From 5f01d3d0fea658926609c98e6448a8b6955c25db Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 2 Feb 2026 15:31:57 +0000 Subject: [PATCH 01/20] chore(deps): Update pre-commit hook crate-ci/typos to v1.43.0 --- .pre-commit-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 7aa56f7..714e2e1 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -10,7 +10,7 @@ repos: - id: check-case-conflict - id: detect-private-key - repo: https://github.com/crate-ci/typos - rev: v1.42.1 + rev: v1.43.0 hooks: - id: typos - repo: https://github.com/crate-ci/committed From bda89afdb392607c2dd24187c8ffe2b526c2b1dc Mon Sep 17 00:00:00 2001 From: Ed Page Date: Wed, 18 Feb 2026 10:39:14 -0600 Subject: [PATCH 02/20] chore(ci): Fix prek version updating --- .github/renovate.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/renovate.json5 b/.github/renovate.json5 index cc1fefc..cf9d0bc 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -64,7 +64,7 @@ matchDepNames: [ 'prek', ], - extractVersion: '^(?\\d+\\.\\d+\\.\\d+)', + extractVersion: '^v(?\\d+\\.\\d+\\.\\d+)', schedule: [ '* * * * *', ], From 8485f9d184100e64d65639c4423509144b7d4845 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 18 Feb 2026 16:45:48 +0000 Subject: [PATCH 03/20] chore(deps): Update Prek to v0.3.3 (#45) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Update | Change | |---|---|---| | [prek](https://redirect.github.com/j178/prek) | minor | `0.2.27` → `0.3.3` | --- ### Release Notes
j178/prek (prek) ### [`v0.3.3`](https://redirect.github.com/j178/prek/blob/HEAD/CHANGELOG.md#033) [Compare Source](https://redirect.github.com/j178/prek/compare/v0.3.2...v0.3.3) Released on 2026-02-15. ##### Enhancements - Read Python version specifier from hook repo `pyproject.toml` ([#​1596](https://redirect.github.com/j178/prek/pull/1596)) - Add `#:schema` directives to generated prek.toml ([#​1597](https://redirect.github.com/j178/prek/pull/1597)) - Add `prek util list-builtins` command ([#​1600](https://redirect.github.com/j178/prek/pull/1600)) - Expand install source detection to `mise`, `uv tool`, `pipx`, and `asdf` ([#​1605](https://redirect.github.com/j178/prek/pull/1605), [#​1607](https://redirect.github.com/j178/prek/pull/1607)) - Add progress bar to `cache clean` and show removal summary ([#​1616](https://redirect.github.com/j178/prek/pull/1616)) - Make `yaml-to-toml` CONFIG argument optional ([#​1593](https://redirect.github.com/j178/prek/pull/1593)) - `prek uninstall` removes legacy scripts too ([#​1622](https://redirect.github.com/j178/prek/pull/1622)) ##### Bug fixes - Fix underflow when formatting summary output ([#​1626](https://redirect.github.com/j178/prek/pull/1626)) - Match `files/exclude` filter against relative path of nested project ([#​1624](https://redirect.github.com/j178/prek/pull/1624)) - Select `musllinux` wheel tag for uv on musl-based distros ([#​1628](https://redirect.github.com/j178/prek/pull/1628)) ##### Documentation - Clarify `prek list` description ([#​1604](https://redirect.github.com/j178/prek/pull/1604)) ##### Contributors - [@​ichoosetoaccept](https://redirect.github.com/ichoosetoaccept) - [@​shaanmajid](https://redirect.github.com/shaanmajid) - [@​soraxas](https://redirect.github.com/soraxas) - [@​9999years](https://redirect.github.com/9999years) - [@​j178](https://redirect.github.com/j178) ### [`v0.3.2`](https://redirect.github.com/j178/prek/blob/HEAD/CHANGELOG.md#032) [Compare Source](https://redirect.github.com/j178/prek/compare/v0.3.1...v0.3.2) Released on 2026-02-06. ##### Highlights - **`prek.toml` is here!** You can now use `prek.toml` as an alternative to `.pre-commit-config.yaml` for configuring prek. `prek.toml` mirrors the structure of `.pre-commit-config.yaml`, but TOML is less error-prone. Your existing `.pre-commit-config.yaml` will continue to work, but for new users and new projects, `prek.toml` may make more sense. If you want to switch, run `prek util yaml-to-toml` to convert YAML configs to `prek.toml`. See [configuration docs](configuration.md) for details. For example, this config: ```yaml repos: - repo: https://github.com/pre-commit/pre-commit-hooks rev: v6.0.0 hooks: - id: check-yaml ``` Can be written as `prek.toml` like this: ```toml [[repos]] repo = "https://github.com/pre-commit/pre-commit-hooks" rev = "v6.0.0" hooks = [ { id = "check-yaml" } ] ``` - **`serde-yaml` has been replaced with `serde-saphyr`** We replaced the long-deprecated `serde-yaml` crate with [`serde-saphyr`](https://crates.io/crates/serde-saphyr) for YAML parsing. It is written in safe Rust and has better error messages, performance, and security. This lets us provide precise location information for configuration parsing errors, which should make it easier to fix config issues. For example, this invalid config: ```yaml repos: - repo: https://github.com/crate-ci/typos hooks: - id: typos ``` Before: ```console $ prek run error: Failed to parse `.pre-commit-config.yaml` caused by: Invalid remote repo: missing field `rev` ``` Now: ```console $ prek run error: Failed to parse `.pre-commit-config.yaml` caused by: error: line 2 column 5: missing field `rev` at line 2, column 5 --> :2:5 | 1 | repos: 2 | - repo: https://github.com/crate-ci/typos | ^ missing field `rev` at line 2, column 5 3 | hooks: 4 | - id: typos | ``` - **`prek util` subcommands** We added a new `prek util` top-level command for miscellaneous utilities that don't fit into other categories. The first two utilities are: - `prek util identify`: shows the identification tags of files that prek uses for file filtering, which can be useful for debugging and writing `types/types_or/exclude_types` filters. - `prek util yaml-to-toml`: converts `.pre-commit-config.yaml` to `prek.toml`. We also moved `prek init-template-dir` under `prek util` for better organization. The old `prek init-template-dir` command is still available (hidden) as an alias for backward compatibility. ##### Enhancements - Add `prek util identify` subcommand ([#​1554](https://redirect.github.com/j178/prek/pull/1554)) - Add `prek util yaml-to-toml` to convert `.pre-commit-config.yaml` to `prek.toml` ([#​1584](https://redirect.github.com/j178/prek/pull/1584)) - Detect install source for actionable upgrade hints ([#​1540](https://redirect.github.com/j178/prek/pull/1540)) - Detect prek installed by the standalone installer ([#​1545](https://redirect.github.com/j178/prek/pull/1545)) - Implement `serialize_yaml_scalar` using `serde-saphyr` ([#​1534](https://redirect.github.com/j178/prek/pull/1534)) - Improve max cli arguments length calculation ([#​1518](https://redirect.github.com/j178/prek/pull/1518)) - Move `identify` and `init-template-dir` under the `prek util` top-level command ([#​1574](https://redirect.github.com/j178/prek/pull/1574)) - Replace serde-yaml with serde-saphyr (again) ([#​1520](https://redirect.github.com/j178/prek/pull/1520)) - Show precise location for config parsing error ([#​1530](https://redirect.github.com/j178/prek/pull/1530)) - Support `Julia` language ([#​1519](https://redirect.github.com/j178/prek/pull/1519)) - Support `prek.toml` ([#​1271](https://redirect.github.com/j178/prek/pull/1271)) - Added `PREK_QUIET` environment variable support ([#​1513](https://redirect.github.com/j178/prek/pull/1513)) - Remove upper bound constraint of uv version ([#​1588](https://redirect.github.com/j178/prek/pull/1588)) ##### Bug fixes - Do not make the child a session leader ([#​1586](https://redirect.github.com/j178/prek/pull/1586)) - Fix FilePattern schema to accept plain strings ([#​1564](https://redirect.github.com/j178/prek/pull/1564)) - Use semver fallback sort when tag timestamps are equal ([#​1579](https://redirect.github.com/j178/prek/pull/1579)) ##### Documentation - Add `OpenClaw` to the list of users ([#​1517](https://redirect.github.com/j178/prek/pull/1517)) - Add `cachix/devenv`, `apache/lucene`, `copper-project/copper-rs` as projects using prek ([#​1531](https://redirect.github.com/j178/prek/pull/1531), [#​1514](https://redirect.github.com/j178/prek/pull/1514), [#​1569](https://redirect.github.com/j178/prek/pull/1569)) - Add document about authoring remote hooks ([#​1571](https://redirect.github.com/j178/prek/pull/1571)) - Add `llms.txt` generation for LLM-friendly documentation ([#​1553](https://redirect.github.com/j178/prek/pull/1553)) - Document using `--refresh` to pick up `.prekignore` changes ([#​1575](https://redirect.github.com/j178/prek/pull/1575)) - Fix PowerShell completion instruction syntax ([#​1568](https://redirect.github.com/j178/prek/pull/1568)) - Update quick start to use `prek.toml` ([#​1576](https://redirect.github.com/j178/prek/pull/1576)) ##### Other changes - Include `prek.toml` in run hint for config filename ([#​1578](https://redirect.github.com/j178/prek/pull/1578)) ##### Contributors - [@​fatelei](https://redirect.github.com/fatelei) - [@​domenkozar](https://redirect.github.com/domenkozar) - [@​makeecat](https://redirect.github.com/makeecat) - [@​fllesser](https://redirect.github.com/fllesser) - [@​j178](https://redirect.github.com/j178) - [@​copilot-swe-agent](https://redirect.github.com/copilot-swe-agent) - [@​oopscompiled](https://redirect.github.com/oopscompiled) - [@​rmuir](https://redirect.github.com/rmuir) - [@​shaanmajid](https://redirect.github.com/shaanmajid) ### [`v0.3.1`](https://redirect.github.com/j178/prek/blob/HEAD/CHANGELOG.md#031) [Compare Source](https://redirect.github.com/j178/prek/compare/v0.3.0...v0.3.1) Released on 2026-01-31. ##### Enhancements - Add `language: swift` support ([#​1463](https://redirect.github.com/j178/prek/pull/1463)) - Add `language: haskell` support ([#​1484](https://redirect.github.com/j178/prek/pull/1484)) - Extract go version constraint from `go.mod` ([#​1457](https://redirect.github.com/j178/prek/pull/1457)) - Warn when config file exists but fails to parse ([#​1487](https://redirect.github.com/j178/prek/pull/1487)) - Add GitHub artifact attestations to release and build-docker workflow ([#​1494](https://redirect.github.com/j178/prek/pull/1494), [#​1497](https://redirect.github.com/j178/prek/pull/1497)) - Allow `GIT_CONFIG_PARAMETERS` for private repository authentication ([#​1472](https://redirect.github.com/j178/prek/pull/1472)) - Show progress bar when running builtin hooks ([#​1504](https://redirect.github.com/j178/prek/pull/1504)) ##### Bug fixes - Cap ARG\_MAX at `1<<19` for safety ([#​1506](https://redirect.github.com/j178/prek/pull/1506)) - Don't check Python executable path in health check ([#​1496](https://redirect.github.com/j178/prek/pull/1496)) ##### Documentation - Include `CocoIndex` as a project using prek ([#​1477](https://redirect.github.com/j178/prek/pull/1477)) - Add commands for artifact verification using GitHub Attestations ([#​1500](https://redirect.github.com/j178/prek/pull/1500)) ##### Contributors - [@​halms](https://redirect.github.com/halms) - [@​Haleshot](https://redirect.github.com/Haleshot) - [@​simono](https://redirect.github.com/simono) - [@​tisonkun](https://redirect.github.com/tisonkun) - [@​fllesser](https://redirect.github.com/fllesser) - [@​j178](https://redirect.github.com/j178) - [@​shaanmajid](https://redirect.github.com/shaanmajid) ### [`v0.3.0`](https://redirect.github.com/j178/prek/blob/HEAD/CHANGELOG.md#030) [Compare Source](https://redirect.github.com/j178/prek/compare/v0.2.30...v0.3.0) Released on 2026-01-22. ##### Highlights - `prek cache gc` (also available via `prek gc` for pre-commit compatibility) is finally here! You can now run `prek cache gc` to clean up unused repos, hook envs and tool versions from prek cache. - `language: bun` is now supported, making it possible to write and run hooks with [Bun](https://bun.sh/). ##### Enhancements - Implement `prek cache gc` ([#​1410](https://redirect.github.com/j178/prek/pull/1410)) - Bootstrap tracking configs from workspace cache ([#​1417](https://redirect.github.com/j178/prek/pull/1417)) - Show total size `prek cache gc` removed ([#​1418](https://redirect.github.com/j178/prek/pull/1418)) - Show accurate repo and hook details in `prek cache gc -v` ([#​1420](https://redirect.github.com/j178/prek/pull/1420)) - `prek cache gc` remove specific unused tool versions ([#​1422](https://redirect.github.com/j178/prek/pull/1422)) - Fix unused tool versions not removed in `prek cache gc` ([#​1436](https://redirect.github.com/j178/prek/pull/1436)) - Add `language: bun` support ([#​1411](https://redirect.github.com/j178/prek/pull/1411)) - Use `git ls-remote --tags` to list bun versions ([#​1439](https://redirect.github.com/j178/prek/pull/1439)) - Accept `--stage` as an alias for `--hook-stage` in `prek run` ([#​1398](https://redirect.github.com/j178/prek/pull/1398)) - Expand `~` tilde in `PREK_HOME` ([#​1431](https://redirect.github.com/j178/prek/pull/1431)) - Support refs to trees ([#​1449](https://redirect.github.com/j178/prek/pull/1449)) ##### Bug fixes - Avoid file lock warning for in-process contention ([#​1406](https://redirect.github.com/j178/prek/pull/1406)) - Resolve relative repo paths from config file directory ([#​1443](https://redirect.github.com/j178/prek/pull/1443)) - fix: use `split()` instead of `resolve(None)` for builtin hook argument parsing ([#​1415](https://redirect.github.com/j178/prek/pull/1415)) ##### Documentation - Add `simple-icons` and `ast-grep` to the users of prek ([#​1403](https://redirect.github.com/j178/prek/pull/1403)) - Improve JSON schema for `repo` field ([#​1432](https://redirect.github.com/j178/prek/pull/1432)) - Improve JSON schema for builtin and meta hooks ([#​1427](https://redirect.github.com/j178/prek/pull/1427)) - Add pronunciation entry to FAQ ([#​1442](https://redirect.github.com/j178/prek/pull/1442)) - Add commitizen to the list of projects using prek ([#​1413](https://redirect.github.com/j178/prek/pull/1413)) - Move docs to zensical ([#​1421](https://redirect.github.com/j178/prek/pull/1421)) ##### Other Changes - Refactor config layout ([#​1407](https://redirect.github.com/j178/prek/pull/1407)) ##### Contributors - [@​shaanmajid](https://redirect.github.com/shaanmajid) - [@​KevinGimbel](https://redirect.github.com/KevinGimbel) - [@​jtamagnan](https://redirect.github.com/jtamagnan) - [@​jmeickle-theaiinstitute](https://redirect.github.com/jmeickle-theaiinstitute) - [@​YazdanRa](https://redirect.github.com/YazdanRa) - [@​j178](https://redirect.github.com/j178) - [@​mschoettle](https://redirect.github.com/mschoettle) - [@​tisonkun](https://redirect.github.com/tisonkun) ### [`v0.2.30`](https://redirect.github.com/j178/prek/blob/HEAD/CHANGELOG.md#0230) [Compare Source](https://redirect.github.com/j178/prek/compare/v0.2.29...v0.2.30) Released on 2026-01-18. ##### Enhancements - Build binaries using minimal-size profile ([#​1376](https://redirect.github.com/j178/prek/pull/1376)) - Check for duplicate keys in `check-json5` builtin hook ([#​1387](https://redirect.github.com/j178/prek/pull/1387)) - Preserve quoting style in `auto-update` ([#​1379](https://redirect.github.com/j178/prek/pull/1379)) - Show warning if file lock acquiring blocks for long time ([#​1353](https://redirect.github.com/j178/prek/pull/1353)) - Singleflight Python health checks with cached interpreter info ([#​1381](https://redirect.github.com/j178/prek/pull/1381)) ##### Bug fixes - Do not resolve entry for docker\_image ([#​1386](https://redirect.github.com/j178/prek/pull/1386)) - Fix command lookup on Windows ([#​1383](https://redirect.github.com/j178/prek/pull/1383)) ##### Documentation - Document language support details ([#​1380](https://redirect.github.com/j178/prek/pull/1380)) - Document that `check-json5` now rejects duplicate keys ([#​1391](https://redirect.github.com/j178/prek/pull/1391)) ##### Contributors - [@​j178](https://redirect.github.com/j178) ### [`v0.2.29`](https://redirect.github.com/j178/prek/blob/HEAD/CHANGELOG.md#0229) [Compare Source](https://redirect.github.com/j178/prek/compare/v0.2.28...v0.2.29) Released on 2026-01-16. ##### Highlights `files` / `exclude` now support globs (including glob lists), making config filters much easier to read and maintain than heavily-escaped regex. Before (regex): ```yaml files: "^(src/.*\\.rs$|crates/[^/]+/src/.*\\.rs$)" ``` After (glob list): ```yaml files: glob: - src/**/*.rs - crates/**/src/**/*.rs ``` ##### Enhancements - Add `check-json5` as builtin hooks ([#​1367](https://redirect.github.com/j178/prek/pull/1367)) - Add glob list support for file patterns (`files` and `exclude`) ([#​1197](https://redirect.github.com/j178/prek/pull/1197)) ##### Bug fixes - Fix missing commit hash from version info ([#​1352](https://redirect.github.com/j178/prek/pull/1352)) - Remove git env vars from `uv pip install` subprocess ([#​1355](https://redirect.github.com/j178/prek/pull/1355)) - Set `TERM=dumb` under PTY to prevent capability-probe hangs ([#​1363](https://redirect.github.com/j178/prek/pull/1363)) ##### Documentation - Add `home-assistant/core` to the users of prek ([#​1350](https://redirect.github.com/j178/prek/pull/1350)) - Document builtin hooks ([#​1370](https://redirect.github.com/j178/prek/pull/1370)) - Explain project configuration scope ([#​1373](https://redirect.github.com/j178/prek/pull/1373)) ##### Contributors - [@​Goldziher](https://redirect.github.com/Goldziher) - [@​yihong0618](https://redirect.github.com/yihong0618) - [@​j178](https://redirect.github.com/j178) - [@​shaanmajid](https://redirect.github.com/shaanmajid) - [@​ulgens](https://redirect.github.com/ulgens) ### [`v0.2.28`](https://redirect.github.com/j178/prek/blob/HEAD/CHANGELOG.md#0228) [Compare Source](https://redirect.github.com/j178/prek/compare/v0.2.27...v0.2.28) Released on 2026-01-13. ##### Enhancements - Avoid running `git diff` for skipped hooks ([#​1335](https://redirect.github.com/j178/prek/pull/1335)) - More accurate command line length limit calculation ([#​1348](https://redirect.github.com/j178/prek/pull/1348)) - Raise platform command line length upper limit ([#​1347](https://redirect.github.com/j178/prek/pull/1347)) - Use `/bin/sh` in generated git hook scripts ([#​1333](https://redirect.github.com/j178/prek/pull/1333)) ##### Bug fixes - Avoid rewriting if config is up-to-date ([#​1346](https://redirect.github.com/j178/prek/pull/1346)) ##### Documentation - Add `ty` to the users of prek ([#​1342](https://redirect.github.com/j178/prek/pull/1342)) - Add `ruff` to the users of prek ([#​1334](https://redirect.github.com/j178/prek/pull/1334)) - Complete configuration document ([#​1338](https://redirect.github.com/j178/prek/pull/1338)) - Document UV environment variable inheritance in prek ([#​1339](https://redirect.github.com/j178/prek/pull/1339)) ##### Contributors - [@​copilot-swe-agent](https://redirect.github.com/copilot-swe-agent) - [@​MatthewMckee4](https://redirect.github.com/MatthewMckee4) - [@​yihong0618](https://redirect.github.com/yihong0618) - [@​j178](https://redirect.github.com/j178)
--- ### Configuration 📅 **Schedule**: Branch creation - Every minute ( * * * * * ) (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/epage/_rust). Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/pre-commit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index ef1a54a..3d5f0fe 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -25,4 +25,4 @@ jobs: - uses: actions/checkout@v6 - uses: j178/prek-action@v1 with: - prek-version: '0.2.27' + prek-version: '0.3.3' From 207c3d97a58fe498fb549b2509c7fd85e47c4a1d Mon Sep 17 00:00:00 2001 From: Ed Page Date: Mon, 23 Feb 2026 16:55:27 -0600 Subject: [PATCH 04/20] chore(release): Make use of new template variable --- CHANGELOG.md | 2 +- Cargo.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5b7fa4c..ed49653 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,4 +8,4 @@ and this project adheres to [Semantic Versioning](https://semver.org/). ## [Unreleased] - ReleaseDate -[Unreleased]: https://github.com/rust-cli/argfile/compare/e7b7555...HEAD +[Unreleased]: https://github.com/ORG/PROJECT/compare/e7b7555...HEAD diff --git a/Cargo.toml b/Cargo.toml index 55d98ad..679d9e5 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -116,7 +116,7 @@ pre-release-replacements = [ {file="CHANGELOG.md", search="\\.\\.\\.HEAD", replace="...{{tag_name}}", exactly=1}, {file="CHANGELOG.md", search="ReleaseDate", replace="{{date}}", min=1}, {file="CHANGELOG.md", search="", replace="\n## [Unreleased] - ReleaseDate\n", exactly=1}, - {file="CHANGELOG.md", search="", replace="\n[Unreleased]: https://github.com/ORG/PROJECT/compare/{{tag_name}}...HEAD", exactly=1}, + {file="CHANGELOG.md", search="", replace="\n[Unreleased]: {{repository}}/compare/{{tag_name}}...HEAD", exactly=1}, ] [features] From 096034c719a8c9d04bcaf46850087d7247cd34aa Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 28 Feb 2026 06:02:36 +0000 Subject: [PATCH 05/20] chore(deps): Update Prek to v0.3.4 (#46) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Update | Change | |---|---|---| | [prek](https://redirect.github.com/j178/prek) | patch | `0.3.3` → `0.3.4` | --- ### Release Notes
j178/prek (prek) ### [`v0.3.4`](https://redirect.github.com/j178/prek/blob/HEAD/CHANGELOG.md#034) [Compare Source](https://redirect.github.com/j178/prek/compare/v0.3.3...v0.3.4) Released on 2026-02-28. ##### Enhancements - Allow `pass_filenames` to accept a positive integer ([#​1698](https://redirect.github.com/j178/prek/pull/1698)) - Install and compile gems in parallel ([#​1674](https://redirect.github.com/j178/prek/pull/1674)) - Sync identify file-type mappings with pre-commit identify ([#​1660](https://redirect.github.com/j178/prek/pull/1660)) - Use `--locked` for Rust `cargo install` commands ([#​1661](https://redirect.github.com/j178/prek/pull/1661)) - Add `PREK_MAX_CONCURRENCY` environment variable for configuring maximum concurrency ([#​1697](https://redirect.github.com/j178/prek/pull/1697)) - Add `PREK_LOG_TRUNCATE_LIMIT` environment variable for configuring log truncation ([#​1679](https://redirect.github.com/j178/prek/pull/1679)) - Add support for `python -m prek` ([#​1686](https://redirect.github.com/j178/prek/pull/1686)) ##### Bug fixes - Skip invalid Rust toolchains instead of failing ([#​1699](https://redirect.github.com/j178/prek/pull/1699)) ##### Performance - Bitset-based TagSet refactor: precompute tag masks and speed up hook type filtering ([#​1665](https://redirect.github.com/j178/prek/pull/1665)) ##### Documentation - Document `winget install j178.Prek` ([#​1670](https://redirect.github.com/j178/prek/pull/1670)) ##### Contributors - [@​uplsh580](https://redirect.github.com/uplsh580) - [@​Svecco](https://redirect.github.com/Svecco) - [@​dbast](https://redirect.github.com/dbast) - [@​drichardson](https://redirect.github.com/drichardson) - [@​JP-Ellis](https://redirect.github.com/JP-Ellis) - [@​j178](https://redirect.github.com/j178) - [@​is-alnilam](https://redirect.github.com/is-alnilam) - [@​copilot-swe-agent](https://redirect.github.com/copilot-swe-agent)
--- ### Configuration 📅 **Schedule**: Branch creation - Every minute ( * * * * * ) (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/epage/_rust). Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/pre-commit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index 3d5f0fe..03d02f5 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -25,4 +25,4 @@ jobs: - uses: actions/checkout@v6 - uses: j178/prek-action@v1 with: - prek-version: '0.3.3' + prek-version: '0.3.4' From 476c9552522e734d568bf4615087ae5959ce68ac Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 5 Mar 2026 20:10:25 +0000 Subject: [PATCH 06/20] chore(deps): Update Rust Stable to v1.94 (#49) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Update | Change | |---|---|---| | [STABLE](https://redirect.github.com/rust-lang/rust) | minor | `1.93` → `1.94` | --- ### Release Notes
rust-lang/rust (STABLE) ### [`v1.94`](https://redirect.github.com/rust-lang/rust/blob/HEAD/RELEASES.md#Version-1940-2026-03-05) [Compare Source](https://redirect.github.com/rust-lang/rust/compare/1.93.0...1.94.0) \========================== ## Language - [Impls and impl items inherit `dead_code` lint level of the corresponding traits and trait items](https://redirect.github.com/rust-lang/rust/pull/144113) - [Stabilize additional 29 RISC-V target features including large portions of the RVA22U64 / RVA23U64 profiles](https://redirect.github.com/rust-lang/rust/pull/145948) - [Add warn-by-default `unused_visibilities` lint for visibility on `const _` declarations](https://redirect.github.com/rust-lang/rust/pull/147136) - [Update to Unicode 17](https://redirect.github.com/rust-lang/rust/pull/148321) - [Avoid incorrect lifetime errors for closures](https://redirect.github.com/rust-lang/rust/pull/148329) ## Platform Support - [Add `riscv64im-unknown-none-elf` as a tier 3 target](https://redirect.github.com/rust-lang/rust/pull/148790) Refer to Rust's [platform support page][platform-support-doc] for more information on Rust's tiered platform support. [platform-support-doc]: https://doc.rust-lang.org/rustc/platform-support.html ## Libraries - [Relax `T: Ord` bound for some `BinaryHeap` methods.](https://redirect.github.com/rust-lang/rust/pull/149408) ## Stabilized APIs - [`<[T]>::array_windows`](https://doc.rust-lang.org/stable/std/primitive.slice.html#method.array_windows) - [`<[T]>::element_offset`](https://doc.rust-lang.org/stable/std/primitive.slice.html#method.element_offset) - [`LazyCell::get`](https://doc.rust-lang.org/stable/std/cell/struct.LazyCell.html#method.get) - [`LazyCell::get_mut`](https://doc.rust-lang.org/stable/std/cell/struct.LazyCell.html#method.get_mut) - [`LazyCell::force_mut`](https://doc.rust-lang.org/stable/std/cell/struct.LazyCell.html#method.force_mut) - [`LazyLock::get`](https://doc.rust-lang.org/stable/std/sync/struct.LazyLock.html#method.get) - [`LazyLock::get_mut`](https://doc.rust-lang.org/stable/std/sync/struct.LazyLock.html#method.get_mut) - [`LazyLock::force_mut`](https://doc.rust-lang.org/stable/std/sync/struct.LazyLock.html#method.force_mut) - [`impl TryFrom for usize`](https://doc.rust-lang.org/stable/std/convert/trait.TryFrom.html#impl-TryFrom%3Cchar%3E-for-usize) - [`std::iter::Peekable::next_if_map`](https://doc.rust-lang.org/stable/std/iter/struct.Peekable.html#method.next_if_map) - [`std::iter::Peekable::next_if_map_mut`](https://doc.rust-lang.org/stable/std/iter/struct.Peekable.html#method.next_if_map_mut) - [x86 `avx512fp16` intrinsics](https://redirect.github.com/rust-lang/rust/issues/127213) (excluding those that depend directly on the unstable `f16` type) - [AArch64 NEON fp16 intrinsics](https://redirect.github.com/rust-lang/rust/issues/136306) (excluding those that depend directly on the unstable `f16` type) - [`f32::consts::EULER_GAMMA`](https://doc.rust-lang.org/stable/std/f32/consts/constant.EULER_GAMMA.html) - [`f64::consts::EULER_GAMMA`](https://doc.rust-lang.org/stable/std/f64/consts/constant.EULER_GAMMA.html) - [`f32::consts::GOLDEN_RATIO`](https://doc.rust-lang.org/stable/std/f32/consts/constant.GOLDEN_RATIO.html) - [`f64::consts::GOLDEN_RATIO`](https://doc.rust-lang.org/stable/std/f64/consts/constant.GOLDEN_RATIO.html) These previously stable APIs are now stable in const contexts: - [`f32::mul_add`](https://doc.rust-lang.org/stable/std/primitive.f32.html#method.mul_add) - [`f64::mul_add`](https://doc.rust-lang.org/stable/std/primitive.f64.html#method.mul_add) ## Cargo - Stabilize the config include key. The top-level include config key allows loading additional config files, enabling better organization, sharing, and management of Cargo configurations across projects and environments. [docs](https://doc.rust-lang.org/nightly/cargo/reference/config.html#including-extra-configuration-files) [#​16284](https://redirect.github.com/rust-lang/cargo/pull/16284) - Stabilize the pubtime field in registry index. This records when a crate version was published and enables time-based dependency resolution in the future. Note that crates.io will gradually backfill existing packages when a new version is published. Not all crates have pubtime yet. [#​16369](https://redirect.github.com/rust-lang/cargo/pull/16369) [#​16372](https://redirect.github.com/rust-lang/cargo/pull/16372) - Cargo now parses [TOML v1.1](https://toml.io/en/v1.1.0) for manifests and configuration files. Note that using these features in Cargo.toml will raise your development MSRV, but the published manifest remains compatible with older parsers. [#​16415](https://redirect.github.com/rust-lang/cargo/pull/16415) - [Make `CARGO_BIN_EXE_` available at runtime ](https://redirect.github.com/rust-lang/cargo/pull/16421/) ## Compatibility Notes - [Forbid freely casting lifetime bounds of `dyn`-types](https://redirect.github.com/rust-lang/rust/pull/136776) - [Make closure capturing have consistent and correct behaviour around patterns](https://redirect.github.com/rust-lang/rust/pull/138961) Some finer details of how precise closure captures get affected by pattern matching have been changed. In some cases, this can cause a non-move closure that was previously capturing an entire variable by move, to now capture only part of that variable by move, and other parts by borrow. This can cause the borrow checker to complain where it previously didn't, or cause `Drop` to run at a different point in time. - [Standard library macros are now imported via prelude, not via injected `#[macro_use]`](https://redirect.github.com/rust-lang/rust/pull/139493) This will raise an error if macros of the same name are glob imported. For example if a crate defines their own `matches` macro and then glob imports that, it's now ambiguous whether the custom or standard library `matches` is meant and an explicit import of the name is required to resolve the ambiguity. One exception is `core::panic` and `std::panic`, if their import is ambiguous a new warning ([`ambiguous_panic_imports`](https://redirect.github.com/rust-lang/rust/issues/147319)) is raised. This may raise a new warning ([`ambiguous_panic_imports`](https://redirect.github.com/rust-lang/rust/issues/147319)) on `#![no_std]` code glob importing the std crate. Both `core::panic!` and `std::panic!` are then in scope and which is used is ambiguous. - [Don't strip shebang in expression-context `include!(…)`s](https://redirect.github.com/rust-lang/rust/pull/146377) This can cause previously working includes to no longer compile if they included files which started with a shebang. - [Ambiguous glob reexports are now also visible cross-crate](https://redirect.github.com/rust-lang/rust/pull/147984) This unifies behavior between local and cross-crate errors on these exports, which may introduce new ambiguity errors. - [Don't normalize where-clauses before checking well-formedness](https://redirect.github.com/rust-lang/rust/pull/148477) - [Introduce a future compatibility warning on codegen attributes on body-free trait methods](https://redirect.github.com/rust-lang/rust/pull/148756) These attributes currently have no effect in this position. - [On Windows `std::time::SystemTime::checked_sub_duration` will return `None` for times before the Windows epoch (1/1/1601)](https://redirect.github.com/rust-lang/rust/pull/148825) - [Lifetime identifiers such as `'a` are now NFC normalized](https://redirect.github.com/rust-lang/rust/pull/149192). - [Overhaul filename handling for cross-compiler consistency](https://redirect.github.com/rust-lang/rust/pull/149709) Any paths emitted by compiler now always respect the relative-ness of the paths and `--remap-path-prefix` given originally. One side-effect of this change is that paths emitted for local crates in Cargo (path dependencies and workspace members) are no longer absolute but relative when emitted as part of a diagnostic in a downstream crate. ## Internal Changes These changes do not affect any public interfaces of Rust, but they represent significant improvements to the performance or internals of rustc and related tools. - [Switch to `annotate-snippets` for error emission](https://redirect.github.com/rust-lang/rust/pull/150032) This should preserve mostly the same outputs in rustc error messages.
--- ### Configuration 📅 **Schedule**: Branch creation - Every minute ( * * * * * ) (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/epage/_rust). Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 72ec649..4ad9782 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -113,7 +113,7 @@ jobs: - name: Install Rust uses: dtolnay/rust-toolchain@stable with: - toolchain: "1.93" # STABLE + toolchain: "1.94" # STABLE - uses: Swatinem/rust-cache@v2 - name: Check documentation env: @@ -128,7 +128,7 @@ jobs: - name: Install Rust uses: dtolnay/rust-toolchain@stable with: - toolchain: "1.93" # STABLE + toolchain: "1.94" # STABLE components: rustfmt - uses: Swatinem/rust-cache@v2 - name: Check formatting @@ -144,7 +144,7 @@ jobs: - name: Install Rust uses: dtolnay/rust-toolchain@stable with: - toolchain: "1.93" # STABLE + toolchain: "1.94" # STABLE components: clippy - uses: Swatinem/rust-cache@v2 - name: Install SARIF tools From 5762560415a15bbeaf423590b62b1cb146732628 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 9 Mar 2026 12:40:56 +0000 Subject: [PATCH 07/20] chore(deps): Update Prek to v0.3.5 (#50) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Update | Change | |---|---|---| | [prek](https://redirect.github.com/j178/prek) | patch | `0.3.4` → `0.3.5` | --- ### Release Notes
j178/prek (prek) ### [`v0.3.5`](https://redirect.github.com/j178/prek/blob/HEAD/CHANGELOG.md#035) [Compare Source](https://redirect.github.com/j178/prek/compare/v0.3.4...v0.3.5) Released on 2026-03-09. ##### Enhancements - Add automatic Ruby download support using rv binaries ([#​1668](https://redirect.github.com/j178/prek/pull/1668)) - Adjust open file limit on process startup ([#​1705](https://redirect.github.com/j178/prek/pull/1705)) - Allow parallel gem retry ([#​1732](https://redirect.github.com/j178/prek/pull/1732)) - Enable system-proxy feature on reqwest ([#​1738](https://redirect.github.com/j178/prek/pull/1738)) - Expose `--git-dir` to force hook installation target ([#​1723](https://redirect.github.com/j178/prek/pull/1723)) - Pass `--quiet`, `--verbose`, and `--no-progress` through `prek install` into generated hook scripts ([#​1753](https://redirect.github.com/j178/prek/pull/1753)) - Respect `core.sharedRepository` for hook permissions ([#​1755](https://redirect.github.com/j178/prek/pull/1755)) - Support legacy mode hook script ([#​1706](https://redirect.github.com/j178/prek/pull/1706)) - rust: support `cli:` git dependency 4th segment package disambiguation ([#​1747](https://redirect.github.com/j178/prek/pull/1747)) ##### Bug fixes - Fix Python `__main__.py` entry ([#​1741](https://redirect.github.com/j178/prek/pull/1741)) - python: strip `UV_SYSTEM_PYTHON` from `uv venv` and `pip install` commands ([#​1756](https://redirect.github.com/j178/prek/pull/1756)) ##### Other changes - Sync latest identify tags ([#​1733](https://redirect.github.com/j178/prek/pull/1733)) ##### Contributors - [@​Dev-iL](https://redirect.github.com/Dev-iL) - [@​tennox](https://redirect.github.com/tennox) - [@​shaanmajid](https://redirect.github.com/shaanmajid) - [@​is-alnilam](https://redirect.github.com/is-alnilam) - [@​github-actions](https://redirect.github.com/github-actions) - [@​j178](https://redirect.github.com/j178)
--- ### Configuration 📅 **Schedule**: Branch creation - Every minute ( * * * * * ) (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/epage/_rust). Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/pre-commit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index 03d02f5..879f7df 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -25,4 +25,4 @@ jobs: - uses: actions/checkout@v6 - uses: j178/prek-action@v1 with: - prek-version: '0.3.4' + prek-version: '0.3.5' From dee0db54c1f12640975312f54ad046e3f9b7c21f Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 16 Mar 2026 10:39:52 +0000 Subject: [PATCH 08/20] chore(deps): Update Prek to v0.3.6 (#51) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Update | Change | |---|---|---| | [prek](https://redirect.github.com/j178/prek) | patch | `0.3.5` → `0.3.6` | --- ### Release Notes
j178/prek (prek) ### [`v0.3.6`](https://redirect.github.com/j178/prek/blob/HEAD/CHANGELOG.md#036) [Compare Source](https://redirect.github.com/j178/prek/compare/v0.3.5...v0.3.6) Released on 2026-03-16. ##### Enhancements - Allow selectors for hook ids containing colons ([#​1782](https://redirect.github.com/j178/prek/pull/1782)) - Rename `prek install-hooks` to `prek prepare-hooks` and `prek install --install-hooks` to `prek install --prepare-hooks` ([#​1766](https://redirect.github.com/j178/prek/pull/1766)) - Retry auth-failed repo clones with terminal prompts enabled ([#​1761](https://redirect.github.com/j178/prek/pull/1761)) ##### Performance - Optimize `detect_private_key` by chunked reading and using aho-corasick ([#​1791](https://redirect.github.com/j178/prek/pull/1791)) - Optimize `fix_byte_order_marker` by shifting file contents in place ([#​1790](https://redirect.github.com/j178/prek/pull/1790)) ##### Bug fixes - Align stage defaulting behavior with pre-commit ([#​1788](https://redirect.github.com/j178/prek/pull/1788)) - Make sure child output is drained in the PTY subprocess ([#​1768](https://redirect.github.com/j178/prek/pull/1768)) - fix(golang): use `GOTOOLCHAIN=local` when probing system go ([#​1797](https://redirect.github.com/j178/prek/pull/1797)) ##### Documentation - Disambiguate “hook” terminology by renaming "Git hooks" to "Git shims" ([#​1776](https://redirect.github.com/j178/prek/pull/1776)) - Document compatibility with pre-commit ([#​1767](https://redirect.github.com/j178/prek/pull/1767)) - Update configuration.md with TOML 1.1 notes ([#​1764](https://redirect.github.com/j178/prek/pull/1764)) ##### Other changes - Sync latest identify tags ([#​1798](https://redirect.github.com/j178/prek/pull/1798)) ##### Contributors - [@​github-actions](https://redirect.github.com/github-actions) - [@​j178](https://redirect.github.com/j178) - [@​pcastellazzi](https://redirect.github.com/pcastellazzi) - [@​deadnews](https://redirect.github.com/deadnews) - [@​copilot-swe-agent](https://redirect.github.com/copilot-swe-agent)
--- ### Configuration 📅 **Schedule**: Branch creation - Every minute ( * * * * * ) (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/epage/_rust). Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/pre-commit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index 879f7df..db605ea 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -25,4 +25,4 @@ jobs: - uses: actions/checkout@v6 - uses: j178/prek-action@v1 with: - prek-version: '0.3.5' + prek-version: '0.3.6' From 80afe4dbffac684bad6722559913860c215ea15a Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 23 Mar 2026 10:01:47 +0000 Subject: [PATCH 09/20] chore(deps): Update Prek to v0.3.8 (#52) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Update | Change | |---|---|---| | [prek](https://redirect.github.com/j178/prek) | patch | `0.3.6` → `0.3.8` | --- ### Release Notes
j178/prek (prek) ### [`v0.3.8`](https://redirect.github.com/j178/prek/blob/HEAD/CHANGELOG.md#038) [Compare Source](https://redirect.github.com/j178/prek/compare/v0.3.6...v0.3.8) Released on 2026-03-23. ##### Enhancements - Add experimental `language: deno` support ([#​1516](https://redirect.github.com/j178/prek/pull/1516)) - Add `pretty-format-json` as builtin hook ([#​915](https://redirect.github.com/j178/prek/pull/915)) - Add `check-vcs-permalinks` as builtin hook ([#​1842](https://redirect.github.com/j178/prek/pull/1842)) - Add `check-illegal-windows-names` as builtin hook ([#​1841](https://redirect.github.com/j178/prek/pull/1841)) - Add `check-shebang-scripts-are-executable` builtin hook ([#​1847](https://redirect.github.com/j178/prek/pull/1847)) - Add `destroyed-symlinks` builtin hook ([#​1851](https://redirect.github.com/j178/prek/pull/1851)) - Add `file-contents-sorter` as builtin hook ([#​1846](https://redirect.github.com/j178/prek/pull/1846)) - Add `--all` flag to `prek uninstall` ([#​1817](https://redirect.github.com/j178/prek/pull/1817)) - Improve file pattern parse errors ([#​1829](https://redirect.github.com/j178/prek/pull/1829)) - Validate `uv` binary after download ([#​1825](https://redirect.github.com/j178/prek/pull/1825)) ##### Bug fixes - Fix workspace-relative added file paths ([#​1852](https://redirect.github.com/j178/prek/pull/1852)) - Relax alias-anchor ratio check for check-yaml ([#​1839](https://redirect.github.com/j178/prek/pull/1839)) ##### Contributors - [@​j178](https://redirect.github.com/j178) - [@​shaanmajid](https://redirect.github.com/shaanmajid) - [@​mvanhorn](https://redirect.github.com/mvanhorn) - [@​feliblo](https://redirect.github.com/feliblo) - [@​Tiryoh](https://redirect.github.com/Tiryoh)
--- ### Configuration 📅 **Schedule**: Branch creation - Every minute ( * * * * * ) (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/epage/_rust). Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/pre-commit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index db605ea..caf4b4c 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -25,4 +25,4 @@ jobs: - uses: actions/checkout@v6 - uses: j178/prek-action@v1 with: - prek-version: '0.3.6' + prek-version: '0.3.8' From dcb79c9bfcffa941b05351ae3201e280eeda5b28 Mon Sep 17 00:00:00 2001 From: Ed Page Date: Fri, 27 Mar 2026 14:23:06 -0500 Subject: [PATCH 10/20] chore(ci): Pin actions --- .github/renovate.json5 | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/renovate.json5 b/.github/renovate.json5 index cf9d0bc..d880c30 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -1,4 +1,5 @@ { + extends: ["helpers:pinGitHubActionDigests"], schedule: [ 'before 5am on the first day of the month', ], From f1f2452ceb80116b840bd61cb095be9030e9e366 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 27 Mar 2026 19:27:03 +0000 Subject: [PATCH 11/20] chore(deps): Pin dependencies --- .github/workflows/audit.yml | 8 ++--- .github/workflows/ci.yml | 56 ++++++++++++++++---------------- .github/workflows/committed.yml | 4 +-- .github/workflows/pre-commit.yml | 4 +-- .github/workflows/rust-next.yml | 16 ++++----- .github/workflows/spelling.yml | 4 +-- .github/workflows/template.yml | 2 +- 7 files changed, 47 insertions(+), 47 deletions(-) diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml index 7446e08..7407583 100644 --- a/.github/workflows/audit.yml +++ b/.github/workflows/audit.yml @@ -31,8 +31,8 @@ jobs: continue-on-error: true steps: - name: Checkout repository - uses: actions/checkout@v6 - - uses: actions-rs/audit-check@v1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: actions-rs/audit-check@35b7b53b1e25b55642157ac01b4adceb5b9ebef3 # v1 with: token: ${{ secrets.GITHUB_TOKEN }} @@ -46,8 +46,8 @@ jobs: checks: - bans licenses sources steps: - - uses: actions/checkout@v6 - - uses: EmbarkStudios/cargo-deny-action@v2 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: EmbarkStudios/cargo-deny-action@3fd3802e88374d3fe9159b834c7714ec57d6c979 # v2 with: command: check ${{ matrix.checks }} rust-version: stable diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4ad9782..638fc3f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -43,13 +43,13 @@ jobs: CARGO_PROFILE_DEV_DEBUG: line-tables-only steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Install Rust - uses: dtolnay/rust-toolchain@stable + uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable with: toolchain: ${{ matrix.rust }} - - uses: Swatinem/rust-cache@v2 - - uses: taiki-e/install-action@cargo-hack + - uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2 + - uses: taiki-e/install-action@4448ce47d533cbe63d6dfafa732cf574a34606b5 # cargo-hack - name: Build run: cargo test --workspace --no-run - name: Test @@ -62,13 +62,13 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Install Rust - uses: dtolnay/rust-toolchain@stable + uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable with: toolchain: stable - - uses: Swatinem/rust-cache@v2 - - uses: taiki-e/install-action@cargo-hack + - uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2 + - uses: taiki-e/install-action@4448ce47d533cbe63d6dfafa732cf574a34606b5 # cargo-hack - name: Default features run: cargo hack check --each-feature --locked --rust-version --ignore-private --workspace --all-targets --keep-going minimal-versions: @@ -79,13 +79,13 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Install stable Rust - uses: dtolnay/rust-toolchain@stable + uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable with: toolchain: stable - name: Install nightly Rust - uses: dtolnay/rust-toolchain@stable + uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable with: toolchain: nightly - name: Downgrade dependencies to minimal versions @@ -96,12 +96,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Install Rust - uses: dtolnay/rust-toolchain@stable + uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable with: toolchain: stable - - uses: Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2 - name: "Is lockfile updated?" run: cargo update --workspace --locked docs: @@ -109,12 +109,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Install Rust - uses: dtolnay/rust-toolchain@stable + uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable with: toolchain: "1.94" # STABLE - - uses: Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2 - name: Check documentation env: RUSTDOCFLAGS: -D warnings @@ -124,13 +124,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Install Rust - uses: dtolnay/rust-toolchain@stable + uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable with: toolchain: "1.94" # STABLE components: rustfmt - - uses: Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2 - name: Check formatting run: cargo fmt --check clippy: @@ -140,13 +140,13 @@ jobs: security-events: write # to upload sarif results steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Install Rust - uses: dtolnay/rust-toolchain@stable + uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable with: toolchain: "1.94" # STABLE components: clippy - - uses: Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2 - name: Install SARIF tools run: cargo install clippy-sarif --locked - name: Install SARIF tools @@ -159,7 +159,7 @@ jobs: | sarif-fmt continue-on-error: true - name: Upload - uses: github/codeql-action/upload-sarif@v4 + uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4 with: sarif_file: clippy-results.sarif wait-for-processing: true @@ -170,17 +170,17 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Install Rust - uses: dtolnay/rust-toolchain@stable + uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable with: toolchain: stable - - uses: Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2 - name: Install cargo-tarpaulin run: cargo install cargo-tarpaulin - name: Gather coverage run: cargo tarpaulin --output-dir coverage --out lcov - name: Publish to Coveralls - uses: coverallsapp/github-action@master + uses: coverallsapp/github-action@09b709cf6a16e30b0808ba050c7a6e8a5ef13f8d # master with: github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/committed.yml b/.github/workflows/committed.yml index 9138a8e..655ec93 100644 --- a/.github/workflows/committed.yml +++ b/.github/workflows/committed.yml @@ -21,8 +21,8 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Actions Repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 - name: Lint Commits - uses: crate-ci/committed@master + uses: crate-ci/committed@4cd58ed75e5f581ba45f42ef52e055cc001def37 # master diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index caf4b4c..cd4443d 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -22,7 +22,7 @@ jobs: contents: read runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 - - uses: j178/prek-action@v1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: j178/prek-action@0bb87d7f00b0c99306c8bcb8b8beba1eb581c037 # v1 with: prek-version: '0.3.8' diff --git a/.github/workflows/rust-next.yml b/.github/workflows/rust-next.yml index 8e4a1e9..1e53d3a 100644 --- a/.github/workflows/rust-next.yml +++ b/.github/workflows/rust-next.yml @@ -33,13 +33,13 @@ jobs: CARGO_PROFILE_DEV_DEBUG: line-tables-only steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Install Rust - uses: dtolnay/rust-toolchain@stable + uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable with: toolchain: ${{ matrix.rust }} - - uses: Swatinem/rust-cache@v2 - - uses: taiki-e/install-action@cargo-hack + - uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2 + - uses: taiki-e/install-action@4448ce47d533cbe63d6dfafa732cf574a34606b5 # cargo-hack - name: Build run: cargo test --workspace --no-run - name: Test @@ -54,13 +54,13 @@ jobs: CARGO_RESOLVER_INCOMPATIBLE_RUST_VERSIONS: allow steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Install Rust - uses: dtolnay/rust-toolchain@stable + uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable with: toolchain: stable - - uses: Swatinem/rust-cache@v2 - - uses: taiki-e/install-action@cargo-hack + - uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2 + - uses: taiki-e/install-action@4448ce47d533cbe63d6dfafa732cf574a34606b5 # cargo-hack - name: Update dependencies run: cargo update - name: Build diff --git a/.github/workflows/spelling.yml b/.github/workflows/spelling.yml index cf4c1bf..baf93ba 100644 --- a/.github/workflows/spelling.yml +++ b/.github/workflows/spelling.yml @@ -20,6 +20,6 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Actions Repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Spell Check Repo - uses: crate-ci/typos@master + uses: crate-ci/typos@8f11c0dc0f31c780c45b3dd5b72ff4b48a350b75 # master diff --git a/.github/workflows/template.yml b/.github/workflows/template.yml index 1d4fd85..6603a78 100644 --- a/.github/workflows/template.yml +++ b/.github/workflows/template.yml @@ -28,7 +28,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 - name: Configure git From 4af143d0148e7c4f7c98cec3f76b61f260631e61 Mon Sep 17 00:00:00 2001 From: Ed Page Date: Fri, 27 Mar 2026 14:01:37 -0500 Subject: [PATCH 12/20] chore(ci): Don't persist git credentials by default --- .github/workflows/audit.yml | 4 ++++ .github/workflows/ci.yml | 16 ++++++++++++++++ .github/workflows/committed.yml | 1 + .github/workflows/pre-commit.yml | 2 ++ .github/workflows/rust-next.yml | 4 ++++ .github/workflows/spelling.yml | 2 ++ .github/workflows/template.yml | 1 + 7 files changed, 30 insertions(+) diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml index 7407583..f896104 100644 --- a/.github/workflows/audit.yml +++ b/.github/workflows/audit.yml @@ -32,6 +32,8 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false - uses: actions-rs/audit-check@35b7b53b1e25b55642157ac01b4adceb5b9ebef3 # v1 with: token: ${{ secrets.GITHUB_TOKEN }} @@ -47,6 +49,8 @@ jobs: - bans licenses sources steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false - uses: EmbarkStudios/cargo-deny-action@3fd3802e88374d3fe9159b834c7714ec57d6c979 # v2 with: command: check ${{ matrix.checks }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 638fc3f..a80c28b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -44,6 +44,8 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false - name: Install Rust uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable with: @@ -63,6 +65,8 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false - name: Install Rust uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable with: @@ -80,6 +84,8 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false - name: Install stable Rust uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable with: @@ -97,6 +103,8 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false - name: Install Rust uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable with: @@ -110,6 +118,8 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false - name: Install Rust uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable with: @@ -125,6 +135,8 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false - name: Install Rust uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable with: @@ -141,6 +153,8 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false - name: Install Rust uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable with: @@ -171,6 +185,8 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false - name: Install Rust uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable with: diff --git a/.github/workflows/committed.yml b/.github/workflows/committed.yml index 655ec93..755a367 100644 --- a/.github/workflows/committed.yml +++ b/.github/workflows/committed.yml @@ -24,5 +24,6 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 + persist-credentials: false - name: Lint Commits uses: crate-ci/committed@4cd58ed75e5f581ba45f42ef52e055cc001def37 # master diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index cd4443d..a5eaf13 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -23,6 +23,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false - uses: j178/prek-action@0bb87d7f00b0c99306c8bcb8b8beba1eb581c037 # v1 with: prek-version: '0.3.8' diff --git a/.github/workflows/rust-next.yml b/.github/workflows/rust-next.yml index 1e53d3a..c66dc21 100644 --- a/.github/workflows/rust-next.yml +++ b/.github/workflows/rust-next.yml @@ -34,6 +34,8 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false - name: Install Rust uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable with: @@ -55,6 +57,8 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false - name: Install Rust uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable with: diff --git a/.github/workflows/spelling.yml b/.github/workflows/spelling.yml index baf93ba..addbe4b 100644 --- a/.github/workflows/spelling.yml +++ b/.github/workflows/spelling.yml @@ -21,5 +21,7 @@ jobs: steps: - name: Checkout Actions Repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false - name: Spell Check Repo uses: crate-ci/typos@8f11c0dc0f31c780c45b3dd5b72ff4b48a350b75 # master diff --git a/.github/workflows/template.yml b/.github/workflows/template.yml index 6603a78..09da81c 100644 --- a/.github/workflows/template.yml +++ b/.github/workflows/template.yml @@ -31,6 +31,7 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 + persist-credentials: false - name: Configure git run: | git config --global user.name '${{ github.actor }}' From 3e98dbeebff3daa8dd02bb1c7a663b0a1f341a4c Mon Sep 17 00:00:00 2001 From: Ed Page Date: Fri, 27 Mar 2026 14:01:57 -0500 Subject: [PATCH 13/20] chore(ci): Use env instead of templates --- .github/workflows/template.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/template.yml b/.github/workflows/template.yml index 09da81c..c51104f 100644 --- a/.github/workflows/template.yml +++ b/.github/workflows/template.yml @@ -34,7 +34,7 @@ jobs: persist-credentials: false - name: Configure git run: | - git config --global user.name '${{ github.actor }}' + git config --global user.name '${GITHUB_ACTOR}' git config --global user.email '<>' - name: Fetch template run: "git remote add template ${{ env.TEMPLATE_URL }} && git fetch template ${{ env.TEMPLATE_BRANCH }}" From fb7a03078da87c16d0d27e107640ef7d602bc779 Mon Sep 17 00:00:00 2001 From: Ed Page Date: Fri, 27 Mar 2026 14:37:46 -0500 Subject: [PATCH 14/20] chore(ci): Switch from cargo-audit to cargo-deny --- .github/workflows/audit.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml index f896104..7749706 100644 --- a/.github/workflows/audit.yml +++ b/.github/workflows/audit.yml @@ -29,14 +29,18 @@ jobs: runs-on: ubuntu-latest # Prevent sudden announcement of a new advisory from failing ci: continue-on-error: true + strategy: + matrix: + checks: + - advisories steps: - - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: persist-credentials: false - - uses: actions-rs/audit-check@35b7b53b1e25b55642157ac01b4adceb5b9ebef3 # v1 + - uses: EmbarkStudios/cargo-deny-action@3fd3802e88374d3fe9159b834c7714ec57d6c979 # v2 with: - token: ${{ secrets.GITHUB_TOKEN }} + command: check ${{ matrix.checks }} + rust-version: stable cargo_deny: permissions: From e60a418c60abd4b31c719817620b79b21f89bc9f Mon Sep 17 00:00:00 2001 From: Ed Page Date: Fri, 27 Mar 2026 14:39:55 -0500 Subject: [PATCH 15/20] chore(ci): Adopt zizmor --- .github/workflows/audit.yml | 14 ++++++++++++++ .github/zizmor.yml | 4 ++++ 2 files changed, 18 insertions(+) create mode 100644 .github/zizmor.yml diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml index 7749706..ddbc9c9 100644 --- a/.github/workflows/audit.yml +++ b/.github/workflows/audit.yml @@ -59,3 +59,17 @@ jobs: with: command: check ${{ matrix.checks }} rust-version: stable + + actions: + runs-on: ubuntu-latest + permissions: + security-events: write + contents: read # only needed for private or internal repos + actions: read # only needed for private or internal repos + steps: + - name: Checkout repository + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - name: Run zizmor + uses: zizmorcore/zizmor-action@71321a20a9ded102f6e9ce5718a2fcec2c4f70d8 # v0.5.2 diff --git a/.github/zizmor.yml b/.github/zizmor.yml new file mode 100644 index 0000000..45aa9c9 --- /dev/null +++ b/.github/zizmor.yml @@ -0,0 +1,4 @@ +rules: + superfluous-actions: + # https://github.com/zizmorcore/zizmor/issues/1817 + disable: true From c00ccb718bbe9447ad2162d1d568cb665b34881b Mon Sep 17 00:00:00 2001 From: Ed Page Date: Fri, 27 Mar 2026 16:11:55 -0500 Subject: [PATCH 16/20] chore(ci): Fix content --- .github/workflows/audit.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml index ddbc9c9..6ad5fec 100644 --- a/.github/workflows/audit.yml +++ b/.github/workflows/audit.yml @@ -34,7 +34,8 @@ jobs: checks: - advisories steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - name: Checkout repository + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: persist-credentials: false - uses: EmbarkStudios/cargo-deny-action@3fd3802e88374d3fe9159b834c7714ec57d6c979 # v2 @@ -52,7 +53,8 @@ jobs: checks: - bans licenses sources steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - name: Checkout repository + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: persist-credentials: false - uses: EmbarkStudios/cargo-deny-action@3fd3802e88374d3fe9159b834c7714ec57d6c979 # v2 @@ -68,7 +70,7 @@ jobs: actions: read # only needed for private or internal repos steps: - name: Checkout repository - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: persist-credentials: false - name: Run zizmor From 509fb92da3800429c034a207059ad5410504392c Mon Sep 17 00:00:00 2001 From: Ed Page Date: Fri, 27 Mar 2026 16:13:06 -0500 Subject: [PATCH 17/20] chore(ci): Shorten workflow name --- .github/workflows/audit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml index 6ad5fec..399f90c 100644 --- a/.github/workflows/audit.yml +++ b/.github/workflows/audit.yml @@ -1,4 +1,4 @@ -name: Security audit +name: Audit permissions: contents: read From 616ecc0ab086297ff6f95008f15bad3135dd91bb Mon Sep 17 00:00:00 2001 From: Ed Page Date: Fri, 27 Mar 2026 16:15:53 -0500 Subject: [PATCH 18/20] chore(ci): Add a central audit job --- .github/workflows/audit.yml | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml index 399f90c..7342993 100644 --- a/.github/workflows/audit.yml +++ b/.github/workflows/audit.yml @@ -22,7 +22,18 @@ concurrency: cancel-in-progress: true jobs: - security_audit: + audit: + permissions: + contents: none + name: CI + needs: [advisories, cargo_deny, actions] + runs-on: ubuntu-latest + if: "always()" + steps: + - name: Failed + run: exit 1 + if: "contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') || contains(needs.*.result, 'skipped')" + advisories: permissions: issues: write # to create issues (actions-rs/audit-check) checks: write # to create check (actions-rs/audit-check) From e4210b94aed44f374a673a5b2aba4b2a2c5710fc Mon Sep 17 00:00:00 2001 From: Ed Page Date: Fri, 27 Mar 2026 16:16:29 -0500 Subject: [PATCH 19/20] chore(ci): Fix the audit display name --- .github/workflows/audit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml index 7342993..8e63c6f 100644 --- a/.github/workflows/audit.yml +++ b/.github/workflows/audit.yml @@ -25,7 +25,7 @@ jobs: audit: permissions: contents: none - name: CI + name: Audit needs: [advisories, cargo_deny, actions] runs-on: ubuntu-latest if: "always()" From 9eef9369a2571762eccf085c4c1991be867a205d Mon Sep 17 00:00:00 2001 From: Ed Page Date: Sat, 28 Mar 2026 09:34:16 -0500 Subject: [PATCH 20/20] chore(docs): Fix docs build --- src/lib.rs | 1 - 1 file changed, 1 deletion(-) diff --git a/src/lib.rs b/src/lib.rs index 7947627..41fc803 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -17,7 +17,6 @@ //! [ROFF]: https://en.wikipedia.org/wiki/Roff_(software) //! [groff(7)]: https://manpages.debian.org/bullseye/groff/groff.7.en.html -#![cfg_attr(docsrs, feature(doc_auto_cfg))] #![cfg_attr(docsrs, feature(doc_cfg))] #![warn(missing_docs)] #![warn(clippy::print_stderr)]