dependabot-cargo 0.211.0 → 0.213.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/cargo/file_fetcher.rb +2 -2
- data/lib/dependabot/cargo/file_parser.rb +16 -3
- data/lib/dependabot/cargo/file_updater/lockfile_updater.rb +2 -2
- data/lib/dependabot/cargo/metadata_finder.rb +2 -3
- data/lib/dependabot/cargo/requirement.rb +2 -2
- data/lib/dependabot/cargo/update_checker/file_preparer.rb +1 -2
- data/lib/dependabot/cargo/update_checker/requirements_updater.rb +1 -1
- data/lib/dependabot/cargo/update_checker/version_resolver.rb +10 -12
- data/lib/dependabot/cargo/version.rb +1 -1
- metadata +14 -42
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 21dc0ea4001940fffbf43b581315b2e20337f869b9e8722d824b8d90fe30e37e
|
4
|
+
data.tar.gz: 9bc652359e629859f89b7f834a31f93371f3a30b243c750d76baff85b1f3c91d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1387ae679d92f01f1bf8009319f6ebd82db3e2c5bb2edc720ffcabed443be538e50cdf212853e6a593afe8e64bfdef48870925a268bc1ea4769446124a6bcf80
|
7
|
+
data.tar.gz: ceff9213f82e10d6ccb40435bd955c4f988cbf153b256a837dbdca23c100d82d812b5e623a742bfa41e6fb3f1b6fefb915318b623046cfd1ec0b356b1ab1821c
|
@@ -144,7 +144,7 @@ module Dependabot
|
|
144
144
|
next unless details.is_a?(Hash)
|
145
145
|
next unless details["path"]
|
146
146
|
|
147
|
-
paths << File.join(details["path"], "Cargo.toml")
|
147
|
+
paths << File.join(details["path"], "Cargo.toml").delete_prefix("/")
|
148
148
|
end
|
149
149
|
end
|
150
150
|
|
@@ -155,7 +155,7 @@ module Dependabot
|
|
155
155
|
next unless details.is_a?(Hash)
|
156
156
|
next unless details["path"]
|
157
157
|
|
158
|
-
paths << File.join(details["path"], "Cargo.toml")
|
158
|
+
paths << File.join(details["path"], "Cargo.toml").delete_prefix("/")
|
159
159
|
end
|
160
160
|
end
|
161
161
|
end
|
@@ -46,16 +46,18 @@ module Dependabot
|
|
46
46
|
workspace_root = parsed_file(cargo_toml).dig("package", "workspace")
|
47
47
|
return unless workspace_root
|
48
48
|
|
49
|
-
msg = "This project is part of a Rust workspace but is not the "\
|
50
|
-
"workspace root."\
|
49
|
+
msg = "This project is part of a Rust workspace but is not the " \
|
50
|
+
"workspace root." \
|
51
51
|
|
52
52
|
if cargo_toml.directory != "/"
|
53
|
-
msg += "Please update your settings so Dependabot points at the "\
|
53
|
+
msg += "Please update your settings so Dependabot points at the " \
|
54
54
|
"workspace root instead of #{cargo_toml.directory}."
|
55
55
|
end
|
56
56
|
raise Dependabot::DependencyFileNotEvaluatable, msg
|
57
57
|
end
|
58
58
|
|
59
|
+
# rubocop:disable Metrics/AbcSize
|
60
|
+
# rubocop:disable Metrics/CyclomaticComplexity
|
59
61
|
# rubocop:disable Metrics/PerceivedComplexity
|
60
62
|
def manifest_dependencies
|
61
63
|
dependency_set = DependencySet.new
|
@@ -79,10 +81,21 @@ module Dependabot
|
|
79
81
|
end
|
80
82
|
end
|
81
83
|
end
|
84
|
+
|
85
|
+
workspace = parsed_file(file).fetch("workspace", {})
|
86
|
+
workspace.fetch("dependencies", {}).each do |name, requirement|
|
87
|
+
next unless name == name_from_declaration(name, requirement)
|
88
|
+
next if lockfile && !version_from_lockfile(name, requirement)
|
89
|
+
|
90
|
+
dependency_set <<
|
91
|
+
build_dependency(name, requirement, "workspace.dependencies", file)
|
92
|
+
end
|
82
93
|
end
|
83
94
|
|
84
95
|
dependency_set
|
85
96
|
end
|
97
|
+
# rubocop:enable Metrics/AbcSize
|
98
|
+
# rubocop:enable Metrics/CyclomaticComplexity
|
86
99
|
# rubocop:enable Metrics/PerceivedComplexity
|
87
100
|
|
88
101
|
def build_dependency(name, requirement, type, file)
|
@@ -14,9 +14,9 @@ module Dependabot
|
|
14
14
|
LOCKFILE_ENTRY_REGEX = /
|
15
15
|
\[\[package\]\]\n
|
16
16
|
(?:(?!^\[(\[package|metadata)).)+
|
17
|
-
/mx
|
17
|
+
/mx
|
18
18
|
|
19
|
-
LOCKFILE_CHECKSUM_REGEX = /^"checksum
|
19
|
+
LOCKFILE_CHECKSUM_REGEX = /^"checksum .*$/
|
20
20
|
|
21
21
|
def initialize(dependencies:, dependency_files:, credentials:)
|
22
22
|
@dependencies = dependencies
|
@@ -33,15 +33,14 @@ module Dependabot
|
|
33
33
|
def find_source_from_crates_listing
|
34
34
|
potential_source_urls =
|
35
35
|
SOURCE_KEYS.
|
36
|
-
|
37
|
-
compact
|
36
|
+
filter_map { |key| crates_listing.dig("crate", key) }
|
38
37
|
|
39
38
|
source_url = potential_source_urls.find { |url| Source.from_url(url) }
|
40
39
|
Source.from_url(source_url)
|
41
40
|
end
|
42
41
|
|
43
42
|
def find_source_from_git_url
|
44
|
-
info = dependency.requirements.
|
43
|
+
info = dependency.requirements.filter_map { |r| r[:source] }.first
|
45
44
|
|
46
45
|
url = info[:url] || info.fetch("url")
|
47
46
|
Source.from_url(url)
|
@@ -16,7 +16,7 @@ module Dependabot
|
|
16
16
|
version_pattern = Cargo::Version::VERSION_PATTERN
|
17
17
|
|
18
18
|
PATTERN_RAW = "\\s*(#{quoted})?\\s*(#{version_pattern})\\s*"
|
19
|
-
PATTERN = /\A#{PATTERN_RAW}\z
|
19
|
+
PATTERN = /\A#{PATTERN_RAW}\z/
|
20
20
|
|
21
21
|
# Use Cargo::Version rather than Gem::Version to ensure that
|
22
22
|
# pre-release versions aren't transformed.
|
@@ -33,7 +33,7 @@ module Dependabot
|
|
33
33
|
[matches[1] || "=", Cargo::Version.new(matches[2])]
|
34
34
|
end
|
35
35
|
|
36
|
-
# For consistency with other
|
36
|
+
# For consistency with other languages, we define a requirements array.
|
37
37
|
# Rust doesn't have an `OR` separator for requirements, so it always
|
38
38
|
# contains a single element.
|
39
39
|
def self.requirements_array(requirement_string)
|
@@ -206,8 +206,7 @@ module Dependabot
|
|
206
206
|
dependency.version
|
207
207
|
else
|
208
208
|
version_from_requirement =
|
209
|
-
dependency.requirements.
|
210
|
-
compact.
|
209
|
+
dependency.requirements.filter_map { |r| r.fetch(:requirement) }.
|
211
210
|
flat_map { |req_str| Cargo::Requirement.new(req_str) }.
|
212
211
|
flat_map(&:requirements).
|
213
212
|
reject { |req_array| req_array.first.start_with?("<") }.
|
@@ -16,7 +16,7 @@ module Dependabot
|
|
16
16
|
class RequirementsUpdater
|
17
17
|
class UnfixableRequirement < StandardError; end
|
18
18
|
|
19
|
-
VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-*]+)
|
19
|
+
VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-*]+)*/
|
20
20
|
ALLOWED_UPDATE_STRATEGIES =
|
21
21
|
%i(bump_versions bump_versions_if_necessary).freeze
|
22
22
|
|
@@ -11,15 +11,12 @@ module Dependabot
|
|
11
11
|
module Cargo
|
12
12
|
class UpdateChecker
|
13
13
|
class VersionResolver
|
14
|
-
UNABLE_TO_UPDATE =
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
REF_NOT_FOUND_REGEX =
|
21
|
-
/#{UNABLE_TO_UPDATE}.*(#{REVSPEC_PATTERN}|#{OBJECT_PATTERN})/m.freeze
|
22
|
-
GIT_REF_NOT_FOUND_REGEX = /Updating git repository `(?<url>[^`]*)`.*fatal: couldn't find remote ref/m.freeze
|
14
|
+
UNABLE_TO_UPDATE = /Unable to update (?<url>.*?)$/
|
15
|
+
BRANCH_NOT_FOUND_REGEX = /#{UNABLE_TO_UPDATE}.*to find branch `(?<branch>[^`]+)`/m
|
16
|
+
REVSPEC_PATTERN = /revspec '.*' not found/
|
17
|
+
OBJECT_PATTERN = /object not found - no match for id \(.*\)/
|
18
|
+
REF_NOT_FOUND_REGEX = /#{UNABLE_TO_UPDATE}.*(#{REVSPEC_PATTERN}|#{OBJECT_PATTERN})/m
|
19
|
+
GIT_REF_NOT_FOUND_REGEX = /Updating git repository `(?<url>[^`]*)`.*fatal: couldn't find remote ref/m
|
23
20
|
|
24
21
|
def initialize(dependency:, credentials:,
|
25
22
|
original_dependency_files:, prepared_dependency_files:)
|
@@ -168,11 +165,11 @@ module Dependabot
|
|
168
165
|
max_by { |f| f.name.length }
|
169
166
|
return unless TomlRB.parse(cargo_toml.content)["workspace"]
|
170
167
|
|
171
|
-
msg = "This project is part of a Rust workspace but is not the "\
|
172
|
-
"workspace root."\
|
168
|
+
msg = "This project is part of a Rust workspace but is not the " \
|
169
|
+
"workspace root." \
|
173
170
|
|
174
171
|
if cargo_toml.directory != "/"
|
175
|
-
msg += "Please update your settings so Dependabot points at the "\
|
172
|
+
msg += "Please update your settings so Dependabot points at the " \
|
176
173
|
"workspace root instead of #{cargo_toml.directory}."
|
177
174
|
end
|
178
175
|
raise Dependabot::DependencyFileNotResolvable, msg
|
@@ -188,6 +185,7 @@ module Dependabot
|
|
188
185
|
end
|
189
186
|
|
190
187
|
if error.message.include?("authenticate when downloading repo") ||
|
188
|
+
# TODO: stop catching this 200 error: https://github.com/dependabot/dependabot-core/pull/5332#discussion_r936888624
|
191
189
|
error.message.include?("HTTP 200 response: got 401") ||
|
192
190
|
error.message.include?("fatal: Authentication failed for")
|
193
191
|
# Check all dependencies for reachability (so that we raise a
|
@@ -13,7 +13,7 @@ module Dependabot
|
|
13
13
|
VERSION_PATTERN = '[0-9]+(?>\.[0-9a-zA-Z]+)*' \
|
14
14
|
'(-[0-9A-Za-z-]+(\.[0-9a-zA-Z-]+)*)?' \
|
15
15
|
'(\+[0-9a-zA-Z]+(\.[0-9a-zA-Z]+)*)?'
|
16
|
-
ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z
|
16
|
+
ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/
|
17
17
|
|
18
18
|
def initialize(version)
|
19
19
|
@version_string = version.to_s
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-cargo
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.213.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-10-31 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,42 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.213.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
27
|
-
- !ruby/object:Gem::Dependency
|
28
|
-
name: debase
|
29
|
-
requirement: !ruby/object:Gem::Requirement
|
30
|
-
requirements:
|
31
|
-
- - '='
|
32
|
-
- !ruby/object:Gem::Version
|
33
|
-
version: 0.2.3
|
34
|
-
type: :development
|
35
|
-
prerelease: false
|
36
|
-
version_requirements: !ruby/object:Gem::Requirement
|
37
|
-
requirements:
|
38
|
-
- - '='
|
39
|
-
- !ruby/object:Gem::Version
|
40
|
-
version: 0.2.3
|
41
|
-
- !ruby/object:Gem::Dependency
|
42
|
-
name: debase-ruby_core_source
|
43
|
-
requirement: !ruby/object:Gem::Requirement
|
44
|
-
requirements:
|
45
|
-
- - '='
|
46
|
-
- !ruby/object:Gem::Version
|
47
|
-
version: 0.10.16
|
48
|
-
type: :development
|
49
|
-
prerelease: false
|
50
|
-
version_requirements: !ruby/object:Gem::Requirement
|
51
|
-
requirements:
|
52
|
-
- - '='
|
53
|
-
- !ruby/object:Gem::Version
|
54
|
-
version: 0.10.16
|
26
|
+
version: 0.213.0
|
55
27
|
- !ruby/object:Gem::Dependency
|
56
28
|
name: debug
|
57
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -86,14 +58,14 @@ dependencies:
|
|
86
58
|
requirements:
|
87
59
|
- - "~>"
|
88
60
|
- !ruby/object:Gem::Version
|
89
|
-
version: 3.
|
61
|
+
version: 3.13.0
|
90
62
|
type: :development
|
91
63
|
prerelease: false
|
92
64
|
version_requirements: !ruby/object:Gem::Requirement
|
93
65
|
requirements:
|
94
66
|
- - "~>"
|
95
67
|
- !ruby/object:Gem::Version
|
96
|
-
version: 3.
|
68
|
+
version: 3.13.0
|
97
69
|
- !ruby/object:Gem::Dependency
|
98
70
|
name: rake
|
99
71
|
requirement: !ruby/object:Gem::Requirement
|
@@ -142,28 +114,28 @@ dependencies:
|
|
142
114
|
requirements:
|
143
115
|
- - "~>"
|
144
116
|
- !ruby/object:Gem::Version
|
145
|
-
version: 1.
|
117
|
+
version: 1.37.1
|
146
118
|
type: :development
|
147
119
|
prerelease: false
|
148
120
|
version_requirements: !ruby/object:Gem::Requirement
|
149
121
|
requirements:
|
150
122
|
- - "~>"
|
151
123
|
- !ruby/object:Gem::Version
|
152
|
-
version: 1.
|
124
|
+
version: 1.37.1
|
153
125
|
- !ruby/object:Gem::Dependency
|
154
|
-
name:
|
126
|
+
name: rubocop-performance
|
155
127
|
requirement: !ruby/object:Gem::Requirement
|
156
128
|
requirements:
|
157
129
|
- - "~>"
|
158
130
|
- !ruby/object:Gem::Version
|
159
|
-
version:
|
131
|
+
version: 1.15.0
|
160
132
|
type: :development
|
161
133
|
prerelease: false
|
162
134
|
version_requirements: !ruby/object:Gem::Requirement
|
163
135
|
requirements:
|
164
136
|
- - "~>"
|
165
137
|
- !ruby/object:Gem::Version
|
166
|
-
version:
|
138
|
+
version: 1.15.0
|
167
139
|
- !ruby/object:Gem::Dependency
|
168
140
|
name: simplecov
|
169
141
|
requirement: !ruby/object:Gem::Requirement
|
@@ -267,14 +239,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
267
239
|
requirements:
|
268
240
|
- - ">="
|
269
241
|
- !ruby/object:Gem::Version
|
270
|
-
version:
|
242
|
+
version: 3.1.0
|
271
243
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
272
244
|
requirements:
|
273
245
|
- - ">="
|
274
246
|
- !ruby/object:Gem::Version
|
275
|
-
version:
|
247
|
+
version: 3.1.0
|
276
248
|
requirements: []
|
277
|
-
rubygems_version: 3.
|
249
|
+
rubygems_version: 3.3.7
|
278
250
|
signing_key:
|
279
251
|
specification_version: 4
|
280
252
|
summary: Rust (Cargo) support for dependabot
|