Skip to content

Bump dependencies#1586

Merged
cd-work merged 1 commit intomainfrom
auto-cargo-update
Mar 18, 2025
Merged

Bump dependencies#1586
cd-work merged 1 commit intomainfrom
auto-cargo-update

Conversation

@phylum-bot
Copy link
Contributor

@phylum-bot phylum-bot commented Mar 17, 2025

Bump dependencies for all SemVer-compatible updates.

@phylum-bot phylum-bot requested a review from a team as a code owner March 17, 2025 05:33
@phylum-bot phylum-bot requested a review from cd-work March 17, 2025 05:33
@phylum-io
Copy link

phylum-io bot commented Mar 17, 2025

Phylum OSS Supply Chain Risk Analysis - FAILED

This repository analyzes the risk of new dependencies. An
administrator of this repository has set requirements via Phylum policy.

If you see this comment, one or more dependencies have failed Phylum's risk analysis.

Package: rsa@0.9.8 failed.

rsa@0.9.8 contains long high-entropy strings

Risk Domain: Malicious Code
Risk Level: low

Reason: Obfuscated code

View this project in the Phylum UI

maxrake
maxrake approved these changes Mar 17, 2025
View reviewed changes
Copy link
Contributor

@maxrake maxrake left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some updates related to deno_node and winapi are causing failures in CI...looks like it is unrelated to first-party cli code updates. We might need to update to a newer version of deno_runtime to fix this...but I don't really know how best to do that. The last time deno was updated...in #1505...it required a lot of additional changes. @cd-work might know...

maxrake
maxrake requested changes Mar 17, 2025
View reviewed changes
Copy link
Contributor

@maxrake maxrake left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I clicked the wrong button the first time.

@phylum-io
Copy link

phylum-io bot commented Mar 18, 2025

Phylum OSS Supply Chain Risk Analysis - INCOMPLETE

The analysis contains 3 package(s) Phylum has not yet processed,
preventing a complete risk analysis. Phylum is processing these
packages currently and should complete soon.
Please wait for up to 30 minutes, then re-run the analysis.

View this project in the Phylum UI

@cd-work cd-work force-pushed the auto-cargo-update branch from 9552096 to 18d71b5 Compare March 18, 2025 16:49
@phylum-io
Copy link

phylum-io bot commented Mar 18, 2025

Phylum OSS Supply Chain Risk Analysis - INCOMPLETE

The analysis contains 2 package(s) Phylum has not yet processed,
preventing a complete risk analysis. Phylum is processing these
packages currently and should complete soon.
Please wait for up to 30 minutes, then re-run the analysis.

View this project in the Phylum UI

cd-work
cd-work approved these changes Mar 18, 2025
View reviewed changes
Copy link
Contributor

@cd-work cd-work left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cc @maxrake.

Had to downgrade resolve-conf to remove its windows dependency.

@cd-work cd-work enabled auto-merge (squash) March 18, 2025 17:08
@phylum-io
Copy link

phylum-io bot commented Mar 18, 2025

Phylum OSS Supply Chain Risk Analysis - INCOMPLETE

The analysis contains 1 package(s) Phylum has not yet processed,
preventing a complete risk analysis. Phylum is processing these
packages currently and should complete soon.
Please wait for up to 30 minutes, then re-run the analysis.

View this project in the Phylum UI

maxrake
maxrake approved these changes Mar 18, 2025
View reviewed changes
Copy link
Contributor

@maxrake maxrake left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is still one unprocessed dependency...but otherwise, LGTM.

@cd-work cd-work merged commit f72b24e into main Mar 18, 2025
17 checks passed
@cd-work cd-work deleted the auto-cargo-update branch March 18, 2025 17:11
maxrake added a commit that referenced this pull request Mar 24, 2025
@maxrake
Downgrade resolve-conf
4d3a6bb 
This change seeks to replicate the one made in #1586, where
`resolve-conf` was downgraded to remove its `windows` dependency. This
is the command that was used to do so:

```sh
cargo update --package resolv-conf --precise 0.7.0
```
maxrake added a commit that referenced this pull request Mar 31, 2025
@maxrake
Downgrade resolv-conf
a6ca983 
This change seeks to replicate the one made in #1586, where
`resolve-conf` was downgraded to remove its `windows` dependency. This
is the command that was used to do so:

```sh
cargo update --package resolv-conf --precise 0.7.0
```
maxrake added a commit that referenced this pull request Mar 31, 2025
@phylum-bot @maxrake
Bump dependencies (#1596)
bea46cb 
* Bump dependencies

* Downgrade `resolv-conf`

This change seeks to replicate the one made in #1586, where
`resolve-conf` was downgraded to remove its `windows` dependency. This
is the command that was used to do so:

```sh
cargo update --package resolv-conf --precise 0.7.0
```

---------

Co-authored-by: Charles Coggins <maxrake@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@maxrake maxrake maxrake approved these changes

@cd-work cd-work cd-work approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@phylum-bot @maxrake @cd-work