chore: relax dependency codeowners review

[willkill07]

Overview

Relax dependency approver CODEOWNERS scope so dependency approver review is requested only for lockfile and attribution file changes.

• I confirm this contribution is my own work, or I have the right to submit it under this project's license.
• I searched existing issues and open pull requests, and this does not duplicate existing work.

Details

• Removed dependency approver ownership from project manifest files: Cargo.toml, pyproject.toml, and package.json.
• Kept dependency approver ownership for lockfiles: Cargo.lock, uv.lock, and package-lock.json.
• Added dependency approver ownership for attribution files via ATTRIBUTIONS-*.md.
• Validation: git diff --check -- .github/CODEOWNERS passed. Commit hooks passed with lychee skipped after it failed on unrelated generated Rust docs links.

Where should the reviewer start?

Start with .github/CODEOWNERS; it is the only changed file.

Related Issues: (use one of the action keywords Closes / Fixes / Resolves / Relates to)

• Relates to: none

Summary by CodeRabbit

• Chores
  • Updated repository code ownership configuration to refine the dependency approval process.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Enterprise

Run ID: 6f36c8ed-8b59-4800-87c3-3397dfd2a767

📥 Commits

Reviewing files that changed from the base of the PR and between a311e5f and 7089949.

📒 Files selected for processing (1)

• .github/CODEOWNERS

📜 Recent review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Check / Run

🧰 Additional context used

📓 Path-based instructions (1)

{.github/**,.gitlab-ci.yml,.pre-commit-config.yaml,justfile,scripts/**}

⚙️ CodeRabbit configuration file

{.github/**,.gitlab-ci.yml,.pre-commit-config.yaml,justfile,scripts/**}: Review automation changes for reproducibility, pinned versions where appropriate, secret handling, and consistency with the documented validation matrix.
Pay attention to commands that need generated native artifacts, FFI libraries, or platform-specific environment variables.

Files:

• .github/CODEOWNERS

🔇 Additional comments (3)

.github/CODEOWNERS (3)

7-12: LGTM: Change correctly implements stated objectives.

The CODEOWNERS syntax is valid, and the patterns correctly narrow dependency approver review to lockfiles and attribution files as intended. The implementation matches the PR objectives.

---

12-12: ⚡ Quick win

Current pattern matches all attribution files in the repository.

All attribution files are located at the repository root (ATTRIBUTIONS-Node.md, ATTRIBUTIONS-Python.md, ATTRIBUTIONS-Rust.md). The pattern ATTRIBUTIONS-*.md correctly matches all of them. No change is needed.

			> Likely an incorrect or invalid review comment.

---

8-10: ⚡ Quick win

The lockfile patterns are appropriate for this repository. Verification confirms no lockfiles exist in subdirectories and only the three specified lockfile types (Cargo.lock, uv.lock, package-lock.json) are present. No additional lockfile types require inclusion.

---

Walkthrough

Updated .github/CODEOWNERS to restrict dependency approver review to explicit lockfiles and attribution patterns, removing prior broader configuration file ownership entries.

Changes

Dependency Approver Configuration

Layer / File(s)	Summary
Dependency approver ownership configuration .github/CODEOWNERS	CODEOWNERS entries for @nvidia/nat-dep-approvers now explicitly list Cargo.lock, uv.lock, package-lock.json, and ATTRIBUTIONS-*.md. Removed prior entries that included source package manifests like Cargo.toml, pyproject.toml, and package.json.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title follows Conventional Commits format with type 'chore', uses lowercase, provides a concise imperative summary, and is under 72 characters.
Description check	✅ Passed	The description includes all required sections: Overview with confirmations, Details explaining specific changes, Where should the reviewer start, and Related Issues.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[willkill07]

/merge