dependabot-cargo 0.326.0 → 0.327.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/cargo/file_parser.rb +8 -0
  3. data/lib/dependabot/cargo/file_updater/workspace_manifest_updater.rb +142 -0
  4. data/lib/dependabot/cargo/file_updater.rb +23 -4
  5. metadata +5 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 65f2f1c55ac562ad6abef01b525db3cbb33619731e81c0a076e3b568534fc113
4
- data.tar.gz: b4b855731c6b90017d6a5a8edc77adaded62251983b94ccd0c772733bd5e57dd
3
+ metadata.gz: 9a1890e4baf2343cc76f92062668b9c4e20e4e3be716ba69fcccbf79158c827d
4
+ data.tar.gz: 2d99e07be08c7d16413c23a93fa05475aa8958fb32690e8685a9ffa5cd2fc3a0
5
5
  SHA512:
6
- metadata.gz: 98f0de7da1e05b555a23953c5e3e23253fe62c0a6e9f17e0cc87a0a9c8028cf5d787189bf1436e908922fddb4cf04383fb113c0fae95f487ed40995c6f79a31e
7
- data.tar.gz: bf20aa8c3ce3317ebb2588f320400abb6857db6b40dbb61a8e7897722bda77f11a44adb76bdd6319ffb1fcca7b8405c0584111bb7c03d7caa9e52d95c45912b2
6
+ metadata.gz: 680e6ae440dd0c9e542677b3a362afaddc7ad0a9cec9747f342b0c9f752934ac87784aeb11a1797fa2a19f0620611f4c0cf744a3adbb1d52dbfd2e36698c9385
7
+ data.tar.gz: 871c65564b60b9d5a3a29a61ec56b86a5b8ddb302b6ac5db11e965fc6eb75272793bb67898ed8fe823ffbf10ff7c9f3fb3dbe361c340cb372145af65becf6f1f
data/lib/dependabot/cargo/file_parser.rb CHANGED
@@ -121,6 +121,10 @@ module Dependabot
121
121
 
122
122
  DEPENDENCY_TYPES.each do |type|
123
123
  parsed_content.fetch(type, {}).each do |name, requirement|
124
+ # Skip workspace-inherited dependencies (similar to pnpm catalog)
125
+ # Only skip if workspace is exactly boolean true
126
+ next if requirement.is_a?(Hash) && requirement["workspace"] == true
127
+
124
128
  next unless name == name_from_declaration(name, requirement)
125
129
  next if lockfile && !version_from_lockfile(name, requirement)
126
130
 
@@ -129,6 +133,10 @@ module Dependabot
129
133
 
130
134
  parsed_content.fetch("target", {}).each do |_, t_details|
131
135
  t_details.fetch(type, {}).each do |name, requirement|
136
+ # Skip workspace-inherited dependencies
137
+ # Only skip if workspace is exactly boolean true
138
+ next if requirement.is_a?(Hash) && requirement["workspace"] == true
139
+
132
140
  next unless name == name_from_declaration(name, requirement)
133
141
  next if lockfile && !version_from_lockfile(name, requirement)
134
142
 
data/lib/dependabot/cargo/file_updater/workspace_manifest_updater.rb ADDED
@@ -0,0 +1,142 @@
1
+ # typed: strict
2
+ # frozen_string_literal: true
3
+
4
+ require "sorbet-runtime"
5
+ require "dependabot/cargo/file_updater"
6
+
7
+ module Dependabot
8
+ module Cargo
9
+ class FileUpdater
10
+ class WorkspaceManifestUpdater
11
+ extend T::Sig
12
+
13
+ sig { params(dependencies: T::Array[Dependabot::Dependency], manifest: Dependabot::DependencyFile).void }
14
+ def initialize(dependencies:, manifest:)
15
+ @dependencies = T.let(dependencies, T::Array[Dependabot::Dependency])
16
+ @manifest = T.let(manifest, Dependabot::DependencyFile)
17
+ end
18
+
19
+ sig { returns(String) }
20
+ def updated_manifest_content
21
+ workspace_deps = dependencies.select { |dep| workspace_dependency?(dep) }
22
+
23
+ return T.must(manifest.content) if workspace_deps.empty?
24
+
25
+ T.must(workspace_deps.reduce(manifest.content.dup) do |content, dep|
26
+ update_workspace_dependency(T.must(content), dep)
27
+ end)
28
+ end
29
+
30
+ private
31
+
32
+ sig { returns(T::Array[Dependabot::Dependency]) }
33
+ attr_reader :dependencies
34
+
35
+ sig { returns(Dependabot::DependencyFile) }
36
+ attr_reader :manifest
37
+
38
+ sig { params(dep: Dependabot::Dependency).returns(T::Boolean) }
39
+ def workspace_dependency?(dep)
40
+ dep.requirements.any? { |r| r[:groups]&.include?("workspace.dependencies") }
41
+ end
42
+
43
+ sig { params(content: String, dep: Dependabot::Dependency).returns(String) }
44
+ def update_workspace_dependency(content, dep)
45
+ old_req = find_workspace_requirement(dep.previous_requirements)
46
+ new_req = find_workspace_requirement(dep.requirements)
47
+
48
+ return content if old_req == new_req || !old_req || !new_req
49
+
50
+ # First try to update in the inline [workspace.dependencies] section
51
+ workspace_section_regex = /\[workspace\.dependencies\](.*?)(?=\n\[|\n*\z)/m
52
+
53
+ updated_content = content.gsub(workspace_section_regex) do |section|
54
+ update_version_in_section(section, dep.name, old_req, new_req)
55
+ end
56
+
57
+ # If content didn't change, try table header notation [workspace.dependencies.name]
58
+ if updated_content == content
59
+ updated_content = update_table_header_notation(content, dep.name, old_req, new_req)
60
+ end
61
+
62
+ updated_content
63
+ end
64
+
65
+ sig { params(requirements: T.nilable(T::Array[T::Hash[Symbol, T.untyped]])).returns(T.nilable(String)) }
66
+ def find_workspace_requirement(requirements)
67
+ requirements&.find { |r| r[:groups]&.include?("workspace.dependencies") }
68
+ &.fetch(:requirement)
69
+ end
70
+
71
+ sig { params(section: String, dep_name: String, old_req: String, new_req: String).returns(String) }
72
+ def update_version_in_section(section, dep_name, old_req, new_req)
73
+ # Try double-quoted version first
74
+ updated = section.gsub(
75
+ /^(\s*#{Regexp.escape(dep_name)}\s*=\s*)"#{Regexp.escape(old_req)}"/m,
76
+ "\\1\"#{new_req}\""
77
+ )
78
+ return updated if updated != section
79
+
80
+ # Try single-quoted version
81
+ updated = section.gsub(
82
+ /^(\s*#{Regexp.escape(dep_name)}\s*=\s*)'#{Regexp.escape(old_req)}'/m,
83
+ "\\1'#{new_req}'"
84
+ )
85
+ return updated if updated != section
86
+
87
+ # Try unquoted version
88
+ updated = section.gsub(
89
+ /^(\s*#{Regexp.escape(dep_name)}\s*=\s*)#{Regexp.escape(old_req)}(\s|$)/m,
90
+ "\\1#{new_req}\\2"
91
+ )
92
+ return updated if updated != section
93
+
94
+ # Try inline table format with double quotes
95
+ updated = section.gsub(
96
+ /^(\s*#{Regexp.escape(dep_name)}\s*=\s*\{[^}]*version\s*=\s*)"#{Regexp.escape(old_req)}"/m,
97
+ "\\1\"#{new_req}\""
98
+ )
99
+ return updated if updated != section
100
+
101
+ # Try inline table format with single quotes
102
+ section.gsub(
103
+ /^(\s*#{Regexp.escape(dep_name)}\s*=\s*\{[^}]*version\s*=\s*)'#{Regexp.escape(old_req)}'/m,
104
+ "\\1'#{new_req}'"
105
+ )
106
+ end
107
+
108
+ sig { params(content: String, dep_name: String, old_req: String, new_req: String).returns(String) }
109
+ def update_table_header_notation(content, dep_name, old_req, new_req)
110
+ # Match [workspace.dependencies.name] section and its content until next section
111
+ table_header_regex = /\[workspace\.dependencies\.#{Regexp.escape(dep_name)}\](.*?)(?=\n\[|\n*\z)/m
112
+
113
+ content.gsub(table_header_regex) do |section|
114
+ # Update version = "..." line within this section (double quotes)
115
+ updated = section.gsub(
116
+ /^(\s*version\s*=\s*)"#{Regexp.escape(old_req)}"/m,
117
+ "\\1\"#{new_req}\""
118
+ )
119
+
120
+ # Try single quotes if double quotes didn't match
121
+ if updated == section
122
+ updated = section.gsub(
123
+ /^(\s*version\s*=\s*)'#{Regexp.escape(old_req)}'/m,
124
+ "\\1'#{new_req}'"
125
+ )
126
+ end
127
+
128
+ # Also try unquoted version
129
+ if updated == section
130
+ updated = section.gsub(
131
+ /^(\s*version\s*=\s*)#{Regexp.escape(old_req)}(\s|$)/m,
132
+ "\\1#{new_req}\\2"
133
+ )
134
+ end
135
+
136
+ updated
137
+ end
138
+ end
139
+ end
140
+ end
141
+ end
142
+ end
data/lib/dependabot/cargo/file_updater.rb CHANGED
@@ -16,6 +16,7 @@ module Dependabot
16
16
 
