dependabot-cargo 0.380.0 → 0.382.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/cargo/file_parser.rb +1 -1
- data/lib/dependabot/cargo/file_updater/workspace_manifest_updater.rb +1 -1
- data/lib/dependabot/cargo/requirement.rb +1 -1
- data/lib/dependabot/cargo/update_checker/version_resolver.rb +3 -2
- data/lib/dependabot/cargo/update_checker.rb +18 -13
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 51d4f61feae4b16e9007ba3a114ca34893d7232eb3786c88b9333917f064db35
|
|
4
|
+
data.tar.gz: 3ce4da7afe9eb34a9adf4db1a1a6e4f8d9cfe7f77e2ea116eae2c05aedca4341
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9c2eec9ce3b6ccea662a43c7576ba823ebde9156e36bcb0a5dc36e06b3da125e2caa7961b329e6bed364675249f8b084127c4b1c53b2a1e00a1b6a163cb9c604
|
|
7
|
+
data.tar.gz: 642f355d2a781ef02157dc33fabde13f5fbedca6ff7ec198a6d7b7575d320796b41c837b245f1d448bc0ea9117b1088fb5a4a38f1b7bde42e31d08e3f25da2f1
|
|
@@ -401,7 +401,7 @@ module Dependabot
|
|
|
401
401
|
|
|
402
402
|
sig { params(file: DependencyFile).returns(T.untyped) }
|
|
403
403
|
def parsed_file(file)
|
|
404
|
-
@parsed_file ||= T.let({}, T.untyped)
|
|
404
|
+
@parsed_file ||= T.let({}, T.nilable(T::Hash[String, T.untyped]))
|
|
405
405
|
@parsed_file[file.name] ||= TomlRB.parse(file.content)
|
|
406
406
|
rescue TomlRB::ParseError, TomlRB::ValueOverwriteError
|
|
407
407
|
raise Dependabot::DependencyFileNotParseable, file.path
|
|
@@ -64,7 +64,7 @@ module Dependabot
|
|
|
64
64
|
updated_content
|
|
65
65
|
end
|
|
66
66
|
|
|
67
|
-
sig { params(requirements: T.nilable(T::Array[
|
|
67
|
+
sig { params(requirements: T.nilable(T::Array[Dependabot::DependencyRequirement])).returns(T.nilable(String)) }
|
|
68
68
|
def find_workspace_requirement(requirements)
|
|
69
69
|
requirements&.find { |r| r[:groups]&.include?("workspace.dependencies") }
|
|
70
70
|
&.fetch(:requirement)
|
|
@@ -50,7 +50,7 @@ module Dependabot
|
|
|
50
50
|
|
|
51
51
|
# Parses a pre-commit Rust additional_dependency string.
|
|
52
52
|
# Formats: "package_name:version", "cli:package_name:version"
|
|
53
|
-
sig { params(dep_string: String).returns(T.nilable(T::Hash[Symbol, T.
|
|
53
|
+
sig { params(dep_string: String).returns(T.nilable(T::Hash[Symbol, T.nilable(String)])) }
|
|
54
54
|
def self.parse_dep_string(dep_string)
|
|
55
55
|
stripped = dep_string.strip
|
|
56
56
|
return nil if stripped.empty?
