Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

correct windows-core dependency version #127

Merged
merged 1 commit into from Feb 3, 2024
Merged

correct windows-core dependency version #127

merged 1 commit into from Feb 3, 2024

Conversation

astraw
Copy link
Member

@astraw astraw commented Feb 3, 2024

As noted in #125 (comment), commit d3a9e0a introduced a potentially breaking change. This is the fix.

@MarijnS95 thanks for the tip. Do you know if there a public issue regarding this dependabot bug that we can link to? I spent a little bit of time looking around https://github.com/dependabot/dependabot-core/issues but didn't find anything relevant.

I would release this as 0.1.60.

Shall we then yank 0.1.59?

@astraw astraw mentioned this pull request Feb 3, 2024
Merged
@Kijewski
Copy link
Collaborator

Kijewski commented Feb 3, 2024

Shall we then yank 0.1.59?

Yes, I guess this would be a good idea.

@MarijnS95
Copy link
Contributor

I'm not aware of an upstream reported issue about this (nor where to report it), but it might be good to include logs.

@astraw astraw merged commit 6b66d30 into main Feb 3, 2024
51 of 54 checks passed
@astraw
Copy link
Member Author

astraw commented Feb 3, 2024

OK, 0.1.60 published and 0.1.59 yanked.

@ijackson
Copy link

ijackson commented Feb 5, 2024

FYI our release preparations for our monthly release of Art have been interrupted by this yank. We run cargo audit in CI so the yank caused our CI to fail. The original unintentional breaking change didn't affect us significantly.

I think it's usually a bad idea to yank a crate just becaue it has breaking changes. The correct response is simply to publish a fixed version in the same semver series.

@MarijnS95
Copy link
Contributor

I think it's usually a bad idea to yank a crate just becaue it has breaking changes

While you might not be affected this time, other downstream consumers could be affected when e.g. running with -Zminimal-versions against a crate version that is broken, selected (indirectly) by certain projects, and not yanked.

@Kijewski Kijewski deleted the fix-windows-core-version branch February 5, 2024 17:53
zydou pushed a commit to zydou/arti that referenced this pull request Feb 5, 2024
@ijackson
Cargo.lock: bump iana-time-zone
c0d509e 
0.1.59 was yanked by upstream because it had a breaking change:
  strawlab/iana-time-zone#127

Update to 0.1.60.
@c-git
Copy link

c-git commented Feb 7, 2024

I think it's usually a bad idea to yank a crate just becaue it has breaking changes

While you might not be affected this time, other downstream consumers could be affected when e.g. running with -Zminimal-versions against a crate version that is broken, selected (indirectly) by certain projects, and not yanked.

Thanks for explaining why it was yanked

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Kijewski Kijewski Kijewski approved these changes

@MarijnS95 MarijnS95 MarijnS95 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@astraw @Kijewski @MarijnS95 @ijackson @c-git