search

mozilla / cbindgen

A project for generating C bindings from Rust code
Mozilla Public License 2.0
2.29k stars 294 forks source link

Update dependencies and bump MSRV to v1.70 #912

Closed jschwe closed 4 months ago

jschwe commented 6 months ago

Rust 1.70 was released on 2023-06-01, so it is half a year old by now. It is also the minimum version I got the updated dependencies to compile on.

Based on #870.

Closes #880 Closes #899

jschwe commented 6 months ago

@emilio What do you think - would bumping the MSRV to 1.70 be acceptable now, given that it is half a year old?

jschwe commented 4 months ago

@emilio I picked up #870 and CI is passing. In this scope I bumped the MSRV to 1.70, which was released on 2023-06-01. This was required for the further dependency bump.

It would close issue https://github.com/mozilla/cbindgen/issues/880

ivoanjo commented 4 months ago

Thanks for picking this up, especially the upgrade from clap 3 to 4. Would be awesome to have a release with this :)

lgarron commented 3 months ago

Thanks for picking this up, especially the upgrade from clap 3 to 4. Would be awesome to have a release with this :)

Indeed, this would be super appreciated!

For those of us who try to resolve vulnerability alerts on all our GitHub repositories, we're unfortunately stuck until cbindgen releases a new version. Even a pre-release would be nice for this.

lgarron commented 1 month ago

Thanks for picking this up, especially the upgrade from clap 3 to 4. Would be awesome to have a release with this :)

Indeed, this would be super appreciated!

For those of us who try to resolve vulnerability alerts on all our GitHub repositories, we're unfortunately stuck until cbindgen releases a new version. Even a pre-release would be nice for this.

@emilio Is there anything blocking a release with this in it? At this point, my use of cbindgen for a Rust project causes me to receive a weekly Depednabot email from GitHub highlighting the atty vulnerability. I don't want to lose track of the vuln alert, so I don't want to dismiss it. But it's just sitting there with a fix nearly available. 😢

If there's something I can do to help, I'd be glad to.

emilio commented 1 month ago

Nothing particularly blocking other than the fact that I need to go through all the changes and prepare a changelog, which takes time I don't have right now... Any help with that is really appreciated, it should be a matter of making a PR to the CHANGES file and bumping the version :)