Skip to content

various improvements #2266

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 23, 2025
Merged

various improvements #2266

merged 1 commit into from
Nov 23, 2025

Conversation

@Byron
Copy link
Member

@Byron Byron commented Nov 23, 2025

A catch-all PR with various changes.

Tasks

  • TBD

@Byron
Update the dependencies as stored in our Cargo.toml
b130277 
This isn't observable by library or CLI users.

It's somewhat related to #2265.
@Byron Byron marked this pull request as ready for review November 23, 2025 08:40
@Byron
Copy link
Member Author

Byron commented Nov 23, 2025

Actually there are no more plans for now.

@Byron Byron merged commit 8ab94f2 into main Nov 23, 2025
27 checks passed
@EliahKagan
Copy link
Member

EliahKagan commented Nov 23, 2025

Was b130277 meant to upgrade dependencies in any Cargo.toml files? The change it makes is only to Cargo.lock. I can't tell from the wording if it means that it upgrades them in Cargo.lock in accordance with the version ranegs in Cargo.toml files, which does appear to be what was done, or if it instead was meant to upgrade versions in Cargo.toml files themselves.

(The detailed message suggests that modifying only Cargo.lock may be intentional. But I would still expect these changes to be observed by CLI users if they install with --locked. So I'm not sure if this is really referring to all possible effects or instead to particular effects such as those related to #2265.)

Normally we upgrade versions listed in Cargo.toml files monthly via Dependabot, but that hasn't happened recently, due to #2245.

@Byron
Copy link
Member Author

Byron commented Nov 24, 2025

My apologies, I could have been more specific about the motivation.

First of all, I didn't see --locked as the feature that would observe the Cargo.lock changes, even though it certainly would if people install with --git.

Besides that, it was really only meant to assure that local builds come out 'fresher' as I thought it might affect #2044. I didn't follow this further, the cargo update was just a blind shot I did without much thinking.

@EliahKagan
Copy link
Member

EliahKagan commented Nov 24, 2025

Thanks, no problem! Also, sorry about my confusion: while CLI users who install from this repository, either directly or with --git, wil use the lock file when passing --locked, you're right that it's not otherwise used. I don't know why cargo seems to accept --locked in scenarios where it has no effect, but you're right that it doesn't do anything unless something like --git (or --path) is passed.

Anyway, it looks like the #2245 may be fixed soon, since dependabot/dependabot-core#13359 has been merged to fix the underlying bug dependabot/dependabot-core#13345. But I don't know it the fix has been deployed yet.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Byron @EliahKagan