search

mehcode / config-rs

⚙️ Layered configuration system for Rust applications (with strong support for 12-factor applications).
Apache License 2.0
2.43k stars 206 forks source link

Update rust-ini requirement from 0.19 to 0.20 #494

Closed dependabot[bot] closed 5 months ago

dependabot[bot] commented 8 months ago

Updates the requirements on rust-ini to permit the latest version.

Commits
  • a518f05 release v0.20.0
  • 6ae9e94 Update ordered-multimap dependency
  • 1b67ac6 feat(ini): implement IntoIterator for Ini (#114)
  • 02559c3 reformatted
  • 13ed93d Refactor write_to_opt to reduce code duplication.
  • 02e06dc Add support for custom key-value separator in nameless sections.
  • e505047 fix clippy warnings
  • 371dc9a README use MarkDown
  • See full diff in compare view


You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

polarathene commented 8 months ago

Failure is due to MSRV 1.70 (June 2023) not being new enough, due to an implicit dependency from the rust-ini release 0.20 (Oct 18th) via ordered-multimap raised MSRV to 1.71 (July 2023), as ordered-multimap released 0.7.1 (Oct 25th) with a feature that is unstable on earlier rust toolchains.

This wasn't something rust-ini could catch, as their 0.20 release bumped that dependency from 0.6 (Jan 2023) to 0.7 (Aug 24th). Just a result of semver resolution, technically ordered-multimap should not have released that change as a patch release? 🤷‍♂️

Raised bug reports:

In the meantime, I guess keep rust-ini at 0.19 and wait to see what happens upstream?

matthiasbeyer commented 8 months ago

In the meantime, I guess keep rust-ini at 0.19 and wait to see what happens upstream?

Yes, that's what I'd do, at least as long we do not have a release coming up. I wonder what will happen with our next patch release, whether we need to restrict versions for that package to stay compatible.

polarathene commented 8 months ago

I wonder what will happen with our next patch release, whether we need to restrict versions for that package to stay compatible.

I have been looking into this to get a better understanding of MSRV and maintenance of Cargo.toml / Cargo.lock with library crates and CI 👍

I will contribute some input on the recent issues / PRs related to this. Apparently raising the MSRV on point releases isn't uncommon in the rust ecosystem? 🤷‍♂️

It does seem like adopting rust-version would be wise though.

matthiasbeyer commented 5 months ago

@dependabot rebase