dependabot-cargo 0.229.0 → 0.231.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/cargo/file_fetcher.rb +11 -10
- data/lib/dependabot/cargo/file_parser.rb +12 -11
- data/lib/dependabot/cargo/file_updater/lockfile_updater.rb +27 -26
- data/lib/dependabot/cargo/file_updater/manifest_updater.rb +21 -20
- data/lib/dependabot/cargo/file_updater.rb +4 -3
- data/lib/dependabot/cargo/metadata_finder.rb +3 -2
- data/lib/dependabot/cargo/requirement.rb +3 -2
- data/lib/dependabot/cargo/update_checker/file_preparer.rb +20 -19
- data/lib/dependabot/cargo/update_checker/latest_version_finder.rb +9 -8
- data/lib/dependabot/cargo/update_checker/requirements_updater.rb +1 -0
- data/lib/dependabot/cargo/update_checker/version_resolver.rb +28 -27
- data/lib/dependabot/cargo/update_checker.rb +1 -0
- data/lib/dependabot/cargo/version.rb +1 -0
- data/lib/dependabot/cargo.rb +3 -2
- metadata +19 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: fe8bc6158b6af5885dd5ebe958ecd993f03f9ab11175ef5433f0f40f1f08a87d
|
4
|
+
data.tar.gz: 2edfc4c5197c7b56b18cc6b5c8184d9adf1cca8262f18003f85ac42b67e65f9a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 947e7912c8f9b8c522b4082be1fa007ad6dff693e6a4f8ca17cade40271d534db7c3b7bafcf3c5c30e7085570988db99efae3084e7faedc5c4cff51c0d22d34d
|
7
|
+
data.tar.gz: 2c4c11061a75c1626f3604df2310f34dec0aa1eebf37ee69534c3cbf29b1b2841ddacc2a088806bfc9fb9d647ed4d11aa4c906ad8f579a448d321bed7c01bab8
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "pathname"
|
@@ -58,8 +59,8 @@ module Dependabot
|
|
58
59
|
|
59
60
|
updated_files = fetched_files.reject(&:support_file?).uniq
|
60
61
|
updated_files +=
|
61
|
-
fetched_files.uniq
|
62
|
-
|
62
|
+
fetched_files.uniq
|
63
|
+
.reject { |f| updated_files.map(&:name).include?(f.name) }
|
63
64
|
|
64
65
|
return updated_files if updated_files == files
|
65
66
|
|
@@ -131,8 +132,8 @@ module Dependabot
|
|
131
132
|
next if previously_fetched_files.map(&:name).include?(path)
|
132
133
|
next if file.name == path
|
133
134
|
|
134
|
-
fetched_file = fetch_file_from_host(path, fetch_submodules: true)
|
135
|
-
tap { |f| f.support_file = true }
|
135
|
+
fetched_file = fetch_file_from_host(path, fetch_submodules: true)
|
136
|
+
.tap { |f| f.support_file = true }
|
136
137
|
previously_fetched_files << fetched_file
|
137
138
|
grandchild_requirement_files =
|
138
139
|
fetch_path_dependency_files(
|
@@ -295,10 +296,10 @@ module Dependabot
|
|
295
296
|
dir = directory.gsub(%r{(^/|/$)}, "")
|
296
297
|
unglobbed_path = path.split("*").first.gsub(%r{(?<=/)[^/]*$}, "")
|
297
298
|
|
298
|
-
repo_contents(dir: unglobbed_path, raise_errors: false)
|
299
|
-
select { |file| file.type == "dir" }
|
300
|
-
map { |f| f.path.gsub(%r{^/?#{Regexp.escape(dir)}/?}, "") }
|
301
|
-
select { |filename| File.fnmatch?(path, filename) }
|
299
|
+
repo_contents(dir: unglobbed_path, raise_errors: false)
|
300
|
+
.select { |file| file.type == "dir" }
|
301
|
+
.map { |f| f.path.gsub(%r{^/?#{Regexp.escape(dir)}/?}, "") }
|
302
|
+
.select { |filename| File.fnmatch?(path, filename) }
|
302
303
|
end
|
303
304
|
|
304
305
|
def parsed_file(file)
