fix(providers/cargo): don't crash on workspace member with fixed version

[bearomorphism]

Description

Fix a TypeError: string indices must be integers, not 'str' crash in CargoProvider when bumping a Cargo workspace whose members include a crate with a hardcoded version.

While iterating workspace members in CargoProvider.set_lock_version, the code subscripted package["version"]["workspace"] inside a try/except block that only caught NonExistentKey. If a member's Cargo.toml declared a hardcoded version (version = "x.y.z") instead of version.workspace = true, package["version"] was a tomlkit String and the subscript raised TypeError, which the existing handler did not catch.

The fix replaces the exception-driven check with an isinstance type guard so the inheritance lookup only runs when version is an actual table.

Checklist

• I have read the contributing guidelines

Was generative AI tooling used to co-author this PR?

• Yes (please specify the tool below)

Generated-by: GitHub Copilot CLI following the guidelines

Code Changes

• Add test cases to all the changes you introduce
• Run uv run poe all locally to ensure this change passes linter check and tests
• Manually test the changes:
  • Verify the feature/bug fix works as expected in real-world scenarios
  • Test edge cases and error conditions
  • Ensure backward compatibility is maintained
  • Document any manual testing steps performed
• Update the documentation for the changes (no user-facing behavior change)

Documentation Changes

No documentation changes.

Expected Behavior

cz bump against a Cargo workspace whose members include a crate with a hardcoded version = "x.y.z" (real Cargo syntax for opting out of the workspace-inherited version) succeeds:

• the workspace version in [workspace.package] is bumped,
• the lock file is rewritten,
• members that declare version.workspace = true get their lock entries bumped,
• members that pin their own version are left untouched,
• no TypeError is raised.

Steps to Test This Pull Request

A regression test is added in tests/providers/test_cargo_provider.py:
test_cargo_provider_workspace_member_with_fixed_version.

Manual repro (also covered by the new test):

1. Create a workspace Cargo.toml:

   [workspace]
   members = ["pinned"]
   
   [workspace.package]
   version = "0.1.0"

2. Add a member pinned/Cargo.toml:

   [package]
   name = "pinned"
   version = "0.9.0"

3. Create a matching Cargo.lock and configure commitizen with version_provider = "cargo".

4. Run cz bump --yes. Before this fix, it crashes with TypeError: string indices must be integers, not 'str'. With the fix, the workspace version is bumped and the pinned member's lock entry is preserved.

Verified locally:

• uv run poe format -- clean
• uv run poe lint -- ruff + mypy clean
• uv run pytest tests/providers/test_cargo_provider.py -- 7 passed (including the new regression test)
• uv run prek run --files commitizen/providers/cargo_provider.py tests/providers/test_cargo_provider.py -- clean

The new test was also confirmed to fail on the unpatched code with the exact TypeError from the bug report.

Additional Context

• Fixes CRASH on cargo provider #2001.
• Related prior art: fix: workspace member with fixed version #1715 (closed, same reporter, never rebased) and fix(cargo_provider): support workspace virtual manifests #1733 (open, draft, broader virtual-manifest rewrite). This PR is scoped narrowly to the crash and intentionally does not overlap with fix(cargo_provider): support workspace virtual manifests #1733's restructuring.

[github-actions]

🔍 Commitizen bump preview

Merging this PR will produce the following bump:

bump: version 4.16.2 → 4.16.3
tag to create: v4.16.3
increment detected: PATCH

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 98.23%. Comparing base (c3f6797) to head (4ff25e3).
⚠️ Report is 16 commits behind head on master.
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #2002      +/-   ##
==========================================
- Coverage   98.24%   98.23%   -0.01%     
==========================================
  Files          61       61              
  Lines        2785     2782       -3     
==========================================
- Hits         2736     2733       -3     
  Misses         49       49              

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

[Copilot]

Pull request overview

This PR fixes a Cargo provider crash when a workspace member pins its own package version instead of inheriting workspace.package.version.

Changes:

• Replaces exception-driven nested access with a type guard before checking version.workspace.
• Adds a regression test for workspace members using version = "x.y.z".

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File	Description
commitizen/providers/cargo_provider.py	Safely detects members inheriting workspace version before updating Cargo.lock.
tests/providers/test_cargo_provider.py	Adds regression coverage for fixed-version workspace members.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.