dependabot-core 0.80.1 → 0.81.0

data/lib/dependabot/file_updaters/rust/cargo/manifest_updater.rb

@@ -1,162 +0,0 @@
-# frozen_string_literal: true
-
-require "dependabot/file_updaters/rust/cargo"
-
-module Dependabot
-  module FileUpdaters
-    module Rust
-      class Cargo
-        class ManifestUpdater
-          def initialize(dependencies:, manifest:)
-            @dependencies = dependencies
-            @manifest = manifest
-          end
-
-          def updated_manifest_content
-            dependencies.
-              select { |dep| requirement_changed?(manifest, dep) }.
-              reduce(manifest.content.dup) do |content, dep|
-                updated_content = content
-
-                updated_content = update_requirements(
-                  content: updated_content,
-                  filename: manifest.name,
-                  dependency: dep
-                )
-
-                updated_content = update_git_pin(
-                  content: updated_content,
-                  filename: manifest.name,
-                  dependency: dep
-                )
-
-                if content == updated_content
-                  raise "Expected content to change!"
-                end
-
-                updated_content
-              end
-          end
-
-          private
-
-          attr_reader :dependencies, :manifest
-
-          def requirement_changed?(file, dependency)
-            changed_requirements =
-              dependency.requirements - dependency.previous_requirements
-
-            changed_requirements.any? { |f| f[:file] == file.name }
-          end
-
-          def update_requirements(content:, filename:, dependency:)
-            updated_content = content.dup
-
-            # The UpdateChecker ensures the order of requirements is preserved
-            # when updating, so we can zip them together in new/old pairs.
-            reqs = dependency.requirements.
-                   zip(dependency.previous_requirements).
-                   reject { |new_req, old_req| new_req == old_req }
-
-            # Loop through each changed requirement
-            reqs.each do |new_req, old_req|
-              raise "Bad req match" unless new_req[:file] == old_req[:file]
-              next if new_req[:requirement] == old_req[:requirement]
-              next unless new_req[:file] == filename
-
-              updated_content = update_manifest_req(
-                content: updated_content,
-                dep: dependency,
-                old_req: old_req.fetch(:requirement),
-                new_req: new_req.fetch(:requirement)
-              )
-            end
-
-            updated_content
-          end
-
-          def update_git_pin(content:, filename:, dependency:)
-            updated_pin =
-              dependency.requirements.
-              find { |r| r[:file] == filename }&.
-              dig(:source, :ref)
-
-            old_pin =
-              dependency.previous_requirements.
-              find { |r| r[:file] == filename }&.
-              dig(:source, :ref)
-
-            return content unless old_pin
-
-            update_manifest_pin(
-              content: content,
-              dep: dependency,
-              old_pin: old_pin,
-              new_pin: updated_pin
-            )
-          end
-
-          def update_manifest_req(content:, dep:, old_req:, new_req:)
-            simple_declaration = content.scan(declaration_regex(dep)).
-                                 find { |m| m.include?(old_req) }
-
-            if simple_declaration
-              content.gsub(simple_declaration) do |line|
-                line.gsub(old_req, new_req)
-              end
-            elsif content.match?(feature_declaration_version_regex(dep))
-              content.gsub(feature_declaration_version_regex(dep)) do |part|
-                line = content.match(feature_declaration_version_regex(dep)).
-                       named_captures.fetch("version_declaration")
-                new_line = line.gsub(old_req, new_req)
-                part.gsub(line, new_line)
-              end
-            else
-              content
-            end
-          end
-
-          def update_manifest_pin(content:, dep:, old_pin:, new_pin:)
-            simple_declaration = content.scan(declaration_regex(dep)).
-                                 find { |m| m.include?(old_pin) }
-
-            if simple_declaration
-              content.gsub(simple_declaration) do |line|
-                line.gsub(old_pin, new_pin)
-              end
-            elsif content.match?(feature_declaration_pin_regex(dep))
-              content.gsub(feature_declaration_pin_regex(dep)) do |part|
-                line = content.match(feature_declaration_pin_regex(dep)).
-                       named_captures.fetch("pin_declaration")
-                new_line = line.gsub(old_pin, new_pin)
-                part.gsub(line, new_line)
-              end
-            else
-              content
-            end
-          end
-
-          def declaration_regex(dep)
-            /(?:^|["'])#{Regexp.escape(dep.name)}["']?\s*=.*$/i
-          end
-
-          def feature_declaration_version_regex(dep)
-            /
-              #{Regexp.quote("dependencies.#{dep.name}]")}
-              (?:(?!^\[).)+
-              (?<version_declaration>version\s*=[^\[]*)$
-            /mx
-          end
-
-          def feature_declaration_pin_regex(dep)
-            /
-              #{Regexp.quote("dependencies.#{dep.name}]")}
-              (?:(?!^\[).)+
-              (?<pin_declaration>(?:tag|rev)\s*=[^\[]*)$
-            /mx
-          end
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/metadata_finders/rust/cargo.rb

@@ -1,64 +0,0 @@
-# frozen_string_literal: true
-
-require "excon"
-require "dependabot/metadata_finders/base"
-require "dependabot/shared_helpers"
-
-module Dependabot
-  module MetadataFinders
-    module Rust
-      class Cargo < Dependabot::MetadataFinders::Base
-        SOURCE_KEYS = %w(repository homepage documentation).freeze
-
-        private
-
-        def look_up_source
-          case new_source_type
-          when "default" then find_source_from_crates_listing
-          when "git" then find_source_from_git_url
-          else raise "Unexpected source type: #{new_source_type}"
-          end
-        end
-
-        def new_source_type
-          sources =
-            dependency.requirements.map { |r| r.fetch(:source) }.uniq.compact
-
-          return "default" if sources.empty?
-          raise "Multiple sources! #{sources.join(', ')}" if sources.count > 1
-
-          sources.first[:type] || sources.first.fetch("type")
-        end
-
-        def find_source_from_crates_listing
-          potential_source_urls =
-            SOURCE_KEYS.
-            map { |key| crates_listing.dig("crate", key) }.
-            compact
-
-          source_url = potential_source_urls.find { |url| Source.from_url(url) }
-          Source.from_url(source_url)
-        end
-
-        def find_source_from_git_url
-          info = dependency.requirements.map { |r| r[:source] }.compact.first
-
-          url = info[:url] || info.fetch("url")
-          Source.from_url(url)
-        end
-
-        def crates_listing
-          return @crates_listing unless @crates_listing.nil?
-
-          response = Excon.get(
-            "https://crates.io/api/v1/crates/#{dependency.name}",
-            idempotent: true,
-            **SharedHelpers.excon_defaults
-          )
-
-          @crates_listing = JSON.parse(response.body)
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/update_checkers/rust/cargo.rb

@@ -1,282 +0,0 @@
-# frozen_string_literal: true
-
-require "excon"
-require "dependabot/git_commit_checker"
-require "dependabot/update_checkers/base"
-
-module Dependabot
-  module UpdateCheckers
-    module Rust
-      class Cargo < Dependabot::UpdateCheckers::Base
-        require_relative "cargo/requirements_updater"
-        require_relative "cargo/version_resolver"
-        require_relative "cargo/file_preparer"
-
-        def latest_version
-          return if path_dependency?
-
-          @latest_version =
-            if git_dependency?
-              latest_version_for_git_dependency
-            elsif git_subdependency?
-              # TODO: Dependabot can't update git sub-dependencies yet, because
-              # they can't be passed to GitCommitChecker.
-              nil
-            else
-              versions = available_versions
-              versions.reject!(&:prerelease?) unless wants_prerelease?
-              versions.reject! do |v|
-                ignore_reqs.any? { |r| r.satisfied_by?(v) }
-              end
-              versions.max
-            end
-        end
-
-        def latest_resolvable_version
-          return if path_dependency?
-
-          @latest_resolvable_version ||=
-            if git_dependency?
-              latest_resolvable_version_for_git_dependency
-            elsif git_subdependency?
-              # TODO: Dependabot can't update git sub-dependencies yet, because
-              # they can't be passed to GitCommitChecker.
-              nil
-            else
-              fetch_latest_resolvable_version(unlock_requirement: true)
-            end
-        end
-
-        def latest_resolvable_version_with_no_unlock
-          return if path_dependency?
-
-          @latest_resolvable_version_with_no_unlock ||=
-            if git_dependency?
-              latest_resolvable_commit_with_unchanged_git_source
-            else
-              fetch_latest_resolvable_version(unlock_requirement: false)
-            end
-        end
-
-        def updated_requirements
-          RequirementsUpdater.new(
-            requirements: dependency.requirements,
-            updated_source: updated_source,
-            latest_resolvable_version: latest_resolvable_version&.to_s,
-            latest_version: latest_version&.to_s,
-            library: library?,
-            update_strategy: requirement_update_strategy
-          ).updated_requirements
-        end
-
-        private
-
-        def latest_version_resolvable_with_full_unlock?
-          # Full unlock checks aren't implemented for Rust (yet)
-          false
-        end
-
-        def updated_dependencies_after_full_unlock
-          raise NotImplementedError
-        end
-
-        def library?
-          # If it has a lockfile, treat it as an application. Otherwise treat it
-          # as a library.
-          dependency_files.none? { |f| f.name == "Cargo.lock" }
-        end
-
-        def requirement_update_strategy
-          library? ? :bump_versions_if_necessary : :bump_versions
-        end
-
-        def latest_version_for_git_dependency
-          latest_git_version_sha
-        end
-
-        def latest_git_version_sha
-          # If the gem isn't pinned, the latest version is just the latest
-          # commit for the specified branch.
-          unless git_commit_checker.pinned?
-            return git_commit_checker.head_commit_for_current_branch
-          end
-
-          # If the dependency is pinned to a tag that looks like a version then
-          # we want to update that tag. The latest version will then be the SHA
-          # of the latest tag that looks like a version.
-          if git_commit_checker.pinned_ref_looks_like_version?
-            latest_tag = git_commit_checker.local_tag_for_latest_version
-            return latest_tag&.fetch(:commit_sha) || dependency.version
-          end
-
-          # If the dependency is pinned to a tag that doesn't look like a
-          # version then there's nothing we can do.
-          dependency.version
-        end
-
-        def latest_resolvable_version_for_git_dependency
-          # If the gem isn't pinned, the latest version is just the latest
-          # commit for the specified branch.
-          unless git_commit_checker.pinned?
-            return latest_resolvable_commit_with_unchanged_git_source
-          end
-
-          # If the dependency is pinned to a tag that looks like a version then
-          # we want to update that tag. The latest version will then be the SHA
-          # of the latest tag that looks like a version.
-          if git_commit_checker.pinned_ref_looks_like_version? &&
-             latest_git_tag_is_resolvable?
-            new_tag = git_commit_checker.local_tag_for_latest_version
-            return new_tag.fetch(:commit_sha)
-          end
-
-          # If the dependency is pinned then there's nothing we can do.
-          dependency.version
-        end
-
-        def latest_git_tag_is_resolvable?
-          return @git_tag_resolvable if @latest_git_tag_is_resolvable_checked
-
-          @latest_git_tag_is_resolvable_checked = true
-
-          return false if git_commit_checker.local_tag_for_latest_version.nil?
-
-          replacement_tag = git_commit_checker.local_tag_for_latest_version
-
-          prepared_files = FilePreparer.new(
-            dependency_files: dependency_files,
-            dependency: dependency,
-            unlock_requirement: true,
-            replacement_git_pin: replacement_tag.fetch(:tag)
-          ).prepared_dependency_files
-
-          VersionResolver.new(
-            dependency: dependency,
-            prepared_dependency_files: prepared_files,
-            original_dependency_files: dependency_files,
-            credentials: credentials
-          ).latest_resolvable_version
-          @git_tag_resolvable = true
-        rescue SharedHelpers::HelperSubprocessFailed => error
-          raise error unless error.message.include?("versions conflict")
-
-          @git_tag_resolvable = false
-        end
-
-        def latest_resolvable_commit_with_unchanged_git_source
-          fetch_latest_resolvable_version(unlock_requirement: false)
-        rescue SharedHelpers::HelperSubprocessFailed => error
-          # Resolution may fail, as Cargo updates straight to the tip of the
-          # branch. Just return `nil` if it does (so no update).
-          return if error.message.include?("versions conflict")
-
-          raise error
-        end
-
-        def fetch_latest_resolvable_version(unlock_requirement:)
-          prepared_files = FilePreparer.new(
-            dependency_files: dependency_files,
-            dependency: dependency,
-            unlock_requirement: unlock_requirement,
-            latest_allowable_version: latest_version
-          ).prepared_dependency_files
-
-          VersionResolver.new(
-            dependency: dependency,
-            prepared_dependency_files: prepared_files,
-            original_dependency_files: dependency_files,
-            credentials: credentials
-          ).latest_resolvable_version
-        end
-
-        def updated_source
-          # Never need to update source, unless a git_dependency
-          return dependency_source_details unless git_dependency?
-
-          # Update the git tag if updating a pinned version
-          if git_commit_checker.pinned_ref_looks_like_version? &&
-             latest_git_tag_is_resolvable?
-            new_tag = git_commit_checker.local_tag_for_latest_version
-            return dependency_source_details.merge(ref: new_tag.fetch(:tag))
-          end
-
-          # Otherwise return the original source
-          dependency_source_details
-        end
-
-        def dependency_source_details
-          sources =
-            dependency.requirements.map { |r| r.fetch(:source) }.uniq.compact
-
-          raise "Multiple sources! #{sources.join(', ')}" if sources.count > 1
-
-          sources.first
-        end
-
-        def wants_prerelease?
-          if dependency.version &&
-             version_class.new(dependency.version).prerelease?
-            return true
-          end
-
-          dependency.requirements.any? do |req|
-            reqs = (req.fetch(:requirement) || "").split(",").map(&:strip)
-            reqs.any? { |r| r.match?(/[A-Za-z]/) }
-          end
-        end
-
-        def available_versions
-          crates_listing.
-            fetch("versions", []).
-            reject { |v| v["yanked"] }.
-            map { |v| version_class.new(v.fetch("num")) }
-        end
-
-        def git_dependency?
-          git_commit_checker.git_dependency?
-        end
-
-        def git_subdependency?
-          return false if dependency.top_level?
-
-          !version_class.correct?(dependency.version)
-        end
-
-        def path_dependency?
-          sources = dependency.requirements.
-                    map { |r| r.fetch(:source) }.uniq.compact
-
-          raise "Multiple sources! #{sources.join(', ')}" if sources.count > 1
-
-          sources.first&.fetch(:type) == "path"
-        end
-
-        def git_commit_checker
-          @git_commit_checker ||=
-            GitCommitChecker.new(
-              dependency: dependency,
-              credentials: credentials
-            )
-        end
-
-        def crates_listing
-          return @crates_listing unless @crates_listing.nil?
-
-          response = Excon.get(
-            "https://crates.io/api/v1/crates/#{dependency.name}",
-            idempotent: true,
-            **SharedHelpers.excon_defaults
-          )
-
-          @crates_listing = JSON.parse(response.body)
-        rescue Excon::Error::Timeout
-          retrying ||= false
-          raise if retrying
-
-          retrying = true
-          sleep(rand(1.0..5.0)) && retry
-        end
-      end
-    end
-  end
-end