RubyGems - dependabot-cargo - Versions diffs - 0.212.0 → 0.213.0 - Mend

dependabot-cargo 0.212.0 → 0.213.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml +4 -4
data/lib/dependabot/cargo/file_fetcher.rb +2 -2
data/lib/dependabot/cargo/file_parser.rb +13 -0
data/lib/dependabot/cargo/file_updater/lockfile_updater.rb +2 -2
data/lib/dependabot/cargo/requirement.rb +2 -2
data/lib/dependabot/cargo/update_checker/requirements_updater.rb +1 -1
data/lib/dependabot/cargo/update_checker/version_resolver.rb +7 -9
data/lib/dependabot/cargo/version.rb +1 -1
metadata +13 -55

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4987070ba68984e05bfba48c125acac48fd779a9899969095bf4e60b43b65e8f
-  data.tar.gz: 2ebdf57f8b0b44cfe78854fcafb9dc9c12d90e32da372312983099ad1bc0f178
+  metadata.gz: 21dc0ea4001940fffbf43b581315b2e20337f869b9e8722d824b8d90fe30e37e
+  data.tar.gz: 9bc652359e629859f89b7f834a31f93371f3a30b243c750d76baff85b1f3c91d
 SHA512:
-  metadata.gz: 8cca39349fd73368a2738487dcd381f74b89ee5e328896996ecae90d6a9efac624942f4387c015a4ee9ea9b6bb46c56109f94051b0c12e507d8ccb9374367f49
-  data.tar.gz: 418ab173a9e06206d330b32fda55e42238c24d5e4c20227df4073a215c4fc709d4d8f270352a0267b1e2eed47f95ba20e8b3abef5d37a6696a08c4ba1f91208e
+  metadata.gz: 1387ae679d92f01f1bf8009319f6ebd82db3e2c5bb2edc720ffcabed443be538e50cdf212853e6a593afe8e64bfdef48870925a268bc1ea4769446124a6bcf80
+  data.tar.gz: ceff9213f82e10d6ccb40435bd955c4f988cbf153b256a837dbdca23c100d82d812b5e623a742bfa41e6fb3f1b6fefb915318b623046cfd1ec0b356b1ab1821c

data/lib/dependabot/cargo/file_fetcher.rb CHANGED Viewed

@@ -144,7 +144,7 @@ module Dependabot
             next unless details.is_a?(Hash)
             next unless details["path"]
-            paths << File.join(details["path"], "Cargo.toml")
+            paths << File.join(details["path"], "Cargo.toml").delete_prefix("/")
           end
         end
@@ -155,7 +155,7 @@ module Dependabot
               next unless details.is_a?(Hash)
               next unless details["path"]
-              paths << File.join(details["path"], "Cargo.toml")
+              paths << File.join(details["path"], "Cargo.toml").delete_prefix("/")
             end
           end
         end

data/lib/dependabot/cargo/file_parser.rb CHANGED Viewed

@@ -56,6 +56,8 @@ module Dependabot
         raise Dependabot::DependencyFileNotEvaluatable, msg
       end
+      # rubocop:disable Metrics/AbcSize
+      # rubocop:disable Metrics/CyclomaticComplexity
       # rubocop:disable Metrics/PerceivedComplexity
       def manifest_dependencies
         dependency_set = DependencySet.new
@@ -79,10 +81,21 @@ module Dependabot
               end
             end
           end
+          workspace = parsed_file(file).fetch("workspace", {})
+          workspace.fetch("dependencies", {}).each do |name, requirement|
+            next unless name == name_from_declaration(name, requirement)
+            next if lockfile && !version_from_lockfile(name, requirement)
+            dependency_set <<
+              build_dependency(name, requirement, "workspace.dependencies", file)
+          end
         end
         dependency_set
       end
+      # rubocop:enable Metrics/AbcSize
+      # rubocop:enable Metrics/CyclomaticComplexity
       # rubocop:enable Metrics/PerceivedComplexity
       def build_dependency(name, requirement, type, file)

data/lib/dependabot/cargo/file_updater/lockfile_updater.rb CHANGED Viewed

@@ -14,9 +14,9 @@ module Dependabot
         LOCKFILE_ENTRY_REGEX = /
           \[\[package\]\]\n
           (?:(?!^\[(\[package|metadata)).)+
-        /mx.freeze
+        /mx
-        LOCKFILE_CHECKSUM_REGEX = /^"checksum .*$/.freeze
+        LOCKFILE_CHECKSUM_REGEX = /^"checksum .*$/
         def initialize(dependencies:, dependency_files:, credentials:)
           @dependencies = dependencies

data/lib/dependabot/cargo/requirement.rb CHANGED Viewed

@@ -16,7 +16,7 @@ module Dependabot
       version_pattern = Cargo::Version::VERSION_PATTERN
       PATTERN_RAW = "\\s*(#{quoted})?\\s*(#{version_pattern})\\s*"
-      PATTERN = /\A#{PATTERN_RAW}\z/.freeze
+      PATTERN = /\A#{PATTERN_RAW}\z/
       # Use Cargo::Version rather than Gem::Version to ensure that
       # pre-release versions aren't transformed.
@@ -33,7 +33,7 @@ module Dependabot
         [matches[1] || "=", Cargo::Version.new(matches[2])]
       end
-      # For consistency with other langauges, we define a requirements array.
+      # For consistency with other languages, we define a requirements array.
       # Rust doesn't have an `OR` separator for requirements, so it always
       # contains a single element.
       def self.requirements_array(requirement_string)

data/lib/dependabot/cargo/update_checker/requirements_updater.rb CHANGED Viewed

@@ -16,7 +16,7 @@ module Dependabot
       class RequirementsUpdater
         class UnfixableRequirement < StandardError; end
-        VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-*]+)*/.freeze
+        VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-*]+)*/
         ALLOWED_UPDATE_STRATEGIES =
           %i(bump_versions bump_versions_if_necessary).freeze

data/lib/dependabot/cargo/update_checker/version_resolver.rb CHANGED Viewed

@@ -11,15 +11,12 @@ module Dependabot
   module Cargo
     class UpdateChecker
       class VersionResolver
-        UNABLE_TO_UPDATE =
-          /Unable to update (?<url>.*?)$/.freeze
-        BRANCH_NOT_FOUND_REGEX =
-          /#{UNABLE_TO_UPDATE}.*to find branch `(?<branch>[^`]+)`/m.freeze
-        REVSPEC_PATTERN = /revspec '.*' not found/.freeze
-        OBJECT_PATTERN = /object not found - no match for id \(.*\)/.freeze
-        REF_NOT_FOUND_REGEX =
-          /#{UNABLE_TO_UPDATE}.*(#{REVSPEC_PATTERN}|#{OBJECT_PATTERN})/m.freeze
-        GIT_REF_NOT_FOUND_REGEX = /Updating git repository `(?<url>[^`]*)`.*fatal: couldn't find remote ref/m.freeze
+        UNABLE_TO_UPDATE = /Unable to update (?<url>.*?)$/
+        BRANCH_NOT_FOUND_REGEX = /#{UNABLE_TO_UPDATE}.*to find branch `(?<branch>[^`]+)`/m
+        REVSPEC_PATTERN = /revspec '.*' not found/
+        OBJECT_PATTERN = /object not found - no match for id \(.*\)/
+        REF_NOT_FOUND_REGEX = /#{UNABLE_TO_UPDATE}.*(#{REVSPEC_PATTERN}|#{OBJECT_PATTERN})/m
+        GIT_REF_NOT_FOUND_REGEX = /Updating git repository `(?<url>[^`]*)`.*fatal: couldn't find remote ref/m
         def initialize(dependency:, credentials:,
                        original_dependency_files:, prepared_dependency_files:)
@@ -188,6 +185,7 @@ module Dependabot
           end
           if error.message.include?("authenticate when downloading repo") ||
+             # TODO: stop catching this 200 error: https://github.com/dependabot/dependabot-core/pull/5332#discussion_r936888624
              error.message.include?("HTTP 200 response: got 401") ||
              error.message.include?("fatal: Authentication failed for")
             # Check all dependencies for reachability (so that we raise a

data/lib/dependabot/cargo/version.rb CHANGED Viewed

@@ -13,7 +13,7 @@ module Dependabot
       VERSION_PATTERN = '[0-9]+(?>\.[0-9a-zA-Z]+)*' \
                         '(-[0-9A-Za-z-]+(\.[0-9a-zA-Z-]+)*)?' \
                         '(\+[0-9a-zA-Z]+(\.[0-9a-zA-Z]+)*)?'
-      ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/.freeze
+      ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/
       def initialize(version)
         @version_string = version.to_s

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-cargo
 version: !ruby/object:Gem::Version
-  version: 0.212.0
+  version: 0.213.0
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-09-06 00:00:00.000000000 Z
+date: 2022-10-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,42 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.212.0
+        version: 0.213.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.212.0
-- !ruby/object:Gem::Dependency
-  name: debase
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 0.2.3
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 0.2.3
-- !ruby/object:Gem::Dependency
-  name: debase-ruby_core_source
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 0.10.16
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 0.10.16
+        version: 0.213.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -86,14 +58,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.12.0
+        version: 3.13.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.12.0
+        version: 3.13.0
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -142,42 +114,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.36.0
+        version: 1.37.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.36.0
+        version: 1.37.1
 - !ruby/object:Gem::Dependency
   name: rubocop-performance
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.14.2
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 1.14.2
-- !ruby/object:Gem::Dependency
-  name: ruby-debug-ide
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 0.7.3
+        version: 1.15.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.7.3
+        version: 1.15.0
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -281,14 +239,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.7.0
+      version: 3.1.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.7.0
+      version: 3.1.0
 requirements: []
-rubygems_version: 3.1.6
+rubygems_version: 3.3.7
 signing_key:
 specification_version: 4
 summary: Rust (Cargo) support for dependabot