From 530e791d48042d22f7674a2e47b5cf70dff3b3dd Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 7 Feb 2026 04:45:06 +0000 Subject: [PATCH 1/5] fix(deps): update rust crate pyo3 to 0.28 --- packages/pnt-cli/Cargo.lock | 67 +++---------------- packages/pnt-cli/crates/pnt-cli-py/Cargo.toml | 2 +- 2 files changed, 11 insertions(+), 58 deletions(-) diff --git a/packages/pnt-cli/Cargo.lock b/packages/pnt-cli/Cargo.lock index 2404e9d..2b544e0 100644 --- a/packages/pnt-cli/Cargo.lock +++ b/packages/pnt-cli/Cargo.lock @@ -2,48 +2,18 @@ # It is not intended for manual editing. version = 4 -[[package]] -name = "autocfg" -version = "1.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c08606f8c3cbf4ce6ec8e28fb0014a2c086708fe954eaa885384a6165172e7e8" - -[[package]] -name = "cfg-if" -version = "1.0.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9330f8b2ff13f34540b44e946ef35111825727b38d33286ef986142615121801" - [[package]] name = "heck" version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea" -[[package]] -name = "indoc" -version = "2.0.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "79cf5c93f93228cf8efb3ba362535fb11199ac548a09ce117c9b1adc3030d706" -dependencies = [ - "rustversion", -] - [[package]] name = "libc" version = "0.2.180" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bcc35a38544a891a5f7c865aca548a982ccb3b8650a5b06d0fd33a10283c56fc" -[[package]] -name = "memoffset" -version = "0.9.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "488016bfae457b036d996092f6cb448677611ce4449e970ceaf42695203f218a" -dependencies = [ - "autocfg", -] - [[package]] name = "once_cell" version = "1.21.3" @@ -79,37 +49,32 @@ dependencies = [ [[package]] name = "pyo3" -version = "0.24.2" +version = "0.28.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e5203598f366b11a02b13aa20cab591229ff0a89fd121a308a5df751d5fc9219" +checksum = "fcf3ccafdf54c050be48a3a086d372f77ba6615f5057211607cd30e5ac5cec6d" dependencies = [ - "cfg-if", - "indoc", "libc", - "memoffset", "once_cell", "portable-atomic", "pyo3-build-config", "pyo3-ffi", "pyo3-macros", - "unindent", ] [[package]] name = "pyo3-build-config" -version = "0.24.2" +version = "0.28.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "99636d423fa2ca130fa5acde3059308006d46f98caac629418e53f7ebb1e9999" +checksum = "972720a441c91fd9c49f212a1d2d74c6e3803b231ebc8d66c51efbd7ccab11c8" dependencies = [ - "once_cell", "target-lexicon", ] [[package]] name = "pyo3-ffi" -version = "0.24.2" +version = "0.28.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "78f9cf92ba9c409279bc3305b5409d90db2d2c22392d443a87df3a1adad59e33" +checksum = "5994456d9dab8934d600d3867571b6410f24fbd6002570ad56356733eb54859b" dependencies = [ "libc", "pyo3-build-config", @@ -117,9 +82,9 @@ dependencies = [ [[package]] name = "pyo3-macros" -version = "0.24.2" +version = "0.28.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0b999cb1a6ce21f9a6b147dcf1be9ffedf02e0043aec74dc390f3007047cecd9" +checksum = "11ce9cc8d81b3c4969748807604d92b4eef363c5bb82b1a1bdb34ec6f1093a18" dependencies = [ "proc-macro2", "pyo3-macros-backend", @@ -129,9 +94,9 @@ dependencies = [ [[package]] name = "pyo3-macros-backend" -version = "0.24.2" +version = "0.28.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "822ece1c7e1012745607d5cf0bcb2874769f0f7cb34c4cde03b9358eb9ef911a" +checksum = "eaf4b60036a154d23282679b658e3cc7d88d3b8c9a40b43824785f232d2e1b98" dependencies = [ "heck", "proc-macro2", @@ -149,12 +114,6 @@ dependencies = [ "proc-macro2", ] -[[package]] -name = "rustversion" -version = "1.0.22" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b39cdef0fa800fc44525c84ccb54a029961a8215f9619753635a9c0d2538d46d" - [[package]] name = "syn" version = "2.0.114" @@ -177,9 +136,3 @@ name = "unicode-ident" version = "1.0.22" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9312f7c4f6ff9069b165498234ce8be658059c6728633667c526e27dc2cf1df5" - -[[package]] -name = "unindent" -version = "0.2.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7264e107f553ccae879d21fbea1d6724ac785e8c3bfc762137959b5802826ef3" diff --git a/packages/pnt-cli/crates/pnt-cli-py/Cargo.toml b/packages/pnt-cli/crates/pnt-cli-py/Cargo.toml index 94eedf6..857680b 100644 --- a/packages/pnt-cli/crates/pnt-cli-py/Cargo.toml +++ b/packages/pnt-cli/crates/pnt-cli-py/Cargo.toml @@ -10,7 +10,7 @@ crate-type = ["cdylib"] [dependencies] pnt-cli-core = { path = "../pnt-cli-core" } -pyo3 = { version = "0.24", features = ["extension-module"] } +pyo3 = { version = "0.28", features = ["extension-module"] } [lints] workspace = true From 1d679887a2f2cccd185e72bd22b9a745c7d76833 Mon Sep 17 00:00:00 2001 From: Cameron Smith Date: Sat, 7 Feb 2026 00:06:44 -0500 Subject: [PATCH 2/5] fix(justfile): use POSIX-compatible sed brace syntax in update-version BSD sed requires commands within brace groups to be newline-delimited. The inline {/pattern/p} form is a GNU extension that fails on macOS. --- justfile | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/justfile b/justfile index eed28e1..1163258 100644 --- a/justfile +++ b/justfile @@ -730,7 +730,9 @@ update-version package-name version: fi # Extract current version from pyproject.toml [project] section - CURRENT=$(sed -n '/^\[project\]/,/^\[/{/^version = /p}' "$PYPROJECT" | head -1 | sed 's/version = "\(.*\)"/\1/') + CURRENT=$(sed -n '/^\[project\]/,/^\[/{ + /^version = /p + }' "$PYPROJECT" | head -1 | sed 's/version = "\(.*\)"/\1/') if [ -z "$CURRENT" ]; then echo "Error: could not extract current version from $PYPROJECT" exit 1 @@ -751,7 +753,9 @@ update-version package-name version: # For maturin packages: update Cargo.toml workspace version CARGO_TOML="$PACKAGE_PATH/Cargo.toml" if [ -f "$CARGO_TOML" ]; then - CARGO_CURRENT=$(sed -n '/^\[workspace\.package\]/,/^\[/{/^version = /p}' "$CARGO_TOML" | head -1 | sed 's/version = "\(.*\)"/\1/') + CARGO_CURRENT=$(sed -n '/^\[workspace\.package\]/,/^\[/{ + /^version = /p + }' "$CARGO_TOML" | head -1 | sed 's/version = "\(.*\)"/\1/') if [ -n "$CARGO_CURRENT" ]; then sed -i'' -e '/^\[workspace\.package\]/,/^\[/ s/^version = "'"$CARGO_CURRENT"'"$/version = "{{version}}"/' "$CARGO_TOML" echo " Updated $CARGO_TOML [workspace.package] version" From f435ac78318d40d8755200af06a1f05202618833 Mon Sep 17 00:00:00 2001 From: Cameron Smith Date: Sat, 7 Feb 2026 00:07:19 -0500 Subject: [PATCH 3/5] chore: pnt-cli v0.1.1 -> v0.1.2 Signed-off-by: Cameron Smith --- packages/pnt-cli/Cargo.lock | 4 ++-- packages/pnt-cli/Cargo.toml | 2 +- packages/pnt-cli/pyproject.toml | 2 +- packages/pnt-cli/uv.lock | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/packages/pnt-cli/Cargo.lock b/packages/pnt-cli/Cargo.lock index 2b544e0..ba37256 100644 --- a/packages/pnt-cli/Cargo.lock +++ b/packages/pnt-cli/Cargo.lock @@ -22,11 +22,11 @@ checksum = "42f5e15c9953c5e4ccceeb2e7382a716482c34515315f7b03532b8b4e8393d2d" [[package]] name = "pnt-cli-core" -version = "0.1.1" +version = "0.1.2" [[package]] name = "pnt-cli-py" -version = "0.1.1" +version = "0.1.2" dependencies = [ "pnt-cli-core", "pyo3", diff --git a/packages/pnt-cli/Cargo.toml b/packages/pnt-cli/Cargo.toml index fa299a4..65ef0a5 100644 --- a/packages/pnt-cli/Cargo.toml +++ b/packages/pnt-cli/Cargo.toml @@ -3,7 +3,7 @@ resolver = "2" members = ["crates/pnt-cli-core", "crates/pnt-cli-py"] [workspace.package] -version = "0.1.1" +version = "0.1.2" edition = "2024" license = "Apache-2.0" diff --git a/packages/pnt-cli/pyproject.toml b/packages/pnt-cli/pyproject.toml index 56e9685..36bf60e 100644 --- a/packages/pnt-cli/pyproject.toml +++ b/packages/pnt-cli/pyproject.toml @@ -16,7 +16,7 @@ description = "CLI package with Rust extension module via pyo3/maturin" license = { text = "Apache-2.0" } name = "pnt-cli" requires-python = ">=3.12,<3.14" -version = "0.1.1" +version = "0.1.2" [project.scripts] pnt-cli = "pnt_cli:main" diff --git a/packages/pnt-cli/uv.lock b/packages/pnt-cli/uv.lock index 44d7e64..a5f22fe 100644 --- a/packages/pnt-cli/uv.lock +++ b/packages/pnt-cli/uv.lock @@ -49,7 +49,7 @@ wheels = [ [[package]] name = "pnt-cli" -version = "0.1.1" +version = "0.1.2" source = { editable = "." } [package.dev-dependencies] From 2a6d1bd7497fa32ee0a03e70391c4a8b9b90ef4b Mon Sep 17 00:00:00 2001 From: Cameron Smith Date: Sat, 7 Feb 2026 00:30:33 -0500 Subject: [PATCH 4/5] fix(ci): remove labeled trigger Signed-off-by: Cameron Smith --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index ea88037..96e5b1e 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -24,7 +24,7 @@ on: type: boolean default: false pull_request: - types: [opened, labeled, reopened, synchronize] + types: [opened, reopened, synchronize] paths-ignore: - "**/*.md" - "*" From e44a126a49ff9a2bd39b48bb694f85d60c55c0a4 Mon Sep 17 00:00:00 2001 From: Cameron Smith Date: Sat, 7 Feb 2026 00:44:29 -0500 Subject: [PATCH 5/5] fix(ci): use quick nix install for secrets-scan job Drop unnecessary cachix configuration and devshell entry. Run gitleaks directly from nixpkgs to align with vanixiets. --- .github/workflows/ci.yaml | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 96e5b1e..c9b4d59 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -69,22 +69,19 @@ jobs: secrets-scan: runs-on: ubuntu-latest steps: - - name: Checkout + - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: - fetch-depth: 0 + fetch-depth: 0 # full history for comprehensive secret scanning - name: Setup Nix uses: ./.github/actions/setup-nix with: + installer: quick # fast install without space reclamation overhead system: x86_64-linux - enable-cachix: true - cachix-name: ${{ vars.CACHIX_CACHE_NAME }} - cachix-auth-token: ${{ secrets.CACHIX_AUTH_TOKEN }} - extra-pull-names: nix-community,pyproject-nix,sciexp,srid - - name: Scan for secrets - run: nix develop --accept-flake-config -c just scan-secrets + - name: Scan for secrets with gitleaks + run: nix run nixpkgs#gitleaks -- detect --verbose --redact # --------------------------------------------------------------------------- # job 2: set-variables