Hi,
The firecracker-1.6 release is being prepared, and it wants the following crate updates.
These are API-compatible patch updates: - clap-4.4.11 - libc-0.2.151 - syn-2.0.40
These are new API versions: - linux-loader-0.10.0 - vhost-0.9.0 - vm-memory-0.13.1
I can push linux-loader with the firecracker update since that's the only user, but vhost and vm-memory have a few other users: - libkrun - rust-vhost-user-backend - rust-virtio-queue - virtiofsd
The rust-* packages have new releases with updated dependencies, and the libkrun SRPM is patched to depend on unbound versions, but upstream virtiofsd does not have updated dependencies.
Let me know if you want me to do any of these updates, but I'll need to be added as a co-maintainer. If so, I presume it's preferable to patch virtiofsd rather than add compat packages?
Thanks.
David
David Michael fedora.dm0@gmail.com writes:
Hi,
The firecracker-1.6 release is being prepared, and it wants the following crate updates.
These are API-compatible patch updates:
- clap-4.4.11
- libc-0.2.151
- syn-2.0.40
These are new API versions:
- linux-loader-0.10.0
- vhost-0.9.0
- vm-memory-0.13.1
I can push linux-loader with the firecracker update since that's the only user, but vhost and vm-memory have a few other users:
- libkrun
- rust-vhost-user-backend
- rust-virtio-queue
- virtiofsd
The rust-* packages have new releases with updated dependencies, and the libkrun SRPM is patched to depend on unbound versions, but upstream virtiofsd does not have updated dependencies.
Let me know if you want me to do any of these updates, but I'll need to be added as a co-maintainer. If so, I presume it's preferable to patch virtiofsd rather than add compat packages?
I would assume that to be the case, but I've just CC'ed German, as he's the current main maintainer for virtiofsd.
Sergio.
On Fri, Dec 15, 2023 at 3:21 PM David Michael fedora.dm0@gmail.com wrote:
Hi,
The firecracker-1.6 release is being prepared, and it wants the following crate updates.
These are API-compatible patch updates:
- clap-4.4.11
- libc-0.2.151
- syn-2.0.40
I am preparing these, and will build them today.
Side note: Is it possible that firecracker uses an overly eager dependabot configuration? It looks like they always bump to the latest available version, whether necessary or not.
The "increase-if-necessary" strategy would be a much better fit for Rust projects, since it considers SemVer compatibility: https://docs.github.com/en/code-security/dependabot/dependabot-version-updat...
Fabio
The rust-* packages have new releases with updated dependencies, and the libkrun SRPM is patched to depend on unbound versions, but upstream virtiofsd does not have updated dependencies.
PS: This is not good. Dependency restrictions are there for a reason, removing them is inviting weird build failures or breakage.