Skip to content

Bump the cargo group with 69 updates #2068

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jul 1, 2025

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

---
updated-dependencies:
- dependency-name: clap
  dependency-version: 4.5.40
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: clap_complete
  dependency-version: 4.5.54
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: prodash
  dependency-version: 30.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: cargo
- dependency-name: smallvec
  dependency-version: 1.15.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: libc
  dependency-version: 0.2.174
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: tracing-core
  dependency-version: 0.1.34
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: imara-diff
  dependency-version: 0.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: cargo
- dependency-name: jiff
  dependency-version: 0.2.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: portable-atomic
  dependency-version: 1.11.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: syn
  dependency-version: 2.0.104
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: curl
  dependency-version: 0.4.48
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: reqwest
  dependency-version: 0.12.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: windows
  dependency-version: 0.61.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: fs-err
  dependency-version: 3.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: sysinfo
  dependency-version: 0.35.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: zip
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: cargo
- dependency-name: anstream
  dependency-version: 0.6.19
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: anstyle
  dependency-version: 1.0.11
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: anstyle-parse
  dependency-version: 0.2.7
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: anstyle-query
  dependency-version: 1.1.3
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: anstyle-wincon
  dependency-version: 3.0.9
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: autocfg
  dependency-version: 1.5.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: cargo
- dependency-name: bumpalo
  dependency-version: 3.19.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: cargo
- dependency-name: cc
  dependency-version: 1.2.27
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: clap_builder
  dependency-version: 4.5.40
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: clap_derive
  dependency-version: 4.5.40
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: clap_lex
  dependency-version: 0.7.5
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: colorchoice
  dependency-version: 1.0.4
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: crunchy
  dependency-version: 0.2.4
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: curl-sys
  dependency-version: 0.4.82+curl-8.14.1
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: errno
  dependency-version: 0.3.13
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: h2
  dependency-version: 0.4.11
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: hermit-abi
  dependency-version: 0.5.2
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: hyper-rustls
  dependency-version: 0.27.7
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: hyper-util
  dependency-version: 0.1.14
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: indexmap
  dependency-version: 2.10.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: cargo
- dependency-name: jiff-static
  dependency-version: 0.2.15
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: jni
  dependency-version: 0.21.1
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: cargo
- dependency-name: libredox
  dependency-version: 0.1.4
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: prettyplease
  dependency-version: 0.2.35
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: quinn-udp
  dependency-version: 0.5.13
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: r-efi
  dependency-version: 5.3.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: cargo
- dependency-name: redox_syscall
  dependency-version: 0.5.13
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: rustc-demangle
  dependency-version: 0.1.25
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: rustls
  dependency-version: 0.23.28
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: rustls-ffi
  dependency-version: 0.15.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: cargo
- dependency-name: rustls-native-certs
  dependency-version: 0.8.1
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: cargo
- dependency-name: rustls-platform-verifier
  dependency-version: 0.5.3
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: cargo
- dependency-name: rustls-webpki
  dependency-version: 0.103.3
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: cargo
- dependency-name: serde_spanned
  dependency-version: 0.6.9
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: slab
  dependency-version: 0.4.10
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: thread_local
  dependency-version: 1.1.9
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: toml
  dependency-version: 0.8.23
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: toml_datetime
  dependency-version: 0.6.11
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: toml_edit
  dependency-version: 0.22.27
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: toml_write
  dependency-version: 0.1.2
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: tower-http
  dependency-version: 0.6.6
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: tracing-attributes
  dependency-version: 0.1.30
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: wasi
  dependency-version: 0.11.1+wasi-snapshot-preview1
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: webpki-roots
  dependency-version: 1.0.0
  dependency-type: indirect
  update-type: version-update:semver-major
  dependency-group: cargo
- dependency-name: windows-core
  dependency-version: 0.61.2
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: windows-future
  dependency-version: 0.2.1
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: windows-link
  dependency-version: 0.1.3
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: windows-registry
  dependency-version: 0.5.3
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: cargo
- dependency-name: windows-result
  dependency-version: 0.3.4
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: windows-strings
  dependency-version: 0.4.2
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: cargo
- dependency-name: xattr
  dependency-version: 1.5.1
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: zerocopy
  dependency-version: 0.8.26
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: cargo
- dependency-name: zerocopy-derive
  dependency-version: 0.8.26
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: cargo
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file rust Pull requests that update Rust code labels Jul 1, 2025
Copy link
Member

@EliahKagan EliahKagan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The CI failures are due to the need to adapt to breaking changes in imara-diff as of version 0.2.0. Once either that is fixed or imara-diff is temporarily held back, this PR may or may not be ready, I'm not sure.

This version of imara-diff has not yet had a changelog or release notes entry anywhere that I have found. pascalkuthe/imara-diff#27 suggests that others have not found it either, so maybe there isn't one (or not yet). I did glance at the changes last month in the imara-diff commit history, and it looked like it should be feasible to adapt gitoxide's use of imara-diff to the changed interface. But I did not, and still have not, worked on that or figured out quite how it should be done. As for possible relevant behavioral changes, I haven't investigated that at all.

In view of the substantial number of other things I'm working on in gitoxide and otherwise, taken together with the likelihood that more things of higher priority than this in gitoxide will arise in the meantime (such as #1890-like failures on GNU/Linux x86-64, including on CI in the test and test-fast jobs, if my extrapolation in #2065 (comment) from local test results comes to fruition), I predict that it will be a long while before I try to adapt the code to imara-diff 0.2.0, unless more information about it becomes available. I emphasize, however, that this is much more due to me not wanting to let it slow me down in doing more important things, than it is anything to do with imara-diff or the details of the changes.

There are at least four approaches we can take here, any of which I would consider good. We can leave this until I get back to it and either adapt to the new version of imara-diff or (much less likely, I think) discover a specific and compelling reason not to do so. Or if you want to take a look at it and take over, you can. Or f you want to take a look at it and not take over, but give a hint as to how I might fix things up for it, you can. Or if you prefer that the other crates be upgraded in the meantime even before imara-diff is upgraded, then please let me know and I'd be pleased to put imara-diff back temporarily, check to see if anything else breaks or generates new warnings, and fix up or make note of whatever else arises, merging the rest if it's ready.

@Byron
Copy link
Member

Byron commented Jul 2, 2025

Thanks for holding this PR.

It's strange that dependabot dares to upgrade between semver-incompatible versions, particularly in the pre-1.0 space that must cause a lot of breakage.

In any case, let's hold back imara-diff until we have found a way to deal with it.

As a matter of fact, I'd rather stick to 0.1 indefinitely than switching over to 0.2 as that development style and apparent lack of testing doesn't appear like it's anything gitoxide can afford. It has to work, and keep working, and for that tests are essential.

Speaking for v0.2 is the seeming availability of hunk-postprocessing to adjust sliders similar to what Git does, but without baseline tests comparing the two it's all wishful thinking to me. Also performance wise regressions are more than possible now, and it's lacking tests to detect that. So for now it seems best to keep v0.1 as simmering tech-debt (it also is undertested) and see where v0.2 goes - greater responsiveness of pascalkuthe would certainly go a long way to know what's up at least.

EliahKagan added a commit to EliahKagan/gitoxide that referenced this pull request Jul 2, 2025
This configures Dependabot version updates to keep `imara-diff` at
0.1.*. It does not affect Dependabot security updates, nor other
ways of updating besides Dependabot, nor other crate dependencies
if they are unrelated to `imara-diff`. See:

- https://github.blog/changelog/2021-05-21-dependabot-version-updates-can-now-ignore-major-minor-patch-releases/
- https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#ignore--

This is by the same technique as used in:
GitoxideLabs/cargo-smart-release@aeb91ee

See discussion in GitoxideLabs#2068 for details for why we are not upgrading
`imara-diff` to 0.2 at this time.
Copy link
Contributor Author

dependabot bot commented on behalf of github Jul 2, 2025

Looks like these dependencies are no longer being updated by Dependabot, so this is no longer needed.

@dependabot dependabot bot closed this Jul 2, 2025
@dependabot dependabot bot deleted the dependabot/cargo/cargo-301777adcd branch July 2, 2025 06:49
@EliahKagan
Copy link
Member

EliahKagan commented Jul 2, 2025

In any case, let's hold back imara-diff until we have found a way to deal with it.

As a matter of fact, I'd rather stick to 0.1 indefinitely than switching over to 0.2 as that development style and apparent lack of testing doesn't appear like it's anything gitoxide can afford. It has to work, and keep working, and for that tests are essential.

In #2069, I've configured Dependabot so that Dependabot version updates for imara-diff will only be for patch versions, not for major or minor versions. (This does not affect Dependabot security updates--if a security vulnerability is fixed in a later minor or major version, Dependabot will still attempt to offer an update to a fixed version.)

Dependabot has closed this PR because it is creating a new one based on the modified configuration. The wording in #2068 (comment) is somewhat misleading, in that most of the affected dependencies continue to be fully covered by Dependabot version updates, and even imara-diff is capable of receiving them for a patch version.

Edit: The superseding Dependabot PR was #2070, which I've merged.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file rust Pull requests that update Rust code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants