Skip to content

v0.2.1 — Hardening Pass

Pre-release
Pre-release

Choose a tag to compare

View all tags
@jamesgober jamesgober released this 21 May 08:25
· 5 commits to main since this release
v0.2.1
2ed68ca

v0.2.1 — Hardening Pass

A polish release behind the 0.2.0 API. No public surface changes — every existing program keeps working — but the supply chain, build determinism, and lint posture all tighten up to match the project's full engineering bar.

Highlights

  • #![forbid(unsafe_code)] at the crate root. The "no unsafe in clock-lib" promise is now enforced by the compiler at the strongest possible level: downstream code cannot opt the crate out of this guarantee.
  • Stricter lint stack. #![deny(warnings)] and #![deny(clippy::unreachable)] join the existing clippy::unwrap_used, expect_used, todo, unimplemented, dbg_macro, and print_* denies. A warning is a build failure.
  • Reproducible builds. The Rust toolchain is pinned in rust-toolchain.toml, and Cargo.lock is committed for deterministic dependency resolution across environments.
  • Supply-chain checks in CI. cargo audit scans the dependency tree against the RustSec advisory database on every push, and cargo deny enforces a license allowlist, yanked-crate ban, and wildcard ban.
  • Cross-platform line-ending normalization. A new .gitattributes pins source files to LF so Windows checkouts no longer break cargo fmt --check.
  • CI runtime refreshed. actions/checkout upgraded to v5. The Security audit job uses pre-built binaries via taiki-e/install-action, avoiding both Node.js 20 deprecation warnings and tooling MSRV friction.
  • Test naming aligned with REPS. Every integration test now follows the test_<subject>_<condition>_<expected> convention.

Compatibility

  • MSRV: Rust 1.85 (unchanged)
  • Edition: 2024 (unchanged)
  • Public API: unchanged — no migration required from 0.2.0.

Upgrading From 0.2.0

[dependencies]
clock-lib = "0.2"

That's it. The cargo resolver picks up 0.2.1 automatically and nothing in your code needs to change.

What's Next

  • 0.3.0 — the Clock trait. SystemClock for production, ManualClock for deterministic, sleep-free tests. The mockable-clock pattern that makes clock-lib valuable in test suites.
  • 0.4.0 — performance verification. Criterion benchmarks with committed baselines proving the abstraction is zero-cost over raw std::time.
  • 0.5.0 — no_std hardening and the 1.0 release candidate.

Full Changelog: https://github.com/jamesgober/clock-lib/commits/v0.2.1

Assets 2
Loading