formula_auditor: audit `no_autobump!` stanza on version bump by botantony · Pull Request #21550 · Homebrew/brew

botantony · 2026-02-09T13:51:48Z

Have you followed the guidelines in our Contributing document?
Have you checked to ensure there aren't other open Pull Requests for the same change?
Have you added an explanation of what your changes do and why you'd like us to include them?
Have you written new tests for your changes? Here's an example.
Have you successfully run brew lgtm (style, typechecking and tests) with your changes locally?

AI was used to generate or assist with generating this PR. Please specify below how you used AI to help you, and what steps you have taken to manually verify the changes.

I skipped cask auditor as there is no casks that use :requires_manual_review

Copilot

Pull request overview

This PR extends Homebrew’s auditing to flag misuse of the no_autobump! because: :requires_manual_review reason not only for new formulae/casks, but also when an existing formula’s version is bumped (using Git history to detect the version change).

Changes:

Rename/expand the shared no_autobump audit helper to support both “new package” and “existing package on version bump” messaging.
Update FormulaAuditor#audit_no_autobump to run an additional audit when the stable version differs from origin/HEAD.
Adjust cask auditing and add/reshape formula auditor specs around the new behavior.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.

File	Description
`Library/Homebrew/utils/shared_audits.rb`	Generalizes the `no_autobump` audit message helper and changes the emitted warning text.
`Library/Homebrew/formula_auditor.rb`	Adds Git-based version-change detection to trigger `no_autobump` auditing on version bumps.
`Library/Homebrew/cask/audit.rb`	Switches to the new shared audit helper for new cask `no_autobump` validation.
`Library/Homebrew/test/formula_auditor_spec.rb`	Adds git-backed test setup and new cases for the version-bump `no_autobump` audit behavior.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Library/Homebrew/test/formula_auditor_spec.rb

Copilot · 2026-02-09T13:57:43Z

Library/Homebrew/utils/shared_audits.rb

-    "`:requires_manual_review` is a temporary reason intended for existing packages, use a different reason instead."
+    msg = new_package ? "use a different reason instead" : "change or remove autobump exclusion reason"
+
+    "`:requires_manual_review` is a temporary to-be deprecated reason, #{msg}."


The warning text reads awkwardly ("temporary to-be deprecated reason"). Consider rephrasing to standard grammar (e.g., "temporary reason slated for deprecation") so the audit output is clear and consistent.

Suggested change

"`:requires_manual_review` is a temporary to-be deprecated reason, #{msg}."

"`:requires_manual_review` is a temporary reason slated for deprecation, #{msg}."

Can you add a #odeprecated somewhere to be uncommented when we're ready to deprecate for the next major/minor release?

Library/Homebrew/test/formula_auditor_spec.rb

I skipped cask auditor as there is no casks that use `:requires_manual_review` Signed-off-by: botantony <antonsm21@gmail.com>

MikeMcQuaid

@botantony Can you explain a bit more what this is doing any why? The PR description doesn't really provide any context. Thanks!

MikeMcQuaid · 2026-02-10T08:14:38Z

Library/Homebrew/utils/shared_audits.rb

-    "`:requires_manual_review` is a temporary reason intended for existing packages, use a different reason instead."
+    msg = new_package ? "use a different reason instead" : "change or remove autobump exclusion reason"
+
+    "`:requires_manual_review` is a temporary to-be deprecated reason, #{msg}."


Can you add a #odeprecated somewhere to be uncommented when we're ready to deprecate for the next major/minor release?

Signed-off-by: botantony <antonsm21@gmail.com>

botantony · 2026-02-10T14:22:28Z

@MikeMcQuaid right now there are a lot of formulae in core that use :requires_manual_review as an autobump exclusion reason. As it was intended to be a temporary reason, it would be good to remind the contributors to do a revision, and either add the package to the autobump list or use a more appropriate reason (f.e. :incompatible_version_format)

See https://machomebrew.slack.com/archives/C06G173B7/p1770641042793459, CC @SMillerDev

MikeMcQuaid

@botantony Sorry, I don't think it makes sense to push this work onto contributors. I wouldn't know based on the instructions from you above or in this PR what needs to be done and how I'd find out. Instead, I'd suggest either you do this work or create an issue to track progress and documentation so maintainers can do it.

bevanjkay · 2026-02-11T11:40:33Z

If we just need visibility on this, without causing CI to fail - what about triaging with a label? It's immediately obvious that a review could be beneficial, but is optional for the reviewer. I'm not sure too what extent labels just become noise?

SMillerDev · 2026-02-11T15:59:25Z

Maybe we can just have the style check remove this version of the no_autobump! stanza? That way it surfaces in PRs so maintainers can check it, and contributors don't need to do extra work.

MikeMcQuaid · 2026-02-11T16:08:06Z

Maybe we can just have the style check remove this version of the no_autobump! stanza? That way it surfaces in PRs so maintainers can check it, and contributors don't need to do extra work.

@SMillerDev how do we know if the autobump will work? I'm maybe missing something but I thought the point of the change was to deliberately have a human verify that these actually work?

SMillerDev · 2026-02-11T16:41:16Z

The build will fail if the autobump results differ from the actual version right? Or is that only for casks?

Copilot AI review requested due to automatic review settings February 9, 2026 13:51

Copilot started reviewing on behalf of botantony February 9, 2026 13:53 View session

Copilot AI reviewed Feb 9, 2026

View reviewed changes

formula_auditor: audit no_autobump! stanza on version bump

ea885ba

I skipped cask auditor as there is no casks that use `:requires_manual_review` Signed-off-by: botantony <antonsm21@gmail.com>

botantony force-pushed the no_autobump-audit-on-version-bump branch from d71258f to ea885ba Compare February 9, 2026 14:07

MikeMcQuaid reviewed Feb 10, 2026

View reviewed changes

formula: add TODO comment about deprecating :requires_manual_review

c0b205a

Signed-off-by: botantony <antonsm21@gmail.com>

MikeMcQuaid requested changes Feb 11, 2026

View reviewed changes

botantony marked this pull request as draft February 14, 2026 14:55

	"`:requires_manual_review` is a temporary to-be deprecated reason, #{msg}."
	"`:requires_manual_review` is a temporary reason slated for deprecation, #{msg}."

Uh oh!

Comments

Conversation

botantony commented Feb 9, 2026

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Reviewed changes

Uh oh!

Uh oh!

Copilot AI Feb 9, 2026

Choose a reason for hiding this comment

Uh oh!

MikeMcQuaid Feb 10, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!

MikeMcQuaid left a comment

Choose a reason for hiding this comment

Uh oh!

MikeMcQuaid Feb 10, 2026

Choose a reason for hiding this comment

Uh oh!

botantony commented Feb 10, 2026

Uh oh!

MikeMcQuaid left a comment

Choose a reason for hiding this comment

Uh oh!

bevanjkay commented Feb 11, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

SMillerDev commented Feb 11, 2026

Uh oh!

MikeMcQuaid commented Feb 11, 2026

Uh oh!

SMillerDev commented Feb 11, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

bevanjkay commented Feb 11, 2026 •

edited

Loading