dependabot-cargo 0.125.0 → 0.125.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/cargo/file_parser.rb +5 -15
- data/lib/dependabot/cargo/file_updater/lockfile_updater.rb +2 -6
- data/lib/dependabot/cargo/update_checker.rb +4 -12
- data/lib/dependabot/cargo/update_checker/file_preparer.rb +3 -9
- data/lib/dependabot/cargo/update_checker/latest_version_finder.rb +1 -3
- data/lib/dependabot/cargo/update_checker/version_resolver.rb +3 -9
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7ea7cfc203c9f87da3b5a0fe2667ee2da548e99e69dd9e1f9d1adc753602876c
|
4
|
+
data.tar.gz: fc97363cb5b9cc70a33d15e0571cdda8b171bb0bd1083c1c94a270558d3c5442
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 375ec46bfacfe78635ddeedfa8c7e289f6d375aaaa253af4a25aab6faf7a827c798366f4a6eb742094543bde10c3c548ac4ce7e344c3c010926a7acc3f969858
|
7
|
+
data.tar.gz: 16183ec3c80b5b040c43655cce84eab8786ae8c2c79ed0cefac353ab1ed0013683c072b675abfe50d22e9d80cf16d668366327a5dee8044a06d9f79575e0335f
|
@@ -130,30 +130,22 @@ module Dependabot
|
|
130
130
|
if declaration.is_a?(String)
|
131
131
|
return declaration == "" ? nil : declaration
|
132
132
|
end
|
133
|
-
unless declaration.is_a?(Hash)
|
134
|
-
|
135
|
-
end
|
136
|
-
if declaration["version"]&.is_a?(String) && declaration["version"] != ""
|
137
|
-
return declaration["version"]
|
138
|
-
end
|
133
|
+
raise "Unexpected dependency declaration: #{declaration}" unless declaration.is_a?(Hash)
|
134
|
+
return declaration["version"] if declaration["version"]&.is_a?(String) && declaration["version"] != ""
|
139
135
|
|
140
136
|
nil
|
141
137
|
end
|
142
138
|
|
143
139
|
def name_from_declaration(name, declaration)
|
144
140
|
return name if declaration.is_a?(String)
|
145
|
-
unless declaration.is_a?(Hash)
|
146
|
-
raise "Unexpected dependency declaration: #{declaration}"
|
147
|
-
end
|
141
|
+
raise "Unexpected dependency declaration: #{declaration}" unless declaration.is_a?(Hash)
|
148
142
|
|
149
143
|
declaration.fetch("package", name)
|
150
144
|
end
|
151
145
|
|
152
146
|
def source_from_declaration(declaration)
|
153
147
|
return if declaration.is_a?(String)
|
154
|
-
unless declaration.is_a?(Hash)
|
155
|
-
raise "Unexpected dependency declaration: #{declaration}"
|
156
|
-
end
|
148
|
+
raise "Unexpected dependency declaration: #{declaration}" unless declaration.is_a?(Hash)
|
157
149
|
|
158
150
|
return git_source_details(declaration) if declaration["git"]
|
159
151
|
return { type: "path" } if declaration["path"]
|
@@ -203,9 +195,7 @@ module Dependabot
|
|
203
195
|
end
|
204
196
|
|
205
197
|
def version_from_lockfile_details(package_details)
|
206
|
-
unless package_details["source"]&.start_with?("git+")
|
207
|
-
return package_details["version"]
|
208
|
-
end
|
198
|
+
return package_details["version"] unless package_details["source"]&.start_with?("git+")
|
209
199
|
|
210
200
|
package_details["source"].split("#").last
|
211
201
|
end
|
@@ -38,9 +38,7 @@ module Dependabot
|
|
38
38
|
updated_lockfile = File.read("Cargo.lock")
|
39
39
|
updated_lockfile = post_process_lockfile(updated_lockfile)
|
40
40
|
|
41
|
-
if updated_lockfile.include?(desired_lockfile_content)
|
42
|
-
next updated_lockfile
|
43
|
-
end
|
41
|
+
next updated_lockfile if updated_lockfile.include?(desired_lockfile_content)
|
44
42
|
|
45
43
|
raise "Failed to update #{dependency.name}!"
|
46
44
|
end
|
@@ -270,9 +268,7 @@ module Dependabot
|
|
270
268
|
|
271
269
|
def remove_default_run_specification(content)
|
272
270
|
parsed_manifest = TomlRB.parse(content)
|
273
|
-
if parsed_manifest.dig("package", "default-run")
|
274
|
-
parsed_manifest["package"].delete("default-run")
|
275
|
-
end
|
271
|
+
parsed_manifest["package"].delete("default-run") if parsed_manifest.dig("package", "default-run")
|
276
272
|
TomlRB.dump(parsed_manifest)
|
277
273
|
end
|
278
274
|
|
@@ -49,9 +49,7 @@ module Dependabot
|
|
49
49
|
def lowest_resolvable_security_fix_version
|
50
50
|
raise "Dependency not vulnerable!" unless vulnerable?
|
51
51
|
|
52
|
-
if defined?(@lowest_resolvable_security_fix_version)
|
53
|
-
return @lowest_resolvable_security_fix_version
|
54
|
-
end
|
52
|
+
return @lowest_resolvable_security_fix_version if defined?(@lowest_resolvable_security_fix_version)
|
55
53
|
|
56
54
|
@lowest_resolvable_security_fix_version =
|
57
55
|
fetch_lowest_resolvable_security_fix_version
|
@@ -125,9 +123,7 @@ module Dependabot
|
|
125
123
|
def latest_git_version_sha
|
126
124
|
# If the gem isn't pinned, the latest version is just the latest
|
127
125
|
# commit for the specified branch.
|
128
|
-
unless git_commit_checker.pinned?
|
129
|
-
return git_commit_checker.head_commit_for_current_branch
|
130
|
-
end
|
126
|
+
return git_commit_checker.head_commit_for_current_branch unless git_commit_checker.pinned?
|
131
127
|
|
132
128
|
# If the dependency is pinned to a tag that looks like a version then
|
133
129
|
# we want to update that tag. The latest version will then be the SHA
|
@@ -145,9 +141,7 @@ module Dependabot
|
|
145
141
|
def latest_resolvable_version_for_git_dependency
|
146
142
|
# If the gem isn't pinned, the latest version is just the latest
|
147
143
|
# commit for the specified branch.
|
148
|
-
unless git_commit_checker.pinned?
|
149
|
-
return latest_resolvable_commit_with_unchanged_git_source
|
150
|
-
end
|
144
|
+
return latest_resolvable_commit_with_unchanged_git_source unless git_commit_checker.pinned?
|
151
145
|
|
152
146
|
# If the dependency is pinned to a tag that looks like a version then
|
153
147
|
# we want to update that tag. The latest version will then be the SHA
|
@@ -221,9 +215,7 @@ module Dependabot
|
|
221
215
|
fix_version = lowest_security_fix_version
|
222
216
|
return latest_resolvable_version if fix_version.nil?
|
223
217
|
|
224
|
-
if path_dependency? || git_dependency? || git_subdependency?
|
225
|
-
return latest_resolvable_version
|
226
|
-
end
|
218
|
+
return latest_resolvable_version if path_dependency? || git_dependency? || git_subdependency?
|
227
219
|
|
228
220
|
prepared_files = FilePreparer.new(
|
229
221
|
dependency_files: dependency_files,
|
@@ -120,13 +120,9 @@ module Dependabot
|
|
120
120
|
next unless req.is_a?(Hash)
|
121
121
|
next unless [req["tag"], req["rev"]].compact.uniq.count == 1
|
122
122
|
|
123
|
-
if req["tag"]
|
124
|
-
parsed_manifest[type][name]["tag"] = replacement_git_pin
|
125
|
-
end
|
123
|
+
parsed_manifest[type][name]["tag"] = replacement_git_pin if req["tag"]
|
126
124
|
|
127
|
-
if req["rev"]
|
128
|
-
parsed_manifest[type][name]["rev"] = replacement_git_pin
|
129
|
-
end
|
125
|
+
parsed_manifest[type][name]["rev"] = replacement_git_pin if req["rev"]
|
130
126
|
end
|
131
127
|
end
|
132
128
|
|
@@ -255,9 +251,7 @@ module Dependabot
|
|
255
251
|
|
256
252
|
def name_from_declaration(name, declaration)
|
257
253
|
return name if declaration.is_a?(String)
|
258
|
-
unless declaration.is_a?(Hash)
|
259
|
-
raise "Unexpected dependency declaration: #{declaration}"
|
260
|
-
end
|
254
|
+
raise "Unexpected dependency declaration: #{declaration}" unless declaration.is_a?(Hash)
|
261
255
|
|
262
256
|
declaration.fetch("package", name)
|
263
257
|
end
|
@@ -56,9 +56,7 @@ module Dependabot
|
|
56
56
|
def filter_ignored_versions(versions_array)
|
57
57
|
filtered = versions_array.
|
58
58
|
reject { |v| ignore_reqs.any? { |r| r.satisfied_by?(v) } }
|
59
|
-
if @raise_on_ignored && filtered.empty? && versions_array.any?
|
60
|
-
raise Dependabot::AllVersionsIgnored
|
61
|
-
end
|
59
|
+
raise Dependabot::AllVersionsIgnored if @raise_on_ignored && filtered.empty? && versions_array.any?
|
62
60
|
|
63
61
|
filtered
|
64
62
|
end
|
@@ -214,9 +214,7 @@ module Dependabot
|
|
214
214
|
raise Dependabot::GitDependencyReferenceNotFound, dependency_url
|
215
215
|
end
|
216
216
|
|
217
|
-
if resolvability_error?(error.message)
|
218
|
-
raise Dependabot::DependencyFileNotResolvable, error.message
|
219
|
-
end
|
217
|
+
raise Dependabot::DependencyFileNotResolvable, error.message if resolvability_error?(error.message)
|
220
218
|
|
221
219
|
if workspace_native_library_update_error?(error.message)
|
222
220
|
# This happens when we're updating one part of a workspace which
|
@@ -373,16 +371,12 @@ module Dependabot
|
|
373
371
|
|
374
372
|
object.delete("bin")
|
375
373
|
|
376
|
-
if object.dig("package", "default-run")
|
377
|
-
object["package"].delete("default-run")
|
378
|
-
end
|
374
|
+
object["package"].delete("default-run") if object.dig("package", "default-run")
|
379
375
|
|
380
376
|
package_name = object.dig("package", "name")
|
381
377
|
return TomlRB.dump(object) unless package_name&.match?(/[\{\}]/)
|
382
378
|
|
383
|
-
if lockfile
|
384
|
-
raise "Sanitizing name for pkg with lockfile. Investigate!"
|
385
|
-
end
|
379
|
+
raise "Sanitizing name for pkg with lockfile. Investigate!" if lockfile
|
386
380
|
|
387
381
|
object["package"]["name"] = "sanitized"
|
388
382
|
TomlRB.dump(object)
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-cargo
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.125.
|
4
|
+
version: 0.125.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.125.
|
19
|
+
version: 0.125.1
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.125.
|
26
|
+
version: 0.125.1
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|