deps: Audit 11/16 (#1188)

* First pass.

* Update traversal.

* Fix changelog.

Cargo.toml

@@ -24,16 +24,16 @@ default-members = ["crates/cli"]
 
 [workspace.dependencies]
 async-trait = "0.1.74"
-cached = "0.46.0"
+cached = "0.46.1"
 chrono = { version = "0.4.31", features = ["serde"] }
 cd_env = "0.1.2"
 ci_env = "0.2.1"
-clap = { version = "4.4.7", features = ["derive", "env", "wrap_help"] }
+clap = { version = "4.4.8", features = ["derive", "env", "wrap_help"] }
 clap_complete = "4.4.4"
 console = "0.15.7"
 miette = "5.10.0"
 once_cell = "1.18.0"
-once_map = "0.4.10"
+once_map = "0.4.11"
 pathdiff = "0.2.1"
 petgraph = { version = "0.6.4", default-features = false, features = [
 	"serde-1",
@@ -47,7 +47,7 @@ reqwest = { version = "0.11.22", default-features = false, features = [
 	"native-tls-vendored",
 ] }
 rustc-hash = "1.1.0"
-schematic = { version = "0.12.7", default-features = false, features = [
+schematic = { version = "0.12.8", default-features = false, features = [
 	"config",
 	"schema",
 	"url",
@@ -57,27 +57,27 @@ schematic = { version = "0.12.7", default-features = false, features = [
 	"type_warpgate",
 ] }
 semver = "1.0.20"
-serde = { version = "1.0.190", features = ["derive", "rc"] }
-serde_json = "1.0.107"
+serde = { version = "1.0.192", features = ["derive", "rc"] }
+serde_json = "1.0.108"
 serde_yaml = "0.9.27"
-starbase = "0.2.9"
+starbase = "0.2.10"
 starbase_archive = { version = "0.2.4", default-features = false, features = [
 	"tar-gz",
 ] }
 starbase_events = { version = "0.2.2" }
 starbase_sandbox = "0.1.12"
 starbase_styles = { version = "0.1.16", features = ["relative-path"] }
-starbase_utils = { version = "0.3.7", default-features = false, features = [
+starbase_utils = { version = "0.3.8", default-features = false, features = [
 	"editor-config",
 	"glob",
 	"json",
 	"toml",
 	"yaml",
 ] }
-system_env = "0.1.2"
+system_env = "0.1.4"
 tera = { version = "1.19.1", features = ["preserve_order"] }
 thiserror = "1.0.50"
-tokio = { version = "1.33.0", default-features = false, features = [
+tokio = { version = "1.34.0", default-features = false, features = [
 	"macros",
 	"process",
 	"rt-multi-thread",

crates/node/tool/src/bun_tool.rs

@@ -8,6 +8,7 @@ use moon_tool::{
     async_trait, load_tool_plugin, prepend_path_env_var, use_global_tool_on_path,
     DependencyManager, Tool,
 };
+use moon_utils::get_workspace_root;
 use proto_core::{Id, ProtoEnvironment, Tool as ProtoTool, UnresolvedVersionSpec};
 use rustc_hash::FxHashMap;
 use starbase_utils::fs;
@@ -160,7 +161,9 @@ impl DependencyManager<NodeTool> for BunTool {
         &self,
         project_root: &Path,
     ) -> miette::Result<LockfileDependencyVersions> {
-        let Some(lockfile_path) = fs::find_upwards(BUN.lockfile, project_root) else {
+        let Some(lockfile_path) =
+            fs::find_upwards_until(BUN.lockfile, project_root, get_workspace_root())
+        else {
             return Ok(FxHashMap::default());
         };
 

crates/node/tool/src/npm_tool.rs

@@ -8,7 +8,7 @@ use moon_tool::{
     async_trait, load_tool_plugin, prepend_path_env_var, use_global_tool_on_path,
     DependencyManager, Tool,
 };
-use moon_utils::is_ci;
+use moon_utils::{get_workspace_root, is_ci};
 use proto_core::{Id, ProtoEnvironment, Tool as ProtoTool, UnresolvedVersionSpec};
 use rustc_hash::FxHashMap;
 use starbase_utils::fs;
@@ -167,7 +167,9 @@ impl DependencyManager<NodeTool> for NpmTool {
         &self,
         project_root: &Path,
     ) -> miette::Result<LockfileDependencyVersions> {
-        let Some(lockfile_path) = fs::find_upwards(NPM.lockfile, project_root) else {
+        let Some(lockfile_path) =
+            fs::find_upwards_until(NPM.lockfile, project_root, get_workspace_root())
+        else {
             return Ok(FxHashMap::default());
         };
 

crates/node/tool/src/pnpm_tool.rs

@@ -8,7 +8,7 @@ use moon_tool::{
     async_trait, load_tool_plugin, prepend_path_env_var, use_global_tool_on_path,
     DependencyManager, Tool,
 };
-use moon_utils::is_ci;
+use moon_utils::{get_workspace_root, is_ci};
 use proto_core::{
     Id, ProtoEnvironment, Tool as ProtoTool, UnresolvedVersionSpec, VersionReq, VersionSpec,
 };
@@ -197,7 +197,9 @@ impl DependencyManager<NodeTool> for PnpmTool {
         &self,
         project_root: &Path,
     ) -> miette::Result<LockfileDependencyVersions> {
-        let Some(lockfile_path) = fs::find_upwards(PNPM.lockfile, project_root) else {
+        let Some(lockfile_path) =
+            fs::find_upwards_until(PNPM.lockfile, project_root, get_workspace_root())
+        else {
             return Ok(FxHashMap::default());
         };
 

crates/node/tool/src/yarn_tool.rs

@@ -255,7 +255,9 @@ impl DependencyManager<NodeTool> for YarnTool {
         &self,
         project_root: &Path,
     ) -> miette::Result<LockfileDependencyVersions> {
-        let Some(lockfile_path) = fs::find_upwards(YARN.lockfile, project_root) else {
+        let Some(lockfile_path) =
+            fs::find_upwards_until(YARN.lockfile, project_root, get_workspace_root())
+        else {
             return Ok(FxHashMap::default());
         };
 

crates/rust/platform/src/lib.rs

@@ -10,8 +10,8 @@ use starbase_utils::{dirs, fs};
 use std::env;
 use std::path::{Path, PathBuf};
 
-fn find_cargo_lock(starting_dir: &Path) -> Option<PathBuf> {
-    fs::find_upwards(CARGO.lockfile, starting_dir)
+fn find_cargo_lock(starting_dir: &Path, workspace_root: &Path) -> Option<PathBuf> {
+    fs::find_upwards_until(CARGO.lockfile, starting_dir, workspace_root)
 }
 
 fn get_cargo_home() -> PathBuf {

crates/rust/platform/src/rust_platform.rs

@@ -116,7 +116,10 @@ impl Platform for RustPlatform {
     // PROJECT GRAPH
 
     fn is_project_in_dependency_workspace(&self, project_source: &str) -> miette::Result<bool> {
-        let Some(lockfile_path) = find_cargo_lock(&self.workspace_root.join(project_source)) else {
+        let Some(lockfile_path) = find_cargo_lock(
+            &self.workspace_root.join(project_source),
+            &self.workspace_root,
+        ) else {
             return Ok(false);
         };
 
@@ -267,7 +270,7 @@ impl Platform for RustPlatform {
             tool.exec_rustup(args, working_dir).await?;
         }
 
-        if find_cargo_lock(working_dir).is_none() {
+        if find_cargo_lock(working_dir, &self.workspace_root).is_none() {
             print_checkpoint("cargo generate-lockfile", Checkpoint::Setup);
 
             tool.exec_cargo(["generate-lockfile"], working_dir).await?;
@@ -330,7 +333,7 @@ impl Platform for RustPlatform {
     ) -> miette::Result<bool> {
         let mut mutated_files = false;
 
-        let lockfile_path = find_cargo_lock(&project.root);
+        let lockfile_path = find_cargo_lock(&project.root, &self.workspace_root);
         let cargo_root = match lockfile_path {
             Some(path) => path.parent().unwrap().to_owned(),
             None => project.root.to_owned(),

nextgen/workspace/src/workspace.rs

@@ -24,19 +24,20 @@ fn find_workspace_root<P: AsRef<Path>>(working_dir: P) -> miette::Result<PathBuf
     }
 
     let working_dir = working_dir.as_ref();
+    let home_dir = dirs::home_dir().ok_or(WorkspaceError::MissingHomeDir)?;
 
     debug!(
         working_dir = ?working_dir,
         "Attempting to find workspace root",
     );
 
-    let Some(possible_root) = fs::find_upwards_root(consts::CONFIG_DIRNAME, working_dir) else {
+    let Some(possible_root) =
+        fs::find_upwards_root_until(consts::CONFIG_DIRNAME, working_dir, &home_dir)
+    else {
         return Err(WorkspaceError::MissingConfigDir.into());
     };
 
     // Avoid finding the ~/.moon directory
-    let home_dir = dirs::home_dir().ok_or(WorkspaceError::MissingHomeDir)?;
-
     if home_dir == possible_root {
         return Err(WorkspaceError::MissingConfigDir.into());
     }

packages/cli/CHANGELOG.md

@@ -12,10 +12,16 @@
 
 ## Unreleased
 
+#### 🐞 Fixes
+
+- Updated file traversal to not walk outside of the workspace root.
+
 #### ⚙️ Internal
 
-- Updated to proto v0.22.0.
 - Updated Rust to v1.74.
+- Updated proto to v0.23.0.
+- Updated dependencies.
+- Updated logs to now include nanoseconds.
 
 ## 1.16.4