dependabot-cargo 0.258.0 → 0.259.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8739c31a40cab452323ea82cce1a2c476c06acf1eb59c4a4154103932ecae2a0
4
- data.tar.gz: f1f6a8b0c616c303be94632371ca158094ad9677c74dc251d0fab62d1358d71c
3
+ metadata.gz: f574254dc30cded50cbacf3c567318d9420c3697663bf4b7755c0efe3bd7be8d
4
+ data.tar.gz: 11e7d101a66a74feef633458f7f166bc52710123123b9c14e8d1a37159f793b2
5
5
  SHA512:
6
- metadata.gz: 52a28e5fd1a528b2fb40c60f4f46faec152a70d04cd553d4cee33160eea6dca3b2adb347c10e1b01fa90a6937fa07c67d2bff073aa6d124318ab6cf87c447456
7
- data.tar.gz: 23d3b8bbff934592d8237f64ddb3206a29234ab1586cf695b3fa4ea04d09b40bd6e96561864bf22f2d8d4a59109a629ac46359b1e7d4e9252a9b43928ee276bc
6
+ metadata.gz: 623435a9303a427346727fd956806425f47ad30bd875b99c1deb5b31eac564673299d69227259ee37ee32816b7617bd97d51b1835d339f81325c5368818d4f19
7
+ data.tar.gz: c3c2f43eaadb3809cdf9535b0ba0f1b708d984f0610ffd3d1d10bad4fb298cefea1adca42b8ab90810108ca453e4eb77ce1a6b92556f269943e7f80d7cc4cecc
@@ -17,7 +17,7 @@ module Dependabot
17
17
  # (We must add these environment variables here, or 'cargo update' will not think it is
18
18
  # configured properly for the private registries.)
19
19
 
20
- token_env_var = "CARGO_REGISTRIES_#{cred['cargo_registry'].upcase.tr('-', '_')}_TOKEN"
20
+ token_env_var = "CARGO_REGISTRIES_#{cred['registry'].upcase.tr('-', '_')}_TOKEN"
21
21
 
22
22
  token = "placeholder_token"
23
23
  if cred["token"].nil?
@@ -48,26 +48,40 @@ module Dependabot
48
48
 
49
49
  info = dependency.requirements.filter_map { |r| r[:source] }.first
50
50
  index = (info && info[:index]) || CRATES_IO_API
51
+ hdrs = build_headers(index, info)
51
52
 
52
- # Default request headers
53
+ url = metadata_fetch_url(dependency, index)
54
+ response = fetch_metadata(url, hdrs)
55
+
56
+ @crates_listing = parse_response(response, index)
57
+ end
58
+
59
+ def build_headers(index, info)
53
60
  hdrs = { "User-Agent" => "Dependabot (dependabot.com)" }
61
+ return hdrs if index == CRATES_IO_API
54
62
 
55
- if index != CRATES_IO_API
56
- # Add authentication headers if credentials are present for this registry
57
- credentials.find { |cred| cred["type"] == "cargo_registry" && cred["registry"] == info[:name] }&.tap do |cred|
58
- hdrs["Authorization"] = "Token #{cred['token']}"
59
- end
63
+ credentials.find { |cred| cred["type"] == "cargo_registry" && cred["registry"] == info[:name] }&.tap do |cred|
64
+ hdrs["Authorization"] = "Token #{cred['token']}"
60
65
  end
61
66
 
62
- url = metadata_fetch_url(dependency, index)
67
+ hdrs
68
+ end
63
69
 
64
- response = Excon.get(
70
+ def fetch_metadata(url, headers)
71
+ Excon.get(
65
72
  url,
66
73
  idempotent: true,
67
- **SharedHelpers.excon_defaults(headers: hdrs)
74
+ **SharedHelpers.excon_defaults(headers: headers)
68
75
  )
76
+ end
69
77
 
70
- @crates_listing = JSON.parse(response.body)
78
+ def parse_response(response, index)
79
+ if index.start_with?("sparse+")
80
+ parsed_response = response.body.lines.map { |line| JSON.parse(line) }
81
+ { "versions" => parsed_response }
82
+ else
83
+ JSON.parse(response.body)
84
+ end
71
85
  end
72
86
 
73
87
  def metadata_fetch_url(dependency, index)
@@ -97,46 +97,33 @@ module Dependabot
97
97
  crates_listing
98
98
  .fetch("versions", [])
99
99
  .reject { |v| v["yanked"] }
100
- .map { |v| version_class.new(v.fetch("num")) }
100
+ # Handle both default and sparse registry responses.
101
+ # Default registry uses "num" for version number.
102
+ # Sparse registry uses "vers" for version number.
103
+ .map do |v|
104
+ version_number = v["num"] || v["vers"]
105
+ version_class.new(version_number)
106
+ end
101
107
  end
102
108
 
