dependabot-cargo 0.105.1 → 0.105.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: fb9ae721373ea83ce53431736dc8563b24ab9afd42d9e1a79f33c8d4a5acd098
|
|
4
|
+
data.tar.gz: 28dfc2048936fe8d44f7b6f59043232cdb7fff52ef6d0ef7062d241b3d411450
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 103b0825ad0d75dfb4e8ca509edbbcca0c29b048d20cbac1c7aa254c64660e219f9dd3c03c451da8f8274e0dfa24192f71f8ecb81e1f744fd8d739f48cb9eefa
|
|
7
|
+
data.tar.gz: c425d8c74f039d1124a14c4c81b33bb18bbd641330263ac8d57e5740893f7712e859705f918c42a23fa04bf2dfe7cf9a55648c7344d80966d2cd82ff014434a3
|
|
@@ -1,6 +1,5 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
-
require "excon"
|
|
4
3
|
require "dependabot/git_commit_checker"
|
|
5
4
|
require "dependabot/update_checkers"
|
|
6
5
|
require "dependabot/update_checkers/base"
|
|
@@ -8,6 +7,7 @@ require "dependabot/update_checkers/base"
|
|
|
8
7
|
module Dependabot
|
|
9
8
|
module Cargo
|
|
10
9
|
class UpdateChecker < Dependabot::UpdateCheckers::Base
|
|
10
|
+
require_relative "update_checker/latest_version_finder"
|
|
11
11
|
require_relative "update_checker/requirements_updater"
|
|
12
12
|
require_relative "update_checker/version_resolver"
|
|
13
13
|
require_relative "update_checker/file_preparer"
|
|
@@ -23,12 +23,7 @@ module Dependabot
|
|
|
23
23
|
# they can't be passed to GitCommitChecker.
|
|
24
24
|
nil
|
|
25
25
|
else
|
|
26
|
-
|
|
27
|
-
versions.reject!(&:prerelease?) unless wants_prerelease?
|
|
28
|
-
versions.reject! do |v|
|
|
29
|
-
ignore_reqs.any? { |r| r.satisfied_by?(v) }
|
|
30
|
-
end
|
|
31
|
-
versions.max
|
|
26
|
+
latest_version_finder.latest_version
|
|
32
27
|
end
|
|
33
28
|
end
|
|
34
29
|
|
|
@@ -90,6 +85,16 @@ module Dependabot
|
|
|
90
85
|
library? ? :bump_versions_if_necessary : :bump_versions
|
|
91
86
|
end
|
|
92
87
|
|
|
88
|
+
def latest_version_finder
|
|
89
|
+
@latest_version_finder ||= LatestVersionFinder.new(
|
|
90
|
+
dependency: dependency,
|
|
91
|
+
dependency_files: dependency_files,
|
|
92
|
+
credentials: credentials,
|
|
93
|
+
ignored_versions: ignored_versions,
|
|
94
|
+
security_advisories: security_advisories
|
|
95
|
+
)
|
|
96
|
+
end
|
|
97
|
+
|
|
93
98
|
def latest_version_for_git_dependency
|
|
94
99
|
latest_git_version_sha
|
|
95
100
|
end
|
|
@@ -213,25 +218,6 @@ module Dependabot
|
|
|
213
218
|
sources.first
|
|
214
219
|
end
|
|
215
220
|
|
|
216
|
-
def wants_prerelease?
|
|
217
|
-
if dependency.version &&
|
|
218
|
-
version_class.new(dependency.version).prerelease?
|
|
219
|
-
return true
|
|
220
|
-
end
|
|
221
|
-
|
|
222
|
-
dependency.requirements.any? do |req|
|
|
223
|
-
reqs = (req.fetch(:requirement) || "").split(",").map(&:strip)
|
|
224
|
-
reqs.any? { |r| r.match?(/[A-Za-z]/) }
|
|
225
|
-
end
|
|
226
|
-
end
|
|
227
|
-
|
|
228
|
-
def available_versions
|
|
229
|
-
crates_listing.
