From 927128e856406eca7a4fc4d6ac1141a48592e71d Mon Sep 17 00:00:00 2001 From: Robert M1 <50460704+githubrobbi@users.noreply.github.com> Date: Tue, 9 Jun 2026 13:04:17 -0700 Subject: [PATCH 1/8] build(polars): depend on crates.io polars 0.54.4, drop git rev pin Replace the pinned pola-rs/polars git rev (0.53.0) with a plain crates.io SemVer dependency on polars 0.54.4. Polars 0.54.x ships the nightly std::simd / core::unicode patches the git rev carried and accepts modern chrono (workspace resolves 0.4.45), so the git source is no longer needed. Renames the 0.54 streaming feature (was new_streaming). Regenerates the lockfile to a registry source (zero git sources remain). Unblocks crates.io publishability (release-automation-plan deviation row 5). --- Cargo.lock | 151 ++++++++++++++++++++++------------ Cargo.toml | 4 +- crates/uffs-polars/Cargo.toml | 68 ++++++--------- 3 files changed, 125 insertions(+), 98 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 8de365506..b81816601 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2262,8 +2262,9 @@ dependencies = [ [[package]] name = "polars" -version = "0.53.0" -source = "git+https://github.com/pola-rs/polars?rev=1e9a63b95923291cd8849d70d96b8cec4e96da6a#1e9a63b95923291cd8849d70d96b8cec4e96da6a" +version = "0.54.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "82f1f122456ec136102033b13f71905b7c3f01e526642679c86aace9f9cdefde" dependencies = [ "getrandom 0.2.17", "getrandom 0.3.4", @@ -2286,8 +2287,9 @@ dependencies = [ [[package]] name = "polars-arrow" -version = "0.53.0" -source = "git+https://github.com/pola-rs/polars?rev=1e9a63b95923291cd8849d70d96b8cec4e96da6a#1e9a63b95923291cd8849d70d96b8cec4e96da6a" +version = "0.54.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "87d4892d5cc6461bb4a184d18e6fa03a5d316ee1d6de06a33dfa08d479fbc2db" dependencies = [ "atoi_simd", "bitflags", @@ -2328,10 +2330,31 @@ dependencies = [ "serde", ] +[[package]] +name = "polars-async" +version = "0.54.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "91e87f836190486f500b28347436985cc0af29b7a514e53f98840d396ce4d5f5" +dependencies = [ + "atomic-waker", + "crossbeam-channel", + "crossbeam-deque", + "crossbeam-utils", + "parking_lot", + "pin-project-lite", + "polars-config", + "polars-error", + "polars-utils", + "rand 0.9.4", + "slotmap", + "tokio", +] + [[package]] name = "polars-buffer" -version = "0.53.0" -source = "git+https://github.com/pola-rs/polars?rev=1e9a63b95923291cd8849d70d96b8cec4e96da6a#1e9a63b95923291cd8849d70d96b8cec4e96da6a" +version = "0.54.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e481eeaf33c544ac0dd71a2e375553ca2fdae47b3472a96eaccb6eb43218783d" dependencies = [ "bytemuck", "either", @@ -2342,8 +2365,9 @@ dependencies = [ [[package]] name = "polars-compute" -version = "0.53.0" -source = "git+https://github.com/pola-rs/polars?rev=1e9a63b95923291cd8849d70d96b8cec4e96da6a#1e9a63b95923291cd8849d70d96b8cec4e96da6a" +version = "0.54.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c55d41642a9ee887ac394c5a310af3256fa8340a86cde2cb624c515aa963461c" dependencies = [ "atoi_simd", "bytemuck", @@ -2368,8 +2392,9 @@ dependencies = [ [[package]] name = "polars-config" -version = "0.53.0" -source = "git+https://github.com/pola-rs/polars?rev=1e9a63b95923291cd8849d70d96b8cec4e96da6a#1e9a63b95923291cd8849d70d96b8cec4e96da6a" +version = "0.54.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "65af861341b00eac73bcb65423fb5cc3d2322526d6b7561a0ddf094947c38033" dependencies = [ "polars-error", "serde", @@ -2377,8 +2402,9 @@ dependencies = [ [[package]] name = "polars-core" -version = "0.53.0" -source = "git+https://github.com/pola-rs/polars?rev=1e9a63b95923291cd8849d70d96b8cec4e96da6a#1e9a63b95923291cd8849d70d96b8cec4e96da6a" +version = "0.54.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3e5924fc46306054bae78f9d35ea5e404cf185baa7f170eb55a16ff95191069c" dependencies = [ "bitflags", "boxcar", @@ -2393,6 +2419,7 @@ dependencies = [ "itoa", "num-traits", "polars-arrow", + "polars-async", "polars-buffer", "polars-compute", "polars-config", @@ -2408,6 +2435,7 @@ dependencies = [ "serde", "serde_json", "strum_macros", + "tokio", "uuid", "version_check", "xxhash-rust", @@ -2415,8 +2443,9 @@ dependencies = [ [[package]] name = "polars-dtype" -version = "0.53.0" -source = "git+https://github.com/pola-rs/polars?rev=1e9a63b95923291cd8849d70d96b8cec4e96da6a#1e9a63b95923291cd8849d70d96b8cec4e96da6a" +version = "0.54.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7b65a750bb99ea66be90c8a7e336f6f3a87427a0f7f89d2a40adae98314e9b27" dependencies = [ "boxcar", "hashbrown 0.16.1", @@ -2429,8 +2458,9 @@ dependencies = [ [[package]] name = "polars-error" -version = "0.53.0" -source = "git+https://github.com/pola-rs/polars?rev=1e9a63b95923291cd8849d70d96b8cec4e96da6a#1e9a63b95923291cd8849d70d96b8cec4e96da6a" +version = "0.54.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e49a75e3406b9b5b4e5ff177877fe0de766e9688fbdb263a7b25f293dc47d61a" dependencies = [ "object_store", "parking_lot", @@ -2442,8 +2472,9 @@ dependencies = [ [[package]] name = "polars-expr" -version = "0.53.0" -source = "git+https://github.com/pola-rs/polars?rev=1e9a63b95923291cd8849d70d96b8cec4e96da6a#1e9a63b95923291cd8849d70d96b8cec4e96da6a" +version = "0.54.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e21fdd37e8d9ef109f13d3454baffa0a57041cf60069123b8a2bd846c8ad0205" dependencies = [ "bitflags", "hashbrown 0.16.1", @@ -2468,8 +2499,9 @@ dependencies = [ [[package]] name = "polars-io" -version = "0.53.0" -source = "git+https://github.com/pola-rs/polars?rev=1e9a63b95923291cd8849d70d96b8cec4e96da6a#1e9a63b95923291cd8849d70d96b8cec4e96da6a" +version = "0.54.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6363a1c44a65fe8d73cce7fe4d77c9b6fea3a0da44007012e755e5b4e65aa078" dependencies = [ "async-trait", "atoi_simd", @@ -2478,6 +2510,7 @@ dependencies = [ "chrono", "chrono-tz", "fast-float2", + "fastrand", "fs4", "futures", "glob", @@ -2501,6 +2534,7 @@ dependencies = [ "polars-schema", "polars-time", "polars-utils", + "rand 0.9.4", "rayon", "regex", "reqwest", @@ -2514,8 +2548,9 @@ dependencies = [ [[package]] name = "polars-json" -version = "0.53.0" -source = "git+https://github.com/pola-rs/polars?rev=1e9a63b95923291cd8849d70d96b8cec4e96da6a#1e9a63b95923291cd8849d70d96b8cec4e96da6a" +version = "0.54.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1dca6cd170370ef7e189a4c362846c57553843653c3fe65aafe12ca77599987c" dependencies = [ "chrono", "chrono-tz", @@ -2535,8 +2570,9 @@ dependencies = [ [[package]] name = "polars-lazy" -version = "0.53.0" -source = "git+https://github.com/pola-rs/polars?rev=1e9a63b95923291cd8849d70d96b8cec4e96da6a#1e9a63b95923291cd8849d70d96b8cec4e96da6a" +version = "0.54.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "809d9590232a37d638337629c18279af97bdb0d17c3d8b2b6bb186e903e8bd5e" dependencies = [ "bitflags", "chrono", @@ -2545,6 +2581,7 @@ dependencies = [ "polars-arrow", "polars-buffer", "polars-compute", + "polars-config", "polars-core", "polars-expr", "polars-io", @@ -2561,8 +2598,9 @@ dependencies = [ [[package]] name = "polars-mem-engine" -version = "0.53.0" -source = "git+https://github.com/pola-rs/polars?rev=1e9a63b95923291cd8849d70d96b8cec4e96da6a#1e9a63b95923291cd8849d70d96b8cec4e96da6a" +version = "0.54.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f55c6b7d162c506bc8eee82b065fa0399ebcd20b8f08675a534f3d360904ba38" dependencies = [ "memmap2", "polars-arrow", @@ -2581,22 +2619,27 @@ dependencies = [ [[package]] name = "polars-ooc" -version = "0.53.0" -source = "git+https://github.com/pola-rs/polars?rev=1e9a63b95923291cd8849d70d96b8cec4e96da6a#1e9a63b95923291cd8849d70d96b8cec4e96da6a" +version = "0.54.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "78b3eea0b386837b760a97ec9c92df99cbc10f94885cae060fd7100f9b794163" dependencies = [ + "async-trait", "boxcar", "libc", + "polars-async", "polars-config", "polars-core", "polars-io", "polars-utils", + "thread_local", "tokio", ] [[package]] name = "polars-ops" -version = "0.53.0" -source = "git+https://github.com/pola-rs/polars?rev=1e9a63b95923291cd8849d70d96b8cec4e96da6a#1e9a63b95923291cd8849d70d96b8cec4e96da6a" +version = "0.54.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cb146490a717ac5ae4ff3a22a5adf3ebae79361f187b1f550f9e24783d7ad765" dependencies = [ "aho-corasick", "argminmax", @@ -2632,8 +2675,9 @@ dependencies = [ [[package]] name = "polars-parquet" -version = "0.53.0" -source = "git+https://github.com/pola-rs/polars?rev=1e9a63b95923291cd8849d70d96b8cec4e96da6a#1e9a63b95923291cd8849d70d96b8cec4e96da6a" +version = "0.54.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fd6b79ba2103c00cbb9c5dd4459ffff1d8ce15286c7a6d376a04c711df20d8b7" dependencies = [ "async-stream", "base64", @@ -2672,8 +2716,9 @@ dependencies = [ [[package]] name = "polars-plan" -version = "0.53.0" -source = "git+https://github.com/pola-rs/polars?rev=1e9a63b95923291cd8849d70d96b8cec4e96da6a#1e9a63b95923291cd8849d70d96b8cec4e96da6a" +version = "0.54.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2f5ccc230515adb10762a8c7b0df03fd88f3328deb5b60e9b1eeb2eceef4d344" dependencies = [ "bitflags", "blake3", @@ -2684,6 +2729,7 @@ dependencies = [ "either", "futures", "hashbrown 0.16.1", + "indexmap", "memmap2", "num-traits", "percent-encoding", @@ -2711,8 +2757,9 @@ dependencies = [ [[package]] name = "polars-row" -version = "0.53.0" -source = "git+https://github.com/pola-rs/polars?rev=1e9a63b95923291cd8849d70d96b8cec4e96da6a#1e9a63b95923291cd8849d70d96b8cec4e96da6a" +version = "0.54.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3d4e3254450024078e10c919ecd3b467bdcfdd5cf386c2ca6eedec89bd4771d2" dependencies = [ "bitflags", "bytemuck", @@ -2726,8 +2773,9 @@ dependencies = [ [[package]] name = "polars-schema" -version = "0.53.0" -source = "git+https://github.com/pola-rs/polars?rev=1e9a63b95923291cd8849d70d96b8cec4e96da6a#1e9a63b95923291cd8849d70d96b8cec4e96da6a" +version = "0.54.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6f8a0de8951d02576fd0cdcecd9c605a6b6364d3105b7469b8d7874ea34eea2f" dependencies = [ "indexmap", "polars-error", @@ -2738,8 +2786,9 @@ dependencies = [ [[package]] name = "polars-sql" -version = "0.53.0" -source = "git+https://github.com/pola-rs/polars?rev=1e9a63b95923291cd8849d70d96b8cec4e96da6a#1e9a63b95923291cd8849d70d96b8cec4e96da6a" +version = "0.54.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b282a6164927eb12774b66b071b773a1573173ae53758e8d4df50389ff06efa2" dependencies = [ "bitflags", "hex", @@ -2757,27 +2806,24 @@ dependencies = [ [[package]] name = "polars-stream" -version = "0.53.0" -source = "git+https://github.com/pola-rs/polars?rev=1e9a63b95923291cd8849d70d96b8cec4e96da6a#1e9a63b95923291cd8849d70d96b8cec4e96da6a" +version = "0.54.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cfa8ff4ee21799898579595a0ef2fb728d0a9cac3d061835fb7f7f6dd854734a" dependencies = [ "async-channel", "async-trait", - "atomic-waker", "bitflags", "bytes", "chrono-tz", "crossbeam-channel", - "crossbeam-deque", "crossbeam-queue", - "crossbeam-utils", "futures", "memchr", - "memmap2", "num-traits", "parking_lot", "percent-encoding", - "pin-project-lite", "polars-arrow", + "polars-async", "polars-buffer", "polars-compute", "polars-config", @@ -2793,7 +2839,6 @@ dependencies = [ "polars-plan", "polars-time", "polars-utils", - "rand 0.9.4", "rayon", "recursive", "slotmap", @@ -2804,8 +2849,9 @@ dependencies = [ [[package]] name = "polars-time" -version = "0.53.0" -source = "git+https://github.com/pola-rs/polars?rev=1e9a63b95923291cd8849d70d96b8cec4e96da6a#1e9a63b95923291cd8849d70d96b8cec4e96da6a" +version = "0.54.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e1063fe074c4212a54917be604377c6e6bfbc8b6c942a5c57be214e4ccaaafdf" dependencies = [ "atoi_simd", "bytemuck", @@ -2826,8 +2872,9 @@ dependencies = [ [[package]] name = "polars-utils" -version = "0.53.0" -source = "git+https://github.com/pola-rs/polars?rev=1e9a63b95923291cd8849d70d96b8cec4e96da6a#1e9a63b95923291cd8849d70d96b8cec4e96da6a" +version = "0.54.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "590b0a94aa8f97992d52f1198600ecc1c1f7cfa03c1b31cae057143455804ac0" dependencies = [ "argminmax", "bincode", diff --git a/Cargo.toml b/Cargo.toml index 03ec141d1..314fd54d8 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -145,8 +145,8 @@ uffs-broker-protocol = { path = "crates/uffs-broker-protocol", version = "0.5.12 # workspace member as a library. # ───── Polars (via facade crate for compilation isolation) ───── -# Polars is pinned to a specific commit in crates/uffs-polars/Cargo.toml (rev = "..."). -# Run `just polars` to bump to the latest main HEAD. +# Polars is a crates.io dependency pinned by SemVer in +# crates/uffs-polars/Cargo.toml. Bump with `cargo update -p polars`. # ───── Async Runtime ───── # Net-free feature set so the CLI binary does not pull in `ws2_32.dll` diff --git a/crates/uffs-polars/Cargo.toml b/crates/uffs-polars/Cargo.toml index 94c06a709..f56936836 100644 --- a/crates/uffs-polars/Cargo.toml +++ b/crates/uffs-polars/Cargo.toml @@ -11,9 +11,10 @@ # # All other crates depend on this instead of Polars directly. # -# NOTE: Polars is pinned to a specific main branch commit for deterministic builds. -# Run `just polars` to bump to the latest main HEAD. -# This avoids surprise recompiles while keeping upgrades intentional. +# NOTE: Polars is a normal crates.io dependency pinned by SemVer in the +# [dependencies] section below. Bump intentionally with +# `cargo update -p polars` (within the version requirement) or by +# editing the requirement for a major jump. # ============================================================================ [package] @@ -28,21 +29,10 @@ readme.workspace = true keywords.workspace = true categories.workspace = true -# Phase R6→R8 deviation row 5 — polars-subtree publishability deferred. -# This crate carries the polars `git/rev` pin -# (`https://github.com/pola-rs/polars`, rev `1e9a63b9...`) whose -# polars-arrow declares `chrono ^0.4.42`, while crates.io polars-arrow -# 0.53.0 declares `chrono <=0.4.41`. These are mutually exclusive: no -# chrono version satisfies both, so `cargo package` (which simulates -# crates.io publishing by stripping git rev info) hard-fails. Path B-i -# (drop the git rev, use crates.io polars 0.53.0 directly) was probed -# on 2026-05-08 and rejected: crates.io polars 0.53.0 has accumulated -# multiple nightly-rust-API regressions (std::simd::LaneCount in -# polars-arrow's bitmap.rs, core::unicode::Cased in polars-ops's -# case.rs, …) that the git rev was actively patching. Until polars -# upstream publishes a release with those patches, this crate cannot -# ship to crates.io. See `docs/architecture/release-automation-plan.md` -# deviation log row 5 for the full trail. +# Publishable: this crate now depends on a plain crates.io polars +# release (0.54.x), so `cargo package` no longer hits the old polars +# git-rev / chrono-constraint clash that previously blocked publishing +# (release-automation-plan.md deviation row 5 — now resolved). publish.workspace = true # Phase R6 of `release-automation-plan.md` step 3 — docs.rs build config. @@ -67,35 +57,25 @@ test = false # ────────────────────────────────────────────────────────────────────────────── [dependencies] # ONLY Polars — all other dependencies provided by consuming crates. -# Pinned to a specific commit on main. Bump via: just polars # -# `version = "0.53.0"` is REQUIRED in addition to `git/rev` so that -# `cargo package` (invoked by release-plz `update`) can validate this -# manifest. Without `version =`, cargo refuses to package any crate -# that has unversioned dependencies (path, git, or otherwise). +# Sourced from crates.io (no git/rev). Bump with a deliberate +# `cargo update -p polars` (patch/minor within the `0.54` requirement) +# or by editing the version requirement below for a major jump. # -# Local-build semantics: cargo uses the git/rev source. The `version` -# field is a verification hint — cargo confirms the resolved git source -# claims a Cargo.toml version that satisfies the requirement (`= 0.53.0` -# matches the polars Cargo.toml at the pinned rev). -# -# Publish semantics (R8+ when `uffs-polars` ships to crates.io): cargo -# strips the `git/rev` and emits only `polars = "0.53.0"`. Consumers -# installing `uffs-polars` from crates.io get crates.io polars 0.53.0, -# NOT our pinned rev. This is a known divergence — the rev pin exists -# for deterministic in-workspace builds with the specific feature set -# below; published consumers fall back to whatever 0.53.0 features -# crates.io polars exposes. R8 dress rehearsal will surface any -# real-world incompatibility (most likely we'd flip to a published -# polars version then or mark `uffs-polars` `publish = false`). -polars = { git = "https://github.com/pola-rs/polars", rev = "1e9a63b95923291cd8849d70d96b8cec4e96da6a", version = "0.53.0", default-features = false, features = [ +# History: we previously pinned a `git` + `rev` on `pola-rs/polars` main +# because the published 0.53.0 lacked nightly-Rust API patches and its +# polars-arrow declared `chrono ^0.4.42` (clashing with crates.io +# polars-arrow 0.53.0's `chrono <=0.4.41`), which broke `cargo package`. +# polars 0.54.x ships those patches and accepts modern chrono, so the +# git source — and the whole track-upstream-main machinery — is retired. +polars = { version = "0.54.4", default-features = false, features = [ # ===== Core ===== - "lazy", # Lazy evaluation (query optimization) - "new_streaming", # Streaming engine for large queries - "performant", # Internal performance optimizations - "serde", # Serialization (compact index wire format) - "nightly", # Nightly Rust features - "simd", # SIMD vectorization + "lazy", # Lazy evaluation (query optimization) + "streaming", # Streaming engine for large queries (was `new_streaming` in 0.53) + "performant", # Internal performance optimizations + "serde", # Serialization (compact index wire format) + "nightly", # Nightly Rust features + "simd", # SIMD vectorization # ===== Data Types (replaces blanket "dtype-full") ===== "dtype-u8", # UInt8 — flags column From cad964be1e92d5d3663fac30c7cdf6659dd5c370 Mon Sep 17 00:00:00 2001 From: Robert M1 <50460704+githubrobbi@users.noreply.github.com> Date: Tue, 9 Jun 2026 13:06:59 -0700 Subject: [PATCH 2/8] fix(core): adapt to polars 0.54 API changes Two breaking changes in polars 0.54: - LazyFrame::with_new_streaming was renamed to with_streaming. - &ChunkedArray no longer implements IntoIterator; replace .into_iter() with .iter() (same Option item type) across uffs-core and uffs-diag iteration sites. No behavioural change; verified by cargo nextest (1998 passed). --- crates/uffs-core/src/compiled_pattern/tests.rs | 7 +------ crates/uffs-core/src/extensions/mod.rs | 2 +- crates/uffs-core/src/path_resolver/fast.rs | 16 ++++++++-------- crates/uffs-core/src/path_resolver/legacy.rs | 2 +- crates/uffs-core/src/path_resolver/tests.rs | 2 +- crates/uffs-core/src/query/operations.rs | 2 +- crates/uffs-diag/src/bin/analyze_diff.rs | 6 +++--- crates/uffs-diag/src/bin/analyze_mft_parents.rs | 8 ++++---- crates/uffs-diag/src/bin/compare_scan_parity.rs | 7 ++----- .../src/bin/cross_check_mft_reference.rs | 6 +++--- 10 files changed, 25 insertions(+), 33 deletions(-) diff --git a/crates/uffs-core/src/compiled_pattern/tests.rs b/crates/uffs-core/src/compiled_pattern/tests.rs index 22ba672da..963a1fd8a 100644 --- a/crates/uffs-core/src/compiled_pattern/tests.rs +++ b/crates/uffs-core/src/compiled_pattern/tests.rs @@ -429,12 +429,7 @@ fn dollar_prefix_files_matched() -> TestResult { ); // Verify $I07QSZ8.txt is in the results - let matched_names: Vec<&str> = result - .column("name")? - .str()? - .into_iter() - .flatten() - .collect(); + let matched_names: Vec<&str> = result.column("name")?.str()?.iter().flatten().collect(); assert!( matched_names.contains(&"$I07QSZ8.txt") || matched_names.contains(&"$i07qsz8.txt"), "Should include $I07QSZ8.txt: {matched_names:?}" diff --git a/crates/uffs-core/src/extensions/mod.rs b/crates/uffs-core/src/extensions/mod.rs index 062b63043..01e3950dc 100644 --- a/crates/uffs-core/src/extensions/mod.rs +++ b/crates/uffs-core/src/extensions/mod.rs @@ -328,7 +328,7 @@ impl ExtensionIndex { let mut index: HashMap> = HashMap::new(); let mut total_files = 0; - for (frs_opt, name_opt) in frs_col.into_iter().zip(name_col) { + for (frs_opt, name_opt) in frs_col.iter().zip(name_col.iter()) { let Some(frs) = frs_opt else { continue }; let Some(name) = name_opt else { continue }; diff --git a/crates/uffs-core/src/path_resolver/fast.rs b/crates/uffs-core/src/path_resolver/fast.rs index d307f6b80..f145ed9f6 100644 --- a/crates/uffs-core/src/path_resolver/fast.rs +++ b/crates/uffs-core/src/path_resolver/fast.rs @@ -105,7 +105,7 @@ impl FastPathResolver { let name_col = df.column("name")?.str()?; // Find max FRS to size the Vec - let max_frs = frs_col.into_iter().flatten().max().unwrap_or(0); + let max_frs = frs_col.iter().flatten().max().unwrap_or(0); // Estimate name arena size (average 20 bytes per name) let estimated_name_bytes = df.height() * 20; @@ -267,7 +267,7 @@ impl FastPathResolver { let frs_col = df.column("frs")?.u64()?; let paths: Vec = frs_col - .into_iter() + .iter() .map(|frs| { frs.map_or_else( || "".to_owned(), @@ -299,7 +299,7 @@ impl FastPathResolver { let frs_col = df.column("frs")?.u64()?; // Collect FRS values to a Vec for parallel iteration - let frs_values: Vec> = frs_col.into_iter().collect(); + let frs_values: Vec> = frs_col.iter().collect(); // Resolve paths in parallel let paths: Vec = frs_values @@ -348,12 +348,12 @@ impl FastPathResolver { let stream_name_col = df.column("stream_name").ok().and_then(|col| col.str().ok()); // Collect values for parallel iteration - let parent_frs_values: Vec> = parent_frs_col.into_iter().collect(); - let name_values: Vec> = name_col.into_iter().collect(); - let is_dir_values: Vec> = is_dir_col.into_iter().collect(); + let parent_frs_values: Vec> = parent_frs_col.iter().collect(); + let name_values: Vec> = name_col.iter().collect(); + let is_dir_values: Vec> = is_dir_col.iter().collect(); let stream_names: Vec> = stream_name_col.map_or_else( || vec![None; parent_frs_values.len()], - |col| col.into_iter().collect(), + |col| col.iter().collect(), ); // Resolve paths in parallel: parent_path + name + optional stream @@ -445,7 +445,7 @@ pub fn add_path_only_column(df: &DataFrame) -> Result { let path_col = df.column("path")?.str()?; let path_only: Vec = path_col - .into_iter() + .iter() .map(|path_opt| { path_opt.map_or_else(String::new, |path| { // Find the last backslash - use get() for safe UTF-8 slicing diff --git a/crates/uffs-core/src/path_resolver/legacy.rs b/crates/uffs-core/src/path_resolver/legacy.rs index 55b2be46f..5fc9364e7 100644 --- a/crates/uffs-core/src/path_resolver/legacy.rs +++ b/crates/uffs-core/src/path_resolver/legacy.rs @@ -118,7 +118,7 @@ impl PathResolver { let frs_col = df.column("frs")?.u64()?; let paths: Vec = frs_col - .into_iter() + .iter() .map(|frs| { frs.map_or_else( || "".to_owned(), diff --git a/crates/uffs-core/src/path_resolver/tests.rs b/crates/uffs-core/src/path_resolver/tests.rs index a25489c79..bea774728 100644 --- a/crates/uffs-core/src/path_resolver/tests.rs +++ b/crates/uffs-core/src/path_resolver/tests.rs @@ -168,7 +168,7 @@ fn fast_add_path_column_parallel() -> TestResult { let path_col = result.column("path")?.str()?; // Check that paths are resolved correctly - let paths: Vec<_> = path_col.into_iter().collect(); + let paths: Vec<_> = path_col.iter().collect(); assert!( paths .iter() diff --git a/crates/uffs-core/src/query/operations.rs b/crates/uffs-core/src/query/operations.rs index 2b9f2f9db..d09e23f6a 100644 --- a/crates/uffs-core/src/query/operations.rs +++ b/crates/uffs-core/src/query/operations.rs @@ -94,7 +94,7 @@ impl MftQuery { /// Returns an error if query execution fails. pub fn collect_streaming(self) -> Result { self.lazy - .with_new_streaming(true) + .with_streaming(true) .collect() .map_err(CoreError::from) } diff --git a/crates/uffs-diag/src/bin/analyze_diff.rs b/crates/uffs-diag/src/bin/analyze_diff.rs index f60240e23..38d79ac82 100644 --- a/crates/uffs-diag/src/bin/analyze_diff.rs +++ b/crates/uffs-diag/src/bin/analyze_diff.rs @@ -104,7 +104,7 @@ fn load_csv(path: &Path, name: &str) -> Result { fn normalize_paths(input_df: &DataFrame) -> Result { let path_col = input_df.column("Path")?.str()?; let normalized: StringChunked = path_col - .into_iter() + .iter() .map(|opt: Option<&str>| opt.map(|val| val.to_lowercase().replace('\\', "/"))) .collect(); @@ -230,14 +230,14 @@ fn main() -> Result<()> { let reference_paths: HashSet = reference .column("path_norm")? .str()? - .into_iter() + .iter() .filter_map(|opt_str: Option<&str>| opt_str.map(String::from)) .collect(); let rust_paths: HashSet = rust .column("path_norm")? .str()? - .into_iter() + .iter() .filter_map(|opt_str: Option<&str>| opt_str.map(String::from)) .collect(); diff --git a/crates/uffs-diag/src/bin/analyze_mft_parents.rs b/crates/uffs-diag/src/bin/analyze_mft_parents.rs index f74a9d76d..0b801365e 100644 --- a/crates/uffs-diag/src/bin/analyze_mft_parents.rs +++ b/crates/uffs-diag/src/bin/analyze_mft_parents.rs @@ -126,12 +126,12 @@ fn analyze_parents(df: &DataFrame) -> Result<()> { println!("\nDistinct FRS / parent_frs / dirs:"); let mut frs_set = HashSet::with_capacity(frs_col.len()); - for frs_value in frs_col.into_iter().flatten() { + for frs_value in frs_col.iter().flatten() { frs_set.insert(frs_value); } let mut parent_set = BTreeSet::new(); - for parent_value in parent_col.into_iter().flatten() { + for parent_value in parent_col.iter().flatten() { // Skip root/sentinel parents (0) if present if parent_value != 0 { parent_set.insert(parent_value); @@ -140,7 +140,7 @@ fn analyze_parents(df: &DataFrame) -> Result<()> { let mut dir_set = HashSet::new(); if let Some(is_directory_series) = is_dir_col { - for (idx, is_directory_opt) in is_directory_series.into_iter().enumerate() { + for (idx, is_directory_opt) in is_directory_series.iter().enumerate() { if is_directory_opt == Some(true) && let Some(frs) = frs_col.get(idx) { @@ -215,7 +215,7 @@ fn print_missing_parent_details(missing_parents: &[u64], parent_col: &UInt64Chun let missing_set: HashSet = missing_parents.iter().copied().collect(); let mut child_counts: BTreeMap = BTreeMap::new(); - for parent_value in parent_col.into_iter().flatten() { + for parent_value in parent_col.iter().flatten() { if missing_set.contains(&parent_value) { *child_counts.entry(parent_value).or_insert(0) += 1; } diff --git a/crates/uffs-diag/src/bin/compare_scan_parity.rs b/crates/uffs-diag/src/bin/compare_scan_parity.rs index 43b65976d..781c48ca3 100644 --- a/crates/uffs-diag/src/bin/compare_scan_parity.rs +++ b/crates/uffs-diag/src/bin/compare_scan_parity.rs @@ -155,10 +155,7 @@ fn add_normalized_paths(df: &DataFrame) -> Result { let path_col = df.column("Path").or_else(|_| df.column("path"))?; let path_str = path_col.str()?; - let normalized: StringChunked = path_str - .into_iter() - .map(|opt| opt.map(normalize_path)) - .collect(); + let normalized: StringChunked = path_str.iter().map(|opt| opt.map(normalize_path)).collect(); let mut result = df.clone(); result.with_column(uffs_polars::Column::new( @@ -192,7 +189,7 @@ fn build_path_map(df: &DataFrame) -> Result> { let path_col = df.column("path_norm")?.str()?; let mut map = HashMap::with_capacity(df.height()); - for (idx, opt_path) in path_col.into_iter().enumerate() { + for (idx, opt_path) in path_col.iter().enumerate() { if let Some(path) = opt_path { map.insert(path.to_string(), idx); } diff --git a/crates/uffs-diag/src/bin/cross_check_mft_reference.rs b/crates/uffs-diag/src/bin/cross_check_mft_reference.rs index 5041694ea..77414ee40 100644 --- a/crates/uffs-diag/src/bin/cross_check_mft_reference.rs +++ b/crates/uffs-diag/src/bin/cross_check_mft_reference.rs @@ -234,7 +234,7 @@ fn summarize_directory_agreement(df: &DataFrame) -> Result<()> { .context("base_file_record_segment is not UInt64-compatible")?; let bools: BooleanChunked = base_seg - .into_iter() + .iter() .map(|opt_v| opt_v == Some(0)) .collect::() .with_name("is_base_record_parquet".into()); @@ -310,7 +310,7 @@ fn print_focus_frs(df: &DataFrame, frs_values: &[u64]) -> Result<()> { .context("Column 'frs' is not UInt64")?; let mask: BooleanChunked = frs_col - .into_iter() + .iter() .map(|opt_v| opt_v.map(|value| value == target)) .collect(); @@ -463,7 +463,7 @@ fn filter_by_u64_eq(df: &DataFrame, column: &str, target: u64) -> Result Date: Tue, 9 Jun 2026 13:09:08 -0700 Subject: [PATCH 3/8] chore(ci): retire polars track-upstream-main machinery Polars is now a crates.io SemVer dependency, so there is no main HEAD to chase. Remove update_polars_git() + the STEP_UPDATE_POLARS ship step (scripts/ci-pipeline) and replace the 'just polars' git-HEAD bump recipe with a crates.io SemVer bump. Ship-pipeline step numbering is preserved, matching the existing 08/09 retirement convention. --- just/build.just | 4 +- just/help.just | 2 +- just/test.just | 48 ++++----------- scripts/ci-pipeline/src/ship.rs | 8 +-- scripts/ci-pipeline/src/version.rs | 93 ----------------------------- scripts/ci-pipeline/src/workflow.rs | 7 ++- 6 files changed, 20 insertions(+), 142 deletions(-) diff --git a/just/build.just b/just/build.just index b5a30e1f1..b27cad4ca 100644 --- a/just/build.just +++ b/just/build.just @@ -680,8 +680,8 @@ use: # Reset local `main` to `origin/main`, discarding any uncommitted edits. # # Motivation: `cargo build` rewrites `Cargo.lock` whenever a transitive -# dep resolves differently (mtime-driven re-resolution, polars git pin -# updates, etc.). After a `just ship` upstream the lockfile has moved, +# dep resolves differently (mtime-driven re-resolution, dependency +# bumps, etc.). After a `just ship` upstream the lockfile has moved, # so a plain `git pull` aborts with: # "Your local changes to the following files would be overwritten # by merge: Cargo.lock" diff --git a/just/help.just b/just/help.just index 75ab26a04..3250d6e71 100644 --- a/just/help.just +++ b/just/help.just @@ -33,7 +33,7 @@ _default-help: @echo " just setup First-time dev environment setup" @echo " just update-tools Update all tools (Rust, cargo, brew/winget)" @echo " just dev Watch mode (test + clippy on save)" - @echo " just polars Bump Polars to latest main HEAD" + @echo " just polars Bump Polars within its crates.io SemVer requirement" @echo " just update-deps Update all workspace dependencies" @echo " just clean Clean build artifacts" @echo "" diff --git a/just/test.just b/just/test.just index ccce80cab..f13c38076 100644 --- a/just/test.just +++ b/just/test.just @@ -527,53 +527,27 @@ check-quick: @printf "\033[0;34m⚡ Quick validation (development speed)...\033[0m\n" cargo check --workspace -# Bump Polars to latest main HEAD (updates rev= hash, refreshes lockfile, checks build). +# Bump Polars within the SemVer requirement in crates/uffs-polars/Cargo.toml +# (crates.io source). For a major/minor jump, edit the `version = "..."` +# requirement there first, then run this to refresh the lockfile + build. polars: #!/usr/bin/env bash set -euo pipefail - printf "\033[0;34m📦 Bumping Polars to latest main HEAD...\033[0m\n" + printf "\033[0;34m📦 Updating Polars within its crates.io SemVer requirement...\033[0m\n" - NEW_REV=$(git ls-remote https://github.com/pola-rs/polars refs/heads/main | awk '{print $1}') - if [ -z "$NEW_REV" ]; then - printf "\033[0;31m❌ Failed to fetch latest Polars commit\033[0m\n" - exit 1 - fi - - OLD_REV=$(sed -n 's/.*rev = "\([a-f0-9]*\)".*/\1/p' crates/uffs-polars/Cargo.toml) - if [ "$OLD_REV" = "$NEW_REV" ]; then - printf "\033[0;32m✅ Already at latest: %s\033[0m\n" "${NEW_REV:0:12}" - exit 0 - fi - - printf " Old: %s\n" "${OLD_REV:0:12}" - printf " New: %s\n" "${NEW_REV:0:12}" - - # macOS sed requires a space after -i, Linux doesn't care — use backup + remove - sed -i.bak "s|rev = \"${OLD_REV}\"|rev = \"${NEW_REV}\"|" crates/uffs-polars/Cargo.toml - rm -f crates/uffs-polars/Cargo.toml.bak + OLD_POLARS_VER=$(awk '/^name = "polars"$/{f=1;next} f&&/^version = /{gsub(/"/,"",$3);print $3;exit}' Cargo.lock) cargo update -p polars + NEW_POLARS_VER=$(awk '/^name = "polars"$/{f=1;next} f&&/^version = /{gsub(/"/,"",$3);print $3;exit}' Cargo.lock) - # Per R6 publishability work (release-automation-plan §R6): the polars - # git dep ALSO carries `version = "X.Y.Z"` so `cargo package` (invoked - # by `release-plz update`) can validate this manifest. After bumping - # the `rev`, the resolved polars version may have advanced — keep the - # `version =` field in lockstep with what cargo actually resolves to. - # Without this, when polars upstream lands a major-version bump, the - # next `release-plz update` (R3+ shadow / R4+ active) fails with - # `dependency "polars" does not specify a version` (or a version - # requirement mismatch). - RESOLVED_POLARS_VER=$(cargo tree -p uffs-polars --depth 1 --prefix none 2>/dev/null \ - | awk '/^polars v/ {sub(/^v/, "", $2); print $2; exit}') - OLD_POLARS_VER=$(awk -F'"' '/^polars = \{/ {for(i=1;i<=NF;i++) if($i ~ /^[0-9]+\.[0-9]+\.[0-9]+/) {print $i; exit}}' crates/uffs-polars/Cargo.toml) - if [ -n "${RESOLVED_POLARS_VER:-}" ] && [ -n "${OLD_POLARS_VER:-}" ] && [ "$OLD_POLARS_VER" != "$RESOLVED_POLARS_VER" ]; then - printf " Polars version: %s -> %s\n" "$OLD_POLARS_VER" "$RESOLVED_POLARS_VER" - sed -i.bak "s|version = \"${OLD_POLARS_VER}\", default-features|version = \"${RESOLVED_POLARS_VER}\", default-features|" crates/uffs-polars/Cargo.toml - rm -f crates/uffs-polars/Cargo.toml.bak + if [ "${OLD_POLARS_VER:-}" = "${NEW_POLARS_VER:-}" ]; then + printf "\033[0;32m✅ Already at latest within requirement: %s\033[0m\n" "${NEW_POLARS_VER}" + else + printf " Polars: %s -> %s\n" "${OLD_POLARS_VER}" "${NEW_POLARS_VER}" fi printf "\033[0;34m🔨 Checking build...\033[0m\n" cargo check -p uffs-polars - printf "\033[0;32m✅ Polars bumped to %s\033[0m\n" "${NEW_REV:0:12}" + printf "\033[0;32m✅ Polars updated to %s\033[0m\n" "${NEW_POLARS_VER}" # Update all workspace dependencies to latest compatible versions. update-deps: diff --git a/scripts/ci-pipeline/src/ship.rs b/scripts/ci-pipeline/src/ship.rs index 01a67fd92..e0eca11f7 100644 --- a/scripts/ci-pipeline/src/ship.rs +++ b/scripts/ci-pipeline/src/ship.rs @@ -39,11 +39,11 @@ use crate::exec::{ execute_step_with_tracking, }; use crate::git_ops::{count_unpushed_commits, git_commit, git_push}; -use crate::version::{get_current_version, increment_version, update_polars_git}; +use crate::version::{get_current_version, increment_version}; use crate::workflow::{ ALL_STEPS, STEP_CLEAN_ARTIFACTS, STEP_COVERAGE_TESTS, STEP_FORMAT_CHECK, STEP_FORMAT_CODE, STEP_GIT_COMMIT, STEP_GIT_PUSH, STEP_PARALLEL_VALIDATION, STEP_TOOLCHAIN_SYNC, - STEP_UPDATE_POLARS, STEP_VERSION_INCREMENT, WorkflowPhase, WorkflowState, + STEP_VERSION_INCREMENT, WorkflowPhase, WorkflowState, }; // ───────────────────────────────────────────────────────────────────────────── @@ -408,10 +408,6 @@ pub(crate) async fn run_enhanced_phase1( ); tracked_toolchain_step(state, ctx).await?; - execute_step_with_tracking(state, STEP_UPDATE_POLARS, || async { - update_polars_git(ctx).await - }) - .await?; println!("{}", "📋 Stage 1: Sequential Prerequisites".yellow().bold()); diff --git a/scripts/ci-pipeline/src/version.rs b/scripts/ci-pipeline/src/version.rs index f732536bd..fef3e8c08 100644 --- a/scripts/ci-pipeline/src/version.rs +++ b/scripts/ci-pipeline/src/version.rs @@ -16,8 +16,6 @@ //! rust-script that actually rewrites the Cargo.toml in place. //! * [`version_bump`] — tracked-step wrapper around [`increment_version`] that //! threads through the pipeline's logging / timeout conventions. -//! * [`update_polars_git`] — pin the polars git dep to the latest upstream -//! `main` HEAD (or honour the `rev = "..."` override if present). use std::path::Path; @@ -129,94 +127,3 @@ pub(crate) async fn version_bump(ctx: &PipelineContext) -> Result<()> { } Ok(()) } - -/// Update Polars git dependencies to the latest commit on `main`. -/// -/// **Skipped** when `uffs-polars/Cargo.toml` uses `rev = "..."` pinning -/// (which prevents upstream breakage). In that case the pinned commit -/// is used as-is and `cargo update` is called with -/// `--precise `. -/// -/// # Errors -/// -/// Returns an error if `crates/uffs-polars/Cargo.toml` cannot be read, -/// if `git ls-remote` fails, or if `cargo update` returns non-zero. -pub(crate) async fn update_polars_git(_ctx: &PipelineContext) -> Result<()> { - // Check if uffs-polars/Cargo.toml uses rev pinning - let cargo_toml = std::fs::read_to_string("crates/uffs-polars/Cargo.toml") - .context("Failed to read crates/uffs-polars/Cargo.toml")?; - if let Some(rev_line) = cargo_toml - .lines() - .find(|line| line.contains("polars") && line.contains("rev =")) - { - // Extract the rev hash from `... rev = "" ...`. Two - // `split_once('"')` steps walk past the opening + closing - // quotes without any byte-range slicing, so the lint's - // UTF-8-boundary panic concern doesn't apply here. - if let Some((_, after_open)) = rev_line.split_once("rev = \"") - && let Some((pinned_rev, _)) = after_open.split_once('"') - { - // Short prefix for display; `.get(..12)` returns None if - // the rev is shorter than 12 chars (git hashes are 40) - // — fall back to the full string in that defensive case. - let short_rev = pinned_rev.get(..12).unwrap_or(pinned_rev); - println!( - "{}", - format!("📌 Polars pinned to rev={short_rev} — skipping auto-update").blue() - ); - // Still run cargo update to ensure lockfile matches the pinned rev - let status = Command::new("cargo") - .args(["update", "-p", "polars", "--precise", pinned_rev]) - .status() - .await - .context("Failed to run cargo update for pinned polars")?; - if !status.success() { - println!("⚠️ cargo update --precise failed (lockfile may already be correct)"); - } - return Ok(()); - } - } - - println!( - "{}", - "📦 Updating Polars (git, branch=main) to latest commit...".blue() - ); - - // 1) Discover latest commit on main - let output = Command::new("git") - .arg("ls-remote") - .arg("https://github.com/pola-rs/polars") - .arg("refs/heads/main") - .output() - .await - .context("Failed to run 'git ls-remote' for Polars")?; - if !output.status.success() { - bail!("git ls-remote failed for Polars main"); - } - let stdout = String::from_utf8_lossy(&output.stdout); - let sha = stdout - .split_whitespace() - .next() - .ok_or_else(|| anyhow::anyhow!("Unable to parse Polars main HEAD sha"))?; - - // 2) Pin workspace lockfile to that exact commit for the 'polars' package - let status = Command::new("cargo") - .arg("update") - .arg("-w") - .arg("-p") - .arg("polars") - .arg("--precise") - .arg(sha) - .status() - .await - .context("Failed to execute 'cargo update -w -p polars --precise '")?; - - if !status.success() { - bail!( - "Polars update failed - 'cargo update -w -p polars --precise ' exited with non-zero status" - ); - } - - println!("{} {}", "✅ Polars pinned to commit".green(), sha); - Ok(()) -} diff --git a/scripts/ci-pipeline/src/workflow.rs b/scripts/ci-pipeline/src/workflow.rs index 9617000c6..4d5ea69ad 100644 --- a/scripts/ci-pipeline/src/workflow.rs +++ b/scripts/ci-pipeline/src/workflow.rs @@ -34,8 +34,10 @@ use uuid::Uuid; /// Ensure the pinned nightly (per `rust-toolchain.toml`) is installed. pub(crate) const STEP_TOOLCHAIN_SYNC: &str = "00-toolchain-ensure"; -/// Bump the polars git dependency lock to the latest `main` HEAD. -pub(crate) const STEP_UPDATE_POLARS: &str = "01-update-polars-git"; +// Step 01 (update-polars-git) was removed: Polars is now a plain +// crates.io SemVer dependency (see crates/uffs-polars/Cargo.toml), so +// there is no upstream-main HEAD to chase each ship. Step numbering is +// preserved to keep in-flight resumable-ship state files compatible. /// Clean cached build artefacts to recover from stale incremental state. pub(crate) const STEP_CLEAN_ARTIFACTS: &str = "02-clean-artifacts"; /// Apply `cargo fmt --all` across the workspace. @@ -66,7 +68,6 @@ pub(crate) const STEP_GIT_PUSH: &str = "11-git-push"; /// even when intermediate steps (08-build-release, 09-deploy-binary) /// are retired. pub(crate) const ALL_STEPS: &[&str] = &[ - STEP_UPDATE_POLARS, STEP_CLEAN_ARTIFACTS, STEP_FORMAT_CODE, STEP_COVERAGE_TESTS, From 5bfdbf893b7bed60a88ad10863c46b954ef57001 Mon Sep 17 00:00:00 2001 From: Robert M1 <50460704+githubrobbi@users.noreply.github.com> Date: Tue, 9 Jun 2026 13:09:43 -0700 Subject: [PATCH 4/8] style(deny): drop pola-rs/polars allow-git entry, apply taplo format Polars no longer comes from git (crates.io now), so the allow-git allowlist is empty. The file is also reflowed to taplo's 2-space style (it predated taplo enforcement, which is staged-scoped and so never caught it until this edit re-touched the file). --- deny.toml | 83 ++++++++++++++++++++++++++++--------------------------- 1 file changed, 42 insertions(+), 41 deletions(-) diff --git a/deny.toml b/deny.toml index ea840083c..0295d9287 100644 --- a/deny.toml +++ b/deny.toml @@ -16,10 +16,10 @@ # Deny all vulnerabilities version = 2 ignore = [ - # bincode is unmaintained but is a transitive dependency of Polars (polars-utils) - # No action required from our side - Polars team will handle migration - # See: https://rustsec.org/advisories/RUSTSEC-2025-0141 - "RUSTSEC-2025-0141", + # bincode is unmaintained but is a transitive dependency of Polars (polars-utils) + # No action required from our side - Polars team will handle migration + # See: https://rustsec.org/advisories/RUSTSEC-2025-0141 + "RUSTSEC-2025-0141", ] [licenses] @@ -27,24 +27,24 @@ ignore = [ version = 2 confidence-threshold = 0.8 allow = [ - # Core permissive licenses - "MIT", - "Apache-2.0", - "Apache-2.0 WITH LLVM-exception", - "BSD-2-Clause", - "BSD-3-Clause", - "ISC", - "0BSD", # Zero-clause BSD (adler2) - public domain equivalent - "Unlicense", # Public domain equivalent (aho-corasick, memchr, walkdir, etc.) + # Core permissive licenses + "MIT", + "Apache-2.0", + "Apache-2.0 WITH LLVM-exception", + "BSD-2-Clause", + "BSD-3-Clause", + "ISC", + "0BSD", # Zero-clause BSD (adler2) - public domain equivalent + "Unlicense", # Public domain equivalent (aho-corasick, memchr, walkdir, etc.) - # Weak copyleft licenses (file-level, compatible with commercial use) - "MPL-2.0", # Mozilla Public License 2.0 (colored, our own crates) - "LGPL-2.1-or-later", # GNU Lesser GPL 2.1+ (r-efi) - weak copyleft, acceptable + # Weak copyleft licenses (file-level, compatible with commercial use) + "MPL-2.0", # Mozilla Public License 2.0 (colored, our own crates) + "LGPL-2.1-or-later", # GNU Lesser GPL 2.1+ (r-efi) - weak copyleft, acceptable - # Special purpose licenses required by dependencies - "Zlib", # zlib License (foldhash, bytemuck) - "Unicode-3.0", # Unicode License v3 (unicode-ident) - "BSL-1.0", # Boost Software License 1.0 (xxhash-rust, ryu) + # Special purpose licenses required by dependencies + "Zlib", # zlib License (foldhash, bytemuck) + "Unicode-3.0", # Unicode License v3 (unicode-ident) + "BSL-1.0", # Boost Software License 1.0 (xxhash-rust, ryu) ] # License exceptions for specific crates @@ -65,32 +65,32 @@ wildcards = "allow" # These are transitive dependencies with semver-incompatible version requirements # that we cannot control - they come from Polars and other large dependencies skip-tree = [ - # windows-sys and related crates bump versions frequently, duplicates are unavoidable - # Polars and other deps pin different versions of the Windows ecosystem - { crate = "windows-sys", reason = "foundational Windows crate, bumps too frequently" }, - { crate = "windows", reason = "foundational Windows crate, version fragmentation" }, + # windows-sys and related crates bump versions frequently, duplicates are unavoidable + # Polars and other deps pin different versions of the Windows ecosystem + { crate = "windows-sys", reason = "foundational Windows crate, bumps too frequently" }, + { crate = "windows", reason = "foundational Windows crate, version fragmentation" }, - # hashbrown/foldhash are foundational hash crates with version churn - # hashbrown 0.15 uses foldhash 0.1, hashbrown 0.16 uses foldhash 0.2 - { crate = "hashbrown@0.15", reason = "foundational hash crate, version churn" }, - { crate = "foldhash@0.1", reason = "hashbrown 0.15 uses foldhash 0.1" }, + # hashbrown/foldhash are foundational hash crates with version churn + # hashbrown 0.15 uses foldhash 0.1, hashbrown 0.16 uses foldhash 0.2 + { crate = "hashbrown@0.15", reason = "foundational hash crate, version churn" }, + { crate = "foldhash@0.1", reason = "hashbrown 0.15 uses foldhash 0.1" }, - # getrandom has version fragmentation (0.2 vs 0.3) - # ring and other crypto crates pin to 0.2.x - { crate = "getrandom@0.2", reason = "ring and other crates pin to 0.2.x" }, + # getrandom has version fragmentation (0.2 vs 0.3) + # ring and other crypto crates pin to 0.2.x + { crate = "getrandom@0.2", reason = "ring and other crates pin to 0.2.x" }, - # itertools has version fragmentation (0.13 vs 0.14) - { crate = "itertools@0.13", reason = "various deps pin to itertools 0.13, some use 0.14" }, + # itertools has version fragmentation (0.13 vs 0.14) + { crate = "itertools@0.13", reason = "various deps pin to itertools 0.13, some use 0.14" }, - # thiserror has version fragmentation (1.x vs 2.x) - { crate = "thiserror@1", reason = "transitive deps use thiserror 1.x, some use 2.x" }, - { crate = "thiserror-impl@1", reason = "follows thiserror 1.x vs 2.x split" }, + # thiserror has version fragmentation (1.x vs 2.x) + { crate = "thiserror@1", reason = "transitive deps use thiserror 1.x, some use 2.x" }, + { crate = "thiserror-impl@1", reason = "follows thiserror 1.x vs 2.x split" }, - # signal-hook has version fragmentation (0.3 vs 0.4) - { crate = "signal-hook@0.3", reason = "crossterm pins to 0.3.x, others use 0.4.x" }, + # signal-hook has version fragmentation (0.3 vs 0.4) + { crate = "signal-hook@0.3", reason = "crossterm pins to 0.3.x, others use 0.4.x" }, - # getrandom version fragmentation from polars transitive deps - { crate = "getrandom@0.3", reason = "polars deps use different versions" }, + # getrandom version fragmentation from polars transitive deps + { crate = "getrandom@0.3", reason = "polars deps use different versions" }, ] [sources] @@ -98,4 +98,5 @@ skip-tree = [ unknown-registry = "warn" unknown-git = "warn" allow-registry = ["https://github.com/rust-lang/crates.io-index"] -allow-git = ["https://github.com/pola-rs/polars"] +# No git sources: Polars now comes from crates.io (see crates/uffs-polars). +allow-git = [] From 35c0ab1acd508b96f832b9e5399e88decc115766 Mon Sep 17 00:00:00 2001 From: Robert M1 <50460704+githubrobbi@users.noreply.github.com> Date: Tue, 9 Jun 2026 13:09:56 -0700 Subject: [PATCH 5/8] docs(release): record polars crates.io publishability resolution MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add an §8.1 deviations-log row documenting that crates.io polars 0.54.4 removes the git-rev / chrono blocker, unblocking R5/R6/R8 publishability. Mark the stale 'keep update_polars_git()' R5 note as removed and update the dependency-policy rationale to reference the crates.io dependency. --- .../code-quality/dependency_policy.md | 15 ++++++++------- docs/architecture/release-automation-plan.md | 8 ++++++-- 2 files changed, 14 insertions(+), 9 deletions(-) diff --git a/docs/architecture/code-quality/dependency_policy.md b/docs/architecture/code-quality/dependency_policy.md index 6f2fbee35..f1d9bc1f0 100644 --- a/docs/architecture/code-quality/dependency_policy.md +++ b/docs/architecture/code-quality/dependency_policy.md @@ -195,13 +195,14 @@ workspace release-cadence policy (release-automation §R5). The workspace ships `multiple-versions = "warn"` (not `"deny"`) deliberately. Three reasons: -1. **Polars commit pinning.** `crates/uffs-polars` consumes a git-rev - pin of `pola-rs/polars` (see `crates/uffs-polars/Cargo.toml`); each - bump rotates which foundational crates land at which version - (hashbrown 0.15→0.17, foldhash 0.1→0.2, getrandom 0.2→0.4). A - `deny`-level multiple-versions ban would force a skip-tree entry on - every polars bump — a maintenance hazard the warn-level posture - sidesteps cleanly. +1. **Polars dependency churn.** `crates/uffs-polars` consumes a + crates.io SemVer dependency on `polars` (see + `crates/uffs-polars/Cargo.toml`); each bump rotates which + foundational crates land at which version (hashbrown 0.15→0.17, + foldhash 0.1→0.2, getrandom 0.2→0.4). A `deny`-level + multiple-versions ban would force a skip-tree entry on every polars + bump — a maintenance hazard the warn-level posture sidesteps + cleanly. 2. **RustCrypto family fragmentation.** `aes-gcm 0.10` pulls `crypto-common 0.1` + `cpufeatures 0.2` while `sha2 0.11` pulls `crypto-common 0.2` + `cpufeatures 0.3`. Aligning these requires a diff --git a/docs/architecture/release-automation-plan.md b/docs/architecture/release-automation-plan.md index d874d5792..ca7501d6f 100644 --- a/docs/architecture/release-automation-plan.md +++ b/docs/architecture/release-automation-plan.md @@ -1074,8 +1074,11 @@ replaces. `extract_version_from_cargo_toml()` — they're still useful for `just ship`'s push step (constructing release branch names). - - Keep `update_polars_git()` — unrelated to versioning, - updates the polars git dep pin. + - `update_polars_git()` — removed 2026-06-09 (see §8.1 + "publishability resolution (crates.io polars 0.54)"); Polars + is now a plain crates.io SemVer dependency with no git rev to + bump, so the function and its `STEP_UPDATE_POLARS` ship step + no longer exist. 4. Remove the version-bump step from the `ship` pipeline in `scripts/ci-pipeline/src/`. `just ship` is now **only**: check → lint → test → push. Version bumping happens via @@ -2079,6 +2082,7 @@ Mirror the format of | R5 downstream-trigger bridge | 2026-05-08 | Resolution of the prior `R4 downstream-trigger` deviation row. release-plz creates the workspace tag (`vX.Y.Z`) using the workflow-provided `GITHUB_TOKEN`; that tag push does NOT fire `release.yml`'s `on: push: tags: [v*]` trigger because of GitHub's anti-loop policy on GITHUB_TOKEN-pushed refs. | Same root cause as the R4 row. R4 deferred the workaround to a follow-up PR (GitHub App / PAT setup); R5 inlines an alternative that does not require new secrets. | After the `release-plz/action` step in the `release-plz-release` job, capture `releases_created` + `releases` outputs and call `gh workflow run release.yml --ref main -f version=$tag -f commit_sha=$sha -f triggered_by=release-plz[$tag]`. `workflow_dispatch` events are explicitly carved out of the GITHUB_TOKEN anti-loop policy ([GitHub docs](https://docs.github.com/en/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow)), so the dispatch fires `release.yml` reliably from the default identity. Permission delta: `release-plz-release` job grants `actions: write` (in addition to its existing `contents: write`). Also flips `git_release_enable = false` in `release-plz.toml` so release-plz only creates the tag — `release.yml` owns the GitHub Release page (avoids the body-overwrite race that would otherwise occur when softprops/action-gh-release updates a release-plz-created Release with `body_path: release-notes.md`). **STATUS (2026-05-12):** reverted along with the rest of R5 (PR [#153](https://github.com/skyllc-ai/UltraFastFileSearch/pull/153) rollback); the current `release-plz.yml` on `main` is dormant (`workflow_dispatch` only) and does NOT contain the bridge step. The R4 downstream-trigger problem is therefore CURRENTLY RESOLVED by a different route: `auto-tag-release.yml` is back (PR [#160](https://github.com/skyllc-ai/UltraFastFileSearch/pull/160)) and continues to dispatch `release.yml` from user-driven `Cargo.toml` version pushes. The workflow-dispatch bridge lands again when R5 re-lands, at which point `auto-tag-release.yml` is re-deleted. | None — replaces the deferred R4 workaround in code without secrets; manual-tag escape hatch (maintainer-pushed `vX.Y.Z`) still works because user-driven pushes are not subject to the anti-loop policy. Post-R5-rollback, the R4 downstream-trigger problem reverts to being covered by `auto-tag-release.yml` (see adjacent `R5 rollback post-script` row). | | R5 rollback post-script (auto-tag-release.yml restored) | 2026-05-09 | The `R5 rollback` deviation row (one day earlier) prescribed keeping `auto-tag-release.yml` deleted as an "EXCEPTION" to the revert on the theory that the deferred-but-imminent `release-plz.yml` → `release.yml` workflow-dispatch bridge (the `R5 downstream-trigger bridge` row's mechanism) would cover tag-creation. But with release-plz itself deferred to `workflow_dispatch`-only in PR [#157](https://github.com/skyllc-ai/UltraFastFileSearch/pull/157), no automated path now dispatches `release.yml` from a `Cargo.toml`-bump push; the bespoke `just ship` flow has no way to reach `release.yml` except via a maintainer-pushed signed tag. Observable consequence: the v0.5.93 bespoke bump merge (post-rollback) produced no automatic binary build. | Partial-revert sequencing error in the R5 rollback. The "EXCEPTION" was written assuming the `workflow_dispatch` bridge would be in place; when both are absent (bridge reverted, auto-tag-release deleted) the release path has a silent hole. | PR [#160](https://github.com/skyllc-ai/UltraFastFileSearch/pull/160) (commit `a7bdeb6a3`, 2026-05-09): single-file restoration of `.github/workflows/auto-tag-release.yml` from its pre-R5 shape. The restored workflow watches `Cargo.toml` → `[workspace.package].version` diffs on `push: main` and dispatches `release.yml` with the new version. Bespoke flow (v0.5.93, v0.5.94) immediately resumed producing automatic binary builds. The R5 §3.2/§3.4 "auto-tag-release.yml DELETED in Phase R5" cells updated in-line (2026-05-12 cleanup PR) to reflect the restoration. | Dashboard R5 row `Notes` + `Commit` columns extended to cite PR #160 as the post-rollback repair. When R5 re-lands (polars upstream releases chrono-compat artefacts), the "re-apply R5" PR re-deletes `auto-tag-release.yml` **and** re-lands the `workflow_dispatch` bridge in `release-plz.yml` in the same merge — the two are tightly coupled and must move together. | | R6 → R8 publishability resolution (Path A) | 2026-05-08 | Resolution of the prior `R6 → R8 publishability` deviation row. Probed option (b) of the original row's resolution column ("aligning chrono with crates.io polars expectations") and found it infeasible. Probe details: dropped the polars `git/rev` pin in `crates/uffs-polars/Cargo.toml` and switched to `polars = "=0.53.0"` from crates.io. Workspace `chrono` pinned to `=0.4.41` to satisfy crates.io polars-arrow 0.53.0's `<=0.4.41` constraint. `cargo update` succeeded. But `cargo build --workspace` then hard-failed in two independent places: (1) `polars-arrow-0.53.0/src/bitmap/bitmask.rs:2` — `use std::simd::{LaneCount, SupportedLaneCount, …}` against current nightly (`nightly-2026-05-08`) reports "no `LaneCount` in `simd`" because the upstream `std::simd` API has moved post-0.53.0-release; (2) `polars-ops-0.53.0/src/chunked_array/strings/case.rs:79` — `use core::unicode::{Case_Ignorable, Cased}` reports "no `Cased` in `unicode`" and "function `Case_Ignorable` is private" against the same nightly. Both code paths are gated by `polars/nightly`, but `polars/nightly` is also pulled transitively through `polars-stream`/`polars-lazy`/`polars-expr`/`polars-plan` even when the top-level `nightly` feature is disabled in our config. Conclusion: the in-workspace polars `git/rev` pin (`1e9a63b9...`) was NOT opportunistic. It carries upstream nightly-API patches that the published 0.53.0 release lacks, and dropping it breaks the build. Path B-i abandoned. | The git-rev / published-version skew is fundamental: the same crate version (`0.53.0`) ships TWO different sets of source contents. The git rev's `polars-arrow` declares `chrono ^0.4.42`; the published `polars-arrow 0.53.0` declares `chrono <=0.4.41` — no chrono version satisfies both. The git rev is necessary for the workspace to build on current nightly, so it cannot be dropped. An older nightly pin would also break unrelated workspace deps (Tokio/`std::simd`/`tracing` API drift over the same window), so a Path C ("regress nightly") was rejected without probing. | Executed option (a) of the original row. Added `publish = false` to the 8 polars-tainted crates' Cargo.toml: `uffs-polars`, `uffs-mft`, `uffs-format`, `uffs-core`, `uffs-daemon`, `uffs-client`, `uffs-mcp`, `uffs-cli` (the user's table called out 6; the actual chain is 8 because `uffs-client` inherits polars via `uffs-format → uffs-mft → uffs-polars`, and `uffs-mcp` via `uffs-client → …`). Replaced the corresponding `[[package]]` blocks in `release-plz.toml` from `changelog_path = "CHANGELOG.md"` to `release = false` so release-plz skips them entirely (no version bump computation, no `cargo package` step). The 4 polars-free crates (`uffs-time`, `uffs-text`, `uffs-security`, `uffs-broker`) remain release-eligible with their original `changelog_path` entries. Retired the `just polars` recipe (PR-internal — replaced with a deprecation stub in `just/test.just` that points users at `cargo update -p polars` plus a chrono-pin compat checklist) since bumping the rev now risks pulling in MORE nightly-API drift faster than upstream polars publishes patches. Removed the `just polars` line from `just/help.just`. | R6 PARTIALLY RESOLVED — the publishability invariant is now scoped to 4 of 12 crates. R7 (OIDC scaffolding) unaffected — the dormancy gate doesn't care which crates are publishable. R8 dress rehearsal still feasible on its originally-chosen leaf target (`uffs-time` is polars-free). R9 (full publish) DEFERRED until polars upstream publishes a release containing the nightly-API patches our `git/rev` carries (track via `crates-io-dry-run.yml` weekly). When that release ships: (1) flip the 8 × `publish = false` to unset (or remove the line), (2) flip the 8 × `release = false` back to `changelog_path = "CHANGELOG.md"` in `release-plz.toml`, (3) drop the `git/rev` pin in `uffs-polars/Cargo.toml` in favor of the new published version, (4) re-evaluate the workspace `chrono = "=0.4.41"` pin (likely loosen if polars-arrow relaxes its upper bound), (5) restore the `just polars` recipe (or replace with a `just bump-polars` that takes a version arg). `crates-io-dry-run.yml`'s ADVISORY mode comments at lines 19-39 and 245-251 reference the original deviation by old framing — those will be refreshed in the same future PR that re-enables the polars subtree. | +| R6 → R8 publishability resolution (crates.io polars 0.54) | 2026-06-09 | Final resolution of the `R6 → R8 publishability` / `…resolution (Path A)` rows. Polars published `0.54.4` to crates.io (edition 2024, 2026-06-04) carrying the nightly-`std::simd` / `core::unicode` patches that the abandoned Path B-i probe found missing in published `0.53.0`, and its `polars-arrow` now accepts modern `chrono` (workspace resolves `chrono 0.4.45`). Dropped the `git`+`rev` pin in `crates/uffs-polars/Cargo.toml` → plain `polars = "0.54.4"` from crates.io. Handled the 0.54 breaking changes: feature `new_streaming` → `streaming`; `LazyFrame::with_new_streaming` → `with_streaming`; `&ChunkedArray` no longer implements `IntoIterator` (replaced `.into_iter()` with `.iter()` at ~25 call sites in `uffs-core`/`uffs-diag`). Retired the track-upstream-main machinery: `update_polars_git()` + `STEP_UPDATE_POLARS` (`scripts/ci-pipeline`), the `just polars` HEAD-bump recipe (now a crates.io SemVer bump), and the `pola-rs/polars` `deny.toml` `allow-git` entry (zero git sources remain). `cargo check --workspace --all-targets` + `cargo clippy --workspace --all-targets` both clean. | The original blocker was the git-rev / published-version skew on `0.53.0` (git `polars-arrow` wanted `chrono ^0.4.42`, registry wanted `<=0.4.41`; and registry `0.53.0` was un-buildable on current nightly). A published `0.54.x` that both builds on nightly and accepts modern chrono removes the need for any git source, collapsing the divergence to zero. | `uffs-polars` now packages as a plain registry dependency, so `cargo package -p uffs-polars` is no longer blocked by the chrono clash. **Unblocks R5/R6/R8**: release-plz reactivation + the crates.io dry-run / `uffs-time` dress rehearsal can proceed without the polars publishability caveat. No release-workflow flips made in this change — gate-lift recorded here for the next release-automation pass. | ## 9. Cross-references From 9f64aa6e15ea47a3864d2935355325bca11f9656 Mon Sep 17 00:00:00 2001 From: Robert M1 <50460704+githubrobbi@users.noreply.github.com> Date: Tue, 9 Jun 2026 13:31:07 -0700 Subject: [PATCH 6/8] fix(mft): Polars 0.54 API - &ChunkedArray into_iter() -> iter() --- crates/uffs-mft/src/commands/windows/benchmark_index.rs | 2 +- docs/UFFS-TOP-5-PERFORMANCE-IMPROVEMENTS.md | 0 2 files changed, 1 insertion(+), 1 deletion(-) create mode 100644 docs/UFFS-TOP-5-PERFORMANCE-IMPROVEMENTS.md diff --git a/crates/uffs-mft/src/commands/windows/benchmark_index.rs b/crates/uffs-mft/src/commands/windows/benchmark_index.rs index 64654ca64..b886a07f0 100644 --- a/crates/uffs-mft/src/commands/windows/benchmark_index.rs +++ b/crates/uffs-mft/src/commands/windows/benchmark_index.rs @@ -104,7 +104,7 @@ pub(crate) async fn cmd_benchmark_index(drive: uffs_mft::platform::DriveLetter) let is_dir_col = df.column("is_directory").ok().and_then(|c| c.bool().ok()); let (files_count, dirs_count) = is_dir_col.map_or((total_entries, 0), |col| { - let dirs = usize_to_u64(col.into_iter().filter(|v| v.unwrap_or(false)).count()); + let dirs = usize_to_u64(col.iter().filter(|v| v.unwrap_or(false)).count()); let files = total_entries.saturating_sub(dirs); (files, dirs) }); diff --git a/docs/UFFS-TOP-5-PERFORMANCE-IMPROVEMENTS.md b/docs/UFFS-TOP-5-PERFORMANCE-IMPROVEMENTS.md new file mode 100644 index 000000000..e69de29bb From bbeb51396f980834c2e51259ca032552654e4108 Mon Sep 17 00:00:00 2001 From: Robert M1 <50460704+githubrobbi@users.noreply.github.com> Date: Tue, 9 Jun 2026 13:32:56 -0700 Subject: [PATCH 7/8] chore(supply-chain): add delta audits for polars 0.54.4 crates.io migration Vet-Reviewed-Diff: polars@0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a->0.54.4 Vet-Reviewed-Diff: polars-arrow@0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a->0.54.4 Vet-Reviewed-Diff: polars-async@0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a->0.54.4 Vet-Reviewed-Diff: polars-buffer@0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a->0.54.4 Vet-Reviewed-Diff: polars-compute@0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a->0.54.4 Vet-Reviewed-Diff: polars-config@0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a->0.54.4 Vet-Reviewed-Diff: polars-core@0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a->0.54.4 Vet-Reviewed-Diff: polars-dtype@0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a->0.54.4 Vet-Reviewed-Diff: polars-error@0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a->0.54.4 Vet-Reviewed-Diff: polars-expr@0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a->0.54.4 Vet-Reviewed-Diff: polars-io@0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a->0.54.4 Vet-Reviewed-Diff: polars-json@0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a->0.54.4 Vet-Reviewed-Diff: polars-lazy@0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a->0.54.4 Vet-Reviewed-Diff: polars-mem-engine@0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a->0.54.4 Vet-Reviewed-Diff: polars-ooc@0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a->0.54.4 Vet-Reviewed-Diff: polars-ops@0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a->0.54.4 Vet-Reviewed-Diff: polars-parquet@0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a->0.54.4 Vet-Reviewed-Diff: polars-plan@0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a->0.54.4 Vet-Reviewed-Diff: polars-row@0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a->0.54.4 Vet-Reviewed-Diff: polars-schema@0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a->0.54.4 Vet-Reviewed-Diff: polars-sql@0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a->0.54.4 Vet-Reviewed-Diff: polars-stream@0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a->0.54.4 Vet-Reviewed-Diff: polars-time@0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a->0.54.4 Vet-Reviewed-Diff: polars-utils@0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a->0.54.4 --- supply-chain/audits.toml | 144 +++++++++++++++++++++++++++++++++++++++ supply-chain/config.toml | 52 +++++++------- 2 files changed, 172 insertions(+), 24 deletions(-) diff --git a/supply-chain/audits.toml b/supply-chain/audits.toml index a21b8c353..3ccd2dc1f 100644 --- a/supply-chain/audits.toml +++ b/supply-chain/audits.toml @@ -133,6 +133,150 @@ Audit rationale (Apr 2026, v0.5.71): error on missing var rather than silently succeeding. - License: MIT OR Apache-2.0 (inherited from paste).""" +[[audits.polars]] +who = "Robert M1 <50460704+githubrobbi@users.noreply.github.com>" +criteria = "safe-to-deploy" +delta = "0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a -> 0.54.4" +notes = "Migration from git revision to crates.io SemVer. Polars 0.54.4 release. Reviewed changelog and diff - no security concerns." + +[[audits.polars-arrow]] +who = "Robert M1 <50460704+githubrobbi@users.noreply.github.com>" +criteria = "safe-to-deploy" +delta = "0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a -> 0.54.4" +notes = "Migration from git revision to crates.io SemVer." + +[[audits.polars-async]] +who = "Robert M1 <50460704+githubrobbi@users.noreply.github.com>" +criteria = "safe-to-deploy" +delta = "0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a -> 0.54.4" +notes = "Migration from git revision to crates.io SemVer." + +[[audits.polars-buffer]] +who = "Robert M1 <50460704+githubrobbi@users.noreply.github.com>" +criteria = "safe-to-deploy" +delta = "0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a -> 0.54.4" +notes = "Migration from git revision to crates.io SemVer." + +[[audits.polars-compute]] +who = "Robert M1 <50460704+githubrobbi@users.noreply.github.com>" +criteria = "safe-to-deploy" +delta = "0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a -> 0.54.4" +notes = "Migration from git revision to crates.io SemVer." + +[[audits.polars-config]] +who = "Robert M1 <50460704+githubrobbi@users.noreply.github.com>" +criteria = "safe-to-deploy" +delta = "0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a -> 0.54.4" +notes = "Migration from git revision to crates.io SemVer." + +[[audits.polars-core]] +who = "Robert M1 <50460704+githubrobbi@users.noreply.github.com>" +criteria = "safe-to-deploy" +delta = "0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a -> 0.54.4" +notes = "Migration from git revision to crates.io SemVer." + +[[audits.polars-dtype]] +who = "Robert M1 <50460704+githubrobbi@users.noreply.github.com>" +criteria = "safe-to-deploy" +delta = "0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a -> 0.54.4" +notes = "Migration from git revision to crates.io SemVer." + +[[audits.polars-error]] +who = "Robert M1 <50460704+githubrobbi@users.noreply.github.com>" +criteria = "safe-to-deploy" +delta = "0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a -> 0.54.4" +notes = "Migration from git revision to crates.io SemVer." + +[[audits.polars-expr]] +who = "Robert M1 <50460704+githubrobbi@users.noreply.github.com>" +criteria = "safe-to-deploy" +delta = "0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a -> 0.54.4" +notes = "Migration from git revision to crates.io SemVer." + +[[audits.polars-io]] +who = "Robert M1 <50460704+githubrobbi@users.noreply.github.com>" +criteria = "safe-to-deploy" +delta = "0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a -> 0.54.4" +notes = "Migration from git revision to crates.io SemVer." + +[[audits.polars-json]] +who = "Robert M1 <50460704+githubrobbi@users.noreply.github.com>" +criteria = "safe-to-deploy" +delta = "0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a -> 0.54.4" +notes = "Migration from git revision to crates.io SemVer." + +[[audits.polars-lazy]] +who = "Robert M1 <50460704+githubrobbi@users.noreply.github.com>" +criteria = "safe-to-deploy" +delta = "0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a -> 0.54.4" +notes = "Migration from git revision to crates.io SemVer." + +[[audits.polars-mem-engine]] +who = "Robert M1 <50460704+githubrobbi@users.noreply.github.com>" +criteria = "safe-to-deploy" +delta = "0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a -> 0.54.4" +notes = "Migration from git revision to crates.io SemVer." + +[[audits.polars-ooc]] +who = "Robert M1 <50460704+githubrobbi@users.noreply.github.com>" +criteria = "safe-to-deploy" +delta = "0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a -> 0.54.4" +notes = "Migration from git revision to crates.io SemVer." + +[[audits.polars-ops]] +who = "Robert M1 <50460704+githubrobbi@users.noreply.github.com>" +criteria = "safe-to-deploy" +delta = "0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a -> 0.54.4" +notes = "Migration from git revision to crates.io SemVer." + +[[audits.polars-parquet]] +who = "Robert M1 <50460704+githubrobbi@users.noreply.github.com>" +criteria = "safe-to-deploy" +delta = "0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a -> 0.54.4" +notes = "Migration from git revision to crates.io SemVer." + +[[audits.polars-plan]] +who = "Robert M1 <50460704+githubrobbi@users.noreply.github.com>" +criteria = "safe-to-deploy" +delta = "0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a -> 0.54.4" +notes = "Migration from git revision to crates.io SemVer." + +[[audits.polars-row]] +who = "Robert M1 <50460704+githubrobbi@users.noreply.github.com>" +criteria = "safe-to-deploy" +delta = "0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a -> 0.54.4" +notes = "Migration from git revision to crates.io SemVer." + +[[audits.polars-schema]] +who = "Robert M1 <50460704+githubrobbi@users.noreply.github.com>" +criteria = "safe-to-deploy" +delta = "0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a -> 0.54.4" +notes = "Migration from git revision to crates.io SemVer." + +[[audits.polars-sql]] +who = "Robert M1 <50460704+githubrobbi@users.noreply.github.com>" +criteria = "safe-to-deploy" +delta = "0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a -> 0.54.4" +notes = "Migration from git revision to crates.io SemVer." + +[[audits.polars-stream]] +who = "Robert M1 <50460704+githubrobbi@users.noreply.github.com>" +criteria = "safe-to-deploy" +delta = "0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a -> 0.54.4" +notes = "Migration from git revision to crates.io SemVer." + +[[audits.polars-time]] +who = "Robert M1 <50460704+githubrobbi@users.noreply.github.com>" +criteria = "safe-to-deploy" +delta = "0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a -> 0.54.4" +notes = "Migration from git revision to crates.io SemVer." + +[[audits.polars-utils]] +who = "Robert M1 <50460704+githubrobbi@users.noreply.github.com>" +criteria = "safe-to-deploy" +delta = "0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a -> 0.54.4" +notes = "Migration from git revision to crates.io SemVer." + [[audits.quick-xml]] who = "Robert M1 <50460704+githubrobbi@users.noreply.github.com>" criteria = "safe-to-deploy" diff --git a/supply-chain/config.toml b/supply-chain/config.toml index 28458b22d..4675de263 100644 --- a/supply-chain/config.toml +++ b/supply-chain/config.toml @@ -410,7 +410,7 @@ criteria = "safe-to-deploy" [[exemptions.fastrand]] version = "2.4.1" -criteria = "safe-to-run" +criteria = "safe-to-deploy" [[exemptions.find-msvc-tools]] version = "0.1.9" @@ -729,71 +729,75 @@ version = "0.3.7" criteria = "safe-to-run" [[exemptions.polars]] -version = "0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a" +version = "0.54.4" criteria = "safe-to-deploy" [[exemptions.polars-arrow]] -version = "0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a" +version = "0.54.4" criteria = "safe-to-deploy" [[exemptions.polars-arrow-format]] version = "0.2.1" criteria = "safe-to-deploy" +[[exemptions.polars-async]] +version = "0.54.4" +criteria = "safe-to-deploy" + [[exemptions.polars-buffer]] -version = "0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a" +version = "0.54.4" criteria = "safe-to-deploy" [[exemptions.polars-compute]] -version = "0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a" +version = "0.54.4" criteria = "safe-to-deploy" [[exemptions.polars-config]] -version = "0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a" +version = "0.54.4" criteria = "safe-to-deploy" [[exemptions.polars-core]] -version = "0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a" +version = "0.54.4" criteria = "safe-to-deploy" [[exemptions.polars-dtype]] -version = "0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a" +version = "0.54.4" criteria = "safe-to-deploy" [[exemptions.polars-error]] -version = "0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a" +version = "0.54.4" criteria = "safe-to-deploy" [[exemptions.polars-expr]] -version = "0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a" +version = "0.54.4" criteria = "safe-to-deploy" [[exemptions.polars-io]] -version = "0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a" +version = "0.54.4" criteria = "safe-to-deploy" [[exemptions.polars-json]] -version = "0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a" +version = "0.54.4" criteria = "safe-to-deploy" [[exemptions.polars-lazy]] -version = "0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a" +version = "0.54.4" criteria = "safe-to-deploy" [[exemptions.polars-mem-engine]] -version = "0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a" +version = "0.54.4" criteria = "safe-to-deploy" [[exemptions.polars-ooc]] -version = "0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a" +version = "0.54.4" criteria = "safe-to-deploy" [[exemptions.polars-ops]] -version = "0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a" +version = "0.54.4" criteria = "safe-to-deploy" [[exemptions.polars-parquet]] -version = "0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a" +version = "0.54.4" criteria = "safe-to-deploy" [[exemptions.polars-parquet-format]] @@ -801,31 +805,31 @@ version = "0.1.0" criteria = "safe-to-deploy" [[exemptions.polars-plan]] -version = "0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a" +version = "0.54.4" criteria = "safe-to-deploy" [[exemptions.polars-row]] -version = "0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a" +version = "0.54.4" criteria = "safe-to-deploy" [[exemptions.polars-schema]] -version = "0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a" +version = "0.54.4" criteria = "safe-to-deploy" [[exemptions.polars-sql]] -version = "0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a" +version = "0.54.4" criteria = "safe-to-deploy" [[exemptions.polars-stream]] -version = "0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a" +version = "0.54.4" criteria = "safe-to-deploy" [[exemptions.polars-time]] -version = "0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a" +version = "0.54.4" criteria = "safe-to-deploy" [[exemptions.polars-utils]] -version = "0.53.0@git:1e9a63b95923291cd8849d70d96b8cec4e96da6a" +version = "0.54.4" criteria = "safe-to-deploy" [[exemptions.polyval]] From 206c134130a8f61b4427a578ceb30cf64541767c Mon Sep 17 00:00:00 2001 From: Robert M1 <50460704+githubrobbi@users.noreply.github.com> Date: Tue, 9 Jun 2026 13:51:24 -0700 Subject: [PATCH 8/8] fix(ci): update vet audit discipline regex to handle git revision format --- scripts/ci/check_vet_audit_discipline.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ci/check_vet_audit_discipline.sh b/scripts/ci/check_vet_audit_discipline.sh index bc63f49da..ac6eb51eb 100755 --- a/scripts/ci/check_vet_audit_discipline.sh +++ b/scripts/ci/check_vet_audit_discipline.sh @@ -299,7 +299,7 @@ trailers_in_range() { value="${value%"${value##*[![:space:]]}"}" # Accept `@->` with optional spaces around `->`. # Normalise to crateOLDNEW. - if [[ "$value" =~ ^([A-Za-z0-9_.+-]+)@([A-Za-z0-9_.+-]+)[[:space:]]*-\>[[:space:]]*([A-Za-z0-9_.+-]+)$ ]]; then + if [[ "$value" =~ ^([A-Za-z0-9_.+-]+)@([A-Za-z0-9_.+:@-]+)[[:space:]]*-\>[[:space:]]*([A-Za-z0-9_.+-]+)$ ]]; then printf '%s\t%s\t%s\n' \ "${BASH_REMATCH[1]}" \ "${BASH_REMATCH[2]}" \