dependabot-cargo 0.348.1 → 0.350.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/cargo/file_fetcher.rb +34 -45
  3. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ccae211d9dfd431cf611dc076c6d6e4dcfbe24c209cbcab2a3cfb5fbdbe84dbc
4
- data.tar.gz: fe51accf4820675950bbf0837704608f998a66cf67ccc5d0c4c405f400cea3b8
3
+ metadata.gz: 187f0ee0a0683e211ad624f4ee54ffa140248d1cb555b458b8ecd7b39aab112a
4
+ data.tar.gz: edb6e6ef2bc0c1f10784791deaeb70d5f450269c8bca5710becf7fd4f272a2cd
5
5
  SHA512:
6
- metadata.gz: b05378f7bdbcac4fcd563db7f1d64abec90c316dd072004395105fd0c3f9cf2385f9618a3aabbff470495178ed9702f3fd56582859459b251c264f255f8e51e0
7
- data.tar.gz: d6a9626c6e705b73597dbe0cd94e5b95e3bbdaa532c98d7f2826f978095267e4ffadb7ae369b9ef01807f05ddf679638abde40ccbb337304e776af01ea7bc62d
6
+ metadata.gz: 72fb4b6a508f76f723fa3181ea28dc10bce6a8b23a5698d1a3cefe95df418873f70f28f3fec591ee8303c6dec7dde8bdfb700c0f6748284ff4fcde4fbd7a31f5
7
+ data.tar.gz: 69e748b545156fb2a3d89895a97161762b1e5f89ade7f69757c22d2fa97c19e7c18a151e04e58998cb21ba4d911b31b4182081fc664fee35d703722f60649a84
data/lib/dependabot/cargo/file_fetcher.rb CHANGED
@@ -35,12 +35,7 @@ module Dependabot
35
35
  else
36
36
  "default"
37
37
  end
38
-
39
- {
40
- package_managers: {
41
- "cargo" => channel
42
- }
43
- }
38
+ { package_managers: { "cargo" => channel } }
44
39
  rescue TomlRB::ParseError
45
40
  raise Dependabot::DependencyFileNotParseable.new(
46
41
  T.must(rust_toolchain).path,
@@ -50,26 +45,21 @@ module Dependabot
50
45
 
51
46
  sig { override.returns(T::Array[DependencyFile]) }
52
47
  def fetch_files
53
- fetched_files = T.let([], T::Array[DependencyFile])
54
- fetched_files << cargo_toml
48
+ fetched_files = T.let([cargo_toml], T::Array[DependencyFile])
55
49
  fetched_files << T.must(cargo_lock) if cargo_lock
56
50
  fetched_files << T.must(cargo_config) if cargo_config
57
51
  fetched_files << T.must(rust_toolchain) if rust_toolchain
58
52
  fetched_files += fetch_path_dependency_and_workspace_files
59
-
60
53
  # If the main Cargo.toml uses workspace dependencies, ensure we have the workspace root
61
54
  parsed_manifest = parsed_file(cargo_toml)
62
55
  if uses_workspace_dependencies?(parsed_manifest) || workspace_member?(parsed_manifest)
63
56
  workspace_root = find_workspace_root(cargo_toml)
64
57
  fetched_files << workspace_root if workspace_root && !fetched_files.include?(workspace_root)
65
58
  end
66
-
67
59
  # Filter excluded files from final collection
68
- filtered_files = fetched_files.reject do |file|
60
+ fetched_files.reject do |file|
69
61
  Dependabot::FileFiltering.should_exclude_path?(file.name, "file from final collection", @exclude_paths)
70
- end
71
-
72
- filtered_files.uniq
62
+ end.uniq
73
63
  end
74
64
 
75
65
  private
@@ -79,15 +69,10 @@ module Dependabot
79
69
  end
80
70
  def fetch_path_dependency_and_workspace_files(files = nil)
81
71
  fetched_files = files || [cargo_toml]
82
-
83
72
  fetched_files += path_dependency_files(fetched_files)
84
73
  fetched_files += fetched_files.flat_map { |f| workspace_files(f) }
85
-
86
74
  updated_files = fetched_files.reject(&:support_file?).uniq
87
- updated_files +=
88
- fetched_files.uniq
89
- .reject { |f| updated_files.map(&:name).include?(f.name) }
90
-
75
+ updated_files += fetched_files.uniq.reject { |f| updated_files.map(&:name).include?(f.name) }
91
76
  return updated_files if updated_files == files
92
77
 
93
78
  fetch_path_dependency_and_workspace_files(updated_files)
@@ -96,11 +81,7 @@ module Dependabot
96
81
  sig { params(cargo_toml: Dependabot::DependencyFile).returns(T::Array[Dependabot::DependencyFile]) }
97
82
  def workspace_files(cargo_toml)
98
83
  @workspace_files ||= T.let({}, T.nilable(T::Hash[String, T::Array[Dependabot::DependencyFile]]))
99
- @workspace_files[cargo_toml.name] ||=
100
- fetch_workspace_files(
101
- file: cargo_toml,
102
- previously_fetched_files: []
103
- )
84
+ @workspace_files[cargo_toml.name] ||= fetch_workspace_files(file: cargo_toml, previously_fetched_files: [])
104
85
  end
105
86
 
