dependabot-cargo 0.233.0 → 0.235.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 3e3f6f1d8cbb7ae04c2625949f74c7b7941125f21f5f1907b49630c5b0183097
|
4
|
+
data.tar.gz: 0143761aa00141fc87988e2a4982a96574b1bebe498fe95cf3c8368b55c3d62a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b9f6f0e6eb64945ef4fa4912d7c812f6732e2dbeec81ee79c92eaa247a7b1476faba458e3c88e16905033f9222353fd10e390798edd388ecc1780691b21bc5b8
|
7
|
+
data.tar.gz: 1f1fb0cecde34893eca50af4898ef80a3d144d9db9dd1fd96e94dc4c8ea2e76ee718cd62d721cbf94f291ba6523f7b4bf54ecc55c665c8ef5e68c272dcdfca4b
|
@@ -127,7 +127,7 @@ module Dependabot
|
|
127
127
|
def git_source_url
|
128
128
|
dependency.previous_requirements
|
129
129
|
.find { |r| r.dig(:source, :type) == "git" }
|
130
|
-
|
130
|
+
&.dig(:source, :url)
|
131
131
|
end
|
132
132
|
|
133
133
|
def desired_lockfile_content
|
@@ -146,7 +146,7 @@ module Dependabot
|
|
146
146
|
# returns a non-zero status
|
147
147
|
return if process.success?
|
148
148
|
|
149
|
-
if
|
149
|
+
if using_old_toolchain?(stdout)
|
150
150
|
raise Dependabot::DependencyFileNotEvaluatable, "Dependabot only supports toolchain 1.68 and up."
|
151
151
|
end
|
152
152
|
|
@@ -170,6 +170,15 @@ module Dependabot
|
|
170
170
|
)
|
171
171
|
end
|
172
172
|
|
173
|
+
def using_old_toolchain?(message)
|
174
|
+
return true if message.include?("usage of sparse registries requires `-Z sparse-registry`")
|
175
|
+
|
176
|
+
version_log = /rust version (?<version>\d.\d+)/.match(message)
|
177
|
+
return false unless version_log
|
178
|
+
|
179
|
+
version_class.new(version_log[:version]) < version_class.new("1.68")
|
180
|
+
end
|
181
|
+
|
173
182
|
def write_temporary_dependency_files
|
174
183
|
write_temporary_manifest_files
|
175
184
|
write_temporary_path_dependency_files
|
@@ -386,6 +395,10 @@ module Dependabot
|
|
386
395
|
def virtual_manifest?(file)
|
387
396
|
!file.content.include?("[package]")
|
388
397
|
end
|
398
|
+
|
399
|
+
def version_class
|
400
|
+
dependency.version_class
|
401
|
+
end
|
389
402
|
end
|
390
403
|
end
|
391
404
|
end
|
@@ -77,12 +77,12 @@ module Dependabot
|
|
77
77
|
updated_pin =
|
78
78
|
dependency.requirements
|
79
79
|
.find { |r| r[:file] == filename }
|
80
|
-
|
80
|
+
&.dig(:source, :ref)
|
81
81
|
|
82
82
|
old_pin =
|
83
83
|
dependency.previous_requirements
|
84
84
|
.find { |r| r[:file] == filename }
|
85
|
-
|
85
|
+
&.dig(:source, :ref)
|
86
86
|
|
87
87
|
return content unless old_pin
|
88
88
|
|
@@ -179,7 +179,7 @@ module Dependabot
|
|
179
179
|
def temporary_requirement_for_resolution(filename)
|
180
180
|
original_req = dependency.requirements
|
181
181
|
.find { |r| r.fetch(:file) == filename }
|
182
|
-
|
182
|
+
&.fetch(:requirement)
|
183
183
|
|
184
184
|
lower_bound_req =
|
185
185
|
if original_req && !unlock_requirement?
|
@@ -238,17 +238,26 @@ module Dependabot
|
|
238
238
|
return nil
|
239
239
|
end
|
240
240
|
|
241
|
-
if error.message
|
241
|
+
if using_old_toolchain?(error.message)
|
242
242
|
raise Dependabot::DependencyFileNotEvaluatable, "Dependabot only supports toolchain 1.68 and up."
|
243
243
|
end
|
244
244
|
|
245
245
|
raise Dependabot::DependencyFileNotResolvable, error.message if resolvability_error?(error.message)
|
246
246
|
|
247
|
-
raise
|
247
|
+
raise
|
248
248
|
end
|
249
249
|
# rubocop:enable Metrics/AbcSize
|
250
250
|
# rubocop:enable Metrics/PerceivedComplexity
|
251
251
|
|
252
|
+
def using_old_toolchain?(message)
|
253
|
+
return true if message.include?("usage of sparse registries requires `-Z sparse-registry`")
|
254
|
+
|
255
|
+
version_log = /rust version (?<version>\d.\d+)/.match(message)
|
256
|
+
return false unless version_log
|
257
|
+
|
258
|
+
version_class.new(version_log[:version]) < version_class.new("1.68")
|
259
|
+
end
|
260
|
+
|
252
261
|
def unreachable_git_urls
|
253
262
|
return @unreachable_git_urls if defined?(@unreachable_git_urls)
|
254
263
|
|
@@ -295,7 +304,11 @@ module Dependabot
|
|
295
304
|
return true if message.match?(/feature `[^\`]+` is required/)
|
296
305
|
return true if message.include?("unexpected end of input while parsing major version number")
|
297
306
|
|
298
|
-
|
307
|
+
original_requirements_resolvable = original_requirements_resolvable?
|
308
|
+
|
309
|
+
return false if original_requirements_resolvable == :unknown
|
310
|
+
|
311
|
+
!original_requirements_resolvable
|
299
312
|
end
|
300
313
|
|
301
314
|
def original_requirements_resolvable?
|
@@ -310,13 +323,15 @@ module Dependabot
|
|
310
323
|
|
311
324
|
true
|
312
325
|
rescue SharedHelpers::HelperSubprocessFailed => e
|
313
|
-
|
314
|
-
|
315
|
-
|
316
|
-
|
317
|
-
|
318
|
-
|
319
|
-
|
326
|
+
if e.message.include?("no matching version") ||
|
327
|
+
e.message.include?("failed to select a version") ||
|
328
|
+
e.message.include?("no matching package named") ||
|
329
|
+
e.message.include?("failed to parse manifest") ||
|
330
|
+
e.message.include?("failed to update submodule")
|
331
|
+
false
|
332
|
+
else
|
333
|
+
:unknown
|
334
|
+
end
|
320
335
|
end
|
321
336
|
|
322
337
|
def workspace_native_library_update_error?(message)
|
@@ -367,7 +382,7 @@ module Dependabot
|
|
367
382
|
def git_source_url
|
368
383
|
dependency.requirements
|
369
384
|
.find { |r| r.dig(:source, :type) == "git" }
|
370
|
-
|
385
|
+
&.dig(:source, :url)
|
371
386
|
end
|
372
387
|
|
373
388
|
def dummy_app_content
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-cargo
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.235.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-10-
|
11
|
+
date: 2023-10-19 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.235.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.235.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -219,7 +219,7 @@ licenses:
|
|
219
219
|
- Nonstandard
|
220
220
|
metadata:
|
221
221
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
222
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
222
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.235.0
|
223
223
|
post_install_message:
|
224
224
|
rdoc_options: []
|
225
225
|
require_paths:
|