dependabot-cargo 0.106.6 → 0.106.7
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e3560cc9d36a11e9a976850f845caf257d53edbd79896fafdcbf5d9cdf8a30db
|
4
|
+
data.tar.gz: 1194d58cbcfc8cca7386d036b5cc1977c4f07669833d0d65ddaae2ef4af40ea0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f1a229c329992e84ad3e7b9f64495364822db5aa3298bd7a1ddd5fb73d21dad105afa91f9ab11d89fbbc30ff2762a243a83df7eed6b465eabd37dcbbdbce735e
|
7
|
+
data.tar.gz: b835eec1ea56c1ff6f6c1ebf22c374dcf6676be0fce0988f6f0b9cea2abf596e39aba14bfd30d025e01370c3400d8b1d87b370f1afe266d4e7605629487e25af
|
@@ -59,23 +59,23 @@ module Dependabot
|
|
59
59
|
def manifest_dependencies
|
60
60
|
dependency_set = DependencySet.new
|
61
61
|
|
62
|
-
|
63
|
-
|
62
|
+
manifest_files.each do |file|
|
63
|
+
DEPENDENCY_TYPES.each do |type|
|
64
64
|
parsed_file(file).fetch(type, {}).each do |name, requirement|
|
65
65
|
next unless name == name_from_declaration(name, requirement)
|
66
66
|
next if lockfile && !version_from_lockfile(name, requirement)
|
67
67
|
|
68
|
-
dependency_set <<
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
68
|
+
dependency_set << build_dependency(name, requirement, type, file)
|
69
|
+
end
|
70
|
+
|
71
|
+
parsed_file(file).fetch("target", {}).each do |_, t_details|
|
72
|
+
t_details.fetch(type, {}).each do |name, requirement|
|
73
|
+
next unless name == name_from_declaration(name, requirement)
|
74
|
+
next if lockfile && !version_from_lockfile(name, requirement)
|
75
|
+
|
76
|
+
dependency_set <<
|
77
|
+
build_dependency(name, requirement, type, file)
|
78
|
+
end
|
79
79
|
end
|
80
80
|
end
|
81
81
|
end
|
@@ -83,6 +83,20 @@ module Dependabot
|
|
83
83
|
dependency_set
|
84
84
|
end
|
85
85
|
|
86
|
+
def build_dependency(name, requirement, type, file)
|
87
|
+
Dependency.new(
|
88
|
+
name: name,
|
89
|
+
version: version_from_lockfile(name, requirement),
|
90
|
+
package_manager: "cargo",
|
91
|
+
requirements: [{
|
92
|
+
requirement: requirement_from_declaration(requirement),
|
93
|
+
file: file.name,
|
94
|
+
groups: [type],
|
95
|
+
source: source_from_declaration(requirement)
|
96
|
+
}]
|
97
|
+
)
|
98
|
+
end
|
99
|
+
|
86
100
|
def lockfile_dependencies
|
87
101
|
dependency_set = DependencySet.new
|
88
102
|
return dependency_set unless lockfile
|
@@ -8,6 +8,7 @@ require "dependabot/cargo/file_updater/manifest_updater"
|
|
8
8
|
require "dependabot/cargo/file_parser"
|
9
9
|
require "dependabot/shared_helpers"
|
10
10
|
|
11
|
+
# rubocop:disable Metrics/ClassLength
|
11
12
|
module Dependabot
|
12
13
|
module Cargo
|
13
14
|
class FileUpdater
|
@@ -227,9 +228,30 @@ module Dependabot
|
|
227
228
|
end
|
228
229
|
end
|
229
230
|
|
231
|
+
pin_target_specific_dependencies!(parsed_manifest)
|
232
|
+
|
230
233
|
TomlRB.dump(parsed_manifest)
|
231
234
|
end
|
232
235
|
|
236
|
+
def pin_target_specific_dependencies!(parsed_manifest)
|
237
|
+
parsed_manifest.fetch("target", {}).each do |target, t_details|
|
238
|
+
Cargo::FileParser::DEPENDENCY_TYPES.each do |type|
|
239
|
+
t_details.fetch(type, {}).each do |name, requirement|
|
240
|
+
next unless name == dependency.name
|
241
|
+
|
242
|
+
updated_req = "=#{dependency.version}"
|
243
|
+
|
244
|
+
if requirement.is_a?(Hash)
|
245
|
+
parsed_manifest["target"][target][type][name]["version"] =
|
246
|
+
updated_req
|
247
|
+
else
|
248
|
+
parsed_manifest["target"][target][type][name] = updated_req
|
249
|
+
end
|
250
|
+
end
|
251
|
+
end
|
252
|
+
end
|
253
|
+
end
|
254
|
+
|
233
255
|
def replace_ssh_urls(content)
|
234
256
|
git_ssh_requirements_to_swap.each do |ssh_url, https_url|
|
235
257
|
content = content.gsub(ssh_url, https_url)
|
@@ -341,3 +363,4 @@ module Dependabot
|
|
341
363
|
end
|
342
364
|
end
|
343
365
|
end
|
366
|
+
# rubocop:enable Metrics/ClassLength
|
@@ -81,9 +81,36 @@ module Dependabot
|
|
81
81
|
end
|
82
82
|
end
|
83
83
|
|
84
|
+
replace_req_on_target_specific_deps!(parsed_manifest, filename)
|
85
|
+
|
84
86
|
TomlRB.dump(parsed_manifest)
|
85
87
|
end
|
86
88
|
|
89
|
+
def replace_req_on_target_specific_deps!(parsed_manifest, filename)
|
90
|
+
parsed_manifest.fetch("target", {}).each do |target, _|
|
91
|
+
Cargo::FileParser::DEPENDENCY_TYPES.each do |type|
|
92
|
+
dependency_names = dependency_names_for_type_and_target(
|
93
|
+
parsed_manifest,
|
94
|
+
type,
|
95
|
+
target
|
96
|
+
)
|
97
|
+
|
98
|
+
dependency_names.each do |name|
|
99
|
+
req = parsed_manifest.dig("target", target, type, name)
|
100
|
+
|
101
|
+
updated_req = temporary_requirement_for_resolution(filename)
|
102
|
+
|
103
|
+
if req.is_a?(Hash)
|
104
|
+
parsed_manifest["target"][target][type][name]["version"] =
|
105
|
+
updated_req
|
106
|
+
else
|
107
|
+
parsed_manifest["target"][target][type][name] = updated_req
|
108
|
+
end
|
109
|
+
end
|
110
|
+
end
|
111
|
+
end
|
112
|
+
end
|
113
|
+
|
87
114
|
def replace_git_pin(content)
|
88
115
|
parsed_manifest = TomlRB.parse(content)
|
89
116
|
|
@@ -103,9 +130,39 @@ module Dependabot
|
|
103
130
|
end
|
104
131
|
end
|
105
132
|
|
133
|
+
replace_git_pin_on_target_specific_deps!(parsed_manifest)
|
134
|
+
|
106
135
|
TomlRB.dump(parsed_manifest)
|
107
136
|
end
|
108
137
|
|
138
|
+
def replace_git_pin_on_target_specific_deps!(parsed_manifest)
|
139
|
+
parsed_manifest.fetch("target", {}).each do |target, _|
|
140
|
+
Cargo::FileParser::DEPENDENCY_TYPES.each do |type|
|
141
|
+
dependency_names = dependency_names_for_type_and_target(
|
142
|
+
parsed_manifest,
|
143
|
+
type,
|
144
|
+
target
|
145
|
+
)
|
146
|
+
|
147
|
+
dependency_names.each do |name|
|
148
|
+
req = parsed_manifest.dig("target", target, type, name)
|
149
|
+
next unless req.is_a?(Hash)
|
150
|
+
next unless [req["tag"], req["rev"]].compact.uniq.count == 1
|
151
|
+
|
152
|
+
if req["tag"]
|
153
|
+
parsed_manifest["target"][target][type][name]["tag"] =
|
154
|
+
replacement_git_pin
|
155
|
+
end
|
156
|
+
|
157
|
+
if req["rev"]
|
158
|
+
parsed_manifest["target"][target][type][name]["rev"] =
|
159
|
+
replacement_git_pin
|
160
|
+
end
|
161
|
+
end
|
162
|
+
end
|
163
|
+
end
|
164
|
+
end
|
165
|
+
|
109
166
|
def replace_ssh_urls(content)
|
110
167
|
parsed_manifest = TomlRB.parse(content)
|
111
168
|
|
@@ -184,6 +241,16 @@ module Dependabot
|
|
184
241
|
names
|
185
242
|
end
|
186
243
|
|
244
|
+
def dependency_names_for_type_and_target(parsed_manifest, type, target)
|
245
|
+
names = []
|
246
|
+
(parsed_manifest.dig("target", target, type) || {}).each do |nm, req|
|
247
|
+
next unless dependency.name == name_from_declaration(nm, req)
|
248
|
+
|
249
|
+
names << nm
|
250
|
+
end
|
251
|
+
names
|
252
|
+
end
|
253
|
+
|
187
254
|
def name_from_declaration(name, declaration)
|
188
255
|
return name if declaration.is_a?(String)
|
189
256
|
unless declaration.is_a?(Hash)
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-cargo
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.106.
|
4
|
+
version: 0.106.7
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.106.
|
19
|
+
version: 0.106.7
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.106.
|
26
|
+
version: 0.106.7
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|