Skip to content

fix(deps): pin dependencies#140

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all
Open

fix(deps): pin dependencies#140
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all

Conversation

@renovate

@renovate renovate Bot commented May 1, 2025

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Type Update Change
actions/add-to-project action pinDigest 244f685
config dependencies minor 0.14.00.15.0
debian final pinDigest 7b140f3
famedly/backend-build-workflows action pinDigest 40815a1
itertools dev-dependencies minor 0.14.00.15.0
ldap3 dev-dependencies minor 0.11.10.12.0
ldap3 dependencies minor 0.11.10.12.0
registry.famedly.net/docker-oss/famedly-sync-agent pinDigest 65c059a
registry.famedly.net/docker-oss/rust-container container pinDigest 6a220ab
registry.famedly.net/docker-oss/rust-container stage pinDigest 6a220ab

Release Notes

rust-cli/config-rs (config)

v0.15.25

Compare Source

Fixes
  • (ron) Support u64, and not just i64

v0.15.24

Compare Source

Fixes
  • (json) Support u64, and not just i64

v0.15.23

Compare Source

Fixes
  • Environment::convert_case: correctly apply casing to each key segment

v0.15.22

Compare Source

Documentation
  • Polish examples
Internal
  • Update winnow

v0.15.21

Compare Source

Compatibility
  • Bump MSRV to 1.85

v0.15.20

Compare Source

Fixes
  • Serialize the full u64 range
Internal
  • (toml) Update to 1.0

v0.15.19

Compare Source

Internal
  • (ron) Update to 0.12

v0.15.18

Compare Source

Fixes
  • Improve consistency between missing field error messages

v0.15.17

Compare Source

Features
  • corn file format support

v0.15.16

Compare Source

Performance
  • Allow more build parallelism by depending on serde_core

v0.15.15

Compare Source

Fixes
  • (json5) Correctly deserialize null (regressed in 0.15.14)

v0.15.14

Compare Source

Performance
  • (json5) Reduce overhead when loading json5 files

v0.15.13

Compare Source

Fixes
  • Skip UTF-8 BOMs when reading files

v0.15.12

Compare Source

Performance
  • Upgrade to toml v0.9

v0.15.11

Compare Source

Features
  • Deserialize YAML real keys as strings

v0.15.10

Compare Source

Features
  • Deserialize YAML boolean keys as strings
Fixes
  • Don't panic on non-string YAML keys

v0.15.9

Compare Source

Compatibility
  • Upgrade to yaml-rust2 0.10
Documentation
  • Provided more jumping off points in the documentation

v0.15.8

Compare Source

Fix
  • Don't panic on non-unicode env variable names and values

v0.15.7

Compare Source

Internal
  • Update a dependency

v0.15.6

Compare Source

Fixes
  • Fix regression from 0.15.3 with reading a table from an empty config

v0.15.5

Compare Source

Fixes
  • Include the key on all serde errors
Performance
  • Don't clone when merging sources

v0.15.4

Compare Source

Performance
  • Reduce TOML build times

v0.15.3

Compare Source

Fixes
  • Fix regression from 0.15.3 with reading a table from an empty config

v0.15.2

Compare Source

Fixes
  • Provide an error message on path parsing errors (regression from 0.15.0)
  • Improve quality of path parsing error messages

v0.15.1

Compare Source

Internal
  • (ron) Update to 0.12

v0.15.0

Compare Source

Compatibility
  • ConfigError is no longer exhaustive
  • ConfigError::Parses type changed
  • FileFormat is no longer exhaustive
  • Deprecated functions removed
  • Case insensitivity from 0.14.0 was reverted
Fixes
  • Struct fields, variants, and lookup paths with uppercase letters can be used again (regression from 0.14.0)
rust-itertools/itertools (itertools)

v0.15.0

Compare Source

Breaking
  • Restructure Position as struct instead of enum (#​1042, #​1043)
  • Canonicalize all_equal_value's error type (#​1032)
Added
  • Add *_with_hasher adaptors (#​1007)
  • Add strip_prefix and strip_prefix_by methods (#​1104)
Changed
  • Remove Clone bounds from tuple_combinations and array_combinations(#​1011)
  • must_use for collect_vec (#​1009)
  • Make izip! temporary friendly (#​1021)
  • Add array_combinations_with_replacement (#​1033)
  • Implement Debug for remaining public types (#​1038)
  • Specialize ExactlyOneError::count (#​1046)
  • Implement PeekingNext for more types, in particular vec::IntoIter (#​1059, #​1073)
  • Fix PadUsing::next_back (#​1082)
  • Introduce [circular_]array_windows, deprecate tuple_windows (#​1086)
  • Deprecate tuple_combinations (replaced by array_combinations) (#​1085)
Notable Internal Changes
inejge/ldap3 (ldap3)

v0.12.1

Compare Source

  • [breaking change] Compiling with Rustls now requires explicit
    selection of a crypto provider. Using the "tls-rustls" flag by
    itself is no longer enough. There are two predefined flags,
    "tls-rustls-aws-lc-rs" and "tls-rustls-ring", for the two
    common providers. See the README or top-level library documentation
    for details.

