chore: periodic maintenance — deps refresh and spec/doc alignment#105
Merged
Conversation
Updates non-breaking dependency versions in the lockfile: - tokio 1.50 -> 1.52 - reqwest 0.13.2 -> 0.13.3 - rustls 0.23.37 -> 0.23.40 - rustls-platform-verifier 0.6 -> 0.7 - tower-http 0.6.8 -> 0.6.10 - pyo3 0.28.2 -> 0.28.3 - and other transitive updates All workspace tests, clippy, doc build, and release build pass.
…urface Recent feature additions (etag, metadata, word_count, redirect_chain, is_paywall on the response; content_focus, if_none_match, if_modified_since on the request) were implemented but never reflected in specs/initial.md or the README response table. Add them, document PageMetadata fields, add a request-fields table, and bump the threat model verification date after re-running the documented checks.
release.yml dispatches publish.yml explicitly because GitHub does not
fire the release.published event for releases created via the default
GITHUB_TOKEN. Reflect this in the spec so the apparent gap between
spec ('rely on the published-release event') and code ('gh workflow run
publish.yml') is explained, not a drift.
Rust 1.95 ships a stricter `clippy::collapsible_match` lint that flags nested `if cond` patterns inside `match` arms. Apply `cargo clippy --fix` across html_to_markdown, html_to_text, extract_headings, strip_boilerplate, and extract_metadata in convert.rs (13 sites) to move the inner conditions into match-arm guards. Pure refactor — no behavior change; all 420+ unit/integration/doctests still pass.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Periodic maintenance pass per
specs/maintenance.md:Cargo.lockto latest compatible versions (tokio 1.50→1.52, reqwest 0.13.2→0.13.3, rustls 0.23.37→0.23.40, rustls-platform-verifier 0.6→0.7, tower-http 0.6.8→0.6.10, pyo3 0.28.2→0.28.3, and transitive cleanups).specs/initial.mdand the README missed recent FetchRequest/FetchResponse expansions (PRs feat(convert): add structured metadata extraction from HTML pages #77–82). Add the new fields: request gainscontent_focus,if_none_match,if_modified_since; response gainsetag,metadata(withPageMetadatashape),word_count,redirect_chain,is_paywall. README gets a new Request Fields table and an expanded Response Fields table.http://127.0.0.1, proxy env ignored on a hardened build, MCPinitializesmoke). Bumped "Last verified" from 2026-03-13 to 2026-05-17.release.ymldispatchespublish.ymlexplicitly (defaultGITHUB_TOKENdoes not fire the downstreamrelease.publishedworkflow event).[Unreleased].Why
Specs had drifted from implementation, the README under-documented the response surface, and the threat-model verification date was stale. Lockfile refresh keeps us on current upstream security fixes (rustls/hyper/tokio family). Release spec clarified to avoid future confusion when someone audits the workflow vs. the spec.
How
cargo update(no manifest changes; non-breaking).crates/fetchkit/src/types.rsand added the missing field documentation inspecs/initial.mdandREADME.mdverbatim.specs/threat-model.md.Risk
-D warnings, doctests, doc build (-D warnings), and--releasebuild pass locally.cargo auditagainst the current RustSec database reports 0 vulnerabilities.Checklist
cargo fmt --all -- --checkcargo clippy --workspace --all-targets -- -D warningscargo test --workspace --exclude fetchkit-python(all suites green)RUSTDOCFLAGS="-D warnings" cargo doc --workspace --exclude fetchkit-python --no-depscargo build --workspace --exclude fetchkit-python --releasecargo run -p fetchkit --example fetch_urls(6/6 pass)cargo run -p fetchkit --example save_to_file(6/6 pass)initializesmoke against release binaryspecs/initial.md,specs/threat-model.md,specs/release-process.md)README.md)CHANGELOG.md[Unreleased]populatedGenerated by Claude Code