chore: sync from monorepo @46bbacc#28
Conversation
|
Warning Rate limit exceeded
To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (22)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Review rate limit: 0/1 reviews remaining, refill in 59 minutes and 6 seconds.Comment |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request performs a broad cleanup of the codebase, including the removal of configuration files like .gitignore and osv-scanner.toml, refactoring range checks into explicit comparisons, and adjusting Clippy attributes. However, several critical issues were identified: the downgrade of the rand crate re-introduces a known security vulnerability (RUSTSEC-2026-0097), and the removal of osv-scanner.toml deletes essential security context for vulnerability management. Additionally, removing the clippy::too_many_arguments suppression on the initialize_property handler is expected to break CI builds given the function's high argument count.
| "log", | ||
| "lz4", | ||
| "rand 0.8.6", | ||
| "rand 0.8.5", |
There was a problem hiding this comment.
Downgrading rand from 0.8.6 to 0.8.5 (and 0.9.3 to 0.9.2 elsewhere in this file) re-introduces a known unsoundness issue (RUSTSEC-2026-0097) where rand::rng() can be unsound when a custom logger is installed. The removed osv-scanner.toml explicitly identified the newer versions as the fixed ones. This regression should be reverted unless there is a specific compatibility requirement forcing the older versions.
| /// * `fee_lamports` – per-crossing fee (0 = free) | ||
| /// * `treasury` – SOL account that receives crossing fees | ||
| #[allow(clippy::too_many_arguments)] | ||
| pub fn handler( |
There was a problem hiding this comment.
The removal of #[allow(clippy::too_many_arguments)] here will likely cause Clippy to fail in CI, as the handler function takes 9 arguments, exceeding the default threshold of 7. Since the global allow in lib.rs was also removed, this attribute should be restored to maintain CI stability.
| pub fn handler( | |
| #[allow(clippy::too_many_arguments)] | |
| pub fn handler( |
| @@ -1,58 +0,0 @@ | |||
| # OSV-Scanner configuration for resq-software/programs. | |||
There was a problem hiding this comment.
Removing this configuration file deletes important security context and rationales for ignoring transitive vulnerabilities that are currently blocked by upstream dependencies (like Anchor or Solana). This will likely cause security scanning tools to fail in CI without providing the necessary context for the ignores. If security configuration is being centralized in the monorepo, ensure these rationales are preserved at the root level.
1 participant
Automated sync from resq-software/resQ@
46bbacc.Review before merging — direct pushes to standalone repos are preserved.