alexcrichton commented on issue #5513:
Thanks for the PR! One thing to note is that we try to be careful about dependencies in Wasmtime, notably we're auditing new dependencies being added. As you've seen this means that dependency updates need to be audited. Additionally we're avoiding adding new exemptions to the audit list, so all updates need to be audited.
While it's ok to update everything here all-at-once, there's a fair amount to audit, so if you'd prefer to split things up into separate PRs I think that would work well too.
github-actions[bot] commented on issue #5513:
Subscribe to Label Action
cc @kubkon
<details>
This issue or pull request has been labeled: "cranelift", "wasi"Thus the following users have been cc'd because of the following labels:
- kubkon: wasi
To subscribe or unsubscribe from this label, edit the <code>.github/subscribe-to-label.json</code> configuration file.
Learn more.
</details>
a1phyr commented on issue #5513:
Is it ok for you if
ahash
is left out as an exception for now ? I reviewed all others updates.
EdorianDark commented on issue #5513:
Thanks for working on this.
alexcrichton commented on issue #5513:
I apologize for a bit of a runaround on what to do about the
cargo vet
entries here. We're still experimenting ourselves how best to handle this. We decided a little bit ago that for dependency updates like this what we'll do is that one of the "trusted reviewers" will merge new vet entries intomain
which the PR can then rebase on top of. To that end I've created https://github.com/bytecodealliance/wasmtime/pull/5778 which creates vet entries for the dependencies being pulled in here, so when that merges could you rebase on that to merge?We independently talked a bit ago about what to do about dependencies transitively used by the standard library and we decided that we would consider updating exemptions based on that but didn't want to record a full audit purely based on the usage in the standard library as well. (mostly just as a heads up, doesn't affect this PR too much with https://github.com/bytecodealliance/wasmtime/pull/5778 having all the necessary vet entries)
Last updated: Dec 23 2024 at 12:05 UTC