Skip to content

chore: update dependencies and workflows#52

Merged
SuaveIV merged 3 commits into
mainfrom
chore/update-deps
Jul 5, 2026
Merged

chore: update dependencies and workflows#52
SuaveIV merged 3 commits into
mainfrom
chore/update-deps

Conversation

@SuaveIV

@SuaveIV SuaveIV commented Jul 5, 2026

Copy link
Copy Markdown
Owner

This updates nu-plugin and nu-protocol to 0.113.1 to fix #51.

I also noticed a backlog of dependabot PRs for our cargo and github actions dependencies. I rolled those bumps in here so we can get them out of the way all at once.

Summary by CodeRabbit

  • Chores
    • Updated release and security workflows to use newer pinned GitHub Actions versions.
    • Bumped Rust dependencies, including chrono, nu-plugin, and nu-protocol, to newer releases.
  • Documentation
    • Updated the PR/release notes text to reflect the latest dependency and workflow updates.

@coderabbitai

coderabbitai Bot commented Jul 5, 2026

Copy link
Copy Markdown

Review Change Stack

Warning

Review limit reached

@SuaveIV, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 47 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 0704fe19-8875-4a0f-9ee7-b20d1eb03a31

📥 Commits

Reviewing files that changed from the base of the PR and between 12a4e86 and f9441f1.

⛔ Files ignored due to path filters (1)
  • Cargo.lock is excluded by !**/*.lock
📒 Files selected for processing (5)
  • .github/workflows/codeql.yml
  • .github/workflows/release-arm64.yml
  • .github/workflows/release.yml
  • Cargo.toml
  • dist-workspace.toml
📝 Walkthrough

Walkthrough

This PR bumps pinned GitHub Actions versions across codeql.yml, release-arm64.yml, and release.yml, and updates Cargo dependencies chrono (0.4.41→0.4.45), nu-plugin and nu-protocol (0.112.0→0.113.1). commit.txt and pr_body.txt are updated to document the changes.

Changes

Dependency and GitHub Actions Updates

Layer / File(s) Summary
Cargo dependency bumps
Cargo.toml, commit.txt, pr_body.txt
chrono bumped to 0.4.45, nu-plugin and nu-protocol bumped to 0.113.1; commit message and PR body text updated to reflect these bumps and reference bundled Dependabot updates.
CodeQL workflow pin update
.github/workflows/codeql.yml
actions/checkout pin updated from v6.0.2 to v7.0.0.
ARM64 release workflow pin updates
.github/workflows/release-arm64.yml
actions/checkout bumped to v7.0.0, actions/attest-build-provenance bumped to v4.1.1, softprops/action-gh-release bumped to v3.0.1.
Release workflow pin updates
.github/workflows/release.yml
actions/checkout, actions/upload-artifact, actions/download-artifact, and actions/attest-build-provenance pins updated across the plan, build-local-artifacts, build-global-artifacts, host, and announce jobs.

Estimated code review effort: 2 (Simple) | ~10 minutes

Possibly related PRs

  • SuaveIV/nu_plugin_audio#12: Both PRs pin/bump the same GitHub Actions (actions/checkout, attest-build-provenance) in release.yml and release-arm64.yml.

Poem

A hop, a skip, a version bump,
nu-protocol clears the last speed bump.
Checkout pinned to v7 anew,
chrono ticks at point-four-five-oh-two... wait, five! 🐰
Carrots to CI, all green, all bright,
this bunny's CD sails through the night. 🥕

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly summarizes the dependency and workflow updates in the PR.
Linked Issues check ✅ Passed The PR updates nu-plugin and nu-protocol to 0.113.1, satisfying issue #51's requested Nushell compatibility bump.
Out of Scope Changes check ✅ Passed The extra Cargo and GitHub Actions version bumps are explicitly part of the PR objectives, so no unrelated changes stand out.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch chore/update-deps

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@SuaveIV SuaveIV self-assigned this Jul 5, 2026
Bumping nu-plugin and nu-protocol to 0.113.1 to close #51. I also rolled in all the open dependabot bumps for chrono, log, and the github actions workflows so we can clear out that queue.
@SuaveIV SuaveIV force-pushed the chore/update-deps branch from 12a4e86 to e8e75d8 Compare July 5, 2026 00:18

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/release-arm64.yml:
- Around line 83-87: The release upload step in the workflow is redundant
because the runner already has gh available and the repo’s release job uses gh
release create directly. Remove the softprops/action-gh-release step from the
arm64 workflow and switch the upload logic to the native gh CLI so it matches
the existing release.yml host job and reduces third-party dependency usage; keep
the provenance attestation step intact.

In @.github/workflows/release.yml:
- Line 58: The pinned GitHub Actions in the release workflow are missing the
trailing version comments, which makes these SHA pins harder to audit
consistently. Update each occurrence of the affected action references in the
workflow jobs that use actions/checkout, actions/upload-artifact,
actions/download-artifact, and actions/attest-build-provenance so they match the
same “# vX.X.X” annotation pattern used in the sibling workflow files. Keep the
SHA pins unchanged and only add the matching version comment next to each unique
action reference.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 1b3b69f6-43f8-4664-b329-3c66155d5974

📥 Commits

Reviewing files that changed from the base of the PR and between 645d6da and 12a4e86.

⛔ Files ignored due to path filters (1)
  • Cargo.lock is excluded by !**/*.lock
📒 Files selected for processing (6)
  • .github/workflows/codeql.yml
  • .github/workflows/release-arm64.yml
  • .github/workflows/release.yml
  • Cargo.toml
  • commit.txt
  • pr_body.txt

Comment thread .github/workflows/release-arm64.yml Outdated
Comment thread .github/workflows/release.yml
SuaveIV added 2 commits July 4, 2026 20:24
I completely missed that the release workflow was generated by cargo-dist. We need to update the SHAs in dist-workspace.toml too, otherwise the next dist run will just revert everything. This commit syncs them up.
Switched the release upload step in the ARM64 workflow to use the native `gh` CLI rather than relying on `softprops/action-gh-release`. Since the runner already has the CLI available and our primary release job uses it, this cuts down on an unnecessary third-party dependency.
@SuaveIV SuaveIV merged commit 4824e2e into main Jul 5, 2026
3 checks passed
@SuaveIV SuaveIV deleted the chore/update-deps branch July 5, 2026 00:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Update to nu 0.113.1

1 participant