RubyGems - dependabot-cargo - Versions diffs - 0.273.0 → 0.275.0 - Mend

dependabot-cargo 0.273.0 → 0.275.0

Files changed (3) hide show

checksums.yaml +4 -4
data/lib/dependabot/cargo/file_fetcher.rb +65 -1
metadata +5 -5

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 686e6c151fb9bdf18def359c9e8256c5a40a2dd0c1770bfce25ef6f03df0d40c
-  data.tar.gz: d0f8bd09a72a38a9db88c59e59030567ee1ffa7df352c30e09757336fe1e650c
+  metadata.gz: 88ead33a9ecc42b00e85c742c721796a698ca447ce43d893a29afa39300a4fc5
+  data.tar.gz: 52248ac1890611b456d2efe0c33b9c8a255924fd1c6143a977e82339b2261af5
 SHA512:
-  metadata.gz: b4ed3b40180e99ed386579fe506a660cac6476655759f423ebac5f4c5c126d02a67eafad2cca8b1b6190bc289efe2dbec479233d12ea39b6b8a49b633d448e03
-  data.tar.gz: 760b91526affc8ed793940100262d12063616288810dead306f8863534e387db9ac3a9614cf116251cf4a75eed056527d3ef54c54d72151ff1e92c63c26d3320
+  metadata.gz: cd6070b4b328b36b5490d9f33067bfcf72a94afaed9484fed5ae7197330954d4dfa5bb3ac7a3bfdee01f8084688e9aabd2652c4b99271f89c612a402b841e96e
+  data.tar.gz: 3738e3502eacc7c1ccd6fd1df0facc57a0d0026027c0092831c1d146146a1a33131324f419ea0a6993f47e052235e0646c37ada41d37e8d4462e9c2df7786a95

data/lib/dependabot/cargo/file_fetcher.rb CHANGED Viewed

@@ -146,7 +146,13 @@ module Dependabot
                 file: fetched_file,
                 previously_fetched_files: previously_fetched_files
               )
-            [fetched_file, *grandchild_requirement_files]
+            # If this path dependency file is a workspace member that inherits from
+            # its root workspace, we search for the root to include it so Cargo can
+            # resolve the path dependency file manifest properly.
+            root = find_workspace_root(fetched_file, file) if workspace_member?(parsed_file(fetched_file))
+            [fetched_file, *grandchild_requirement_files, root]
           rescue Dependabot::DependencyFileNotFound
             next unless required_path?(file, path)
@@ -218,6 +224,64 @@ module Dependabot
         paths
       end
+      # See if this Cargo manifest inherits any property from a workspace
+      # (e.g. edition = { workspace = true }).
+      def workspace_member?(hash)
+        hash.each do |key, value|
+          if key == "workspace" && value == true
+            return true
+          elsif value.is_a?(Hash)
+            return workspace_member?(value)
+          end
+        end
+        false
+      end
+      # Find workspace root of this workspace member, first via package.workspace
+      # manifest key if present, otherwise resort to searching parent directories
+      # up till the repository root.
+      #
+      # original_manifest used for providing a useful error message.
+      sig do
+        params(workspace_member: Dependabot::DependencyFile,
+               original_manifest: Dependabot::DependencyFile).returns(T.nilable(Dependabot::DependencyFile))
+      end
+      def find_workspace_root(workspace_member, original_manifest)
+        current_dir = workspace_member.name.rpartition("/").first
+        workspace_root_dir = parsed_file(workspace_member).dig("package", "workspace")
+        unless workspace_root_dir.nil?
+          workspace_root = fetch_file_from_host(
+            File.join(current_dir, workspace_root_dir, "Cargo.toml"),
+            fetch_submodules: true
+          )
+          return workspace_root if parsed_file(workspace_root)["workspace"]
+          msg = "Could not resolve workspace root for path dependency " \
+                "#{workspace_member.path} of #{original_manifest.path}"
+          raise Dependabot::DependencyFileNotEvaluatable, msg
+        end
+        parent_dirs = current_dir.scan("/").length - 1
+        while parent_dirs >= 0
+          current_dir = File.join(current_dir, "..")
+          begin
+            parent_manifest = fetch_file_from_host(
+              File.join(current_dir, "Cargo.toml"),
+              fetch_submodules: true
+            )
+            return parent_manifest if parsed_file(parent_manifest)["workspace"]
+          rescue Dependabot::DependencyFileNotFound
+            # Cargo.toml not found in this parent, keep searching up
+          end
+          parent_dirs -= 1
+        end
+        msg = "Could not resolve workspace root for path dependency " \
+              "#{workspace_member.path} of #{original_manifest.path}"
+        raise Dependabot::DependencyFileNotEvaluatable, msg
+      end
       def workspace_dependency_paths_from_file(file)
         if parsed_file(file)["workspace"] &&
            !parsed_file(file)["workspace"].key?("members")

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-cargo
 version: !ruby/object:Gem::Version
-  version: 0.273.0
+  version: 0.275.0
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-08-29 00:00:00.000000000 Z
+date: 2024-09-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.273.0
+        version: 0.275.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.273.0
+        version: 0.275.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -263,7 +263,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.273.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.275.0
 post_install_message:
 rdoc_options: []
 require_paths: