Vendor dependencies

[joshlf]

This allows us to simplify the logic which ensures that we never depend
on crate versions which are incompatible with our MSRV. It also avoids a
performance bottleneck on our MSRV in which updating the crates.io index
is very slow.

Closes #1595

---

• 👉 Vendor dependencies #2883

Latest Update: v13 — Compare vs v12

📚 Full Patch History

Links show the diff between the row version and the column version.

Version	v12	v11	v10	v9	v8	v7	v6	v5	v4	v3	v2	v1	Base
v13	v12	v11	v10	v9	v8	v7	v6	v5	v4	v3	v2	v1	Base
v12		v11	v10	v9	v8	v7	v6	v5	v4	v3	v2	v1	Base
v11			v10	v9	v8	v7	v6	v5	v4	v3	v2	v1	Base
v10				v9	v8	v7	v6	v5	v4	v3	v2	v1	Base
v9					v8	v7	v6	v5	v4	v3	v2	v1	Base
v8						v7	v6	v5	v4	v3	v2	v1	Base
v7							v6	v5	v4	v3	v2	v1	Base
v6								v5	v4	v3	v2	v1	Base
v5									v4	v3	v2	v1	Base
v4										v3	v2	v1	Base
v3											v2	v1	Base
v2												v1	Base
v1													Base

[gemini-code-assist]

Summary of Changes

Hello @joshlf, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request implements a dependency vendoring strategy to enhance the project's reliability and build efficiency. By vendoring dependencies, the project gains better control over crate versions, ensuring compatibility with its MSRV, and mitigates performance issues associated with fetching from crates.io. The aho-corasick crate is the primary example of a dependency brought under this new vendoring system.

Highlights

• Dependency Vendoring: Introduced vendoring for project dependencies by adding .cargo/config.toml files in the root and tools/ directories, directing Cargo to use local vendor directories instead of crates.io.
• MSRV Compatibility & Performance: Simplified logic for Minimum Supported Rust Version (MSRV) compatibility by removing explicit version pinning for several development dependencies in Cargo.toml. This change also addresses a performance bottleneck related to slow crates.io index updates.
• Aho-Corasick Crate Vendored: The aho-corasick crate, along with its extensive source code, documentation, and license files, has been added to tools/vendor/, indicating it is now a vendored dependency.
• Build Script Update: Modified cargo.sh to ensure that Cargo correctly picks up the vendored dependency configuration by changing the working directory to tools before building cargo-zerocopy.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Ignored Files

• Ignored by pattern: .github/workflows/** (1)
  • .github/workflows/ci.yml

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request vendors dependencies to address MSRV compatibility and to improve build performance by avoiding updates to the crates.io index. The approach taken is to use .cargo/config.toml files to redirect dependency resolution to local vendor directories, which is the standard method for vendoring in Cargo. The changes for the tools directory, including its own vendoring setup, appear correct and self-contained. However, there's a critical issue with the configuration at the root level that will likely break the build for the main crate.

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 91.90%. Comparing base (43736bd) to head (76961c5).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #2883   +/-   ##
=======================================
  Coverage   91.90%   91.90%           
=======================================
  Files          20       20           
  Lines        5883     5883           
=======================================
  Hits         5407     5407           
  Misses        476      476           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.