dependabot-core 0.80.1 → 0.81.0

data/lib/dependabot/update_checkers/rust/cargo/file_preparer.rb

@@ -1,202 +0,0 @@
-# frozen_string_literal: true
-
-require "toml-rb"
-require "dependabot/dependency_file"
-require "dependabot/file_parsers/rust/cargo"
-require "dependabot/update_checkers/rust/cargo"
-
-module Dependabot
-  module UpdateCheckers
-    module Rust
-      class Cargo
-        # This class takes a set of dependency files and sanitizes them for use
-        # in UpdateCheckers::Rust::Cargo.
-        class FilePreparer
-          def initialize(dependency_files:, dependency:,
-                         unlock_requirement: true,
-                         replacement_git_pin: nil,
-                         latest_allowable_version: nil)
-            @dependency_files         = dependency_files
-            @dependency               = dependency
-            @unlock_requirement       = unlock_requirement
-            @replacement_git_pin      = replacement_git_pin
-            @latest_allowable_version = latest_allowable_version
-          end
-
-          def prepared_dependency_files
-            files = []
-            files += manifest_files.map do |file|
-              DependencyFile.new(
-                name: file.name,
-                content: manifest_content_for_update_check(file),
-                directory: file.directory
-              )
-            end
-            files << lockfile if lockfile
-            files << toolchain if toolchain
-            files
-          end
-
-          private
-
-          attr_reader :dependency_files, :dependency, :replacement_git_pin,
-                      :latest_allowable_version
-
-          def unlock_requirement?
-            @unlock_requirement
-          end
-
-          def replace_git_pin?
-            !replacement_git_pin.nil?
-          end
-
-          def manifest_content_for_update_check(file)
-            content = file.content
-
-            unless file.support_file?
-              content = replace_version_constraint(content, file.name)
-              content = replace_git_pin(content) if replace_git_pin?
-            end
-
-            content = replace_ssh_urls(content)
-
-            content
-          end
-
-          # Note: We don't need to care about formatting in this method, since
-          # we're only using the manifest to find the latest resolvable version
-          def replace_version_constraint(content, filename)
-            parsed_manifest = TomlRB.parse(content)
-
-            FileParsers::Rust::Cargo::DEPENDENCY_TYPES.each do |type|
-              next unless (req = parsed_manifest.dig(type, dependency.name))
-
-              updated_req = temporary_requirement_for_resolution(filename)
-
-              if req.is_a?(Hash)
-                parsed_manifest[type][dependency.name]["version"] = updated_req
-              else
-                parsed_manifest[type][dependency.name] = updated_req
-              end
-            end
-
-            TomlRB.dump(parsed_manifest)
-          end
-
-          def replace_git_pin(content)
-            parsed_manifest = TomlRB.parse(content)
-
-            FileParsers::Rust::Cargo::DEPENDENCY_TYPES.each do |type|
-              next unless (req = parsed_manifest.dig(type, dependency.name))
-              next unless req.is_a?(Hash)
-              next unless [req["tag"], req["rev"]].compact.uniq.count == 1
-
-              if req["tag"]
-                parsed_manifest[type][dependency.name]["tag"] =
-                  replacement_git_pin
-              end
-
-              if req["rev"]
-                parsed_manifest[type][dependency.name]["rev"] =
-                  replacement_git_pin
-              end
-            end
-
-            TomlRB.dump(parsed_manifest)
-          end
-
-          def replace_ssh_urls(content)
-            parsed_manifest = TomlRB.parse(content)
-
-            FileParsers::Rust::Cargo::DEPENDENCY_TYPES.each do |type|
-              (parsed_manifest[type] || {}).each do |_, details|
-                next unless details.is_a?(Hash)
-                next unless details["git"]
-
-                details["git"] = details["git"].
-                                 gsub(%r{ssh://git@(.*?)/}, 'https://\1/')
-              end
-            end
-
-            TomlRB.dump(parsed_manifest)
-          end
-
-          def temporary_requirement_for_resolution(filename)
-            original_req = dependency.requirements.
-                           find { |r| r.fetch(:file) == filename }&.
-                           fetch(:requirement)
-
-            lower_bound_req =
-              if original_req && !unlock_requirement?
-                original_req
-              else
-                ">= #{lower_bound_version}"
-              end
-
-            unless Utils::Rust::Version.correct?(latest_allowable_version) &&
-                   Utils::Rust::Version.new(latest_allowable_version) >=
-                   Utils::Rust::Version.new(lower_bound_version)
-              return lower_bound_req
-            end
-
-            lower_bound_req + ", <= #{latest_allowable_version}"
-          end
-
-          def lower_bound_version
-            @lower_bound_version ||=
-              if git_dependency? && git_dependency_version
-                git_dependency_version
-              elsif !git_dependency? && dependency.version
-                dependency.version
-              else
-                version_from_requirement =
-                  dependency.requirements.map { |r| r.fetch(:requirement) }.
-                  compact.
-                  flat_map { |req_str| Utils::Rust::Requirement.new(req_str) }.
-                  flat_map(&:requirements).
-                  reject { |req_array| req_array.first.start_with?("<") }.
-                  map(&:last).
-                  max&.to_s
-
-                version_from_requirement || 0
-              end
-          end
-
-          def git_dependency_version
-            return unless lockfile
-
-            TomlRB.parse(lockfile.content).
-              fetch("package", []).
-              select { |p| p["name"] == dependency.name }.
-              find { |p| p["source"].end_with?(dependency.version) }.
-              fetch("version")
-          end
-
-          def manifest_files
-            @manifest_files ||=
-              dependency_files.select { |f| f.name.end_with?("Cargo.toml") }
-
-            raise "No Cargo.toml!" if @manifest_files.none?
-
-            @manifest_files
-          end
-
-          def lockfile
-            @lockfile ||= dependency_files.find { |f| f.name == "Cargo.lock" }
-          end
-
-          def toolchain
-            @toolchain ||=
-              dependency_files.find { |f| f.name == "rust-toolchain" }
-          end
-
-          def git_dependency?
-            GitCommitChecker.
-              new(dependency: dependency, credentials: []).
-              git_dependency?
-          end
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/update_checkers/rust/cargo/requirements_updater.rb

@@ -1,175 +0,0 @@
-# frozen_string_literal: true
-
-################################################################################
-# For more details on rust version constraints, see:                           #
-# - https://doc.rust-lang.org/cargo/reference/specifying-dependencies.html     #
-# - https://steveklabnik.github.io/semver/semver/index.html                    #
-################################################################################
-
-require "dependabot/update_checkers/rust/cargo"
-require "dependabot/utils/rust/requirement"
-require "dependabot/utils/rust/version"
-
-module Dependabot
-  module UpdateCheckers
-    module Rust
-      class Cargo
-        class RequirementsUpdater
-          class UnfixableRequirement < StandardError; end
-
-          VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-*]+)*/.freeze
-          ALLOWED_UPDATE_STRATEGIES =
-            %i(bump_versions bump_versions_if_necessary).freeze
-
-          def initialize(requirements:, updated_source:, update_strategy:,
-                         library:, latest_version:, latest_resolvable_version:)
-            @requirements = requirements
-            @updated_source = updated_source
-            @update_strategy = update_strategy
-            @library = library
-
-            check_update_strategy
-
-            if latest_version && version_class.correct?(latest_version)
-              @latest_version = version_class.new(latest_version)
-            end
-
-            return unless latest_resolvable_version
-            return unless version_class.correct?(latest_resolvable_version)
-
-            @latest_resolvable_version =
-              version_class.new(latest_resolvable_version)
-          end
-
-          def updated_requirements
-            # Note: Order is important here. The FileUpdater needs the updated
-            # requirement at index `i` to correspond to the previous requirement
-            # at the same index.
-            requirements.map do |req|
-              req = req.merge(source: updated_source)
-              next req unless latest_resolvable_version
-              next req if req[:requirement].nil?
-
-              # TODO: Add a widen_ranges options
-              if update_strategy == :bump_versions_if_necessary
-                update_version_requirement_if_needed(req)
-              else
-                update_version_requirement(req)
-              end
-            end
-          end
-
-          private
-
-          attr_reader :requirements, :updated_source, :update_strategy,
-                      :latest_version, :latest_resolvable_version
-
-          def library?
-            @library
-          end
-
-          def check_update_strategy
-            return if ALLOWED_UPDATE_STRATEGIES.include?(update_strategy)
-
-            raise "Unknown update strategy: #{update_strategy}"
-          end
-
-          def target_version
-            library? ? latest_version : latest_resolvable_version
-          end
-
-          def update_version_requirement(req)
-            string_reqs = req[:requirement].split(",").map(&:strip)
-
-            new_requirement =
-              if (exact_req = exact_req(string_reqs))
-                # If there's an exact version, just return that
-                # (it will dominate any other requirements)
-                update_version_string(exact_req)
-              elsif (req_to_update = non_range_req(string_reqs)) &&
-                    update_version_string(req_to_update) != req_to_update
-                # If a ~, ^, or * range needs to be updated, just return that
-                # (it will dominate any other requirements)
-                update_version_string(req_to_update)
-              else
-                # Otherwise, we must have a range requirement that needs
-                # updating. Update it, but keep other requirements too
-                update_range_requirements(string_reqs)
-              end
-
-            req.merge(requirement: new_requirement)
-          end
-
-          def update_version_requirement_if_needed(req)
-            string_reqs = req[:requirement].split(",").map(&:strip)
-            ruby_reqs = string_reqs.map { |r| Utils::Rust::Requirement.new(r) }
-
-            return req if ruby_reqs.all? { |r| r.satisfied_by?(target_version) }
-
-            update_version_requirement(req)
-          end
-
-          def update_version_string(req_string)
-            req_string.sub(VERSION_REGEX) do |old_version|
-              # For pre-release versions, just use the full version string
-              next target_version.to_s if old_version.match?(/\d-/)
-
-              old_parts = old_version.split(".")
-              new_parts = target_version.to_s.split(".").
-                          first(old_parts.count)
-              new_parts.map.with_index do |part, i|
-                old_parts[i] == "*" ? "*" : part
-              end.join(".")
-            end
-          end
-
-          def non_range_req(string_reqs)
-            string_reqs.find { |r| r.include?("*") || r.match?(/^[\d~^]/) }
-          end
-
-          def exact_req(string_reqs)
-            string_reqs.find { |r| Utils::Rust::Requirement.new(r).exact? }
-          end
-
-          def update_range_requirements(string_reqs)
-            string_reqs.map do |req|
-              next req unless req.match?(/[<>]/)
-
-              ruby_req = Utils::Rust::Requirement.new(req)
-              next req if ruby_req.satisfied_by?(target_version)
-
-              raise UnfixableRequirement if req.start_with?(">")
-
-              req.sub(VERSION_REGEX) do |old_version|
-                update_greatest_version(old_version, target_version)
-              end
-            end.join(", ")
-          rescue UnfixableRequirement
-            :unfixable
-          end
-
-          def update_greatest_version(old_version, version_to_be_permitted)
-            version = version_class.new(old_version)
-            version = version.release if version.prerelease?
-
-            index_to_update =
-              version.segments.map.with_index { |seg, i| seg.zero? ? 0 : i }.max
-
-            version.segments.map.with_index do |_, index|
-              if index < index_to_update
-                version_to_be_permitted.segments[index]
-              elsif index == index_to_update
-                version_to_be_permitted.segments[index] + 1
-              else 0
-              end
-            end.join(".")
-          end
-
-          def version_class
-            Utils::Rust::Version
-          end
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/update_checkers/rust/cargo/version_resolver.rb

@@ -1,242 +0,0 @@
-# frozen_string_literal: true
-
-require "toml-rb"
-require "dependabot/shared_helpers"
-require "dependabot/file_parsers/rust/cargo"
-require "dependabot/update_checkers/rust/cargo"
-require "dependabot/utils/rust/version"
-require "dependabot/errors"
-
-module Dependabot
-  module UpdateCheckers
-    module Rust
-      class Cargo
-        class VersionResolver
-          BRANCH_NOT_FOUND_REGEX =
-            /failed to find branch `(?<branch>[^`]+)`/.freeze
-
-          def initialize(dependency:, credentials:,
-                         original_dependency_files:, prepared_dependency_files:)
-            @dependency = dependency
-            @prepared_dependency_files = prepared_dependency_files
-            @original_dependency_files = original_dependency_files
-            @credentials = credentials
-          end
-
-          def latest_resolvable_version
-            @latest_resolvable_version ||= fetch_latest_resolvable_version
-          end
-
-          private
-
-          attr_reader :dependency, :credentials,
-                      :prepared_dependency_files, :original_dependency_files
-
-          def fetch_latest_resolvable_version
-            base_directory = prepared_dependency_files.first.directory
-            SharedHelpers.in_a_temporary_directory(base_directory) do
-              write_temporary_dependency_files
-
-              SharedHelpers.with_git_configured(credentials: credentials) do
-                # Shell out to Cargo, which handles everything for us, and does
-                # so without doing an install (so it's fast).
-                command = "cargo update -p #{dependency_spec} --verbose"
-                run_cargo_command(command)
-              end
-
-              new_lockfile_content = File.read("Cargo.lock")
-              updated_version = get_version_from_lockfile(new_lockfile_content)
-
-              return if updated_version.nil?
-              return updated_version if git_dependency?
-
-              version_class.new(updated_version)
-            end
-          rescue SharedHelpers::HelperSubprocessFailed => error
-            handle_cargo_errors(error)
-          end
-
-          def get_version_from_lockfile(lockfile_content)
-            versions = TomlRB.parse(lockfile_content).fetch("package").
-                       select { |p| p["name"] == dependency.name }
-
-            updated_version =
-              if dependency.top_level?
-                versions.max_by { |p| version_class.new(p.fetch("version")) }
-              else
-                versions.min_by { |p| version_class.new(p.fetch("version")) }
-              end
-
-            if git_dependency?
-              updated_version.fetch("source").split("#").last
-            else
-              updated_version.fetch("version")
-            end
-          end
-
-          def dependency_spec
-            spec = dependency.name
-
-            if git_dependency?
-              spec += ":#{git_dependency_version}" if git_dependency_version
-            elsif dependency.version
-              spec += ":#{dependency.version}"
-            end
-
-            spec
-          end
-
-          def run_cargo_command(command)
-            raw_response = nil
-            IO.popen(command, err: %i(child out)) do |process|
-              raw_response = process.read
-            end
-
-            # Raise an error with the output from the shell session if Cargo
-            # returns a non-zero status
-            return if $CHILD_STATUS.success?
-
-            raise SharedHelpers::HelperSubprocessFailed.new(
-              raw_response,
-              command
-            )
-          end
-
-          def write_temporary_dependency_files(prepared: true)
-            write_manifest_files(prepared: prepared)
-
-            File.write(lockfile.name, lockfile.content) if lockfile
-            File.write(toolchain.name, toolchain.content) if toolchain
-          end
-
-          def handle_cargo_errors(error)
-            if error.message.include?("does not have these features")
-              # TODO: Ideally we should update the declaration not to ask
-              # for the specified features
-              return nil
-            end
-
-            if error.message.match?(BRANCH_NOT_FOUND_REGEX)
-              branch = error.message.match(BRANCH_NOT_FOUND_REGEX).
-                       named_captures.fetch("branch")
-              raise Dependabot::BranchNotFound, branch
-            end
-
-            if resolvability_error?(error.message)
-              raise Dependabot::DependencyFileNotResolvable, error.message
-            end
-
-            raise error
-          end
-
-          def resolvability_error?(message)
-            return true if message.include?("failed to parse lock")
-            return true if message.include?("believes it's in a workspace")
-            return true if message.include?("wasn't a root")
-            return true if message.include?("requires a nightly version")
-            return true if message.match?(/feature `[^\`]+` is required/)
-
-            !original_requirements_resolvable?
-          end
-
-          def original_requirements_resolvable?
-            base_directory = original_dependency_files.first.directory
-            SharedHelpers.in_a_temporary_directory(base_directory) do
-              write_temporary_dependency_files(prepared: false)
-
-              SharedHelpers.with_git_configured(credentials: credentials) do
-                command = "cargo update -p #{dependency_spec} --verbose"
-                run_cargo_command(command)
-              end
-            end
-
-            true
-          rescue SharedHelpers::HelperSubprocessFailed => error
-            raise unless error.message.include?("no matching version") ||
-                         error.message.include?("failed to select a version")
-
-            false
-          end
-
-          def write_manifest_files(prepared: true)
-            manifest_files = if prepared then prepared_manifest_files
-                             else original_manifest_files
-                             end
-
-            manifest_files.each do |file|
-              path = file.name
-              dir = Pathname.new(path).dirname
-              FileUtils.mkdir_p(dir)
-              File.write(file.name, sanitized_manifest_content(file.content))
-
-              FileUtils.mkdir_p(File.join(dir, "src"))
-              File.write(File.join(dir, "src/lib.rs"), dummy_app_content)
-              File.write(File.join(dir, "src/main.rs"), dummy_app_content)
-            end
-          end
-
-          def git_dependency_version
-            return unless lockfile
-
-            TomlRB.parse(lockfile.content).
-              fetch("package", []).
-              select { |p| p["name"] == dependency.name }.
-              find { |p| p["source"].end_with?(dependency.version) }.
-              fetch("version")
-          end
-
-          def dummy_app_content
-            %{fn main() {\nprintln!("Hello, world!");\n}}
-          end
-
-          def sanitized_manifest_content(content)
-            object = TomlRB.parse(content)
-
-            package_name = object.dig("package", "name")
-            return content unless package_name&.match?(/[\{\}]/)
-
-            if lockfile
-              raise "Sanitizing name for pkg with lockfile. Investigate!"
-            end
-
-            object["package"]["name"] = "sanitized"
-            TomlRB.dump(object)
-          end
-
-          def prepared_manifest_files
-            @prepared_manifest_files ||=
-              prepared_dependency_files.
-              select { |f| f.name.end_with?("Cargo.toml") }
-          end
-
-          def original_manifest_files
-            @original_manifest_files ||=
-              original_dependency_files.
-              select { |f| f.name.end_with?("Cargo.toml") }
-          end
-
-          def lockfile
-            @lockfile ||= prepared_dependency_files.
-                          find { |f| f.name == "Cargo.lock" }
-          end
-
-          def toolchain
-            @toolchain ||= prepared_dependency_files.
-                           find { |f| f.name == "rust-toolchain" }
-          end
-
-          def git_dependency?
-            GitCommitChecker.new(
-              dependency: dependency,
-              credentials: credentials
-            ).git_dependency?
-          end
-
-          def version_class
-            Utils::Rust::Version
-          end
-        end
-      end
-    end
-  end
-end