Stop pinning syntect version #876
Comments
|
A newer version of syntect pulls the latest version of rust-onig which pulls bindgen which requires llvm/clang, which would make zola hard to build for everyone, not just CI I'll unpin as soon as a new version of onig that can disable bindgen is released (rust-onig/rust-onig#126) or trishume/syntect#270 is working. |
|
Thanks for replying. Yeah, that bindgen was introduced because of my bug (when onig-rs was segfaulting due to oniguruma update in Fedora). I see the point now. Also moving away from non-rust deps would be nice as well :) For now I'll just keep downstream patch. Thanks! |
|
I noticed while packaging TL;DR: zola might be shipping 7 vulns due to this. |
|
Still waiting for either syntect with fancy-regex or a new version of onig before unpinning. |
|
The Still hoping that onig's build will eventually improve but for now |
|
Great i'll try it asap! Right now onig requires llvm on each platform so it's really usable at all :/ |
|
0.11 goes back to the most recent syntect version |
Hello,
maintainer of zola in Fedora here. I am working on upgrading our package to 0.9.0 and I found that you have pinned syntect to 3.2.0 in a6db79f.
I would like to ask you to return it back to
3and use some other way of pinning it instead. From what I understand you have it because of CI. So you can put something likecargo update -p syntect --precise 3.2.0in the CI scripts.Thank you for working on Zola and hope that we can find consensus for resolving this bug :)
The text was updated successfully, but these errors were encountered: