[easy][minor] Freeze ruff libraries to the REV that the TAG points to. #6375
Conversation
WalkthroughFour ruff-related dependencies in Changes
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~2 minutes
Poem
Pre-merge checks and finishing touches✅ Passed checks (3 passed)
✨ Finishing touches🧪 Generate unit tests (beta)
📜 Recent review detailsConfiguration used: Path: .coderabbit.yml Review profile: CHILL Plan: Pro ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (1)
🧰 Additional context used🧠 Learnings (1)📚 Learning: 2025-11-29T12:17:28.606ZApplied to files:
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
Cargo.toml (1)
154-157: Approve dependency pinning strategy.The conversion from tag-based to revision-based pinning across all four ruff crates is the correct approach to prevent the vendoring issues caused by moving tags. Using the same revision hash for all four interdependent crates ensures compatibility.
Consider adding a brief comment above these dependencies to document which upstream release this revision corresponds to, for future maintainers:
+# Pinned to revision of Ruff v0.14.1 tag for stable vendoring (tags can move/realias) +# See: https://github.com/astral-sh/ruff/releases/tag/0.14.1 ruff_python_parser = { git = "https://github.com/astral-sh/ruff.git", rev = "2bffef59665ce7d2630dfd72ee99846663660db8" }
📜 Review details
Configuration used: Path: .coderabbit.yml
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (1)
Cargo.lockis excluded by!**/*.lock
📒 Files selected for processing (1)
Cargo.toml(1 hunks)
🧰 Additional context used
🧠 Learnings (2)
📓 Common learnings
Learnt from: CR
Repo: RustPython/RustPython PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-11-29T12:17:28.606Z
Learning: Applies to Lib/**/*.py : Minimize modifications to CPython standard library files in the `Lib/` directory; modifications should be minimal and only to work around RustPython limitations
📚 Learning: 2025-11-29T12:17:28.606Z
Learnt from: CR
Repo: RustPython/RustPython PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-11-29T12:17:28.606Z
Learning: Applies to **/*.py : Use ruff for linting Python code
Applied to files:
Cargo.toml
| ruff_python_parser = { git = "https://github.com/astral-sh/ruff.git", rev = "2bffef59665ce7d2630dfd72ee99846663660db8" } | ||
| ruff_python_ast = { git = "https://github.com/astral-sh/ruff.git", rev = "2bffef59665ce7d2630dfd72ee99846663660db8" } | ||
| ruff_text_size = { git = "https://github.com/astral-sh/ruff.git", rev = "2bffef59665ce7d2630dfd72ee99846663660db8" } | ||
| ruff_source_file = { git = "https://github.com/astral-sh/ruff.git", rev = "2bffef59665ce7d2630dfd72ee99846663660db8" } |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Verify the revision hash in the ruff repository
# Check if the commit hash is accessible and what tag it belongs to
echo "=== Checking if commit hash exists in ruff repository ==="
git ls-remote https://github.com/astral-sh/ruff.git 2bffef59665ce7d2630dfd72ee99846663660db8 2>&1 | head -10
echo -e "\n=== Checking all tags pointing to or near this commit ==="
git ls-remote --tags https://github.com/astral-sh/ruff.git | grep -E "(0\.14|2bffef)" | head -20
echo -e "\n=== Confirming tag 0.14.1 exists ==="
git ls-remote --tags https://github.com/astral-sh/ruff.git refs/tags/0.14.1 2>&1
echo -e "\n=== Getting the commit hash of tag 0.14.1 ==="
git ls-remote --tags https://github.com/astral-sh/ruff.git refs/tags/0.14.1 2>&1 | awk '{print $1}'
echo -e "\n=== Checking recent tags ==="
git ls-remote --tags https://github.com/astral-sh/ruff.git | grep -E "^[a-f0-9]" | tail -20Repository: RustPython/RustPython
Length of output: 186
🌐 Web query:
ruff commit 2bffef59665ce7d2630dfd72ee99846663660db8 tag 0.14.1
💡 Result:
Yes — the GitHub release tag 0.14.1 points to commit 2bffef59665ce7d2630dfd72ee99846663660db8 (short: 2bffef5). Released Oct 16, 2025. [1][2]
Sources:
[1] GitHub release page for 0.14.1.
[2] Commit view (Bump 0.14.1 — 2bffef5).
🌐 Web query:
astral-sh ruff 0.14.1 release tag commit
💡 Result:
The 0.14.1 release tag points to commit 2bffef59665ce7d2630dfd72ee99846663660db8 (released 2025-10-16). [1][2]
Sources:
[1] astral-sh/ruff Releases (0.14.1).
[2] Commit 2bffef59665ce7d2630dfd72ee99846663660db8 on astral-sh/ruff.
🌐 Web query:
ruff Python linter version 0.14.1 release notes
💡 Result:
Ruff v0.14.1 — Release notes (released Oct 16, 2025)
- Preview features:
- formatter: remove parentheses around multiple exception types on Python 3.14+.
- flake8-bugbear: omit annotation in preview fix for B006.
- flake8-logging-format: avoid dropping implicitly concatenated pieces in G004 fix.
- pydoclint: add docstring-extraneous-parameter (DOC102).
- pyupgrade: extend UP019 to detect typing_extensions.Text; fix UP046 false negative for TypeVar with default in non-PEP695 generic classes.
- Bug fixes:
- Fix false negatives in truthiness analysis for lambdas, generators, and f-strings.
- Fix syntax-error false positives for escapes/quotes in f-strings and for parenthesized context managers.
- FastAPI, flake8-pyi, and ruff-specific diagnostic fixes (several rule-specific fixes).
- Rule changes:
- Add AIR301 warning for airflow.datasets.DatasetEvent usage.
- Mark B905 and B912 fixes as unsafe; more rules use DiagnosticTag (editor display changes).
- Documentation:
- Update Python compatibility to 3.14 in README; various docs updates and typos fixed.
- Other:
- Reduce binary size; improved error recovery for unclosed strings; install/download assets and installer commands included.
Sources: GitHub release notes for ruff 0.14.1. [1] Additional changelog mirror. [2]
References:
[1] GitHub — astral-sh/ruff: Release 0.14.1 (Oct 16, 2025).
[2] Ruff CHANGELOG / mirrors (0.14.1).
🌐 Web query:
ruff releases after 0.14.1 0.15 0.14.2 latest version 2025
💡 Result:
Ruff releases after 0.14.1 (Oct 16, 2025) in 2025:
- 0.14.2 — Oct 23, 2025. [1]
- 0.14.3 — Oct 30, 2025. [1]
- 0.14.4 — Nov 06, 2025. [1]
- 0.14.6 — Nov 21, 2025 (latest listed on the project releases page). [1]
There is no 0.15 release listed on the official releases page as of these entries. [1]
Source: Ruff releases (astral-sh/ruff) on GitHub. [1]
🌐 Web query:
astral-sh ruff latest release version December 2025
💡 Result:
The latest ruff release is v0.14.8 — released December 4, 2025. [1][2]
Sources:
[1] astral-sh/ruff Releases (GitHub).
[2] Astral — ruff / product site.
Update dependencies to the latest ruff patch version.
The revision hash 2bffef59665ce7d2630dfd72ee99846663660db8 correctly corresponds to tag 0.14.1. However, seven patch releases have been published since (0.14.2 through 0.14.8, released Dec 4, 2025). Consider updating to 0.14.8 or the latest stable patch to incorporate bug fixes and improvements from recent releases.
ShaharNaveh
left a comment
There was a problem hiding this comment.
Generally, I'm fine with this change. Can you please add the tag version as a comment? it will be easier to track which ruff version we use.
Ty:)
Tags can move and be re-aliased to different revisions, and this actually freezes the rev (similar to how a published crate would) so that it only applies to this specific commit hash.
youknowone
left a comment
There was a problem hiding this comment.
Thanks! I didn't know tag is possible to cause problems
|
Could you tell me what are you building with RustPython if you don't mind? Just in curiuos. |
Tags can move and be re-aliased to different revisions, and this actually freezes the rev (similar to how a published crate would) so that it only applies to this specific commit hash. (Tag release link: https://github.com/astral-sh/ruff/releases/tag/0.14.1)
This has caused some minor problems when vendoring sources where Ruff is used by other projects and is already pulled in by a rev, causing
cargo vendorto crash.Thanks for the awesome project!
Summary by CodeRabbit
✏️ Tip: You can customize this high-level summary in your review settings.