Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix rand_core dependency, cargo update #243

Merged
merged 1 commit into from
Jan 13, 2023
Merged

Fix rand_core dependency, cargo update #243

merged 1 commit into from
Jan 13, 2023

Conversation

strohel
Copy link
Member

@strohel strohel commented Jan 12, 2023
edited

Should fix #242.

We depend on getrandom feature of rand_core, but we weren't specifying that.

It worked because curve25519-dalek 4.0.0-pre.2 was pulling the getrandom feature of rand_core, but after updating it to 4.0.0-pre.5 it stopped pulling rand_core altogether.

After the cargo-update, all our dependencies are on their newest version, sans clap 3.2, which could be updated to 4.0. It has quite some breaking API changes, so I'll leave that for a separate PR.

This should also fix https://github.com/tonarino/innernet/security/dependabot/1

@strohel
Fix rand_core dependency, cargo update
d8a9095 
Should fix #242.

We depend on `getrandom` feature of `rand_core`, but we weren't specifying that.

It worked because `curve25519-dalek 4.0.0-pre.2` was pulling the `getrandom` feature of `rand_core`, but after updating it to `4.0.0-pre.5` it stopped pulling `rand_core` altogether.

After the cargo-update, all out dependencies are on their newest version, sans clap 3.2, which could be updated to 4.0. It has quite some breaking API changes, so I'll leave that for a separate PR.
@strohel strohel mentioned this pull request Jan 12, 2023
Closed
skywhale
skywhale approved these changes Jan 12, 2023
View reviewed changes
Copy link
Member

@skywhale skywhale left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Thank you for the quick fix.

I was wondering after posting my message, because Cargo.lock had 0.6.4 of rand_core, which is the lastest. I didn't know transitive dependencies could behave this way. Good catch @strohel :)

@strohel
Copy link
Member Author

strohel commented Jan 12, 2023

Yeah feature dependencies are somewhat less visible than version dependencies - they are not mentioned in Cargo.lock. And there's similar caveat when using workspaces: for each dependency a union of pulled features is made, hence it is easy to forget specifying all needed features when adding a workspace crate. It also means that cargo build -p audio-playground can produce slightly different result than cd crates/audio-playground && cargo build 🤷.

bschwind
bschwind approved these changes Jan 13, 2023
View reviewed changes
Copy link
Member

@bschwind bschwind left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@mcginty mcginty merged commit 103896d into main Jan 13, 2023
@mcginty mcginty deleted the cargo-update branch January 13, 2023 05:31
@fdkevin0 fdkevin0 mentioned this pull request Aug 25, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mcginty mcginty mcginty approved these changes

@bschwind bschwind bschwind approved these changes

@skywhale skywhale skywhale approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

cargo install fails with unresolve import of rand_core::OsRng
4 participants
@strohel @mcginty @bschwind @skywhale