {
|
|
25
28
|
return nil, err
|
|
@@ -34,3 +37,60 @@ func VCSRemoteForImport(args *Args) (interface{}, error) {
|
|
|
34
37
|
}()
|
|
35
38
|
return repo.Remote(), nil
|
|
36
39
|
}
|
|
40
|
+
|
|
41
|
+
func normalizeAzureDevOpsURL(remote string) string {
|
|
42
|
+
uri, err := url.Parse(remote)
|
|
43
|
+
if err != nil {
|
|
44
|
+
return remote
|
|
45
|
+
}
|
|
46
|
+
|
|
47
|
+
host := strings.ToLower(uri.Host)
|
|
48
|
+
if host != "dev.azure.com" {
|
|
49
|
+
return remote
|
|
50
|
+
}
|
|
51
|
+
|
|
52
|
+
segments := strings.Split(strings.TrimPrefix(uri.Path, "/"), "/")
|
|
53
|
+
if len(segments) < 3 {
|
|
54
|
+
return remote
|
|
55
|
+
}
|
|
56
|
+
|
|
57
|
+
normalizedSegments := segments
|
|
58
|
+
removeGitSuffix := false
|
|
59
|
+
if !strings.Contains(uri.Path, "/_git/") {
|
|
60
|
+
if len(segments) < 3 {
|
|
61
|
+
return remote
|
|
62
|
+
}
|
|
63
|
+
|
|
64
|
+
// Azure DevOps paths are /{org}/{project}/_git/{repo}[/{subdir}...].
|
|
65
|
+
// Insert "_git" after the first two segments and preserve the rest.
|
|
66
|
+
normalizedSegments = make([]string, 0, len(segments)+1)
|
|
67
|
+
normalizedSegments = append(normalizedSegments, segments[:2]...)
|
|
68
|
+
normalizedSegments = append(normalizedSegments, "_git")
|
|
69
|
+
normalizedSegments = append(normalizedSegments, segments[2:]...)
|
|
70
|
+
removeGitSuffix = true
|
|
71
|
+
}
|
|
72
|
+
|
|
73
|
+
if !removeGitSuffix {
|
|
74
|
+
uri.Path = "/" + strings.Join(normalizedSegments, "/")
|
|
75
|
+
|
|
76
|
+
return uri.String()
|
|
77
|
+
}
|
|
78
|
+
|
|
79
|
+
for i := range normalizedSegments {
|
|
80
|
+
if normalizedSegments[i] != "_git" {
|
|
81
|
+
continue
|
|
82
|
+
}
|
|
83
|
+
|
|
84
|
+
repoIndex := i + 1
|
|
85
|
+
if repoIndex >= len(normalizedSegments) {
|
|
86
|
+
return remote
|
|
87
|
+
}
|
|
88
|
+
|
|
89
|
+
normalizedSegments[repoIndex] = strings.TrimSuffix(normalizedSegments[repoIndex], ".git")
|
|
90
|
+
break
|
|
91
|
+
}
|
|
92
|
+
|
|
93
|
+
uri.Path = "/" + strings.Join(normalizedSegments, "/")
|
|
94
|
+
|
|
95
|
+
return uri.String()
|
|
96
|
+
}
|
|
@@ -13,3 +13,51 @@ func TestVCSRemoteForImport(t *testing.T) {
|
|
|
13
13
|
t.Fatalf("failed to get VCS remote for import %s: %v", args.Import, err)
|
|
14
14
|
}
|
|
15
15
|
}
|
|
16
|
+
|
|
17
|
+
func TestNormalizeAzureDevOpsURL(t *testing.T) {
|
|
18
|
+
tests := []struct {
|
|
19
|
+
name string
|
|
20
|
+
input string
|
|
21
|
+
want string
|
|
22
|
+
}{
|
|
23
|
+
{
|
|
24
|
+
name: "adds _git segment when missing and removes .git suffix",
|
|
25
|
+
input: "https://dev.azure.com/VaronisIO/da-cloud/be-protobuf.git",
|
|
26
|
+
want: "https://dev.azure.com/VaronisIO/da-cloud/_git/be-protobuf",
|
|
27
|
+
},
|
|
28
|
+
{
|
|
29
|
+
name: "preserves existing _git segment",
|
|
30
|
+
input: "https://dev.azure.com/VaronisIO/da-cloud/_git/be-protobuf",
|
|
31
|
+
want: "https://dev.azure.com/VaronisIO/da-cloud/_git/be-protobuf",
|
|
32
|
+
},
|
|
33
|
+
{
|
|
34
|
+
name: "retains .git suffix when _git already exists",
|
|
35
|
+
input: "https://dev.azure.com/VaronisIO/da-cloud/_git/be-protobuf.git",
