Bumps the npm_and_yarn group with 1 update in the /tests directory:
[js-yaml](https://github.com/nodeca/js-yaml).
Updates `js-yaml` from 4.1.0 to 4.1.1
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md">js-yaml's
changelog</a>.</em></p>
<blockquote>
<h2>[4.1.1] - 2025-11-12</h2>
<h3>Security</h3>
<ul>
<li>Fix prototype pollution issue in yaml merge (<<)
operator.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="cc482e7759"><code>cc482e7</code></a>
4.1.1 released</li>
<li><a
href="50968b862e"><code>50968b8</code></a>
dist rebuild</li>
<li><a
href="d092d86603"><code>d092d86</code></a>
lint fix</li>
<li><a
href="383665ff42"><code>383665f</code></a>
fix prototype pollution in merge (<<)</li>
<li><a
href="0d3ca7a27b"><code>0d3ca7a</code></a>
README.md: HTTP => HTTPS (<a
href="https://redirect.github.com/nodeca/js-yaml/issues/678">#678</a>)</li>
<li><a
href="49baadd52a"><code>49baadd</code></a>
doc: 'empty' style option for !!null</li>
<li><a
href="ba3460eb9d"><code>ba3460e</code></a>
Fix demo link (<a
href="https://redirect.github.com/nodeca/js-yaml/issues/618">#618</a>)</li>
<li>See full diff in <a
href="https://github.com/nodeca/js-yaml/compare/4.1.0...4.1.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/google/comprehensive-rust/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Adds materials on the "leveraging the type system/borrow checker
invariants" subject.
I'm still calibrating what's expected subject-and-style wise, so do
spell out things where I've drifted off mark.
---------
Co-authored-by: tall-vase <fiona@mainmatter.com>
Co-authored-by: Dmitri Gribenko <gribozavr@gmail.com>
Bumps the minor group in /src/exercises/bare-metal/rtc with 1 update:
[bitflags](https://github.com/bitflags/bitflags).
Updates `bitflags` from 2.9.4 to 2.10.0
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the minor group in /src/bare-metal/aps/examples with 1 update:
[bitflags](https://github.com/bitflags/bitflags).
Updates `bitflags` from 2.9.4 to 2.10.0
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This PR attempts to rework the lifetimes section to better contextualize
how lifetimes are used and to try to lead through a series of examples
more naturally. I think the current version of the lifetimes section
falls short in a handful of ways that make it hard to teach in class.
For a long time I've been experimenting with different ways to discuss
the topic, and in my recent classes I think I've finally hit on an
approach that works. The changes in this PR capture the approach I've
been using.
The core idea is to contextualize lifetime annotations by looking at
what happens when we return a reference from a function. We start with a
simple example that doesn't return a reference to show that the borrow
ends when the function returns. Then we look at a function that returns
a reference and show that it extends the borrow that was passed into the
function. With that context, we then look at cases where we need
lifetime annotations, specifically examples where there are two ref
arguments and a returned ref. We look at both possible cases: A function
where either of the argument refs may be returned, and a case where only
one will be returned. In both cases we show how we use lifetime
annotations to tell the compiler what the returned ref is borrowing.
I haven't had a chance to use these slides in class yet so I'm putting
this up as a draft PR while I continue to iterate on it so that other
folks can start giving feedback.
Separating the web-tests from building the tests makes it more easy to
spot and override failing web-tests.
This is still testing only the English translation.
There are legitimate warnings coming out of the web-test infrastructure
and should be blocking. But sometimes the tests fail and need to be
overridden.
This is a starting point on how to deal with failures in the web-test
checks. They are supposed to warn for legitimate issues but if they
fail, they can be overridden.
The web-tests will be separated into its own job to better differentiate
if issues in building the English translation or web-testing the English
translation are happening
The new xtask function makes the helper code
- more readable
- more reliable due to better error checking
- be in the same place as other helper functions
- and more aligned to the skillset relevant for contributing in this
repository.
The shell script grew and was not readable for everyone anymore without
deeper knowledge.
mitigates #2941 in a more reliable way but does still not fully fix the
root cause
This is increasing the security of this repository. A standard
GITHUB_TOKEN currently has these permissions.
GITHUB_TOKEN Permissions
Contents: read
Metadata: read
Packages: read
Setting only `contents: read` permission has the effect of removing
Packages permission. Metadata is added automatically.
fixes#2958
This should help both humans and LLMs understand that the glossary is
there to help ensure consistent terminology across the many slides in
the courses.
Way back in #187, I introduced a hacky tool to show the available space
on a slide: it was a `mdbook` plugin which injected the necessary CSS on
each slide. Crude, but it got the job done.
The logic was moved from Python to a real CSS file with associated
JavaScript in #1842. In #1917, the functionality was moved to a
dedicated “instructor menu”, together with functionality for saving the
state of the Playground on each slide.
Unfortunately, the whole thing was disabled in #1935 since I found that
the Playgrounds lost their code with the saving logic. I was also not
100% happy with dedicating space on each slide for a menu only used by
instructors.
However, I really think we need a tool to let slide editors know about
the available space, so I would like to re-introduce the red box. This
time via a keyboard shortcut to make it easy to toggle as needed.
I’m suggesting enabling this for everyone, with the expectation that
most people won’t find the shortcut and will quickly disable the box if
they do (there is a dedicated button to hide it again).
End-to-end tests have been added for the new functionality.
Previously the guide only listed a series of abandoned patches for the
solutions for this part of the guide.
However, we've moved some of these exercises into the Chromium tree as
standalone build targets to make it more convenient for Rust learners.
So, let's make sure they're linked in this guide.
rustsc 1.89.0 says that the values are in PascalCase and will error out
otherwise. Specfic message:
`"module" is not one of ["Preserve","Crate","Module","Item","One"]`
Bumps the cargo group with 1 update in the / directory:
[ammonia](https://github.com/rust-ammonia/ammonia).
Updates `ammonia` from 4.1.1 to 4.1.2
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the minor group with 1 update:
[tempfile](https://github.com/Stebalien/tempfile).
Updates `tempfile` from 3.21.0 to 3.23.0
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the minor group in /src/exercises/bare-metal/rtc with 1 update:
arm-gic.
Updates `arm-gic` from 0.6.1 to 0.7.1
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Andrew Walbran <qwandor@google.com>
In the CI environment, only changes in the current PR are taken into
account.
This speeds up the test process and reduces failure potential if no
Markdown files have been changed.
Mitigates #2941 but does not fix the root cause
- Based on feed back from @mgeisler, update the kbd tag guidance in
GEMINI.md to require wrapping each key in its own tag (e.g.,
`<kbd>Ctrl</kbd> + <kbd>S</kbd>`).
- Apply this new convention to existing content in the `src` directory
to ensure consistency.
Bumps the npm_and_yarn group with 1 update in the /tests directory:
[tar-fs](https://github.com/mafintosh/tar-fs).
Updates `tar-fs` from 3.0.9 to 3.1.1
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0aa57de79e"><code>0aa57de</code></a>
3.1.1</li>
<li><a
href="0bd54cdf06"><code>0bd54cd</code></a>
expand check</li>
<li><a
href="cb1c571fba"><code>cb1c571</code></a>
3.1.0</li>
<li><a
href="374460e997"><code>374460e</code></a>
add optional disablement of symlink validation (<a
href="https://redirect.github.com/mafintosh/tar-fs/issues/119">#119</a>)</li>
<li><a
href="5bfe6dfb9d"><code>5bfe6df</code></a>
3.0.10</li>
<li><a
href="63e12f9474"><code>63e12f9</code></a>
bare support</li>
<li>See full diff in <a
href="https://github.com/mafintosh/tar-fs/compare/v3.0.9...v3.1.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/google/comprehensive-rust/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- Consolidates all guidance related to code block mechanics under a new
top-level heading, "Code Blocks Mechanics".
- Moves the "Rust Code Formatting" guidance to be a subsection under
this new heading.
- The rest of the former "Rust Code" section is now directly under
"Course Slides".
This restructuring improves the logical flow of the style guide by
grouping all code-related formatting and tooling conventions into a
single, easy-to-find section.
Adds a new pedagogical principle to STYLE.md to formalize the course's
core philosophy of live, interactive instruction.
This principle clarifies the expectation that instructors will interact
with code snippets live, use compiler errors as a teaching tool, and
engage with audience questions dynamically.
Adds a new section to STYLE.md to document mandatory conventions for
using `mdbook` and the custom `mdbook-course` preprocessor.
This section mandates the use of YAML frontmatter, outline helpers, and
file includes for exercises, and links to the `mdbook-course` README for
more detailed technical explanations.
Adds a specific style convention to GEMINI.md for formatting keyboard
key combinations using the `<kbd>` tag.
The required format is `<kbd>Ctrl + S</kbd>`, which is consistent with
existing usage in the course. This rule will be enforced by the AI
assistant to ensure uniformity.
- Moves the canonical documentation for code block annotations and
language identifiers into STYLE.md.
- Removes the redundant, partial documentation from GEMINI.md.
- Updates GEMINI.md to instruct the AI assistant to always refer to
STYLE.md for guidance.
This change makes STYLE.md the single source of truth for all markdown
and code style conventions, ensuring consistency for both human and AI
contributors.
