dependabot-cargo 0.293.0 → 0.295.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/cargo/file_fetcher.rb +60 -1
  3. data/lib/dependabot/cargo/helpers.rb +4 -2
  4. data/lib/dependabot/cargo/update_checker/latest_version_finder.rb +2 -3
  5. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 94ecd8807985ad21fd5d0427c7b7ca35bee0179a8b674b4d0743cd3704f9e8ab
4
- data.tar.gz: ff5f802b35fa2d2a98257cf54cdc35fd997188c0bc1a74ecefda8870185742df
3
+ metadata.gz: 8d8d60326aaa07cd4c2277ed890b428455c431d6e6b9b9b2a962e37b459ae760
4
+ data.tar.gz: 3f9c01be834ca6283783b1fa58aac8c45f5024af5e50f31f131d9bfc0efbdff9
5
5
  SHA512:
6
- metadata.gz: d46cd0634b5284cacdd68e4d60ea0848a13a5fcba41c815b0852a33108d969d12ec8c3a4d6c1d0d00a467624571f16c36a9b052da886e6fb57ad8d15d2ff8789
7
- data.tar.gz: dbf1459ccc79b092d32bad30a9d504699c72db873f5f4b18b47f429e124de23fa2eee53cad3605033d92aa32268309fcdc9f30060e2744fd661fba139b078fb1
6
+ metadata.gz: b89e3144b1d19fd585d4124489084ac9eaf568644aa57667ed078344577fe29fe25263d4417213c0651276b3838e758f5ecb7a4b02a3ab2d9d14da6fbdbb5bbf
7
+ data.tar.gz: f83a7fc9b3ec23b551d266ea90899dbed41257e1bc6e8aa4dce5d0b73f0e0d54412be9cbe3f874d11da690a90bda91366c5aa44d555d0f2f73143842a54bec4a
data/lib/dependabot/cargo/file_fetcher.rb CHANGED
@@ -146,7 +146,13 @@ module Dependabot
146
146
  file: fetched_file,
147
147
  previously_fetched_files: previously_fetched_files
148
148
  )
149
- [fetched_file, *grandchild_requirement_files]
149
+
150
+ # If this path dependency file is a workspace member that inherits from
151
+ # its root workspace, we search for the root to include it so Cargo can
152
+ # resolve the path dependency file manifest properly.
153
+ root = find_workspace_root(fetched_file) if workspace_member?(parsed_file(fetched_file))
154
+
155
+ [fetched_file, *grandchild_requirement_files, root]
150
156
  rescue Dependabot::DependencyFileNotFound
151
157
  next unless required_path?(file, path)
152
158
 
@@ -218,6 +224,59 @@ module Dependabot
218
224
  paths
219
225
  end
220
226
 
227
+ # See if this Cargo manifest inherits any property from a workspace
228
+ # (e.g. edition = { workspace = true }).
229
+ def workspace_member?(hash)
230
+ hash.each do |key, value|
231
+ if key == "workspace" && value == true
232
+ return true
233
+ elsif value.is_a?(Hash)
234
+ return workspace_member?(value)
235
+ end
236
+ end
237
+ false
238
+ end
239
+
240
+ # Find workspace root of this workspace member, first via package.workspace
241
+ # manifest key if present, otherwise resort to searching parent directories
242
+ # up till the repository root.
243
+ sig do
244
+ params(workspace_member: Dependabot::DependencyFile).returns(T.nilable(Dependabot::DependencyFile))
245
+ end
246
+ def find_workspace_root(workspace_member)
247
+ current_dir = workspace_member.name.rpartition("/").first
248
+
249
+ workspace_root_dir = parsed_file(workspace_member).dig("package", "workspace")
250
+ unless workspace_root_dir.nil?
251
+ workspace_root = fetch_file_from_host(
252
+ File.join(current_dir, workspace_root_dir, "Cargo.toml"),
253
+ fetch_submodules: true
254
+ )
255
+ return workspace_root if parsed_file(workspace_root)["workspace"]
256
+
257
+ # To avoid accidentally breaking backward compatibility, we don't throw errors
258
+ return nil
259
+ end
260
+
261
+ parent_dirs = current_dir.scan("/").length
262
+ while parent_dirs >= 0
263
+ current_dir = File.join(current_dir, "..")
264
+ begin
265
+ parent_manifest = fetch_file_from_host(
266
+ File.join(current_dir, "Cargo.toml"),
267
+ fetch_submodules: true
268
+ )
269
+ return parent_manifest if parsed_file(parent_manifest)["workspace"]
270
+ rescue Dependabot::DependencyFileNotFound
271
+ # Cargo.toml not found in this parent, keep searching up
272
+ end
273
+ parent_dirs -= 1
274
+ end
275
+
276
+ # To avoid accidentally breaking backward compatibility, we don't throw errors
277
+ nil
278
+ end
279
+
221
280
  def workspace_dependency_paths_from_file(file)
222
281
  if parsed_file(file)["workspace"] &&
223
282
  !parsed_file(file)["workspace"].key?("members")
data/lib/dependabot/cargo/helpers.rb CHANGED
@@ -21,10 +21,12 @@ module Dependabot
21
21
 
22
22
  token = "placeholder_token"
23
23
  if cred["token"].nil?
24
- puts "Setting #{token_env_var} to 'placeholder_token' because dependabot-cli proxy will override it anyway"
24
+ Dependabot.logger.info("No token found for #{cred['registry']}, dependabot-cli proxy will inject it")
25
25
  else
26
26
  token = cred["token"]
27
- puts "Setting #{token_env_var} to provided token value"
27
+ Dependabot.logger.info(
28
+ "Token found for #{cred['registry']}, setting #{token_env_var} to provided token value"
29
+ )
28
30
  end
29
31
 
30
32
  ENV[token_env_var] ||= token
data/lib/dependabot/cargo/update_checker/latest_version_finder.rb CHANGED
@@ -118,7 +118,7 @@ module Dependabot
118
118
  url = metadata_fetch_url(dependency, index)
119
119
 
120
120
  # B4PR
121
- puts "Calling #{url} to fetch metadata for #{dependency.name} from #{index}"
121
+ Dependabot.logger.info("Calling #{url} to fetch metadata for #{dependency.name} from #{index}")
122
122
 
123
123
  response = fetch_response(url, hdrs)
124
124
  return {} if response.status == 404
@@ -126,8 +126,7 @@ module Dependabot
126
126
  @crates_listing = parse_response(response, index)
127
127
 
128
128
  # B4PR
129
- puts "Fetched metadata for #{dependency.name} from #{index} successfully"
130
- puts response.body
129
+ Dependabot.logger.info("Fetched metadata for #{dependency.name} from #{index} successfully")
131
130
 
132
131
  @crates_listing
133
132
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-cargo
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.293.0
4
+ version: 0.295.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2025-01-16 00:00:00.000000000 Z
11
+ date: 2025-01-30 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.293.0
19
+ version: 0.295.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.293.0
26
+ version: 0.295.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -265,7 +265,7 @@ licenses:
265
265
  - MIT
266
266
  metadata:
267
267
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
268
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.293.0
268
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.295.0
269
269
  post_install_message:
270
270
  rdoc_options: []
271
271
  require_paths: