Update dependencies#5513
Conversation
|
Thanks for the PR! One thing to note is that we try to be careful about dependencies in Wasmtime, notably we're auditing new dependencies being added. As you've seen this means that dependency updates need to be audited. Additionally we're avoiding adding new exemptions to the audit list, so all updates need to be audited. While it's ok to update everything here all-at-once, there's a fair amount to audit, so if you'd prefer to split things up into separate PRs I think that would work well too. |
Subscribe to Label Actioncc @kubkon DetailsThis issue or pull request has been labeled: "cranelift", "wasi"Thus the following users have been cc'd because of the following labels:
To subscribe or unsubscribe from this label, edit the |
|
Is it ok for you if |
alexcrichton
left a comment
There was a problem hiding this comment.
I left some comments below, and thanks again for your help with this!
I'm curious what others think about blanket auditing the usage of crates that are also depended on by libstd. I don't see any particular reason not to per se, but wanted to make sure that didn't raise the eyebrows of others.
|
Thanks for working on this. |
This adds vet entries for the updates being performed in bytecodealliance#5513
|
I apologize for a bit of a runaround on what to do about the We independently talked a bit ago about what to do about dependencies transitively used by the standard library and we decided that we would consider updating exemptions based on that but didn't want to record a full audit purely based on the usage in the standard library as well. (mostly just as a heads up, doesn't affect this PR too much with #5778 having all the necessary vet entries) |
This adds vet entries for the updates being performed in #5513
This update dependencies of the project to keep up with the ecosystem