|
@@ -325,8 +326,8 @@ module Dependabot
|
|
325
326
|
# Per https://rust-lang.github.io/rustup/overrides.html the file can
|
326
327
|
# have a `.toml` extension, but the non-extension version is preferred.
|
327
328
|
# Renaming here to simplify finding it later in the code.
|
328
|
-
@rust_toolchain ||= fetch_support_file("rust-toolchain.toml")
|
329
|
-
tap { |f| f.name = "rust-toolchain" }
|
329
|
+
@rust_toolchain ||= fetch_support_file("rust-toolchain.toml")
|
330
|
+
&.tap { |f| f.name = "rust-toolchain" }
|
330
331
|
end
|
331
332
|
end
|
332
333
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "toml-rb"
|
@@ -169,26 +170,26 @@ module Dependabot
|
|
169
170
|
return unless lockfile
|
170
171
|
|
171
172
|
candidate_packages =
|
172
|
-
parsed_file(lockfile).fetch("package", [])
|
173
|
-
|
173
|
+
parsed_file(lockfile).fetch("package", [])
|
174
|
+
.select { |p| p["name"] == name }
|
174
175
|
|
175
176
|
if (req = requirement_from_declaration(declaration))
|
176
177
|
req = Cargo::Requirement.new(req)
|
177
178
|
|
178
179
|
candidate_packages =
|
179
|
-
candidate_packages
|
180
|
-
select { |p| req.satisfied_by?(version_class.new(p["version"])) }
|
180
|
+
candidate_packages
|
181
|
+
.select { |p| req.satisfied_by?(version_class.new(p["version"])) }
|
181
182
|
end
|
182
183
|
|
183
184
|
candidate_packages =
|
184
|
-
candidate_packages
|
185
|
-
select do |p|
|
185
|
+
candidate_packages
|
186
|
+
.select do |p|
|
186
187
|
git_req?(declaration) ^ !p["source"]&.start_with?("git+")
|
187
188
|
end
|
188
189
|
|
189
190
|
package =
|
190
|
-
candidate_packages
|
191
|
-
max_by { |p| version_class.new(p["version"]) }
|
191
|
+
candidate_packages
|
192
|
+
.max_by { |p| version_class.new(p["version"]) }
|
192
193
|
|
193
194
|
return unless package
|
194
195
|
|
@@ -227,9 +228,9 @@ module Dependabot
|
|
227
228
|
|
228
229
|
def manifest_files
|
229
230
|
@manifest_files ||=
|
230
|
-
dependency_files
|
231
|
-
select { |f| f.name.end_with?("Cargo.toml") }
|
232
|
-
reject(&:support_file?)
|
231
|
+
dependency_files
|
232
|
+
.select { |f| f.name.end_with?("Cargo.toml") }
|
233
|
+
.reject(&:support_file?)
|
233
234
|
end
|
234
235
|
|
235
236
|
def lockfile
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "toml-rb"
|
@@ -72,8 +73,8 @@ module Dependabot
|
|
72
73
|
return false if @custom_specification
|
73
74
|
return false unless error.message.match?(/specification .* is ambigu/)
|
74
75
|
|
75
|
-
spec_options = error.message.gsub(/.*following:\n/m, "")
|
76
|
-
|
76
|
+
spec_options = error.message.gsub(/.*following:\n/m, "")
|
77
|
+
.lines.map(&:strip)
|
77
78
|
|
78
79
|
ver = if git_dependency? && git_previous_version
|
79
80
|
git_previous_version
|
@@ -116,17 +117,17 @@ module Dependabot
|
|
116
117
|
end
|
117
118
|
|
118
119
|
def git_previous_version
|
119
|
-
TomlRB.parse(lockfile.content)
|
120
|
-
|
121
|
-
|
122
|
-
|
123
|
-
|
120
|
+
TomlRB.parse(lockfile.content)
|
121
|
+
.fetch("package", [])
|
122
|
+
.select { |p| p["name"] == dependency.name }
|
123
|
+
.find { |p| p["source"].end_with?(dependency.previous_version) }
|
124
|
+
.fetch("version")
|
124
125
|
end
|
125
126
|
|
126
127
|
def git_source_url
|
127
|
-
dependency.previous_requirements
|
128
|
-
|
129
|
-
dig(:source, :url)
|
128
|
+
dependency.previous_requirements
|
129
|
+
.find { |r| r.dig(:source, :type) == "git" }
|
130
|
+
&.dig(:source, :url)
|
130
131
|
end
|
131
132
|
|
132
133
|
def desired_lockfile_content
|
@@ -325,11 +326,11 @@ module Dependabot
|
|
325
326
|
lockfile_content.scan(LOCKFILE_ENTRY_REGEX) do
|
326
327
|
lockfile_entries << Regexp.last_match.to_s
|
327
328
|
end
|
328
|
-
lockfile_entries
|
329
|
-
select { |e| lockfile_entries.count(e) > 1 }.uniq
|
330
|
-
each do |entry|
|
331
|
-
(lockfile_entries.count(entry) - 1)
|
332
|
-
times { lockfile_content = lockfile_content.sub(entry, "") }
|
329
|
+
lockfile_entries
|
330
|
+
.select { |e| lockfile_entries.count(e) > 1 }.uniq
|
331
|
+
.each do |entry|
|
332
|
+
(lockfile_entries.count(entry) - 1)
|
333
|
+
.times { lockfile_content = lockfile_content.sub(entry, "") }
|
333
334
|
end
|
334
335
|
|
335
336
|
# Loop through the lockfile checksums looking for duplicates. Replace
|
@@ -338,11 +339,11 @@ module Dependabot
|
|
338
339
|
lockfile_content.scan(LOCKFILE_CHECKSUM_REGEX) do
|
339
340
|
lockfile_checksums << Regexp.last_match.to_s
|
340
341
|
end
|
341
|
-
lockfile_checksums
|
342
|
-
select { |e| lockfile_checksums.count(e) > 1 }.uniq
|
343
|
-
each do |cs|
|
344
|
-
(lockfile_checksums.count(cs) - 1)
|
345
|
-
times { lockfile_content = lockfile_content.sub("\n#{cs}", "") }
|
342
|
+
lockfile_checksums
|
343
|
+
.select { |e| lockfile_checksums.count(e) > 1 }.uniq
|
344
|
+
.each do |cs|
|
345
|
+
(lockfile_checksums.count(cs) - 1)
|
346
|
+
.times { lockfile_content = lockfile_content.sub("\n#{cs}", "") }
|
346
347
|
end
|
347
348
|
|
348
349
|
lockfile_content
|
@@ -361,16 +362,16 @@ module Dependabot
|
|
361
362
|
|
362
363
|
def manifest_files
|
363
364
|
@manifest_files ||=
|
364
|
-
dependency_files
|
365
|
-
select { |f| f.name.end_with?("Cargo.toml") }
|
366
|
-
reject(&:support_file?)
|
365
|
+
dependency_files
|
366
|
+
.select { |f| f.name.end_with?("Cargo.toml") }
|
367
|
+
.reject(&:support_file?)
|
367
368
|
end
|
368
369
|
|
369
370
|
def path_dependency_files
|
370
371
|
@path_dependency_files ||=
|
371
|
-
dependency_files
|
372
|
-
select { |f| f.name.end_with?("Cargo.toml") }
|
373
|
-
select(&:support_file?)
|
372
|
+
dependency_files
|
373
|
+
.select { |f| f.name.end_with?("Cargo.toml") }
|
374
|
+
.select(&:support_file?)
|
374
375
|
end
|
375
376
|
|
376
377
|
def lockfile
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "dependabot/cargo/file_updater"
|
@@ -12,9 +13,9 @@ module Dependabot
|
|
12
13
|
end
|
13
14
|
|
14
15
|
def updated_manifest_content
|
15
|
-
dependencies
|
16
|
-
select { |dep| requirement_changed?(manifest, dep) }
|
17
|
-
reduce(manifest.content.dup) do |content, dep|
|
16
|
+
dependencies
|
17
|
+
.select { |dep| requirement_changed?(manifest, dep) }
|
18
|
+
.reduce(manifest.content.dup) do |content, dep|
|
18
19
|
updated_content = content
|
19
20
|
|
20
21
|
updated_content = update_requirements(
|
@@ -51,9 +52,9 @@ module Dependabot
|
|
51
52
|
|
52
53
|
# The UpdateChecker ensures the order of requirements is preserved
|
53
54
|
# when updating, so we can zip them together in new/old pairs.
|
54
|
-
reqs = dependency.requirements
|
55
|
-
|
56
|
-
|
55
|
+
reqs = dependency.requirements
|
56
|
+
.zip(dependency.previous_requirements)
|
57
|
+
.reject { |new_req, old_req| new_req == old_req }
|
57
58
|
|
58
59
|
# Loop through each changed requirement
|
59
60
|
reqs.each do |new_req, old_req|
|
@@ -74,14 +75,14 @@ module Dependabot
|
|
74
75
|
|
75
76
|
def update_git_pin(content:, filename:, dependency:)
|
76
77
|
updated_pin =
|
77
|
-
dependency.requirements
|
78
|
-
|
79
|
-
dig(:source, :ref)
|
78
|
+
dependency.requirements
|
79
|
+
.find { |r| r[:file] == filename }
|
80
|
+
&.dig(:source, :ref)
|
80
81
|
|
81
82
|
old_pin =
|
82
|
-
dependency.previous_requirements
|
83
|
-
|
84
|
-
dig(:source, :ref)
|
83
|
+
dependency.previous_requirements
|
84
|
+
.find { |r| r[:file] == filename }
|
85
|
+
&.dig(:source, :ref)
|
85
86
|
|
86
87
|
return content unless old_pin
|
87
88
|
|
@@ -94,8 +95,8 @@ module Dependabot
|
|
94
95
|
end
|
95
96
|
|
96
97
|
def update_manifest_req(content:, dep:, old_req:, new_req:)
|
97
|
-
simple_declaration = content.scan(declaration_regex(dep))
|
98
|
-
|
98
|
+
simple_declaration = content.scan(declaration_regex(dep))
|
99
|
+
.find { |m| m.include?(old_req) }
|
99
100
|
|
100
101
|
if simple_declaration
|
101
102
|
simple_declaration_regex =
|
@@ -106,8 +107,8 @@ module Dependabot
|
|
106
107
|
end
|
107
108
|
elsif content.match?(feature_declaration_version_regex(dep))
|
108
109
|
content.gsub(feature_declaration_version_regex(dep)) do |part|
|
109
|
-
line = content.match(feature_declaration_version_regex(dep))
|
110
|
-
|
110
|
+
line = content.match(feature_declaration_version_regex(dep))
|
111
|
+
.named_captures.fetch("version_declaration")
|
111
112
|
new_line = line.gsub(old_req, new_req)
|
112
113
|
part.gsub(line, new_line)
|
113
114
|
end
|
@@ -117,8 +118,8 @@ module Dependabot
|
|
117
118
|
end
|
118
119
|
|
119
120
|
def update_manifest_pin(content:, dep:, old_pin:, new_pin:)
|
120
|
-
simple_declaration = content.scan(declaration_regex(dep))
|
121
|
-
|
121
|
+
simple_declaration = content.scan(declaration_regex(dep))
|
122
|
+
.find { |m| m.include?(old_pin) }
|
122
123
|
|
123
124
|
if simple_declaration
|
124
125
|
simple_declaration_regex =
|
@@ -128,8 +129,8 @@ module Dependabot
|
|
128
129
|
end
|
129
130
|
elsif content.match?(feature_declaration_pin_regex(dep))
|
130
131
|
content.gsub(feature_declaration_pin_regex(dep)) do |part|
|
131
|
-
line = content.match(feature_declaration_pin_regex(dep))
|
132
|
-
|
132
|
+
line = content.match(feature_declaration_pin_regex(dep))
|
133
|
+
.named_captures.fetch("pin_declaration")
|
133
134
|
new_line = line.gsub(old_pin, new_pin)
|
134
135
|
part.gsub(line, new_line)
|
135
136
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "toml-rb"
|
@@ -68,9 +69,9 @@ module Dependabot
|
|
68
69
|
|
69
70
|
def manifest_files
|
70
71
|
@manifest_files ||=
|
71
|
-
dependency_files
|
72
|
-
select { |f| f.name.end_with?("Cargo.toml") }
|
73
|
-
reject(&:support_file?)
|
72
|
+
dependency_files
|
73
|
+
.select { |f| f.name.end_with?("Cargo.toml") }
|
74
|
+
.reject(&:support_file?)
|
74
75
|
end
|
75
76
|
|
76
77
|
def lockfile
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "excon"
|
@@ -26,8 +27,8 @@ module Dependabot
|
|
26
27
|
|
27
28
|
def find_source_from_crates_listing
|
28
29
|
potential_source_urls =
|
29
|
-
SOURCE_KEYS
|
30
|
-
filter_map { |key| crates_listing.dig("crate", key) }
|
30
|
+
SOURCE_KEYS
|
31
|
+
.filter_map { |key| crates_listing.dig("crate", key) }
|
31
32
|
|
32
33
|
source_url = potential_source_urls.find { |url| Source.from_url(url) }
|
33
34
|
Source.from_url(source_url)
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
################################################################################
|
@@ -104,5 +105,5 @@ module Dependabot
|
|
104
105
|
end
|
105
106
|
end
|
106
107
|
|
107
|
-
Dependabot::Utils
|
108
|
-
register_requirement_class("cargo", Dependabot::Cargo::Requirement)
|
108
|
+
Dependabot::Utils
|
109
|
+
.register_requirement_class("cargo", Dependabot::Cargo::Requirement)
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "toml-rb"
|
@@ -167,8 +168,8 @@ module Dependabot
|
|
167
168
|
next unless details.is_a?(Hash)
|
168
169
|
next unless details["git"]
|
169
170
|
|
170
|
-
details["git"] = details["git"]
|
171
|
-
gsub(%r{ssh://git@(.*?)/}, 'https://\1/')
|
171
|
+
details["git"] = details["git"]
|
172
|
+
.gsub(%r{ssh://git@(.*?)/}, 'https://\1/')
|
172
173
|
end
|
173
174
|
end
|
174
175
|
|
@@ -176,9 +177,9 @@ module Dependabot
|
|
176
177
|
end
|
177
178
|
|
178
179
|
def temporary_requirement_for_resolution(filename)
|
179
|
-
original_req = dependency.requirements
|
180
|
-
|
181
|
-
fetch(:requirement)
|
180
|
+
original_req = dependency.requirements
|
181
|
+
.find { |r| r.fetch(:file) == filename }
|
182
|
+
&.fetch(:requirement)
|
182
183
|
|
183
184
|
lower_bound_req =
|
184
185
|
if original_req && !unlock_requirement?
|
@@ -206,12 +207,12 @@ module Dependabot
|
|
206
207
|
dependency.version
|
207
208
|
else
|
208
209
|
version_from_requirement =
|
209
|
-
dependency.requirements.filter_map { |r| r.fetch(:requirement) }
|
210
|
-
|
211
|
-
|
212
|
-
|
213
|
-
|
214
|
-
|
210
|
+
dependency.requirements.filter_map { |r| r.fetch(:requirement) }
|
211
|
+
.flat_map { |req_str| Cargo::Requirement.new(req_str) }
|
212
|
+
.flat_map(&:requirements)
|
213
|
+
.reject { |req_array| req_array.first.start_with?("<") }
|
214
|
+
.map(&:last)
|
215
|
+
.max&.to_s
|
215
216
|
|
216
217
|
version_from_requirement || 0
|
217
218
|
end
|
@@ -221,11 +222,11 @@ module Dependabot
|
|
221
222
|
def git_dependency_version
|
222
223
|
return unless lockfile
|
223
224
|
|
224
|
-
TomlRB.parse(lockfile.content)
|
225
|
-
|
226
|
-
|
227
|
-
|
228
|
-
|
225
|
+
TomlRB.parse(lockfile.content)
|
226
|
+
.fetch("package", [])
|
227
|
+
.select { |p| p["name"] == dependency.name }
|
228
|
+
.find { |p| p["source"].end_with?(dependency.version) }
|
229
|
+
.fetch("version")
|
229
230
|
end
|
230
231
|
|
231
232
|
def dependency_names_for_type(parsed_manifest, type)
|
@@ -274,9 +275,9 @@ module Dependabot
|
|
274
275
|
end
|
275
276
|
|
276
277
|
def git_dependency?
|
277
|
-
GitCommitChecker
|
278
|
-
new(dependency: dependency, credentials: [])
|
279
|
-
git_dependency?
|
278
|
+
GitCommitChecker
|
279
|
+
.new(dependency: dependency, credentials: [])
|
280
|
+
.git_dependency?
|
280
281
|
end
|
281
282
|
end
|
282
283
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "excon"
|
@@ -58,8 +59,8 @@ module Dependabot
|
|
58
59
|
end
|
59
60
|
|
60
61
|
def filter_ignored_versions(versions_array)
|
61
|
-
filtered = versions_array
|
62
|
-
reject { |v| ignore_requirements.any? { |r| r.satisfied_by?(v) } }
|
62
|
+
filtered = versions_array
|
63
|
+
.reject { |v| ignore_requirements.any? { |r| r.satisfied_by?(v) } }
|
63
64
|
if @raise_on_ignored && filter_lower_versions(filtered).empty? && filter_lower_versions(versions_array).any?
|
64
65
|
raise Dependabot::AllVersionsIgnored
|
65
66
|
end
|
@@ -70,15 +71,15 @@ module Dependabot
|
|
70
71
|
def filter_lower_versions(versions_array)
|
71
72
|
return versions_array unless dependency.numeric_version
|
72
73
|
|
73
|
-
versions_array
|
74
|
-
select { |version| version > dependency.numeric_version }
|
74
|
+
versions_array
|
75
|
+
.select { |version| version > dependency.numeric_version }
|
75
76
|
end
|
76
77
|
|
77
78
|
def available_versions
|
78
|
-
crates_listing
|
79
|
-
fetch("versions", [])
|
80
|
-
reject { |v| v["yanked"] }
|
81
|
-
map { |v| version_class.new(v.fetch("num")) }
|
79
|
+
crates_listing
|
80
|
+
.fetch("versions", [])
|
81
|
+
.reject { |v| v["yanked"] }
|
82
|
+
.map { |v| version_class.new(v.fetch("num")) }
|
82
83
|
end
|
83
84
|
|
84
85
|
def crates_listing
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "toml-rb"
|
@@ -61,8 +62,8 @@ module Dependabot
|
|
61
62
|
def fetch_version_from_new_lockfile
|
62
63
|
check_rust_workspace_root unless File.exist?("Cargo.lock")
|
63
64
|
lockfile_content = File.read("Cargo.lock")
|
64
|
-
versions = TomlRB.parse(lockfile_content).fetch("package")
|
65
|
-
|
65
|
+
versions = TomlRB.parse(lockfile_content).fetch("package")
|
66
|
+
.select { |p| p["name"] == dependency.name }
|
66
67
|
|
67
68
|
updated_version =
|
68
69
|
if dependency.top_level?
|
@@ -87,8 +88,8 @@ module Dependabot
|
|
87
88
|
return false if @custom_specification
|
88
89
|
return false unless error.message.match?(/specification .* is ambigu/)
|
89
90
|
|
90
|
-
spec_options = error.message.gsub(/.*following:\n/m, "")
|
91
|
-
|
91
|
+
spec_options = error.message.gsub(/.*following:\n/m, "")
|
92
|
+
.lines.map(&:strip)
|
92
93
|
|
93
94
|
ver = if git_dependency? && git_dependency_version
|
94
95
|
git_dependency_version
|
@@ -168,9 +169,9 @@ module Dependabot
|
|
168
169
|
end
|
169
170
|
|
170
171
|
def check_rust_workspace_root
|
171
|
-
cargo_toml = original_dependency_files
|
172
|
-
select { |f| f.name.end_with?("../Cargo.toml") }
|
173
|
-
max_by { |f| f.name.length }
|
172
|
+
cargo_toml = original_dependency_files
|
173
|
+
.select { |f| f.name.end_with?("../Cargo.toml") }
|
174
|
+
.max_by { |f| f.name.length }
|
174
175
|
return unless TomlRB.parse(cargo_toml.content)["workspace"]
|
175
176
|
|
176
177
|
msg = "This project is part of a Rust workspace but is not the " \
|
@@ -199,8 +200,8 @@ module Dependabot
|
|
199
200
|
urls = unreachable_git_urls
|
200
201
|
|
201
202
|
if urls.none?
|
202
|
-
url = error.message.match(UNABLE_TO_UPDATE)
|
203
|
-
|
203
|
+
url = error.message.match(UNABLE_TO_UPDATE)
|
204
|
+
.named_captures.fetch("url").split(/[#?]/).first
|
204
205
|
raise if reachable_git_urls.include?(url)
|
205
206
|
|
206
207
|
urls << url
|
@@ -266,8 +267,8 @@ module Dependabot
|
|
266
267
|
)
|
267
268
|
next unless checker.git_dependency?
|
268
269
|
|
269
|
-
url = dep.requirements.find { |r| r.dig(:source, :type) == "git" }
|
270
|
-
|
270
|
+
url = dep.requirements.find { |r| r.dig(:source, :type) == "git" }
|
271
|
+
.fetch(:source).fetch(:url)
|
271
272
|
|
272
273
|
if checker.git_repo_reachable?
|
273
274
|
@reachable_git_urls << url
|
@@ -356,17 +357,17 @@ module Dependabot
|
|
356
357
|
def git_dependency_version
|
357
358
|
return unless lockfile
|
358
359
|
|
359
|
-
TomlRB.parse(lockfile.content)
|
360
|
-
|
361
|
-
|
362
|
-
|
363
|
-
|
360
|
+
TomlRB.parse(lockfile.content)
|
361
|
+
.fetch("package", [])
|
362
|
+
.select { |p| p["name"] == dependency.name }
|
363
|
+
.find { |p| p["source"].end_with?(dependency.version) }
|
364
|
+
.fetch("version")
|
364
365
|
end
|
365
366
|
|
366
367
|
def git_source_url
|
367
|
-
dependency.requirements
|
368
|
-
|
369
|
-
dig(:source, :url)
|
368
|
+
dependency.requirements
|
369
|
+
.find { |r| r.dig(:source, :type) == "git" }
|
370
|
+
&.dig(:source, :url)
|
370
371
|
end
|
371
372
|
|
372
373
|
def dummy_app_content
|
@@ -391,24 +392,24 @@ module Dependabot
|
|
391
392
|
|
392
393
|
def prepared_manifest_files
|
393
394
|
@prepared_manifest_files ||=
|
394
|
-
prepared_dependency_files
|
395
|
-
select { |f| f.name.end_with?("Cargo.toml") }
|
395
|
+
prepared_dependency_files
|
396
|
+
.select { |f| f.name.end_with?("Cargo.toml") }
|
396
397
|
end
|
397
398
|
|
398
399
|
def original_manifest_files
|
399
400
|
@original_manifest_files ||=
|
400
|
-
original_dependency_files
|
401
|
-
select { |f| f.name.end_with?("Cargo.toml") }
|
401
|
+
original_dependency_files
|
402
|
+
.select { |f| f.name.end_with?("Cargo.toml") }
|
402
403
|
end
|
403
404
|
|
404
405
|
def lockfile
|
405
|
-
@lockfile ||= prepared_dependency_files
|
406
|
-
find { |f| f.name == "Cargo.lock" }
|
406
|
+
@lockfile ||= prepared_dependency_files
|
407
|
+
.find { |f| f.name == "Cargo.lock" }
|
407
408
|
end
|
408
409
|
|
409
410
|
def toolchain
|
410
|
-
@toolchain ||= prepared_dependency_files
|
411
|
-
find { |f| f.name == "rust-toolchain" }
|
411
|
+
@toolchain ||= prepared_dependency_files
|
412
|
+
.find { |f| f.name == "rust-toolchain" }
|
412
413
|
end
|
413
414
|
|
414
415
|
def git_dependency?
|
data/lib/dependabot/cargo.rb
CHANGED
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
# These all need to be required so the various classes can be registered in a
|
@@ -11,8 +12,8 @@ require "dependabot/cargo/requirement"
|
|
11
12
|
require "dependabot/cargo/version"
|
12
13
|
|
13
14
|
require "dependabot/pull_request_creator/labeler"
|
14
|
-
Dependabot::PullRequestCreator::Labeler
|
15
|
-
register_label_details("cargo", name: "rust", colour: "000000")
|
15
|
+
Dependabot::PullRequestCreator::Labeler
|
16
|
+
.register_label_details("cargo", name: "rust", colour: "000000")
|
16
17
|
|
17
18
|
require "dependabot/dependency"
|
18
19
|
Dependabot::Dependency.register_production_check("cargo", ->(_) { true })
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-cargo
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.231.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-
|
11
|
+
date: 2023-09-12 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.231.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.231.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -136,6 +136,20 @@ dependencies:
|
|
136
136
|
- - "~>"
|
137
137
|
- !ruby/object:Gem::Version
|
138
138
|
version: 1.19.0
|
139
|
+
- !ruby/object:Gem::Dependency
|
140
|
+
name: rubocop-sorbet
|
141
|
+
requirement: !ruby/object:Gem::Requirement
|
142
|
+
requirements:
|
143
|
+
- - "~>"
|
144
|
+
- !ruby/object:Gem::Version
|
145
|
+
version: 0.7.3
|
146
|
+
type: :development
|
147
|
+
prerelease: false
|
148
|
+
version_requirements: !ruby/object:Gem::Requirement
|
149
|
+
requirements:
|
150
|
+
- - "~>"
|
151
|
+
- !ruby/object:Gem::Version
|
152
|
+
version: 0.7.3
|
139
153
|
- !ruby/object:Gem::Dependency
|
140
154
|
name: stackprof
|
141
155
|
requirement: !ruby/object:Gem::Requirement
|
@@ -205,7 +219,7 @@ licenses:
|
|
205
219
|
- Nonstandard
|
206
220
|
metadata:
|
207
221
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
208
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
222
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.231.0
|
209
223
|
post_install_message:
|
210
224
|
rdoc_options: []
|
211
225
|
require_paths:
|