diff --git a/bin/dry-run.rb b/bin/dry-run.rb index 653c0c1e68..706ff8838d 100755 --- a/bin/dry-run.rb +++ b/bin/dry-run.rb @@ -274,6 +274,10 @@ "Output pull request information metadata: title, description") do $options[:pull_request] = true end + + opts.on("--enable-beta-ecosystems", "Enable beta ecosystems") do |_value| + Dependabot::Experiments.register(:enable_beta_ecosystems, true) + end end # rubocop:enable Metrics/BlockLength diff --git a/bundler/lib/dependabot/bundler/file_updater/ruby_requirement_setter.rb b/bundler/lib/dependabot/bundler/file_updater/ruby_requirement_setter.rb index 7a5251c678..c8e118c08b 100644 --- a/bundler/lib/dependabot/bundler/file_updater/ruby_requirement_setter.rb +++ b/bundler/lib/dependabot/bundler/file_updater/ruby_requirement_setter.rb @@ -9,12 +9,12 @@ module Dependabot module Bundler class FileUpdater class RubyRequirementSetter - class RubyVersionNotFound < StandardError; end - RUBY_VERSIONS = %w( 1.8.7 1.9.3 2.0.0 2.1.10 2.2.10 2.3.8 2.4.10 2.5.9 2.6.9 2.7.6 3.0.6 3.1.6 3.2.4 3.3.6 ).freeze + LANGUAGE = "ruby" + attr_reader :gemspec def initialize(gemspec:) @@ -62,7 +62,13 @@ def ruby_version .map { |v| Gem::Version.new(v) }.sort .find { |v| requirement.satisfied_by?(v) } - raise RubyVersionNotFound unless ruby_version + unless ruby_version + raise ToolVersionNotSupported.new( + LANGUAGE, + requirement.to_s, + RUBY_VERSIONS.join(", ") + ) + end ruby_version end diff --git a/bundler/spec/dependabot/bundler/file_updater/ruby_requirement_setter_spec.rb b/bundler/spec/dependabot/bundler/file_updater/ruby_requirement_setter_spec.rb index c13a36397d..2cbd3a8c5b 100644 --- a/bundler/spec/dependabot/bundler/file_updater/ruby_requirement_setter_spec.rb +++ b/bundler/spec/dependabot/bundler/file_updater/ruby_requirement_setter_spec.rb @@ -96,7 +96,7 @@ bundler_project_dependency_file("gemfile_impossible_ruby", filename: "example.gemspec") end - specify { expect { rewrite }.to raise_error(described_class::RubyVersionNotFound) } + specify { expect { rewrite }.to raise_error(Dependabot::ToolVersionNotSupported) } end context "when requiring ruby 3" do diff --git a/common/lib/dependabot/errors.rb b/common/lib/dependabot/errors.rb index 41069a15f1..bd2664fa1a 100644 --- a/common/lib/dependabot/errors.rb +++ b/common/lib/dependabot/errors.rb @@ -220,6 +220,14 @@ def self.updater_error_details(error) "error-type": "git_dependencies_not_reachable", "error-detail": { "dependency-urls": error.dependency_urls } } + when Dependabot::DependencyFileNotFound + { + "error-type": "dependency_file_not_found", + "error-detail": { + message: error.message, + "file-path": error.file_path + } + } when Dependabot::ToolVersionNotSupported { "error-type": "tool_version_not_supported", diff --git a/common/lib/dependabot/file_fetchers/base.rb b/common/lib/dependabot/file_fetchers/base.rb index 509687a964..055cf0a551 100644 --- a/common/lib/dependabot/file_fetchers/base.rb +++ b/common/lib/dependabot/file_fetchers/base.rb @@ -128,6 +128,11 @@ def target_branch source.branch end + sig { returns(T::Boolean) } + def allow_beta_ecosystems? + Experiments.enabled?(:enable_beta_ecosystems) + end + sig { returns(T::Array[DependencyFile]) } def files return @files if @files.any? diff --git a/common/lib/dependabot/metadata_finders/base/release_finder.rb b/common/lib/dependabot/metadata_finders/base/release_finder.rb index d92c9c7ac7..455ddf3c17 100644 --- a/common/lib/dependabot/metadata_finders/base/release_finder.rb +++ b/common/lib/dependabot/metadata_finders/base/release_finder.rb @@ -302,7 +302,7 @@ def previous_version # Previous version looks like a git SHA and there's a previous ref, we # could be changing to a nil previous ref in which case we want to - # fall back to tge sha version + # fall back to the sha version if T.must(dependency.previous_version).match?(/^[0-9a-f]{40}$/) && ref_changed? && previous_ref previous_ref diff --git a/composer/lib/dependabot/composer/file_updater.rb b/composer/lib/dependabot/composer/file_updater.rb index 638d58d85a..29ebea8413 100644 --- a/composer/lib/dependabot/composer/file_updater.rb +++ b/composer/lib/dependabot/composer/file_updater.rb @@ -1,4 +1,4 @@ -# typed: true +# typed: strict # frozen_string_literal: true require "dependabot/file_updaters" @@ -12,6 +12,7 @@ class FileUpdater < Dependabot::FileUpdaters::Base require_relative "file_updater/manifest_updater" require_relative "file_updater/lockfile_updater" + sig { override.returns(T::Array[Regexp]) } def self.updated_files_regex [ /^composer\.json$/, @@ -19,20 +20,21 @@ def self.updated_files_regex ] end + sig { override.returns(T::Array[Dependabot::DependencyFile]) } def updated_dependency_files updated_files = [] - if file_changed?(composer_json) + if file_changed?(T.must(composer_json)) updated_files << updated_file( - file: composer_json, + file: T.must(composer_json), content: updated_composer_json_content ) end if lockfile updated_files << - updated_file(file: lockfile, content: updated_lockfile_content) + updated_file(file: T.must(lockfile), content: updated_lockfile_content) end if updated_files.none? || @@ -45,10 +47,12 @@ def updated_dependency_files private + sig { override.void } def check_required_files raise "No #{PackageManager::MANIFEST_FILENAME}!" unless get_original_file(PackageManager::MANIFEST_FILENAME) end + sig { returns(String) } def updated_composer_json_content ManifestUpdater.new( dependencies: dependencies, @@ -56,7 +60,9 @@ def updated_composer_json_content ).updated_manifest_content end + sig { returns(String) } def updated_lockfile_content + @updated_lockfile_content = T.let(@updated_lockfile_content, T.nilable(String)) @updated_lockfile_content ||= LockfileUpdater.new( dependencies: dependencies, @@ -65,12 +71,15 @@ def updated_lockfile_content ).updated_lockfile_content end + sig { returns(T.nilable(Dependabot::DependencyFile)) } def composer_json - @composer_json ||= get_original_file(PackageManager::MANIFEST_FILENAME) + @composer_json ||= T.let(get_original_file(PackageManager::MANIFEST_FILENAME), + T.nilable(Dependabot::DependencyFile)) end + sig { returns(T.nilable(Dependabot::DependencyFile)) } def lockfile - @lockfile ||= get_original_file(PackageManager::LOCKFILE_FILENAME) + @lockfile ||= T.let(get_original_file(PackageManager::LOCKFILE_FILENAME), T.nilable(Dependabot::DependencyFile)) end end end diff --git a/devcontainers/spec/dependabot/devcontainers/file_parser_spec.rb b/devcontainers/spec/dependabot/devcontainers/file_parser_spec.rb index 23d1b0baa5..ac6ce44561 100644 --- a/devcontainers/spec/dependabot/devcontainers/file_parser_spec.rb +++ b/devcontainers/spec/dependabot/devcontainers/file_parser_spec.rb @@ -244,7 +244,7 @@ it "returns the correct language" do expect(language.name).to eq "node" expect(language.requirement).to be_nil - expect(language.version.to_s).to eq "18.20.5" + expect(language.version.to_s).to eq "18.20.6" end end end diff --git a/elm/lib/dependabot/elm/file_updater/elm_json_updater.rb b/elm/lib/dependabot/elm/file_updater/elm_json_updater.rb index c2d48cb115..808bb4a81f 100644 --- a/elm/lib/dependabot/elm/file_updater/elm_json_updater.rb +++ b/elm/lib/dependabot/elm/file_updater/elm_json_updater.rb @@ -1,4 +1,4 @@ -# typed: true +# typed: strict # frozen_string_literal: true require "dependabot/elm/file_updater" @@ -7,11 +7,15 @@ module Dependabot module Elm class FileUpdater class ElmJsonUpdater + extend T::Sig + + sig { params(elm_json_file: Dependabot::DependencyFile, dependencies: T::Array[Dependabot::Dependency]).void } def initialize(elm_json_file:, dependencies:) @elm_json_file = elm_json_file @dependencies = dependencies end + sig { returns(T.nilable(String)) } def updated_content dependencies .select { |dep| requirement_changed?(elm_json_file, dep) } @@ -32,34 +36,33 @@ def updated_content private + sig { returns(Dependabot::DependencyFile) } attr_reader :elm_json_file + + sig { returns(T::Array[Dependabot::Dependency]) } attr_reader :dependencies + sig { params(file: Dependabot::DependencyFile, dependency: Dependabot::Dependency).returns(T::Boolean) } def requirement_changed?(file, dependency) - changed_requirements = - dependency.requirements - dependency.previous_requirements + changed_requirements = dependency.requirements - T.must(dependency.previous_requirements) changed_requirements.any? { |f| f[:file] == file.name } end + sig { params(content: T.nilable(String), filename: String, dependency: Dependabot::Dependency).returns(String) } def update_requirement(content:, filename:, dependency:) - updated_req = - dependency.requirements - .find { |r| r.fetch(:file) == filename } - .fetch(:requirement) + updated_req = dependency.requirements.find { |r| r.fetch(:file) == filename } + &.fetch(:requirement) - old_req = - dependency.previous_requirements - .find { |r| r.fetch(:file) == filename } - .fetch(:requirement) + old_req = dependency.previous_requirements&.find { |r| r.fetch(:file) == filename } + &.fetch(:requirement) - return content unless old_req + return T.must(content) unless old_req dep = dependency - regex = - /"#{Regexp.quote(dep.name)}"\s*:\s+"#{Regexp.quote(old_req)}"/ + regex = /"#{Regexp.quote(dep.name)}"\s*:\s+"#{Regexp.quote(old_req)}"/ - content.gsub(regex) do |declaration| + T.must(content).gsub(regex) do |declaration| declaration.gsub(%("#{old_req}"), %("#{updated_req}")) end end diff --git a/go_modules/spec/dependabot/go_modules/file_updater/go_mod_updater_spec.rb b/go_modules/spec/dependabot/go_modules/file_updater/go_mod_updater_spec.rb index 91e0679a34..209a3119e0 100644 --- a/go_modules/spec/dependabot/go_modules/file_updater/go_mod_updater_spec.rb +++ b/go_modules/spec/dependabot/go_modules/file_updater/go_mod_updater_spec.rb @@ -562,35 +562,6 @@ end end - context "when module major version doesn't match (v0)" do - let(:project_name) { "module_major_version_mismatch_v0" } - let(:dependency_name) do - "github.com/jenkins-x/jx-api" - end - let(:dependency_version) { "v0.0.25" } - let(:dependency_previous_version) { "v0.0.24" } - let(:requirements) do - [{ - file: "go.mod", - requirement: "v0.0.25", - groups: [], - source: { - type: "default", - source: "github.com/jenkins-x/jx-api" - } - }] - end - let(:previous_requirements) { [] } - - it "raises the correct error" do - error_class = Dependabot::DependencyFileNotResolvable - expect { updater.updated_go_sum_content } - .to raise_error(error_class) do |error| - expect(error.message).to include("go.mod has post-v0 module path") - end - end - end - context "when dealing with a invalid pseudo version" do let(:project_name) { "invalid_pseudo_version" } let(:dependency_name) do diff --git a/go_modules/spec/fixtures/projects/module_major_version_mismatch_v0/go.mod b/go_modules/spec/fixtures/projects/module_major_version_mismatch_v0/go.mod deleted file mode 100644 index 60383546f4..0000000000 --- a/go_modules/spec/fixtures/projects/module_major_version_mismatch_v0/go.mod +++ /dev/null @@ -1,7 +0,0 @@ -module github.com/dependabot/vgotest - -go 1.15 - -require ( - github.com/dependabot-fixtures/go-major-mismatch v1.0.4 -) diff --git a/go_modules/spec/fixtures/projects/module_major_version_mismatch_v0/go.sum b/go_modules/spec/fixtures/projects/module_major_version_mismatch_v0/go.sum deleted file mode 100644 index 169913d6ed..0000000000 --- a/go_modules/spec/fixtures/projects/module_major_version_mismatch_v0/go.sum +++ /dev/null @@ -1,8 +0,0 @@ -github.com/dependabot-fixtures/go-major-mismatch v1.0.4 h1:7oLmIm7OUUwB3ZkT+97S3mq0eBtPsFxvj84EnQlRX2s= -github.com/dependabot-fixtures/go-major-mismatch v1.0.4/go.mod h1:bl5eQuaBLVXeu2xj7IXugzNnGWXeC9LlaAxavHfD35o= -golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c h1:qgOY6WgZOaTkIIMiVjBQcw93ERBE4m30iBm00nkL0i8= -golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -rsc.io/quote v1.5.0 h1:mVjf/WMWxfIw299sOl/O3EXn5qEaaJPMDHMsv7DBDlw= -rsc.io/quote v1.5.0/go.mod h1:LzX7hefJvL54yjefDEDHNONDjII0t9xZLPXsUe+TKr0= -rsc.io/sampler v1.3.0 h1:7uVkIFmeBqHfdjD+gZwtXXI+RODJ2Wc4O7MPEh/QiW4= -rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= diff --git a/go_modules/spec/fixtures/projects/module_major_version_mismatch_v0/main.go b/go_modules/spec/fixtures/projects/module_major_version_mismatch_v0/main.go deleted file mode 100644 index 233352bac5..0000000000 --- a/go_modules/spec/fixtures/projects/module_major_version_mismatch_v0/main.go +++ /dev/null @@ -1,8 +0,0 @@ -package main - -import ( - _ "github.com/dependabot-fixtures/go-major-mismatch" -) - -func main() { -} diff --git a/go_modules/spec/fixtures/projects/module_major_version_mismatch_v1/go.mod b/go_modules/spec/fixtures/projects/module_major_version_mismatch_v1/go.mod index c7d6a47b71..060231ef1e 100644 --- a/go_modules/spec/fixtures/projects/module_major_version_mismatch_v1/go.mod +++ b/go_modules/spec/fixtures/projects/module_major_version_mismatch_v1/go.mod @@ -1,7 +1,7 @@ -module github.com/dependabot/vgotest +module github.com/dependabot-fixtures/module_major_version_mismatch_v1 go 1.15 require ( - github.com/jenkins-x/jx-api v0.0.24 + github.com/dependabot-fixtures/go-major-mismatch v1.0.1 ) diff --git a/go_modules/spec/fixtures/projects/module_major_version_mismatch_v1/go.sum b/go_modules/spec/fixtures/projects/module_major_version_mismatch_v1/go.sum index 4cea52cda6..b36d5e8eca 100644 --- a/go_modules/spec/fixtures/projects/module_major_version_mismatch_v1/go.sum +++ b/go_modules/spec/fixtures/projects/module_major_version_mismatch_v1/go.sum @@ -1,311 +1,4 @@ -cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= -github.com/Azure/go-autorest/autorest v0.9.0/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+BFDTQ8rEZB0s4Yfa6bI= -github.com/Azure/go-autorest/autorest/adal v0.5.0/go.mod h1:8Z9fGy2MpX0PvDjB1pEgQTmVqjGhiHBW7RJJEciWzS0= -github.com/Azure/go-autorest/autorest/date v0.1.0/go.mod h1:plvfp3oPSKwf2DNjlBjWF/7vwR+cUD/ELuzDCXwHUVA= -github.com/Azure/go-autorest/autorest/mocks v0.1.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0= -github.com/Azure/go-autorest/autorest/mocks v0.2.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0= -github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6LSNgds39diKLz7Vrc= -github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbtp2fGCgRFtBroKn4Dk= -github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= -github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= -github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= -github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= -github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= -github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= +github.com/alecthomas/jsonschema v0.0.0-20190504002508-159cbd5dba26 h1:b/CA15BzZIj8xNKnBxUwUmXt3USfJjb4Gl9eJIfMLtE= github.com/alecthomas/jsonschema v0.0.0-20190504002508-159cbd5dba26/go.mod h1:qpebaTNSsyUn5rPSJMsfqEtDw71TTggXM6stUDI16HA= -github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= -github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= -github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= -github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= -github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= -github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= -github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= -github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= -github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= -github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= -github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= -github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= -github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= -github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/davecgh/go-spew v0.0.0-20151105211317-5215b55f46b2/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/dependabot-fixtures/go-major-mismatch v1.0.4/go.mod h1:bl5eQuaBLVXeu2xj7IXugzNnGWXeC9LlaAxavHfD35o= -github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= -github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= -github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM= -github.com/elazarl/goproxy v0.0.0-20170405201442-c4fc26588b6e/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= -github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= -github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= -github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= -github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= -github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= -github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= -github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= -github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= -github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= -github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= -github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0= -github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg= -github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= -github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg= -github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc= -github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc= -github.com/go-openapi/spec v0.19.7/go.mod h1:Hm2Jr4jv8G1ciIAo+frC/Ft+rR2kQDh8JHKHb3gWUSk= -github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I= -github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= -github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= -github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= -github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= -github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= -github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= -github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= -github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/gofuzz v0.0.0-20161122191042-44d81051d367/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI= -github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= -github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= -github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= -github.com/gophercloud/gophercloud v0.1.0/go.mod h1:vxM41WHh5uqHVBMZHzuwNOHh8XEoIEcSTewFxm1c5g8= -github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= -github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= -github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= -github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= -github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= -github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= -github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= -github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= -github.com/imdario/mergo v0.3.9/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= -github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= -github.com/jenkins-x/jx-api v0.0.24/go.mod h1:QKLHk4VzI+sDBPSzN4K+QdEjNIBnCHS3DKY5YbGeCdY= -github.com/jenkins-x/jx-logging v0.0.11/go.mod h1:mjEejiArk2Mk+J+72/YcSKGo9bZlJ/LwKYjMgAiv+G4= -github.com/jenkins-x/logrus-stackdriver-formatter v0.2.3/go.mod h1:litPp7VZWDRCl8LvXuqGngy+65kkg/+T23TgFnDmfTk= -github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= -github.com/json-iterator/go v0.0.0-20180612202835-f2b4162afba3/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= -github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= -github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= -github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= -github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= -github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= -github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= -github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= -github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= -github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= -github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/mattbaird/jsonpatch v0.0.0-20171005235357-81af80346b1a/go.mod h1:M1qoD/MqPgTZIk0EWKB38wE28ACRfVcn+cU08jyArI0= -github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= -github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= -github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= -github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= -github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= -github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/reflect2 v0.0.0-20180320133207-05fbef0ca5da/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= -github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= -github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= -github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= -github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= -github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= -github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= -github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= -github.com/petergtz/pegomock v2.7.0+incompatible/go.mod h1:nuBLWZpVyv/fLo56qTwt/AUau7jgouO1h7bEvZCq82o= -github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= -github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= -github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= -github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= -github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= -github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= -github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= -github.com/rickar/props v0.0.0-20170718221555-0b06aeb2f037/go.mod h1:F1p8BNM4IXv2UcptwSp8HJOapKurodd/PYu1D6Gtn9Y= -github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= -github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/satori/go.uuid v1.2.1-0.20180103174451-36e9d2ebbde5/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= -github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= -github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= -github.com/sirupsen/logrus v1.5.0/go.mod h1:+F7Ogzej0PZc/94MaYx/nvG9jOFMD2osvC3s+Squfpo= -github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= -github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= -github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= -github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= -github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= -github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= -github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE= -github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= -github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= -github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= -github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE= -github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= -github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/testify v0.0.0-20151208002404-e3a8ff8ce365/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= -github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= -github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= -github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= -github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= -github.com/vrischmann/envconfig v1.2.0/go.mod h1:c5DuUlkzfsnspy1g7qiqryPCsW+NjsrLsYq4zhwsoHo= -github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= -github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= -github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= -github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= -github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= -github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= -go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= -go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= -go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= -go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= -golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20190211182817-74369b46fc67/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= -golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= -golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190209173611-3b5209105503/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200409092240-59c9f1ba88fa/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= -golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= -golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20200415034506-5d8e1897c761/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= -google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= -google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= -gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= -gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= -gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= -gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= -gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= -gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= -gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/api v0.16.5/go.mod h1:6ijJb2BQAkGSn+8Z3173M0LXe2gBAH+i/JAJptd/rJo= -k8s.io/apimachinery v0.16.5/go.mod h1:mhhO3hoLkWO+2eCvqjPtH2Ly92l9nJDwsswzWKpkN2w= -k8s.io/client-go v0.16.5/go.mod h1:0Y5GaECkDkadoJg7lBQLiQQGFl67O4Gia/dHZboA7xg= -k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= -k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= -k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= -k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= -k8s.io/kube-openapi v0.0.0-20190816220812-743ec37842bf/go.mod h1:1TqjTSzOxsLGIKfj0lK8EeCP7K1iUG65v09OM0/WG5E= -k8s.io/utils v0.0.0-20190801114015-581e00157fb1/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= -rsc.io/quote v1.5.0/go.mod h1:LzX7hefJvL54yjefDEDHNONDjII0t9xZLPXsUe+TKr0= -rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e/go.mod h1:wWxsB5ozmmv/SG7nM11ayaAW51xMvak/t1r0CSlcokI= -sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= +github.com/dependabot-fixtures/module_major_version_mismatch_v1 v1.0.1 h1:AQiIbeUUR88vrP6Q0gQMdyJfmNY46rx5TBrQFDdYIuk= +github.com/dependabot-fixtures/module_major_version_mismatch_v1 v1.0.1/go.mod h1:dUz/xcUHDmYFwrB1Qz7yx3URb9tLWZSDh5biKqhBe0g= diff --git a/go_modules/spec/fixtures/projects/module_major_version_mismatch_v1/main.go b/go_modules/spec/fixtures/projects/module_major_version_mismatch_v1/main.go index 240697c9c2..8f640347de 100644 --- a/go_modules/spec/fixtures/projects/module_major_version_mismatch_v1/main.go +++ b/go_modules/spec/fixtures/projects/module_major_version_mismatch_v1/main.go @@ -1,7 +1,7 @@ package main import ( - _ "github.com/jenkins-x/jx-api" + _ "github.com/dependabot-fixtures/module_major_version_mismatch_v1" ) func main() { diff --git a/hex/Dockerfile b/hex/Dockerfile index 1ae9a8ad4c..e9205cca05 100644 --- a/hex/Dockerfile +++ b/hex/Dockerfile @@ -4,9 +4,9 @@ RUN apt-get update \ && apt-get install -y --no-install-recommends \ gnupg2 sudo wget -ARG ERLANG_MAJOR_VERSION=25 +ARG ERLANG_MAJOR_VERSION=26 -RUN echo "deb http://binaries2.erlang-solutions.com/ubuntu/ jammy-esl-erlang-25 contrib" >> /etc/apt/sources.list +RUN echo "deb http://binaries2.erlang-solutions.com/ubuntu/ jammy-esl-erlang-26 contrib" >> /etc/apt/sources.list RUN wget https://binaries2.erlang-solutions.com/GPG-KEY-pmanager.asc \ && sudo apt-key add GPG-KEY-pmanager.asc @@ -15,8 +15,8 @@ RUN apt-get update \ # Install Elixir # https://github.com/elixir-lang/elixir/releases -ARG ELIXIR_VERSION=v1.16.3 -ARG ELIXIR_CHECKSUM=e8e81771bc6acd62a2c1bf1b31c3aa3d0a469415de3b243b99f3e2e2d639f5ea +ARG ELIXIR_VERSION=v1.18.1 +ARG ELIXIR_CHECKSUM=aae4625102ba7020887918d1c0ac7c8ad972b65fe8103476765cc6b00ab16b5f RUN curl -sSLfO https://github.com/elixir-lang/elixir/releases/download/${ELIXIR_VERSION}/elixir-otp-${ERLANG_MAJOR_VERSION}.zip \ && echo "$ELIXIR_CHECKSUM elixir-otp-${ERLANG_MAJOR_VERSION}.zip" | sha256sum -c - \ && unzip -d /usr/local/elixir -x elixir-otp-${ERLANG_MAJOR_VERSION}.zip \ diff --git a/hex/helpers/build b/hex/helpers/build index 1fc3f9c1cc..4c6307321b 100755 --- a/hex/helpers/build +++ b/hex/helpers/build @@ -26,7 +26,5 @@ esac cp $CP_OPTS "$helpers_dir/lib" "$install_dir" cp $CP_OPTS "$helpers_dir/mix.exs" "$install_dir" -cp $CP_OPTS "$helpers_dir/mix.lock" "$install_dir" cd "$install_dir" -mix deps.get diff --git a/hex/helpers/lib/do_update.exs b/hex/helpers/lib/do_update.exs index 35c4b9fcb0..5effe0a9ad 100644 --- a/hex/helpers/lib/do_update.exs +++ b/hex/helpers/lib/do_update.exs @@ -10,21 +10,13 @@ dependency = {dependency_lock, rest_lock} = Map.split(Mix.Dep.Lock.read(), [dependency]) Mix.Dep.Fetcher.by_name([dependency], dependency_lock, rest_lock, []) -System.cmd( - "mix", - [ - "deps.get", - "--no-compile", - "--no-elixir-version-check", - ], - [ - env: %{ - "MIX_EXS" => nil, - "MIX_LOCK" => nil, - "MIX_DEPS" => nil - } - ] -) +args = [ + "deps.get", + "--no-compile", + "--no-elixir-version-check", +] + +System.cmd("mix", args, [env: %{"MIX_EXS" => nil}]) "mix.lock" |> File.read() diff --git a/hex/helpers/lib/run.exs b/hex/helpers/lib/run.exs index 71b0c2d91c..85e61b51b7 100644 --- a/hex/helpers/lib/run.exs +++ b/hex/helpers/lib/run.exs @@ -1,7 +1,7 @@ defmodule DependencyHelper do def main() do - IO.read(:stdio, :all) - |> Jason.decode!() + IO.read(:stdio, :eof) + |> JSON.decode!() |> run() |> case do {output, 0} -> @@ -35,7 +35,7 @@ defmodule DependencyHelper do defp encode_and_write(content) do content - |> Jason.encode!() + |> JSON.encode!() |> IO.write() end @@ -69,16 +69,7 @@ defmodule DependencyHelper do script ] ++ args - System.cmd( - "mix", - args, - cd: dir, - env: %{ - "MIX_EXS" => nil, - "MIX_LOCK" => nil, - "MIX_DEPS" => nil - } - ) + System.cmd("mix", args, cd: dir, env: %{"MIX_EXS" => nil}) end defp set_credentials([]), do: :ok diff --git a/hex/helpers/mix.exs b/hex/helpers/mix.exs index d758c9b66c..22f2169f13 100644 --- a/hex/helpers/mix.exs +++ b/hex/helpers/mix.exs @@ -2,20 +2,16 @@ defmodule DependabotCore.Mixfile do use Mix.Project def project do - [app: :dependabot_core, - version: "0.1.0", - elixir: "~> 1.5", - start_permanent: Mix.env == :prod, - lockfile: System.get_env("MIX_LOCK") || "mix.lock", - deps_path: System.get_env("MIX_DEPS") || "deps", - deps: deps()] + [ + app: :dependabot_core, + version: "0.1.0", + elixir: "~> 1.18", + start_permanent: Mix.env == :prod, + deps: [] + ] end def application do [extra_applications: [:hex, :logger, :ssh]] end - - defp deps() do - [{:jason, "~> 1.0"}] - end end diff --git a/hex/helpers/mix.lock b/hex/helpers/mix.lock deleted file mode 100644 index ad24483fb8..0000000000 --- a/hex/helpers/mix.lock +++ /dev/null @@ -1,3 +0,0 @@ -%{ - "jason": {:hex, :jason, "1.4.4", "b9226785a9aa77b6857ca22832cffa5d5011a667207eb2a0ad56adb5db443b8a", [:mix], [{:decimal, "~> 1.0 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: true]}], "hexpm", "c5eb0cab91f094599f94d55bc63409236a8ec69a21a67814529e8d5f6cc90b3b"}, -} diff --git a/hex/lib/dependabot/hex/file_parser.rb b/hex/lib/dependabot/hex/file_parser.rb index d39067d116..e08a76b0d7 100644 --- a/hex/lib/dependabot/hex/file_parser.rb +++ b/hex/lib/dependabot/hex/file_parser.rb @@ -117,8 +117,6 @@ def sanitize_mixfile(content) def mix_env { "MIX_EXS" => File.join(NativeHelpers.hex_helpers_dir, "mix.exs"), - "MIX_LOCK" => File.join(NativeHelpers.hex_helpers_dir, "mix.lock"), - "MIX_DEPS" => File.join(NativeHelpers.hex_helpers_dir, "deps"), "MIX_QUIET" => "1" } end diff --git a/hex/lib/dependabot/hex/file_updater/lockfile_updater.rb b/hex/lib/dependabot/hex/file_updater/lockfile_updater.rb index 832aba932b..7ba887efc3 100644 --- a/hex/lib/dependabot/hex/file_updater/lockfile_updater.rb +++ b/hex/lib/dependabot/hex/file_updater/lockfile_updater.rb @@ -114,8 +114,6 @@ def sanitize_mixfile(content) def mix_env { "MIX_EXS" => File.join(NativeHelpers.hex_helpers_dir, "mix.exs"), - "MIX_LOCK" => File.join(NativeHelpers.hex_helpers_dir, "mix.lock"), - "MIX_DEPS" => File.join(NativeHelpers.hex_helpers_dir, "deps"), "MIX_QUIET" => "1" } end diff --git a/hex/lib/dependabot/hex/update_checker/version_resolver.rb b/hex/lib/dependabot/hex/update_checker/version_resolver.rb index ea2a624648..8117e33ec8 100644 --- a/hex/lib/dependabot/hex/update_checker/version_resolver.rb +++ b/hex/lib/dependabot/hex/update_checker/version_resolver.rb @@ -167,8 +167,6 @@ def version_class def mix_env { "MIX_EXS" => File.join(NativeHelpers.hex_helpers_dir, "mix.exs"), - "MIX_LOCK" => File.join(NativeHelpers.hex_helpers_dir, "mix.lock"), - "MIX_DEPS" => File.join(NativeHelpers.hex_helpers_dir, "deps"), "MIX_QUIET" => "1" } end diff --git a/hex/spec/dependabot/hex/file_parser_spec.rb b/hex/spec/dependabot/hex/file_parser_spec.rb index 5c852b6dd0..d8be6d3233 100644 --- a/hex/spec/dependabot/hex/file_parser_spec.rb +++ b/hex/spec/dependabot/hex/file_parser_spec.rb @@ -396,13 +396,13 @@ name: "plug", version: "1.3.6", requirements: [{ - requirement: "1.3.6", - file: "apps/dependabot_web/mix.exs", + requirement: "~> 1.3.0", + file: "apps/dependabot_business/mix.exs", groups: [], source: nil }, { - requirement: "~> 1.3.0", - file: "apps/dependabot_business/mix.exs", + requirement: "1.3.6", + file: "apps/dependabot_web/mix.exs", groups: [], source: nil }], @@ -476,7 +476,7 @@ it "returns the correct language" do expect(language.name).to eq "elixir" expect(language.requirement).to be_nil - expect(language.version.to_s).to eq "1.16.3" + expect(language.version.to_s).to eq "1.18.1" end end end diff --git a/npm_and_yarn/helpers/lib/npm/vulnerability-auditor.js b/npm_and_yarn/helpers/lib/npm/vulnerability-auditor.js index d58aeffef2..3f82025705 100644 --- a/npm_and_yarn/helpers/lib/npm/vulnerability-auditor.js +++ b/npm_and_yarn/helpers/lib/npm/vulnerability-auditor.js @@ -97,9 +97,9 @@ async function findVulnerableDependencies(directory, advisories) { for (const group of groupedFixUpdateChains.values()) { const fixUpdateNode = group[0].nodes[0] - const groupTopLevelAncestors = group.reduce((anc, chain) => { + const groupTopLevelAncestors = group.reduce((ancestor, chain) => { const topLevelNode = chain.nodes[chain.nodes.length - 1] - return anc.add(topLevelNode.name) + return ancestor.add(topLevelNode.name) }, new Set()) // Add group's top-level ancestors to the set of all top-level ancestors of @@ -269,23 +269,23 @@ const maybeReadFile = file => { } function loadCACerts(npmConfig) { - if (npmConfig.ca) { - return npmConfig.ca - } + if (npmConfig.ca) { + return npmConfig.ca + } - if (!npmConfig.cafile) { - return - } + if (!npmConfig.cafile) { + return + } - const raw = maybeReadFile(npmConfig.cafile) - if (!raw) { - return - } + const raw = maybeReadFile(npmConfig.cafile) + if (!raw) { + return + } - const delim = '-----END CERTIFICATE-----' - return raw.replace(/\r\n/g, '\n').split(delim) - .filter(section => section.trim()) - .map(section => section.trimStart() + delim) + const delim = '-----END CERTIFICATE-----' + return raw.replace(/\r\n/g, '\n').split(delim) + .filter(section => section.trim()) + .map(section => section.trimStart() + delim) } module.exports = { findVulnerableDependencies } diff --git a/npm_and_yarn/helpers/lib/npm6/updater.js b/npm_and_yarn/helpers/lib/npm6/updater.js index ffbdfc8dcb..00b6961c52 100644 --- a/npm_and_yarn/helpers/lib/npm6/updater.js +++ b/npm_and_yarn/helpers/lib/npm6/updater.js @@ -113,7 +113,7 @@ function flattenAllDependencies(manifest) { ); } -// NOTE: Re-used in npm 7 updater +// NOTE: Reused in npm 7 updater function installArgs( depName, desiredVersion, diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_fetcher.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_fetcher.rb index 289b20ccb2..2bd7584b6d 100644 --- a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_fetcher.rb +++ b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_fetcher.rb @@ -213,7 +213,7 @@ def pnpm_version sig { returns(T.nilable(T.any(Integer, String))) } def bun_version - return @bun_version = nil unless Experiments.enabled?(:bun_updates) + return @bun_version = nil unless allow_beta_ecosystems? @bun_version ||= T.let( package_manager_helper.setup(BunPackageManager::NAME), @@ -645,8 +645,8 @@ def parsed_shrinkwrap def parsed_pnpm_workspace_yaml return {} unless pnpm_workspace_yaml - YAML.safe_load(T.must(T.must(pnpm_workspace_yaml).content)) - rescue Psych::SyntaxError + YAML.safe_load(T.must(T.must(pnpm_workspace_yaml).content), aliases: true) + rescue Psych::SyntaxError, Psych::BadAlias raise Dependabot::DependencyFileNotParseable, T.must(pnpm_workspace_yaml).path end diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_parser.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_parser.rb index 7f86e81eaf..5d6adc4e64 100644 --- a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_parser.rb +++ b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_parser.rb @@ -143,56 +143,56 @@ def package_json sig { returns(T.nilable(Dependabot::DependencyFile)) } def shrinkwrap @shrinkwrap ||= T.let(dependency_files.find do |f| - f.name == NpmPackageManager::SHRINKWRAP_LOCKFILE_NAME + f.name.end_with?(NpmPackageManager::SHRINKWRAP_LOCKFILE_NAME) end, T.nilable(Dependabot::DependencyFile)) end sig { returns(T.nilable(Dependabot::DependencyFile)) } def package_lock @package_lock ||= T.let(dependency_files.find do |f| - f.name == NpmPackageManager::LOCKFILE_NAME + f.name.end_with?(NpmPackageManager::LOCKFILE_NAME) end, T.nilable(Dependabot::DependencyFile)) end sig { returns(T.nilable(Dependabot::DependencyFile)) } def yarn_lock @yarn_lock ||= T.let(dependency_files.find do |f| - f.name == YarnPackageManager::LOCKFILE_NAME + f.name.end_with?(YarnPackageManager::LOCKFILE_NAME) end, T.nilable(Dependabot::DependencyFile)) end sig { returns(T.nilable(Dependabot::DependencyFile)) } def pnpm_lock @pnpm_lock ||= T.let(dependency_files.find do |f| - f.name == PNPMPackageManager::LOCKFILE_NAME + f.name.end_with?(PNPMPackageManager::LOCKFILE_NAME) end, T.nilable(Dependabot::DependencyFile)) end sig { returns(T.nilable(Dependabot::DependencyFile)) } def bun_lock @bun_lock ||= T.let(dependency_files.find do |f| - f.name == BunPackageManager::LOCKFILE_NAME + f.name.end_with?(BunPackageManager::LOCKFILE_NAME) end, T.nilable(Dependabot::DependencyFile)) end sig { returns(T.nilable(Dependabot::DependencyFile)) } def npmrc @npmrc ||= T.let(dependency_files.find do |f| - f.name == NpmPackageManager::RC_FILENAME + f.name.end_with?(NpmPackageManager::RC_FILENAME) end, T.nilable(Dependabot::DependencyFile)) end sig { returns(T.nilable(Dependabot::DependencyFile)) } def yarnrc @yarnrc ||= T.let(dependency_files.find do |f| - f.name == YarnPackageManager::RC_FILENAME + f.name.end_with?(YarnPackageManager::RC_FILENAME) end, T.nilable(Dependabot::DependencyFile)) end sig { returns(T.nilable(DependencyFile)) } def yarnrc_yml @yarnrc_yml ||= T.let(dependency_files.find do |f| - f.name == YarnPackageManager::RC_YML_FILENAME + f.name.end_with?(YarnPackageManager::RC_YML_FILENAME) end, T.nilable(Dependabot::DependencyFile)) end @@ -212,7 +212,7 @@ def manifest_dependencies next unless requirement.is_a?(String) # Skip dependencies using Yarn workspace cross-references as requirements - next if requirement.start_with?("workspace:") + next if requirement.start_with?("workspace:", "catalog:") requirement = "*" if requirement == "" dep = build_dependency( diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/helpers.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/helpers.rb index 1f028de1f8..f5ef768942 100644 --- a/npm_and_yarn/lib/dependabot/npm_and_yarn/helpers.rb +++ b/npm_and_yarn/lib/dependabot/npm_and_yarn/helpers.rb @@ -40,6 +40,9 @@ module Helpers # rubocop:disable Metrics/ModuleLength YARN_DEFAULT_VERSION = YARN_V3 YARN_FALLBACK_VERSION = YARN_V1 + # corepack supported package managers + SUPPORTED_COREPACK_PACKAGE_MANAGERS = %w(npm yarn pnpm).freeze + # Determines the npm version depends to the feature flag # If the feature flag is enabled, we are going to use the minimum version npm 8 # Otherwise, we are going to use old versionining npm 6 @@ -324,8 +327,8 @@ def self.run_npm_command(command, fingerprint: command) package_manager_run_command(NpmPackageManager::NAME, command, fingerprint: fingerprint) else Dependabot::SharedHelpers.run_shell_command( - "corepack npm #{command}", - fingerprint: "corepack npm #{fingerprint}" + "npm #{command}", + fingerprint: "npm #{fingerprint}" ) end end @@ -484,6 +487,8 @@ def self.fallback_to_local_version(name) .returns(String) end def self.package_manager_install(name, version, env: {}) + return "Corepack does not support #{name}" unless corepack_supported_package_manager?(name) + Dependabot::SharedHelpers.run_shell_command( "corepack install #{name}@#{version} --global --cache-only", fingerprint: "corepack install @ --global --cache-only", @@ -494,6 +499,8 @@ def self.package_manager_install(name, version, env: {}) # Prepare the package manager for use by using corepack sig { params(name: String, version: String).returns(String) } def self.package_manager_activate(name, version) + return "Corepack does not support #{name}" unless corepack_supported_package_manager?(name) + Dependabot::SharedHelpers.run_shell_command( "corepack prepare #{name}@#{version} --activate", fingerprint: "corepack prepare @ --activate" @@ -566,6 +573,11 @@ def self.dependencies_with_all_versions_metadata(dependency_set) dependency end end + + sig { params(name: String).returns(T::Boolean) } + def self.corepack_supported_package_manager?(name) + SUPPORTED_COREPACK_PACKAGE_MANAGERS.include?(name) + end end end end diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/version.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/version.rb index 7470120b79..87e5b962b3 100644 --- a/npm_and_yarn/lib/dependabot/npm_and_yarn/version.rb +++ b/npm_and_yarn/lib/dependabot/npm_and_yarn/version.rb @@ -80,6 +80,10 @@ def clean_version(version) # Matches @ followed by x.y.z (digits separated by dots) if (match = version.match(/@(\d+\.\d+\.\d+)/)) version = match[1] # Just "4.5.3" + + # Extract version in case the output contains Corepack verbose data + elsif version.include?("Corepack") + version = T.must(T.must(version.tr("\n", " ").match(/(\d+\.\d+\.\d+)/))[-1]) end version = version&.gsub(/^v/, "") end diff --git a/npm_and_yarn/spec/dependabot/npm_and_yarn/file_fetcher_spec.rb b/npm_and_yarn/spec/dependabot/npm_and_yarn/file_fetcher_spec.rb index 3756b2c9c5..b3d1561954 100644 --- a/npm_and_yarn/spec/dependabot/npm_and_yarn/file_fetcher_spec.rb +++ b/npm_and_yarn/spec/dependabot/npm_and_yarn/file_fetcher_spec.rb @@ -526,11 +526,12 @@ describe "fetching and parsing the bun.lock" do before do allow(Dependabot::Experiments).to receive(:enabled?) - allow(Dependabot::Experiments).to receive(:enabled?).with(:bun_updates).and_return(enable_bun_updates) + allow(Dependabot::Experiments).to receive(:enabled?) + .with(:enable_beta_ecosystems).and_return(enable_beta_ecosystems) end - context "when the experiment :bun_updates is inactive" do - let(:enable_bun_updates) { false } + context "when the experiment :enable_beta_ecosystems is inactive" do + let(:enable_beta_ecosystems) { false } it "does not fetch or parse the the bun.lock" do expect(file_fetcher_instance.files.map(&:name)) @@ -540,8 +541,8 @@ end end - context "when the experiment :bun_updates is active" do - let(:enable_bun_updates) { true } + context "when the experiment :enable_beta_ecosystems is active" do + let(:enable_beta_ecosystems) { true } it "fetches and parses the bun.lock" do expect(file_fetcher_instance.files.map(&:name)) @@ -2021,6 +2022,61 @@ end end + context "with a pnpm_workspace_yaml" do + let(:source) do + Dependabot::Source.new( + provider: "github", + repo: "gocardless/bump", + directory: "/" + ) + end + let(:file_fetcher) { described_class.new(source: source, credentials: credentials) } + let(:pnpm_workspace_yaml) { Dependabot::DependencyFile.new(name: "pnpm-workspace.yaml", content: content) } + + before do + allow(file_fetcher).to receive(:pnpm_workspace_yaml).and_return(pnpm_workspace_yaml) + end + + context "when it's content is nil" do + let(:pnpm_workspace_yaml) { nil } + + it "returns an empty hash" do + expect(file_fetcher.send(:parsed_pnpm_workspace_yaml)).to eq({}) + end + end + + context "when it's content is valid YAML" do + let(:content) { "---\npackages:\n - 'packages/*'\n" } + + it "parses the YAML content" do + expect(file_fetcher.send(:parsed_pnpm_workspace_yaml)).to eq({ "packages" => ["packages/*"] }) + end + end + + context "when it's content contains valid alias" do + let(:content) { "---\npackages:\n - &default 'packages/*'\n - *default\n" } + let(:pnpm_workspace_yaml) { Dependabot::DependencyFile.new(name: "pnpm-workspace.yaml", content: content) } + + it "parses the YAML content with aliases" do + expect(file_fetcher.send(:parsed_pnpm_workspace_yaml)).to eq({ "packages" => ["packages/*", "packages/*"] }) + end + end + + context "when it's content contains invalid alias (BadAlias)" do + let(:content) { "---\npackages:\n - &id 'packages/*'\n - *id" } # Invalid alias reference + + before do + allow(YAML).to receive(:safe_load).and_raise(Psych::BadAlias) + end + + it "raises a DependencyFileNotParseable error" do + expect do + file_fetcher.send(:parsed_pnpm_workspace_yaml) + end.to raise_error(Dependabot::DependencyFileNotParseable) + end + end + end + context "with package.json file just including a dummy string" do before do allow(file_fetcher_instance).to receive(:commit).and_return("sha") diff --git a/npm_and_yarn/spec/dependabot/npm_and_yarn/file_parser_spec.rb b/npm_and_yarn/spec/dependabot/npm_and_yarn/file_parser_spec.rb index 186cb4f959..13a6c2b31b 100644 --- a/npm_and_yarn/spec/dependabot/npm_and_yarn/file_parser_spec.rb +++ b/npm_and_yarn/spec/dependabot/npm_and_yarn/file_parser_spec.rb @@ -90,6 +90,12 @@ its(:length) { is_expected.to eq(0) } end + context "with pnpm `catalog:` requirements and no lockfile" do + let(:files) { project_dependency_files("yarn/workspace_requirements_catalog") } + + its(:length) { is_expected.to eq(0) } + end + context "with a package-lock.json" do let(:npm_fallback_version_above_v6_enabled) { false } diff --git a/npm_and_yarn/spec/dependabot/npm_and_yarn/helpers_spec.rb b/npm_and_yarn/spec/dependabot/npm_and_yarn/helpers_spec.rb index 41c133c6af..1e6b281b80 100644 --- a/npm_and_yarn/spec/dependabot/npm_and_yarn/helpers_spec.rb +++ b/npm_and_yarn/spec/dependabot/npm_and_yarn/helpers_spec.rb @@ -323,6 +323,19 @@ expect(result).to eq("10.8.2") end end + + context "when corepack is not used for bun" do + it "falls back to the local version of the package manager" do + # Mock for `local_package_manager_version("bun")` + allow(Dependabot::SharedHelpers).to receive(:run_shell_command).with( + "bun -v", + fingerprint: "bun -v" + ).and_return("1.1.39") + + result = described_class.install("bun", "1.1.39") + expect(result).to eq("1.1.39") + end + end end describe "::npm8?" do diff --git a/npm_and_yarn/spec/dependabot/npm_and_yarn/version_spec.rb b/npm_and_yarn/spec/dependabot/npm_and_yarn/version_spec.rb index 8a05ccea7d..973c0da643 100644 --- a/npm_and_yarn/spec/dependabot/npm_and_yarn/version_spec.rb +++ b/npm_and_yarn/spec/dependabot/npm_and_yarn/version_spec.rb @@ -317,5 +317,15 @@ it { is_expected.to be(true) } end + + context "with corepack returning a additional info with version string" do + let(:requirement) { Gem::Requirement.new("4.6.0") } + let(:version_string) do + "Corepack is about to download " \ + "https://repo.yarnpkg.com/4.6.0/packages/yarnpkg-cli/bin/yarn.js\n4.6.0" + end + + it { is_expected.to be(true) } + end end end diff --git a/npm_and_yarn/spec/fixtures/projects/yarn/workspace_requirements_catalog/package.json b/npm_and_yarn/spec/fixtures/projects/yarn/workspace_requirements_catalog/package.json new file mode 100644 index 0000000000..5b04f08281 --- /dev/null +++ b/npm_and_yarn/spec/fixtures/projects/yarn/workspace_requirements_catalog/package.json @@ -0,0 +1,23 @@ +{ + "name": "workspace_requirements_catalog", + "version": "0.0.1", + "description": "", + "main": "index.js", + "scripts": { + "test": "echo \"Error: no test specified\" && exit 1" + }, + "repository": { + "type": "git", + "url": "git+https://github.com/gocardless/bump-test.git" + }, + "author": "", + "license": "ISC", + "bugs": { + "url": "https://github.com/gocardless/bump-test/issues" + }, + "homepage": "https://github.com/gocardless/bump-test#readme", + "dependencies": { + "ember-simple-charts": "catalog:", + "react": "catalog:react18" + } +} diff --git a/nuget/helpers/lib/NuGetUpdater/Directory.Packages.props b/nuget/helpers/lib/NuGetUpdater/Directory.Packages.props index 3ea838da0a..9be4697fe5 100644 --- a/nuget/helpers/lib/NuGetUpdater/Directory.Packages.props +++ b/nuget/helpers/lib/NuGetUpdater/Directory.Packages.props @@ -36,7 +36,7 @@ - + diff --git a/nuget/updater/common.ps1 b/nuget/updater/common.ps1 index fab27e6b14..d5112c6ed0 100755 --- a/nuget/updater/common.ps1 +++ b/nuget/updater/common.ps1 @@ -1,22 +1,56 @@ +function Get-SdkVersionsToInstall([string] $repoRoot, [string[]] $updateDirectories, [string[]] $installedSdks) { + $sdksToInstall = @() + $globalJsonPaths = Get-GlobalJsonForSdkInstall -repoRoot $repoRoot -updateDirectories $updateDirectories + foreach ($globalJsonPath in $globalJsonPaths) { + $resolvedGlobalJsonPath = Convert-Path "$repoRoot/$globalJsonPath" + $globalJson = Get-Content $resolvedGlobalJsonPath | ConvertFrom-Json + if (@($globalJson.PSobject.Properties).Count -eq 0) { + continue + } + if ("sdk" -notin $globalJson.PSobject.Properties.Name) { + continue + } + if ("version" -notin $globalJson.sdk.PSobject.Properties.Name) { + continue + } + + $sdkVersion = $globalJson.sdk.version + if (($null -ne $sdkVersion) -and (-not ($sdkVersion -in $installedSdks)) -and (-not ($sdkVersion -in $installedSdks))) { + $installedSdks += $sdkVersion + $sdksToInstall += $sdkVersion + } + } + + return ,$sdksToInstall +} + # Walk from each update directory to the root reporting all global.json files. -function Get-DirectoriesForSdkInstall([string] $repoRoot, [string[]]$updateDirectories) { +function Get-GlobalJsonForSdkInstall([string] $repoRoot, [string[]] $updateDirectories) { $repoRoot = Convert-Path $repoRoot $repoRootParent = Split-Path -Parent $repoRoot $globalJsonPaths = @() foreach ($updateDirectory in $updateDirectories) { - $candidateDir = Convert-Path "$repoRoot/$updateDirectory" - if (Test-Path $candidateDir) { - while ($true) { - $globalJsonPath = Join-Path $candidateDir "global.json" - if (Test-Path $globalJsonPath) { - $repoRelativeGlobalJsonPath = [System.IO.Path]::GetRelativePath($repoRoot, $globalJsonPath).Replace("\", "/") - $globalJsonPaths += $repoRelativeGlobalJsonPath - } + if (-not (Test-Path "$repoRoot/$updateDirectory")) { + # directory doesn't exist + continue + } + + # $updateDirectory might be a recursive wildcard like "/**"; this takes care of that + $candidateDirs = Convert-Path "$repoRoot/$updateDirectory" + foreach ($candidateDir in $candidateDirs) { + if (Test-Path $candidateDir -PathType Container) { + while ($true) { + $globalJsonPath = Join-Path $candidateDir "global.json" + if (Test-Path $globalJsonPath) { + $repoRelativeGlobalJsonPath = [System.IO.Path]::GetRelativePath($repoRoot, $globalJsonPath).Replace("\", "/") + $globalJsonPaths += $repoRelativeGlobalJsonPath + } - $candidateDir = Split-Path -Parent $candidateDir - if ($null -eq $candidateDir -or ` - $candidateDir -eq $repoRootParent) { - break + $candidateDir = Split-Path -Parent $candidateDir + if ($null -eq $candidateDir -or ` + $candidateDir -eq $repoRootParent) { + break + } } } } @@ -50,26 +84,10 @@ function Install-Sdks([string]$jobFilePath, [string]$repoContentsPath, [string]$ $candidateDirectories += $job.source.directories } - $globalJsonRelativePaths = Get-DirectoriesForSdkInstall ` - -repoRoot $rootDir ` - -updateDirectories $candidateDirectories - - foreach ($globalJsonRelativePath in $globalJsonRelativePaths) { - $globalJsonPath = "$rootDir/$globalJsonRelativePath" - $globalJson = Get-Content $globalJsonPath | ConvertFrom-Json - if ("sdk" -notin $globalJson.PSobject.Properties.Name) { - continue - } - if ("version" -notin $globalJson.sdk.PSobject.Properties.Name) { - continue - } - - $sdkVersion = $globalJson.sdk.version - if (($Null -ne $sdkVersion) -And (-Not ($sdkVersion -in $installedSdks))) { - $installedSdks += $sdkVersion - Write-Host "Installing SDK $sdkVersion as specified in $globalJsonRelativePath" - & $dotnetInstallScriptPath --version $sdkVersion --install-dir $dotnetInstallDir - } + $sdksToInstall = Get-SdkVersionsToInstall -repoRoot $rootDir -updateDirectories $candidateDirectories -installedSdks $installedSdks + foreach ($sdkVersion in $sdksToInstall) { + Write-Host "Installing SDK $sdkVersion" + & $dotnetInstallScriptPath --version $sdkVersion --install-dir $dotnetInstallDir } # report the final set diff --git a/nuget/updater/test-data/global-json-discovery-2-values/global.json b/nuget/updater/test-data/global-json-discovery-2-values/global.json index 393f6c72b8..fff407e207 100644 --- a/nuget/updater/test-data/global-json-discovery-2-values/global.json +++ b/nuget/updater/test-data/global-json-discovery-2-values/global.json @@ -1,3 +1,5 @@ { - "comment": "content unimportant for test" + "sdk": { + "version": "4.5.6" + } } \ No newline at end of file diff --git a/nuget/updater/test-data/global-json-discovery-2-values/src/global.json b/nuget/updater/test-data/global-json-discovery-2-values/src/global.json index 393f6c72b8..0f4c71898b 100644 --- a/nuget/updater/test-data/global-json-discovery-2-values/src/global.json +++ b/nuget/updater/test-data/global-json-discovery-2-values/src/global.json @@ -1,3 +1,5 @@ { - "comment": "content unimportant for test" + "sdk": { + "version": "1.2.3" + } } \ No newline at end of file diff --git a/nuget/updater/test-data/global-json-discovery-empty-object/global.json b/nuget/updater/test-data/global-json-discovery-empty-object/global.json new file mode 100644 index 0000000000..0f4c71898b --- /dev/null +++ b/nuget/updater/test-data/global-json-discovery-empty-object/global.json @@ -0,0 +1,5 @@ +{ + "sdk": { + "version": "1.2.3" + } +} \ No newline at end of file diff --git a/nuget/updater/test-data/global-json-discovery-empty-object/src/global.json b/nuget/updater/test-data/global-json-discovery-empty-object/src/global.json new file mode 100644 index 0000000000..7a73a41bfd --- /dev/null +++ b/nuget/updater/test-data/global-json-discovery-empty-object/src/global.