Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

deps: deduplicate dependencies #5318

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

deps: deduplicate dependencies #5318

wants to merge 1 commit into from
+5 −14

Conversation

onur-ozkan
Copy link
Contributor

@onur-ozkan onur-ozkan commented Apr 17, 2024
edited

Description

Helps to reduce number of dependencies by removing duplicated ones.

@onur-ozkan
deduplicate aho-corasick
2d9c41c 
Signed-off-by: onur-ozkan <work@onurozkan.dev>
onur-ozkan
onur-ozkan commented Apr 17, 2024
View reviewed changes
transports/uds/Cargo.toml Outdated
@@ -18,7 +18,7 @@ tokio = { workspace = true, default-features = false, features = ["net"], option
tracing = { workspace = true }

[dev-dependencies]
tempfile = "3.10"
tempfile = "3.6"
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are we okay with this downgrade? I think it should be fine since it's a dev-dependency.

@onur-ozkan onur-ozkan changed the title deduplicate dependencies deps: deduplicate dependencies Apr 17, 2024
jxs
jxs reviewed May 8, 2024
View reviewed changes
Copy link
Member

@jxs jxs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi, and thanks for your interest! As we use dependabot to submit PR's with updates for the dependencies I don't think this is worth it.
If we downgrade tempfile dependabot will submit a PR trying to update it afaik, trying to keep track of downgraded packages and keeping ignoring upgrades for certain so that we have less package versions on Cargo.lock is therefore not worth it imho.

@onur-ozkan
Copy link
Contributor Author

Hi, and thanks for your interest! As we use dependabot to submit PR's with updates for the dependencies I don't think this is worth it. If we downgrade tempfile dependabot will submit a PR trying to update it afaik, trying to keep track of downgraded packages and keeping ignoring upgrades for certain so that we have less package versions on Cargo.lock is therefore not worth it imho.

Only the 2nd commit downgrades a dependency as pointed out at #5318 (comment). I will revert that commit since the repo has dependabot integration.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jxs jxs jxs left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@onur-ozkan @jxs