Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

adjust Cargo.toml to ensure sourmash_plugin_branchwater compatibility #2944

Closed
bluegenes opened this issue Jan 24, 2024 · 3 comments · Fixed by #3065
Closed

adjust Cargo.toml to ensure sourmash_plugin_branchwater compatibility #2944

bluegenes opened this issue Jan 24, 2024 · 3 comments · Fixed by #3065

Comments

@bluegenes
Copy link
Contributor

bluegenes commented Jan 24, 2024
edited
Loading

Note that for sourmash_plugin_branchwater compatibility, we need:

  • byteorder = "1.4.3"
  • wasm-bindgen = "0.2.89"
  • once_cell = "1.18.0"
  • chrono = 0.4.32

we could pin to these exactly (==? )to prevent dependabot updates
@ctb
Copy link
Contributor

ctb commented Jan 28, 2024

two notes:

  • this needs to be done in src/core/Cargo.toml
  • there seems to be no simple way to "pin" this with respect to dependabot specifically, or Rust tests generally. So barring magic ✨ that @luizirber knows about, we simply need to keep an eye out for these.

Actually... I wonder if we could just specify <=? That seems dangerous tho. Or maybe

byteorder >= "1.4.3",<="1.4.3"

@bluegenes bluegenes mentioned this issue Mar 5, 2024
Merged
@ctb ctb mentioned this issue Mar 5, 2024
Merged
ctb added a commit that referenced this issue Mar 5, 2024
@ctb
Revert "Bump wasm-bindgen from 0.2.91 to 0.2.92 (#3060)" (#3064)
6718435 
This reverts commit d505320.

`wasm-bindgen` needs to stay at 0.2.89 per
#2944.
@ctb ctb mentioned this issue Mar 5, 2024
Merged
@ctb
Copy link
Contributor

ctb commented Mar 5, 2024

turns out there's a way to set "ignore" on certain packages - just had to find the right search string, "how can I prevent dependabot from upgrading specific packages"

@mr-eyes
Copy link
Member

mr-eyes commented Mar 5, 2024
edited
Loading

turns out there's a way to set "ignore" on certain packages - just had to find the right search string, "how can I prevent dependabot from upgrading specific packages"

dependabot ignore?
Update: Sorry, just realized you applied it, not looking for it.

@ctb ctb closed this as completed in #3065 Mar 5, 2024
ctb added a commit that referenced this issue Mar 5, 2024
@ctb
MRG: tell dependabot to ignore upgrades to byteorder, chrono, `on…
6dfc30a 
…ce_cell`, and `wasm-bindgen` (#3065)

This uses dependabot `ignore` per
[docs](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates)
to pin the packages needed for `sourmash_plugin_branchwater
compatibility per #2944`.

Motivation:
* embarrassment from #3060
and then #3064

Related issues:
* Fixes #2944
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@ctb @mr-eyes @bluegenes