dependabot-cargo 0.333.0 → 0.335.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/cargo/file_parser.rb +36 -20
  3. data/lib/dependabot/cargo/file_updater/workspace_manifest_updater.rb +5 -3
  4. data/lib/dependabot/cargo/package/package_details_fetcher.rb +12 -2
  5. data/lib/dependabot/cargo/update_checker/file_preparer.rb +7 -4
  6. data/lib/dependabot/cargo/update_checker/latest_version_finder.rb +4 -0
  7. data/lib/dependabot/cargo/update_checker/requirements_updater.rb +6 -2
  8. data/lib/dependabot/cargo/update_checker/version_resolver.rb +26 -11
  9. data/lib/dependabot/cargo/update_checker.rb +4 -2
  10. metadata +12 -12
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: '091190197e180945f1979a4102768e43519a054c4dcccfad73bebd41d6f08abe'
4
- data.tar.gz: 3bc3403ebacc832ea65c9e7cce7fcf8bd39728548bf8bf9c516bf6d07594d9f0
3
+ metadata.gz: 4fc02de1e156e491f07e199e8d8079644b9603c391532dcc2b0993f05d5b170f
4
+ data.tar.gz: b274769e65f9faef80f44c431f7fbc9e08a6f8cb4f313d41a19153448bd47e30
5
5
  SHA512:
6
- metadata.gz: 3aef8d8668764a7849ea0b03ce683103151b1cbed29d8c0b405767d45805295358328e9a1105b990a8b70413f74bd1e2b045b884311ea7a0a8e6ac6f937e8a03
7
- data.tar.gz: c62c275d2fee1f4477db333d62ed8bcf1a5f2eea1045356e4150a0afccdcda5a65a819b6cb5630d0943e6ebb0a49a9fc7ff82dba3fc1783dc432970de8d27294
6
+ metadata.gz: 9fbf455e1e9a4f845c6d298f718390145d9e2e6ce9172e1fb2331a4d555ccb80385e9287c0d29492d8cfc8adfe6202d37d615d58bbf34c61abe4f33d0cf461f2
7
+ data.tar.gz: d2cb99f922bb366063d1266b2161a8142014e1213e6c38a48732d92aa76c227d6c0e44b1d2ac7b3a81462f008e3f57248580d8c3f7f61a5ee8b3bebed8d70ea2
data/lib/dependabot/cargo/file_parser.rb CHANGED
@@ -47,13 +47,16 @@ module Dependabot
47
47
 
48
48
  sig { returns(Ecosystem) }
49
49
  def ecosystem
50
- @ecosystem ||= T.let(begin
51
- Ecosystem.new(
52
- name: ECOSYSTEM,
53
- package_manager: package_manager,
54
- language: language
55
- )
56
- end, T.nilable(Dependabot::Ecosystem))
50
+ @ecosystem ||= T.let(
51
+ begin
52
+ Ecosystem.new(
53
+ name: ECOSYSTEM,
54
+ package_manager: package_manager,
55
+ language: language
56
+ )
57
+ end,
58
+ T.nilable(Dependabot::Ecosystem)
59
+ )
57
60
  end
58
61
 
59
62
  private
@@ -68,25 +71,34 @@ module Dependabot
68
71
 
69
72
  sig { returns(T.nilable(Ecosystem::VersionManager)) }
70
73
  def language
71
- @language ||= T.let(begin
72
- Language.new(T.must(rust_version))
73
- end, T.nilable(Dependabot::Cargo::Language))
74
+ @language ||= T.let(
75
+ begin
76
+ Language.new(T.must(rust_version))
77
+ end,
78
+ T.nilable(Dependabot::Cargo::Language)
79
+ )
74
80
  end
75
81
 
76
82
  sig { returns(T.nilable(String)) }
77
83
  def rust_version
78
- @rust_version ||= T.let(begin
79
- version = SharedHelpers.run_shell_command("rustc --version")
80
- version.match(/rustc\s*(\d+\.\d+(.\d+)*)/)&.captures&.first
81
- end, T.nilable(String))
84
+ @rust_version ||= T.let(
85
+ begin
86
+ version = SharedHelpers.run_shell_command("rustc --version")
87
+ version.match(/rustc\s*(\d+\.\d+(.\d+)*)/)&.captures&.first
88
+ end,
89
+ T.nilable(String)
90
+ )
82
91
  end
83
92
 
84
93
  sig { returns(T.nilable(String)) }
85
94
  def cargo_version
86
- @cargo_version ||= T.let(begin
87
- version = SharedHelpers.run_shell_command("cargo --version")
88
- version.match(/cargo\s*(\d+\.\d+(.\d+)*)/)&.captures&.first
89
- end, T.nilable(String))
95
+ @cargo_version ||= T.let(
96
+ begin
97
+ version = SharedHelpers.run_shell_command("cargo --version")
98
+ version.match(/cargo\s*(\d+\.\d+(.\d+)*)/)&.captures&.first
99
+ end,
100
+ T.nilable(String)
101
+ )
90
102
  end
91
103
 
92
104
  sig { void }
@@ -163,8 +175,12 @@ module Dependabot
163
175
  # rubocop:enable Metrics/PerceivedComplexity
164
176
 
165
177
  sig do
166
- params(name: String, requirement: T.any(String, T::Hash[String, String]), type: String,
167
- file: Dependabot::DependencyFile).returns(Dependency)
178
+ params(
179
+ name: String,
180
+ requirement: T.any(String, T::Hash[String, String]),
181
+ type: String,
182
+ file: Dependabot::DependencyFile
183
+ ).returns(Dependency)
168
184
  end
169
185
  def build_dependency(name, requirement, type, file)
170
186
  Dependency.new(
data/lib/dependabot/cargo/file_updater/workspace_manifest_updater.rb CHANGED
@@ -22,9 +22,11 @@ module Dependabot
22
22
 
23
23
  return T.must(manifest.content) if workspace_deps.empty?
24
24
 
25
- T.must(workspace_deps.reduce(manifest.content.dup) do |content, dep|
26
- update_workspace_dependency(T.must(content), dep)
27
- end)
25
+ T.must(
26
+ workspace_deps.reduce(manifest.content.dup) do |content, dep|
27
+ update_workspace_dependency(T.must(content), dep)
28
+ end
29
+ )
28
30
  end
29
31
 
30
32
  private
data/lib/dependabot/cargo/package/package_details_fetcher.rb CHANGED
@@ -133,7 +133,16 @@ module Dependabot
133
133
  sig { params(response: Excon::Response, index: T.untyped).returns(T::Hash[T.untyped, T.untyped]) }
134
134
  def parse_response(response, index)
135
135
  if index.start_with?("sparse+")
136
- parsed_response = response.body.lines.map { |line| JSON.parse(line) }
136
+ parsed_response = response.body.lines
137
+ .map(&:strip)
138
+ .reject(&:empty?)
139
+ .filter_map do |line|
140
+ JSON.parse(line)
141
+ rescue JSON::ParserError => e
142
+ Dependabot.logger.warn("Failed to parse line in sparse index: #{e.message}")
143
+ nil
144
+ end
145
+
137
146
  { "versions" => parsed_response }
138
147
  else
139
148
  JSON.parse(response.body)
@@ -222,7 +231,8 @@ module Dependabot
222
231
  Dependabot::Package::PackageDetails.new(
223
232
  dependency: dependency,
224
233
  releases: releases.reverse.uniq(&:version)
225
- ), T.nilable(Dependabot::Package::PackageDetails)
234
+ ),
235
+ T.nilable(Dependabot::Package::PackageDetails)
226
236
  )
227
237
  end
228
238
  end
data/lib/dependabot/cargo/update_checker/file_preparer.rb CHANGED
@@ -26,10 +26,13 @@ module Dependabot
26
26
  )
27
27
  .void
28
28
  end
29
- def initialize(dependency_files:, dependency:,
30
- unlock_requirement: true,
31
- replacement_git_pin: nil,
32
- latest_allowable_version: nil)
29
+ def initialize(
30
+ dependency_files:,
31
+ dependency:,
32
+ unlock_requirement: true,
33
+ replacement_git_pin: nil,
34
+ latest_allowable_version: nil
35
+ )
33
36
  @dependency_files = dependency_files
34
37
  @dependency = dependency
35
38
  @unlock_requirement = unlock_requirement
data/lib/dependabot/cargo/update_checker/latest_version_finder.rb CHANGED
@@ -63,12 +63,16 @@ module Dependabot
63
63
 