  • [breaking change] Remove the deprecated ldap_str_unescape() in
    favor of ldap_unescape().

  • Add basic NTLM authentication support. Username and cleartext
    password must be provided. Sign/seal on a non-TLS connection are
    not supported. On a TLS connection, a channel binding token will
    be sent to the server if possible.

  • Add support for using acquired credentials for GSSAPI through
    cross_krb5
    (#​149).

  • Remove the lazy_static dependency and use LazyLock instead.
    The impetus came from #​146,
    although that PR wasn't used in the end.

  • Add the Transaction exop (RFC 5805)
    (#​134).

  • Add support for creating a client from an existing TcpStream or
    UnixStream
    (#​132).

  • Update this crate and lber to Edition 2024.


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • Between 12:00 AM and 03:59 AM, on day 1 of the month (* 0-3 1 * *)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate
renovate Bot requested a review from a team as a code owner May 1, 2025 02:40
@renovate
renovate Bot force-pushed the renovate/all branch from 4f5d0d6 to ac52f51 Compare May 5, 2025 02:45
@renovate
renovate Bot force-pushed the renovate/all branch 3 times, most recently from bde1957 to 0376bbc Compare May 19, 2025 06:04
@renovate
renovate Bot force-pushed the renovate/all branch 5 times, most recently from d1882bd to 2ecedc0 Compare May 26, 2025 03:53
@renovate
renovate Bot force-pushed the renovate/all branch 3 times, most recently from 3cc626d to 574b13e Compare June 9, 2025 05:33
@renovate
renovate Bot force-pushed the renovate/all branch 6 times, most recently from 4122f03 to e74e633 Compare June 20, 2025 13:05
@renovate
renovate Bot force-pushed the renovate/all branch 5 times, most recently from 3fc4554 to bd44284 Compare June 27, 2025 19:39
@renovate
renovate Bot force-pushed the renovate/all branch 4 times, most recently from a999ec8 to 10c9c9b Compare July 6, 2025 04:46
@renovate
renovate Bot force-pushed the renovate/all branch 2 times, most recently from e5b351f to ea8c50a Compare July 14, 2025 06:06

@tlater-famedly tlater-famedly left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, looks like we're overzealous with these updates, none of these action versions are permitted.

@renovate
renovate Bot force-pushed the renovate/all branch 4 times, most recently from aa65107 to da09ac0 Compare August 19, 2025 10:09
@renovate
renovate Bot force-pushed the renovate/all branch 4 times, most recently from b38193d to 047cf29 Compare August 29, 2025 13:33
@renovate
renovate Bot force-pushed the renovate/all branch 3 times, most recently from 9d5badb to 2341f39 Compare September 7, 2025 04:50
@renovate
renovate Bot force-pushed the renovate/all branch 5 times, most recently from 9b4768b to 6d09d13 Compare September 11, 2025 04:42
@renovate
renovate Bot force-pushed the renovate/all branch 7 times, most recently from 5098d99 to be4cb58 Compare September 22, 2025 06:11

@linearb linearb Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✨ PR Review

LGTM

Generated by LinearB AI and added by gitStream.
AI-generated content may contain inaccuracies. Please verify before using.
💡 Tip: You can customize your AI Review using Guidelines Learn how

@codecov

codecov Bot commented May 28, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 90.84%. Comparing base (01ac2ef) to head (7624047).
✅ All tests successful. No failed tests found.

Additional details and impacted files
@@            Coverage Diff             @@
##             main     #140      +/-   ##
==========================================
- Coverage   91.02%   90.84%   -0.18%     
==========================================
  Files          10       10              
  Lines        1604     1573      -31     
==========================================
- Hits         1460     1429      -31     
  Misses        144      144              

see 2 files with indirect coverage changes


Continue to review full report in Codecov by Harness.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 01ac2ef...7624047. Read the comment docs.

@cursor

cursor Bot commented Jul 6, 2026

Copy link
Copy Markdown

PR Summary

Medium Risk
ldap3 0.12 and config 0.15 are minor bumps on LDAP sync and env/file configuration paths; lockfile-wide HTTP/TLS changes add regression surface beyond the pinned workflow edits.

Overview
Pins GitHub Actions, Docker base images, and the compose agent image to immutable digests (including rust-prepare on a specific commit instead of floating main in CI).

Bumps direct Rust deps: config 0.14→0.15, ldap3 0.11→0.12 (prod + dev), and itertools 0.14→0.15, with a large Cargo.lock refresh (notably reqwest 0.12 and related TLS/HTTP stack crates pulled in transitively).

Reviewed by Cursor Bugbot for commit 7624047. Bugbot is set up for automated code reviews on this repo. Configure here.

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes using high effort and found 1 potential issue.

Autofix Details

Bugbot Autofix prepared a fix for the issue found in the latest run.

  • ✅ Fixed: Mismatched rust-prepare action commits
    • Updated both release workflow rust-prepare steps to use the same pinned commit as the CI workflow.

Create PR

Or push these changes by commenting:

@cursor push 9c2d5abce7
Preview (9c2d5abce7)
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -32,7 +32,7 @@
         uses: actions/checkout@900f2210b1d28bbbd0bd22d17926b9e224e8f231
 
       - name: Set up Rust
-        uses: famedly/backend-build-workflows/.github/actions/rust-prepare@fcc2ec82a725d5c4c9c6a8f19e8df101c178dcb6
+        uses: famedly/backend-build-workflows/.github/actions/rust-prepare@40815a109c3c3cd664c1be5baf4cac287043b953
         with:
           gitlab_ssh: ${{ secrets.CI_SSH_PRIVATE_KEY}}
           gitlab_user: ${{ secrets.GITLAB_USER }}
@@ -80,7 +80,7 @@
         uses: actions/checkout@900f2210b1d28bbbd0bd22d17926b9e224e8f231
 
       - name: Set up Rust
-        uses: famedly/backend-build-workflows/.github/actions/rust-prepare@fcc2ec82a725d5c4c9c6a8f19e8df101c178dcb6
+        uses: famedly/backend-build-workflows/.github/actions/rust-prepare@40815a109c3c3cd664c1be5baf4cac287043b953
         with:
           gitlab_ssh: ${{ secrets.CI_SSH_PRIVATE_KEY}}
           gitlab_user: ${{ secrets.GITLAB_USER }}

You can send follow-ups to the cloud agent here.

uses: actions/checkout@900f2210b1d28bbbd0bd22d17926b9e224e8f231

- uses: famedly/backend-build-workflows/.github/actions/rust-prepare@main
- uses: famedly/backend-build-workflows/.github/actions/rust-prepare@40815a109c3c3cd664c1be5baf4cac287043b953 # main

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mismatched rust-prepare action commits

Medium Severity

This PR pins famedly/backend-build-workflows/.github/actions/rust-prepare to 40815a1 in rust-workflow.yml, while release.yml still uses fcc2ec82 for the same action. PR and main CI can pass with one Rust/registry setup while tagged release and SBOM jobs use another, so release artifacts may fail or differ from what CI validated after the dependency bumps.

Additional Locations (1)
Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 9513090. Configure here.

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes using high effort and found 1 potential issue.

There are 2 total unresolved issues (including 1 from previous review).

Fix All in Cursor

Bugbot Autofix prepared a fix for the issue found in the latest run.

  • ✅ Fixed: Compose pins stale agent image
    • Removed the stale sha256 digest from the root Compose image so it again tracks the published latest agent image.

Create PR

Or push these changes by commenting:

@cursor push 31c7286253
Preview (31c7286253)
diff --git a/docker-compose.yaml b/docker-compose.yaml
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -1,6 +1,6 @@
 services:
   famedly-sync-agent:
-    image: registry.famedly.net/docker-oss/famedly-sync-agent:latest@sha256:65c059a73461bf1f8b4aa8990ae37cc5806ad0cbcf49f0aff816c02b716320e2
+    image: registry.famedly.net/docker-oss/famedly-sync-agent:latest
     volumes:
       - type: bind
         source: ./opt

You can send follow-ups to the cloud agent here.

Reviewed by Cursor Bugbot for commit 27403a0. Configure here.

Comment thread docker-compose.yaml
services:
famedly-sync-agent:
image: registry.famedly.net/docker-oss/famedly-sync-agent:latest
image: registry.famedly.net/docker-oss/famedly-sync-agent:latest@sha256:65c059a73461bf1f8b4aa8990ae37cc5806ad0cbcf49f0aff816c02b716320e2

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Compose pins stale agent image

Medium Severity

Root docker-compose.yaml now pins famedly-sync-agent to a fixed registry digest from before this PR, so docker compose up keeps running an image built with the old Cargo.lock instead of the bumped config, ldap3, and related dependencies until the digest is rebuilt and updated.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 27403a0. Configure here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant