chore(nix): bump nixpkgs 24.11 → 25.11 + refresh lock#68
Merged
WomB0ComB0 merged 1 commit intomasterfrom Apr 16, 2026
Merged
Conversation
|
Warning Rate limit exceeded
Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 59 minutes and 58 seconds. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (1)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Code Review
This pull request updates the nixpkgs input in flake.nix from version 24.11 to 25.11 and includes the corresponding flake.lock updates. A review comment suggests using the follows attribute for the rust-overlay input to ensure it uses the same nixpkgs version as the main project, which prevents dependency duplication and potential compatibility issues.
Comment on lines
+19
to
21
| nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11"; | ||
| flake-utils.url = "github:numtide/flake-utils"; | ||
| rust-overlay.url = "github:oxalica/rust-overlay"; |
Contributor
There was a problem hiding this comment.
The current configuration results in two different versions of nixpkgs being pulled into the dependency graph: nixos-25.11 for the main project and nixpkgs-unstable for rust-overlay (which appears as nixpkgs_2 in the flake.lock). This increases the closure size and can lead to subtle compatibility issues between the Rust toolchain and other system libraries. It is recommended to use the follows keyword to ensure rust-overlay uses the same nixpkgs version as the rest of the project.
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
flake-utils.url = "github:numtide/flake-utils";
rust-overlay.url = "github:oxalica/rust-overlay";
rust-overlay.inputs.nixpkgs.follows = "nixpkgs";
WomB0ComB0
added a commit
that referenced
this pull request
Apr 18, 2026
WomB0ComB0
added a commit
that referenced
this pull request
Apr 18, 2026
#70) * ci: wire org-wide security-scan + dependabot + CODEOWNERS (#63) Standardization pass across public ResQ repos. Inherits org-level defaults (CoC / Contributing / Security / Support / PR + issue templates) from resq-software/.github. .github/workflows/security.yml Thin caller for the reusable workflow with languages=["actions"]. .github/CODEOWNERS Default owner. Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * chore(ci): SHA-pin third-party GitHub Actions refs (#64) Pins every external `uses:` ref to a commit SHA with a trailing `# <tag>` comment. Closes the tj-actions-class supply-chain attack vector where a malicious tag push exfiltrates secrets. Dependabot continues to update via the version comment. Action refs that can't be pinned (e.g. `dtolnay/rust-toolchain@stable` which is intentionally a moving ref) are left as-is — these are floating channel refs, not tag refs. * ci(security): enable Semgrep SAST (#65) * fix(ci): quiet actionlint SC2035 by using -- glob separator (#66) * fix(deny): migrate deny.toml to cargo-deny v2 schema (#67) cargo-deny v0.14+ removed [licenses].unlicensed and [licenses].deny. Schema now uses [licenses].version = 2 + implicit-denial-by-omission from allow list. See EmbarkStudios/cargo-deny#611. * chore(nix): bump nixpkgs 24.11 → 25.11 + refresh lock (#68) * chore(bootstrap): retire duplicate setup scripts, delegate to resq-software/dev Replace bootstrap.sh with a ~9-line thin wrapper that curl-pipes the canonical dev/install.sh with REPO=crates. Delete the per-repo scripts/setup.sh and scripts/lib/shell-utils.sh drifted copies. Single source of truth lives in resq-software/dev — no more per-repo drift, and CI surface shrinks by one directory. * chore(resq-ai): scaffold new crate with workspace integration * feat(resq-ai): add token estimation and line-boundary truncation * feat(resq-ai): add config cascade and provider enum * feat(resq-ai): add Anthropic, OpenAI, Gemini providers with dispatch * feat(resq-cli): add resq commit subcommand with AI-powered message generation * fix: resolve CI failures and address review feedback for resq-ai PR - Fix clippy: use enumerate-zip pattern in trie.rs, div_ceil in token.rs - Fix rustfmt: run cargo fmt on config.rs, commit.rs, gemini.rs - Fix test race: add Mutex guard to serialize env-mutating config tests - Fix cargo-deny: allow MPL-2.0, CDDL-1.0, CDLA-Permissive-2.0 licenses - Fix gitleaks: replace suspicious test API key with benign placeholder - Fix clippy doc_markdown lint for OpenAI in lib.rs doc comment - Fix bootstrap.sh: validate curl download, forward $@ to installer - Fix token.rs: ensure UTF-8 char boundary before byte slicing - Fix anthropic.rs: make ContentBlock.text optional for non-text blocks - Fix gemini.rs: use x-goog-api-key header instead of query param - Fix config.rs: error on unknown RESQ_AI_PROVIDER instead of silently falling back - Fix commit.rs: RAII guard for terminal raw mode, TTY check before interactive selection - Add commit command to module doc list in mod.rs * fix(resq-ai): use proper URL parsing for HTTPS scheme validation in config Agent-Logs-Url: https://github.com/resq-software/crates/sessions/f3527d5b-6f5e-48a4-a3b5-f748eed315bf Co-authored-by: WomB0ComB0 <95197809+WomB0ComB0@users.noreply.github.com> * ci: migrate to reusable rust-ci, remove clippy.yml + deny.yml (#71) * ci: migrate to reusable rust-ci in resq-software/.github Replaces inline test/fmt jobs in ci.yml with a thin caller of the org-wide reusable workflow. Subsumes clippy.yml and deny.yml (the reusable wraps fmt + clippy + test + coverage + cargo-deny into one dispatch). Adds a top-level `required` aggregator job that emits the status-check context consumed by the org ruleset `default-branch-baseline` (id 15191038, currently evaluate mode). Pinned to the PR#12 tip SHA; re-pin after that PR lands. Parity: - fmt: cargo fmt --all --check - clippy: cargo clippy --all-targets --all-features -- -D warnings - test: cargo llvm-cov --workspace --lcov (codecov upload) - deny: cargo-deny check --all-features (via deny.toml) Security scanning remains in security.yml — independent cadence. * ci: re-pin reusable workflow ref to resq-software/.github main Updates @sha from the feat-branch tip to the merge commit of resq-software/.github#12 (f4b51a620aa1bf89c0bce4f434b36f92ff7d517d). Functionally equivalent — same content — but pins to a ref that now exists on main rather than a closed PR branch. * fix(ci): resolve clippy explicit_counter_loop + cargo-deny failures The migration to reusable rust-ci.yml surfaced two pre-existing issues that the old per-workflow CI didn't catch: 1. clippy::explicit_counter_loop in resq-dsa::rabin_karp Replaced `let mut i = 1; for c in chars { …; i += 1; }` with `for (i, c) in (1..).zip(chars) { … }`. Idiomatic, avoids the lint introduced by Rust 1.95, behavior unchanged. 2. cargo-deny failures — three licenses + one advisory: - RUSTSEC-2026-0099 (rustls-webpki name-constraint bug) → `cargo update -p rustls-webpki` bumps 0.103.10 → 0.103.12 (Cargo.lock delta only). - CDDL-1.0 (inferno, via resq-flame profiling stack) added to licenses.allow with rationale. - CDLA-Permissive-2.0 (webpki-root-certs root cert DB) added to licenses.allow. - MPL-2.0 (colored) added as a crate-specific exception rather than widening the org-wide MPL allowance. Verified locally: `cargo deny --all-features check` → all four sections (advisories, bans, licenses, sources) pass. * fix(clippy): address Rust 1.95 warnings surfaced by reusable rust-ci CI on the migrated rust-ci.yml (which now runs clippy across the whole workspace) surfaced four pedantic/default warnings that were elevated to errors by -D warnings: 1. resq-clean src/main.rs:100 map_unwrap_or -> fs::metadata(&path).map_or(0, |m| m.len()) 2. resq-clean src/main.rs:110 unnecessary_sort_by -> entries.sort_by_key(|e| std::cmp::Reverse(e.size)) 3. resq-cli src/commands/pre_commit.rs:1043/1048 collapsible_match -> KeyCode::<X> if <cond> => { <body> } 4. resq-cli tests/format.rs:19 map_unwrap_or -> Command::new("which").arg(cmd).output() .is_ok_and(|o| o.status.success()) All four are semantically-identical refactors; no behavior change. Verified clean locally against rustc 1.95.0: cargo +stable clippy --all-targets --all-features -- -D warnings * ci: re-pin reusable rust-ci to .github main (post-#13 merge) Picks up the taiki-e SHA correction and the Docker-bound cargo-deny replacement (dtolnay/rust-toolchain + taiki-e install cargo-deny + direct cargo deny check) so the run respects this repo's rust-toolchain.toml musl pin. Updates @f4b51a6 → @2e2af3e5e32b646480a1cb1b41875e5073020814. * fix(resq-ai): address review feedback — client reuse, config warnings, gitleaks - Add .gitleaks.toml to allowlist test placeholder strings in resq-ai config tests, fixing CI Secret Scanning failure - Pass --config .gitleaks.toml in codeql.yml gitleaks step - Reuse a single reqwest::Client across provider calls instead of creating one per request (connection pooling) - Fix config cascade docstring to match actual precedence (project > home, not home > project) - Warn on malformed TOML config instead of silently ignoring - Rename OpenAI max_tokens → max_completion_tokens (deprecated field) - Fix Rust 1.95 clippy warnings in resq-clean and pre_commit --------- Signed-off-by: Mike Odnis <mike@mikeodnis.dev> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps nixpkgs channel 24.11 → 25.11 (current stable) and refreshes flake.lock. Closes the reproducibility gap — repos without a committed lockfile now have one, and the shared channel matches across the org.
Mechanical: no changes to devPackages or shellHook.
🤖 Generated with Claude Code