dependabot-cargo 0.274.0 → 0.275.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2945e58734607a384051ddc9f19ad47bf0a67b72282a478bf7462bebf25d1d76
-  data.tar.gz: 1fbb4aaba97763753a0586ddca9b87b83aca1f261a498699ae1edaf7dbe9d23f
+  metadata.gz: 88ead33a9ecc42b00e85c742c721796a698ca447ce43d893a29afa39300a4fc5
+  data.tar.gz: 52248ac1890611b456d2efe0c33b9c8a255924fd1c6143a977e82339b2261af5
 SHA512:
-  metadata.gz: 6f22328785324830260cb43fd048877b6c041ff998c4f3f489bae15a6201478b76d36d44fffca9861eadedcc83689f18e0146ce8fab97e80556cc5398a4ff023
-  data.tar.gz: 381fd7dec3cfdaea17cbc0b3c21cc5c344de1f66ac2762c54a0d867c050165bd882e3ac9964937fcc92a78dc59274163b0cfe32656c7fee36b158ffdac836035
+  metadata.gz: cd6070b4b328b36b5490d9f33067bfcf72a94afaed9484fed5ae7197330954d4dfa5bb3ac7a3bfdee01f8084688e9aabd2652c4b99271f89c612a402b841e96e
+  data.tar.gz: 3738e3502eacc7c1ccd6fd1df0facc57a0d0026027c0092831c1d146146a1a33131324f419ea0a6993f47e052235e0646c37ada41d37e8d4462e9c2df7786a95

data/lib/dependabot/cargo/file_fetcher.rb

@@ -146,7 +146,13 @@ module Dependabot
                 file: fetched_file,
                 previously_fetched_files: previously_fetched_files
               )
-            [fetched_file, *grandchild_requirement_files]
+
+            # If this path dependency file is a workspace member that inherits from
+            # its root workspace, we search for the root to include it so Cargo can
+            # resolve the path dependency file manifest properly.
+            root = find_workspace_root(fetched_file, file) if workspace_member?(parsed_file(fetched_file))
+
+            [fetched_file, *grandchild_requirement_files, root]
           rescue Dependabot::DependencyFileNotFound
             next unless required_path?(file, path)
 
@@ -218,6 +224,64 @@ module Dependabot
         paths
       end
 
+      # See if this Cargo manifest inherits any property from a workspace
+      # (e.g. edition = { workspace = true }).
+      def workspace_member?(hash)
+        hash.each do |key, value|
+          if key == "workspace" && value == true
+            return true
+          elsif value.is_a?(Hash)
+            return workspace_member?(value)
+          end
+        end
+        false
+      end
+
+      # Find workspace root of this workspace member, first via package.workspace
+      # manifest key if present, otherwise resort to searching parent directories
+      # up till the repository root.
+      #
+      # original_manifest used for providing a useful error message.
+      sig do
+        params(workspace_member: Dependabot::DependencyFile,
+               original_manifest: Dependabot::DependencyFile).returns(T.nilable(Dependabot::DependencyFile))
+      end
+      def find_workspace_root(workspace_member, original_manifest)
+        current_dir = workspace_member.name.rpartition("/").first
+
+        workspace_root_dir = parsed_file(workspace_member).dig("package", "workspace")
+        unless workspace_root_dir.nil?
+          workspace_root = fetch_file_from_host(
+            File.join(current_dir, workspace_root_dir, "Cargo.toml"),
+            fetch_submodules: true
+          )
+          return workspace_root if parsed_file(workspace_root)["workspace"]
+
+          msg = "Could not resolve workspace root for path dependency " \
+                "#{workspace_member.path} of #{original_manifest.path}"
+          raise Dependabot::DependencyFileNotEvaluatable, msg
+        end
+
+        parent_dirs = current_dir.scan("/").length - 1
+        while parent_dirs >= 0
+          current_dir = File.join(current_dir, "..")
+          begin
+            parent_manifest = fetch_file_from_host(
+              File.join(current_dir, "Cargo.toml"),
+              fetch_submodules: true
+            )
+            return parent_manifest if parsed_file(parent_manifest)["workspace"]
+          rescue Dependabot::DependencyFileNotFound
+            # Cargo.toml not found in this parent, keep searching up
+          end
+          parent_dirs -= 1
+        end
+
+        msg = "Could not resolve workspace root for path dependency " \
+              "#{workspace_member.path} of #{original_manifest.path}"
+        raise Dependabot::DependencyFileNotEvaluatable, msg
+      end
+
       def workspace_dependency_paths_from_file(file)
         if parsed_file(file)["workspace"] &&
            !parsed_file(file)["workspace"].key?("members")

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-cargo
 version: !ruby/object:Gem::Version
-  version: 0.274.0
+  version: 0.275.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-09-05 00:00:00.000000000 Z
+date: 2024-09-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.274.0
+        version: 0.275.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.274.0
+        version: 0.275.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -263,7 +263,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.274.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.275.0
 post_install_message: 
 rdoc_options: []
 require_paths: