dependabot-cargo 0.105.1 → 0.105.2
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: fb9ae721373ea83ce53431736dc8563b24ab9afd42d9e1a79f33c8d4a5acd098
|
|
4
|
+
data.tar.gz: 28dfc2048936fe8d44f7b6f59043232cdb7fff52ef6d0ef7062d241b3d411450
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 103b0825ad0d75dfb4e8ca509edbbcca0c29b048d20cbac1c7aa254c64660e219f9dd3c03c451da8f8274e0dfa24192f71f8ecb81e1f744fd8d739f48cb9eefa
|
|
7
|
+
data.tar.gz: c425d8c74f039d1124a14c4c81b33bb18bbd641330263ac8d57e5740893f7712e859705f918c42a23fa04bf2dfe7cf9a55648c7344d80966d2cd82ff014434a3
|
|
@@ -1,6 +1,5 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
-
require "excon"
|
|
4
3
|
require "dependabot/git_commit_checker"
|
|
5
4
|
require "dependabot/update_checkers"
|
|
6
5
|
require "dependabot/update_checkers/base"
|
|
@@ -8,6 +7,7 @@ require "dependabot/update_checkers/base"
|
|
|
8
7
|
module Dependabot
|
|
9
8
|
module Cargo
|
|
10
9
|
class UpdateChecker < Dependabot::UpdateCheckers::Base
|
|
10
|
+
require_relative "update_checker/latest_version_finder"
|
|
11
11
|
require_relative "update_checker/requirements_updater"
|
|
12
12
|
require_relative "update_checker/version_resolver"
|
|
13
13
|
require_relative "update_checker/file_preparer"
|
|
@@ -23,12 +23,7 @@ module Dependabot
|
|
|
23
23
|
# they can't be passed to GitCommitChecker.
|
|
24
24
|
nil
|
|
25
25
|
else
|
|
26
|
-
|
|
27
|
-
versions.reject!(&:prerelease?) unless wants_prerelease?
|
|
28
|
-
versions.reject! do |v|
|
|
29
|
-
ignore_reqs.any? { |r| r.satisfied_by?(v) }
|
|
30
|
-
end
|
|
31
|
-
versions.max
|
|
26
|
+
latest_version_finder.latest_version
|
|
32
27
|
end
|
|
33
28
|
end
|
|
34
29
|
|
|
@@ -90,6 +85,16 @@ module Dependabot
|
|
|
90
85
|
library? ? :bump_versions_if_necessary : :bump_versions
|
|
91
86
|
end
|
|
92
87
|
|
|
88
|
+
def latest_version_finder
|
|
89
|
+
@latest_version_finder ||= LatestVersionFinder.new(
|
|
90
|
+
dependency: dependency,
|
|
91
|
+
dependency_files: dependency_files,
|
|
92
|
+
credentials: credentials,
|
|
93
|
+
ignored_versions: ignored_versions,
|
|
94
|
+
security_advisories: security_advisories
|
|
95
|
+
)
|
|
96
|
+
end
|
|
97
|
+
|
|
93
98
|
def latest_version_for_git_dependency
|
|
94
99
|
latest_git_version_sha
|
|
95
100
|
end
|
|
@@ -213,25 +218,6 @@ module Dependabot
|
|
|
213
218
|
sources.first
|
|
214
219
|
end
|
|
215
220
|
|
|
216
|
-
def wants_prerelease?
|
|
217
|
-
if dependency.version &&
|
|
218
|
-
version_class.new(dependency.version).prerelease?
|
|
219
|
-
return true
|
|
220
|
-
end
|
|
221
|
-
|
|
222
|
-
dependency.requirements.any? do |req|
|
|
223
|
-
reqs = (req.fetch(:requirement) || "").split(",").map(&:strip)
|
|
224
|
-
reqs.any? { |r| r.match?(/[A-Za-z]/) }
|
|
225
|
-
end
|
|
226
|
-
end
|
|
227
|
-
|
|
228
|
-
def available_versions
|
|
229
|
-
crates_listing.
|
|
230
|
-
fetch("versions", []).
|
|
231
|
-
reject { |v| v["yanked"] }.
|
|
232
|
-
map { |v| version_class.new(v.fetch("num")) }
|
|
233
|
-
end
|
|
234
|
-
|
|
235
221
|
def git_dependency?
|
|
236
222
|
git_commit_checker.git_dependency?
|
|
237
223
|
end
|
|
@@ -258,24 +244,6 @@ module Dependabot
|
|
|
258
244
|
credentials: credentials
|
|
259
245
|
)
|
|
260
246
|
end
|
|
261
|
-
|
|
262
|
-
def crates_listing
|
|
263
|
-
return @crates_listing unless @crates_listing.nil?
|
|
264
|
-
|
|
265
|
-
response = Excon.get(
|
|
266
|
-
"https://crates.io/api/v1/crates/#{dependency.name}",
|
|
267
|
-
idempotent: true,
|
|
268
|
-
**SharedHelpers.excon_defaults
|
|
269
|
-
)
|
|
270
|
-
|
|
271
|
-
@crates_listing = JSON.parse(response.body)
|
|
272
|
-
rescue Excon::Error::Timeout
|
|
273
|
-
retrying ||= false
|
|
274
|
-
raise if retrying
|
|
275
|
-
|
|
276
|
-
retrying = true
|
|
277
|
-
sleep(rand(1.0..5.0)) && retry
|
|
278
|
-
end
|
|
279
247
|
end
|
|
280
248
|
end
|
|
281
249
|
end
|
|
@@ -0,0 +1,122 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "excon"
|
|
4
|
+
require "dependabot/cargo/update_checker"
|
|
5
|
+
|
|
6
|
+
module Dependabot
|
|
7
|
+
module Cargo
|
|
8
|
+
class UpdateChecker
|
|
9
|
+
class LatestVersionFinder
|
|
10
|
+
def initialize(dependency:, dependency_files:, credentials:,
|
|
11
|
+
ignored_versions:, security_advisories:)
|
|
12
|
+
@dependency = dependency
|
|
13
|
+
@dependency_files = dependency_files
|
|
14
|
+
@credentials = credentials
|
|
15
|
+
@ignored_versions = ignored_versions
|
|
16
|
+
@security_advisories = security_advisories
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def latest_version
|
|
20
|
+
@latest_version ||= fetch_latest_version
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
def lowest_security_fix_version
|
|
24
|
+
@lowest_security_fix_version ||= fetch_lowest_security_fix_version
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
private
|
|
28
|
+
|
|
29
|
+
attr_reader :dependency, :dependency_files, :credentials,
|
|
30
|
+
:ignored_versions, :security_advisories
|
|
31
|
+
|
|
32
|
+
def fetch_latest_version
|
|
33
|
+
versions = available_versions
|
|
34
|
+
versions = filter_prerelease_versions(versions)
|
|
35
|
+
versions = filter_ignored_versions(versions)
|
|
36
|
+
versions.max
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
def fetch_lowest_security_fix_version
|
|
40
|
+
versions = available_versions
|
|
41
|
+
versions = filter_prerelease_versions(versions)
|
|
42
|
+
versions = filter_ignored_versions(versions)
|
|
43
|
+
versions = filter_vulnerable_versions(versions)
|
|
44
|
+
versions = filter_lower_versions(versions)
|
|
45
|
+
versions.min
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
def filter_prerelease_versions(versions_array)
|
|
49
|
+
return versions_array if wants_prerelease?
|
|
50
|
+
|
|
51
|
+
versions_array.reject(&:prerelease?)
