dependency on yanked ahash@0.7.6

[dignifiedquire]

This is through the outdated indexmap@1.9.3 -> hashbrown@0.12 -> ahash@0.7

[Dispersia]

also just got hit with this, it already works in master, just needs a release cut as the dependency has already been updated. just temporarily pointing using git instead of version to fix it (unfortunately seems to have hit a lot of crates, including sqlx 0.6 thought 0.7 works)

[matthiasbeyer]

If you want, you can file a update PR targeting the release-0.13.x branch for updating indexmap and we'll see whether this runs through CI smoothly, so I can have that fixed in a 0.13.4 release... Because 0.13.4 might be there sooner than 0.14.0... :thinking:

[dignifiedquire]

ahash@0.7.7 was released, making backports much less urgent luckily

[matthiasbeyer]

So we can wait until dependabot comes around, can't we?

[polarathene]

Dependency resolved depends on rust toolchain used.

• < 1.60.0 will resolve ordered-multimap 0.4.0 as newer releases bump hashbrown which uses newer ahash releases (that got yanked) and their recent releases that implicitly raise (since 0.7.6) the MSRV to Rust 1.60.0 due to new weak dependencies syntax usage in Cargo.toml. That syntax is considered invalid to older rust releases and so the crates don't appear to exist, rolling back until a valid dependency chain can be resolved.
• >= 1.60.0 can resolve a newer ordered-multimap 0.4.3 (due to 0.4 semver).
• Meanwhile, if rust-ini were to update (dependabot), that'll raise ordered-multimap to the newer 0.7 release which bumps MSRV to 1.71.1, unrelated to the hashbrown / ahash dependencies.

---

So we can wait until dependabot comes around, can't we?

No action required AFAIK?