cargo: dependabot's cargo toml parser fails, but the toml is valid and accepted by cargo

[cbeck88]

Package manager/ecosystem cargo

Manifest contents prior to update The file in question is:

[package]
name = "mc-sgx-epid-types"
version = "1.0.0"
authors = ["MobileCoin"]
description = "EPID FFI types for Intel SGX SDK."
readme = "README.md"
edition = "2018"

[features]
default = ["use_serde", "use_prost"]
use_serde = [
    "serde",
    "mc-sgx-core-types/use_serde",
    "mc-util-repr-bytes/serde"
]
use_prost = [
    "bytes",
    "prost",
    "mc-sgx-core-types/use_prost",
    "mc-util-repr-bytes/prost"
]

[dependencies]
mc-util-encodings = { path = "../../util/encodings" }
mc-util-from-random = { path = "../../util/from-random" }
mc-util-repr-bytes = { path = "../../util/repr-bytes", default-features = false, features = ["alloc"] }
mc-sgx-core-types = { path = "../core-types", default-features = false }
mc-sgx-core-types-sys = { path = "../core-types-sys" }
mc-sgx-epid-types-sys = { path = "../epid-types-sys" }

base64 = "0.12"
bytes = { version = "0.5", optional = true , default-features = false}
hex = "0.4"
hex_fmt = "0.3"
prost = { version = "0.6.1", optional = true, default-features = false }
rand_core = "0.5"
serde = { version = "1.0", optional = true, default-features = false, features = ["alloc", "derive"] }
subtle = { version = "2.2", default-features = false, features = ["i128"] }

[dev-dependencies]
bincode = "1.2"
rand_hc = "0.2"

https://github.com/mobilecoinofficial/mobilecoin/blob/20f701b8289ea0fe0df1c63e0aa433e60c853fdb/sgx/epid-types/Cargo.toml#L1

What you expected to see, versus what you actually saw

cargo accepts our cargo.toml file and builds our project fine, but dependabot fails without a clear explanation: dependabot fails to run in our repository, reporting an error:

 Dependabot can't parse your Cargo.toml

Dependabot couldn't parse the Cargo.toml found at /sgx/epid-types/Cargo.toml.

The error Dependabot encountered was:

Dependabot::DependencyFileNotParseable

The dependabot log shows:

  proxy | 2020/09/24 06:40:58 [108] GET https://api.github.com:443/repos/mobilecoinofficial/mobilecoin/contents/sgx/epid-sys/Cargo.toml?ref=91202afac9ea1f983b05b4acf2617a379ff70b87
  proxy | 2020/09/24 06:40:58 * authenticating github api request
  proxy | 2020/09/24 06:40:58 [108] 200 https://api.github.com:443/repos/mobilecoinofficial/mobilecoin/contents/sgx/epid-sys/Cargo.toml?ref=91202afac9ea1f983b05b4acf2617a379ff70b87
  proxy | 2020/09/24 06:40:58 [110] GET https://api.github.com:443/repos/mobilecoinofficial/mobilecoin/contents/sgx/epid-types/Cargo.toml?ref=91202afac9ea1f983b05b4acf2617a379ff70b87
  proxy | 2020/09/24 06:40:58 * authenticating github api request
  proxy | 2020/09/24 06:40:58 [110] 200 https://api.github.com:443/repos/mobilecoinofficial/mobilecoin/contents/sgx/epid-types/Cargo.toml?ref=91202afac9ea1f983b05b4acf2617a379ff70b87
updater | ERROR <job_63390675> Error during file fetching; aborting
updater | INFO <job_63390675> Finished job processing
updater | time="2020-09-24T06:40:59Z" level=info msg="task complete" container_id=job-63390675-file-fetcher exit_code=0 job_id=63390675 step=fetcher
updater | time="2020-09-24T06:40:59Z" level=warning msg="failed during fetch, skipping updater" job_id=63390675

Ideally: (1) dependabot would parse our file (2) dependabot would give a more specific explanation of why parsing failed, like a line / character number at which it didn't accept the toml. otherwise it's hard to act on this from our end

[cbeck88]

this was triaged by running the dependabot parser "citrus.rb" locally, see here: https://github.com/mobilecoinofficial/mobilecoin/pull/512

it would be great if dependabot can forward the error message from the parser library that it is using, to the user of dependabot

[jakecoffman]

I can't reproduce this error, I think I fixed this upstream earlier this year: https://github.com/emancu/toml-rb/pull/138

Let me know if you're still having issues.