|
|
@@ -15,11 +15,12 @@ module Dependabot
|
|
|
15
15
|
class VersionResolver # rubocop:disable Metrics/ClassLength
|
|
16
16
|
extend T::Sig
|
|
17
17
|
|
|
18
|
-
UNABLE_TO_UPDATE = /
|
|
18
|
+
UNABLE_TO_UPDATE = /unable to update (?<url>.*?)$/i
|
|
19
19
|
BRANCH_NOT_FOUND_REGEX = /#{UNABLE_TO_UPDATE}.*to find branch `(?<branch>[^`]+)`/m
|
|
20
20
|
REVSPEC_PATTERN = /revspec '.*' not found/
|
|
21
21
|
OBJECT_PATTERN = /object not found - no match for id \(.*\)/
|
|
22
|
-
|
|
22
|
+
REVISION_PATTERN = /revision .* not found/
|
|
23
|
+
REF_NOT_FOUND_REGEX = /#{UNABLE_TO_UPDATE}.*(#{REVSPEC_PATTERN}|#{OBJECT_PATTERN}|#{REVISION_PATTERN})/m
|
|
23
24
|
GIT_REF_NOT_FOUND_REGEX = /Updating git repository `(?<url>[^`]*)`.*fatal: couldn't find remote ref/m
|
|
24
25
|
|
|
25
26
|
# Note that as of Rust 1.80, git error message handling in the `cargo update` command changed.
|
|
@@ -88,14 +88,16 @@ module Dependabot
|
|
|
88
88
|
)
|
|
89
89
|
end
|
|
90
90
|
|
|
91
|
-
sig { override.returns(T::Array[
|
|
91
|
+
sig { override.returns(T::Array[Dependabot::DependencyRequirement]) }
|
|
92
92
|
def updated_requirements
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
93
|
+
wrap_requirements(
|
|
94
|
+
RequirementsUpdater.new(
|
|
95
|
+
requirements: dependency.requirements,
|
|
96
|
+
updated_source: updated_source,
|
|
97
|
+
target_version: target_version,
|
|
98
|
+
update_strategy: requirements_update_strategy
|
|
99
|
+
).updated_requirements
|
|
100
|
+
)
|
|
99
101
|
end
|
|
100
102
|
|
|
101
103
|
sig { override.returns(T::Boolean) }
|
|
@@ -108,8 +110,12 @@ module Dependabot
|
|
|
108
110
|
# If passed in as an option (in the base class) honour that option
|
|
109
111
|
return @requirements_update_strategy if @requirements_update_strategy
|
|
110
112
|
|
|
111
|
-
#
|
|
112
|
-
|
|
113
|
+
# Cargo resolves to the newest compatible version and a bare version is a
|
|
114
|
+
# caret-equivalent (compatible) requirement, so only raise the requirement
|
|
115
|
+
# when it doesn't already allow the new version. Avoids needless churn and
|
|
116
|
+
# MSRV bumps.
|
|
117
|
+
# https://doc.rust-lang.org/cargo/reference/specifying-dependencies.html#caret-requirements
|
|
118
|
+
RequirementsUpdateStrategy::BumpVersionsIfNecessary
|
|
113
119
|
end
|
|
114
120
|
|
|
115
121
|
private
|
|
@@ -132,13 +138,12 @@ module Dependabot
|
|
|
132
138
|
# present in other areas
|
|
133
139
|
return unless preferred_resolvable_version
|
|
134
140
|
|
|
135
|
-
|
|
141
|
+
# No lockfile: target the latest version. With one: the resolvable version.
|
|
142
|
+
no_lockfile? ? latest_version&.to_s : preferred_resolvable_version.to_s
|
|
136
143
|
end
|
|
137
144
|
|
|
138
145
|
sig { returns(T::Boolean) }
|
|
139
|
-
def
|
|
140
|
-
# If it has a lockfile, treat it as an application. Otherwise treat it
|
|
141
|
-
# as a library.
|
|
146
|
+
def no_lockfile?
|
|
142
147
|
dependency_files.none? { |f| f.name == "Cargo.lock" }
|
|
143
148
|
end
|
|
144
149
|
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-cargo
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.382.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.382.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.382.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: debug
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -266,7 +266,7 @@ licenses:
|
|
|
266
266
|
- MIT
|
|
267
267
|
metadata:
|
|
268
268
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
269
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
269
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.382.0
|
|
270
270
|
rdoc_options: []
|
|
271
271
|
require_paths:
|
|
272
272
|
- lib
|