mirror of https://github.com/huggingface/xet-core.git synced 2026-06-04 13:30:29 +08:00

Files

Assaf Vayner 5868f64ab9 fixing some issues identified in cargo audit (#802 )

CI for hf-hub is running cargo audit and found many issues through
hf-xet transitive deps. this PR attempts to solve some of them (not
necessarily all of them).

Main changes:
- dropped derivative and reqwest-retry
- replaced bincode with postcard, only used in testing
- upgrade xet-core rand usage
- added audit CI step and ignoring some issues that we can't easily fix.





<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Medium risk because it removes `reqwest-retry`/`derivative` and
replaces part of the retry classification logic with an in-house
equivalent, which could subtly change HTTP retry behavior; the remaining
changes are dependency/version bumps and test-only serialization swaps.
> 
> **Overview**
> Adds a new CI `cargo audit` job and introduces `.cargo/audit.toml` to
ignore a small set of **dev-only** RustSec advisories with documented
rationale.
> 
> Reduces audit surface by dropping `derivative` (manual `Debug` impl
for `AuthConfig`) and removing `reqwest-retry`, replacing its
status-code classification with a local `Retryable` enum +
`default_on_request_success` helper in `RetryWrapper`.
> 
> Updates workspace deps (notably `rand` to `0.10` and `rand_distr` to
`0.6`) and adjusts call sites to the newer `rand` APIs (`RngExt`
imports, minor test/bench tweaks). Test-only binary serialization
switches from `bincode` to `postcard` (and updates affected tests), with
corresponding lockfile updates across crates.
> 
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
26377f4a1c. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

2026-04-20 14:49:48 -07:00

README.md

Code reorganization towards release of xet cargo package (#693 )

2026-03-11 12:02:38 -07:00

update_260304_cas_xorb_name_clarification.md

Code reorganization towards release of xet cargo package (#693 )

2026-03-11 12:02:38 -07:00

update_260309_package_restructure.md

Code reorganization towards release of xet cargo package (#693 )

2026-03-11 12:02:38 -07:00

update_260313_progress_tracking_redesign.md

Simplify progress tracking + Unify Task ID tracking + Legacy Interface (#726 )

2026-03-18 18:07:43 -07:00

update_260316_unify_upload_download_sync_async.md

Unify sync and async download/upload groups in session interface. (#719 )

2026-03-16 13:33:46 -07:00

update_260316_v2_reconstruction_multirange.md

V2 reconstruction with client-side optional single range splitting (#703 )

2026-03-16 14:10:50 -07:00

update_260316_xet_config_get_set_python.md

Optimize config struct for direct access in python (#706 )

2026-03-16 12:23:43 -07:00

update_260316_xet_file_info_sha256.md

Add optional Sha256 hash propegation through XetFileInfo object. (#718 )

2026-03-16 16:05:49 -07:00

update_260318_anyhow_removal_error_alias_cleanup.md

Error unification and cleanup (#737 )

2026-03-19 16:34:28 -07:00

update_260318_optional_file_size.md

Implement optional range specification for downloads. (#735 )

2026-03-20 00:14:52 -07:00

update_260319_session_runtime_bridge_unification.md

Move session runtime decisions to XetRuntime (#742 )

2026-03-20 20:23:15 -07:00

update_260319_streaming_downloads.md

Add ordered and unordered download streaming to session interface (#729 )

2026-03-20 14:40:18 -07:00

update_260320_chunk_hash_range_composable_aggregation.md

Composable Hash Functionality (#745 )

2026-03-27 08:38:59 -07:00

update_260326_taskruntime_cancellation_progress_snapshot.md

Session API Polish; unify task handling/cancellation behavior. (#747 )

2026-03-27 07:54:37 -07:00

update_260328_simulation_global_dedup_expiration_and_config_controls.md

Allow shard expiration to be set on global dedup queries for GC simulation (#762 )

2026-03-31 18:35:19 -07:00

update_260330_token_refresh_url.md

fixing some issues identified in cargo audit (#802 )

2026-04-20 14:49:48 -07:00

update_260402_unified_auth_group_builder.md

Refactor XetSession commit / group CAS endpoint and auth configuration (#771 )

2026-04-02 11:07:07 -07:00

README.md

API changes

This folder contains a record of API changes in main. It's indended for AI agents to read in order to correctly apply merges or update dependencies and PRs.

The updates are listed by date in the form: update_<yymmdd>_<description>.md

When applying a merge, rebase, or downstream update, all AI agents should first scan this folder to understand what relevant information may need to be applied.

When creating a PR that involves an API change potentially requiring downstream updates, an AI agent should create such a file. This file should be humanly readable but contain enough information to correctly apply the needed changes without scanning the code.