dependabot-cargo 0.216.2 → 0.218.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/cargo/file_updater/lockfile_updater.rb +9 -0
  3. data/lib/dependabot/cargo/update_checker/requirements_updater.rb +3 -1
  4. data/lib/dependabot/cargo/update_checker/version_resolver.rb +4 -0
  5. data/lib/dependabot/cargo/update_checker.rb +8 -0
  6. metadata +6 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6798a7c2314ff0c4bf5e4e875511cc1d1779eeaaf21dfcc35e9dabc79b7b90d9
4
- data.tar.gz: a81064eaadfc1e519500ecd7b2f6fbfbe444c6a31c7d5745d23de13d915d5274
3
+ metadata.gz: 2c83798b8a90a4313601ee5f327fa0dd66484a043db61ad3c57aa86426271595
4
+ data.tar.gz: 49a71d28c9286c8e2f24bfd26b18ee56d43c42c3a13acaf03035e2d4d44bf674
5
5
  SHA512:
6
- metadata.gz: f4afefbd0e342378d74a661d0463134f2c7cebca3a02ca1272b6baf3407af5c8fd83af5d4426fc66a1335d1ad0f60587de9b4d870144c51bacf88e88860ca369
7
- data.tar.gz: 39dc999fc8bf9eb051644f0fcce8164fca0d1b21e3c1d46b9652cf3dd69abf367cd27f5f9288cfc2b574346a8f1732db582d4651d837eca7cad19e24996e87e6
6
+ metadata.gz: b7d18918a78419993518c36bbe58ced8fdc0a63bc770cf4f76861dd481d03019506c26594bd888440a8c0e56d5435abfd6ee012dfc7f3bd15afc7ac3c43c8ef9
7
+ data.tar.gz: 83cbb618d7d6bbc1c6af007e5f5d90e4a30a257820adad8e9c08eb8cbdaca569321c9bdd0e1e01eb115115e1576b803750b48ed1a9d562a3417dbadd9300c072
data/lib/dependabot/cargo/file_updater/lockfile_updater.rb CHANGED
@@ -149,6 +149,15 @@ module Dependabot
149
149
  raise Dependabot::DependencyFileNotEvaluatable, "Dependabot only supports toolchain 1.68 and up."
150
150
  end
151
151
 
152
+ # package doesn't exist in the index
153
+ if (match = stdout.match(/no matching package named `([^`]+)` found/))
154
+ raise Dependabot::DependencyFileNotResolvable, match[1]
155
+ end
156
+
157
+ if (match = /error: no matching package found\nsearched package name: `([^`]+)`/m.match(stdout))
158
+ raise Dependabot::DependencyFileNotResolvable, match[1]
159
+ end
160
+
152
161
  raise SharedHelpers::HelperSubprocessFailed.new(
153
162
  message: stdout,
154
163
  error_context: {
data/lib/dependabot/cargo/update_checker/requirements_updater.rb CHANGED
@@ -18,7 +18,7 @@ module Dependabot
18
18
 
19
19
  VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-*]+)*/
20
20
  ALLOWED_UPDATE_STRATEGIES =
21
- %i(bump_versions bump_versions_if_necessary).freeze
21
+ %i(lockfile_only bump_versions bump_versions_if_necessary).freeze
22
22
 
23
23
  def initialize(requirements:, updated_source:, update_strategy:,
24
24
  target_version:)
@@ -34,6 +34,8 @@ module Dependabot
34
34
  end
35
35
 
36
36
  def updated_requirements
37
+ return requirements if update_strategy == :lockfile_only
38
+
37
39
  # NOTE: Order is important here. The FileUpdater needs the updated
38
40
  # requirement at index `i` to correspond to the previous requirement
39
41
  # at the same index.
data/lib/dependabot/cargo/update_checker/version_resolver.rb CHANGED
@@ -237,6 +237,10 @@ module Dependabot
237
237
  return nil
238
238
  end
239
239
 
240
+ if error.message.include?("usage of sparse registries requires `-Z sparse-registry`")
241
+ raise Dependabot::DependencyFileNotEvaluatable, "Dependabot only supports toolchain 1.68 and up."
242
+ end
243
+
240
244
  raise Dependabot::DependencyFileNotResolvable, error.message if resolvability_error?(error.message)
241
245
 
242
246
  raise error
data/lib/dependabot/cargo/update_checker.rb CHANGED
@@ -75,7 +75,15 @@ module Dependabot
75
75
  ).updated_requirements
76
76
  end
77
77
 
78
+ def requirements_unlocked_or_can_be?
79
+ requirements_update_strategy != :lockfile_only
80
+ end
81
+
78
82
  def requirements_update_strategy
83
+ # If passed in as an option (in the base class) honour that option
84
+ return @requirements_update_strategy.to_sym if @requirements_update_strategy
85
+
86
+ # Otherwise, widen ranges for libraries and bump versions for apps
79
87
  library? ? :bump_versions_if_necessary : :bump_versions
80
88
  end
81
89
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-cargo
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.216.2
4
+ version: 0.218.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-04-20 00:00:00.000000000 Z
11
+ date: 2023-05-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.216.2
19
+ version: 0.218.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.216.2
26
+ version: 0.218.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -232,8 +232,8 @@ homepage: https://github.com/dependabot/dependabot-core
232
232
  licenses:
233
233
  - Nonstandard
234
234
  metadata:
235
- issue_tracker_uri: https://github.com/dependabot/dependabot-core/issues
236
- changelog_uri: https://github.com/dependabot/dependabot-core/blob/main/CHANGELOG.md
235
+ bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
236
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.218.0
237
237
  post_install_message:
238
238
  rdoc_options: []
239
239
  require_paths: