Skip to content

chore: update dependencies #3416

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore: update dependencies #3416

wants to merge 1 commit into from

Conversation

reneleonhardt
Copy link

Description

  • Update dependencies
  • Let dependabot update dependencies

Notes & open questions

  • Waiting for a new ed25519-dalek release to allow more updates depending on rand 0.9
  • renovate could update versions in workflows too, but for some like node and nextest it would be easier to just use the major 22 or minor 0.9 version respectively

@n0bot n0bot bot added this to iroh Jul 30, 2025
@github-project-automation github-project-automation bot moved this to 🏗 In progress in iroh Jul 30, 2025
matheus23
matheus23 reviewed Aug 6, 2025
View reviewed changes
.github/workflows/tests.yaml
@@ -66,7 +66,7 @@ jobs:
- name: Install cargo-nextest
uses: taiki-e/install-action@v2
with:
tool: [email protected]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We've intentionally pinned an older version of nextest due to buggy behavior.

.github/dependabot.yml
Comment on lines +14 to +21
- package-ecosystem: cargo
directory: /
schedule:
interval: weekly
- package-ecosystem: docker
directory: docker
schedule:
interval: weekly
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I appreciate your work on this, but we've intentionally turned off dependabot in iroh in the past as it didn't fit into our workflow.

Cargo.lock
dependencies = [
"cordyceps",
"diatomic-waker",
"futures-core",
"pin-project-lite",
"spin",
"spin 0.10.0",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This introduced a new duplicate dependency. It might be worth looking into the dependency tree to see what else needs to be updated.

Cargo.lock
@@ -2296,7 +2288,7 @@ dependencies = [
"iroh-quinn-proto",
"iroh-quinn-udp",
"iroh-relay",
"n0-future",
"n0-future 0.2.0",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Another new duplicate dependency.
Looking at the rest of this file, seems like it's used in n0-snafu and net-tools.

Cargo.lock
@@ -2402,21 +2392,21 @@ dependencies = [
"humantime-serde",
"iroh",
"iroh-metrics",
"lru",
"n0-future",
"lru 0.16.0",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Another duplicate dependency.
Seems like that's due to the mainline/pkarr crates

Cargo.lock
Comment on lines -2574 to +2564
"strum 0.27.1",
"strum",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No more duplicate dependency :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matheus23 matheus23 matheus23 left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
iroh
Status: 🏗 In progress
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@reneleonhardt @matheus23