106
87
  sig { params(fetched_files: T::Array[Dependabot::DependencyFile]).returns(T::Array[Dependabot::DependencyFile]) }
@@ -108,13 +89,10 @@ module Dependabot
108
89
  @path_dependency_files ||= T.let({}, T.nilable(T::Hash[String, T::Array[Dependabot::DependencyFile]]))
109
90
  fetched_path_dependency_files = T.let([], T::Array[Dependabot::DependencyFile])
110
91
  fetched_files.each do |file|
111
- @path_dependency_files[file.name] ||=
112
- fetch_path_dependency_files(
113
- file: file,
114
- previously_fetched_files: fetched_files +
115
- fetched_path_dependency_files
116
- )
117
-
92
+ @path_dependency_files[file.name] ||= fetch_path_dependency_files(
93
+ file: file,
94
+ previously_fetched_files: fetched_files + fetched_path_dependency_files
95
+ )
118
96
  fetched_path_dependency_files += T.must(@path_dependency_files[file.name])
119
97
  end
120
98
 
@@ -349,8 +327,7 @@ module Dependabot
349
327
 
350
328
  sig { params(file: Dependabot::DependencyFile).returns(T::Array[String]) }
351
329
  def workspace_dependency_paths_from_file(file)
352
- if parsed_file(file)["workspace"] &&
353
- !parsed_file(file)["workspace"].key?("members")
330
+ if parsed_file(file)["workspace"] && !parsed_file(file)["workspace"].key?("members")
354
331
  return path_dependency_paths_from_file(file)
355
332
  end
356
333
 
@@ -432,9 +409,7 @@ module Dependabot
432
409
  def expand_workspaces(path)
433
410
  path = Pathname.new(path).cleanpath.to_path
434
411
  dir = directory.gsub(%r{(^/|/$)}, "")
435
-
436
412
  unglobbed_path = (path.split("*").first || "").gsub(%r{(?<=/)[^/]*$}, "")
437
-
438
413
  repo_contents(dir: unglobbed_path, raise_errors: false)
439
414
  .select { |file| file.type == "dir" }
440
415
  .map { |f| f.path.gsub(%r{^/?#{Regexp.escape(dir)}/?}, "") }
@@ -455,10 +430,7 @@ module Dependabot
455
430
 
456
431
  sig { returns(T.nilable(Dependabot::DependencyFile)) }
457
432
  def cargo_lock
458
- @cargo_lock ||= T.let(
459
- fetch_file_if_present("Cargo.lock"),
460
- T.nilable(Dependabot::DependencyFile)
461
- )
433
+ @cargo_lock ||= T.let(fetch_file_if_present("Cargo.lock"), T.nilable(Dependabot::DependencyFile))
462
434
  end
463
435
 
464
436
  sig { returns(T.nilable(Dependabot::DependencyFile)) }
@@ -466,7 +438,6 @@ module Dependabot
466
438
  return @cargo_config if defined?(@cargo_config)
467
439
 
468
440
  @cargo_config = fetch_support_file(".cargo/config.toml")
469
-
470
441
  @cargo_config ||= T.let(
471
442
  fetch_support_file(".cargo/config")&.tap { |f| f.name = ".cargo/config.toml" },
472
443
  T.nilable(Dependabot::DependencyFile)
@@ -478,15 +449,33 @@ module Dependabot
478
449
  return @rust_toolchain if defined?(@rust_toolchain)
479
450
 
480
451
  @rust_toolchain = fetch_support_file("rust-toolchain")
481
-
482
- # Per https://rust-lang.github.io/rustup/overrides.html the file can
483
- # have a `.toml` extension, but the non-extension version is preferred.
484
- # Renaming here to simplify finding it later in the code.
452
+ # Per https://rust-lang.github.io/rustup/overrides.html the file can have a `.toml` extension,
453
+ # but the non-extension version is preferred. Renaming here to simplify finding it later in the code.
485
454
  @rust_toolchain ||= T.let(
486
455
  fetch_support_file("rust-toolchain.toml")&.tap { |f| f.name = "rust-toolchain" },
487
456
  T.nilable(Dependabot::DependencyFile)
488
457
  )
489
458
  end
459
+
460
+ sig { override.params(filename: T.any(Pathname, String)).returns(Dependabot::DependencyFile) }
461
+ def load_cloned_file_if_present(filename)
462
+ file = super
463
+ file.name = Pathname.new(file.name).cleanpath.to_s.gsub(%r{^/+}, "")
464
+ file
465
+ end
466
+
467
+ sig do
468
+ override.params(
469
+ filename: T.any(Pathname, String),
470
+ type: String,
471
+ fetch_submodules: T::Boolean
472
+ ).returns(Dependabot::DependencyFile)
473
+ end
474
+ def fetch_file_from_host(filename, type: "file", fetch_submodules: false)
475
+ file = super
476
+ file.name = Pathname.new(file.name).cleanpath.to_s.gsub(%r{^/+}, "")
477
+ file
478
+ end
490
479
  end
491
480
  end
492
481
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-cargo
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.348.1
4
+ version: 0.350.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -15,14 +15,14 @@ dependencies:
15
15
  requirements:
16
16
  - - '='
17
17
  - !ruby/object:Gem::Version
18
- version: 0.348.1
18
+ version: 0.350.0
19
19
  type: :runtime
20
20
  prerelease: false
21
21
  version_requirements: !ruby/object:Gem::Requirement
22
22
  requirements:
23
23
  - - '='
24
24
  - !ruby/object:Gem::Version
25
- version: 0.348.1
25
+ version: 0.350.0
26
26
  - !ruby/object:Gem::Dependency
27
27
  name: debug
28
28
  requirement: !ruby/object:Gem::Requirement
@@ -266,7 +266,7 @@ licenses:
266
266
  - MIT
267
267
  metadata:
268
268
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
269
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.348.1
269
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.350.0
270
270
  rdoc_options: []
271
271
  require_paths:
272
272
  - lib