64
64
  sig { returns(Dependabot::Dependency) }
65
65
  attr_reader :dependency
66
+
66
67
  sig { returns(T::Array[Dependabot::DependencyFile]) }
67
68
  attr_reader :dependency_files
69
+
68
70
  sig { returns(T::Array[Dependabot::Credential]) }
69
71
  attr_reader :credentials
72
+
70
73
  sig { returns(T::Array[String]) }
71
74
  attr_reader :ignored_versions
75
+
72
76
  sig { returns(T::Array[Dependabot::SecurityAdvisory]) }
73
77
  attr_reader :security_advisories
74
78
 
data/lib/dependabot/cargo/update_checker/requirements_updater.rb CHANGED
@@ -40,8 +40,12 @@ module Dependabot
40
40
  target_version: T.nilable(T.any(String, Gem::Version))
41
41
  ).void
42
42
  end
43
- def initialize(requirements:, updated_source:, update_strategy:,
44
- target_version:)
43
+ def initialize(
44
+ requirements:,
45
+ updated_source:,
46
+ update_strategy:,
47
+ target_version:
48
+ )
45
49
  @requirements = T.let(requirements, T::Array[T::Hash[Symbol, T.untyped]])
46
50
  @updated_source = T.let(updated_source, T.nilable(T::Hash[T.any(String, Symbol), T.untyped]))
47
51
  @update_strategy = T.let(update_strategy, Dependabot::RequirementsUpdateStrategy)
data/lib/dependabot/cargo/update_checker/version_resolver.rb CHANGED
@@ -36,8 +36,12 @@ module Dependabot
36
36
  prepared_dependency_files: T::Array[Dependabot::DependencyFile]
37
37
  ).void
38
38
  end
39
- def initialize(dependency:, credentials:,
40
- original_dependency_files:, prepared_dependency_files:)
39
+ def initialize(
40
+ dependency:,
41
+ credentials:,
42
+ original_dependency_files:,
43
+ prepared_dependency_files:
44
+ )
41
45
  @dependency = dependency
42
46
  @prepared_dependency_files = prepared_dependency_files
43
47
  @original_dependency_files = original_dependency_files
@@ -251,8 +255,10 @@ module Dependabot
251
255
  urls = unreachable_git_urls
252
256
 
253
257
  if T.must(urls).none?
254
- url = T.must(T.must(error.message.match(UNABLE_TO_UPDATE))
255
- .named_captures.fetch("url")).split(/[#?]/).first
258
+ url = T.must(
259
+ T.must(error.message.match(UNABLE_TO_UPDATE))
260
+ .named_captures.fetch("url")
261
+ ).split(/[#?]/).first
256
262
  raise if T.must(reachable_git_urls).include?(url)
257
263
 
258
264
  # Fix: Wrap url in T.must since split().first can return nil
@@ -485,21 +491,30 @@ module Dependabot
485
491
 
486
492
  sig { returns(T.nilable(DependencyFile)) }
487
493
  def lockfile
488
- @lockfile ||= T.let(prepared_dependency_files
489
- .find { |f| f.name == "Cargo.lock" }, T.nilable(Dependabot::DependencyFile))
494
+ @lockfile ||= T.let(
495
+ prepared_dependency_files
496
+ .find { |f| f.name == "Cargo.lock" },
497
+ T.nilable(Dependabot::DependencyFile)
498
+ )
490
499
  end
491
500
 
492
501
  sig { returns(T.nilable(DependencyFile)) }
493
502
  def toolchain
494
- @toolchain ||= T.let(original_dependency_files
495
- .find { |f| f.name == "rust-toolchain" }, T.nilable(Dependabot::DependencyFile))
503
+ @toolchain ||= T.let(
504
+ original_dependency_files
505
+ .find { |f| f.name == "rust-toolchain" },
506
+ T.nilable(Dependabot::DependencyFile)
507
+ )
496
508
  end
497
509
 
498
510
  sig { returns(T.nilable(DependencyFile)) }
499
511
  def config
500
- @config ||= T.let(original_dependency_files.find do |f|
501
- f.name == ".cargo/config.toml"
502
- end, T.nilable(Dependabot::DependencyFile))
512
+ @config ||= T.let(
513
+ original_dependency_files.find do |f|
514
+ f.name == ".cargo/config.toml"
515
+ end,
516
+ T.nilable(Dependabot::DependencyFile)
517
+ )
503
518
  end
504
519
 
505
520
  sig { returns(T::Boolean) }
data/lib/dependabot/cargo/update_checker.rb CHANGED
@@ -206,8 +206,10 @@ module Dependabot
206
206
  sig { returns(T::Boolean) }
207
207
  def latest_git_tag_is_resolvable?
208
208
  unless defined?(@latest_git_tag_is_resolvable_checked)
209
- @latest_git_tag_is_resolvable_checked = T.let(nil,
210
- T.nilable(T::Boolean))
209
+ @latest_git_tag_is_resolvable_checked = T.let(
210
+ nil,
211
+ T.nilable(T::Boolean)
212
+ )
211
213
  end
212
214
  @git_tag_resolvable = T.let(nil, T.nilable(T::Boolean)) unless defined?(@git_tag_resolvable)
213
215
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-cargo
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.333.0
4
+ version: 0.335.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -15,14 +15,14 @@ dependencies:
15
15
  requirements:
16
16
  - - '='
17
17
  - !ruby/object:Gem::Version
18
- version: 0.333.0
18
+ version: 0.335.0
19
19
  type: :runtime
20
20
  prerelease: false
21
21
  version_requirements: !ruby/object:Gem::Requirement
22
22
  requirements:
23
23
  - - '='
24
24
  - !ruby/object:Gem::Version
25
- version: 0.333.0
25
+ version: 0.335.0
26
26
  - !ruby/object:Gem::Dependency
27
27
  name: debug
28
28
  requirement: !ruby/object:Gem::Requirement
@@ -113,56 +113,56 @@ dependencies:
113
113
  requirements:
114
114
  - - "~>"
115
115
  - !ruby/object:Gem::Version
116
- version: '1.67'
116
+ version: '1.80'
117
117
  type: :development
118
118
  prerelease: false
119
119
  version_requirements: !ruby/object:Gem::Requirement
120
120
  requirements:
121
121
  - - "~>"
122
122
  - !ruby/object:Gem::Version
123
- version: '1.67'
123
+ version: '1.80'
124
124
  - !ruby/object:Gem::Dependency
125
125
  name: rubocop-performance
126
126
  requirement: !ruby/object:Gem::Requirement
127
127
  requirements:
128
128
  - - "~>"
129
129
  - !ruby/object:Gem::Version
130
- version: '1.22'
130
+ version: '1.26'
131
131
  type: :development
132
132
  prerelease: false
133
133
  version_requirements: !ruby/object:Gem::Requirement
134
134
  requirements:
135
135
  - - "~>"
136
136
  - !ruby/object:Gem::Version
137
- version: '1.22'
137
+ version: '1.26'
138
138
  - !ruby/object:Gem::Dependency
139
139
  name: rubocop-rspec
140
140
  requirement: !ruby/object:Gem::Requirement
141
141
  requirements:
142
142
  - - "~>"
143
143
  - !ruby/object:Gem::Version
144
- version: '2.29'
144
+ version: '3.7'
145
145
  type: :development
146
146
  prerelease: false
147
147
  version_requirements: !ruby/object:Gem::Requirement
148
148
  requirements:
149
149
  - - "~>"
150
150
  - !ruby/object:Gem::Version
151
- version: '2.29'
151
+ version: '3.7'
152
152
  - !ruby/object:Gem::Dependency
153
153
  name: rubocop-sorbet
154
154
  requirement: !ruby/object:Gem::Requirement
155
155
  requirements:
156
156
  - - "~>"
157
157
  - !ruby/object:Gem::Version
158
- version: '0.8'
158
+ version: '0.10'
159
159
  type: :development
160
160
  prerelease: false
161
161
  version_requirements: !ruby/object:Gem::Requirement
162
162
  requirements:
163
163
  - - "~>"
164
164
  - !ruby/object:Gem::Version
165
- version: '0.8'
165
+ version: '0.10'
166
166
  - !ruby/object:Gem::Dependency
167
167
  name: simplecov
168
168
  requirement: !ruby/object:Gem::Requirement
@@ -266,7 +266,7 @@ licenses:
266
266
  - MIT
267
267
  metadata:
268
268
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
269
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.333.0
269
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.335.0
270
270
  rdoc_options: []
271
271
  require_paths:
272
272
  - lib