dependabot-cargo 0.258.0 → 0.259.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f574254dc30cded50cbacf3c567318d9420c3697663bf4b7755c0efe3bd7be8d
|
|
4
|
+
data.tar.gz: 11e7d101a66a74feef633458f7f166bc52710123123b9c14e8d1a37159f793b2
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 623435a9303a427346727fd956806425f47ad30bd875b99c1deb5b31eac564673299d69227259ee37ee32816b7617bd97d51b1835d339f81325c5368818d4f19
|
|
7
|
+
data.tar.gz: c3c2f43eaadb3809cdf9535b0ba0f1b708d984f0610ffd3d1d10bad4fb298cefea1adca42b8ab90810108ca453e4eb77ce1a6b92556f269943e7f80d7cc4cecc
|
|
@@ -17,7 +17,7 @@ module Dependabot
|
|
|
17
17
|
# (We must add these environment variables here, or 'cargo update' will not think it is
|
|
18
18
|
# configured properly for the private registries.)
|
|
19
19
|
|
|
20
|
-
token_env_var = "CARGO_REGISTRIES_#{cred['
|
|
20
|
+
token_env_var = "CARGO_REGISTRIES_#{cred['registry'].upcase.tr('-', '_')}_TOKEN"
|
|
21
21
|
|
|
22
22
|
token = "placeholder_token"
|
|
23
23
|
if cred["token"].nil?
|
|
@@ -48,26 +48,40 @@ module Dependabot
|
|
|
48
48
|
|
|
49
49
|
info = dependency.requirements.filter_map { |r| r[:source] }.first
|
|
50
50
|
index = (info && info[:index]) || CRATES_IO_API
|
|
51
|
+
hdrs = build_headers(index, info)
|
|
51
52
|
|
|
52
|
-
|
|
53
|
+
url = metadata_fetch_url(dependency, index)
|
|
54
|
+
response = fetch_metadata(url, hdrs)
|
|
55
|
+
|
|
56
|
+
@crates_listing = parse_response(response, index)
|
|
57
|
+
end
|
|
58
|
+
|
|
59
|
+
def build_headers(index, info)
|
|
53
60
|
hdrs = { "User-Agent" => "Dependabot (dependabot.com)" }
|
|
61
|
+
return hdrs if index == CRATES_IO_API
|
|
54
62
|
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
credentials.find { |cred| cred["type"] == "cargo_registry" && cred["registry"] == info[:name] }&.tap do |cred|
|
|
58
|
-
hdrs["Authorization"] = "Token #{cred['token']}"
|
|
59
|
-
end
|
|
63
|
+
credentials.find { |cred| cred["type"] == "cargo_registry" && cred["registry"] == info[:name] }&.tap do |cred|
|
|
64
|
+
hdrs["Authorization"] = "Token #{cred['token']}"
|
|
60
65
|
end
|
|
61
66
|
|
|
62
|
-
|
|
67
|
+
hdrs
|
|
68
|
+
end
|
|
63
69
|
|
|
64
|
-
|
|
70
|
+
def fetch_metadata(url, headers)
|
|
71
|
+
Excon.get(
|
|
65
72
|
url,
|
|
66
73
|
idempotent: true,
|
|
67
|
-
**SharedHelpers.excon_defaults(headers:
|
|
74
|
+
**SharedHelpers.excon_defaults(headers: headers)
|
|
68
75
|
)
|
|
76
|
+
end
|
|
69
77
|
|
|
70
|
-
|
|
78
|
+
def parse_response(response, index)
|
|
79
|
+
if index.start_with?("sparse+")
|
|
80
|
+
parsed_response = response.body.lines.map { |line| JSON.parse(line) }
|
|
81
|
+
{ "versions" => parsed_response }
|
|
82
|
+
else
|
|
83
|
+
JSON.parse(response.body)
|
|
84
|
+
end
|
|
71
85
|
end
|
|
72
86
|
|
|
73
87
|
def metadata_fetch_url(dependency, index)
|
|
@@ -97,46 +97,33 @@ module Dependabot
|
|
|
97
97
|
crates_listing
|
|
98
98
|
.fetch("versions", [])
|
|
99
99
|
.reject { |v| v["yanked"] }
|
|
100
|
-
|
|
100
|
+
# Handle both default and sparse registry responses.
|
|
101
|
+
# Default registry uses "num" for version number.
|
|
102
|
+
# Sparse registry uses "vers" for version number.
|
|
103
|
+
.map do |v|
|
|
104
|
+
version_number = v["num"] || v["vers"]
|
|
105
|
+
version_class.new(version_number)
|
|
106
|
+
end
|
|
101
107
|
end
|
|
102
108
|
|
|
103
109
|
def crates_listing
|
|
104
110
|
return @crates_listing unless @crates_listing.nil?
|
|
105
111
|
|
|
106
|
-
info =
|
|
107
|
-
index = (info
|
|
108
|
-
|
|
109
|
-
# Default request headers
|
|
110
|
-
hdrs = { "User-Agent" => "Dependabot (dependabot.com)" }
|
|
111
|
-
|
|
112
|
-
if index != CRATES_IO_API
|
|
113
|
-
# Add authentication headers if credentials are present for this registry
|
|
114
|
-
registry_creds = credentials.find do |cred|
|
|
115
|
-
cred["type"] == "cargo_registry" && cred["registry"] == info[:name]
|
|
116
|
-
end
|
|
117
|
-
|
|
118
|
-
unless registry_creds.nil?
|
|
119
|
-
# If there is a credential, but no actual token at this point, it means that dependabot-cli
|
|
120
|
-
# stripped the token from our credentials. In this case, the dependabot proxy will reintroduce
|
|
121
|
-
# the correct token, so we just use 'placeholder_token' as the token value.
|
|
122
|
-
token = registry_creds["token"] || "placeholder_token"
|
|
112
|
+
info = fetch_dependency_info
|
|
113
|
+
index = fetch_index(info)
|
|
123
114
|
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
end
|
|
115
|
+
hdrs = default_headers
|
|
116
|
+
hdrs.merge!(auth_headers(info)) if index != CRATES_IO_API
|
|
127
117
|
|
|
128
118
|
url = metadata_fetch_url(dependency, index)
|
|
129
119
|
|
|
130
120
|
# B4PR
|
|
131
121
|
puts "Calling #{url} to fetch metadata for #{dependency.name} from #{index}"
|
|
132
122
|
|
|
133
|
-
response =
|
|
134
|
-
|
|
135
|
-
idempotent: true,
|
|
136
|
-
**SharedHelpers.excon_defaults(headers: hdrs)
|
|
137
|
-
)
|
|
123
|
+
response = fetch_response(url, hdrs)
|
|
124
|
+
return {} if response.status == 404
|
|
138
125
|
|
|
139
|
-
@crates_listing =
|
|
126
|
+
@crates_listing = parse_response(response, index)
|
|
140
127
|
|
|
141
128
|
# B4PR
|
|
142
129
|
puts "Fetched metadata for #{dependency.name} from #{index} successfully"
|
|
@@ -145,6 +132,46 @@ module Dependabot
|
|
|
145
132
|
@crates_listing
|
|
146
133
|
end
|
|
147
134
|
|
|
135
|
+
def fetch_dependency_info
|
|
136
|
+
dependency.requirements.filter_map { |r| r[:source] }.first
|
|
137
|
+
end
|
|
138
|
+
|
|
139
|
+
def fetch_index(info)
|
|
140
|
+
(info && info[:index]) || CRATES_IO_API
|
|
141
|
+
end
|
|
142
|
+
|
|
143
|
+
def default_headers
|
|
144
|
+
{ "User-Agent" => "Dependabot (dependabot.com)" }
|
|
145
|
+
end
|
|
146
|
+
|
|
147
|
+
def auth_headers(info)
|
|
148
|
+
registry_creds = credentials.find do |cred|
|
|
149
|
+
cred["type"] == "cargo_registry" && cred["registry"] == info[:name]
|
|
150
|
+
end
|
|
151
|
+
|
|
152
|
+
return {} if registry_creds.nil?
|
|
153
|
+
|
|
154
|
+
token = registry_creds["token"] || "placeholder_token"
|
|
155
|
+
{ "Authorization" => token }
|
|
156
|
+
end
|
|
157
|
+
|
|
158
|
+
def fetch_response(url, headers)
|
|
159
|
+
Excon.get(
|
|
160
|
+
url,
|
|
161
|
+
idempotent: true,
|
|
162
|
+
**SharedHelpers.excon_defaults(headers: headers)
|
|
163
|
+
)
|
|
164
|
+
end
|
|
165
|
+
|
|
166
|
+
def parse_response(response, index)
|
|
167
|
+
if index.start_with?("sparse+")
|
|
168
|
+
parsed_response = response.body.lines.map { |line| JSON.parse(line) }
|
|
169
|
+
{ "versions" => parsed_response }
|
|
170
|
+
else
|
|
171
|
+
JSON.parse(response.body)
|
|
172
|
+
end
|
|
173
|
+
end
|
|
174
|
+
|
|
148
175
|
def metadata_fetch_url(dependency, index)
|
|
149
176
|
return "#{index}/#{dependency.name}" if index == CRATES_IO_API
|
|
150
177
|
|
|
@@ -141,7 +141,11 @@ module Dependabot
|
|
|
141
141
|
raise UnfixableRequirement if req.start_with?(">")
|
|
142
142
|
|
|
143
143
|
req.sub(VERSION_REGEX) do |old_version|
|
|
144
|
-
|
|
144
|
+
if req.start_with?("<=")
|
|
145
|
+
target_version
|
|
146
|
+
else
|
|
147
|
+
update_greatest_version(old_version, target_version)
|
|
148
|
+
end
|
|
145
149
|
end
|
|
146
150
|
end.join(", ")
|
|
147
151
|
rescue UnfixableRequirement
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-cargo
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.259.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-05-
|
|
11
|
+
date: 2024-05-30 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.259.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.259.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -263,7 +263,7 @@ licenses:
|
|
|
263
263
|
- MIT
|
|
264
264
|
metadata:
|
|
265
265
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
266
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
266
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.259.0
|
|
267
267
|
post_install_message:
|
|
268
268
|
rdoc_options: []
|
|
269
269
|
require_paths:
|