dependabot-cargo 0.211.0 → 0.213.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/cargo/file_fetcher.rb +2 -2
  3. data/lib/dependabot/cargo/file_parser.rb +16 -3
  4. data/lib/dependabot/cargo/file_updater/lockfile_updater.rb +2 -2
  5. data/lib/dependabot/cargo/metadata_finder.rb +2 -3
  6. data/lib/dependabot/cargo/requirement.rb +2 -2
  7. data/lib/dependabot/cargo/update_checker/file_preparer.rb +1 -2
  8. data/lib/dependabot/cargo/update_checker/requirements_updater.rb +1 -1
  9. data/lib/dependabot/cargo/update_checker/version_resolver.rb +10 -12
  10. data/lib/dependabot/cargo/version.rb +1 -1
  11. metadata +14 -42
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: fae6b268169748a07ba7e6146f44449ffe941747347146c9a7fe1cd2ddc012dd
4
- data.tar.gz: 603161b2ecf08e9fc2b8f4eae70b741ee82f21898ca9a509d93404961921f55a
3
+ metadata.gz: 21dc0ea4001940fffbf43b581315b2e20337f869b9e8722d824b8d90fe30e37e
4
+ data.tar.gz: 9bc652359e629859f89b7f834a31f93371f3a30b243c750d76baff85b1f3c91d
5
5
  SHA512:
6
- metadata.gz: 4d3fed0c16f9b569858726b550b290462d2b26067d328d5d83f7f36ea816272e7d05b0cc319f8c2c2e8d90fc9766890b2ea2f6118bdfdf294c07980c9286f437
7
- data.tar.gz: 702b7589feff7dfc914e7eee6a3fd682a4164c3aff7561e04cdd1645cddbd24f60e0d9a817fbea26879a3a1e918a411cde942043a7e6c449ffd4b85a7c5aa8ad
6
+ metadata.gz: 1387ae679d92f01f1bf8009319f6ebd82db3e2c5bb2edc720ffcabed443be538e50cdf212853e6a593afe8e64bfdef48870925a268bc1ea4769446124a6bcf80
7
+ data.tar.gz: ceff9213f82e10d6ccb40435bd955c4f988cbf153b256a837dbdca23c100d82d812b5e623a742bfa41e6fb3f1b6fefb915318b623046cfd1ec0b356b1ab1821c
data/lib/dependabot/cargo/file_fetcher.rb CHANGED
@@ -144,7 +144,7 @@ module Dependabot
144
144
  next unless details.is_a?(Hash)
145
145
  next unless details["path"]
146
146
 
147
- paths << File.join(details["path"], "Cargo.toml")
147
+ paths << File.join(details["path"], "Cargo.toml").delete_prefix("/")
148
148
  end
149
149
  end
150
150
 
@@ -155,7 +155,7 @@ module Dependabot
155
155
  next unless details.is_a?(Hash)
156
156
  next unless details["path"]
157
157
 
158
- paths << File.join(details["path"], "Cargo.toml")
158
+ paths << File.join(details["path"], "Cargo.toml").delete_prefix("/")
159
159
  end
160
160
  end
161
161
  end
data/lib/dependabot/cargo/file_parser.rb CHANGED
@@ -46,16 +46,18 @@ module Dependabot
46
46
  workspace_root = parsed_file(cargo_toml).dig("package", "workspace")
47
47
  return unless workspace_root
48
48
 
49
- msg = "This project is part of a Rust workspace but is not the "\
50
- "workspace root."\
49
+ msg = "This project is part of a Rust workspace but is not the " \
50
+ "workspace root." \
51
51
 
52
52
  if cargo_toml.directory != "/"
53
- msg += "Please update your settings so Dependabot points at the "\
53
+ msg += "Please update your settings so Dependabot points at the " \
54
54
  "workspace root instead of #{cargo_toml.directory}."
55
55
  end
56
56
  raise Dependabot::DependencyFileNotEvaluatable, msg
57
57
  end
58
58
 
59
+ # rubocop:disable Metrics/AbcSize
60
+ # rubocop:disable Metrics/CyclomaticComplexity
59
61
  # rubocop:disable Metrics/PerceivedComplexity
60
62
  def manifest_dependencies
61
63
  dependency_set = DependencySet.new
@@ -79,10 +81,21 @@ module Dependabot
79
81
  end
80
82
  end
81
83
  end
84
+
85
+ workspace = parsed_file(file).fetch("workspace", {})
86
+ workspace.fetch("dependencies", {}).each do |name, requirement|
87
+ next unless name == name_from_declaration(name, requirement)
88
+ next if lockfile && !version_from_lockfile(name, requirement)
89
+
90
+ dependency_set <<
91
+ build_dependency(name, requirement, "workspace.dependencies", file)
92
+ end
82
93
  end
83
94
 
84
95
  dependency_set
85
96
  end
97
+ # rubocop:enable Metrics/AbcSize
98
+ # rubocop:enable Metrics/CyclomaticComplexity
86
99
  # rubocop:enable Metrics/PerceivedComplexity
87
100
 
88
101
  def build_dependency(name, requirement, type, file)
data/lib/dependabot/cargo/file_updater/lockfile_updater.rb CHANGED
@@ -14,9 +14,9 @@ module Dependabot
14
14
  LOCKFILE_ENTRY_REGEX = /
15
15
  \[\[package\]\]\n
16
16
  (?:(?!^\[(\[package|metadata)).)+
17
- /mx.freeze
17
+ /mx
18
18
 
19
- LOCKFILE_CHECKSUM_REGEX = /^"checksum .*$/.freeze
19
+ LOCKFILE_CHECKSUM_REGEX = /^"checksum .*$/
20
20
 
21
21
  def initialize(dependencies:, dependency_files:, credentials:)
22
22
  @dependencies = dependencies
data/lib/dependabot/cargo/metadata_finder.rb CHANGED
@@ -33,15 +33,14 @@ module Dependabot
33
33
  def find_source_from_crates_listing
34
34
  potential_source_urls =
35
35
  SOURCE_KEYS.
36
- map { |key| crates_listing.dig("crate", key) }.
37
- compact
36
+ filter_map { |key| crates_listing.dig("crate", key) }
38
37
 
39
38
  source_url = potential_source_urls.find { |url| Source.from_url(url) }
40
39
  Source.from_url(source_url)
41
40
  end
42
41
 
43
42
  def find_source_from_git_url
44
- info = dependency.requirements.map { |r| r[:source] }.compact.first
43
+ info = dependency.requirements.filter_map { |r| r[:source] }.first
45
44
 
46
45
  url = info[:url] || info.fetch("url")
47
46
  Source.from_url(url)
data/lib/dependabot/cargo/requirement.rb CHANGED
@@ -16,7 +16,7 @@ module Dependabot
16
16
  version_pattern = Cargo::Version::VERSION_PATTERN
17
17
 
18
18
  PATTERN_RAW = "\\s*(#{quoted})?\\s*(#{version_pattern})\\s*"
19
- PATTERN = /\A#{PATTERN_RAW}\z/.freeze
19
+ PATTERN = /\A#{PATTERN_RAW}\z/
20
20
 
21
21
  # Use Cargo::Version rather than Gem::Version to ensure that
22
22
  # pre-release versions aren't transformed.
@@ -33,7 +33,7 @@ module Dependabot
33
33
  [matches[1] || "=", Cargo::Version.new(matches[2])]
34
34
  end
35
35
 
36
- # For consistency with other langauges, we define a requirements array.
36
+ # For consistency with other languages, we define a requirements array.
37
37
  # Rust doesn't have an `OR` separator for requirements, so it always
38
38
  # contains a single element.
39
39
  def self.requirements_array(requirement_string)
data/lib/dependabot/cargo/update_checker/file_preparer.rb CHANGED
@@ -206,8 +206,7 @@ module Dependabot
206
206
  dependency.version
207
207
  else
208
208
  version_from_requirement =
209
- dependency.requirements.map { |r| r.fetch(:requirement) }.
210
- compact.
209
+ dependency.requirements.filter_map { |r| r.fetch(:requirement) }.
211
210
  flat_map { |req_str| Cargo::Requirement.new(req_str) }.
212
211
  flat_map(&:requirements).
213
212
  reject { |req_array| req_array.first.start_with?("<") }.
data/lib/dependabot/cargo/update_checker/requirements_updater.rb CHANGED
@@ -16,7 +16,7 @@ module Dependabot
16
16
  class RequirementsUpdater
17
17
  class UnfixableRequirement < StandardError; end
18
18
 
19
- VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-*]+)*/.freeze
19
+ VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-*]+)*/
20
20
  ALLOWED_UPDATE_STRATEGIES =
21
21
  %i(bump_versions bump_versions_if_necessary).freeze
22
22
 
data/lib/dependabot/cargo/update_checker/version_resolver.rb CHANGED
@@ -11,15 +11,12 @@ module Dependabot
11
11
  module Cargo
12
12
  class UpdateChecker
13
13
  class VersionResolver
14
- UNABLE_TO_UPDATE =
15
- /Unable to update (?<url>.*?)$/.freeze
16
- BRANCH_NOT_FOUND_REGEX =
17
- /#{UNABLE_TO_UPDATE}.*to find branch `(?<branch>[^`]+)`/m.freeze
18
- REVSPEC_PATTERN = /revspec '.*' not found/.freeze
19
- OBJECT_PATTERN = /object not found - no match for id \(.*\)/.freeze
20
- REF_NOT_FOUND_REGEX =
21
- /#{UNABLE_TO_UPDATE}.*(#{REVSPEC_PATTERN}|#{OBJECT_PATTERN})/m.freeze
22
- GIT_REF_NOT_FOUND_REGEX = /Updating git repository `(?<url>[^`]*)`.*fatal: couldn't find remote ref/m.freeze
14
+ UNABLE_TO_UPDATE = /Unable to update (?<url>.*?)$/
15
+ BRANCH_NOT_FOUND_REGEX = /#{UNABLE_TO_UPDATE}.*to find branch `(?<branch>[^`]+)`/m
16
+ REVSPEC_PATTERN = /revspec '.*' not found/
17
+ OBJECT_PATTERN = /object not found - no match for id \(.*\)/
18
+ REF_NOT_FOUND_REGEX = /#{UNABLE_TO_UPDATE}.*(#{REVSPEC_PATTERN}|#{OBJECT_PATTERN})/m
19
+ GIT_REF_NOT_FOUND_REGEX = /Updating git repository `(?<url>[^`]*)`.*fatal: couldn't find remote ref/m
23
20
 
24
21
  def initialize(dependency:, credentials:,
25
22
  original_dependency_files:, prepared_dependency_files:)
@@ -168,11 +165,11 @@ module Dependabot
168
165
  max_by { |f| f.name.length }
169
166
  return unless TomlRB.parse(cargo_toml.content)["workspace"]
170
167
 
171
- msg = "This project is part of a Rust workspace but is not the "\
172
- "workspace root."\
168
+ msg = "This project is part of a Rust workspace but is not the " \
169
+ "workspace root." \
173
170
 
174
171
  if cargo_toml.directory != "/"
175
- msg += "Please update your settings so Dependabot points at the "\
172
+ msg += "Please update your settings so Dependabot points at the " \
176
173
  "workspace root instead of #{cargo_toml.directory}."
177
174
  end
178
175
  raise Dependabot::DependencyFileNotResolvable, msg
@@ -188,6 +185,7 @@ module Dependabot
188
185
  end
189
186
 
190
187
  if error.message.include?("authenticate when downloading repo") ||
188
+ # TODO: stop catching this 200 error: https://github.com/dependabot/dependabot-core/pull/5332#discussion_r936888624
191
189
  error.message.include?("HTTP 200 response: got 401") ||
192
190
  error.message.include?("fatal: Authentication failed for")
193
191
  # Check all dependencies for reachability (so that we raise a
data/lib/dependabot/cargo/version.rb CHANGED
@@ -13,7 +13,7 @@ module Dependabot
13
13
  VERSION_PATTERN = '[0-9]+(?>\.[0-9a-zA-Z]+)*' \
14
14
  '(-[0-9A-Za-z-]+(\.[0-9a-zA-Z-]+)*)?' \
15
15
  '(\+[0-9a-zA-Z]+(\.[0-9a-zA-Z]+)*)?'
16
- ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/.freeze
16
+ ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/
17
17
 
18
18
  def initialize(version)
19
19
  @version_string = version.to_s
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-cargo
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.211.0
4
+ version: 0.213.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-08-23 00:00:00.000000000 Z
11
+ date: 2022-10-31 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,42 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.211.0
19
+ version: 0.213.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.211.0
27
- - !ruby/object:Gem::Dependency
28
- name: debase
29
- requirement: !ruby/object:Gem::Requirement
30
- requirements:
31
- - - '='
32
- - !ruby/object:Gem::Version
33
- version: 0.2.3
34
- type: :development
35
- prerelease: false
36
- version_requirements: !ruby/object:Gem::Requirement
37
- requirements:
38
- - - '='
39
- - !ruby/object:Gem::Version
40
- version: 0.2.3
41
- - !ruby/object:Gem::Dependency
42
- name: debase-ruby_core_source
43
- requirement: !ruby/object:Gem::Requirement
44
- requirements:
45
- - - '='
46
- - !ruby/object:Gem::Version
47
- version: 0.10.16
48
- type: :development
49
- prerelease: false
50
- version_requirements: !ruby/object:Gem::Requirement
51
- requirements:
52
- - - '='
53
- - !ruby/object:Gem::Version
54
- version: 0.10.16
26
+ version: 0.213.0
55
27
  - !ruby/object:Gem::Dependency
56
28
  name: debug
57
29
  requirement: !ruby/object:Gem::Requirement
@@ -86,14 +58,14 @@ dependencies:
86
58
  requirements:
87
59
  - - "~>"
88
60
  - !ruby/object:Gem::Version
89
- version: 3.11.1
61
+ version: 3.13.0
90
62
  type: :development
91
63
  prerelease: false
92
64
  version_requirements: !ruby/object:Gem::Requirement
93
65
  requirements:
94
66
  - - "~>"
95
67
  - !ruby/object:Gem::Version
96
- version: 3.11.1
68
+ version: 3.13.0
97
69
  - !ruby/object:Gem::Dependency
98
70
  name: rake
99
71
  requirement: !ruby/object:Gem::Requirement
@@ -142,28 +114,28 @@ dependencies:
142
114
  requirements:
143
115
  - - "~>"
144
116
  - !ruby/object:Gem::Version
145
- version: 1.35.1
117
+ version: 1.37.1
146
118
  type: :development
147
119
  prerelease: false
148
120
  version_requirements: !ruby/object:Gem::Requirement
149
121
  requirements:
150
122
  - - "~>"
151
123
  - !ruby/object:Gem::Version
152
- version: 1.35.1
124
+ version: 1.37.1
153
125
  - !ruby/object:Gem::Dependency
154
- name: ruby-debug-ide
126
+ name: rubocop-performance
155
127
  requirement: !ruby/object:Gem::Requirement
156
128
  requirements:
157
129
  - - "~>"
158
130
  - !ruby/object:Gem::Version
159
- version: 0.7.3
131
+ version: 1.15.0
160
132
  type: :development
161
133
  prerelease: false
162
134
  version_requirements: !ruby/object:Gem::Requirement
163
135
  requirements:
164
136
  - - "~>"
165
137
  - !ruby/object:Gem::Version
166
- version: 0.7.3
138
+ version: 1.15.0
167
139
  - !ruby/object:Gem::Dependency
168
140
  name: simplecov
169
141
  requirement: !ruby/object:Gem::Requirement
@@ -267,14 +239,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
267
239
  requirements:
268
240
  - - ">="
269
241
  - !ruby/object:Gem::Version
270
- version: 2.7.0
242
+ version: 3.1.0
271
243
  required_rubygems_version: !ruby/object:Gem::Requirement
272
244
  requirements:
273
245
  - - ">="
274
246
  - !ruby/object:Gem::Version
275
- version: 2.7.0
247
+ version: 3.1.0
276
248
  requirements: []
277
- rubygems_version: 3.1.6
249
+ rubygems_version: 3.3.7
278
250
  signing_key:
279
251
  specification_version: 4
280
252
  summary: Rust (Cargo) support for dependabot