|
|
230
|
-
fetch("versions", []).
|
|
231
|
-
reject { |v| v["yanked"] }.
|
|
232
|
-
map { |v| version_class.new(v.fetch("num")) }
|
|
233
|
-
end
|
|
234
|
-
|
|
235
221
|
def git_dependency?
|
|
236
222
|
git_commit_checker.git_dependency?
|
|
237
223
|
end
|
|
@@ -258,24 +244,6 @@ module Dependabot
|
|
|
258
244
|
credentials: credentials
|
|
259
245
|
)
|
|
260
246
|
end
|
|
261
|
-
|
|
262
|
-
def crates_listing
|
|
263
|
-
return @crates_listing unless @crates_listing.nil?
|
|
264
|
-
|
|
265
|
-
response = Excon.get(
|
|
266
|
-
"https://crates.io/api/v1/crates/#{dependency.name}",
|
|
267
|
-
idempotent: true,
|
|
268
|
-
**SharedHelpers.excon_defaults
|
|
269
|
-
)
|
|
270
|
-
|
|
271
|
-
@crates_listing = JSON.parse(response.body)
|
|
272
|
-
rescue Excon::Error::Timeout
|
|
273
|
-
retrying ||= false
|
|
274
|
-
raise if retrying
|
|
275
|
-
|
|
276
|
-
retrying = true
|
|
277
|
-
sleep(rand(1.0..5.0)) && retry
|
|
278
|
-
end
|
|
279
247
|
end
|
|
280
248
|
end
|
|
281
249
|
end
|
|
@@ -0,0 +1,122 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "excon"
|
|
4
|
+
require "dependabot/cargo/update_checker"
|
|
5
|
+
|
|
6
|
+
module Dependabot
|
|
7
|
+
module Cargo
|
|
8
|
+
class UpdateChecker
|
|
9
|
+
class LatestVersionFinder
|
|
10
|
+
def initialize(dependency:, dependency_files:, credentials:,
|
|
11
|
+
ignored_versions:, security_advisories:)
|
|
12
|
+
@dependency = dependency
|
|
13
|
+
@dependency_files = dependency_files
|
|
14
|
+
@credentials = credentials
|
|
15
|
+
@ignored_versions = ignored_versions
|
|
16
|
+
@security_advisories = security_advisories
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def latest_version
|
|
20
|
+
@latest_version ||= fetch_latest_version
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
def lowest_security_fix_version
|
|
24
|
+
@lowest_security_fix_version ||= fetch_lowest_security_fix_version
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
private
|
|
28
|
+
|
|
29
|
+
attr_reader :dependency, :dependency_files, :credentials,
|
|
30
|
+
:ignored_versions, :security_advisories
|
|
31
|
+
|
|
32
|
+
def fetch_latest_version
|
|
33
|
+
versions = available_versions
|
|
34
|
+
versions = filter_prerelease_versions(versions)
|
|
35
|
+
versions = filter_ignored_versions(versions)
|
|
36
|
+
versions.max
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
def fetch_lowest_security_fix_version
|
|
40
|
+
versions = available_versions
|
|
41
|
+
versions = filter_prerelease_versions(versions)
|
|
42
|
+
versions = filter_ignored_versions(versions)
|
|
43
|
+
versions = filter_vulnerable_versions(versions)
|
|
44
|
+
versions = filter_lower_versions(versions)
|
|
45
|
+
versions.min
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
def filter_prerelease_versions(versions_array)
|
|
49
|
+
return versions_array if wants_prerelease?
|
|
50
|
+
|
|
51
|
+
versions_array.reject(&:prerelease?)
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
def filter_ignored_versions(versions_array)
|
|
55
|
+
versions_array.
|
|
56
|
+
reject { |v| ignore_reqs.any? { |r| r.satisfied_by?(v) } }
|
|
57
|
+
end
|
|
58
|
+
|
|
59
|
+
def filter_vulnerable_versions(versions_array)
|
|
60
|
+
versions_array.
|
|
61
|
+
reject { |v| security_advisories.any? { |a| a.vulnerable?(v) } }
|
|
62
|
+
end
|
|
63
|
+
|
|
64
|
+
def filter_lower_versions(versions_array)
|
|
65
|
+
versions_array.
|
|
66
|
+
select { |version| version > version_class.new(dependency.version) }
|
|
67
|
+
end
|
|
68
|
+
|
|
69
|
+
def available_versions
|
|
70
|
+
crates_listing.
|
|
71
|
+
fetch("versions", []).
|
|
72
|
+
reject { |v| v["yanked"] }.
|
|
73
|
+
map { |v| version_class.new(v.fetch("num")) }
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
def crates_listing
|
|
77
|
+
return @crates_listing unless @crates_listing.nil?
|
|
78
|
+
|
|
79
|
+
response = Excon.get(
|
|
80
|
+
"https://crates.io/api/v1/crates/#{dependency.name}",
|
|
81
|
+
idempotent: true,
|
|
82
|
+
**SharedHelpers.excon_defaults
|
|
83
|
+
)
|
|
84
|
+
|
|
85
|
+
@crates_listing = JSON.parse(response.body)
|
|
86
|
+
rescue Excon::Error::Timeout
|
|
87
|
+
retrying ||= false
|
|
88
|
+
raise if retrying
|
|
89
|
+
|
|
90
|
+
retrying = true
|
|
91
|
+
sleep(rand(1.0..5.0)) && retry
|
|
92
|
+
end
|
|
93
|
+
|
|
94
|
+
def wants_prerelease?
|
|
95
|
+
if dependency.version &&
|
|
96
|
+
version_class.new(dependency.version).prerelease?
|
|
97
|
+
return true
|
|
98
|
+
end
|
|
99
|
+
|
|
100
|
+
dependency.requirements.any? do |req|
|
|
101
|
+
reqs = (req.fetch(:requirement) || "").split(",").map(&:strip)
|
|
102
|
+
reqs.any? { |r| r.match?(/[A-Za-z]/) }
|
|
103
|
+
end
|
|
104
|
+
end
|
|
105
|
+
|
|
106
|
+
def ignore_reqs
|
|
107
|
+
ignored_versions.map { |req| requirement_class.new(req.split(",")) }
|
|
108
|
+
end
|
|
109
|
+
|
|
110
|
+
def version_class
|
|
111
|
+
Utils.version_class_for_package_manager(dependency.package_manager)
|
|
112
|
+
end
|
|
113
|
+
|
|
114
|
+
def requirement_class
|
|
115
|
+
Utils.requirement_class_for_package_manager(
|
|
116
|
+
dependency.package_manager
|
|
117
|
+
)
|
|
118
|
+
end
|
|
119
|
+
end
|
|
120
|
+
end
|
|
121
|
+
end
|
|
122
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-cargo
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.105.
|
|
4
|
+
version: 0.105.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-04-
|
|
11
|
+
date: 2019-04-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.105.
|
|
19
|
+
version: 0.105.2
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.105.
|
|
26
|
+
version: 0.105.2
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -153,6 +153,7 @@ files:
|
|
|
153
153
|
- lib/dependabot/cargo/requirement.rb
|
|
154
154
|
- lib/dependabot/cargo/update_checker.rb
|
|
155
155
|
- lib/dependabot/cargo/update_checker/file_preparer.rb
|
|
156
|
+
- lib/dependabot/cargo/update_checker/latest_version_finder.rb
|
|
156
157
|
- lib/dependabot/cargo/update_checker/requirements_updater.rb
|
|
157
158
|
- lib/dependabot/cargo/update_checker/version_resolver.rb
|
|
158
159
|
- lib/dependabot/cargo/version.rb
|