dependabot-cargo 0.216.0 → 0.216.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/cargo/file_fetcher.rb +30 -1
  3. data/lib/dependabot/cargo/file_updater/lockfile_updater.rb +4 -0
  4. data/lib/dependabot/cargo/update_checker/latest_version_finder.rb +2 -4
  5. data/lib/dependabot/cargo/update_checker/version_resolver.rb +1 -1
  6. metadata +6 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a703a41b5c7903d51de877727762fc65183f03093205a185dff2fbcedb958076
4
- data.tar.gz: 397d241631ce98380aa93fc4275da005130eb9698b29c30bbd610c6285840d59
3
+ metadata.gz: 6798a7c2314ff0c4bf5e4e875511cc1d1779eeaaf21dfcc35e9dabc79b7b90d9
4
+ data.tar.gz: a81064eaadfc1e519500ecd7b2f6fbfbe444c6a31c7d5745d23de13d915d5274
5
5
  SHA512:
6
- metadata.gz: 414c85341229431f5743788b1280a86a7d9075c98d323db7ee4248cafccd074b8b5fef8bffdfd0badfeb5be02901aaa36df8273dcca00b1a46ab17c8e6362b9a
7
- data.tar.gz: 6f7f6ff7921444cae0cfc8a8f0839520997d228f9534f2512342bd2a3d2d7e67f0107122cbd7930c6767b010c14aa55b1f542655ef3f98e24e324cd5db5eb829
6
+ metadata.gz: f4afefbd0e342378d74a661d0463134f2c7cebca3a02ca1272b6baf3407af5c8fd83af5d4426fc66a1335d1ad0f60587de9b4d870144c51bacf88e88860ca369
7
+ data.tar.gz: 39dc999fc8bf9eb051644f0fcce8164fca0d1b21e3c1d46b9652cf3dd69abf367cd27f5f9288cfc2b574346a8f1732db582d4651d837eca7cad19e24996e87e6
data/lib/dependabot/cargo/file_fetcher.rb CHANGED
@@ -20,6 +20,26 @@ module Dependabot
20
20
  "Repo must contain a Cargo.toml."
21
21
  end
22
22
 
23
+ def package_manager_version
24
+ channel = if rust_toolchain
25
+ TomlRB.parse(rust_toolchain.content).fetch("toolchain", nil)&.fetch("channel", nil)
26
+ else
27
+ "default"
28
+ end
29
+
30
+ {
31
+ ecosystem: "cargo",
32
+ package_managers: {
33
+ "channel" => channel
34
+ }
35
+ }
36
+ rescue TomlRB::ParseError
37
+ raise Dependabot::DependencyFileNotParseable.new(
38
+ rust_toolchain.path,
39
+ "only rust-toolchain files formatted as TOML are supported, the non-TOML format was deprecated by Rust"
40
+ )
41
+ end
42
+
23
43
  private
24
44
 
25
45
  def fetch_files
@@ -285,8 +305,17 @@ module Dependabot
285
305
  end
286
306
 
287
307
  def rust_toolchain
288
- @rust_toolchain ||= fetch_file_if_present("rust-toolchain")&.
308
+ return @rust_toolchain if defined?(@rust_toolchain)
309
+
310
+ @rust_toolchain = fetch_file_if_present("rust-toolchain")&.
289
311
  tap { |f| f.support_file = true }
312
+
313
+ # Per https://rust-lang.github.io/rustup/overrides.html the file can
314
+ # have a `.toml` extension, but the non-extension version is preferred.
315
+ # Renaming here to simplify finding it later in the code.
316
+ @rust_toolchain ||= fetch_file_if_present("rust-toolchain.toml")&.
317
+ tap { |f| f.support_file = true }&.
318
+ tap { |f| f.name = "rust-toolchain" }
290
319
  end
291
320
  end
292
321
  end
data/lib/dependabot/cargo/file_updater/lockfile_updater.rb CHANGED
@@ -145,6 +145,10 @@ module Dependabot
145
145
  # returns a non-zero status
146
146
  return if process.success?
147
147
 
148
+ if stdout.include?("usage of sparse registries requires `-Z sparse-registry`")
149
+ raise Dependabot::DependencyFileNotEvaluatable, "Dependabot only supports toolchain 1.68 and up."
150
+ end
151
+
148
152
  raise SharedHelpers::HelperSubprocessFailed.new(
149
153
  message: stdout,
150
154
  error_context: {
data/lib/dependabot/cargo/update_checker/latest_version_finder.rb CHANGED
@@ -102,13 +102,11 @@ module Dependabot
102
102
  end
103
103
 
104
104
  def version_class
105
- Utils.version_class_for_package_manager(dependency.package_manager)
105
+ dependency.version_class
106
106
  end
107
107
 
108
108
  def requirement_class
109
- Utils.requirement_class_for_package_manager(
110
- dependency.package_manager
111
- )
109
+ dependency.requirement_class
112
110
  end
113
111
  end
114
112
  end
data/lib/dependabot/cargo/update_checker/version_resolver.rb CHANGED
@@ -422,7 +422,7 @@ module Dependabot
422
422
  end
423
423
 
424
424
  def version_class
425
- Cargo::Version
425
+ dependency.version_class
426
426
  end
427
427
  end
428
428
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-cargo
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.216.0
4
+ version: 0.216.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-04-12 00:00:00.000000000 Z
11
+ date: 2023-04-20 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.216.0
19
+ version: 0.216.2
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.216.0
26
+ version: 0.216.2
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -114,14 +114,14 @@ dependencies:
114
114
  requirements:
115
115
  - - "~>"
116
116
  - !ruby/object:Gem::Version
117
- version: 1.48.0
117
+ version: 1.50.0
118
118
  type: :development
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - "~>"
123
123
  - !ruby/object:Gem::Version
124
- version: 1.48.0
124
+ version: 1.50.0
125
125
  - !ruby/object:Gem::Dependency
126
126
  name: rubocop-performance
127
127
  requirement: !ruby/object:Gem::Requirement