Skip to content

Configure dependabot to ignore ruff updates #6185

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
youknowone merged 4 commits into from
Oct 12, 2025
Merged

Configure dependabot to ignore ruff updates #6185

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
935c674
Make dependabot ignore ruff updates
ShaharNaveh Oct 7, 2025
e26f313
Regenrate Cargo.lock
ShaharNaveh Oct 7, 2025
3a0d83b
Fix clippy
ShaharNaveh Oct 7, 2025
a8c36ad
Fix typo
ShaharNaveh Oct 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Fix clippy
  • Loading branch information
@ShaharNaveh
ShaharNaveh committed Oct 7, 2025
commit 3a0d83b53bc377d41381a6b2b08c9a39e8e0b8b6
2 changes: 1 addition & 1 deletion compiler/literal/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ rustpython-wtf8 = { workspace = true }

hexf-parse = "0.2.1"
is-macro.workspace = true
lexical-parse-float = { version = "1.0.4", features = ["format"] }
lexical-parse-float = { version = "1.0.6", features = ["format"] }
Copy link
Contributor

@coderabbitai coderabbitai bot Oct 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Verify the dependency version and check for security advisories.

Ensure that version 1.0.6 of lexical-parse-float exists and is free from known vulnerabilities.

🏁 Script executed:

#!/bin/bash
# Check for security advisories for lexical-parse-float

gh api graphql -f query='
{
  securityVulnerabilities(first: 5, ecosystem: CARGO, package: "lexical-parse-float") {
    nodes {
      advisory {
        summary
        severity
        publishedAt
      }
      vulnerableVersionRange
      firstPatchedVersion {
        identifier
      }
    }
  }
}'

Length of output: 477

🌐 Web query:

What is the latest version of lexical-parse-float crate on crates.io?

💡 Result:

The latest version is 1.0.5 (published Jan 10, 2025). [1][2]

Sources:

  • Fedora crate update (lists lexical-parse-float 1.0.5). [1]
  • Fedora packages page showing release 1.0.5 in Fedora Rawhide/Stable. [2]

Use the published crate version (v1.0.5)
In compiler/literal/Cargo.toml (line 16), change

lexical-parse-float = { version = "1.0.6", features = ["format"] }

to

lexical-parse-float = { version = "1.0.5", features = ["format"] }

(1.0.6 is not published on crates.io)

🤖 Prompt for AI Agents 
In compiler/literal/Cargo.toml around line 16, the dependency specifies
lexical-parse-float version "1.0.6" which is not published; change the version
to "1.0.5" while keeping the features = ["format"] entry unchanged so the crate
resolves from crates.io.

num-traits = { workspace = true }
unic-ucd-category = { workspace = true }

Expand Down
2 changes: 1 addition & 1 deletion compiler/literal/src/float.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ fn parse_inner(literal: &[u8]) -> Option<f64> {
// lexical-core's format::PYTHON_STRING is inaccurate
const PYTHON_STRING: u128 = NumberFormatBuilder::rebuild(PYTHON3_LITERAL)
.no_special(false)
.build();
.build_unchecked();
Copy link
Collaborator Author

@ShaharNaveh ShaharNaveh Oct 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://github.com/Alexhuszagh/rust-lexical/blob/7486b098e36cf06281ce39560f192d2d34684bfd/lexical-util/src/format_builder.rs#L3309-L3313

Comment on lines 19 to +21
Copy link
Contributor

@coderabbitai coderabbitai bot Oct 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Justify the use of build_unchecked() and verify it's necessary.

The change from build() to build_unchecked() removes runtime validation of the format configuration. While this is likely safe since the format is based on the predefined PYTHON3_LITERAL with a minor modification, this needs justification.

Possible reasons for this change:

  1. The build() method may no longer be const-compatible in lexical-parse-float 1.0.6
  2. Performance optimization for a compile-time constant

Please verify:

  • Is this change required by the updated dependency version?
  • Are the safety invariants upheld (valid format configuration)?

Consider adding a comment explaining why build_unchecked() is safe here, unless this is already documented elsewhere.

🏁 Script executed:

#!/bin/bash
# Check if build() method exists and is const-compatible in lexical-parse-float 1.0.6

# Search for NumberFormatBuilder documentation or usage examples
rg -n -C3 'NumberFormatBuilder.*build\(' --type rust

Length of output: 512

🌐 Web query:

Does lexical-parse-float 1.0.6 support const build() method on NumberFormatBuilder, or does it require build_unchecked() for const contexts?

💡 Result:

You can use the const build() method — NumberFormatBuilder::build is a const fn, so you do not need build_unchecked() for const contexts. [1][2]

Sources:

  • NumberFormatBuilder (const build) — lexical-core docs. [1]
  • Examples showing const usage with NumberFormatBuilder::build — lexical / lexical-parse-float docs. [2]

Replace build_unchecked() with build()

File: compiler/literal/src/float.rs:21
NumberFormatBuilder::build() is a const fn and performs validation; using build_unchecked() bypasses these checks unnecessarily. Update to .build().

🤖 Prompt for AI Agents 
In compiler/literal/src/float.rs around lines 19 to 21, the NumberFormatBuilder
call uses .build_unchecked() which bypasses validation; replace that call with
.build() since NumberFormatBuilder::build() is a const fn that performs the
necessary checks. Update the chained call to call .build() instead of
.build_unchecked(), keeping the same surrounding code and ensuring the constant
assignment remains valid.

f64::from_lexical_with_options::<PYTHON_STRING>(literal, &Options::new()).ok()
}

Expand Down
Loading