dependabot-cargo 0.246.0 → 0.247.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e26960512a782b8d3fb39ceab669647f4ef8b95e86b4c2e4472f6a04cf9c47d2
|
4
|
+
data.tar.gz: 8cbb82ddbfcd0c27d00decd5c4d4d3550d23dba5d2c3b2dc8273ab46812fbd32
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: efb823315833ba89a79ea8146f688a75076735054c9dd8f7d79178894de56c745385811bdef24b61f4fa8180c355358b353fb74f24e57d6629c87c4c18cd8d85
|
7
|
+
data.tar.gz: 56837eb8876162aad943a8d80661adf29cdd273cad2124675670f9ce263adf41780696d14bc1a96432007acbaf8453e058c53b5633131c11a15112a76a397447
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: true
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require "pathname"
|
@@ -84,7 +84,7 @@ module Dependabot
|
|
84
84
|
|
85
85
|
def path_dependency_files(fetched_files)
|
86
86
|
@path_dependency_files ||= {}
|
87
|
-
fetched_path_dependency_files = []
|
87
|
+
fetched_path_dependency_files = T.let([], T::Array[Dependabot::DependencyFile])
|
88
88
|
fetched_files.each do |file|
|
89
89
|
@path_dependency_files[file.name] ||=
|
90
90
|
fetch_path_dependency_files(
|
@@ -171,7 +171,7 @@ module Dependabot
|
|
171
171
|
|
172
172
|
# rubocop:enable Metrics/PerceivedComplexity
|
173
173
|
def path_dependency_paths_from_file(file)
|
174
|
-
paths = []
|
174
|
+
paths = T.let([], T::Array[String])
|
175
175
|
|
176
176
|
workspace = parsed_file(file).fetch("workspace", {})
|
177
177
|
Cargo::FileParser::DEPENDENCY_TYPES.each do |type|
|
@@ -300,7 +300,7 @@ module Dependabot
|
|
300
300
|
def expand_workspaces(path)
|
301
301
|
path = Pathname.new(path).cleanpath.to_path
|
302
302
|
dir = directory.gsub(%r{(^/|/$)}, "")
|
303
|
-
unglobbed_path = path.split("*").first.gsub(%r{(?<=/)[^/]*$}, "")
|
303
|
+
unglobbed_path = T.must(path.split("*").first).gsub(%r{(?<=/)[^/]*$}, "")
|
304
304
|
|
305
305
|
repo_contents(dir: unglobbed_path, raise_errors: false)
|
306
306
|
.select { |file| file.type == "dir" }
|
@@ -5,11 +5,14 @@ require "excon"
|
|
5
5
|
require "dependabot/cargo/update_checker"
|
6
6
|
require "dependabot/update_checkers/version_filters"
|
7
7
|
require "dependabot/registry_client"
|
8
|
+
require "sorbet-runtime"
|
8
9
|
|
9
10
|
module Dependabot
|
10
11
|
module Cargo
|
11
12
|
class UpdateChecker
|
12
13
|
class LatestVersionFinder
|
14
|
+
extend T::Sig
|
15
|
+
|
13
16
|
def initialize(dependency:, dependency_files:, credentials:,
|
14
17
|
ignored_versions:, raise_on_ignored: false,
|
15
18
|
security_advisories:)
|
@@ -52,12 +55,18 @@ module Dependabot
|
|
52
55
|
versions.min
|
53
56
|
end
|
54
57
|
|
58
|
+
sig { params(versions_array: T::Array[Gem::Version]).returns(T::Array[Gem::Version]) }
|
55
59
|
def filter_prerelease_versions(versions_array)
|
56
60
|
return versions_array if wants_prerelease?
|
57
61
|
|
58
|
-
versions_array.reject(&:prerelease?)
|
62
|
+
filtered = versions_array.reject(&:prerelease?)
|
63
|
+
if versions_array.count > filtered.count
|
64
|
+
Dependabot.logger.info("Filtered out #{versions_array.count - filtered.count} pre-release versions")
|
65
|
+
end
|
66
|
+
filtered
|
59
67
|
end
|
60
68
|
|
69
|
+
sig { params(versions_array: T::Array[Gem::Version]).returns(T::Array[Gem::Version]) }
|
61
70
|
def filter_ignored_versions(versions_array)
|
62
71
|
filtered = versions_array
|
63
72
|
.reject { |v| ignore_requirements.any? { |r| r.satisfied_by?(v) } }
|
@@ -65,6 +74,10 @@ module Dependabot
|
|
65
74
|
raise Dependabot::AllVersionsIgnored
|
66
75
|
end
|
67
76
|
|
77
|
+
if versions_array.count > filtered.count
|
78
|
+
Dependabot.logger.info("Filtered out #{versions_array.count - filtered.count} ignored versions")
|
79
|
+
end
|
80
|
+
|
68
81
|
filtered
|
69
82
|
end
|
70
83
|
|
@@ -7,19 +7,30 @@
|
|
7
7
|
# - https://steveklabnik.github.io/semver/semver/index.html #
|
8
8
|
################################################################################
|
9
9
|
|
10
|
+
require "sorbet-runtime"
|
11
|
+
|
10
12
|
require "dependabot/cargo/update_checker"
|
11
13
|
require "dependabot/cargo/requirement"
|
12
14
|
require "dependabot/cargo/version"
|
15
|
+
require "dependabot/requirements_update_strategy"
|
13
16
|
|
14
17
|
module Dependabot
|
15
18
|
module Cargo
|
16
19
|
class UpdateChecker
|
17
20
|
class RequirementsUpdater
|
21
|
+
extend T::Sig
|
22
|
+
|
18
23
|
class UnfixableRequirement < StandardError; end
|
19
24
|
|
20
25
|
VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-*]+)*/
|
21
|
-
ALLOWED_UPDATE_STRATEGIES =
|
22
|
-
|
26
|
+
ALLOWED_UPDATE_STRATEGIES = T.let(
|
27
|
+
[
|
28
|
+
RequirementsUpdateStrategy::LockfileOnly,
|
29
|
+
RequirementsUpdateStrategy::BumpVersions,
|
30
|
+
RequirementsUpdateStrategy::BumpVersionsIfNecessary
|
31
|
+
].freeze,
|
32
|
+
T::Array[Dependabot::RequirementsUpdateStrategy]
|
33
|
+
)
|
23
34
|
|
24
35
|
def initialize(requirements:, updated_source:, update_strategy:,
|
25
36
|
target_version:)
|
@@ -35,7 +46,7 @@ module Dependabot
|
|
35
46
|
end
|
36
47
|
|
37
48
|
def updated_requirements
|
38
|
-
return requirements if update_strategy ==
|
49
|
+
return requirements if update_strategy == RequirementsUpdateStrategy::LockfileOnly
|
39
50
|
|
40
51
|
# NOTE: Order is important here. The FileUpdater needs the updated
|
41
52
|
# requirement at index `i` to correspond to the previous requirement
|
@@ -45,8 +56,8 @@ module Dependabot
|
|
45
56
|
next req unless target_version
|
46
57
|
next req if req[:requirement].nil?
|
47
58
|
|
48
|
-
# TODO: Add a
|
49
|
-
if update_strategy ==
|
59
|
+
# TODO: Add a RequirementsUpdateStrategy::WidenRanges options
|
60
|
+
if update_strategy == RequirementsUpdateStrategy::BumpVersionsIfNecessary
|
50
61
|
update_version_requirement_if_needed(req)
|
51
62
|
else
|
52
63
|
update_version_requirement(req)
|
@@ -2,6 +2,7 @@
|
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require "dependabot/git_commit_checker"
|
5
|
+
require "dependabot/requirements_update_strategy"
|
5
6
|
require "dependabot/update_checkers"
|
6
7
|
require "dependabot/update_checkers/base"
|
7
8
|
|
@@ -77,15 +78,15 @@ module Dependabot
|
|
77
78
|
end
|
78
79
|
|
79
80
|
def requirements_unlocked_or_can_be?
|
80
|
-
requirements_update_strategy !=
|
81
|
+
requirements_update_strategy != RequirementsUpdateStrategy::LockfileOnly
|
81
82
|
end
|
82
83
|
|
83
84
|
def requirements_update_strategy
|
84
85
|
# If passed in as an option (in the base class) honour that option
|
85
|
-
return @requirements_update_strategy
|
86
|
+
return @requirements_update_strategy if @requirements_update_strategy
|
86
87
|
|
87
88
|
# Otherwise, widen ranges for libraries and bump versions for apps
|
88
|
-
library? ?
|
89
|
+
library? ? RequirementsUpdateStrategy::BumpVersionsIfNecessary : RequirementsUpdateStrategy::BumpVersions
|
89
90
|
end
|
90
91
|
|
91
92
|
private
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-cargo
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.247.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-03-
|
11
|
+
date: 2024-03-14 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.247.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.247.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -136,6 +136,20 @@ dependencies:
|
|
136
136
|
- - "~>"
|
137
137
|
- !ruby/object:Gem::Version
|
138
138
|
version: 1.19.0
|
139
|
+
- !ruby/object:Gem::Dependency
|
140
|
+
name: rubocop-rspec
|
141
|
+
requirement: !ruby/object:Gem::Requirement
|
142
|
+
requirements:
|
143
|
+
- - "~>"
|
144
|
+
- !ruby/object:Gem::Version
|
145
|
+
version: 2.27.1
|
146
|
+
type: :development
|
147
|
+
prerelease: false
|
148
|
+
version_requirements: !ruby/object:Gem::Requirement
|
149
|
+
requirements:
|
150
|
+
- - "~>"
|
151
|
+
- !ruby/object:Gem::Version
|
152
|
+
version: 2.27.1
|
139
153
|
- !ruby/object:Gem::Dependency
|
140
154
|
name: rubocop-sorbet
|
141
155
|
requirement: !ruby/object:Gem::Requirement
|
@@ -247,7 +261,7 @@ licenses:
|
|
247
261
|
- Nonstandard
|
248
262
|
metadata:
|
249
263
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
250
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
264
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.247.0
|
251
265
|
post_install_message:
|
252
266
|
rdoc_options: []
|
253
267
|
require_paths:
|