If there are new/removed/changed MVs, then an already built MvIndex should no longer be re-used, and we should treat the change set as though it does not currently have an MvIndex at all.
We now have a way for all MVs that derive si_frontend_mv_types_macros::MV to automatically register themselves using the inventory crate, so that we have an always-up-to-date list of all MV kinds that have been defined. This allows us to do things that would require maintaining a list of all MV kinds, without having to manually do so. For example: Making sure all cross-MV dependencies are accounted for, and making sure that a MvIndex we are returning knew about all of the MV kinds that exist currently when it was built.
The structs that derive si_frontend_mv_types_macros::MV now also provide a "definition checksum" that consists of making a Checksum from the stringified field names & types of the struct (in the order they appear in the code). This now lets us easily detect if the structure of an MV has changed to be able to invalidate the MvIndex more easily.
Because the MvIndex now includes a checksum of all of the definition checksums of all of the MVs that it could potentially include, this means that we can now detect if an MvIndex was built to include all of the current MVs, even if the workspace snapshot it is indexing would not have included instances of all of the possible MV kinds.
What this DOES NOT currently handle:
-
Changes to the shape of types that the MV uses. Because the checksums are built from the field names and the text of the types used, it only detects direct changes to the struct that derives si_frontend_mv_types_macros::MV. We will want to eventually be able to detect this kind of "indirect" change, and the way forward to do that will probably be along the lines of a similar inventory registration system for types that derive si_frontend_mv_types_macros::FrontendChecksum as everything an MV uses must also implement that. ActionViewList is an example of an MV that this caveat currently applies to. Changes to ActionView would not be detected as it does not derive si_frontend_mv_types_macros::MV, only ActionViewList does.
-
Type aliases. If the field of an MV uses a type alias (type Foo = Bar;) and that type alias is changed (type Foo = u8;) this WILL NOT be detected as Rust's procedural macros have no ability to do the kind of type inspection necessary to detect this. DO NOT USE TYPE ALIASES IN MVs UNLESS ABSOLUTELY NECESSARY.
Dependency Review
✅ No vulnerabilities or OpenSSF Scorecard issues found.
OpenSSF Scorecard
| Package | Version | Score | Details |
|---|
| cargo/cc | 1.2.25 |
:green_circle: 6.3 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 8 | Found 11/13 approved changesets -- score normalized to 8 | | Maintained | :green_circle: 10 | 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Packaging | :warning: -1 | packaging workflow not detected | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 | | License | :green_circle: 10 | license file detected | | Fuzzing | :warning: 0 | project is not fuzzed | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Signed-Releases | :warning: -1 | no releases found | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Security-Policy | :green_circle: 10 | security policy file detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 |
|
| cargo/inventory | 0.3.20 |
:green_circle: 4.7 | Details| Check | Score | Reason |
|---|
| Code-Review | :warning: 1 | Found 4/23 approved changesets -- score normalized to 1 | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Packaging | :warning: -1 | packaging workflow not detected | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 | | Maintained | :warning: 0 | 1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Token-Permissions | :green_circle: 10 | GitHub workflow tokens follow principle of least privilege | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | Fuzzing | :warning: 0 | project is not fuzzed | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Security-Policy | :green_circle: 3 | security policy file detected | | Branch-Protection | :warning: 0 | branch protection not enabled on development/release branches | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 |
|
| cargo/lock_api | 0.4.13 |
:green_circle: 4.6 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 8 | Found 15/18 approved changesets -- score normalized to 8 | | Maintained | :green_circle: 4 | 4 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 4 | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Packaging | :warning: -1 | packaging workflow not detected | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | Security-Policy | :warning: 0 | security policy file not detected | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Fuzzing | :warning: 0 | project is not fuzzed | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Branch-Protection | :warning: 0 | branch protection not enabled on development/release branches | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 |
|
| cargo/parking_lot | 0.12.4 |
:green_circle: 4.6 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 8 | Found 15/18 approved changesets -- score normalized to 8 | | Maintained | :green_circle: 4 | 4 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 4 | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Packaging | :warning: -1 | packaging workflow not detected | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | Security-Policy | :warning: 0 | security policy file not detected | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Fuzzing | :warning: 0 | project is not fuzzed | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Branch-Protection | :warning: 0 | branch protection not enabled on development/release branches | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 |
|
| cargo/parking_lot_core | 0.9.11 |
:green_circle: 4.6 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 8 | Found 15/18 approved changesets -- score normalized to 8 | | Maintained | :green_circle: 4 | 4 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 4 | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Packaging | :warning: -1 | packaging workflow not detected | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | Security-Policy | :warning: 0 | security policy file not detected | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Fuzzing | :warning: 0 | project is not fuzzed | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Branch-Protection | :warning: 0 | branch protection not enabled on development/release branches | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 |
|
Scanned Files
systeminit
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}