17
17
  require_relative "file_updater/manifest_updater"
18
18
  require_relative "file_updater/lockfile_updater"
19
+ require_relative "file_updater/workspace_manifest_updater"
19
20
 
20
21
  sig { override.returns(T::Array[Regexp]) }
21
22
  def self.updated_files_regex
@@ -60,10 +61,18 @@ module Dependabot
60
61
 
61
62
  sig { params(file: Dependabot::DependencyFile).returns(String) }
62
63
  def updated_manifest_content(file)
63
- ManifestUpdater.new(
64
- dependencies: dependencies,
65
- manifest: file
66
- ).updated_manifest_content
64
+ # Use workspace updater for root workspace manifests
65
+ if workspace_root_manifest?(file)
66
+ WorkspaceManifestUpdater.new(
67
+ dependencies: dependencies,
68
+ manifest: file
69
+ ).updated_manifest_content
70
+ else
71
+ ManifestUpdater.new(
72
+ dependencies: dependencies,
73
+ manifest: file
74
+ ).updated_manifest_content
75
+ end
67
76
  end
68
77
 
69
78
  sig { returns(String) }
@@ -92,6 +101,16 @@ module Dependabot
92
101
  def lockfile
93
102
  @lockfile ||= T.let(get_original_file("Cargo.lock"), T.nilable(Dependabot::DependencyFile))
94
103
  end
104
+
105
+ sig { params(file: Dependabot::DependencyFile).returns(T::Boolean) }
106
+ def workspace_root_manifest?(file)
107
+ return false unless file.name == "Cargo.toml"
108
+
109
+ parsed_file = TomlRB.parse(file.content)
110
+ parsed_file.key?("workspace") && parsed_file["workspace"].key?("dependencies")
111
+ rescue TomlRB::ParseError
112
+ false
113
+ end
95
114
  end
96
115
  end
97
116
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-cargo
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.326.0
4
+ version: 0.327.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -15,14 +15,14 @@ dependencies:
15
15
  requirements:
16
16
  - - '='
17
17
  - !ruby/object:Gem::Version
18
- version: 0.326.0
18
+ version: 0.327.0
19
19
  type: :runtime
20
20
  prerelease: false
21
21
  version_requirements: !ruby/object:Gem::Requirement
22
22
  requirements:
23
23
  - - '='
24
24
  - !ruby/object:Gem::Version
25
- version: 0.326.0
25
+ version: 0.327.0
26
26
  - !ruby/object:Gem::Dependency
27
27
  name: debug
28
28
  requirement: !ruby/object:Gem::Requirement
@@ -247,6 +247,7 @@ files:
247
247
  - lib/dependabot/cargo/file_updater.rb
248
248
  - lib/dependabot/cargo/file_updater/lockfile_updater.rb
249
249
  - lib/dependabot/cargo/file_updater/manifest_updater.rb
250
+ - lib/dependabot/cargo/file_updater/workspace_manifest_updater.rb
250
251
  - lib/dependabot/cargo/helpers.rb
251
252
  - lib/dependabot/cargo/language.rb
252
253
  - lib/dependabot/cargo/metadata_finder.rb
@@ -265,7 +266,7 @@ licenses:
265
266
  - MIT
266
267
  metadata:
267
268
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
268
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.326.0
269
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.327.0
269
270
  rdoc_options: []
270
271
  require_paths:
271
272
  - lib