dependabot-cargo 0.294.0 → 0.295.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/cargo/file_fetcher.rb +60 -1
  3. data/lib/dependabot/cargo/helpers.rb +4 -2
  4. data/lib/dependabot/cargo/update_checker/latest_version_finder.rb +2 -3
  5. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 7b6ed976e24a85e9cd933a8c538094b113ae04d563da43791e1ddee48953b9b6
4
- data.tar.gz: 21378086bb4d76a1f29813a92f49e62454553b38083ca844d6dca9b49c38cfa7
3
+ metadata.gz: 8d8d60326aaa07cd4c2277ed890b428455c431d6e6b9b9b2a962e37b459ae760
4
+ data.tar.gz: 3f9c01be834ca6283783b1fa58aac8c45f5024af5e50f31f131d9bfc0efbdff9
5
5
  SHA512:
6
- metadata.gz: e04dc2211725c9cfcad7574baf16e09a2e1014be6f8514c61f15e5afb63ba45c93ac2b65111bba1e18c5090db28d9e5a290f20ba6ebe584e9f6106503e288114
7
- data.tar.gz: 5d32a88b85767e345f9df5d0fe01266347b9c94b869f96e0143a8bf2e69e78e5748e7690467dd2d9b0bda9e3099ee0b57d3388ec1342ce6d567f382717a33981
6
+ metadata.gz: b89e3144b1d19fd585d4124489084ac9eaf568644aa57667ed078344577fe29fe25263d4417213c0651276b3838e758f5ecb7a4b02a3ab2d9d14da6fbdbb5bbf
7
+ data.tar.gz: f83a7fc9b3ec23b551d266ea90899dbed41257e1bc6e8aa4dce5d0b73f0e0d54412be9cbe3f874d11da690a90bda91366c5aa44d555d0f2f73143842a54bec4a
data/lib/dependabot/cargo/file_fetcher.rb CHANGED
@@ -146,7 +146,13 @@ module Dependabot
146
146
  file: fetched_file,
147
147
  previously_fetched_files: previously_fetched_files
148
148
  )
149
- [fetched_file, *grandchild_requirement_files]
149
+
150
+ # If this path dependency file is a workspace member that inherits from
151
+ # its root workspace, we search for the root to include it so Cargo can
152
+ # resolve the path dependency file manifest properly.
153
+ root = find_workspace_root(fetched_file) if workspace_member?(parsed_file(fetched_file))
154
+
155
+ [fetched_file, *grandchild_requirement_files, root]
150
156
  rescue Dependabot::DependencyFileNotFound
151
157
  next unless required_path?(file, path)
152
158
 
@@ -218,6 +224,59 @@ module Dependabot
218
224
  paths
219
225
  end
220
226
 
227
+ # See if this Cargo manifest inherits any property from a workspace
228
+ # (e.g. edition = { workspace = true }).
229
+ def workspace_member?(hash)
230
+ hash.each do |key, value|
231
+ if key == "workspace" && value == true
232
+ return true
233
+ elsif value.is_a?(Hash)
234
+ return workspace_member?(value)
235
+ end
236
+ end
237
+ false
238
+ end
239
+
240
+ # Find workspace root of this workspace member, first via package.workspace
241
+ # manifest key if present, otherwise resort to searching parent directories
242
+ # up till the repository root.
243
+ sig do
244
+ params(workspace_member: Dependabot::DependencyFile).returns(T.nilable(Dependabot::DependencyFile))
245
+ end
246
+ def find_workspace_root(workspace_member)
247
+ current_dir = workspace_member.name.rpartition("/").first
248
+
249
+ workspace_root_dir = parsed_file(workspace_member).dig("package", "workspace")
250
+ unless workspace_root_dir.nil?
251
+ workspace_root = fetch_file_from_host(
252
+ File.join(current_dir, workspace_root_dir, "Cargo.toml"),
253
+ fetch_submodules: true
254
+ )
255
+ return workspace_root if parsed_file(workspace_root)["workspace"]
256
+
257
+ # To avoid accidentally breaking backward compatibility, we don't throw errors
258
+ return nil
259
+ end
260
+
261
+ parent_dirs = current_dir.scan("/").length
262
+ while parent_dirs >= 0
263
+ current_dir = File.join(current_dir, "..")
264
+ begin
265
+ parent_manifest = fetch_file_from_host(
266
+ File.join(current_dir, "Cargo.toml"),
267
+ fetch_submodules: true
268
+ )
269
+ return parent_manifest if parsed_file(parent_manifest)["workspace"]
270
+ rescue Dependabot::DependencyFileNotFound
271
+ # Cargo.toml not found in this parent, keep searching up
272
+ end
273
+ parent_dirs -= 1
274
+ end
275
+
276
+ # To avoid accidentally breaking backward compatibility, we don't throw errors
277
+ nil
278
+ end
279
+
221
280
  def workspace_dependency_paths_from_file(file)
222
281
  if parsed_file(file)["workspace"] &&
223
282
  !parsed_file(file)["workspace"].key?("members")
data/lib/dependabot/cargo/helpers.rb CHANGED
@@ -21,10 +21,12 @@ module Dependabot
21
21
 
22
22
  token = "placeholder_token"
23
23
  if cred["token"].nil?
24
- puts "Setting #{token_env_var} to 'placeholder_token' because dependabot-cli proxy will override it anyway"
24
+ Dependabot.logger.info("No token found for #{cred['registry']}, dependabot-cli proxy will inject it")
25
25
  else
26
26
  token = cred["token"]
27
- puts "Setting #{token_env_var} to provided token value"
27
+ Dependabot.logger.info(
28
+ "Token found for #{cred['registry']}, setting #{token_env_var} to provided token value"
29
+ )
28
30
  end
29
31
 
30
32
  ENV[token_env_var] ||= token
data/lib/dependabot/cargo/update_checker/latest_version_finder.rb CHANGED
@@ -118,7 +118,7 @@ module Dependabot
118
118
  url = metadata_fetch_url(dependency, index)
119
119
 
120
120
  # B4PR
121
- puts "Calling #{url} to fetch metadata for #{dependency.name} from #{index}"
121
+ Dependabot.logger.info("Calling #{url} to fetch metadata for #{dependency.name} from #{index}")
122
122
 
123
123
  response = fetch_response(url, hdrs)
124
124
  return {} if response.status == 404
@@ -126,8 +126,7 @@ module Dependabot
126
126
  @crates_listing = parse_response(response, index)
127
127
 
128
128
  # B4PR
129
- puts "Fetched metadata for #{dependency.name} from #{index} successfully"
130
- puts response.body
129
+ Dependabot.logger.info("Fetched metadata for #{dependency.name} from #{index} successfully")
131
130
 
132
131
  @crates_listing
133
132
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-cargo
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.294.0
4
+ version: 0.295.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2025-01-23 00:00:00.000000000 Z
11
+ date: 2025-01-30 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.294.0
19
+ version: 0.295.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.294.0
26
+ version: 0.295.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -265,7 +265,7 @@ licenses:
265
265
  - MIT
266
266
  metadata:
267
267
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
268
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.294.0
268
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.295.0
269
269
  post_install_message:
270
270
  rdoc_options: []
271
271
  require_paths: