dependabot-cargo 0.213.0 → 0.215.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 21dc0ea4001940fffbf43b581315b2e20337f869b9e8722d824b8d90fe30e37e
-  data.tar.gz: 9bc652359e629859f89b7f834a31f93371f3a30b243c750d76baff85b1f3c91d
+  metadata.gz: 322b4102293bdccc915642ebbf828d55d4f5e49d5312c67ff2f3e6466b76ebf9
+  data.tar.gz: c4711a27f467f9954f465e31a333c656e709e9362f14dc17db821892b6b7f643
 SHA512:
-  metadata.gz: 1387ae679d92f01f1bf8009319f6ebd82db3e2c5bb2edc720ffcabed443be538e50cdf212853e6a593afe8e64bfdef48870925a268bc1ea4769446124a6bcf80
-  data.tar.gz: ceff9213f82e10d6ccb40435bd955c4f988cbf153b256a837dbdca23c100d82d812b5e623a742bfa41e6fb3f1b6fefb915318b623046cfd1ec0b356b1ab1821c
+  metadata.gz: ec0dc79fdc36411beed867c33ef0e04b64dd72783a40ecbb6831b9eddd5bd2ae0b77da32227c1fc5074accb7173156ca2e458ca2f4dee6e4e3f4a4044df2c97f
+  data.tar.gz: cea99ee29388a4edc86fa3191c4e5a9c271cab9b473f2e897133edc8e7748eb0f4fe7f6b46529fa30fe594f81083746bfd7b73ad71b3254b91141ecf1a8572e6

data/lib/dependabot/cargo/file_updater/lockfile_updater.rb

@@ -32,7 +32,7 @@ module Dependabot
             SharedHelpers.with_git_configured(credentials: credentials) do
               # Shell out to Cargo, which handles everything for us, and does
               # so without doing an install (so it's fast).
-              run_shell_command("cargo update -p #{dependency_spec}")
+              run_shell_command("cargo update -p #{dependency_spec}", fingerprint: "cargo update -p <dependency_spec>")
             end
 
             updated_lockfile = File.read("Cargo.lock")
@@ -135,7 +135,7 @@ module Dependabot
           %(name = "#{dependency.name}"\nversion = "#{dependency.version}")
         end
 
-        def run_shell_command(command)
+        def run_shell_command(command, fingerprint:)
           start = Time.now
           command = SharedHelpers.escape_command(command)
           stdout, process = Open3.capture2e(command)
@@ -149,6 +149,7 @@ module Dependabot
             message: stdout,
             error_context: {
               command: command,
+              fingerprint: fingerprint,
               time_taken: time_taken,
               process_exit_value: process.to_s
             }

data/lib/dependabot/cargo/update_checker/latest_version_finder.rb

@@ -68,10 +68,10 @@ module Dependabot
         end
 
         def filter_lower_versions(versions_array)
-          return versions_array unless dependency.version && version_class.correct?(dependency.version)
+          return versions_array unless dependency.numeric_version
 
           versions_array.
-            select { |version| version > version_class.new(dependency.version) }
+            select { |version| version > dependency.numeric_version }
         end
 
         def available_versions
@@ -89,10 +89,7 @@ module Dependabot
         end
 
         def wants_prerelease?
-          if dependency.version &&
-             version_class.new(dependency.version).prerelease?
-            return true
-          end
+          return true if dependency.numeric_version&.prerelease?
 
           dependency.requirements.any? do |req|
             reqs = (req.fetch(:requirement) || "").split(",").map(&:strip)

data/lib/dependabot/cargo/update_checker/version_resolver.rb

@@ -43,9 +43,7 @@ module Dependabot
             write_temporary_dependency_files
 
             SharedHelpers.with_git_configured(credentials: credentials) do
-              # Shell out to Cargo, which handles everything for us, and does
-              # so without doing an install (so it's fast).
-              run_cargo_command("cargo update -p #{dependency_spec} --verbose")
+              run_cargo_update_command
             end
 
             updated_version = fetch_version_from_new_lockfile
@@ -132,7 +130,16 @@ module Dependabot
           spec
         end
 
-        def run_cargo_command(command)
+        # Shell out to Cargo, which handles everything for us, and does
+        # so without doing an install (so it's fast).
+        def run_cargo_update_command
+          run_cargo_command(
+            "cargo update -p #{dependency_spec} --verbose",
+            fingerprint: "cargo update -p <dependency_spec> --verbose"
+          )
+        end
+
+        def run_cargo_command(command, fingerprint: nil)
           start = Time.now
           command = SharedHelpers.escape_command(command)
           stdout, process = Open3.capture2e(command)
@@ -146,6 +153,7 @@ module Dependabot
             message: stdout,
             error_context: {
               command: command,
+              fingerprint: fingerprint,
               time_taken: time_taken,
               process_exit_value: process.to_s
             }
@@ -185,8 +193,6 @@ module Dependabot
           end
 
           if error.message.include?("authenticate when downloading repo") ||
-             # TODO: stop catching this 200 error: https://github.com/dependabot/dependabot-core/pull/5332#discussion_r936888624
-             error.message.include?("HTTP 200 response: got 401") ||
              error.message.include?("fatal: Authentication failed for")
             # Check all dependencies for reachability (so that we raise a
             # consistent error)
@@ -293,7 +299,7 @@ module Dependabot
             write_temporary_dependency_files(prepared: false)
 
             SharedHelpers.with_git_configured(credentials: credentials) do
-              run_cargo_command("cargo update -p #{dependency_spec} --verbose")
+              run_cargo_update_command
             end
           end
 

data/lib/dependabot/cargo/version.rb

@@ -12,7 +12,7 @@ module Dependabot
     class Version < Gem::Version
       VERSION_PATTERN = '[0-9]+(?>\.[0-9a-zA-Z]+)*' \
                         '(-[0-9A-Za-z-]+(\.[0-9a-zA-Z-]+)*)?' \
-                        '(\+[0-9a-zA-Z]+(\.[0-9a-zA-Z]+)*)?'
+                        '(\+[0-9a-zA-Z-]+(\.[0-9a-zA-Z-]+)*)?'
       ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/
 
       def initialize(version)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-cargo
 version: !ruby/object:Gem::Version
-  version: 0.213.0
+  version: 0.215.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-10-31 00:00:00.000000000 Z
+date: 2022-12-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.213.0
+        version: 0.215.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.213.0
+        version: 0.215.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -58,14 +58,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.13.0
+        version: 4.0.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.13.0
+        version: 4.0.0
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -114,14 +114,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.37.1
+        version: 1.39.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.37.1
+        version: 1.39.0
 - !ruby/object:Gem::Dependency
   name: rubocop-performance
   requirement: !ruby/object:Gem::Requirement