dependabot-cargo 0.124.8 → 0.125.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/cargo/file_parser.rb +5 -15
  3. data/lib/dependabot/cargo/file_updater/lockfile_updater.rb +2 -6
  4. data/lib/dependabot/cargo/update_checker.rb +4 -12
  5. data/lib/dependabot/cargo/update_checker/file_preparer.rb +3 -9
  6. data/lib/dependabot/cargo/update_checker/latest_version_finder.rb +1 -3
  7. data/lib/dependabot/cargo/update_checker/version_resolver.rb +3 -9
  8. metadata +6 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 0e6042ef6736fe80b4149a2497d5b01b8bfc03b758c6981cb5297369dbd67891
4
- data.tar.gz: fbdca6817f971e4b6fa45aa5751b7e78ae69f8e06d35145738f7c060edd867b5
3
+ metadata.gz: 7f43673501df4b1fb171fdf36a65f2b545c549fecfc6985537b4fc0a1be5fa26
4
+ data.tar.gz: 21e827a34ba50d6ad920164f0ed6d5b7f57f97d4b67ebd8f1a5ee1ca9f8c88c2
5
5
  SHA512:
6
- metadata.gz: 022d03e2cd87ecb7f63aa2be1011e9e042223169caeb343203075bc3abc511fe952069b9c50d624cb402a69d4882f1cd11067bcb3ddab55000ca98b23791b0ff
7
- data.tar.gz: 919bd4883669b709489b45fb30ae531ac4b359f8115462b6ba785bc04f839273af8c516c1f62411c4b6555a005bc5b1edf512bc60559e474663e90ee6a8f4018
6
+ metadata.gz: 03c43883512a0be91ac35ac14e5223652c5c4afa73d596d29f2a67d9257ad92c719f5f5edb8881aa85c6a958573a8f820864c713c140c8a98d8b2014cb5982db
7
+ data.tar.gz: 6fa03057b529b18e27f8516363e94e8ed8300222d514704be99eaac5c508c3032e907eb3389a8a43bd07f3ac6c1568425fc379a3f62da5402156f1906647cb25
data/lib/dependabot/cargo/file_parser.rb CHANGED
@@ -130,30 +130,22 @@ module Dependabot
130
130
  if declaration.is_a?(String)
131
131
  return declaration == "" ? nil : declaration
132
132
  end
133
- unless declaration.is_a?(Hash)
134
- raise "Unexpected dependency declaration: #{declaration}"
135
- end
136
- if declaration["version"]&.is_a?(String) && declaration["version"] != ""
137
- return declaration["version"]
138
- end
133
+ raise "Unexpected dependency declaration: #{declaration}" unless declaration.is_a?(Hash)
134
+ return declaration["version"] if declaration["version"]&.is_a?(String) && declaration["version"] != ""
139
135
 
140
136
  nil
141
137
  end
142
138
 
143
139
  def name_from_declaration(name, declaration)
144
140
  return name if declaration.is_a?(String)
145
- unless declaration.is_a?(Hash)
146
- raise "Unexpected dependency declaration: #{declaration}"
147
- end
141
+ raise "Unexpected dependency declaration: #{declaration}" unless declaration.is_a?(Hash)
148
142
 
149
143
  declaration.fetch("package", name)
150
144
  end
151
145
 
152
146
  def source_from_declaration(declaration)
153
147
  return if declaration.is_a?(String)
154
- unless declaration.is_a?(Hash)
155
- raise "Unexpected dependency declaration: #{declaration}"
156
- end
148
+ raise "Unexpected dependency declaration: #{declaration}" unless declaration.is_a?(Hash)
157
149
 
158
150
  return git_source_details(declaration) if declaration["git"]
159
151
  return { type: "path" } if declaration["path"]
@@ -203,9 +195,7 @@ module Dependabot
203
195
  end
204
196
 
205
197
  def version_from_lockfile_details(package_details)
206
- unless package_details["source"]&.start_with?("git+")
207
- return package_details["version"]
208
- end
198
+ return package_details["version"] unless package_details["source"]&.start_with?("git+")
209
199
 
210
200
  package_details["source"].split("#").last
211
201
  end
data/lib/dependabot/cargo/file_updater/lockfile_updater.rb CHANGED
@@ -38,9 +38,7 @@ module Dependabot
38
38
  updated_lockfile = File.read("Cargo.lock")
39
39
  updated_lockfile = post_process_lockfile(updated_lockfile)
40
40
 
41
- if updated_lockfile.include?(desired_lockfile_content)
42
- next updated_lockfile
43
- end
41
+ next updated_lockfile if updated_lockfile.include?(desired_lockfile_content)
44
42
 
45
43
  raise "Failed to update #{dependency.name}!"
46
44
  end
@@ -270,9 +268,7 @@ module Dependabot
270
268
 
271
269
  def remove_default_run_specification(content)
272
270
  parsed_manifest = TomlRB.parse(content)
273
- if parsed_manifest.dig("package", "default-run")
274
- parsed_manifest["package"].delete("default-run")
275
- end
271
+ parsed_manifest["package"].delete("default-run") if parsed_manifest.dig("package", "default-run")
276
272
  TomlRB.dump(parsed_manifest)
277
273
  end
278
274
 
data/lib/dependabot/cargo/update_checker.rb CHANGED
@@ -49,9 +49,7 @@ module Dependabot
49
49
  def lowest_resolvable_security_fix_version
50
50
  raise "Dependency not vulnerable!" unless vulnerable?
51
51
 
52
- if defined?(@lowest_resolvable_security_fix_version)
53
- return @lowest_resolvable_security_fix_version
54
- end
52
+ return @lowest_resolvable_security_fix_version if defined?(@lowest_resolvable_security_fix_version)
55
53
 
56
54
  @lowest_resolvable_security_fix_version =
57
55
  fetch_lowest_resolvable_security_fix_version
@@ -125,9 +123,7 @@ module Dependabot
125
123
  def latest_git_version_sha
126
124
  # If the gem isn't pinned, the latest version is just the latest
127
125
  # commit for the specified branch.
128
- unless git_commit_checker.pinned?
129
- return git_commit_checker.head_commit_for_current_branch
130
- end
126
+ return git_commit_checker.head_commit_for_current_branch unless git_commit_checker.pinned?
131
127
 
132
128
  # If the dependency is pinned to a tag that looks like a version then
133
129
  # we want to update that tag. The latest version will then be the SHA
@@ -145,9 +141,7 @@ module Dependabot
145
141
  def latest_resolvable_version_for_git_dependency
146
142
  # If the gem isn't pinned, the latest version is just the latest
147
143
  # commit for the specified branch.
148
- unless git_commit_checker.pinned?
149
- return latest_resolvable_commit_with_unchanged_git_source
150
- end
144
+ return latest_resolvable_commit_with_unchanged_git_source unless git_commit_checker.pinned?
151
145
 
152
146
  # If the dependency is pinned to a tag that looks like a version then
153
147
  # we want to update that tag. The latest version will then be the SHA
@@ -221,9 +215,7 @@ module Dependabot
221
215
  fix_version = lowest_security_fix_version
222
216
  return latest_resolvable_version if fix_version.nil?
223
217
 
224
- if path_dependency? || git_dependency? || git_subdependency?
225
- return latest_resolvable_version
226
- end
218
+ return latest_resolvable_version if path_dependency? || git_dependency? || git_subdependency?
227
219
 
228
220
  prepared_files = FilePreparer.new(
229
221
  dependency_files: dependency_files,
data/lib/dependabot/cargo/update_checker/file_preparer.rb CHANGED
@@ -120,13 +120,9 @@ module Dependabot
120
120
  next unless req.is_a?(Hash)
121
121
  next unless [req["tag"], req["rev"]].compact.uniq.count == 1
122
122
 
