dependabot-cargo 0.355.0 → 0.356.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 983eec73e29ed7cd079753a5a3481938b8951bdca646fd150c1f4f686244af80
-  data.tar.gz: 170a5a033426a28e08ef5bb181300dc841bc9eff8fd962e6818c29880fb25372
+  metadata.gz: 9f0d7eb46b51a382f765bccd4505b942d566a2df946494b98f25df68cf38186c
+  data.tar.gz: da002ccfe17d219b0b14f92720c43ded25887811661139e5f357a6783fc672fc
 SHA512:
-  metadata.gz: bb5a6e2c1143a5249b8b9a7a9c3a3d23f0b8ff6f115e3c96d78269066ed33c716696fa0bea41b9577137bb965b95122dbd501e5d1f10afd56cb362188c59f680
-  data.tar.gz: 7b22ae501fe222ef5e2c872f46637d41d88a433031248149d30cb42fb378ff1040bf6642fe52efae1e4ce61a690c7379d47bba6b679c4c65cd6ec38f47c40326
+  metadata.gz: f7eab2d45f0400958efe456503a524efb442c21674da2788af186efb04421a5016af4072899b800ad89bb2f16051889e2e20e6b123914e6e63fcbd010fa83a38
+  data.tar.gz: 56d2cc5a4643c4deb18573edfd4580398ccb6ccd96f0800f27240ef487d99daf7d95c83577a99754783e1ac233f3adb93b89b16b26d15303a5dd1ced32221825

data/lib/dependabot/cargo/file_fetcher.rb

@@ -14,7 +14,7 @@ require "dependabot/cargo/file_parser"
 # https://doc.rust-lang.org/cargo/reference/manifest.html#the-workspace-section
 module Dependabot
   module Cargo
-    class FileFetcher < Dependabot::FileFetchers::Base
+    class FileFetcher < Dependabot::FileFetchers::Base # rubocop:disable Metrics/ClassLength
       extend T::Sig
       extend T::Helpers
 
@@ -50,13 +50,11 @@ module Dependabot
         fetched_files << T.must(cargo_config) if cargo_config
         fetched_files << T.must(rust_toolchain) if rust_toolchain
         fetched_files += fetch_path_dependency_and_workspace_files
-        # If the main Cargo.toml uses workspace dependencies, ensure we have the workspace root
         parsed_manifest = parsed_file(cargo_toml)
         if uses_workspace_dependencies?(parsed_manifest) || workspace_member?(parsed_manifest)
           workspace_root = find_workspace_root(cargo_toml)
           fetched_files << workspace_root if workspace_root && !fetched_files.include?(workspace_root)
         end
-        # Filter excluded files from final collection
         fetched_files.reject do |file|
           Dependabot::FileFiltering.should_exclude_path?(file.name, "file from final collection", @exclude_paths)
         end.uniq
@@ -70,7 +68,10 @@ module Dependabot
       def fetch_path_dependency_and_workspace_files(files = nil)
         fetched_files = files || [cargo_toml]
         fetched_files += path_dependency_files(fetched_files)
-        fetched_files += fetched_files.flat_map { |f| workspace_files(f) }
+        @workspace_files ||= T.let({}, T.nilable(T::Hash[String, T::Array[Dependabot::DependencyFile]]))
+        fetched_files += fetched_files.flat_map do |f|
+          @workspace_files[f.name] ||= fetch_workspace_files(file: f, previously_fetched_files: [])
+        end
         updated_files = fetched_files.reject(&:support_file?).uniq
         updated_files += fetched_files.uniq.reject { |f| updated_files.map(&:name).include?(f.name) }
         return updated_files if updated_files == files
@@ -78,12 +79,6 @@ module Dependabot
         fetch_path_dependency_and_workspace_files(updated_files)
       end
 
-      sig { params(cargo_toml: Dependabot::DependencyFile).returns(T::Array[Dependabot::DependencyFile]) }
-      def workspace_files(cargo_toml)
-        @workspace_files ||= T.let({}, T.nilable(T::Hash[String, T::Array[Dependabot::DependencyFile]]))
-        @workspace_files[cargo_toml.name] ||= fetch_workspace_files(file: cargo_toml, previously_fetched_files: [])
-      end
-
       sig { params(fetched_files: T::Array[Dependabot::DependencyFile]).returns(T::Array[Dependabot::DependencyFile]) }
       def path_dependency_files(fetched_files)
         @path_dependency_files ||= T.let({}, T.nilable(T::Hash[String, T::Array[Dependabot::DependencyFile]]))
@@ -442,6 +437,10 @@ module Dependabot
           fetch_support_file(".cargo/config")&.tap { |f| f.name = ".cargo/config.toml" },
           T.nilable(Dependabot::DependencyFile)
         )
+        @cargo_config ||= T.let(
+          fetch_cargo_config_from_parent_dirs,
+          T.nilable(Dependabot::DependencyFile)
+        )
       end
 
       sig { returns(T.nilable(Dependabot::DependencyFile)) }
@@ -449,8 +448,6 @@ module Dependabot
         return @rust_toolchain if defined?(@rust_toolchain)
 
         @rust_toolchain = fetch_support_file("rust-toolchain")
-        # Per https://rust-lang.github.io/rustup/overrides.html the file can have a `.toml` extension,
-        # but the non-extension version is preferred. Renaming here to simplify finding it later in the code.
         @rust_toolchain ||= T.let(
           fetch_support_file("rust-toolchain.toml")&.tap { |f| f.name = "rust-toolchain" },
           T.nilable(Dependabot::DependencyFile)
@@ -459,9 +456,7 @@ module Dependabot
 
       sig { override.params(filename: T.any(Pathname, String)).returns(Dependabot::DependencyFile) }
       def load_cloned_file_if_present(filename)
-        file = super
-        file.name = Pathname.new(file.name).cleanpath.to_s.gsub(%r{^/+}, "")
-        file
+        super.tap { |f| f.name = Pathname.new(f.name).cleanpath.to_s.gsub(%r{^/+}, "") }
       end
 
       sig do
@@ -472,9 +467,45 @@ module Dependabot
         ).returns(Dependabot::DependencyFile)
       end
       def fetch_file_from_host(filename, type: "file", fetch_submodules: false)
-        file = super
-        file.name = Pathname.new(file.name).cleanpath.to_s.gsub(%r{^/+}, "")
-        file
+        super.tap { |f| f.name = Pathname.new(f.name).cleanpath.to_s.gsub(%r{^/+}, "") }
+      end
+
+      sig { returns(T.nilable(Dependabot::DependencyFile)) }
+      def fetch_cargo_config_from_parent_dirs
+        return nil if directory.empty?
+
+        # Count directory depth to determine how many levels to search up
+        depth = directory.split("/").count { |s| !s.empty? }
+        return nil if depth.zero?
+
+        # Try each parent directory level
+        depth.times do |i|
+          parent_path = ([".."] * (i + 1)).join("/")
+          config = try_fetch_config_at_path(parent_path)
+          return config if config
+        end
+
+        nil
+      end
+
+      sig { params(parent_path: String).returns(T.nilable(Dependabot::DependencyFile)) }
+      def try_fetch_config_at_path(parent_path)
+        [".cargo/config.toml", ".cargo/config"].each do |config_name|
+          full_path = File.join(parent_path, config_name)
+          Dependabot.logger.debug("Attempting to fetch config from: #{full_path}")
+          config = fetch_file_from_host(
+            full_path,
+            fetch_submodules: false
+          )
+          Dependabot.logger.debug("Successfully fetched config from: #{full_path}")
+          config.support_file = true
+          config.name = ".cargo/config.toml"
+          return config
+        rescue Dependabot::DependencyFileNotFound
+          Dependabot.logger.debug("No config found at: #{full_path}")
+          next
+        end
+        nil
       end
     end
   end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-cargo
 version: !ruby/object:Gem::Version
-  version: 0.355.0
+  version: 0.356.0
 platform: ruby
 authors:
 - Dependabot
@@ -15,14 +15,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.355.0
+        version: 0.356.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.355.0
+        version: 0.356.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -266,7 +266,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.355.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.356.0
 rdoc_options: []
 require_paths:
 - lib