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/nuget/updater/test-data/global-json-discovery-recursive-wildcard/.gitignore b/nuget/updater/test-data/global-json-discovery-recursive-wildcard/.gitignore new file mode 100644 index 0000000000..e69de29bb2 diff --git a/nuget/updater/test-data/global-json-discovery-recursive-wildcard/src/global.json b/nuget/updater/test-data/global-json-discovery-recursive-wildcard/src/global.json new file mode 100644 index 0000000000..0f4c71898b --- /dev/null +++ b/nuget/updater/test-data/global-json-discovery-recursive-wildcard/src/global.json @@ -0,0 +1,5 @@ +{ + "sdk": { + "version": "1.2.3" + } +} \ No newline at end of file diff --git a/nuget/updater/test-data/global-json-discovery-root-with-file/global.json b/nuget/updater/test-data/global-json-discovery-root-with-file/global.json index 393f6c72b8..0f4c71898b 100644 --- a/nuget/updater/test-data/global-json-discovery-root-with-file/global.json +++ b/nuget/updater/test-data/global-json-discovery-root-with-file/global.json @@ -1,3 +1,5 @@ { - "comment": "content unimportant for test" + "sdk": { + "version": "1.2.3" + } } \ No newline at end of file diff --git a/nuget/updater/test.ps1 b/nuget/updater/test.ps1 index 3ef5f29956..3456b1acd7 100755 --- a/nuget/updater/test.ps1 +++ b/nuget/updater/test.ps1 @@ -6,45 +6,67 @@ $ErrorActionPreference = "Stop" function Assert-ArraysEqual([string[]]$expected, [string[]]$actual) { $expectedText = $expected -join ", " $actualText = $actual -join ", " - if ($expected.Length -ne $actual.Length) { - throw "Expected array length $($expected.Length) but was $($actual.Length). Values: [$expectedText] vs [$actualText]" - } - for ($i = 0; $i -lt $expected.Length; $i++) { - if ($expected[$i] -ne $actual[$i]) { - throw "Expected array element at index $i to be '$($expected[$i])' but was '$($actual[$i])'" - } + if ($expectedText -ne $actualText) { + throw "Expected array values '$expectedText' but was '$actualText'" } } -function Test-GlobalJsonDiscovery([string]$testDirectory, [string[]]$directories, [string[]]$expectedPaths) { - Write-Host "Test-GlobalJsonDiscovery in $testDirectory ... " -NoNewline +function Test-GlobalJsonVersions([string] $testDirectory, [string[]] $directories, [string[]] $installedSdks, [string[]] $expectedSdksToInstall) { + Write-Host "Test-GlobalJsonVersions in $testDirectory ... " -NoNewline $testDirectoryFull = "$PSScriptRoot/test-data/$testDirectory" - $actualPaths = Get-DirectoriesForSdkInstall -repoRoot $testDirectoryFull -updateDirectories $directories - Assert-ArraysEqual -expected $expectedPaths -actual $actualPaths + $actualSdksToInstall = Get-SdkVersionsToInstall -repoRoot $testDirectoryFull -updateDirectories $directories -installedSdks $installedSdks + Assert-ArraysEqual -expected $expectedSdksToInstall -actual $actualSdksToInstall Write-Host "OK" } try { - # verify SDK updater directories - Test-GlobalJsonDiscovery ` + Test-GlobalJsonVersions ` -testDirectory "global-json-discovery-root-no-file" ` -directories @("/") ` - -expectedPaths @() + -installedSdks @("8.0.404", "9.0.101") ` + -expectedSdksToInstall @() - Test-GlobalJsonDiscovery ` + Test-GlobalJsonVersions ` -testDirectory "global-json-discovery-root-with-file" ` -directories @("/") ` - -expectedPaths @("global.json") + -installedSdks @("8.0.404", "9.0.101") ` + -expectedSdksToInstall @("1.2.3") - Test-GlobalJsonDiscovery ` + Test-GlobalJsonVersions ` -testDirectory "global-json-discovery-none" ` -directories @("src") ` - -expectedPaths @() + -installedSdks @("8.0.404", "9.0.101") ` + -expectedSdksToInstall @() - Test-GlobalJsonDiscovery ` + Test-GlobalJsonVersions ` -testDirectory "global-json-discovery-2-values" ` -directories @("src") ` - -expectedPaths @("src/global.json", "global.json") + -installedSdks @("8.0.404", "9.0.101") ` + -expectedSdksToInstall @("1.2.3", "4.5.6") + + Test-GlobalJsonVersions ` + -testDirectory "global-json-discovery-empty-object" ` + -directories @("/src") ` + -installedSdks @("8.0.404", "9.0.101") ` + -expectedSdksToInstall @("1.2.3") + + Test-GlobalJsonVersions ` + -testDirectory "global-json-discovery-recursive-wildcard" ` + -directories @("/**") ` + -installedSdks @("8.0.404", "9.0.101") ` + -expectedSdksToInstall @("1.2.3") + + Test-GlobalJsonVersions ` + -testDirectory "global-json-discovery-recursive-wildcard" ` + -directories @("/src/**/*") ` + -installedSdks @("8.0.404", "9.0.101") ` + -expectedSdksToInstall @() + + Test-GlobalJsonVersions ` + -testDirectory "global-json-discovery-none" ` + -directories @("/dir-that-does-not-exist") ` + -installedSdks @("8.0.404", "9.0.101") ` + -expectedSdksToInstall @() } catch { Write-Host $_ diff --git a/pub/lib/dependabot/pub/helpers.rb b/pub/lib/dependabot/pub/helpers.rb index c27b84e8de..5c992761b5 100644 --- a/pub/lib/dependabot/pub/helpers.rb +++ b/pub/lib/dependabot/pub/helpers.rb @@ -244,7 +244,7 @@ def run_dependency_services(command, stdin_data: nil) stdin_data: stdin_data, chdir: command_dir ) - raise Dependabot::DependabotError, "dependency_services failed: #{stderr}" unless status.success? + raise_error(stderr) unless status.success? return stdout unless block_given? yield command_dir @@ -252,6 +252,20 @@ def run_dependency_services(command, stdin_data: nil) end end + def raise_error(stderr) + if stderr.include?("Failed parsing lock file") || stderr.include?("Unsupported operation") + raise DependencyFileNotEvaluatable, "dependency_services failed: #{stderr}" + elsif stderr.include?("Git error") + raise Dependabot::InvalidGitAuthToken, "dependency_services failed: #{stderr}" + elsif stderr.include?("version solving failed") + raise Dependabot::DependencyFileNotResolvable, "dependency_services failed: #{stderr}" + elsif stderr.include?("Could not find a file named \"pubspec.yaml\"") + raise Dependabot::DependencyFileNotFound.new("pubspec.yaml", "dependency_services failed: #{stderr}") + else + raise Dependabot::DependabotError, "dependency_services failed: #{stderr}" + end + end + # Parses a dependency as listed by `dependency_services list`. def parse_listed_dependency(json) params = { diff --git a/pub/spec/dependabot/pub/update_checker_spec.rb b/pub/spec/dependabot/pub/update_checker_spec.rb index a77b2fcc2d..86e33666cb 100644 --- a/pub/spec/dependabot/pub/update_checker_spec.rb +++ b/pub/spec/dependabot/pub/update_checker_spec.rb @@ -716,6 +716,61 @@ end end + context "when there is an error while running a subshell command" do + let(:status) { instance_double(Process::Status, success?: false) } + + before do + allow(Open3).to receive(:capture3).and_call_original + allow(Open3).to receive(:capture3).with(Hash, String, "report", Hash).and_return(["", stderr, status]) + end + + context "with a git error" do + let(:stderr) { "Git error. Command: `git clone --mirror https://github.com/***`" } + + it "raises the correct error" do + expect { checker.latest_version }.to raise_error(Dependabot::InvalidGitAuthToken) + end + end + + context "when parsing the lockfile fails" do + let(:stderr) { "Failed parsing lock file" } + + it "raises the correct error" do + expect { checker.latest_version }.to raise_error(Dependabot::DependencyFileNotEvaluatable) + end + end + + context "when version resolution fails" do + let(:stderr) do + "Because care_share_nepal depends on both freezed ^3.0.0-0.0.dev and freezed ^2.3.5, version solving failed." + end + + it "raises the correct error" do + expect { checker.latest_version }.to raise_error(Dependabot::DependencyFileNotResolvable) + end + end + + context "when pubspec.yaml is missing" do + let(:stderr) do + "Could not find a file named \"pubspec.yaml\" in https://github.com/Iconica-Development" + end + + it "raises the correct error" do + expect { checker.latest_version }.to raise_error(Dependabot::DependencyFileNotFound) + end + end + + context "when dependency file has unsupported syntax" do + let(:stderr) do + "Unsupported operation: Encountered an alias node along [dependencies, isar, version]!" + end + + it "raises the correct error" do + expect { checker.latest_version }.to raise_error(Dependabot::DependencyFileNotEvaluatable) + end + end + end + context "with a git dependency" do include_context "with temp dir"