Configure dependabot to ignore ruff updates #6185
Conversation
WalkthroughAdded a Dependabot ignore rule for Cargo deps matching Changes
Sequence Diagram(s)sequenceDiagram
autonumber
participant Caller as parse_inner caller
participant Builder as NumberFormatBuilder
participant Parser as lexical parse routine
Note over Caller,Builder: Before
Caller->>Builder: build() (validates)
Builder-->>Caller: Result<Format, Error> (may Err)
alt valid
Caller->>Parser: parse_with_format(format)
Parser-->>Caller: Result<f64, ParseError>
else invalid
Builder-->>Caller: Error
end
Note over Caller,Builder: After (changed)
Caller->>Builder: build_unchecked() (no validation)
Builder-->>Caller: Format (assumed valid)
Caller->>Parser: parse_with_format(format)
Parser-->>Caller: Result<f64, ParseError or UB-like behavior if format invalid)
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Poem
Pre-merge checks and finishing touches❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✨ Finishing touches
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (1)
.github/dependabot.yml (1)
9-10: Fix typo in comment.Please correct “dealling” → “dealing” to keep the comment polished.
📜 Review details
Configuration used: Path: .coderabbit.yml
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (1)
Cargo.lockis excluded by!**/*.lock
📒 Files selected for processing (1)
.github/dependabot.yml(1 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (8)
- GitHub Check: Run snippets and cpython tests on wasm-wasi
- GitHub Check: Run rust tests (windows-2025)
- GitHub Check: Run snippets and cpython tests (ubuntu-latest)
- GitHub Check: Check the WASM package and demo
- GitHub Check: Run snippets and cpython tests (macos-latest)
- GitHub Check: Ensure compilation on various targets
- GitHub Check: Run tests under miri
- GitHub Check: Run snippets and cpython tests (windows-2025)
| const PYTHON_STRING: u128 = NumberFormatBuilder::rebuild(PYTHON3_LITERAL) | ||
| .no_special(false) | ||
| .build(); | ||
| .build_unchecked(); |
There was a problem hiding this comment.
There was a problem hiding this comment.
Actionable comments posted: 2
📜 Review details
Configuration used: Path: .coderabbit.yml
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (3)
.github/dependabot.yml(1 hunks)compiler/literal/Cargo.toml(1 hunks)compiler/literal/src/float.rs(1 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
- .github/dependabot.yml
🧰 Additional context used
📓 Path-based instructions (1)
**/*.rs
📄 CodeRabbit inference engine (.github/copilot-instructions.md)
**/*.rs: Format Rust code with the default rustfmt style (runcargo fmt)
Run clippy and fix any warnings or lints introduced by your changes
Follow Rust best practices for error handling and memory management
Files:
compiler/literal/src/float.rs
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (10)
- GitHub Check: Run snippets and cpython tests on wasm-wasi
- GitHub Check: Check the WASM package and demo
- GitHub Check: Run snippets and cpython tests (ubuntu-latest)
- GitHub Check: Run snippets and cpython tests (macos-latest)
- GitHub Check: Run snippets and cpython tests (windows-2025)
- GitHub Check: Run rust tests (ubuntu-latest)
- GitHub Check: Run rust tests (windows-2025)
- GitHub Check: Run rust tests (macos-latest)
- GitHub Check: Check Rust code with rustfmt and clippy
- GitHub Check: Ensure compilation on various targets
| hexf-parse = "0.2.1" | ||
| is-macro.workspace = true | ||
| lexical-parse-float = { version = "1.0.4", features = ["format"] } | ||
| lexical-parse-float = { version = "1.0.6", features = ["format"] } |
There was a problem hiding this comment.
🧩 Analysis chain
Verify the dependency version and check for security advisories.
Ensure that version 1.0.6 of lexical-parse-float exists and is free from known vulnerabilities.
🏁 Script executed:
#!/bin/bash
# Check for security advisories for lexical-parse-float
gh api graphql -f query='
{
securityVulnerabilities(first: 5, ecosystem: CARGO, package: "lexical-parse-float") {
nodes {
advisory {
summary
severity
publishedAt
}
vulnerableVersionRange
firstPatchedVersion {
identifier
}
}
}
}'Length of output: 477
🌐 Web query:
What is the latest version of lexical-parse-float crate on crates.io?
💡 Result:
The latest version is 1.0.5 (published Jan 10, 2025). [1][2]
Sources:
- Fedora crate update (lists lexical-parse-float 1.0.5). [1]
- Fedora packages page showing release 1.0.5 in Fedora Rawhide/Stable. [2]
Use the published crate version (v1.0.5)
In compiler/literal/Cargo.toml (line 16), change
lexical-parse-float = { version = "1.0.6", features = ["format"] }to
lexical-parse-float = { version = "1.0.5", features = ["format"] }(1.0.6 is not published on crates.io)
🤖 Prompt for AI Agents
In compiler/literal/Cargo.toml around line 16, the dependency specifies
lexical-parse-float version "1.0.6" which is not published; change the version
to "1.0.5" while keeping the features = ["format"] entry unchanged so the crate
resolves from crates.io.
| const PYTHON_STRING: u128 = NumberFormatBuilder::rebuild(PYTHON3_LITERAL) | ||
| .no_special(false) | ||
| .build(); | ||
| .build_unchecked(); |
There was a problem hiding this comment.
🧩 Analysis chain
Justify the use of build_unchecked() and verify it's necessary.
The change from build() to build_unchecked() removes runtime validation of the format configuration. While this is likely safe since the format is based on the predefined PYTHON3_LITERAL with a minor modification, this needs justification.
Possible reasons for this change:
- The
build()method may no longer beconst-compatible inlexical-parse-float1.0.6 - Performance optimization for a compile-time constant
Please verify:
- Is this change required by the updated dependency version?
- Are the safety invariants upheld (valid format configuration)?
Consider adding a comment explaining why build_unchecked() is safe here, unless this is already documented elsewhere.
🏁 Script executed:
#!/bin/bash
# Check if build() method exists and is const-compatible in lexical-parse-float 1.0.6
# Search for NumberFormatBuilder documentation or usage examples
rg -n -C3 'NumberFormatBuilder.*build\(' --type rustLength of output: 512
🌐 Web query:
Does lexical-parse-float 1.0.6 support const build() method on NumberFormatBuilder, or does it require build_unchecked() for const contexts?
💡 Result:
You can use the const build() method — NumberFormatBuilder::build is a const fn, so you do not need build_unchecked() for const contexts. [1][2]
Sources:
- NumberFormatBuilder (const build) — lexical-core docs. [1]
- Examples showing const usage with NumberFormatBuilder::build — lexical / lexical-parse-float docs. [2]
Replace build_unchecked() with build()
File: compiler/literal/src/float.rs:21
NumberFormatBuilder::build() is a const fn and performs validation; using build_unchecked() bypasses these checks unnecessarily. Update to .build().
🤖 Prompt for AI Agents
In compiler/literal/src/float.rs around lines 19 to 21, the NumberFormatBuilder
call uses .build_unchecked() which bypasses validation; replace that call with
.build() since NumberFormatBuilder::build() is a const fn that performs the
necessary checks. Update the chained call to call .build() instead of
.build_unchecked(), keeping the same surrounding code and ensuring the constant
assignment remains valid.
Explained in
.github/dependabot.ymlthe motivation for this.Closes #6183
Closes #6184
Summary by CodeRabbit