|
|
36
|
+
want: "https://dev.azure.com/VaronisIO/da-cloud/_git/be-protobuf.git",
|
|
37
|
+
},
|
|
38
|
+
{
|
|
39
|
+
name: "retains .git suffix and subdirectory when _git already exists",
|
|
40
|
+
input: "https://dev.azure.com/VaronisIO/da-cloud/_git/be-protobuf.git/submodule",
|
|
41
|
+
want: "https://dev.azure.com/VaronisIO/da-cloud/_git/be-protobuf.git/submodule",
|
|
42
|
+
},
|
|
43
|
+
{
|
|
44
|
+
name: "preserves subdirectory while removing .git suffix",
|
|
45
|
+
input: "https://dev.azure.com/VaronisIO/da-cloud/be-protobuf.git/submodule",
|
|
46
|
+
want: "https://dev.azure.com/VaronisIO/da-cloud/_git/be-protobuf/submodule",
|
|
47
|
+
},
|
|
48
|
+
{
|
|
49
|
+
name: "ignores non azure hosts",
|
|
50
|
+
input: "https://github.com/dependabot/dependabot-core",
|
|
51
|
+
want: "https://github.com/dependabot/dependabot-core",
|
|
52
|
+
},
|
|
53
|
+
}
|
|
54
|
+
|
|
55
|
+
for _, test := range tests {
|
|
56
|
+
t.Run(test.name, func(t *testing.T) {
|
|
57
|
+
got := normalizeAzureDevOpsURL(test.input)
|
|
58
|
+
if got != test.want {
|
|
59
|
+
t.Fatalf("normalizeAzureDevOpsURL(%q) = %q, want %q", test.input, got, test.want)
|
|
60
|
+
}
|
|
61
|
+
})
|
|
62
|
+
}
|
|
63
|
+
}
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
# typed: strong
|
|
2
|
+
# frozen_string_literal: true
|
|
3
|
+
|
|
4
|
+
require "sorbet-runtime"
|
|
5
|
+
|
|
6
|
+
module Dependabot
|
|
7
|
+
module GoModules
|
|
8
|
+
module AzureDevopsPathNormalizer
|
|
9
|
+
extend T::Sig
|
|
10
|
+
|
|
11
|
+
sig { params(name: String).returns(String) }
|
|
12
|
+
def self.normalize(name)
|
|
13
|
+
return name unless name.start_with?("dev.azure.com/")
|
|
14
|
+
|
|
15
|
+
segments = name.split("/")
|
|
16
|
+
return name if segments.length < 4
|
|
17
|
+
return name if segments[3] == "_git"
|
|
18
|
+
|
|
19
|
+
normalized_segments = segments.dup
|
|
20
|
+
normalized_segments.insert(3, "_git")
|
|
21
|
+
normalized_segments[4] = normalized_segments.fetch(4).delete_suffix(".git")
|
|
22
|
+
|
|
23
|
+
normalized_segments.join("/")
|
|
24
|
+
end
|
|
25
|
+
end
|
|
26
|
+
end
|
|
27
|
+
end
|
|
@@ -10,6 +10,7 @@ require "dependabot/shared_helpers"
|
|
|
10
10
|
require "dependabot/errors"
|
|
11
11
|
require "dependabot/go_modules/requirement"
|
|
12
12
|
require "dependabot/go_modules/resolvability_errors"
|
|
13
|
+
require "dependabot/go_modules/azure_devops_path_normalizer"
|
|
13
14
|
|
|
14
15
|
module Dependabot
|
|
15
16
|
module GoModules
|
|
@@ -77,8 +78,9 @@ module Dependabot
|
|
|
77
78
|
end
|
|
78
79
|
|
|
79
80
|
# Turn off the module proxy for private dependencies
|
|
81
|
+
dependency_name = AzureDevopsPathNormalizer.normalize(dependency.name)
|
|
80
82
|
versions_json = SharedHelpers.run_shell_command(
|
|
81
|
-
"go list -m -versions -json #{
|
|
83
|
+
"go list -m -versions -json #{dependency_name}",
|
|
82
84
|
fingerprint: "go list -m -versions -json <dependency_name>"
|
|
83
85
|
)
|
|
84
86
|
version_strings = JSON.parse(versions_json)["Versions"]
|
|
@@ -110,14 +110,14 @@ module Dependabot
|
|
|
110
110
|
|
|
111
111
|
req_string.split(".")
|
|
112
112
|
.map do |part|
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
113
|
+
part.split("-").map.with_index do |p, i|
|
|
114
|
+
# Before we hit a wildcard we just return the existing part
|
|
115
|
+
next p unless p.match?(WILDCARD_REGEX) || after_wildcard
|
|
116
|
+
|
|
117
|
+
# On or after a wildcard we replace the version part with zero
|
|
118
|
+
after_wildcard = true
|
|
119
|
+
i.zero? ? "0" : "a"
|
|
120
|
+
end.join("-")
|
|
121
121
|
end.join(".")
|
|
122
122
|
end
|
|
123
123
|
|
|
@@ -156,7 +156,7 @@ module Dependabot
|
|
|
156
156
|
def convert_caret_req(req_string)
|
|
157
157
|
version = req_string.gsub(/^\^?v?/, "")
|
|
158
158
|
parts = version.split(".")
|
|
159
|
-
upper_bound = [parts.first.to_i + 1, 0, 0, "a"].
|
|
159
|
+
upper_bound = [parts.first.to_i + 1, 0, 0, "a"].join(".")
|
|
160
160
|
|
|
161
161
|
[">= #{version}", "< #{upper_bound}"]
|
|
162
162
|
end
|
|
@@ -11,6 +11,7 @@ require "dependabot/errors"
|
|
|
11
11
|
require "dependabot/go_modules/requirement"
|
|
12
12
|
require "dependabot/go_modules/resolvability_errors"
|
|
13
13
|
require "dependabot/go_modules/package/package_details_fetcher"
|
|
14
|
+
require "dependabot/go_modules/azure_devops_path_normalizer"
|
|
14
15
|
require "dependabot/package/package_latest_version_finder"
|
|
15
16
|
|
|
16
17
|
module Dependabot
|
|
@@ -198,8 +199,9 @@ module Dependabot
|
|
|
198
199
|
sig { params(release: Dependabot::Package::PackageRelease).returns(T::Boolean) }
|
|
199
200
|
def in_cooldown_period?(release)
|
|
200
201
|
begin
|
|
202
|
+
dependency_name = AzureDevopsPathNormalizer.normalize(dependency.name)
|
|
201
203
|
release_info = SharedHelpers.run_shell_command(
|
|
202
|
-
"go list -m -json #{
|
|
204
|
+
"go list -m -json #{dependency_name}@#{release.details.[]('version_string')}",
|
|
203
205
|
fingerprint: "go list -m -json <dependency_name>"
|
|
204
206
|
)
|
|
205
207
|
rescue Dependabot::SharedHelpers::HelperSubprocessFailed => e
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-go_modules
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.364.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.364.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.364.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: debug
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -250,6 +250,7 @@ files:
|
|
|
250
250
|
- helpers/main.go
|
|
251
251
|
- helpers/version_test.go
|
|
252
252
|
- lib/dependabot/go_modules.rb
|
|
253
|
+
- lib/dependabot/go_modules/azure_devops_path_normalizer.rb
|
|
253
254
|
- lib/dependabot/go_modules/dependency_grapher.rb
|
|
254
255
|
- lib/dependabot/go_modules/file_fetcher.rb
|
|
255
256
|
- lib/dependabot/go_modules/file_parser.rb
|
|
@@ -273,7 +274,7 @@ licenses:
|
|
|
273
274
|
- MIT
|
|
274
275
|
metadata:
|
|
275
276
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
276
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
277
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.364.0
|
|
277
278
|
rdoc_options: []
|
|
278
279
|
require_paths:
|
|
279
280
|
- lib
|