Skip to content

Pin deps to their minor version#7473

Open
ShaharNaveh wants to merge 1 commit intoRustPython:mainfrom
ShaharNaveh:pin-lexopt
Open

Pin deps to their minor version#7473
ShaharNaveh wants to merge 1 commit intoRustPython:mainfrom
ShaharNaveh:pin-lexopt

Conversation

@ShaharNaveh
Copy link
Contributor

@ShaharNaveh ShaharNaveh commented Mar 20, 2026
edited by coderabbitai bot
Loading

When deps don't specify their minor version dependabot only update Cargo.lock (see #7470 for example).

This PR ensures that dependabot updates Cargo.toml as well.

Closes #7470

Summary by CodeRabbit

  • Chores
    • Updated project dependencies to latest stable versions for improved compatibility and performance.

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Mar 20, 2026
edited
Loading

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yml

Review profile: CHILL

Plan: Pro

Run ID: 33bfd0e1-6973-4b1a-a3eb-ef206d78a958

📥 Commits

Reviewing files that changed from the base of the PR and between 247044a and 3e8b585.

⛔ Files ignored due to path filters (1)
  • Cargo.lock is excluded by !**/*.lock
📒 Files selected for processing (1)
  • Cargo.toml
📝 Walkthrough

Walkthrough

Multiple dependency versions in Cargo.toml are updated to newer patch levels, including lexopt, dirs-next, env_logger, and approximately 20 other crates. Feature configurations and control flow structures remain unchanged; only version specifiers are modified.

Changes

Cohort / File(s) Summary
Dependency Version Updates
Cargo.toml		 Bumped 25+ crate versions to newer patch releases, including lexopt (0.3.1 → 0.3.2), dirs-next, env_logger, rand, syn, and others. Feature flags and dependencies structure preserved.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Suggested reviewers

  • youknowone

Poem

🐰 Dependencies march in a happy line,
Each version bumped to something fine,
Lexopt and rand now fresh and new,
No breaking changes to break you through,
The rabbit hops with glee—upgrades complete! ✨

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately describes the main change: pinning dependencies to their minor versions in Cargo.toml to ensure Dependabot updates the manifest file properly.
Linked Issues check ✅ Passed The PR successfully addresses issue #7470 by pinning lexopt and other dependencies to their minor versions, ensuring Dependabot updates Cargo.toml in addition to Cargo.lock.
Out of Scope Changes check ✅ Passed All changes are limited to dependency version pinning in Cargo.toml, directly addressing the objective to pin dependencies to their minor version.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
📝 Coding Plan
  • Generate coding plan for human review comments

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@youknowone
Copy link
Member

youknowone commented Mar 20, 2026

RustPython is a binary and a library. Library user uses Cargo.toml and application uses uses Cargo.lock. Specifying the latest version is good for application users, but not for library users

@ShaharNaveh
Copy link
Contributor Author

ShaharNaveh commented Mar 20, 2026

RustPython is a binary and a library. Library user uses Cargo.toml and application uses uses Cargo.lock. Specifying the latest version is good for application users, but not for library users

That's a good point.
I believe consistency is good, which way should we choose?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@moreal moreal moreal approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ShaharNaveh @youknowone @moreal