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
def filter_ignored_versions(versions_array)
|
|
55
|
+
versions_array.
|
|
56
|
+
reject { |v| ignore_reqs.any? { |r| r.satisfied_by?(v) } }
|
|
57
|
+
end
|
|
58
|
+
|
|
59
|
+
def filter_vulnerable_versions(versions_array)
|
|
60
|
+
versions_array.
|
|
61
|
+
reject { |v| security_advisories.any? { |a| a.vulnerable?(v) } }
|
|
62
|
+
end
|
|
63
|
+
|
|
64
|
+
def filter_lower_versions(versions_array)
|
|
65
|
+
versions_array.
|
|
66
|
+
select { |version| version > version_class.new(dependency.version) }
|
|
67
|
+
end
|
|
68
|
+
|
|
69
|
+
def available_versions
|
|
70
|
+
crates_listing.
|
|
71
|
+
fetch("versions", []).
|
|
72
|
+
reject { |v| v["yanked"] }.
|
|
73
|
+
map { |v| version_class.new(v.fetch("num")) }
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
def crates_listing
|
|
77
|
+
return @crates_listing unless @crates_listing.nil?
|
|
78
|
+
|
|
79
|
+
response = Excon.get(
|
|
80
|
+
"https://crates.io/api/v1/crates/#{dependency.name}",
|
|
81
|
+
idempotent: true,
|
|
82
|
+
**SharedHelpers.excon_defaults
|
|
83
|
+
)
|
|
84
|
+
|
|
85
|
+
@crates_listing = JSON.parse(response.body)
|
|
86
|
+
rescue Excon::Error::Timeout
|
|
87
|
+
retrying ||= false
|
|
88
|
+
raise if retrying
|
|
89
|
+
|
|
90
|
+
retrying = true
|
|
91
|
+
sleep(rand(1.0..5.0)) && retry
|
|
92
|
+
end
|
|
93
|
+
|
|
94
|
+
def wants_prerelease?
|
|
95
|
+
if dependency.version &&
|
|
96
|
+
version_class.new(dependency.version).prerelease?
|
|
97
|
+
return true
|
|
98
|
+
end
|
|
99
|
+
|
|
100
|
+
dependency.requirements.any? do |req|
|
|
101
|
+
reqs = (req.fetch(:requirement) || "").split(",").map(&:strip)
|
|
102
|
+
reqs.any? { |r| r.match?(/[A-Za-z]/) }
|
|
103
|
+
end
|
|
104
|
+
end
|
|
105
|
+
|
|
106
|
+
def ignore_reqs
|
|
107
|
+
ignored_versions.map { |req| requirement_class.new(req.split(",")) }
|
|
108
|
+
end
|
|
109
|
+
|
|
110
|
+
def version_class
|
|
111
|
+
Utils.version_class_for_package_manager(dependency.package_manager)
|
|
112
|
+
end
|
|
113
|
+
|
|
114
|
+
def requirement_class
|
|
115
|
+
Utils.requirement_class_for_package_manager(
|
|
116
|
+
dependency.package_manager
|
|
117
|
+
)
|
|
118
|
+
end
|
|
119
|
+
end
|
|
120
|
+
end
|
|
121
|
+
end
|
|
122
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-cargo
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.105.
|
|
4
|
+
version: 0.105.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-04-
|
|
11
|
+
date: 2019-04-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.105.
|
|
19
|
+
version: 0.105.2
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.105.
|
|
26
|
+
version: 0.105.2
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -153,6 +153,7 @@ files:
|
|
|
153
153
|
- lib/dependabot/cargo/requirement.rb
|
|
154
154
|
- lib/dependabot/cargo/update_checker.rb
|
|
155
155
|
- lib/dependabot/cargo/update_checker/file_preparer.rb
|
|
156
|
+
- lib/dependabot/cargo/update_checker/latest_version_finder.rb
|
|
156
157
|
- lib/dependabot/cargo/update_checker/requirements_updater.rb
|
|
157
158
|
- lib/dependabot/cargo/update_checker/version_resolver.rb
|
|
158
159
|
- lib/dependabot/cargo/version.rb
|