dependabot-cargo 0.233.0 → 0.235.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/cargo/file_updater/lockfile_updater.rb +15 -2
  3. data/lib/dependabot/cargo/file_updater/manifest_updater.rb +2 -2
  4. data/lib/dependabot/cargo/update_checker/file_preparer.rb +1 -1
  5. data/lib/dependabot/cargo/update_checker/version_resolver.rb +26 -11
  6. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 0f38764d3eaf72527d91a72579543357ae53d34eb3e6c393dbf69809d79f6e3a
4
- data.tar.gz: 8d14d5166f59d587bb349359bf2db52c28386c43e6839f8764b02d40a7e801f1
3
+ metadata.gz: 3e3f6f1d8cbb7ae04c2625949f74c7b7941125f21f5f1907b49630c5b0183097
4
+ data.tar.gz: 0143761aa00141fc87988e2a4982a96574b1bebe498fe95cf3c8368b55c3d62a
5
5
  SHA512:
6
- metadata.gz: 64452253f4f7b640743a93f85f8614919a2c709fb63a36c0c9db6aa328a4c3848c2d6c10e6775ec3aca9c44bf8755e0d52b9aa228e2528743bf29999595d85eb
7
- data.tar.gz: aeea1fddbb26d945dd314d07f71d16d61651a0ef21bf2c84e136208956a02b0b2344378942b68772b7bb4cf4ad009ed8a0d1810f3df46cf02444e24d69aa1c8d
6
+ metadata.gz: b9f6f0e6eb64945ef4fa4912d7c812f6732e2dbeec81ee79c92eaa247a7b1476faba458e3c88e16905033f9222353fd10e390798edd388ecc1780691b21bc5b8
7
+ data.tar.gz: 1f1fb0cecde34893eca50af4898ef80a3d144d9db9dd1fd96e94dc4c8ea2e76ee718cd62d721cbf94f291ba6523f7b4bf54ecc55c665c8ef5e68c272dcdfca4b
data/lib/dependabot/cargo/file_updater/lockfile_updater.rb CHANGED
@@ -127,7 +127,7 @@ module Dependabot
127
127
  def git_source_url
128
128
  dependency.previous_requirements
129
129
  .find { |r| r.dig(:source, :type) == "git" }
130
- &.dig(:source, :url)
130
+ &.dig(:source, :url)
131
131
  end
132
132
 
133
133
  def desired_lockfile_content
@@ -146,7 +146,7 @@ module Dependabot
146
146
  # returns a non-zero status
147
147
  return if process.success?
148
148
 
149
- if stdout.include?("usage of sparse registries requires `-Z sparse-registry`")
149
+ if using_old_toolchain?(stdout)
150
150
  raise Dependabot::DependencyFileNotEvaluatable, "Dependabot only supports toolchain 1.68 and up."
151
151
  end
152
152
 
@@ -170,6 +170,15 @@ module Dependabot
170
170
  )
171
171
  end
172
172
 
173
+ def using_old_toolchain?(message)
174
+ return true if message.include?("usage of sparse registries requires `-Z sparse-registry`")
175
+
176
+ version_log = /rust version (?<version>\d.\d+)/.match(message)
177
+ return false unless version_log
178
+
179
+ version_class.new(version_log[:version]) < version_class.new("1.68")
180
+ end
181
+
173
182
  def write_temporary_dependency_files
174
183
  write_temporary_manifest_files
175
184
  write_temporary_path_dependency_files
@@ -386,6 +395,10 @@ module Dependabot
386
395
  def virtual_manifest?(file)
387
396
  !file.content.include?("[package]")
388
397
  end
398
+
399
+ def version_class
400
+ dependency.version_class
401
+ end
389
402
  end
390
403
  end
391
404
  end
data/lib/dependabot/cargo/file_updater/manifest_updater.rb CHANGED
@@ -77,12 +77,12 @@ module Dependabot
77
77
  updated_pin =
78
78
  dependency.requirements
79
79
  .find { |r| r[:file] == filename }
80
- &.dig(:source, :ref)
80
+ &.dig(:source, :ref)
81
81
 
82
82
  old_pin =
83
83
  dependency.previous_requirements
84
84
  .find { |r| r[:file] == filename }
85
- &.dig(:source, :ref)
85
+ &.dig(:source, :ref)
86
86
 
87
87
  return content unless old_pin
88
88
 
data/lib/dependabot/cargo/update_checker/file_preparer.rb CHANGED
@@ -179,7 +179,7 @@ module Dependabot
179
179
  def temporary_requirement_for_resolution(filename)
180
180
  original_req = dependency.requirements
181
181
  .find { |r| r.fetch(:file) == filename }
182
- &.fetch(:requirement)
182
+ &.fetch(:requirement)
183
183
 
184
184
  lower_bound_req =
185
185
  if original_req && !unlock_requirement?
data/lib/dependabot/cargo/update_checker/version_resolver.rb CHANGED
@@ -238,17 +238,26 @@ module Dependabot
238
238
  return nil
239
239
  end
240
240
 
241
- if error.message.include?("usage of sparse registries requires `-Z sparse-registry`")
241
+ if using_old_toolchain?(error.message)
242
242
  raise Dependabot::DependencyFileNotEvaluatable, "Dependabot only supports toolchain 1.68 and up."
243
243
  end
244
244
 
245
245
  raise Dependabot::DependencyFileNotResolvable, error.message if resolvability_error?(error.message)
246
246
 
247
- raise error
247
+ raise
248
248
  end
249
249
  # rubocop:enable Metrics/AbcSize
250
250
  # rubocop:enable Metrics/PerceivedComplexity
251
251
 
252
+ def using_old_toolchain?(message)
253
+ return true if message.include?("usage of sparse registries requires `-Z sparse-registry`")
254
+
255
+ version_log = /rust version (?<version>\d.\d+)/.match(message)
256
+ return false unless version_log
257
+
258
+ version_class.new(version_log[:version]) < version_class.new("1.68")
259
+ end
260
+
252
261
  def unreachable_git_urls
253
262
  return @unreachable_git_urls if defined?(@unreachable_git_urls)
254
263
 
@@ -295,7 +304,11 @@ module Dependabot
295
304
  return true if message.match?(/feature `[^\`]+` is required/)
296
305
  return true if message.include?("unexpected end of input while parsing major version number")
297
306
 
298
- !original_requirements_resolvable?
307
+ original_requirements_resolvable = original_requirements_resolvable?
308
+
309
+ return false if original_requirements_resolvable == :unknown
310
+
311
+ !original_requirements_resolvable
299
312
  end
300
313
 
301
314
  def original_requirements_resolvable?
@@ -310,13 +323,15 @@ module Dependabot
310
323
 
311
324
  true
312
325
  rescue SharedHelpers::HelperSubprocessFailed => e
313
- raise unless e.message.include?("no matching version") ||
314
- e.message.include?("failed to select a version") ||
315
- e.message.include?("no matching package named") ||
316
- e.message.include?("failed to parse manifest") ||
317
- e.message.include?("failed to update submodule")
318
-
319
- false
326
+ if e.message.include?("no matching version") ||
327
+ e.message.include?("failed to select a version") ||
328
+ e.message.include?("no matching package named") ||
329
+ e.message.include?("failed to parse manifest") ||
330
+ e.message.include?("failed to update submodule")
331
+ false
332
+ else
333
+ :unknown
334
+ end
320
335
  end
321
336
 
322
337
  def workspace_native_library_update_error?(message)
@@ -367,7 +382,7 @@ module Dependabot
367
382
  def git_source_url
368
383
  dependency.requirements
369
384
  .find { |r| r.dig(:source, :type) == "git" }
370
- &.dig(:source, :url)
385
+ &.dig(:source, :url)
371
386
  end
372
387
 
373
388
  def dummy_app_content
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-cargo
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.233.0
4
+ version: 0.235.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-10-06 00:00:00.000000000 Z
11
+ date: 2023-10-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.233.0
19
+ version: 0.235.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.233.0
26
+ version: 0.235.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -219,7 +219,7 @@ licenses:
219
219
  - Nonstandard
220
220
  metadata:
221
221
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
222
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.233.0
222
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.235.0
223
223
  post_install_message:
224
224
  rdoc_options: []
225
225
  require_paths: