Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(deps): bump the prod group across 1 directory with 8 updates #8717

Merged
merged 3 commits into from
Jul 26, 2024
Merged

build(deps): bump the prod group across 1 directory with 8 updates #8717

merged 3 commits into from
Jul 26, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jul 23, 2024

Bumps the prod group with 8 updates in the / directory:

Package From To
clap 4.5.9 4.5.10
toml 0.8.14 0.8.15
tokio 1.38.1 1.39.0
thiserror 1.0.62 1.0.63
tonic 0.12.0 0.12.1
tonic-build 0.12.0 0.12.1
tonic-reflection 0.12.0 0.12.1
syn 2.0.71 2.0.72

Updates clap from 4.5.9 to 4.5.10

Release notes

Sourced from clap's releases.

v4.5.10

[4.5.10] - 2024-07-23

Changelog

Sourced from clap's changelog.

[4.5.10] - 2024-07-23

Commits

Updates toml from 0.8.14 to 0.8.15

Commits
  • 9217e44 chore: Release
  • 003ce94 docs: Update changelog
  • b463f3d Merge pull request #757 from epage/key
  • 3d8852b fix(encode): Be extra sure it can be a literal
  • e1bc1c3 refactor(encode): Pull out literal inference
  • fbb0ac2 test(encode): Add property-based tests for keys/strings
  • 0b268f2 fix(encode): Correct encoding for key with mixed quotes
  • 82c0195 refactor(encode): Make str repr inferring clearer
  • 330b590 refactor(encode): Extract all str repr inferring
  • 00fb5ee test(edit): Add more roundtrip testing
  • Additional commits viewable in compare view

Updates tokio from 1.38.1 to 1.39.0

Release notes

Sourced from tokio's releases.

Tokio v1.39.0

1.39.0 (July 23rd, 2024)

  • This release bumps the MSRV to 1.70. (#6645)
  • This release upgrades to mio v1. (#6635)
  • This release upgrades to windows-sys v0.52 (#6154)

Added

  • io: implement AsyncSeek for Empty (#6663)
  • metrics: stabilize num_alive_tasks (#6619, #6667)
  • process: add Command::as_std_mut (#6608)
  • sync: add watch::Sender::same_channel (#6637)
  • sync: add {Receiver,UnboundedReceiver}::{sender_strong_count,sender_weak_count} (#6661)
  • sync: implement Default for watch::Sender (#6626)
  • task: implement Clone for AbortHandle (#6621)
  • task: stabilize consume_budget (#6622)

Changed

  • io: improve panic message of ReadBuf::put_slice() (#6629)
  • io: read during write in copy_bidirectional and copy (#6532)
  • runtime: replace num_cpus with available_parallelism (#6709)
  • task: avoid stack overflow when passing large future to block_on (#6692)
  • time: avoid traversing entries in the time wheel twice (#6584)
  • time: support IntoFuture with timeout (#6666)
  • macros: support IntoFuture with join! and select! (#6710)

Fixed

  • docs: fix docsrs builds with the fs feature enabled (#6585)
  • io: only use short-read optimization on known-to-be-compatible platforms (#6668)
  • time: fix overflow panic when using large durations with Interval (#6612)

Added (unstable)

  • macros: allow unhandled_panic behavior for #[tokio::main] and #[tokio::test] (#6593)
  • metrics: add spawned_tasks_count (#6114)
  • metrics: add worker_park_unpark_count (#6696)
  • metrics: add worker thread id (#6695)

Documented

  • io: update tokio::io::stdout documentation (#6674)
  • macros: typo fix in join.rs and try_join.rs (#6641)
  • runtime: fix typo in unhandled_panic (#6660)
  • task: document behavior of JoinSet::try_join_next when all tasks are running (#6671)

#6114: tokio-rs/tokio#6114 #6154: tokio-rs/tokio#6154

... (truncated)

Commits

Updates thiserror from 1.0.62 to 1.0.63

Release notes

Sourced from thiserror's releases.

1.0.63

  • Documentation improvements
Commits

Updates tonic from 0.12.0 to 0.12.1

Release notes

Sourced from tonic's releases.

v0.12.1

0.12.1 (2024-07-17)

Bug Fixes

  • Reduce tokio-stream feature (#1795)
Changelog

Sourced from tonic's changelog.

0.12.1 (2024-07-17)

Bug Fixes

  • Reduce tokio-stream feature (#1795)
Commits
  • e0b6caf chore: release v0.12.1 (#1806)
  • aa57ffe tonic-reflection: Restructure crate to prep reintroducing v1alpha (#1802)
  • ad1a95d chore(server): Remove unnecessary trait bound from ServerIo::connect_info (#1...
  • b6ad603 chore(server): Remove unnecessary bound from TlsAcceptor::accept (#1799)
  • 539d6f7 chore(channel): Remove duplicate heap pin (#1798)
  • 4aad5af fixed hello world and route guide tutorials (#1791)
  • dd313db chore(codec): Remove redundant trim (#1797)
  • 819c390 chore(server): Remove unnecessary Connected trait bound (#1796)
  • 90356f6 chore: Reduce tokio-stream feature (#1795)
  • b2e5665 chore(examples): Remove clone on copy value (#1794)
  • Additional commits viewable in compare view

Updates tonic-build from 0.12.0 to 0.12.1

Release notes

Sourced from tonic-build's releases.

v0.12.1

0.12.1 (2024-07-17)

Bug Fixes

  • Reduce tokio-stream feature (#1795)
Changelog

Sourced from tonic-build's changelog.

0.12.1 (2024-07-17)

Bug Fixes

  • Reduce tokio-stream feature (#1795)
Commits
  • e0b6caf chore: release v0.12.1 (#1806)
  • aa57ffe tonic-reflection: Restructure crate to prep reintroducing v1alpha (#1802)
  • ad1a95d chore(server): Remove unnecessary trait bound from ServerIo::connect_info (#1...
  • b6ad603 chore(server): Remove unnecessary bound from TlsAcceptor::accept (#1799)
  • 539d6f7 chore(channel): Remove duplicate heap pin (#1798)
  • 4aad5af fixed hello world and route guide tutorials (#1791)
  • dd313db chore(codec): Remove redundant trim (#1797)
  • 819c390 chore(server): Remove unnecessary Connected trait bound (#1796)
  • 90356f6 chore: Reduce tokio-stream feature (#1795)
  • b2e5665 chore(examples): Remove clone on copy value (#1794)
  • Additional commits viewable in compare view

Updates tonic-reflection from 0.12.0 to 0.12.1

Release notes

Sourced from tonic-reflection's releases.

v0.12.1

0.12.1 (2024-07-17)

Bug Fixes

  • Reduce tokio-stream feature (#1795)
Changelog

Sourced from tonic-reflection's changelog.

0.12.1 (2024-07-17)

Bug Fixes

  • Reduce tokio-stream feature (#1795)
Commits
  • e0b6caf chore: release v0.12.1 (#1806)
  • aa57ffe tonic-reflection: Restructure crate to prep reintroducing v1alpha (#1802)
  • ad1a95d chore(server): Remove unnecessary trait bound from ServerIo::connect_info (#1...
  • b6ad603 chore(server): Remove unnecessary bound from TlsAcceptor::accept (#1799)
  • 539d6f7 chore(channel): Remove duplicate heap pin (#1798)
  • 4aad5af fixed hello world and route guide tutorials (#1791)
  • dd313db chore(codec): Remove redundant trim (#1797)
  • 819c390 chore(server): Remove unnecessary Connected trait bound (#1796)
  • 90356f6 chore: Reduce tokio-stream feature (#1795)
  • b2e5665 chore(examples): Remove clone on copy value (#1794)
  • Additional commits viewable in compare view

Updates syn from 2.0.71 to 2.0.72

Release notes

Sourced from syn's releases.

2.0.72

Commits
  • c59828f Release 2.0.72
  • 5821371 Merge pull request #1709 from dtolnay/up
  • 87401bf Add issue links for missing syntax support
  • a3f2f50 Categorize newly failing rust repo source files
  • 378f4e2 Update test suite to nightly-2024-07-21
  • 788f8cb Improve errors on unexpected token in precise capture bound
  • 11b2371 Merge pull request #1707 from compiler-errors/precise-capturing
  • bed32d2 Parse use<> precise capturing as Verbatim
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump the prod group across 1 directory with 8 updates
4c021b9 
Bumps the prod group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [clap](https://github.com/clap-rs/clap) | `4.5.9` | `4.5.10` |
| [toml](https://github.com/toml-rs/toml) | `0.8.14` | `0.8.15` |
| [tokio](https://github.com/tokio-rs/tokio) | `1.38.1` | `1.39.0` |
| [thiserror](https://github.com/dtolnay/thiserror) | `1.0.62` | `1.0.63` |
| [tonic](https://github.com/hyperium/tonic) | `0.12.0` | `0.12.1` |
| [tonic-build](https://github.com/hyperium/tonic) | `0.12.0` | `0.12.1` |
| [tonic-reflection](https://github.com/hyperium/tonic) | `0.12.0` | `0.12.1` |
| [syn](https://github.com/dtolnay/syn) | `2.0.71` | `2.0.72` |



Updates `clap` from 4.5.9 to 4.5.10
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](clap-rs/clap@clap_complete-v4.5.9...v4.5.10)

Updates `toml` from 0.8.14 to 0.8.15
- [Commits](toml-rs/toml@toml-v0.8.14...toml-v0.8.15)

Updates `tokio` from 1.38.1 to 1.39.0
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](tokio-rs/tokio@tokio-1.38.1...tokio-1.39.0)

Updates `thiserror` from 1.0.62 to 1.0.63
- [Release notes](https://github.com/dtolnay/thiserror/releases)
- [Commits](dtolnay/thiserror@1.0.62...1.0.63)

Updates `tonic` from 0.12.0 to 0.12.1
- [Release notes](https://github.com/hyperium/tonic/releases)
- [Changelog](https://github.com/hyperium/tonic/blob/master/CHANGELOG.md)
- [Commits](hyperium/tonic@v0.12.0...v0.12.1)

Updates `tonic-build` from 0.12.0 to 0.12.1
- [Release notes](https://github.com/hyperium/tonic/releases)
- [Changelog](https://github.com/hyperium/tonic/blob/master/CHANGELOG.md)
- [Commits](hyperium/tonic@v0.12.0...v0.12.1)

Updates `tonic-reflection` from 0.12.0 to 0.12.1
- [Release notes](https://github.com/hyperium/tonic/releases)
- [Changelog](https://github.com/hyperium/tonic/blob/master/CHANGELOG.md)
- [Commits](hyperium/tonic@v0.12.0...v0.12.1)

Updates `syn` from 2.0.71 to 2.0.72
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](dtolnay/syn@2.0.71...2.0.72)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod
- dependency-name: toml
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod
- dependency-name: tokio
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod
- dependency-name: thiserror
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod
- dependency-name: tonic
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod
- dependency-name: tonic-build
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod
- dependency-name: tonic-reflection
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod
- dependency-name: syn
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot requested review from a team as code owners July 23, 2024 16:00
@dependabot dependabot bot added A-dependencies Area: Dependency file updates A-rust Area: Updates to Rust code C-trivial Category: A trivial change that is not worth mentioning in the CHANGELOG P-Low ❄️ labels Jul 23, 2024
@dependabot dependabot bot requested review from arya2 and upbqdn and removed request for a team July 23, 2024 16:00
@oxarbitrage
Copy link
Contributor 

$ cargo vet check
Vetting Succeeded (84 fully audited, 36 partially audited, 473 exempted)
$

I see a few issues in our workflow for the updates that we might want to improve eventually:

  • The reviewer has to push a commit with supply chain upgrades, thus a different person will need to approve.
  • Often dependabot rebases the PR and remove custom commits, for example when new versions of any of the crates arrive.

@arya2
Copy link
Contributor

arya2 commented Jul 25, 2024

I see a few issues in our workflow for the updates that we might want to improve eventually:

  • The reviewer has to push a commit with supply chain upgrades, thus a different person will need to approve.
  • Often dependabot rebases the PR and remove custom commits, for example when new versions of any of the crates arrive.

We could add a zebra-supply-chain repository to merge dependency audits into it separately without requiring approvals to solve both issues.

@mergify mergify bot merged commit 4f6c4ae into main Jul 26, 2024
193 checks passed
@mergify mergify bot deleted the dependabot/cargo/prod-60f0065394 branch July 26, 2024 20:19
@arya2 arya2 mentioned this pull request Aug 1, 2024
Merged
43 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@arya2 arya2 arya2 approved these changes

@oxarbitrage oxarbitrage oxarbitrage approved these changes

@upbqdn upbqdn Awaiting requested review from upbqdn upbqdn is a code owner automatically assigned from ZcashFoundation/unsafe-rust-reviewers

Assignees

@oxarbitrage oxarbitrage

Labels
A-dependencies Area: Dependency file updates A-rust Area: Updates to Rust code C-trivial Category: A trivial change that is not worth mentioning in the CHANGELOG P-Low ❄️
Projects
Zebra
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@oxarbitrage @arya2