On Fri, Dec 15, 2023 at 3:21 PM David Michael fedora.dm0@gmail.com wrote:
Hi,
The firecracker-1.6 release is being prepared, and it wants the following crate updates.
These are API-compatible patch updates:
- clap-4.4.11
- libc-0.2.151
- syn-2.0.40
I am preparing these, and will build them today.
Side note: Is it possible that firecracker uses an overly eager dependabot configuration? It looks like they always bump to the latest available version, whether necessary or not.
The "increase-if-necessary" strategy would be a much better fit for Rust projects, since it considers SemVer compatibility: https://docs.github.com/en/code-security/dependabot/dependabot-version-updat...
Fabio
The rust-* packages have new releases with updated dependencies, and the libkrun SRPM is patched to depend on unbound versions, but upstream virtiofsd does not have updated dependencies.
PS: This is not good. Dependency restrictions are there for a reason, removing them is inviting weird build failures or breakage.