RubyGems - dependabot-cargo - Versions diffs - 0.111.46 → 0.111.47 - Mend

dependabot-cargo 0.111.46 → 0.111.47

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

checksums.yaml +4 -4
data/lib/dependabot/cargo/update_checker/version_resolver.rb +21 -0
metadata +4 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 56dc84d179ea12d6753028e43e6414004f4ec969c446bcf835c7f1391f59f751
-  data.tar.gz: 7e02f9502dbb71fcb14aa0f43b78a1aa7eadcddd6077094fa176667f28090d2b
+  metadata.gz: 3839e89e789268568d39deaa96362fff50327856c4662c19c93ac329edbbb085
+  data.tar.gz: e8c83fecc4be80a8f7e64a4adeecc418f63bae9a46093213e59c68b8e0e820a0
 SHA512:
-  metadata.gz: c5826e256f9cb1e65ddd2de718dc4878122273fe6963f74aa47eeddc871e8b509d81c68777055896fb215b433a2bb706cd42e5e9939bd7fb6505002b7b837186
-  data.tar.gz: 7c01ac19348b638f8a9ed1c94315b60fa971a52a895e47054f03ef6e6d69d693dfda472f91d491a77211de08438fed83ffbef67e4205078870000152f4cfed5e
+  metadata.gz: '06961bbf93e08aaaa89ea693e55dfdf9c9952eac3d29734d08fc5e3bf22ed5202a22634016712e5add4598d6ba9fce5ff2ad900dd77979ce7a64b78b43f48776'
+  data.tar.gz: 1cd517640b92822284891950bee3c6ed92e4c0499da36a3bb3aab4c54ef8b389d07ae0b544063f5c3f5e4311cb0602c25627ebf517c3631d8b40606d61aa51d5

data/lib/dependabot/cargo/update_checker/version_resolver.rb CHANGED Viewed

@@ -219,6 +219,14 @@ module Dependabot
             raise Dependabot::DependencyFileNotResolvable, error.message
           end
+          if workspace_native_library_update_error?(error.message)
+            # This happens when we're updating one part of a workspace which
+            # triggers an update of a subdependency that uses a native library,
+            # whilst leaving another part of the workspace using an older
+            # version. Ideally we would prevent the subdependency update.
+            return nil
+          end
           if git_dependency? && error.message.include?("no matching package")
             # This happens when updating a git dependency whose version has
             # changed from a release to a pre-release version
@@ -308,6 +316,19 @@ module Dependabot
           false
         end
+        def workspace_native_library_update_error?(message)
+          return unless message.include?("native library")
+          library_count = prepared_manifest_files.count do |file|
+            package_name = TomlRB.parse(file.content).dig("package", "name")
+            next false unless package_name
+            message.include?("depended on by `#{package_name} ")
+          end
+          library_count >= 2
+        end
         def write_manifest_files(prepared: true)
           manifest_files = if prepared then prepared_manifest_files
                            else original_manifest_files

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-cargo
 version: !ruby/object:Gem::Version
-  version: 0.111.46
+  version: 0.111.47
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-08-04 00:00:00.000000000 Z
+date: 2019-08-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.111.46
+        version: 0.111.47
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.111.46
+        version: 0.111.47
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement