Combine dependabot security updates #1831
Conversation
|
Some of these are major updates. We might need to verify if things are still working as expected. Doing this in bulk across many apps could be problematic especially with a lot of people on holidays at the moment. |
|
This is definitely true, I was playing with combining all of them to knock them out since many of them are not breaking changes and close significant bugs. However, I have discovered that dependabot suggesting to just do things like migrate to react v19 are much bigger changes. So I will likely leave that specifically out. edit: or try a less agressive bump i.e. to |
|
I'll need to test this on Android because a few of these packages broke android in the past when we upgraded |
Noted. I am not trying to merge this immediately and shake things up on Friday evening before holidays, just do some house cleaning while I have the time 😄 |
| @@ -39,6 +39,11 @@ vergen = { workspace = true, default-features = false, features = [ | |||
| "cargo", | |||
| ] } | |||
|
|
|||
| [target.'cfg(windows)'.dependencies] | |||
There was a problem hiding this comment.
Neither of these crates seem to be used in nym-vpnc based on a quick search with Github
| @@ -64,7 +64,7 @@ nym-vpnd-types = { path = "../nym-vpnd-types" } | |||
| [target.'cfg(windows)'.dependencies] | |||
| windows-service = "0.7.0" | |||
| eventlog = "0.3.0" | |||
| winapi = { version = "0.3", features = ["winnt", "excpt"] } | |||
| winapi = { version = "0.3", features = ["winnt", "excpt", "winerror"] } | |||
There was a problem hiding this comment.
FYI Not a problem with this PR but to raise awareness. We've been putting effort at consolidating dependencies in the workspace Cargo.toml so it's easier to keep track of them. IMO features can be specified by each indiviudal crate, that's ok, the effort is to move versions into workspace toml.
jmwample
force-pushed
the
dependabot/12-24_combined
branch
from
e1dadf5 to
af0b57f
Compare
Several dependabot security warnings have been sitting, this PR combines them and works to integrate any necessary changes to address the security issues.
rust / golang (through rust ffi)
build(deps): bump tungstenite from 0.23.0 to 0.26.1 in /nym-vpn-core #1828App
build(deps): bump the patch-updates group across 1 directory with 2 updates #1793Android
build(deps): bump the patch-updates group across 1 directory with 4 updates #1802CI
NOT included:
nym-vpn-appto react v19build(deps): bump netlink-packet-route from 0.13.0 to 0.17.1 in /nym-vpn-core #1601Bump rexml from 3.3.7 to 3.3.9 in /nym-vpn-apple #1409This change is