From 51843230859ef39344c0b67daa9049ead87ec49c Mon Sep 17 00:00:00 2001 From: nsfisis Date: Tue, 2 Jun 2026 23:58:38 +0900 Subject: feat(resolver): port SecurityAdvisoryPoolFilter::filter Implement the security advisory pool filter end to end, plus the remaining actionable wirings it unblocked. - Unify the PartialSecurityAdvisory|SecurityAdvisory union as the PartialOrFullSecurityAdvisory enum and make the advisory types Clone, so advisories can be collected and stored; Pool.security_removed_versions now carries the union. This also unblocks PoolOptimizer's clone of the security-removed versions. - Thread the filter result through run_security_advisory_filter/build_pool as anyhow::Result. - Introduce typed PlatformRepositoryHandle and pass platform repos as handles through determine_requirements instead of &PlatformRepository. - Wire RuleSetGenerator's is_unacceptable_fixed_or_locked_package check and UpdateCommand's non-locked installed-packages branch. Co-Authored-By: Claude Opus 4.8 (1M context) --- crates/shirabe/src/dependency_resolver/rule_set_generator.rs | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'crates/shirabe/src/dependency_resolver/rule_set_generator.rs') diff --git a/crates/shirabe/src/dependency_resolver/rule_set_generator.rs b/crates/shirabe/src/dependency_resolver/rule_set_generator.rs index fece1e4..5979f63 100644 --- a/crates/shirabe/src/dependency_resolver/rule_set_generator.rs +++ b/crates/shirabe/src/dependency_resolver/rule_set_generator.rs @@ -309,9 +309,11 @@ impl RuleSetGenerator { for package in request.get_fixed_packages().values() { if package.get_id() == -1 { // fixed package was not added to the pool as it did not pass the stability requirements, this is fine - // TODO(phase-c): wire Pool::is_unacceptable_fixed_or_locked_package(package) here; - // the package handle and the pool's identity check are now both handle-based. - if todo!("is_unacceptable_fixed_or_locked_package with a request package handle") { + if self + .pool + .borrow() + .is_unacceptable_fixed_or_locked_package(package.clone()) + { continue; } -- cgit v1.3.1