Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: downgrade to openssl v1.1.1 (again) #13731

Merged
merged 3 commits into from
Apr 10, 2024
Merged

chore: downgrade to openssl v1.1.1 (again) #13731

merged 3 commits into from
Apr 10, 2024

Conversation

weihanglo
Copy link
Member

Accidentally updated by #13674

See #13546 (comment)

I am not sure if we should pin this. Somebody might want to build Cargo with openssl v3.

@rustbot
Copy link
Collaborator

rustbot commented Apr 10, 2024

r? @ehuss

rustbot has assigned @ehuss.
They will have a look at your PR within the next two weeks and either review your PR or reassign to another reviewer.

Use r? to explicitly pick a reviewer

@rustbot rustbot added the S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. label Apr 10, 2024
@ehuss
Copy link
Contributor

ehuss commented Apr 10, 2024

Why did #13674 update it if it wasn't listed as updated in the description?

I would lean towards pinning it, since it has been an issue for a while. If some distro wants to use a newer version, they can patch Cargo.toml to remove the pin. Just make sure there is a comment explaining why it is pinned. Or if there is some other way to force dependabot to not touch it.

@rustbot rustbot added the A-infrastructure Area: infrastructure around the cargo repo, ci, releases, etc. label Apr 10, 2024
weihanglo
weihanglo commented Apr 10, 2024
View reviewed changes
.github/renovate.json5
@@ -78,6 +78,8 @@
matchUpdateTypes: [
'patch',
],
// See rust-lang/cargo#13546 and openssl/openssl#23376 for the exclusion
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

End up using excludePackageNames, though I completely don't know if it can detect lockfile-only updates.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@epage any chance you know this is gonna work?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

RenovateBot will no try to upgrade us but if something else causes an upgrade, then it will still happen.

Granted, if they are running cargo update <dep> then nothing should update it.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't know why they got upgraded by renovatebot. There was nothing preventing me from cargo update openssl --precise <oldversion>. Weird.

@weihanglo
Copy link
Member Author

weihanglo commented Apr 10, 2024
edited
Loading

I'd like to avoid pinning. Tools depending on cargo won't like pinned dependencies. If this #13731 (comment) turns out not working we can go back and pin them.

@epage
Copy link
Contributor

epage commented Apr 10, 2024

@bors r+

@bors
Copy link
Contributor

bors commented Apr 10, 2024

📌 Commit 686057b has been approved by epage

It is now in the queue for this repository.

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Apr 10, 2024
@bors
Copy link
Contributor

bors commented Apr 10, 2024

⌛ Testing commit 686057b with merge 74fd5bc...

@bors
Copy link
Contributor

bors commented Apr 10, 2024

☀️ Test successful - checks-actions
Approved by: epage
Pushing 74fd5bc to master...

1 similar comment
@bors
Copy link
Contributor

bors commented Apr 10, 2024

☀️ Test successful - checks-actions
Approved by: epage
Pushing 74fd5bc to master...

@bors bors merged commit 74fd5bc into rust-lang:master Apr 10, 2024
23 checks passed
@bors
Copy link
Contributor

bors commented Apr 10, 2024

👀 Test was successful, but fast-forwarding failed: 422 Changes must be made through a pull request.

@weihanglo weihanglo deleted the openssl branch April 10, 2024 19:35
@weihanglo weihanglo mentioned this pull request Apr 10, 2024
Merged
bors added a commit to rust-lang-ci/rust that referenced this pull request Apr 10, 2024
@bors
Auto merge of rust-lang#123745 - weihanglo:update-cargo, r=weihanglo
aa067fb 
Update cargo

11 commits in 28e7b2bc0a812f90126be30f48a00a4ada990eaa..74fd5bc730b828dbc956335b229ac34ba47f7ef7
2024-04-05 19:31:01 +0000 to 2024-04-10 18:40:49 +0000
- chore: downgrade to openssl v1.1.1 (again) (rust-lang/cargo#13731)
- fix(cargo-fix): dont apply same suggestion twice (rust-lang/cargo#13728)
- refactor: make `resolve_with_previous` clearer (rust-lang/cargo#13727)
- fix(package): Normalize paths in `Cargo.toml` (rust-lang/cargo#13729)
- refactor: Track when MSRV is explicitly set, either way (rust-lang/cargo#13732)
- [fix]:Build script not rerun when target rustflags change (rust-lang/cargo#13560)
- feat(add): Stabilize MSRV-aware version req selection (rust-lang/cargo#13608)
- Fix github fast path redirect. (rust-lang/cargo#13718)
- Add release notes for 1.77.1 (rust-lang/cargo#13717)
- doc(semver): remove mention of deprecated tool rust-semverver (rust-lang/cargo#13715)
- chore: fix some typos (rust-lang/cargo#13714)

r? ghost
@rustbot rustbot added this to the 1.79.0 milestone Apr 10, 2024
epage added a commit to epage/cargo that referenced this pull request May 1, 2024
@epage
chore(ci): Ignore openssl deps
67d6968 
We excluded the packages in rust-lang#13731 but that just means they fell into
the default logic, rather than bein ignored.  This at least made it
easier to reject the change.

This shouldp revent the PR from being created.
epage added a commit to epage/cargo that referenced this pull request May 1, 2024
@epage
chore(ci): Ignore openssl deps
89810b9 
We excluded the packages in rust-lang#13731 but that just means they fell into
the default logic, rather than being ignored (see rust-lang#13835).  This at
least made it easier to reject the change.

This should prevent the PR from being created.
@epage epage mentioned this pull request May 1, 2024
Merged
bors added a commit that referenced this pull request May 1, 2024
@bors
Auto merge of #13840 - epage:openssl, r=weihanglo
57d3248 
chore(ci): Ignore openssl deps

We excluded the packages in #13731 but that just means they fell into the default logic, rather than being ignored (see #13835).  This at least made it easier to reject the change.

This should prevent the PR from being created.
@weihanglo weihanglo mentioned this pull request Aug 13, 2024
Merged
bors added a commit that referenced this pull request Aug 13, 2024
@bors
Auto merge of #14391 - weihanglo:downgrade-openssl, r=epage
2f738d6 
chore: downgrade to openssl v1.1.1 (again)

It happened again in <#14299>.
See <#13546 (comment)> and <#13731>.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@epage epage epage left review comments

Assignees

@ehuss ehuss

Labels
A-infrastructure Area: infrastructure around the cargo repo, ci, releases, etc. S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion.
Projects
None yet
Milestone
1.79.0
Development

Successfully merging this pull request may close these issues.
5 participants
@weihanglo @rustbot @ehuss @epage @bors