dependabot-cargo 0.234.0 → 0.235.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 01d365e64fde13acba84b39941476bdf85525662ce0496682958388ae9f83965
-  data.tar.gz: 37e640d6bcd7fbc37b58ed65e72429f897784a0cabaebfd1707423216ca11666
+  metadata.gz: 3e3f6f1d8cbb7ae04c2625949f74c7b7941125f21f5f1907b49630c5b0183097
+  data.tar.gz: 0143761aa00141fc87988e2a4982a96574b1bebe498fe95cf3c8368b55c3d62a
 SHA512:
-  metadata.gz: d8eb2777e31b82d6c77d166833e543f87abc08079d5f3ec1ff0791b2d8ddfae941ae39f3f6968b8013bb95366cc3d4fe5eca77320e0aa387178f6deb5e145d67
-  data.tar.gz: 6336650d15bcda754d8c174c38a9c9f4442ab560506229eb9afb583a81139da1bfa5143e2ec2d31686f268e15a80df15e13303f82c398aa422b0590c1cab18c8
+  metadata.gz: b9f6f0e6eb64945ef4fa4912d7c812f6732e2dbeec81ee79c92eaa247a7b1476faba458e3c88e16905033f9222353fd10e390798edd388ecc1780691b21bc5b8
+  data.tar.gz: 1f1fb0cecde34893eca50af4898ef80a3d144d9db9dd1fd96e94dc4c8ea2e76ee718cd62d721cbf94f291ba6523f7b4bf54ecc55c665c8ef5e68c272dcdfca4b

data/lib/dependabot/cargo/file_updater/lockfile_updater.rb

@@ -146,7 +146,7 @@ module Dependabot
           # returns a non-zero status
           return if process.success?
 
-          if stdout.include?("usage of sparse registries requires `-Z sparse-registry`")
+          if using_old_toolchain?(stdout)
             raise Dependabot::DependencyFileNotEvaluatable, "Dependabot only supports toolchain 1.68 and up."
           end
 
@@ -170,6 +170,15 @@ module Dependabot
           )
         end
 
+        def using_old_toolchain?(message)
+          return true if message.include?("usage of sparse registries requires `-Z sparse-registry`")
+
+          version_log = /rust version (?<version>\d.\d+)/.match(message)
+          return false unless version_log
+
+          version_class.new(version_log[:version]) < version_class.new("1.68")
+        end
+
         def write_temporary_dependency_files
           write_temporary_manifest_files
           write_temporary_path_dependency_files
@@ -386,6 +395,10 @@ module Dependabot
         def virtual_manifest?(file)
           !file.content.include?("[package]")
         end
+
+        def version_class
+          dependency.version_class
+        end
       end
     end
   end

data/lib/dependabot/cargo/update_checker/version_resolver.rb

@@ -238,17 +238,26 @@ module Dependabot
             return nil
           end
 
-          if error.message.include?("usage of sparse registries requires `-Z sparse-registry`")
+          if using_old_toolchain?(error.message)
             raise Dependabot::DependencyFileNotEvaluatable, "Dependabot only supports toolchain 1.68 and up."
           end
 
           raise Dependabot::DependencyFileNotResolvable, error.message if resolvability_error?(error.message)
 
-          raise error
+          raise
         end
         # rubocop:enable Metrics/AbcSize
         # rubocop:enable Metrics/PerceivedComplexity
 
+        def using_old_toolchain?(message)
+          return true if message.include?("usage of sparse registries requires `-Z sparse-registry`")
+
+          version_log = /rust version (?<version>\d.\d+)/.match(message)
+          return false unless version_log
+
+          version_class.new(version_log[:version]) < version_class.new("1.68")
+        end
+
         def unreachable_git_urls
           return @unreachable_git_urls if defined?(@unreachable_git_urls)
 
@@ -295,7 +304,11 @@ module Dependabot
           return true if message.match?(/feature `[^\`]+` is required/)
           return true if message.include?("unexpected end of input while parsing major version number")
 
-          !original_requirements_resolvable?
+          original_requirements_resolvable = original_requirements_resolvable?
+
+          return false if original_requirements_resolvable == :unknown
+
+          !original_requirements_resolvable
         end
 
         def original_requirements_resolvable?
@@ -310,13 +323,15 @@ module Dependabot
 
           true
         rescue SharedHelpers::HelperSubprocessFailed => e
-          raise unless e.message.include?("no matching version") ||
-                       e.message.include?("failed to select a version") ||
-                       e.message.include?("no matching package named") ||
-                       e.message.include?("failed to parse manifest") ||
-                       e.message.include?("failed to update submodule")
-
-          false
+          if e.message.include?("no matching version") ||
+             e.message.include?("failed to select a version") ||
+             e.message.include?("no matching package named") ||
+             e.message.include?("failed to parse manifest") ||
+             e.message.include?("failed to update submodule")
+            false
+          else
+            :unknown
+          end
         end
 
         def workspace_native_library_update_error?(message)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-cargo
 version: !ruby/object:Gem::Version
-  version: 0.234.0
+  version: 0.235.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-10-12 00:00:00.000000000 Z
+date: 2023-10-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.234.0
+        version: 0.235.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.234.0
+        version: 0.235.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -219,7 +219,7 @@ licenses:
 - Nonstandard
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.234.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.235.0
 post_install_message: 
 rdoc_options: []
 require_paths: