From 6e63eac01cccfdef14ed3aca5ed847a464dd371d Mon Sep 17 00:00:00 2001
From: "Alexis (Poliorcetics) Bourget" <alexis.bourget@gmail.com>
Date: Mon, 26 Sep 2022 16:41:15 +0200
Subject: [PATCH 1/2] feat: Add support for `workspace.dependencies` in `cargo`
 1.64.0+

---
 Dockerfile                                    |  2 +-
 cargo/lib/dependabot/cargo/file_parser.rb     | 13 +++++
 .../spec/dependabot/cargo/file_parser_spec.rb | 52 +++++++++++++++++++
 .../fixtures/lockfiles/workspace_dependencies | 25 +++++++++
 .../manifests/workspace_dependencies_child    |  8 +++
 .../manifests/workspace_dependencies_root     |  5 ++
 6 files changed, 104 insertions(+), 1 deletion(-)
 create mode 100644 cargo/spec/fixtures/lockfiles/workspace_dependencies
 create mode 100644 cargo/spec/fixtures/manifests/workspace_dependencies_child
 create mode 100644 cargo/spec/fixtures/manifests/workspace_dependencies_root

diff --git a/Dockerfile b/Dockerfile
index 1130ad7f04..79444b18b1 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -231,7 +231,7 @@ ENV RUSTUP_HOME=/opt/rust \
   PATH="${PATH}:/opt/rust/bin"
 RUN mkdir -p "$RUSTUP_HOME" && chown dependabot:dependabot "$RUSTUP_HOME"
 USER dependabot
-RUN curl https://sh.rustup.rs -sSf | sh -s -- -y --default-toolchain 1.61.0 --profile minimal
+RUN curl https://sh.rustup.rs -sSf | sh -s -- -y --default-toolchain 1.64.0 --profile minimal
 
 
 ### Terraform
diff --git a/cargo/lib/dependabot/cargo/file_parser.rb b/cargo/lib/dependabot/cargo/file_parser.rb
index 2b6fd2a2e1..e29ffb73f4 100644
--- a/cargo/lib/dependabot/cargo/file_parser.rb
+++ b/cargo/lib/dependabot/cargo/file_parser.rb
@@ -56,6 +56,8 @@ def check_rust_workspace_root
         raise Dependabot::DependencyFileNotEvaluatable, msg
       end
 
+      # rubocop:disable Metrics/AbcSize
+      # rubocop:disable Metrics/CyclomaticComplexity
       # rubocop:disable Metrics/PerceivedComplexity
       def manifest_dependencies
         dependency_set = DependencySet.new
@@ -79,10 +81,21 @@ def manifest_dependencies
               end
             end
           end
+
+          workspace = parsed_file(file).fetch("workspace", {})
+          workspace.fetch("dependencies", {}).each do |name, requirement|
+            next unless name == name_from_declaration(name, requirement)
+            next if lockfile && !version_from_lockfile(name, requirement)
+
+            dependency_set <<
+              build_dependency(name, requirement, "workspace.dependencies", file)
+          end
         end
 
         dependency_set
       end
+      # rubocop:enable Metrics/AbcSize
+      # rubocop:enable Metrics/CyclomaticComplexity
       # rubocop:enable Metrics/PerceivedComplexity
 
       def build_dependency(name, requirement, type, file)
diff --git a/cargo/spec/dependabot/cargo/file_parser_spec.rb b/cargo/spec/dependabot/cargo/file_parser_spec.rb
index d1b3676b76..07c17eee1e 100644
--- a/cargo/spec/dependabot/cargo/file_parser_spec.rb
+++ b/cargo/spec/dependabot/cargo/file_parser_spec.rb
@@ -365,6 +365,58 @@
         end
       end
 
+      context "with workspace dependencies" do
+        let(:manifest_fixture_name) { "workspace_dependencies_root" }
+        let(:lockfile_fixture_name) { "workspace_dependencies" }
+        let(:files) do
+          [
+            manifest,
+            lockfile,
+            workspace_child
+          ]
+        end
+        let(:workspace_child) do
+          Dependabot::DependencyFile.new(
+            name: "lib/inherit_ws_dep/Cargo.toml",
+            content: fixture("manifests", "workspace_dependencies_child")
+          )
+        end
+
+        describe "top level dependencies" do
+          subject(:top_level_dependencies) do
+            dependencies.select(&:top_level?)
+          end
+
+          its(:length) { is_expected.to eq(1) }
+
+          describe "the first dependency" do
+            subject(:dependency) { top_level_dependencies.first }
+
+            it "has the right details" do
+              expect(dependency).to be_a(Dependabot::Dependency)
+              expect(dependency.name).to eq("log")
+              expect(dependency.version).to eq("0.4.0")
+              expect(dependency.requirements).to eq(
+                [
+                  {
+                    requirement: "=0.4.0",
+                    file: "Cargo.toml",
+                    groups: ["workspace.dependencies"],
+                    source: nil
+                  },
+                  {
+                    requirement: nil,
+                    file: "lib/inherit_ws_dep/Cargo.toml",
+                    groups: ["dependencies"],
+                    source: nil,
+                  }
+                ]
+              )
+            end
+          end
+        end
+      end
+
       context "with a git dependency" do
         let(:manifest_fixture_name) { "git_dependency" }
 
diff --git a/cargo/spec/fixtures/lockfiles/workspace_dependencies b/cargo/spec/fixtures/lockfiles/workspace_dependencies
new file mode 100644
index 0000000000..ba4f1cb66b
--- /dev/null
+++ b/cargo/spec/fixtures/lockfiles/workspace_dependencies
@@ -0,0 +1,25 @@
+# This file is automatically @generated by Cargo.
+# It is not intended for manual editing.
+version = 3
+
+[[package]]
+name = "cfg-if"
+version = "0.1.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4785bdd1c96b2a846b2bd7cc02e86b6b3dbf14e7e53446c4f54c92a361040822"
+
+[[package]]
+name = "inherit_ws_dep"
+version = "0.1.0"
+dependencies = [
+ "log",
+]
+
+[[package]]
+name = "log"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b3a89a0c46ba789b8a247d4c567aed4d7c68e624672d238b45cc3ec20dc9f940"
+dependencies = [
+ "cfg-if",
+]
diff --git a/cargo/spec/fixtures/manifests/workspace_dependencies_child b/cargo/spec/fixtures/manifests/workspace_dependencies_child
new file mode 100644
index 0000000000..a2247042cc
--- /dev/null
+++ b/cargo/spec/fixtures/manifests/workspace_dependencies_child
@@ -0,0 +1,8 @@
+[package]
+name = "inherit_ws_dep"
+version = "0.1.0"
+edition = "2021"
+workspace = "../.."
+
+[dependencies]
+log.workspace = true
diff --git a/cargo/spec/fixtures/manifests/workspace_dependencies_root b/cargo/spec/fixtures/manifests/workspace_dependencies_root
new file mode 100644
index 0000000000..5a16d94bd1
--- /dev/null
+++ b/cargo/spec/fixtures/manifests/workspace_dependencies_root
@@ -0,0 +1,5 @@
+[workspace]
+members = ["lib/inherit_ws_dep"]
+
+[workspace.dependencies]
+log = "=0.4.0"

From 0c3bfbea30aee8625510a023ab3e214bae300e07 Mon Sep 17 00:00:00 2001
From: Nish Sinha <nishnha@github.com>
Date: Fri, 30 Sep 2022 17:05:20 -0400
Subject: [PATCH 2/2] rubocop

---
 cargo/spec/dependabot/cargo/file_parser_spec.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cargo/spec/dependabot/cargo/file_parser_spec.rb b/cargo/spec/dependabot/cargo/file_parser_spec.rb
index 07c17eee1e..5b8dd4b137 100644
--- a/cargo/spec/dependabot/cargo/file_parser_spec.rb
+++ b/cargo/spec/dependabot/cargo/file_parser_spec.rb
@@ -408,7 +408,7 @@
                     requirement: nil,
                     file: "lib/inherit_ws_dep/Cargo.toml",
                     groups: ["dependencies"],
-                    source: nil,
+                    source: nil
                   }
                 ]
               )