chore(deps): ignore rng major bumps pending convergence decision#258
Conversation
|
Warning Rate limit exceeded
⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (1)
✨ Finishing Touches🧪 Generate unit tests (beta)
📝 Coding Plan
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request addresses the ongoing churn from Dependabot's major version update suggestions for Highlights
Changelog
Activity
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
There was a problem hiding this comment.
Code Review
This pull request updates the Dependabot configuration to ignore major version updates for rand, rand_core, and rand_chacha. This change is intended to reduce noise from Dependabot PRs while a decision on the project's RNG dependency strategy is pending. The modification to .github/dependabot.yml correctly implements this by adding explicit ignore rules. I have added one suggestion to use YAML anchors to reduce repetition and improve the maintainability of the configuration file.
| ignore: | ||
| - dependency-name: "rand" | ||
| update-types: | ||
| - "version-update:semver-major" | ||
| - dependency-name: "rand_core" | ||
| update-types: | ||
| - "version-update:semver-major" | ||
| - dependency-name: "rand_chacha" | ||
| update-types: | ||
| - "version-update:semver-major" |
There was a problem hiding this comment.
To improve maintainability and reduce repetition, you can use YAML anchors and aliases. This keeps the list of ignored dependencies explicit while ensuring that if the update-types rule needs to change in the future, it only has to be modified in one place.
ignore:
- dependency-name: "rand"
update-types: &ignore_major_rng
- "version-update:semver-major"
- dependency-name: "rand_core"
update-types: *ignore_major_rng
- dependency-name: "rand_chacha"
update-types: *ignore_major_rng
Summary
Ignore Dependabot major-version bumps for
rand,rand_core, andrand_chachauntil the convergence decision in#257is made.Why
The current workspace intentionally keeps a split RNG topology:
Repeated major-bump PRs for these three crates just reopen the same deferred decision and add queue churn without changing policy.
Scope
.github/dependabot.ymlversion-update:semver-majorforrand,rand_core, andrand_chacha