dependabot-cargo 0.246.0 → 0.247.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e26960512a782b8d3fb39ceab669647f4ef8b95e86b4c2e4472f6a04cf9c47d2
|
|
4
|
+
data.tar.gz: 8cbb82ddbfcd0c27d00decd5c4d4d3550d23dba5d2c3b2dc8273ab46812fbd32
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: efb823315833ba89a79ea8146f688a75076735054c9dd8f7d79178894de56c745385811bdef24b61f4fa8180c355358b353fb74f24e57d6629c87c4c18cd8d85
|
|
7
|
+
data.tar.gz: 56837eb8876162aad943a8d80661adf29cdd273cad2124675670f9ce263adf41780696d14bc1a96432007acbaf8453e058c53b5633131c11a15112a76a397447
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: true
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "pathname"
|
|
@@ -84,7 +84,7 @@ module Dependabot
|
|
|
84
84
|
|
|
85
85
|
def path_dependency_files(fetched_files)
|
|
86
86
|
@path_dependency_files ||= {}
|
|
87
|
-
fetched_path_dependency_files = []
|
|
87
|
+
fetched_path_dependency_files = T.let([], T::Array[Dependabot::DependencyFile])
|
|
88
88
|
fetched_files.each do |file|
|
|
89
89
|
@path_dependency_files[file.name] ||=
|
|
90
90
|
fetch_path_dependency_files(
|
|
@@ -171,7 +171,7 @@ module Dependabot
|
|
|
171
171
|
|
|
172
172
|
# rubocop:enable Metrics/PerceivedComplexity
|
|
173
173
|
def path_dependency_paths_from_file(file)
|
|
174
|
-
paths = []
|
|
174
|
+
paths = T.let([], T::Array[String])
|
|
175
175
|
|
|
176
176
|
workspace = parsed_file(file).fetch("workspace", {})
|
|
177
177
|
Cargo::FileParser::DEPENDENCY_TYPES.each do |type|
|
|
@@ -300,7 +300,7 @@ module Dependabot
|
|
|
300
300
|
def expand_workspaces(path)
|
|
301
301
|
path = Pathname.new(path).cleanpath.to_path
|
|
302
302
|
dir = directory.gsub(%r{(^/|/$)}, "")
|
|
303
|
-
unglobbed_path = path.split("*").first.gsub(%r{(?<=/)[^/]*$}, "")
|
|
303
|
+
unglobbed_path = T.must(path.split("*").first).gsub(%r{(?<=/)[^/]*$}, "")
|
|
304
304
|
|
|
305
305
|
repo_contents(dir: unglobbed_path, raise_errors: false)
|
|
306
306
|
.select { |file| file.type == "dir" }
|
|
@@ -5,11 +5,14 @@ require "excon"
|
|
|
5
5
|
require "dependabot/cargo/update_checker"
|
|
6
6
|
require "dependabot/update_checkers/version_filters"
|
|
7
7
|
require "dependabot/registry_client"
|
|
8
|
+
require "sorbet-runtime"
|
|
8
9
|
|
|
9
10
|
module Dependabot
|
|
10
11
|
module Cargo
|
|
11
12
|
class UpdateChecker
|
|
12
13
|
class LatestVersionFinder
|
|
14
|
+
extend T::Sig
|
|
15
|
+
|
|
13
16
|
def initialize(dependency:, dependency_files:, credentials:,
|
|
14
17
|
ignored_versions:, raise_on_ignored: false,
|
|
15
18
|
security_advisories:)
|
|
@@ -52,12 +55,18 @@ module Dependabot
|
|
|
52
55
|
versions.min
|
|
53
56
|
end
|
|
54
57
|
|
|
58
|
+
sig { params(versions_array: T::Array[Gem::Version]).returns(T::Array[Gem::Version]) }
|
|
55
59
|
def filter_prerelease_versions(versions_array)
|
|
56
60
|
return versions_array if wants_prerelease?
|
|
57
61
|
|
|
58
|
-
versions_array.reject(&:prerelease?)
|
|
62
|
+
filtered = versions_array.reject(&:prerelease?)
|
|
63
|
+
if versions_array.count > filtered.count
|
|
64
|
+
Dependabot.logger.info("Filtered out #{versions_array.count - filtered.count} pre-release versions")
|
|
65
|
+
end
|
|
66
|
+
filtered
|
|
59
67
|
end
|
|
60
68
|
|
|
69
|
+
sig { params(versions_array: T::Array[Gem::Version]).returns(T::Array[Gem::Version]) }
|
|
61
70
|
def filter_ignored_versions(versions_array)
|
|
62
71
|
filtered = versions_array
|
|
63
72
|
.reject { |v| ignore_requirements.any? { |r| r.satisfied_by?(v) } }
|
|
@@ -65,6 +74,10 @@ module Dependabot
|
|
|
65
74
|
raise Dependabot::AllVersionsIgnored
|
|
66
75
|
end
|
|
67
76
|
|
|
77
|
+
if versions_array.count > filtered.count
|
|
78
|
+
Dependabot.logger.info("Filtered out #{versions_array.count - filtered.count} ignored versions")
|
|
79
|
+
end
|
|
80
|
+
|
|
68
81
|
filtered
|
|
69
82
|
end
|
|
70
83
|
|
|
@@ -7,19 +7,30 @@
|
|
|
7
7
|
# - https://steveklabnik.github.io/semver/semver/index.html #
|
|
8
8
|
################################################################################
|
|
9
9
|
|
|
10
|
+
require "sorbet-runtime"
|
|
11
|
+
|
|
10
12
|
require "dependabot/cargo/update_checker"
|
|
11
13
|
require "dependabot/cargo/requirement"
|
|
12
14
|
require "dependabot/cargo/version"
|
|
15
|
+
require "dependabot/requirements_update_strategy"
|
|
13
16
|
|
|
14
17
|
module Dependabot
|
|
15
18
|
module Cargo
|
|
16
19
|
class UpdateChecker
|
|
17
20
|
class RequirementsUpdater
|
|
21
|
+
extend T::Sig
|
|
22
|
+
|
|
18
23
|
class UnfixableRequirement < StandardError; end
|
|
19
24
|
|
|
20
25
|
VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-*]+)*/
|
|
21
|
-
ALLOWED_UPDATE_STRATEGIES =
|
|
22
|
-
|
|
26
|
+
ALLOWED_UPDATE_STRATEGIES = T.let(
|
|
27
|
+
[
|
|
28
|
+
RequirementsUpdateStrategy::LockfileOnly,
|
|
29
|
+
RequirementsUpdateStrategy::BumpVersions,
|
|
30
|
+
RequirementsUpdateStrategy::BumpVersionsIfNecessary
|
|
31
|
+
].freeze,
|
|
32
|
+
T::Array[Dependabot::RequirementsUpdateStrategy]
|
|
33
|
+
)
|
|
23
34
|
|
|
24
35
|
def initialize(requirements:, updated_source:, update_strategy:,
|
|
25
36
|
target_version:)
|
|
@@ -35,7 +46,7 @@ module Dependabot
|
|
|
35
46
|
end
|
|
36
47
|
|
|
37
48
|
def updated_requirements
|
|
38
|
-
return requirements if update_strategy ==
|
|
49
|
+
return requirements if update_strategy == RequirementsUpdateStrategy::LockfileOnly
|
|
39
50
|
|
|
40
51
|
# NOTE: Order is important here. The FileUpdater needs the updated
|
|
41
52
|
# requirement at index `i` to correspond to the previous requirement
|
|
@@ -45,8 +56,8 @@ module Dependabot
|
|
|
45
56
|
next req unless target_version
|
|
46
57
|
next req if req[:requirement].nil?
|
|
47
58
|
|
|
48
|
-
# TODO: Add a
|
|
49
|
-
if update_strategy ==
|
|
59
|
+
# TODO: Add a RequirementsUpdateStrategy::WidenRanges options
|
|
60
|
+
if update_strategy == RequirementsUpdateStrategy::BumpVersionsIfNecessary
|
|
50
61
|
update_version_requirement_if_needed(req)
|
|
51
62
|
else
|
|
52
63
|
update_version_requirement(req)
|
|
@@ -2,6 +2,7 @@
|
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "dependabot/git_commit_checker"
|
|
5
|
+
require "dependabot/requirements_update_strategy"
|
|
5
6
|
require "dependabot/update_checkers"
|
|
6
7
|
require "dependabot/update_checkers/base"
|
|
7
8
|
|
|
@@ -77,15 +78,15 @@ module Dependabot
|
|
|
77
78
|
end
|
|
78
79
|
|
|
79
80
|
def requirements_unlocked_or_can_be?
|
|
80
|
-
requirements_update_strategy !=
|
|
81
|
+
requirements_update_strategy != RequirementsUpdateStrategy::LockfileOnly
|
|
81
82
|
end
|
|
82
83
|
|
|
83
84
|
def requirements_update_strategy
|
|
84
85
|
# If passed in as an option (in the base class) honour that option
|
|
85
|
-
return @requirements_update_strategy
|
|
86
|
+
return @requirements_update_strategy if @requirements_update_strategy
|
|
86
87
|
|
|
87
88
|
# Otherwise, widen ranges for libraries and bump versions for apps
|
|
88
|
-
library? ?
|
|
89
|
+
library? ? RequirementsUpdateStrategy::BumpVersionsIfNecessary : RequirementsUpdateStrategy::BumpVersions
|
|
89
90
|
end
|
|
90
91
|
|
|
91
92
|
private
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-cargo
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.247.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-03-
|
|
11
|
+
date: 2024-03-14 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.247.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.247.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -136,6 +136,20 @@ dependencies:
|
|
|
136
136
|
- - "~>"
|
|
137
137
|
- !ruby/object:Gem::Version
|
|
138
138
|
version: 1.19.0
|
|
139
|
+
- !ruby/object:Gem::Dependency
|
|
140
|
+
name: rubocop-rspec
|
|
141
|
+
requirement: !ruby/object:Gem::Requirement
|
|
142
|
+
requirements:
|
|
143
|
+
- - "~>"
|
|
144
|
+
- !ruby/object:Gem::Version
|
|
145
|
+
version: 2.27.1
|
|
146
|
+
type: :development
|
|
147
|
+
prerelease: false
|
|
148
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
149
|
+
requirements:
|
|
150
|
+
- - "~>"
|
|
151
|
+
- !ruby/object:Gem::Version
|
|
152
|
+
version: 2.27.1
|
|
139
153
|
- !ruby/object:Gem::Dependency
|
|
140
154
|
name: rubocop-sorbet
|
|
141
155
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -247,7 +261,7 @@ licenses:
|
|
|
247
261
|
- Nonstandard
|
|
248
262
|
metadata:
|
|
249
263
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
250
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
264
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.247.0
|
|
251
265
|
post_install_message:
|
|
252
266
|
rdoc_options: []
|
|
253
267
|
require_paths:
|