Vendor dependencies

[joshlf]

This allows us to simplify the logic which ensures that we never depend
on crate versions which are incompatible with our MSRV. It also avoids a
performance bottleneck on our MSRV in which updating the crates.io index
is very slow.

---

• 👉 Vendor dependencies #2883

[gemini-code-assist]

Summary of Changes

Hello @joshlf, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request implements a dependency vendoring strategy to enhance the project's reliability and build efficiency. By vendoring dependencies, the project gains better control over crate versions, ensuring compatibility with its MSRV, and mitigates performance issues associated with fetching from crates.io. The aho-corasick crate is the primary example of a dependency brought under this new vendoring system.

Highlights

• Dependency Vendoring: Introduced vendoring for project dependencies by adding .cargo/config.toml files in the root and tools/ directories, directing Cargo to use local vendor directories instead of crates.io.
• MSRV Compatibility & Performance: Simplified logic for Minimum Supported Rust Version (MSRV) compatibility by removing explicit version pinning for several development dependencies in Cargo.toml. This change also addresses a performance bottleneck related to slow crates.io index updates.
• Aho-Corasick Crate Vendored: The aho-corasick crate, along with its extensive source code, documentation, and license files, has been added to tools/vendor/, indicating it is now a vendored dependency.
• Build Script Update: Modified cargo.sh to ensure that Cargo correctly picks up the vendored dependency configuration by changing the working directory to tools before building cargo-zerocopy.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Ignored Files

• Ignored by pattern: .github/workflows/** (1)
  • .github/workflows/ci.yml

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request vendors dependencies to address MSRV compatibility and to improve build performance by avoiding updates to the crates.io index. The approach taken is to use .cargo/config.toml files to redirect dependency resolution to local vendor directories, which is the standard method for vendoring in Cargo. The changes for the tools directory, including its own vendoring setup, appear correct and self-contained. However, there's a critical issue with the configuration at the root level that will likely break the build for the main crate.

[gemini-code-assist]

This configuration file redirects Cargo to use a local vendor directory for crates.io dependencies. However, the corresponding vendor directory at the root of the repository is not included in this pull request. While the tools directory has its own tools/vendor directory added, the main crate's dependencies (especially the dev-dependencies that were unpinned in Cargo.toml) will not be found. This will cause builds and tests for the main zerocopy crate to fail.

Please either add the root vendor directory or remove this configuration file if it's not intended to be part of this change.