103
109
  def crates_listing
104
110
  return @crates_listing unless @crates_listing.nil?
105
111
 
106
- info = dependency.requirements.filter_map { |r| r[:source] }.first
107
- index = (info && info[:index]) || CRATES_IO_API
108
-
109
- # Default request headers
110
- hdrs = { "User-Agent" => "Dependabot (dependabot.com)" }
111
-
112
- if index != CRATES_IO_API
113
- # Add authentication headers if credentials are present for this registry
114
- registry_creds = credentials.find do |cred|
115
- cred["type"] == "cargo_registry" && cred["registry"] == info[:name]
116
- end
117
-
118
- unless registry_creds.nil?
119
- # If there is a credential, but no actual token at this point, it means that dependabot-cli
120
- # stripped the token from our credentials. In this case, the dependabot proxy will reintroduce
121
- # the correct token, so we just use 'placeholder_token' as the token value.
122
- token = registry_creds["token"] || "placeholder_token"
112
+ info = fetch_dependency_info
113
+ index = fetch_index(info)
123
114
 
124
- hdrs["Authorization"] = token
125
- end
126
- end
115
+ hdrs = default_headers
116
+ hdrs.merge!(auth_headers(info)) if index != CRATES_IO_API
127
117
 
128
118
  url = metadata_fetch_url(dependency, index)
129
119
 
130
120
  # B4PR
131
121
  puts "Calling #{url} to fetch metadata for #{dependency.name} from #{index}"
132
122
 
133
- response = Excon.get(
134
- url,
135
- idempotent: true,
136
- **SharedHelpers.excon_defaults(headers: hdrs)
137
- )
123
+ response = fetch_response(url, hdrs)
124
+ return {} if response.status == 404
138
125
 
139
- @crates_listing = JSON.parse(response.body)
126
+ @crates_listing = parse_response(response, index)
140
127
 
141
128
  # B4PR
142
129
  puts "Fetched metadata for #{dependency.name} from #{index} successfully"
@@ -145,6 +132,46 @@ module Dependabot
145
132
  @crates_listing
146
133
  end
147
134
 
135
+ def fetch_dependency_info
136
+ dependency.requirements.filter_map { |r| r[:source] }.first
137
+ end
138
+
139
+ def fetch_index(info)
140
+ (info && info[:index]) || CRATES_IO_API
141
+ end
142
+
143
+ def default_headers
144
+ { "User-Agent" => "Dependabot (dependabot.com)" }
145
+ end
146
+
147
+ def auth_headers(info)
148
+ registry_creds = credentials.find do |cred|
149
+ cred["type"] == "cargo_registry" && cred["registry"] == info[:name]
150
+ end
151
+
152
+ return {} if registry_creds.nil?
153
+
154
+ token = registry_creds["token"] || "placeholder_token"
155
+ { "Authorization" => token }
156
+ end
157
+
158
+ def fetch_response(url, headers)
159
+ Excon.get(
160
+ url,
161
+ idempotent: true,
162
+ **SharedHelpers.excon_defaults(headers: headers)
163
+ )
164
+ end
165
+
166
+ def parse_response(response, index)
167
+ if index.start_with?("sparse+")
168
+ parsed_response = response.body.lines.map { |line| JSON.parse(line) }
169
+ { "versions" => parsed_response }
170
+ else
171
+ JSON.parse(response.body)
172
+ end
173
+ end
174
+
148
175
  def metadata_fetch_url(dependency, index)
149
176
  return "#{index}/#{dependency.name}" if index == CRATES_IO_API
150
177
 
@@ -141,7 +141,11 @@ module Dependabot
141
141
  raise UnfixableRequirement if req.start_with?(">")
142
142
 
143
143
  req.sub(VERSION_REGEX) do |old_version|
144
- update_greatest_version(old_version, target_version)
144
+ if req.start_with?("<=")
145
+ target_version
146
+ else
147
+ update_greatest_version(old_version, target_version)
148
+ end
145
149
  end
146
150
  end.join(", ")
147
151
  rescue UnfixableRequirement
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-cargo
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.258.0
4
+ version: 0.259.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-05-16 00:00:00.000000000 Z
11
+ date: 2024-05-30 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.258.0
19
+ version: 0.259.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.258.0
26
+ version: 0.259.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -263,7 +263,7 @@ licenses:
263
263
  - MIT
264
264
  metadata:
265
265
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
266
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.258.0
266
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.259.0
267
267
  post_install_message:
268
268
  rdoc_options: []
269
269
  require_paths: