search

dependabot / dependabot-core

🤖 Dependabot's core logic for creating update PRs.
https://docs.github.com/en/code-security/dependabot
MIT License
4.71k stars 1.02k forks source link

Rust: "Dependabot can't parse your Cargo.toml" error triggered by Cargo `[lints]` table #10453

Open kpreid opened 2 months ago

kpreid commented 2 months ago

Is there an existing issue for this?

Package ecosystem

Cargo

Package manager version

cargo 1.80.1 (376290515 2024-07-16)

Language version

rustc 1.80.1 (3f5fd8dd4 2024-08-06)

Manifest location and content before the Dependabot update

Reduced Cargo.toml test case, tested at the root of a repo:

[package]
name = "problem"

[lints]
clippy.should_panic_without_expect = "deny"
clippy.pedantic = { level = "warn", priority = -1 }

I uploaded this to https://github.com/kpreid/dependabot-investigation.

dependabot.yml content

version: 2
updates:
  - package-ecosystem: "cargo"
    directory: "/"
    schedule:
      interval: "weekly"
      time: "17:00"
      timezone: "America/Los_Angeles"
    versioning-strategy: "auto"

Updated dependency

No response

What you expected to see, versus what you actually saw

The file is valid according to Cargo, but Dependabot fails to parse the file. It gives no line number or other detail in the log, only:

updater | 2024/08/16 04:52:09 ERROR <job_870136100> Error during file fetching; aborting: /Cargo.toml not parseable
  proxy | 2024/08/16 04:52:10 [008] POST /update_jobs/870136100/record_update_job_error
  proxy | 2024/08/16 04:52:10 [008] 204 /update_jobs/870136100/record_update_job_error
  proxy | 2024/08/16 04:52:10 [010] PATCH /update_jobs/870136100/mark_as_processed
  proxy | 2024/08/16 04:52:10 [010] 204 /update_jobs/870136100/mark_as_processed
updater | 2024/08/16 04:52:10 INFO <job_870136100> Finished job processing
updater | 2024/08/16 04:52:10 INFO Results:
Dependabot encountered '1' error(s) during execution, please check the logs for more details.
+-------------------------------+
|            Errors             |
+-------------------------------+
| dependency_file_not_parseable |
+-------------------------------+

Native package manager behavior

The problem is not with updating, but with reading the file at all. Cargo accepts this Cargo.toml file.

Images of the diff or a link to the PR, issue, or logs

No response

Smallest manifest that reproduces the issue

No response

Jefffrey commented 2 months ago

Bug in upstream toml-rb parser: https://github.com/emancu/toml-rb/issues/151

4br3mm0rd commented 1 month ago

Hey! From what I understand with the issue in toml-rb, and from what I tested, you can fix your toml file like the following (in the meantime, until they fix the issue):

[package]
name = "problem"

[lints]
clippy.pedantic = { level = "warn", priority = -1 }
clippy.should_panic_without_expect = "deny"