update semver compat. deps, fix cbindgen CI diff check #559
Conversation
Notably fixes two dev-dep RUSTSEC issues: * GHSA-pg9f-39pc-qf8g for crossbeam-channel * GHSA-rr8g-9fpq-6wmg for tokio
cpu
changed the title
cpu
changed the title
This seems to have done the trick, but is an unsatisfying solution. |
|
Where do the guards come from? Is that related to the nightly somehow? Maybe there is a bug in a specific nightly? I agree that pinning the nightly is unsatisfying if we don't understand why it helps but in general pinning nightly seems like a good way to make CI more deterministic. |
The guards come from mapping cargo features to rustls-ffi/librustls/cbindgen.toml Lines 13 to 21 in 4d1d5d8 The |
cpu
changed the title
I think this is good to go. I've opened an upstream issue for what I believe is the |
| dependencies = [ | ||
| "crossbeam-channel", | ||
| "crossbeam-epoch", | ||
| "crossbeam-utils", | ||
| "once_cell", | ||
| "loom", |
There was a problem hiding this comment.
Pretty sure loom is not supposed to be a lib dependency. IIRC most users guard with a cfg flag.
There was a problem hiding this comment.
cargo tree | grep loom and cargo tree --invert loom both produce no results. I assume this is something transitive and not our issue?
There was a problem hiding this comment.
It looks like it's hickory-resolver -> moka -> loom ?
Notably fixes two dev-dep RUSTSEC issues:
Along the way I also dug into the
mainCI failure that's been flagging acbindgendiff for therustls.hheader. I believe this is an upstream regression and so to fix it we have to temporarily pin ournightlyversion. I've opened an upstream issue for this (rust-lang/rust#139715).