dependabot-cargo 0.246.0 → 0.247.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/cargo/file_fetcher.rb +4 -4
  3. data/lib/dependabot/cargo/update_checker/latest_version_finder.rb +14 -1
  4. data/lib/dependabot/cargo/update_checker/requirements_updater.rb +16 -5
  5. data/lib/dependabot/cargo/update_checker.rb +4 -3
  6. metadata +19 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: cd168fc7b44a8cdec31d77ed2dd743cec23ec961c40cffa4369109eb3bc1f8e2
4
- data.tar.gz: bc41641e7d4ed98d8fe89e313d08ea5456f431f721733d91548a7190f0695b39
3
+ metadata.gz: e26960512a782b8d3fb39ceab669647f4ef8b95e86b4c2e4472f6a04cf9c47d2
4
+ data.tar.gz: 8cbb82ddbfcd0c27d00decd5c4d4d3550d23dba5d2c3b2dc8273ab46812fbd32
5
5
  SHA512:
6
- metadata.gz: 237b5831076f63fd17295d8a90e5a43c530349917be2dcd597575336b7dd0e03fc7347e5b4ff9bf1e0f26c3f2cbdd8d7a9b96e6382f3ea5bf5239fa9ca39b7e5
7
- data.tar.gz: 5aab89a380e61dd894da9079213dea6a292513c00cb926d1b6c0fb01933cd68571f23aff8db84a231684bce4d76ddc78f943e727b2128230eee163e85e00633b
6
+ metadata.gz: efb823315833ba89a79ea8146f688a75076735054c9dd8f7d79178894de56c745385811bdef24b61f4fa8180c355358b353fb74f24e57d6629c87c4c18cd8d85
7
+ data.tar.gz: 56837eb8876162aad943a8d80661adf29cdd273cad2124675670f9ce263adf41780696d14bc1a96432007acbaf8453e058c53b5633131c11a15112a76a397447
data/lib/dependabot/cargo/file_fetcher.rb CHANGED
@@ -1,4 +1,4 @@
1
- # typed: false
1
+ # typed: true
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "pathname"
@@ -84,7 +84,7 @@ module Dependabot
84
84
 
85
85
  def path_dependency_files(fetched_files)
86
86
  @path_dependency_files ||= {}
87
- fetched_path_dependency_files = []
87
+ fetched_path_dependency_files = T.let([], T::Array[Dependabot::DependencyFile])
88
88
  fetched_files.each do |file|
89
89
  @path_dependency_files[file.name] ||=
90
90
  fetch_path_dependency_files(
@@ -171,7 +171,7 @@ module Dependabot
171
171
 
172
172
  # rubocop:enable Metrics/PerceivedComplexity
173
173
  def path_dependency_paths_from_file(file)
174
- paths = []
174
+ paths = T.let([], T::Array[String])
175
175
 
176
176
  workspace = parsed_file(file).fetch("workspace", {})
177
177
  Cargo::FileParser::DEPENDENCY_TYPES.each do |type|
@@ -300,7 +300,7 @@ module Dependabot
300
300
  def expand_workspaces(path)
301
301
  path = Pathname.new(path).cleanpath.to_path
302
302
  dir = directory.gsub(%r{(^/|/$)}, "")
303
- unglobbed_path = path.split("*").first.gsub(%r{(?<=/)[^/]*$}, "")
303
+ unglobbed_path = T.must(path.split("*").first).gsub(%r{(?<=/)[^/]*$}, "")
304
304
 
305
305
  repo_contents(dir: unglobbed_path, raise_errors: false)
306
306
  .select { |file| file.type == "dir" }
data/lib/dependabot/cargo/update_checker/latest_version_finder.rb CHANGED
@@ -5,11 +5,14 @@ require "excon"
5
5
  require "dependabot/cargo/update_checker"
6
6
  require "dependabot/update_checkers/version_filters"
7
7
  require "dependabot/registry_client"
8
+ require "sorbet-runtime"
8
9
 
9
10
  module Dependabot
10
11
  module Cargo
11
12
  class UpdateChecker
12
13
  class LatestVersionFinder
14
+ extend T::Sig
15
+
13
16
  def initialize(dependency:, dependency_files:, credentials:,
14
17
  ignored_versions:, raise_on_ignored: false,
15
18
  security_advisories:)
@@ -52,12 +55,18 @@ module Dependabot
52
55
  versions.min
53
56
  end
54
57
 
58
+ sig { params(versions_array: T::Array[Gem::Version]).returns(T::Array[Gem::Version]) }
55
59
  def filter_prerelease_versions(versions_array)
56
60
  return versions_array if wants_prerelease?
57
61
 
58
- versions_array.reject(&:prerelease?)
62
+ filtered = versions_array.reject(&:prerelease?)
63
+ if versions_array.count > filtered.count
64
+ Dependabot.logger.info("Filtered out #{versions_array.count - filtered.count} pre-release versions")
65
+ end
66
+ filtered
59
67
  end
60
68
 
69
+ sig { params(versions_array: T::Array[Gem::Version]).returns(T::Array[Gem::Version]) }
61
70
  def filter_ignored_versions(versions_array)
62
71
  filtered = versions_array
63
72
  .reject { |v| ignore_requirements.any? { |r| r.satisfied_by?(v) } }
@@ -65,6 +74,10 @@ module Dependabot
65
74
  raise Dependabot::AllVersionsIgnored
66
75
  end
67
76
 
77
+ if versions_array.count > filtered.count
78
+ Dependabot.logger.info("Filtered out #{versions_array.count - filtered.count} ignored versions")
79
+ end
80
+
68
81
  filtered
69
82
  end
70
83
 
data/lib/dependabot/cargo/update_checker/requirements_updater.rb CHANGED
@@ -7,19 +7,30 @@
7
7
  # - https://steveklabnik.github.io/semver/semver/index.html #
8
8
  ################################################################################
9
9
 
10
+ require "sorbet-runtime"
11
+
10
12
  require "dependabot/cargo/update_checker"
11
13
  require "dependabot/cargo/requirement"
12
14
  require "dependabot/cargo/version"
15
+ require "dependabot/requirements_update_strategy"
13
16
 
14
17
  module Dependabot
15
18
  module Cargo
16
19
  class UpdateChecker
17
20
  class RequirementsUpdater
21
+ extend T::Sig
22
+
18
23
  class UnfixableRequirement < StandardError; end
19
24
 
20
25
  VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-*]+)*/
21
- ALLOWED_UPDATE_STRATEGIES =
22
- %i(lockfile_only bump_versions bump_versions_if_necessary).freeze
26
+ ALLOWED_UPDATE_STRATEGIES = T.let(
27
+ [
28
+ RequirementsUpdateStrategy::LockfileOnly,
29
+ RequirementsUpdateStrategy::BumpVersions,
30
+ RequirementsUpdateStrategy::BumpVersionsIfNecessary
31
+ ].freeze,
32
+ T::Array[Dependabot::RequirementsUpdateStrategy]
33
+ )
23
34
 
24
35
  def initialize(requirements:, updated_source:, update_strategy:,
25
36
  target_version:)
@@ -35,7 +46,7 @@ module Dependabot
35
46
  end
36
47
 
37
48
  def updated_requirements
38
- return requirements if update_strategy == :lockfile_only
49
+ return requirements if update_strategy == RequirementsUpdateStrategy::LockfileOnly
39
50
 
40
51
  # NOTE: Order is important here. The FileUpdater needs the updated
41
52
  # requirement at index `i` to correspond to the previous requirement
@@ -45,8 +56,8 @@ module Dependabot
45
56
  next req unless target_version
46
57
  next req if req[:requirement].nil?
47
58
 
48
- # TODO: Add a widen_ranges options
49
- if update_strategy == :bump_versions_if_necessary
59
+ # TODO: Add a RequirementsUpdateStrategy::WidenRanges options
60
+ if update_strategy == RequirementsUpdateStrategy::BumpVersionsIfNecessary
50
61
  update_version_requirement_if_needed(req)
51
62
  else
52
63
  update_version_requirement(req)
data/lib/dependabot/cargo/update_checker.rb CHANGED
@@ -2,6 +2,7 @@
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "dependabot/git_commit_checker"
5
+ require "dependabot/requirements_update_strategy"
5
6
  require "dependabot/update_checkers"
6
7
  require "dependabot/update_checkers/base"
7
8
 
@@ -77,15 +78,15 @@ module Dependabot
77
78
  end
78
79
 
79
80
  def requirements_unlocked_or_can_be?
80
- requirements_update_strategy != :lockfile_only
81
+ requirements_update_strategy != RequirementsUpdateStrategy::LockfileOnly
81
82
  end
82
83
 
83
84
  def requirements_update_strategy
84
85
  # If passed in as an option (in the base class) honour that option
85
- return @requirements_update_strategy.to_sym if @requirements_update_strategy
86
+ return @requirements_update_strategy if @requirements_update_strategy
86
87
 
87
88
  # Otherwise, widen ranges for libraries and bump versions for apps
88
- library? ? :bump_versions_if_necessary : :bump_versions
89
+ library? ? RequirementsUpdateStrategy::BumpVersionsIfNecessary : RequirementsUpdateStrategy::BumpVersions
89
90
  end
90
91
 
91
92
  private
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-cargo
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.246.0
4
+ version: 0.247.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-03-01 00:00:00.000000000 Z
11
+ date: 2024-03-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.246.0
19
+ version: 0.247.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.246.0
26
+ version: 0.247.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -136,6 +136,20 @@ dependencies:
136
136
  - - "~>"
137
137
  - !ruby/object:Gem::Version
138
138
  version: 1.19.0
139
+ - !ruby/object:Gem::Dependency
140
+ name: rubocop-rspec
141
+ requirement: !ruby/object:Gem::Requirement
142
+ requirements:
143
+ - - "~>"
144
+ - !ruby/object:Gem::Version
145
+ version: 2.27.1
146
+ type: :development
147
+ prerelease: false
148
+ version_requirements: !ruby/object:Gem::Requirement
149
+ requirements:
150
+ - - "~>"
151
+ - !ruby/object:Gem::Version
152
+ version: 2.27.1
139
153
  - !ruby/object:Gem::Dependency
140
154
  name: rubocop-sorbet
141
155
  requirement: !ruby/object:Gem::Requirement
@@ -247,7 +261,7 @@ licenses:
247
261
  - Nonstandard
248
262
  metadata:
249
263
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
250
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.246.0
264
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.247.0
251
265
  post_install_message:
252
266
  rdoc_options: []
253
267
  require_paths: