dependabot-cargo 0.97.9 → 0.97.10

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9f8504969ef14a1912a358df0cd5ef27be3209a364ba3583e6f210d80cf72c26
-  data.tar.gz: e16f585171445aafa6ada273282e1f1474546547da5fec6ef878cd8bf151f00e
+  metadata.gz: 59b6dd47e9bcb8b7f5ffa761808e10703f1b9996aece15c537d3907e09f63b2e
+  data.tar.gz: cbbaf03f6eaa0b860e619458449fe5e23971b54b3e37b64ba6a0480245da251f
 SHA512:
-  metadata.gz: f3becd423c2b6bdd6442c6777b3802b1564517c33b676a45a124fe775c6f24a0c3afd9dd5a1beaddc03e567bf2186b1dcc8e42ba015f3b60f01952f6c6afa70a
-  data.tar.gz: 74b489ae8b171290d44a86fae20e3eaf291fad3ffe2dffa58c0a5847c8868361d64ede87d7fbb2c2e8e9aa0b928e4c4095332fc12648314486cb7fe14e315704
+  metadata.gz: b3b1fb432e3e02bf90cee0119e3555ad81b8aa999bb9007d80acf30608bfc666b1b10007d6edfb8a52b73bdc99a9a55f63b2b28a8f4d2b6a65649e170bcafdfc
+  data.tar.gz: a530c5f26bc81fa62584e5d5d247959c148c2442a06dbeb5e0140c589113cbe39ee99f4a769e61a2035ed16b6a3a95213b8076e65d5d8c290b532b987af97901

data/lib/dependabot/cargo/file_updater/lockfile_updater.rb

@@ -13,6 +13,13 @@ module Dependabot
   module Cargo
     class FileUpdater
       class LockfileUpdater
+        LOCKFILE_ENTRY_REGEX = /
+          \[\[package\]\]\n
+          (?:(?!^\[(\[package|metadata)).)+
+        /mx.freeze
+
+        LOCKFILE_CHECKSUM_REGEX = /^"checksum .*$/.freeze
+
         def initialize(dependencies:, dependency_files:, credentials:)
           @dependencies = dependencies
           @dependency_files = dependency_files
@@ -240,6 +247,7 @@ module Dependabot
         def post_process_lockfile(content)
           git_ssh_requirements_to_swap.each do |ssh_url, https_url|
             content = content.gsub(https_url, ssh_url)
+            content = remove_duplicate_lockfile_entries(content)
           end
 
           content
@@ -267,6 +275,36 @@ module Dependabot
           @git_ssh_requirements_to_swap
         end
 
+        def remove_duplicate_lockfile_entries(lockfile_content)
+          # Loop through the lockfile entries looking for duplicates. Replace
+          # any that are found
+          lockfile_entries = []
+          lockfile_content.scan(LOCKFILE_ENTRY_REGEX) do
+            lockfile_entries << Regexp.last_match.to_s
+          end
+          lockfile_entries.
+            select { |e| lockfile_entries.count(e) > 1 }.uniq.
+            each do |entry|
+              (lockfile_entries.count(entry) - 1).
+                times { lockfile_content = lockfile_content.sub(entry, "") }
+            end
+
+          # Loop through the lockfile checksums looking for duplicates. Replace
+          # any that are found
+          lockfile_checksums = []
+          lockfile_content.scan(LOCKFILE_CHECKSUM_REGEX) do
+            lockfile_checksums << Regexp.last_match.to_s
+          end
+          lockfile_checksums.
+            select { |e| lockfile_checksums.count(e) > 1 }.uniq.
+            each do |cs|
+              (lockfile_checksums.count(cs) - 1).
+                times { lockfile_content = lockfile_content.sub("\n#{cs}", "") }
+            end
+
+          lockfile_content
+        end
+
         def dummy_app_content
           %{fn main() {\nprintln!("Hello, world!");\n}}
         end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-cargo
 version: !ruby/object:Gem::Version
-  version: 0.97.9
+  version: 0.97.10
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-03-14 00:00:00.000000000 Z
+date: 2019-03-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.97.9
+        version: 0.97.10
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.97.9
+        version: 0.97.10
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement