Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

update various dependencies #938

Merged
merged 11 commits into from
Dec 20, 2023
Merged

update various dependencies #938

merged 11 commits into from
Dec 20, 2023

Conversation

decathorpe
Copy link
Contributor

@decathorpe decathorpe commented Oct 19, 2023

I'm the maintainer of lsd for Fedora Linux, and some outdated dependencies are making maintenance increasingly difficult.

  • deps: update chrono-humanize to v0.2

We have this patched for almost two years in Fedora and it has not caused issues.

  • deps: update assert_cmd to v2

Same here, this patch has been in the Fedora package for a while.

  • deps: update sys-locale to v0.3

This dependency seems to have been added recently, not sure why an old version was chosen.

  • deps: update vsort to v0.2

Same here, this was added recently but 0.1 was used instead of 0.2, not sure why.

  • deps: update git2 to v0.18

Using old versions of git2 is not a good idea, since the bundled libgit2 C library often has CVE issues.

  • deps: migrate from users to uzers

The "users" crate is unmaintained. The "uzers" crate is an API-compatible fork that also fixes some bugs and security issues.

  • deps: update serial_test to v2

The current dependency (v0.5) is reeeeeally old. Not sure why this was never updated.

  • deps: update predicates to v3

Same here, predicates v1 is reaally old.

  • deps: allow newer versions of url, wild, and xdg crates

Not sure why strange x.0.* style dependencies were used here. It's holding back various updates for both url and xdg crates, and makes maintaining lsd in Fedora more difficult. We have built lsd against the latest versions of all three crates forever, and it has not caused issues.

@muniu-bot
Copy link

muniu-bot bot commented Oct 19, 2023

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: decathorpe

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@muniu-bot muniu-bot bot added the size/L label Oct 19, 2023
@decathorpe
Copy link
Contributor Author

PS: I'm not sure why you're keeping Cargo.lock pinned to really old versions. It looks like "cargo update" hasn't been run in ages. I'm sure there's tons of bugfixes (and potentially also security fixes) that happened between the versions pinned in Cargo.lock and the latest compatible versions.

@codecov-commenter
Copy link

codecov-commenter commented Nov 1, 2023

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (89659e4) 85.76% compared to head (f6dec60) 84.51%.
Report is 10 commits behind head on master.

Additional details and impacted files
@@            Coverage Diff             @@
##           master     #938      +/-   ##
==========================================
- Coverage   85.76%   84.51%   -1.26%     
==========================================
  Files          51       51              
  Lines        5001     5068      +67     
==========================================
- Hits         4289     4283       -6     
- Misses        712      785      +73     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

zwpaper added a commit that referenced this pull request Nov 1, 2023
<!--- PR Description --->

predicates v3 msrv is 1.69 in #938
@zwpaper
Copy link
Member

zwpaper commented Nov 3, 2023

Hi @decathorpe, thanks so much for raising this, it would definitely help a lot!

I found predicates v3 need msrv 1.69, I have updated the msrv in master, can you help rebase your PR onto it?

@decathorpe
Copy link
Contributor Author

Ah, the MSRV is only checked in CI - it might be a good idea to set package.rust-version in Cargo.toml as well?

Thanks for taking a look, I'll rebase my PR.

@zwpaper zwpaper added this to the v1.1.0 milestone Nov 12, 2023
@zwpaper
Copy link
Member

zwpaper commented Dec 19, 2023

hi @decathorpe can you help to update the msrv to 1.70, so that we can pass the CI

@decathorpe
Copy link
Contributor Author

I've bumped the MSRV in the GitHub action and in Cargo.toml.

I also removed the hand-written MSRV check that was present in build.rs that is redundant with defining package.rust-version in Cargo.toml.

@zwpaper zwpaper merged commit dee0621 into lsd-rs:master Dec 20, 2023
19 of 20 checks passed
@zwpaper
Copy link
Member

zwpaper commented Dec 20, 2023

thanks so much for your help @decathorpe!

@zwpaper
Copy link
Member

zwpaper commented Dec 20, 2023

btw, I have sent you an invitation for the lsd-rs org package maintainers team, welcome aboard if you would like to 😀

@decathorpe
Copy link
Contributor Author

Great, thank you :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants