Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dependency cleanup #390

Merged
merged 4 commits into from
Sep 11, 2024
Merged

dependency cleanup #390

merged 4 commits into from
Sep 11, 2024
+51 −60

Conversation

flavio
Copy link
Member

@flavio flavio commented Sep 11, 2024

I noticed our Cargo.toml file needed some love:

  • relax dependency versions: a lot of dependencies were pinned in a too strict way. This was especially bad for certain dependencies like tokio.
  • remove duplicated entry: some dependencies were duplicated between the dependencies and dev-dependencies sections.
  • bump dev-dependencies: some dev-dependencies were outdated.
  • bump dependencies: some dependencies were outdated.

About the dev-dependencies and dependency bumps. I'm concerned, since dependabot should be taking care of this. I've double checked our configuration and everything seems fine. I'm really puzzled, since we got some dependabot PRs, but we missed a lot of updates.

@flavio
chore(deps): relax dependency versions
d2d9217 
We're a library, unless strictly needed, we should not require
major.minor.patch level versions of dependencies.

This is especially true for dependencies like `tokio`, where we should
limit ourselves to the `major` version only.

Signed-off-by: Flavio Castelli <fcastelli@suse.com>
@flavio
chore(deps): remove duplicated entry
68fa22a 
Remove the `chrono` dev-dependency, it's already a top level dependency.

Signed-off-by: Flavio Castelli <fcastelli@suse.com>
@flavio
chore(deps): bump dev-dependencies

Verified

This commit was signed with the committer’s verified signature.
flavio Flavio Castelli
GPG key ID: F1020D69DC004F48
Verified
Learn about vigilant mode
c62204d 
Update dev-dependencies to latest versions

Signed-off-by: Flavio Castelli <fcastelli@suse.com>
@flavio
chore(deps): bump dependencies

Unverified

No user is associated with the committer email.
Learn about vigilant mode
d02fd1d 
Bump dependencies to latest version.

Signed-off-by: Flavio Castelli <fcastelli@suse.com>
viccuad
viccuad approved these changes Sep 11, 2024
View reviewed changes
Copy link
Collaborator

@viccuad viccuad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice cleanup :).

@flavio flavio merged commit ec6b9b6 into sigstore:main Sep 11, 2024
7 checks passed
@flavio flavio deleted the dependency-cleanup branch September 11, 2024 10:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@viccuad viccuad

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@flavio @viccuad