Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update vendored dependencies #14373

Merged
merged 1 commit into from
Mar 21, 2024
Merged

Update vendored dependencies #14373

merged 1 commit into from
Mar 21, 2024

Conversation

straight-shoota
Copy link
Member

@straight-shoota straight-shoota commented Mar 19, 2024
edited
Loading

Update the vendored-in dependencies to the latest releases:

reply is still missing a release with the latest changes, so we keep the reference to the latest commit in master.

Follow-up to #14365

@straight-shoota straight-shoota self-assigned this Mar 19, 2024
Sija
Sija reviewed Mar 19, 2024
View reviewed changes
shard.yml
@@ -12,7 +12,6 @@ crystal: ">= 1.0"
dependencies:
markd:
github: icyleaf/markd
commit: 5e5a75d13bfdc615f04cc7ab166ee279b3b996d3
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd suggest using commit pinning for security, like for the other dependencies.

Copy link
Member Author

@straight-shoota straight-shoota Mar 19, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The code is checked into the repository, and the commit pinned in shard.lock.
A version restriction here is just relevant when you run shards update. And at this point there is no technical reason to restrict that. The latest release will do.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

New releases can include breaking changes, so keeping it unrestricted might break the builds after running shards update. Since the code is checked into the repo, that's not a big issue, just noting.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, but if you don't try, you could never know. If we realize a compatibility issue, we can add an appropriate restriction.

@straight-shoota straight-shoota added this to the 1.12.0 milestone Mar 19, 2024
@straight-shoota straight-shoota merged commit a1a4dd0 into crystal-lang:master Mar 21, 2024
58 checks passed
@straight-shoota straight-shoota deleted the feat/update-dependencies branch March 21, 2024 11:14
@BrewTestBot BrewTestBot mentioned this pull request Apr 9, 2024
Merged
1 task
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Sija Sija Sija left review comments

@ysbaddaden ysbaddaden ysbaddaden approved these changes

Assignees

@straight-shoota straight-shoota

Labels
topic:infrastructure
Projects
None yet
Milestone
1.12.0
Development

Successfully merging this pull request may close these issues.
3 participants
@straight-shoota @Sija @ysbaddaden