dependabot-cargo 0.381.0 → 0.382.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 51d4f61feae4b16e9007ba3a114ca34893d7232eb3786c88b9333917f064db35
|
|
4
|
+
data.tar.gz: 3ce4da7afe9eb34a9adf4db1a1a6e4f8d9cfe7f77e2ea116eae2c05aedca4341
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9c2eec9ce3b6ccea662a43c7576ba823ebde9156e36bcb0a5dc36e06b3da125e2caa7961b329e6bed364675249f8b084127c4b1c53b2a1e00a1b6a163cb9c604
|
|
7
|
+
data.tar.gz: 642f355d2a781ef02157dc33fabde13f5fbedca6ff7ec198a6d7b7575d320796b41c837b245f1d448bc0ea9117b1088fb5a4a38f1b7bde42e31d08e3f25da2f1
|
|
@@ -64,7 +64,7 @@ module Dependabot
|
|
|
64
64
|
updated_content
|
|
65
65
|
end
|
|
66
66
|
|
|
67
|
-
sig { params(requirements: T.nilable(T::Array[
|
|
67
|
+
sig { params(requirements: T.nilable(T::Array[Dependabot::DependencyRequirement])).returns(T.nilable(String)) }
|
|
68
68
|
def find_workspace_requirement(requirements)
|
|
69
69
|
requirements&.find { |r| r[:groups]&.include?("workspace.dependencies") }
|
|
70
70
|
&.fetch(:requirement)
|
|
@@ -50,7 +50,7 @@ module Dependabot
|
|
|
50
50
|
|
|
51
51
|
# Parses a pre-commit Rust additional_dependency string.
|
|
52
52
|
# Formats: "package_name:version", "cli:package_name:version"
|
|
53
|
-
sig { params(dep_string: String).returns(T.nilable(T::Hash[Symbol, T.
|
|
53
|
+
sig { params(dep_string: String).returns(T.nilable(T::Hash[Symbol, T.nilable(String)])) }
|
|
54
54
|
def self.parse_dep_string(dep_string)
|
|
55
55
|
stripped = dep_string.strip
|
|
56
56
|
return nil if stripped.empty?
|
|
@@ -88,14 +88,16 @@ module Dependabot
|
|
|
88
88
|
)
|
|
89
89
|
end
|
|
90
90
|
|
|
91
|
-
sig { override.returns(T::Array[
|
|
91
|
+
sig { override.returns(T::Array[Dependabot::DependencyRequirement]) }
|
|
92
92
|
def updated_requirements
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
93
|
+
wrap_requirements(
|
|
94
|
+
RequirementsUpdater.new(
|
|
95
|
+
requirements: dependency.requirements,
|
|
96
|
+
updated_source: updated_source,
|
|
97
|
+
target_version: target_version,
|
|
98
|
+
update_strategy: requirements_update_strategy
|
|
99
|
+
).updated_requirements
|
|
100
|
+
)
|
|
99
101
|
end
|
|
100
102
|
|
|
101
103
|
sig { override.returns(T::Boolean) }
|
|
@@ -108,8 +110,12 @@ module Dependabot
|
|
|
108
110
|
# If passed in as an option (in the base class) honour that option
|
|
109
111
|
return @requirements_update_strategy if @requirements_update_strategy
|
|
110
112
|
|
|
111
|
-
#
|
|
112
|
-
|
|
113
|
+
# Cargo resolves to the newest compatible version and a bare version is a
|
|
114
|
+
# caret-equivalent (compatible) requirement, so only raise the requirement
|
|
115
|
+
# when it doesn't already allow the new version. Avoids needless churn and
|
|
116
|
+
# MSRV bumps.
|
|
117
|
+
# https://doc.rust-lang.org/cargo/reference/specifying-dependencies.html#caret-requirements
|
|
118
|
+
RequirementsUpdateStrategy::BumpVersionsIfNecessary
|
|
113
119
|
end
|
|
114
120
|
|
|
115
121
|
private
|
|
@@ -132,13 +138,12 @@ module Dependabot
|
|
|
132
138
|
# present in other areas
|
|
133
139
|
return unless preferred_resolvable_version
|
|
134
140
|
|
|
135
|
-
|
|
141
|
+
# No lockfile: target the latest version. With one: the resolvable version.
|
|
142
|
+
no_lockfile? ? latest_version&.to_s : preferred_resolvable_version.to_s
|
|
136
143
|
end
|
|
137
144
|
|
|
138
145
|
sig { returns(T::Boolean) }
|
|
139
|
-
def
|
|
140
|
-
# If it has a lockfile, treat it as an application. Otherwise treat it
|
|
141
|
-
# as a library.
|
|
146
|
+
def no_lockfile?
|
|
142
147
|
dependency_files.none? { |f| f.name == "Cargo.lock" }
|
|
143
148
|
end
|
|
144
149
|
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-cargo
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.382.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.382.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.382.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: debug
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -266,7 +266,7 @@ licenses:
|
|
|
266
266
|
- MIT
|
|
267
267
|
metadata:
|
|
268
268
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
269
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
269
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.382.0
|
|
270
270
|
rdoc_options: []
|
|
271
271
|
require_paths:
|
|
272
272
|
- lib
|