a1phyr opened PR #5513 from update_deps
to main
:
<!--
Please ensure that the following steps are all taken care of before submitting
the PR.
[ ] This has been discussed in issue #..., or if not, please tell us why
here.[ ] A short description of what this does, why it is needed; if the
description becomes long, the matter should probably be discussed in an issue
first.[ ] This PR contains test cases, if meaningful.
- [ ] A reviewer from the core maintainer team has been assigned for this PR.
If you don't know who could review this, please indicate so. The list of
suggested reviewers on the right can help you.Please ensure all communication adheres to the code of conduct.
-->This update dependencies of the project to keep up with the ecosystem
a1phyr updated PR #5513 from update_deps
to main
.
alexcrichton submitted PR review.
alexcrichton created PR review comment:
Note that even upgrades such as this should have a
notes
listed for what was checked during the audit. Can you fill this in a bit? I looked at the diff myself and everything looks ok, but it would be good to mention here that dependency updates happened, some minor code movement, but nothing out of scope of whataddr2line
is supposed to do.
alexcrichton created PR review comment:
Like the addr2line update above, it'd be good to have a brief
notes
here as well.
alexcrichton created PR review comment:
Like the above updates it'd be good to add a
notes
here (the changes all look fine to me at least in the diff)
alexcrichton created PR review comment:
Testing locally I think this may no longer be necessary?
alexcrichton created PR review comment:
Note that despite this it's still good to glance at the changes because I suspect this isn't maintained with a ton of process but rather works the same way that most other open source projects work.
Looking at the diff myself, though, nothing looks amiss. (but would be goo to mention here as well)
alexcrichton submitted PR review.
alexcrichton created PR review comment:
Is this still necessary? I think that wasmtime is using 0.29.0 so the above audit for that version should be good enough.
alexcrichton created PR review comment:
We're trying to avoid any new exceptions here, even for minor updates like this. What you can do, though, is audit the 0.7.6 to 0.8.2 diff which should be smaller than auditing the entire crate. We arbitrarily chose 0.7.6 as "safe to deploy" during the initial import, so it's ok to go relative to that.
a1phyr updated PR #5513 from update_deps
to main
.
a1phyr submitted PR review.
a1phyr created PR review comment:
Done
a1phyr submitted PR review.
a1phyr created PR review comment:
Done too
a1phyr submitted PR review.
a1phyr created PR review comment:
Done
a1phyr submitted PR review.
a1phyr created PR review comment:
cargo vet
got confused with existing imports
a1phyr requested alexcrichton for a review on PR #5513.
a1phyr updated PR #5513 from update_deps
to main
.
a1phyr updated PR #5513 from update_deps
to main
.
a1phyr updated PR #5513 from update_deps
to main
.
alexcrichton has enabled auto merge for PR #5513.
alexcrichton submitted PR review.
alexcrichton merged PR #5513.
Last updated: Dec 23 2024 at 12:05 UTC