dependabot-cargo 0.106.6 → 0.106.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e3560cc9d36a11e9a976850f845caf257d53edbd79896fafdcbf5d9cdf8a30db
|
|
4
|
+
data.tar.gz: 1194d58cbcfc8cca7386d036b5cc1977c4f07669833d0d65ddaae2ef4af40ea0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f1a229c329992e84ad3e7b9f64495364822db5aa3298bd7a1ddd5fb73d21dad105afa91f9ab11d89fbbc30ff2762a243a83df7eed6b465eabd37dcbbdbce735e
|
|
7
|
+
data.tar.gz: b835eec1ea56c1ff6f6c1ebf22c374dcf6676be0fce0988f6f0b9cea2abf596e39aba14bfd30d025e01370c3400d8b1d87b370f1afe266d4e7605629487e25af
|
|
@@ -59,23 +59,23 @@ module Dependabot
|
|
|
59
59
|
def manifest_dependencies
|
|
60
60
|
dependency_set = DependencySet.new
|
|
61
61
|
|
|
62
|
-
|
|
63
|
-
|
|
62
|
+
manifest_files.each do |file|
|
|
63
|
+
DEPENDENCY_TYPES.each do |type|
|
|
64
64
|
parsed_file(file).fetch(type, {}).each do |name, requirement|
|
|
65
65
|
next unless name == name_from_declaration(name, requirement)
|
|
66
66
|
next if lockfile && !version_from_lockfile(name, requirement)
|
|
67
67
|
|
|
68
|
-
dependency_set <<
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
68
|
+
dependency_set << build_dependency(name, requirement, type, file)
|
|
69
|
+
end
|
|
70
|
+
|
|
71
|
+
parsed_file(file).fetch("target", {}).each do |_, t_details|
|
|
72
|
+
t_details.fetch(type, {}).each do |name, requirement|
|
|
73
|
+
next unless name == name_from_declaration(name, requirement)
|
|
74
|
+
next if lockfile && !version_from_lockfile(name, requirement)
|
|
75
|
+
|
|
76
|
+
dependency_set <<
|
|
77
|
+
build_dependency(name, requirement, type, file)
|
|
78
|
+
end
|
|
79
79
|
end
|
|
80
80
|
end
|
|
81
81
|
end
|
|
@@ -83,6 +83,20 @@ module Dependabot
|
|
|
83
83
|
dependency_set
|
|
84
84
|
end
|
|
85
85
|
|
|
86
|
+
def build_dependency(name, requirement, type, file)
|
|
87
|
+
Dependency.new(
|
|
88
|
+
name: name,
|
|
89
|
+
version: version_from_lockfile(name, requirement),
|
|
90
|
+
package_manager: "cargo",
|
|
91
|
+
requirements: [{
|
|
92
|
+
requirement: requirement_from_declaration(requirement),
|
|
93
|
+
file: file.name,
|
|
94
|
+
groups: [type],
|
|
95
|
+
source: source_from_declaration(requirement)
|
|
96
|
+
}]
|
|
97
|
+
)
|
|
98
|
+
end
|
|
99
|
+
|
|
86
100
|
def lockfile_dependencies
|
|
87
101
|
dependency_set = DependencySet.new
|
|
88
102
|
return dependency_set unless lockfile
|
|
@@ -8,6 +8,7 @@ require "dependabot/cargo/file_updater/manifest_updater"
|
|
|
8
8
|
require "dependabot/cargo/file_parser"
|
|
9
9
|
require "dependabot/shared_helpers"
|
|
10
10
|
|
|
11
|
+
# rubocop:disable Metrics/ClassLength
|
|
11
12
|
module Dependabot
|
|
12
13
|
module Cargo
|
|
13
14
|
class FileUpdater
|
|
@@ -227,9 +228,30 @@ module Dependabot
|
|
|
227
228
|
end
|
|
228
229
|
end
|
|
229
230
|
|
|
231
|
+
pin_target_specific_dependencies!(parsed_manifest)
|
|
232
|
+
|
|
230
233
|
TomlRB.dump(parsed_manifest)
|
|
231
234
|
end
|
|
232
235
|
|
|
236
|
+
def pin_target_specific_dependencies!(parsed_manifest)
|
|
237
|
+
parsed_manifest.fetch("target", {}).each do |target, t_details|
|
|
238
|
+
Cargo::FileParser::DEPENDENCY_TYPES.each do |type|
|
|
239
|
+
t_details.fetch(type, {}).each do |name, requirement|
|
|
240
|
+
next unless name == dependency.name
|
|
241
|
+
|
|
242
|
+
updated_req = "=#{dependency.version}"
|
|
243
|
+
|
|
244
|
+
if requirement.is_a?(Hash)
|
|
245
|
+
parsed_manifest["target"][target][type][name]["version"] =
|
|
246
|
+
updated_req
|
|
247
|
+
else
|
|
248
|
+
parsed_manifest["target"][target][type][name] = updated_req
|
|
249
|
+
end
|
|
250
|
+
end
|
|
251
|
+
end
|
|
252
|
+
end
|
|
253
|
+
end
|
|
254
|
+
|
|
233
255
|
def replace_ssh_urls(content)
|
|
234
256
|
git_ssh_requirements_to_swap.each do |ssh_url, https_url|
|
|
235
257
|
content = content.gsub(ssh_url, https_url)
|
|
@@ -341,3 +363,4 @@ module Dependabot
|
|
|
341
363
|
end
|
|
342
364
|
end
|
|
343
365
|
end
|
|
366
|
+
# rubocop:enable Metrics/ClassLength
|
|
@@ -81,9 +81,36 @@ module Dependabot
|
|
|
81
81
|
end
|
|
82
82
|
end
|
|
83
83
|
|
|
84
|
+
replace_req_on_target_specific_deps!(parsed_manifest, filename)
|
|
85
|
+
|
|
84
86
|
TomlRB.dump(parsed_manifest)
|
|
85
87
|
end
|
|
86
88
|
|
|
89
|
+
def replace_req_on_target_specific_deps!(parsed_manifest, filename)
|
|
90
|
+
parsed_manifest.fetch("target", {}).each do |target, _|
|
|
91
|
+
Cargo::FileParser::DEPENDENCY_TYPES.each do |type|
|
|
92
|
+
dependency_names = dependency_names_for_type_and_target(
|
|
93
|
+
parsed_manifest,
|
|
94
|
+
type,
|
|
95
|
+
target
|
|
96
|
+
)
|
|
97
|
+
|
|
98
|
+
dependency_names.each do |name|
|
|
99
|
+
req = parsed_manifest.dig("target", target, type, name)
|
|
100
|
+
|
|
101
|
+
updated_req = temporary_requirement_for_resolution(filename)
|
|
102
|
+
|
|
103
|
+
if req.is_a?(Hash)
|
|
104
|
+
parsed_manifest["target"][target][type][name]["version"] =
|
|
105
|
+
updated_req
|
|
106
|
+
else
|
|
107
|
+
parsed_manifest["target"][target][type][name] = updated_req
|
|
108
|
+
end
|
|
109
|
+
end
|
|
110
|
+
end
|
|
111
|
+
end
|
|
112
|
+
end
|
|
113
|
+
|
|
87
114
|
def replace_git_pin(content)
|
|
88
115
|
parsed_manifest = TomlRB.parse(content)
|
|
89
116
|
|
|
@@ -103,9 +130,39 @@ module Dependabot
|
|
|
103
130
|
end
|
|
104
131
|
end
|
|
105
132
|
|
|
133
|
+
replace_git_pin_on_target_specific_deps!(parsed_manifest)
|
|
134
|
+
|
|
106
135
|
TomlRB.dump(parsed_manifest)
|
|
107
136
|
end
|
|
108
137
|
|
|
138
|
+
def replace_git_pin_on_target_specific_deps!(parsed_manifest)
|
|
139
|
+
parsed_manifest.fetch("target", {}).each do |target, _|
|
|
140
|
+
Cargo::FileParser::DEPENDENCY_TYPES.each do |type|
|
|
141
|
+
dependency_names = dependency_names_for_type_and_target(
|
|
142
|
+
parsed_manifest,
|
|
143
|
+
type,
|
|
144
|
+
target
|
|
145
|
+
)
|
|
146
|
+
|
|
147
|
+
dependency_names.each do |name|
|
|
148
|
+
req = parsed_manifest.dig("target", target, type, name)
|
|
149
|
+
next unless req.is_a?(Hash)
|
|
150
|
+
next unless [req["tag"], req["rev"]].compact.uniq.count == 1
|
|
151
|
+
|
|
152
|
+
if req["tag"]
|
|
153
|
+
parsed_manifest["target"][target][type][name]["tag"] =
|
|
154
|
+
replacement_git_pin
|
|
155
|
+
end
|
|
156
|
+
|
|
157
|
+
if req["rev"]
|
|
158
|
+
parsed_manifest["target"][target][type][name]["rev"] =
|
|
159
|
+
replacement_git_pin
|
|
160
|
+
end
|
|
161
|
+
end
|
|
162
|
+
end
|
|
163
|
+
end
|
|
164
|
+
end
|
|
165
|
+
|
|
109
166
|
def replace_ssh_urls(content)
|
|
110
167
|
parsed_manifest = TomlRB.parse(content)
|
|
111
168
|
|
|
@@ -184,6 +241,16 @@ module Dependabot
|
|
|
184
241
|
names
|
|
185
242
|
end
|
|
186
243
|
|
|
244
|
+
def dependency_names_for_type_and_target(parsed_manifest, type, target)
|
|
245
|
+
names = []
|
|
246
|
+
(parsed_manifest.dig("target", target, type) || {}).each do |nm, req|
|
|
247
|
+
next unless dependency.name == name_from_declaration(nm, req)
|
|
248
|
+
|
|
249
|
+
names << nm
|
|
250
|
+
end
|
|
251
|
+
names
|
|
252
|
+
end
|
|
253
|
+
|
|
187
254
|
def name_from_declaration(name, declaration)
|
|
188
255
|
return name if declaration.is_a?(String)
|
|
189
256
|
unless declaration.is_a?(Hash)
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-cargo
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.106.
|
|
4
|
+
version: 0.106.7
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.106.
|
|
19
|
+
version: 0.106.7
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.106.
|
|
26
|
+
version: 0.106.7
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|