Skip to content

chore(rust): handle ignored RUSTSEC-2025-0141 cargo check error#8235

Merged
IWANABETHATGUY merged 1 commit into
mainfrom
02-08-chore_rust_handle_ignored_rustsec-2025-0141_cargo_check_error
Feb 8, 2026
Merged

chore(rust): handle ignored RUSTSEC-2025-0141 cargo check error#8235
IWANABETHATGUY merged 1 commit into
mainfrom
02-08-chore_rust_handle_ignored_rustsec-2025-0141_cargo_check_error

Conversation

@hyf0

@hyf0 hyf0 commented Feb 8, 2026

Copy link
Copy Markdown
Member

No description provided.

@hyf0 hyf0 mentioned this pull request Feb 8, 2026
Merged
@hyf0 Graphite App

hyf0 commented Feb 8, 2026

Copy link
Copy Markdown
Member Author

How to use the Graphite Merge Queue

Add the label graphite: merge-when-ready to this PR to add it to the merge queue.

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has enabled the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

This stack of pull requests is managed by Graphite. Learn more about stacking.

@netlify

netlify Bot commented Feb 8, 2026
edited
Loading

Copy link
Copy Markdown

Deploy Preview for rolldown-rs canceled.

Name Link
🔨 Latest commit 2fea1ad
🔍 Latest deploy log https://app.netlify.com/projects/rolldown-rs/deploys/698829c3928e5f0008c26ffe

@hyf0 hyf0 marked this pull request as ready for review February 8, 2026 06:01
Copilot AI review requested due to automatic review settings February 8, 2026 06:01
Copilot AI reviewed Feb 8, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR aims to stop ignoring the RUSTSEC-2025-0141 advisory in cargo-deny and make Rust linting run cargo deny check locally, alongside updating the lockfile to newer dependency versions.

Changes:

  • Add cargo deny check to just lint-rust.
  • Remove the ignored advisory entry (RUSTSEC-2025-0141) from deny.toml.
  • Update Rust dependencies in Cargo.lock (notably time, time-core, num-conv).

Reviewed changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated 1 comment.

File Description
justfile Runs cargo deny check as part of Rust linting.
deny.toml Removes the ignore list entry for RUSTSEC-2025-0141.
Cargo.lock Bumps locked versions/checksums for dependencies related to the advisory cleanup.

Comment thread justfile Outdated
@hyf0 hyf0 force-pushed the 02-08-chore_rust_handle_ignored_rustsec-2025-0141_cargo_check_error branch from 4041c85 to 579fbc1 Compare February 8, 2026 06:12
Copilot AI review requested due to automatic review settings February 8, 2026 06:14
@hyf0 hyf0 force-pushed the 02-08-chore_rust_handle_ignored_rustsec-2025-0141_cargo_check_error branch from 579fbc1 to 2fea1ad Compare February 8, 2026 06:14
@hyf0 hyf0 requested a review from shulaoda February 8, 2026 06:15
Copilot AI reviewed Feb 8, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 2 changed files in this pull request and generated no new comments.

@github-actions

github-actions Bot commented Feb 8, 2026

Copy link
Copy Markdown
Contributor

Benchmarks Rust

  • target: main(1aaaef1)
  • pr: 02-08-chore_rust_handle_ignored_rustsec-2025-0141_cargo_check_error(2fea1ad)
group                                                        pr                                     target
-----                                                        --                                     ------
bundle/bundle@multi-duplicated-top-level-symbol              1.03     71.2±2.16ms        ? ?/sec    1.00     69.4±2.84ms        ? ?/sec
bundle/bundle@multi-duplicated-top-level-symbol-sourcemap    1.02     76.1±1.80ms        ? ?/sec    1.00     74.5±2.15ms        ? ?/sec
bundle/bundle@rome_ts                                        1.01    100.6±2.29ms        ? ?/sec    1.00    100.0±1.93ms        ? ?/sec
bundle/bundle@rome_ts-sourcemap                              1.02    112.7±3.05ms        ? ?/sec    1.00    110.9±1.99ms        ? ?/sec
bundle/bundle@threejs                                        1.01     35.7±1.18ms        ? ?/sec    1.00     35.4±0.99ms        ? ?/sec
bundle/bundle@threejs-sourcemap                              1.01     40.7±1.36ms        ? ?/sec    1.00     40.3±1.07ms        ? ?/sec
bundle/bundle@threejs10x                                     1.01    365.0±4.94ms        ? ?/sec    1.00    360.6±6.39ms        ? ?/sec
bundle/bundle@threejs10x-sourcemap                           1.01    421.5±4.75ms        ? ?/sec    1.00    417.3±4.10ms        ? ?/sec
scan/scan@rome_ts                                            1.02     81.1±1.69ms        ? ?/sec    1.00     79.3±1.47ms        ? ?/sec
scan/scan@threejs                                            1.00     28.2±1.64ms        ? ?/sec    1.01     28.3±1.50ms        ? ?/sec
scan/scan@threejs10x                                         1.00    286.8±5.12ms        ? ?/sec    1.00    287.4±4.23ms        ? ?/sec

@IWANABETHATGUY IWANABETHATGUY merged commit 1513dc1 into main Feb 8, 2026
42 checks passed
@IWANABETHATGUY IWANABETHATGUY deleted the 02-08-chore_rust_handle_ignored_rustsec-2025-0141_cargo_check_error branch February 8, 2026 06:30
This was referenced Feb 11, 2026
Closed
Merged
shulaoda added a commit that referenced this pull request Feb 11, 2026
@github-actions @shulaoda
release: v1.0.0-rc.4 (#8278)
179df16 
## [1.0.0-rc.4] - 2026-02-11

💡 Granular `comments` Option
- New `output.comments` option provides fine-grained control over comment preservation
- The `output.legalComments` option is now deprecated and use `comments.legal` instead

### 🚀 Features

- rename error name to `RolldownError` from `RollupError` (#8262) by @sapphi-red
- add hidden `resolve_tsconfig` function for Vite (#8257) by @sapphi-red
- rust: introduce `rolldown_watcher` (#8161) by @hyf0
- unify `comments` and `legalComments` into a single granular `comments` option (#8229) by @IWANABETHATGUY
- add builtin plugin for visualizing chunk graph (#8162) by @IWANABETHATGUY
- show import declaration location in AssignToImport errors (#8222) by @Copilot
- show import declaration span in CannotCallNamespace error (#8223) by @Copilot
- emit error when plugin accidentally removes runtime module symbols (#8203) by @IWANABETHATGUY
- support tsconfig loading & inputMap for `transform` (#8180) by @sapphi-red
- rolldown_plugin_vite_reporter: update warning message to link to Rolldown docs (#8205) by @sapphi-red

### 🐛 Bug Fixes

- avoid panic on untranspiled JSX syntax by reporting a diagnostic error (#8226) by @IWANABETHATGUY
- rolldown_plugin_vite_import_glob: relax absolute path check and improve invalid glob warning (#8219) by @shulaoda
- merge chunks after detect circular reference (#8154) by @IWANABETHATGUY
- rust: detect runtime module side effects based on its content (#8209) by @hyf0

### 🚜 Refactor

- rename `other` to `jsdoc` in comments options (#8256) by @IWANABETHATGUY
- rename chunk-visualize plugin with bundle-analyzer plugin (#8255) by @IWANABETHATGUY
- remove EXPORT_UNDEFINED_VARIABLE error (#8228) by @Copilot
- consolidate missing runtime symbol errors into a single diagnostic (#8220) by @IWANABETHATGUY
- stabilize `parse` and `parseSync` (#8215) by @sapphi-red
- return errors instead of panicking on builtin plugin conversion failure (#8217) by @shulaoda
- expose `parse` / `minify` / `transform` from `rolldown/utils` (#8214) by @sapphi-red
- prepare defer chunk merging (#8153) by @IWANABETHATGUY

### 📚 Documentation

- remove `<script>` escape behavior difference note from `platform` option (#8253) by @sapphi-red
- TypeScript & JSX support by plugins (#8183) by @sapphi-red

### 🧪 Testing

- ensure runtime module is preserved even if it's not used but has side effects (#8213) by @hyf0

### ⚙️ Miscellaneous Tasks

- deps: update oxc to v0.113.0 (#8267) by @renovate[bot]
- deps: update dependency oxlint-tsgolint to v0.12.0 (#8272) by @renovate[bot]
- deps: update oxc apps (#8269) by @renovate[bot]
- deps: update test262 submodule for tests (#8261) by @sapphi-red
- deps: update crate-ci/typos action to v1.43.4 (#8260) by @renovate[bot]
- deps: update dependency esbuild to v0.27.3 (#8250) by @renovate[bot]
- deps: update rust crates (#8244) by @renovate[bot]
- deps: update dependency semver to v7.7.4 (#8247) by @renovate[bot]
- deps: update github-actions (#8243) by @renovate[bot]
- deps: update npm packages (#8245) by @renovate[bot]
- deps: update oxc resolver to v11.17.1 (#8240) by @renovate[bot]
- deps: update rust crate oxc_sourcemap to v6.0.2 (#8241) by @renovate[bot]
- rust: handle ignored `RUSTSEC-2025-0141` cargo check error (#8235) by @hyf0
- deps: update dependency oxlint-tsgolint to v0.11.5 (#8233) by @renovate[bot]
- deps: update dependency rolldown-plugin-dts to ^0.22.0 (#8232) by @renovate[bot]
- deps: update crate-ci/typos action to v1.43.3 (#8225) by @renovate[bot]
- deps: update dependency rolldown-plugin-dts to v0.21.9 (#8224) by @renovate[bot]
- deps: update crate-ci/typos action to v1.43.2 (#8212) by @renovate[bot]
- remove rolldown_plugin_vite_wasm_helper (#8207) by @shulaoda
- build docs for production (#8206) by @sapphi-red

Co-authored-by: shulaoda <165626830+shulaoda@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@shulaoda shulaoda shulaoda approved these changes

Assignees

@hyf0 hyf0

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@hyf0 @shulaoda @IWANABETHATGUY