Autoupdate dependencies #367

akri-bot · 2021-09-01T00:17:56Z

Auto-generated pull request.
This pull request is generated by GitHub action based on the provided update commands.

kate-goldenring · 2021-09-01T17:35:01Z

If none of our .toml files are updated by this run, is it safe to close out the PR? It seems that the next person who puts in changes would automatically cause these lock file changes anyways. @romoh for thoughts?

jiria · 2021-09-01T18:02:08Z

If some of these minor changes were CVE fixes, would we not good to get these updated so that our build uses the latest? Or are did the build already use the latest, just the lock file was not refreshed in the repo? Sent from Mail<https://go.microsoft.com/fwlink/?LinkId=550986> for Windows From: Kate ***@***.***> Sent: Wednesday, September 1, 2021 10:35 AM To: ***@***.***> Cc: Jiri ***@***.***>; Review ***@***.***> Subject: Re: [deislabs/akri] Autoupdate dependencies (#367) If none of our .toml files are updated by this run, is it safe to close out the PR? It seems that the next person who puts in changes would automatically cause these lock file changes anyways. @romoh<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fromoh&data=04%7C01%7CJiri.Appl%40microsoft.com%7Cc46435bee5bf45c5d98808d96d6eda1e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637661145147072295%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=IpGGW1io1AotdHa3F6jfMY7eb6sa5ppUyNzXUzz5nl8%3D&reserved=0> for thoughts? — You are receiving this because your review was requested. Reply to this email directly, view it on GitHub<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fdeislabs%2Fakri%2Fpull%2F367%23issuecomment-910503097&data=04%7C01%7CJiri.Appl%40microsoft.com%7Cc46435bee5bf45c5d98808d96d6eda1e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637661145147082293%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=NFq%2BkuVgdHidnKpESDrfn96naY%2B0OZN%2FJd2X3mAqgms%3D&reserved=0>, or unsubscribe<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAEPAV4F4K5K4V3OJG2GEU53T7ZP5BANCNFSM5DFH4EWQ&data=04%7C01%7CJiri.Appl%40microsoft.com%7Cc46435bee5bf45c5d98808d96d6eda1e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637661145147092290%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=4HVGr9upb7J15ikZFOaigykR8TS79FGso7BtZGX8xEE%3D&reserved=0>. Triage notifications on the go with GitHub Mobile for iOS<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapps.apple.com%2Fapp%2Fapple-store%2Fid1477376905%3Fct%3Dnotification-email%26mt%3D8%26pt%3D524675&data=04%7C01%7CJiri.Appl%40microsoft.com%7Cc46435bee5bf45c5d98808d96d6eda1e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637661145147092290%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=f3L1dljPxYbOIMfiPwEG%2BJ7vf%2FuXFByRHR3pLX38HvY%3D&reserved=0> or Android<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fplay.google.com%2Fstore%2Fapps%2Fdetails%3Fid%3Dcom.github.android%26referrer%3Dutm_campaign%253Dnotification-email%2526utm_medium%253Demail%2526utm_source%253Dgithub&data=04%7C01%7CJiri.Appl%40microsoft.com%7Cc46435bee5bf45c5d98808d96d6eda1e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637661145147102285%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=IoI1k8cqHazkAk0pZwFjofeORlV1jzZAuPK8ecZj834%3D&reserved=0>.

romoh · 2021-09-02T01:30:10Z

If some of these minor changes were CVE fixes, would we not good to get these updated so that our build uses the latest? Or are did the build already use the latest, just the lock file was not refreshed in the repo? Sent from Mailhttps://go.microsoft.com/fwlink/?LinkId=550986 for Windows From: Kate @.> Sent: Wednesday, September 1, 2021 10:35 AM To: @.> Cc: Jiri @.>; Review @.> Subject: Re: [deislabs/akri] Autoupdate dependencies (#367) If none of our .toml files are updated by this run, is it safe to close out the PR? It seems that the next person who puts in changes would automatically cause these lock file changes anyways.

If none of our .toml files are updated by this run, is it safe to close out the PR? It seems that the next person who puts in changes would automatically cause these lock file changes anyways. @romoh for thoughts?

cargo lock version changes don't happen automatically unless someone runs cargo update. @jiria is correct in terms of using the latest versions with bug fixes only when the cargo.lock is updated. cargo update follow semver so it would stay within constraints defined in the cargo.toml files.
If we want our cargo.toml to be also updated and be in sync with cargo.lock, I can update our update command to include toml file changes as well. Opened #369 to track this.

kate-goldenring · 2021-09-02T15:46:06Z

Should we close this in favor of #370?

romoh · 2021-09-02T15:47:10Z

Should we close this in favor of #370?

We can keep it and I can manually re-run the task after I check-in #370 to update the toml files too.

romoh · 2021-09-02T16:15:51Z

Should we close this in favor of #370?

We can keep it and I can manually re-run the task after I check-in #370 to update the toml files too.

@kate-goldenring Latest update has the toml files included now as well.

agent/Cargo.toml

Co-authored-by: romoh <noreply@github.com> Signed-off-by: vincepnguyen <70007233+vincepnguyen@users.noreply.github.com>

akri-bot requested review from bfjelds, Britel, jiria, kate-goldenring and romoh as code owners September 1, 2021 00:17

akri-bot force-pushed the automated-dependencies-update branch from e9941e4 to ffba061 Compare September 2, 2021 16:03

romoh approved these changes Sep 2, 2021

View reviewed changes

kate-goldenring reviewed Sep 2, 2021

View reviewed changes

agent/Cargo.toml Outdated Show resolved Hide resolved

akri-bot force-pushed the automated-dependencies-update branch from ffba061 to 04c6291 Compare October 1, 2021 00:18

romoh self-requested a review October 27, 2021 21:03

Auto-updated dependencies

b9f592e

akri-bot force-pushed the automated-dependencies-update branch from 04c6291 to b9f592e Compare October 27, 2021 21:09

romoh approved these changes Oct 27, 2021

View reviewed changes

kate-goldenring approved these changes Oct 27, 2021

View reviewed changes

kate-goldenring merged commit 8d74f80 into main Oct 27, 2021

kate-goldenring deleted the automated-dependencies-update branch October 27, 2021 21:47

vincepnguyen pushed a commit that referenced this pull request Nov 23, 2021

Auto-updated dependencies (#367)

6d187be

Co-authored-by: romoh <noreply@github.com> Signed-off-by: vincepnguyen <70007233+vincepnguyen@users.noreply.github.com>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Autoupdate dependencies #367

Autoupdate dependencies #367

akri-bot commented Sep 1, 2021

kate-goldenring commented Sep 1, 2021

jiria commented Sep 1, 2021 via email

romoh commented Sep 2, 2021

kate-goldenring commented Sep 2, 2021

romoh commented Sep 2, 2021

romoh commented Sep 2, 2021

Autoupdate dependencies #367

Autoupdate dependencies #367

Conversation

akri-bot commented Sep 1, 2021

kate-goldenring commented Sep 1, 2021

jiria commented Sep 1, 2021 via email

romoh commented Sep 2, 2021

kate-goldenring commented Sep 2, 2021

romoh commented Sep 2, 2021

romoh commented Sep 2, 2021