fix(deps): pin dependencies#140
Conversation
bde1957 to
0376bbc
Compare
d1882bd to
2ecedc0
Compare
3cc626d to
574b13e
Compare
4122f03 to
e74e633
Compare
3fc4554 to
bd44284
Compare
a999ec8 to
10c9c9b
Compare
e5b351f to
ea8c50a
Compare
tlater-famedly
left a comment
There was a problem hiding this comment.
Ah, looks like we're overzealous with these updates, none of these action versions are permitted.
aa65107 to
da09ac0
Compare
b38193d to
047cf29
Compare
9d5badb to
2341f39
Compare
9b4768b to
6d09d13
Compare
5098d99 to
be4cb58
Compare
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #140 +/- ##
==========================================
- Coverage 91.02% 90.84% -0.18%
==========================================
Files 10 10
Lines 1604 1573 -31
==========================================
- Hits 1460 1429 -31
Misses 144 144 see 2 files with indirect coverage changes Continue to review full report in Codecov by Harness.
|
PR SummaryMedium Risk Overview Bumps direct Rust deps: Reviewed by Cursor Bugbot for commit 7624047. Bugbot is set up for automated code reviews on this repo. Configure here. |
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes using high effort and found 1 potential issue.
Autofix Details
Bugbot Autofix prepared a fix for the issue found in the latest run.
- ✅ Fixed: Mismatched rust-prepare action commits
- Updated both release workflow rust-prepare steps to use the same pinned commit as the CI workflow.
Or push these changes by commenting:
@cursor push 9c2d5abce7
Preview (9c2d5abce7)
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -32,7 +32,7 @@
uses: actions/checkout@900f2210b1d28bbbd0bd22d17926b9e224e8f231
- name: Set up Rust
- uses: famedly/backend-build-workflows/.github/actions/rust-prepare@fcc2ec82a725d5c4c9c6a8f19e8df101c178dcb6
+ uses: famedly/backend-build-workflows/.github/actions/rust-prepare@40815a109c3c3cd664c1be5baf4cac287043b953
with:
gitlab_ssh: ${{ secrets.CI_SSH_PRIVATE_KEY}}
gitlab_user: ${{ secrets.GITLAB_USER }}
@@ -80,7 +80,7 @@
uses: actions/checkout@900f2210b1d28bbbd0bd22d17926b9e224e8f231
- name: Set up Rust
- uses: famedly/backend-build-workflows/.github/actions/rust-prepare@fcc2ec82a725d5c4c9c6a8f19e8df101c178dcb6
+ uses: famedly/backend-build-workflows/.github/actions/rust-prepare@40815a109c3c3cd664c1be5baf4cac287043b953
with:
gitlab_ssh: ${{ secrets.CI_SSH_PRIVATE_KEY}}
gitlab_user: ${{ secrets.GITLAB_USER }}You can send follow-ups to the cloud agent here.
| uses: actions/checkout@900f2210b1d28bbbd0bd22d17926b9e224e8f231 | ||
|
|
||
| - uses: famedly/backend-build-workflows/.github/actions/rust-prepare@main | ||
| - uses: famedly/backend-build-workflows/.github/actions/rust-prepare@40815a109c3c3cd664c1be5baf4cac287043b953 # main |
There was a problem hiding this comment.
Mismatched rust-prepare action commits
Medium Severity
This PR pins famedly/backend-build-workflows/.github/actions/rust-prepare to 40815a1 in rust-workflow.yml, while release.yml still uses fcc2ec82 for the same action. PR and main CI can pass with one Rust/registry setup while tagged release and SBOM jobs use another, so release artifacts may fail or differ from what CI validated after the dependency bumps.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit 9513090. Configure here.
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes using high effort and found 1 potential issue.
There are 2 total unresolved issues (including 1 from previous review).
Bugbot Autofix prepared a fix for the issue found in the latest run.
- ✅ Fixed: Compose pins stale agent image
- Removed the stale sha256 digest from the root Compose image so it again tracks the published latest agent image.
Or push these changes by commenting:
@cursor push 31c7286253
Preview (31c7286253)
diff --git a/docker-compose.yaml b/docker-compose.yaml
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -1,6 +1,6 @@
services:
famedly-sync-agent:
- image: registry.famedly.net/docker-oss/famedly-sync-agent:latest@sha256:65c059a73461bf1f8b4aa8990ae37cc5806ad0cbcf49f0aff816c02b716320e2
+ image: registry.famedly.net/docker-oss/famedly-sync-agent:latest
volumes:
- type: bind
source: ./optYou can send follow-ups to the cloud agent here.
Reviewed by Cursor Bugbot for commit 27403a0. Configure here.
| services: | ||
| famedly-sync-agent: | ||
| image: registry.famedly.net/docker-oss/famedly-sync-agent:latest | ||
| image: registry.famedly.net/docker-oss/famedly-sync-agent:latest@sha256:65c059a73461bf1f8b4aa8990ae37cc5806ad0cbcf49f0aff816c02b716320e2 |
There was a problem hiding this comment.
Compose pins stale agent image
Medium Severity
Root docker-compose.yaml now pins famedly-sync-agent to a fixed registry digest from before this PR, so docker compose up keeps running an image built with the old Cargo.lock instead of the bumped config, ldap3, and related dependencies until the digest is rebuilt and updated.
Reviewed by Cursor Bugbot for commit 27403a0. Configure here.



This PR contains the following updates:
244f6850.14.0→0.15.07b140f340815a10.14.0→0.15.00.11.1→0.12.00.11.1→0.12.065c059a6a220ab6a220abRelease Notes
rust-cli/config-rs (config)
v0.15.25Compare Source
Fixes
u64, and not justi64v0.15.24Compare Source
Fixes
u64, and not justi64v0.15.23Compare Source
Fixes
Environment::convert_case: correctly apply casing to each key segmentv0.15.22Compare Source
Documentation
Internal
v0.15.21Compare Source
Compatibility
v0.15.20Compare Source
Fixes
u64rangeInternal
v0.15.19Compare Source
Internal
v0.15.18Compare Source
Fixes
v0.15.17Compare Source
Features
v0.15.16Compare Source
Performance
serde_corev0.15.15Compare Source
Fixes
null(regressed in 0.15.14)v0.15.14Compare Source
Performance
v0.15.13Compare Source
Fixes
v0.15.12Compare Source
Performance
tomlv0.9v0.15.11Compare Source
Features
v0.15.10Compare Source
Features
Fixes
v0.15.9Compare Source
Compatibility
yaml-rust20.10Documentation
v0.15.8Compare Source
Fix
v0.15.7Compare Source
Internal
v0.15.6Compare Source
Fixes
v0.15.5Compare Source
Fixes
keyon all serde errorsPerformance
v0.15.4Compare Source
Performance
v0.15.3Compare Source
Fixes
v0.15.2Compare Source
Fixes
v0.15.1Compare Source
Internal
v0.15.0Compare Source
Compatibility
ConfigErroris no longer exhaustiveConfigError::Parses type changedFileFormatis no longer exhaustiveFixes
rust-itertools/itertools (itertools)
v0.15.0Compare Source
Breaking
Positionas struct instead of enum (#1042, #1043)all_equal_value's error type (#1032)Added
*_with_hasheradaptors (#1007)Changed
Clonebounds fromtuple_combinationsandarray_combinations(#1011)must_useforcollect_vec(#1009)izip!temporary friendly (#1021)array_combinations_with_replacement(#1033)Debugfor remaining public types (#1038)ExactlyOneError::count(#1046)PeekingNextfor more types, in particularvec::IntoIter(#1059, #1073)PadUsing::next_back(#1082)[circular_]array_windows, deprecatetuple_windows(#1086)tuple_combinations(replaced byarray_combinations) (#1085)Notable Internal Changes
into_group_mapcode more idiomatic (#1027)inejge/ldap3 (ldap3)
v0.12.1Compare Source
[breaking change] Compiling with Rustls now requires explicit
selection of a crypto provider. Using the "tls-rustls" flag by
itself is no longer enough. There are two predefined flags,
"tls-rustls-aws-lc-rs" and "tls-rustls-ring", for the two
common providers. See the README or top-level library documentation
for details.
[breaking change] Remove the deprecated
ldap_str_unescape()infavor of
ldap_unescape().Add basic NTLM authentication support. Username and cleartext
password must be provided. Sign/seal on a non-TLS connection are
not supported. On a TLS connection, a channel binding token will
be sent to the server if possible.
Add support for using acquired credentials for GSSAPI through
cross_krb5(#149).
Remove the
lazy_staticdependency and useLazyLockinstead.The impetus came from #146,
although that PR wasn't used in the end.
Add the Transaction exop (RFC 5805)
(#134).
Add support for creating a client from an existing
TcpStreamorUnixStream(#132).
Update this crate and
lberto Edition 2024.Configuration
📅 Schedule: (UTC)
* 0-3 1 * *)🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.