xxchan commented on issue #6672:
guess serde has breaking changes
jameysharp commented on issue #6672:
Thank you for this PR! Keeping dependencies up to date is a good idea. I'm curious though: What prompted you to update these specific dependencies?
We'll need to evaluate the
cargo vet
changes separately from the actual dependency updates here. We've generally been having a core-team member merge any changes tosupply-chain/
first, and then asking contributors to rebase on top. In this case, we need to take some time to evaluate whether we want to trust the same publishers that Mozilla does.I'll bring this up at tomorrow's Wasmtime meeting, and try to get consensus soon so we can merge the rest of your PR.
xxchan commented on issue #6672:
I'm curious though: What prompted you to update these specific dependencies?
Mainly just because of duplicated dependencies introduced when adding wasmtime as a dependency.
jameysharp commented on issue #6672:
Since #6697 has merged, this PR should be easier to land now.
Prompted by this PR, I'm now investigating some potential issues in the zstd crate dependency tree. Let's not try to upgrade that until I've sorted things out. But if you'd like to rebase the rest of the changes on current
main
we can see whatcargo vet
stuff I missed, if anything.
Last updated: Dec 23 2024 at 12:05 UTC