search

renovatebot / renovate

Home of the Renovate CLI: Cross-platform Dependency Automation by Mend.io
https://mend.io/renovate
GNU Affero General Public License v3.0
17.57k stars 2.31k forks source link

cargo replace rangeStrategy leads to in-range updates when "x.y" specified in Cargo.toml #19809

Open tofay opened 1 year ago

tofay commented 1 year ago

How are you running Renovate?

Self-hosted

If you're self-hosting Renovate, tell us what version of Renovate you run.

34.100.1

If you're self-hosting Renovate, select which platform you are using.

Azure DevOps (dev.azure.com)

If you're self-hosting Renovate, tell us what version of the platform you run.

Dev19.M214.1

Was this something which used to work for you, and then stopped?

I never saw this working

Describe the bug

If a dependency version is specified in Cargo.toml as e.g "1.2", version "1.3.0" is available, and the "replace" rangeStrategy is used then renovate will bump the dependency to "1.3" in Cargo.toml.

This is incorrect behaviour, as "1.3.0" is in the range defined by "1.2". I expected renovate to not change Cargo.toml in this case (as it's unnecessarily restricting the semver range).

There is a comment in the relevant renovate code justifying this behaviour by stating that 1.2 in cargo is equivalent to 1.2.* in npm: https://github.com/renovatebot/renovate/blob/84eed321d6e4d553e85727edee3d83c721a4b6e4/lib/modules/versioning/cargo/index.ts#L27

That's incorrect, per https://doc.rust-lang.org/cargo/reference/specifying-dependencies.html#specifying-dependencies-from-cratesio 1.2 is equivalent to >=1.2.0, <2.0.0.

To demonstrate I created a UT with the expected behaviour, but that currently fails, at https://github.com/renovatebot/renovate/compare/main...tofay:renovate:cargo-replace-test.

Relevant debug logs

No response

Have you created a minimal reproduction repository?

No reproduction repository

rbtcollins commented 1 year ago

@rarkins could you please re-open this? The doc comments in the internal API help developers tackle this, but they don't fix the actual bug.

github-actions[bot] commented 1 year ago

Hi there,

Get your issue fixed faster by creating a minimal reproduction. This means a repository dedicated to reproducing this issue with the minimal dependencies and config possible.

Before we start working on your issue we need to know exactly what's causing the current behavior. A minimal reproduction helps us with this.

To get started, please read our guide on creating a minimal reproduction.

We may close the issue if you, or someone else, haven't created a minimal reproduction within two weeks. If you need more time, or are stuck, please ask for help or more time in a comment.

Good luck,

The Renovate team

rbtcollins commented 1 year ago

https://github.com/renovatebot/renovate/compare/main...tofay:renovate:cargo-replace-test has the reproduction required already