mirror of
https://github.com/huggingface/xet-core.git
synced 2026-06-04 13:30:29 +08:00
5868f64ab9
CI for hf-hub is running cargo audit and found many issues through
hf-xet transitive deps. this PR attempts to solve some of them (not
necessarily all of them).
Main changes:
- dropped derivative and reqwest-retry
- replaced bincode with postcard, only used in testing
- upgrade xet-core rand usage
- added audit CI step and ignoring some issues that we can't easily fix.
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> **Medium Risk**
> Medium risk because it removes `reqwest-retry`/`derivative` and
replaces part of the retry classification logic with an in-house
equivalent, which could subtly change HTTP retry behavior; the remaining
changes are dependency/version bumps and test-only serialization swaps.
>
> **Overview**
> Adds a new CI `cargo audit` job and introduces `.cargo/audit.toml` to
ignore a small set of **dev-only** RustSec advisories with documented
rationale.
>
> Reduces audit surface by dropping `derivative` (manual `Debug` impl
for `AuthConfig`) and removing `reqwest-retry`, replacing its
status-code classification with a local `Retryable` enum +
`default_on_request_success` helper in `RetryWrapper`.
>
> Updates workspace deps (notably `rand` to `0.10` and `rand_distr` to
`0.6`) and adjusts call sites to the newer `rand` APIs (`RngExt`
imports, minor test/bench tweaks). Test-only binary serialization
switches from `bincode` to `postcard` (and updates affected tests), with
corresponding lockfile updates across crates.
>
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
26377f4a1c. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
70 lines
1.9 KiB
TOML
70 lines
1.9 KiB
TOML
[package]
|
|
name = "hf-xet"
|
|
version.workspace = true
|
|
edition.workspace = true
|
|
license.workspace = true
|
|
homepage.workspace = true
|
|
repository.workspace = true
|
|
description = "Client library and tooling for the Hugging Face Xet data storage system."
|
|
readme = "README.md"
|
|
keywords = [
|
|
"huggingface",
|
|
"datasets",
|
|
"large-files",
|
|
"deduplication",
|
|
"cloud-storage",
|
|
]
|
|
categories = [
|
|
"artificial-intelligence",
|
|
"asynchronous",
|
|
"data-structures",
|
|
"filesystem",
|
|
]
|
|
|
|
[lib]
|
|
name = "xet"
|
|
path = "src/lib.rs"
|
|
|
|
[dependencies]
|
|
xet-runtime = { version = "1.5.1", path = "../xet_runtime" }
|
|
xet-core-structures = { version = "1.5.1", path = "../xet_core_structures" }
|
|
xet-client = { version = "1.5.1", path = "../xet_client" }
|
|
xet-data = { version = "1.5.1", path = "../xet_data" }
|
|
|
|
async-trait = { workspace = true }
|
|
bytes = { workspace = true }
|
|
http = { workspace = true }
|
|
more-asserts = { workspace = true }
|
|
pyo3 = { workspace = true, optional = true }
|
|
serde = { workspace = true, features = ["derive"] }
|
|
thiserror = { workspace = true }
|
|
tokio = { workspace = true, features = ["net", "time"] }
|
|
tokio-util = { workspace = true }
|
|
tracing = { workspace = true }
|
|
uuid = { workspace = true, features = ["v7"] }
|
|
|
|
[features]
|
|
smoke-test = []
|
|
fd-track = ["xet-runtime/fd-track", "xet-client/fd-track", "xet-data/fd-track"]
|
|
python = ["xet-runtime/python", "dep:pyo3"]
|
|
simulation = ["xet-client/simulation"]
|
|
|
|
[dev-dependencies]
|
|
anyhow = { workspace = true }
|
|
async-std = { workspace = true }
|
|
clap = { workspace = true, features = ["derive"] }
|
|
futures = { workspace = true }
|
|
more-asserts = { workspace = true }
|
|
serde_json = { workspace = true }
|
|
serial_test = { workspace = true }
|
|
smol = { workspace = true }
|
|
tempfile = { workspace = true }
|
|
tokio = { workspace = true, features = [
|
|
"rt-multi-thread",
|
|
"rt",
|
|
"time",
|
|
"macros",
|
|
] }
|
|
tracing-subscriber = { workspace = true }
|
|
wiremock = { workspace = true }
|