New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update git2 requirement from 0.14 to 0.15 #126
Conversation
Codecov Report
@@ Coverage Diff @@
## master #126 +/- ##
==========================================
+ Coverage 93.86% 94.25% +0.39%
==========================================
Files 11 11
Lines 1189 1184 -5
==========================================
Hits 1116 1116
+ Misses 73 68 -5
📣 Codecov can now indicate which changes are the most critical in Pull Requests. Learn more |
I ran into the issue that this upgraded causes with It looks like For now we just added this line to our Docker execution: git config --global --add safe.directory /workspace There may be better solutions, but this seemed like an expedient way to get things working without having to downgrade to a less secure version of |
I'll add a note to the docs and README about the docker solution and will bump back up the version of |
dedf97a
to
ca2d8af
Compare
I'm going to have to think about this. @gorzell When you say "For now we just added this line to our Docker execution", do you mean you used As a side note, I was going to add a feature "git2_latest" that allowed users to build with a version appropriate for their needs, but even though cargo allows renaming dependencies, the resolver would fail because they try to link out to different versions of I may just release vergen with the 0.15 dependency and put a note to stick on version X if you need it for docker and don't control the build/execution. |
d01b7f8
to
b1f6295
Compare
Updates the requirements on [git2](https://github.com/rust-lang/git2-rs) to permit the latest version. - [Release notes](https://github.com/rust-lang/git2-rs/releases) - [Commits](rust-lang/git2-rs@0.14.0...git2-curl-0.15.0) --- updated-dependencies: - dependency-name: git2 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
b1f6295
to
5cca050
Compare
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
@CraZySacX in this specific case yes, although you could also do it in a docker exec builder git config --global --add safe.directory /workspace There are a number of ways that you could add this to your run command, but none of them are pretty, especially if you are relying on the default |
Updates the requirements on git2 to permit the latest version.
Commits
d703dd9
Update to 1.4.2 (#815)8c6a26b
Merge pull request #814 from weihanglo/git2-curl-0.15.0ce54dac
Bump version of git2-curlDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)