Skip to content

Upgrade all Sourcemeta dependencies#786

Merged
jviotti merged 1 commit into
mainfrom
all-deps
Jun 24, 2026
Merged

Upgrade all Sourcemeta dependencies#786
jviotti merged 1 commit into
mainfrom
all-deps

Conversation

@jviotti

@jviotti jviotti commented Jun 24, 2026

Copy link
Copy Markdown
Member

Signed-off-by: Juan Cruz Viotti jv@jviotti.com

Review in cubic

Signed-off-by: Juan Cruz Viotti <jv@jviotti.com>

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 160 files

Note: This PR contains a large number of files. cubic only reviews up to 100 files per PR, so some files may not have been reviewed. cubic prioritizes the most important files to review.
On a pro plan you can use ultrareview for larger PRs.

Re-trigger cubic

@augmentcode

augmentcode Bot commented Jun 24, 2026

Copy link
Copy Markdown
🤖 Augment PR Summary

Summary: This PR updates the repository’s vendored Sourcemeta stack (notably core, blaze, and jsonbinpack) to newer upstream revisions.

Changes:

  • Bumps dependency SHAs in DEPENDENCIES files and refreshes the corresponding vendor trees.
  • Blaze: adds an enum_split_by_type canonicalization rule and updates canonical schema documents to reflect stricter enum typing.
  • Blaze compiler: introduces an annotations tweak and centralizes “should we emit annotations?” decisions via annotations_enabled.
  • Core: adds a new langtag component (BCP 47 structural validation) and expands ASCII text helpers (is_alpha/is_digit/is_alphanum).
  • Core URI: adds IRI support (UTF-8 decoding helper, IRI parsing/canonicalization/recomposition adjustments, and propagation through resolve/rebase).
  • Core YAML: wraps parse errors from file reads with a new file-aware error type for improved diagnostics.
  • Build/infra: raises CMake minimum, improves clang-tidy wheel installation layout, and relaxes warnings-as-errors for vendored GoogleTest.

Technical Notes: Several changes aim to make parsing/normalization non-throwing (avoiding string_view::substr out-of-range throws) and improve determinism around global library state (e.g., cmark-gfm mutex).

🤖 Was this summary useful? React with 👍 or 👎

@augmentcode augmentcode Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review completed. 4 suggestions posted.

Fix All in Augment

Comment augment review to trigger a new review at any time.

} else if ((static_cast<unsigned char>(character) & 0x80U) != 0U) {
// Accept the non-ASCII characters permitted by RFC 3987, so that IRI
// paths are handled in addition to URI paths
const auto decoded{sourcemeta::core::utf8_decode(output, index)};

@augmentcode augmentcode Bot Jun 24, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

canonicalize_path now accepts literal RFC 3987 ucschar bytes, but it still only runs uri_unescape_unreserved_inplace, so percent-encoded UTF-8 for ucschar won’t normalize to the same form as the literal path. This can make URI::strip_path_prefix/rebase_path fail for equivalent IRI paths depending on whether they were encoded or literal.

Severity: medium

Fix This in Augment

🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.


return result;
return result;
} catch (const YAMLParseError &error) {

@augmentcode augmentcode Bot Jun 24, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Catching YAMLParseError here will also catch derived YAML error types and rethrow them as YAMLFileParseError, which may break callers that rely on distinguishing specific subclasses. If the intent is “add path context”, consider whether preserving the original dynamic type matters for your API surface.

Severity: medium

Fix This in Augment

🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.

bool format_assertion{false};
/// Select which keywords emit annotations in exhaustive mode. When not set,
/// every annotation keyword is emitted
std::optional<std::unordered_set<sourcemeta::core::JSON::StringView>>

@augmentcode augmentcode Bot Jun 24, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tweaks::annotations stores JSON::StringView inside an owning unordered_set, so if callers populate it from non-static/temporary strings the set can outlive the referenced storage and later lookups become undefined behavior. This seems like a footgun unless the required lifetime constraints are enforced or clearly documented.

Severity: medium

Fix This in Augment

🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.

this->root_.variable != nullptr;
}

return true;

@augmentcode augmentcode Bot Jun 24, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

URITemplateRouter::describes() currently returns true for any path that can be walked to an existing node, even if the final node has identifier == 0 and no children (e.g., stale nodes after route replacement). That can cause describes() to report paths as described even though no registered route/prefix/capture actually matches them.

Severity: medium

Other Locations
  • vendor/core/src/core/uritemplate/uritemplate_router_view.cc:754

Fix This in Augment

🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.

@jviotti jviotti merged commit 6800b2a into main Jun 24, 2026
15 checks passed
@jviotti jviotti deleted the all-deps branch June 24, 2026 16:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant