-
Notifications
You must be signed in to change notification settings - Fork 611
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update tempfile
and uuid
to remove rand
v0.5
#2195
Conversation
This change looks great to me! I'd like to hold off on lockfile changes for a bit until we merge #1864. After that, I'd like to aggressively bump and deploy backend dependency changes like this. See also #1265 and #1805. Long story short, we had some segfault issues in production the last few times we tried a In the meantime, I recently got access to https://github.com/conduit-rust and have started opening some PRs there which will enable us to remove some old dependencies pulled in by those crates. Would you mind if I ping you for review on some of those dependency updates? |
I'm fine with that.
Sure! Btw, if we introduce |
I would love to switch, but the only way I know to do that is to delete the lockfile and allow cargo to regenerate it. So my plan is to incrementally work towards a |
There is a out of tree subcommand for switching: https://github.com/RustSec/cargo-lock#command-line-interface
|
Note that at least on rustc-perf we may have run into problems with dependabot's handling of the new lockfile format (I think, though can't verify), see rust-lang/rustc-perf#617 -- I've filed a support query with GitHub today, though no responses yet. |
IIRC we don't use dependabot for Rust here. I'm not sure about the future though. |
I hope to enable dependabot on the backend (we use it already on the frontend) once we manually get all our dependencies up to date. If the new lockfile format is an issue for dependabot we could hold off on the conversion, but I'm also not too worried. I think I would trade the short-term improvement of fewer merge conflicts for the potential delay in enabling dependabot once we're ready. |
☔ The latest upstream changes (presumably #1864) made this pull request unmergeable. Please resolve the merge conflicts. |
cea5e4d
to
7423739
Compare
Rebased, it's ready to go. |
@bors r+ |
📌 Commit 7423739 has been approved by |
☀️ Test successful - checks-travis |
r? @jtgeibel