dependabot-cargo 0.275.0 → 0.276.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 88ead33a9ecc42b00e85c742c721796a698ca447ce43d893a29afa39300a4fc5
-  data.tar.gz: 52248ac1890611b456d2efe0c33b9c8a255924fd1c6143a977e82339b2261af5
+  metadata.gz: c3da05094e1f13927a7c26aed56c5267bb605ad2a5abec28cbfef40512491ec7
+  data.tar.gz: 30593eb84b807669d60be403bea3e1fbb6cda755c139bb6e2c62629b5a4eba32
 SHA512:
-  metadata.gz: cd6070b4b328b36b5490d9f33067bfcf72a94afaed9484fed5ae7197330954d4dfa5bb3ac7a3bfdee01f8084688e9aabd2652c4b99271f89c612a402b841e96e
-  data.tar.gz: 3738e3502eacc7c1ccd6fd1df0facc57a0d0026027c0092831c1d146146a1a33131324f419ea0a6993f47e052235e0646c37ada41d37e8d4462e9c2df7786a95
+  metadata.gz: 47499e0d269f7c334443716302a796bbbad554116f8ee9c3c6f0b09e073354e200405b7c21e413f6e491f197f71fe117cc4e3b87392c132ab6e58d764402b408
+  data.tar.gz: 855a03795e16ab9f59fd8f4fcd61ed3e8cf37297c02509d55ec57b86656b9f5a58437c09eddc1f4911f93c6792b5b51bd57f37dc0d137796e502d41ee9f6190f

data/lib/dependabot/cargo/file_fetcher.rb

@@ -146,13 +146,7 @@ module Dependabot
                 file: fetched_file,
                 previously_fetched_files: previously_fetched_files
               )
-
-            # If this path dependency file is a workspace member that inherits from
-            # its root workspace, we search for the root to include it so Cargo can
-            # resolve the path dependency file manifest properly.
-            root = find_workspace_root(fetched_file, file) if workspace_member?(parsed_file(fetched_file))
-
-            [fetched_file, *grandchild_requirement_files, root]
+            [fetched_file, *grandchild_requirement_files]
           rescue Dependabot::DependencyFileNotFound
             next unless required_path?(file, path)
 
@@ -224,64 +218,6 @@ module Dependabot
         paths
       end
 
-      # See if this Cargo manifest inherits any property from a workspace
-      # (e.g. edition = { workspace = true }).
-      def workspace_member?(hash)
-        hash.each do |key, value|
-          if key == "workspace" && value == true
-            return true
-          elsif value.is_a?(Hash)
-            return workspace_member?(value)
-          end
-        end
-        false
-      end
-
-      # Find workspace root of this workspace member, first via package.workspace
-      # manifest key if present, otherwise resort to searching parent directories
-      # up till the repository root.
-      #
-      # original_manifest used for providing a useful error message.
-      sig do
-        params(workspace_member: Dependabot::DependencyFile,
-               original_manifest: Dependabot::DependencyFile).returns(T.nilable(Dependabot::DependencyFile))
-      end
-      def find_workspace_root(workspace_member, original_manifest)
-        current_dir = workspace_member.name.rpartition("/").first
-
-        workspace_root_dir = parsed_file(workspace_member).dig("package", "workspace")
-        unless workspace_root_dir.nil?
-          workspace_root = fetch_file_from_host(
-            File.join(current_dir, workspace_root_dir, "Cargo.toml"),
-            fetch_submodules: true
-          )
-          return workspace_root if parsed_file(workspace_root)["workspace"]
-
-          msg = "Could not resolve workspace root for path dependency " \
-                "#{workspace_member.path} of #{original_manifest.path}"
-          raise Dependabot::DependencyFileNotEvaluatable, msg
-        end
-
-        parent_dirs = current_dir.scan("/").length - 1
-        while parent_dirs >= 0
-          current_dir = File.join(current_dir, "..")
-          begin
-            parent_manifest = fetch_file_from_host(
-              File.join(current_dir, "Cargo.toml"),
-              fetch_submodules: true
-            )
-            return parent_manifest if parsed_file(parent_manifest)["workspace"]
-          rescue Dependabot::DependencyFileNotFound
-            # Cargo.toml not found in this parent, keep searching up
-          end
-          parent_dirs -= 1
-        end
-
-        msg = "Could not resolve workspace root for path dependency " \
-              "#{workspace_member.path} of #{original_manifest.path}"
-        raise Dependabot::DependencyFileNotEvaluatable, msg
-      end
-
       def workspace_dependency_paths_from_file(file)
         if parsed_file(file)["workspace"] &&
            !parsed_file(file)["workspace"].key?("members")

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-cargo
 version: !ruby/object:Gem::Version
-  version: 0.275.0
+  version: 0.276.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-09-12 00:00:00.000000000 Z
+date: 2024-09-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.275.0
+        version: 0.276.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.275.0
+        version: 0.276.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -263,7 +263,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.275.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.276.0
 post_install_message: 
 rdoc_options: []
 require_paths: