Need to bump to newest gomodules extracted tag

[jeffwidman]

Once dependabot/gomodules-extracted#9 is merged and a new version cut, need to update the tag in this repo. See #2619 for an example of how it was done last time around.

[jeffwidman]

Actually, looks like both of these files will need updating, and only one of them was previously updated:

1. dependabot-core/go_modules/helpers/go.mod

   Line 8 in 05a2faf

   github.com/dependabot/gomodules-extracted v1.2.0

2. dependabot-core/go_modules/helpers/updater/go.mod

   Line 3 in 05a2faf

   require github.com/dependabot/gomodules-extracted v0.0.0-20181020215834-1b2f850478a3

[jeffwidman]

See also #3576 which simply removes the go_modules/helpers/updater/go.mod file, so that there's only one canonical place to update.

[jeffwidman]

The two bits that are imported from internal stuff both had breaking changes. 😢

The modfetch.Lookup signature is easy, they stopped returning an error: golang/go@c921157.

modload.InitMod was refactored here: golang/go@d05e89a. It appears that we only need the LoadModFile bits, not the CreateModFile bits... so modload.LoadModFile(context.Background()) should suffice.

[jeffwidman]

See also discussion #3590 (comment) which would allow completely removing this code altogether.

[jeffwidman]

Closed in #3632

@thepwagner quick reminder that you need to manually close these bugs when the PR gets merged... github won't auto-close the ticket unless the PR has something auto-parseable like Fix #3569...