◐ Shell
reader mode source ↗
Skip to content

[easy][minor] Freeze ruff libraries to the REV that the TAG points to.#6375

Merged
youknowone merged 1 commit into
RustPython:mainfrom
slawlor:frozen
Dec 9, 2025
Merged

[easy][minor] Freeze ruff libraries to the REV that the TAG points to.#6375
youknowone merged 1 commit into
RustPython:mainfrom
slawlor:frozen

Conversation

@slawlor

@slawlor slawlor commented Dec 9, 2025
edited by coderabbitai Bot
Loading

Copy link
Copy Markdown
Contributor

Tags can move and be re-aliased to different revisions, and this actually freezes the rev (similar to how a published crate would) so that it only applies to this specific commit hash. (Tag release link: https://github.com/astral-sh/ruff/releases/tag/0.14.1)

This has caused some minor problems when vendoring sources where Ruff is used by other projects and is already pulled in by a rev, causing cargo vendor to crash.

Thanks for the awesome project!

Summary by CodeRabbit

  • Chores
    • Pinned four internal parsing/text dependencies to specific commit revisions (keeping the same source) to ensure reproducible builds and stability. No other dependencies or configuration changed; no public APIs or runtime behavior altered.

✏️ Tip: You can customize this high-level summary in your review settings.

@coderabbitai

coderabbitai Bot commented Dec 9, 2025
edited
Loading

Copy link
Copy Markdown
Contributor

Walkthrough

Four ruff-related dependencies in Cargo.toml were changed from git tag "0.14.1" to a specific git revision 2bffef59665ce7d2630dfd72ee99846663660db8; repository URLs remain unchanged and no other files or configs were modified.

Changes

Cohort / File(s) Summary
Dependency version pinning
Cargo.toml		 Replace four ruff-related dependencies (ruff_python_parser, ruff_python_ast, ruff_text_size, ruff_source_file) referencing git tag "0.14.1" with the specific git revision 2bffef59665ce7d2630dfd72ee99846663660db8 to ensure reproducible builds.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

  • Verify the git revision hash is correct and intentional
  • Confirm all four dependency entries use the identical revision
  • Ensure no other dependency fields (features, optional flags) were unintentionally altered

Poem

🐰 I nibbled tags and found a hash,
Four ruff friends snug in one small stash,
Pinned and steady, no surprise,
I dance in code with polished eyes. 🥕

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the main change: freezing ruff libraries to specific commit revisions instead of tags, which is the core modification in Cargo.toml.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
📜 Recent review details

Configuration used: Path: .coderabbit.yml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a2b665e and cd30f90.

⛔ Files ignored due to path filters (1)
  • Cargo.lock is excluded by !**/*.lock
📒 Files selected for processing (1)
  • Cargo.toml (1 hunks)
🧰 Additional context used
🧠 Learnings (1)
📚 Learning: 2025-11-29T12:17:28.606Z 
Learnt from: CR
Repo: RustPython/RustPython PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-11-29T12:17:28.606Z
Learning: Applies to **/*.py : Use ruff for linting Python code

Applied to files:

  • Cargo.toml

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai Bot reviewed Dec 9, 2025
View reviewed changes

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hide comment

Actionable comments posted: 1

🧹 Nitpick comments (1)
Cargo.toml (1)

154-157: Approve dependency pinning strategy.

The conversion from tag-based to revision-based pinning across all four ruff crates is the correct approach to prevent the vendoring issues caused by moving tags. Using the same revision hash for all four interdependent crates ensures compatibility.

Consider adding a brief comment above these dependencies to document which upstream release this revision corresponds to, for future maintainers:

+# Pinned to revision of Ruff v0.14.1 tag for stable vendoring (tags can move/realias)
+# See: https://github.com/astral-sh/ruff/releases/tag/0.14.1
 ruff_python_parser = { git = "https://github.com/astral-sh/ruff.git", rev = "2bffef59665ce7d2630dfd72ee99846663660db8" }
📜 Review details

Configuration used: Path: .coderabbit.yml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a99164f and a2b665e.

⛔ Files ignored due to path filters (1)
  • Cargo.lock is excluded by !**/*.lock
📒 Files selected for processing (1)
  • Cargo.toml (1 hunks)
🧰 Additional context used
🧠 Learnings (2)
📓 Common learnings 
Learnt from: CR
Repo: RustPython/RustPython PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-11-29T12:17:28.606Z
Learning: Applies to Lib/**/*.py : Minimize modifications to CPython standard library files in the `Lib/` directory; modifications should be minimal and only to work around RustPython limitations
📚 Learning: 2025-11-29T12:17:28.606Z 
Learnt from: CR
Repo: RustPython/RustPython PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-11-29T12:17:28.606Z
Learning: Applies to **/*.py : Use ruff for linting Python code

Applied to files:

  • Cargo.toml

ShaharNaveh
ShaharNaveh requested changes Dec 9, 2025
View reviewed changes

@ShaharNaveh ShaharNaveh left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hide comment

Generally, I'm fine with this change. Can you please add the tag version as a comment? it will be easier to track which ruff version we use.

Ty:)

@slawlor
Freeze ruff libraries to the REV that the TAG points to.
cd30f90 
Tags can move and be re-aliased to different revisions, and this actually freezes the rev (similar to how a published crate would) so that it only applies to this specific commit hash.
youknowone
youknowone approved these changes Dec 9, 2025
View reviewed changes

@youknowone youknowone left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hide comment

Thanks! I didn't know tag is possible to cause problems

Hide details View details @youknowone youknowone merged commit 6003c87 into RustPython:main Dec 9, 2025
2 checks passed
@youknowone

youknowone commented Dec 9, 2025

Copy link
Copy Markdown
Member

Could you tell me what are you building with RustPython if you don't mind? Just in curiuos.

@slawlor slawlor deleted the frozen branch December 9, 2025 14:26
@coderabbitai coderabbitai Bot mentioned this pull request Dec 31, 2025
Merged
@coderabbitai coderabbitai Bot mentioned this pull request Feb 13, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@ShaharNaveh ShaharNaveh ShaharNaveh requested changes

@youknowone youknowone youknowone approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@slawlor @youknowone @ShaharNaveh