Skip to content

Update vendored dependencies#14373

Merged
straight-shoota merged 1 commit intocrystal-lang:masterfrom
straight-shoota:feat/update-dependencies
Mar 21, 2024
Merged

Update vendored dependencies#14373
straight-shoota merged 1 commit intocrystal-lang:masterfrom
straight-shoota:feat/update-dependencies

Conversation

@straight-shoota
Copy link
Member

@straight-shoota straight-shoota commented Mar 19, 2024
edited
Loading

Update the vendored-in dependencies to the latest releases:

reply is still missing a release with the latest changes, so we keep the reference to the latest commit in master.

Follow-up to #14365

@straight-shoota straight-shoota self-assigned this Mar 19, 2024
Sija
Sija reviewed Mar 19, 2024
View reviewed changes
shard.yml
dependencies:
markd:
github: icyleaf/markd
commit: 5e5a75d13bfdc615f04cc7ab166ee279b3b996d3
Copy link
Contributor

@Sija Sija Mar 19, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd suggest using commit pinning for security, like for the other dependencies.

Copy link
Member Author

@straight-shoota straight-shoota Mar 19, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The code is checked into the repository, and the commit pinned in shard.lock.
A version restriction here is just relevant when you run shards update. And at this point there is no technical reason to restrict that. The latest release will do.

Copy link
Contributor

@Sija Sija Mar 19, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

New releases can include breaking changes, so keeping it unrestricted might break the builds after running shards update. Since the code is checked into the repo, that's not a big issue, just noting.

Copy link
Member Author

@straight-shoota straight-shoota Mar 19, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, but if you don't try, you could never know. If we realize a compatibility issue, we can add an appropriate restriction.

@straight-shoota straight-shoota added this to the 1.12.0 milestone Mar 19, 2024
@straight-shoota straight-shoota merged commit a1a4dd0 into crystal-lang:master Mar 21, 2024
@straight-shoota straight-shoota deleted the feat/update-dependencies branch March 21, 2024 11:14
@BrewTestBot BrewTestBot mentioned this pull request Apr 9, 2024
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ysbaddaden ysbaddaden ysbaddaden approved these changes

+1 more reviewer

@Sija Sija Sija left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@straight-shoota straight-shoota

Labels

topic:infrastructure

Projects

None yet

Milestone

1.12.0

Development

Successfully merging this pull request may close these issues.

3 participants

@straight-shoota @Sija @ysbaddaden