search

phylum-dev / cli

Command line interface for the Phylum API
https://phylum.io
GNU General Public License v3.0
103 stars 11 forks source link

Dependency update not possible #1478

Open maxrake opened 3 months ago

maxrake commented 3 months ago

Overview

The ability to cargo update this repository appears to be broken. The workflow that automates this process as a weekly task has been broken since ~12 JUL 2024.

How To Reproduce

❯ date
Mon Aug  5 11:41:26 CDT 2024

❯ cargo update
    Updating crates.io index
    Updating git repository `https://github.com/phylum-dev/phylum-types`
    Updating git repository `https://github.com/phylum-dev/vuln-reach`
error: failed to select a version for the requirement `wgpu-core = "^0.20"`
candidate versions found which didn't match: 22.1.0, 22.0.0, 0.21.1, ...
location searched: crates.io index
required by package `deno_webgpu v0.118.0`
    ... which satisfies dependency `deno_webgpu = "^0.118.0"` of package `deno_runtime v0.159.0`
    ... which satisfies dependency `deno_runtime = "^0.159.0"` of package `phylum-cli v6.6.6 (/Users/maxrake/dev/phylum/localdev/cli/cli)`
    ... which satisfies path dependency `phylum-cli` of package `xtask v0.1.0 (/Users/maxrake/dev/phylum/localdev/cli/xtask)`

Expected Behavior

Weekly automated dependency bumps are successful in running and updating to the latest set of packages.

Additional Context

This looks like another instance of needing to update the deno dependencies.

kylewillmon commented 3 months ago

wgpu-core v0.20.0 was yanked because it segfaults on rustc 1.79+. Most projects pull wgpu-core via the wgpu, which has a v0.20.1 release to fix this... We are unfortunate enough to get wgpu-core via deno_webgpu, which did not release a semver-compatible fix. So we have to go through breaking updates to fix this.

TLDR: We need to update our deno crates to something released after denoland/deno#24515 was merged