dependabot-cargo 0.380.0 → 0.382.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1068e529e2ddde008e2c74f9d306c7d8ba9864d170d8922160b8da0ce293d940
4
- data.tar.gz: 0bd0d7ef4223ffc7066a27325079a32b3bb4303b9e2eb4d45a8ac3fbb17e4a0a
3
+ metadata.gz: 51d4f61feae4b16e9007ba3a114ca34893d7232eb3786c88b9333917f064db35
4
+ data.tar.gz: 3ce4da7afe9eb34a9adf4db1a1a6e4f8d9cfe7f77e2ea116eae2c05aedca4341
5
5
  SHA512:
6
- metadata.gz: d2cddaa59abb1b20ae112a8c60c202d0623b2baf718aef5a3cceeb0f070abb9f39177257b882650909da8ab25aa2f62407167f2e805660c00342b510dbfc08f8
7
- data.tar.gz: 1cd491c8ed61d07b5837821911a4acc5d817e29b42974660aec0e5b8b5f9f05a4cbeeccc43d2a5411b560f82c9e35f36e2414836416609c8f4110937aa0ed5ee
6
+ metadata.gz: 9c2eec9ce3b6ccea662a43c7576ba823ebde9156e36bcb0a5dc36e06b3da125e2caa7961b329e6bed364675249f8b084127c4b1c53b2a1e00a1b6a163cb9c604
7
+ data.tar.gz: 642f355d2a781ef02157dc33fabde13f5fbedca6ff7ec198a6d7b7575d320796b41c837b245f1d448bc0ea9117b1088fb5a4a38f1b7bde42e31d08e3f25da2f1
@@ -401,7 +401,7 @@ module Dependabot
401
401
 
402
402
  sig { params(file: DependencyFile).returns(T.untyped) }
403
403
  def parsed_file(file)
404
- @parsed_file ||= T.let({}, T.untyped)
404
+ @parsed_file ||= T.let({}, T.nilable(T::Hash[String, T.untyped]))
405
405
  @parsed_file[file.name] ||= TomlRB.parse(file.content)
406
406
  rescue TomlRB::ParseError, TomlRB::ValueOverwriteError
407
407
  raise Dependabot::DependencyFileNotParseable, file.path
@@ -64,7 +64,7 @@ module Dependabot
64
64
  updated_content
65
65
  end
66
66
 
67
- sig { params(requirements: T.nilable(T::Array[T::Hash[Symbol, T.untyped]])).returns(T.nilable(String)) }
67
+ sig { params(requirements: T.nilable(T::Array[Dependabot::DependencyRequirement])).returns(T.nilable(String)) }
68
68
  def find_workspace_requirement(requirements)
69
69
  requirements&.find { |r| r[:groups]&.include?("workspace.dependencies") }
70
70
  &.fetch(:requirement)
@@ -50,7 +50,7 @@ module Dependabot
50
50
 
51
51
  # Parses a pre-commit Rust additional_dependency string.
52
52
  # Formats: "package_name:version", "cli:package_name:version"
53
- sig { params(dep_string: String).returns(T.nilable(T::Hash[Symbol, T.untyped])) }
53
+ sig { params(dep_string: String).returns(T.nilable(T::Hash[Symbol, T.nilable(String)])) }
54
54
  def self.parse_dep_string(dep_string)
55
55
  stripped = dep_string.strip
56
56
  return nil if stripped.empty?
@@ -15,11 +15,12 @@ module Dependabot
15
15
  class VersionResolver # rubocop:disable Metrics/ClassLength
16
16
  extend T::Sig
17
17
 
18
- UNABLE_TO_UPDATE = /Unable to update (?<url>.*?)$/
18
+ UNABLE_TO_UPDATE = /unable to update (?<url>.*?)$/i
19
19
  BRANCH_NOT_FOUND_REGEX = /#{UNABLE_TO_UPDATE}.*to find branch `(?<branch>[^`]+)`/m
20
20
  REVSPEC_PATTERN = /revspec '.*' not found/
21
21
  OBJECT_PATTERN = /object not found - no match for id \(.*\)/
22
- REF_NOT_FOUND_REGEX = /#{UNABLE_TO_UPDATE}.*(#{REVSPEC_PATTERN}|#{OBJECT_PATTERN})/m
22
+ REVISION_PATTERN = /revision .* not found/
23
+ REF_NOT_FOUND_REGEX = /#{UNABLE_TO_UPDATE}.*(#{REVSPEC_PATTERN}|#{OBJECT_PATTERN}|#{REVISION_PATTERN})/m
23
24
  GIT_REF_NOT_FOUND_REGEX = /Updating git repository `(?<url>[^`]*)`.*fatal: couldn't find remote ref/m
24
25
 
25
26
  # Note that as of Rust 1.80, git error message handling in the `cargo update` command changed.
@@ -88,14 +88,16 @@ module Dependabot
88
88
  )
89
89
  end
90
90
 
91
- sig { override.returns(T::Array[T::Hash[Symbol, T.untyped]]) }
91
+ sig { override.returns(T::Array[Dependabot::DependencyRequirement]) }
92
92
  def updated_requirements
93
- RequirementsUpdater.new(
94
- requirements: dependency.requirements,
95
- updated_source: updated_source,
96
- target_version: target_version,
97
- update_strategy: requirements_update_strategy
98
- ).updated_requirements
93
+ wrap_requirements(
94
+ RequirementsUpdater.new(
95
+ requirements: dependency.requirements,
96
+ updated_source: updated_source,
97
+ target_version: target_version,
98
+ update_strategy: requirements_update_strategy
99
+ ).updated_requirements
100
+ )
99
101
  end
100
102
 
101
103
  sig { override.returns(T::Boolean) }
@@ -108,8 +110,12 @@ module Dependabot
108
110
  # If passed in as an option (in the base class) honour that option
109
111
  return @requirements_update_strategy if @requirements_update_strategy
110
112
 
111
- # Otherwise, widen ranges for libraries and bump versions for apps
112
- library? ? RequirementsUpdateStrategy::BumpVersionsIfNecessary : RequirementsUpdateStrategy::BumpVersions
113
+ # Cargo resolves to the newest compatible version and a bare version is a
114
+ # caret-equivalent (compatible) requirement, so only raise the requirement
115
+ # when it doesn't already allow the new version. Avoids needless churn and
116
+ # MSRV bumps.
117
+ # https://doc.rust-lang.org/cargo/reference/specifying-dependencies.html#caret-requirements
118
+ RequirementsUpdateStrategy::BumpVersionsIfNecessary
113
119
  end
114
120
 
115
121
  private
@@ -132,13 +138,12 @@ module Dependabot
132
138
  # present in other areas
133
139
  return unless preferred_resolvable_version
134
140
 
135
- library? ? latest_version&.to_s : preferred_resolvable_version.to_s
141
+ # No lockfile: target the latest version. With one: the resolvable version.
142
+ no_lockfile? ? latest_version&.to_s : preferred_resolvable_version.to_s
136
143
  end
137
144
 
138
145
  sig { returns(T::Boolean) }
139
- def library?
140
- # If it has a lockfile, treat it as an application. Otherwise treat it
141
- # as a library.
146
+ def no_lockfile?
142
147
  dependency_files.none? { |f| f.name == "Cargo.lock" }
143
148
  end
144
149
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-cargo
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.380.0
4
+ version: 0.382.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -15,14 +15,14 @@ dependencies:
15
15
  requirements:
16
16
  - - '='
17
17
  - !ruby/object:Gem::Version
18
- version: 0.380.0
18
+ version: 0.382.0
19
19
  type: :runtime
20
20
  prerelease: false
21
21
  version_requirements: !ruby/object:Gem::Requirement
22
22
  requirements:
23
23
  - - '='
24
24
  - !ruby/object:Gem::Version
25
- version: 0.380.0
25
+ version: 0.382.0
26
26
  - !ruby/object:Gem::Dependency
27
27
  name: debug
28
28
  requirement: !ruby/object:Gem::Requirement
@@ -266,7 +266,7 @@ licenses:
266
266
  - MIT
267
267
  metadata:
268
268
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
269
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.380.0
269
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.382.0
270
270
  rdoc_options: []
271
271
  require_paths:
272
272
  - lib