123
- if req["tag"]
124
- parsed_manifest[type][name]["tag"] = replacement_git_pin
125
- end
123
+ parsed_manifest[type][name]["tag"] = replacement_git_pin if req["tag"]
126
124
 
127
- if req["rev"]
128
- parsed_manifest[type][name]["rev"] = replacement_git_pin
129
- end
125
+ parsed_manifest[type][name]["rev"] = replacement_git_pin if req["rev"]
130
126
  end
131
127
  end
132
128
 
@@ -255,9 +251,7 @@ module Dependabot
255
251
 
256
252
  def name_from_declaration(name, declaration)
257
253
  return name if declaration.is_a?(String)
258
- unless declaration.is_a?(Hash)
259
- raise "Unexpected dependency declaration: #{declaration}"
260
- end
254
+ raise "Unexpected dependency declaration: #{declaration}" unless declaration.is_a?(Hash)
261
255
 
262
256
  declaration.fetch("package", name)
263
257
  end
data/lib/dependabot/cargo/update_checker/latest_version_finder.rb CHANGED
@@ -56,9 +56,7 @@ module Dependabot
56
56
  def filter_ignored_versions(versions_array)
57
57
  filtered = versions_array.
58
58
  reject { |v| ignore_reqs.any? { |r| r.satisfied_by?(v) } }
59
- if @raise_on_ignored && filtered.empty? && versions_array.any?
60
- raise Dependabot::AllVersionsIgnored
61
- end
59
+ raise Dependabot::AllVersionsIgnored if @raise_on_ignored && filtered.empty? && versions_array.any?
62
60
 
63
61
  filtered
64
62
  end
data/lib/dependabot/cargo/update_checker/version_resolver.rb CHANGED
@@ -214,9 +214,7 @@ module Dependabot
214
214
  raise Dependabot::GitDependencyReferenceNotFound, dependency_url
215
215
  end
216
216
 
217
- if resolvability_error?(error.message)
218
- raise Dependabot::DependencyFileNotResolvable, error.message
219
- end
217
+ raise Dependabot::DependencyFileNotResolvable, error.message if resolvability_error?(error.message)
220
218
 
221
219
  if workspace_native_library_update_error?(error.message)
222
220
  # This happens when we're updating one part of a workspace which
@@ -373,16 +371,12 @@ module Dependabot
373
371
 
374
372
  object.delete("bin")
375
373
 
376
- if object.dig("package", "default-run")
377
- object["package"].delete("default-run")
378
- end
374
+ object["package"].delete("default-run") if object.dig("package", "default-run")
379
375
 
380
376
  package_name = object.dig("package", "name")
381
377
  return TomlRB.dump(object) unless package_name&.match?(/[\{\}]/)
382
378
 
383
- if lockfile
384
- raise "Sanitizing name for pkg with lockfile. Investigate!"
385
- end
379
+ raise "Sanitizing name for pkg with lockfile. Investigate!" if lockfile
386
380
 
387
381
  object["package"]["name"] = "sanitized"
388
382
  TomlRB.dump(object)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-cargo
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.124.8
4
+ version: 0.125.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-11-04 00:00:00.000000000 Z
11
+ date: 2020-11-17 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.124.8
19
+ version: 0.125.4
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.124.8
26
+ version: 0.125.4
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -128,14 +128,14 @@ dependencies:
128
128
  requirements:
129
129
  - - "~>"
130
130
  - !ruby/object:Gem::Version
131
- version: 0.7.2
131
+ version: 0.8.0
132
132
  type: :development
133
133
  prerelease: false
134
134
  version_requirements: !ruby/object:Gem::Requirement
135
135
  requirements:
136
136
  - - "~>"
137
137
  - !ruby/object:Gem::Version
138
- version: 0.7.2
138
+ version: 0.8.0
139
139
  - !ruby/object:Gem::Dependency
140
140
  name: vcr
141
141
  requirement: !ruby/object:Gem::Requirement