From bd9ff23e80625cc7dd680f6e339db9ffebac571e Mon Sep 17 00:00:00 2001 From: Jake Selig Date: Fri, 7 Mar 2025 12:06:38 -0700 Subject: [PATCH 1/2] fix: update and sync maturin versions between build and upload --- .github/workflows/release-python.yml | 1 + crates/python/pyproject.toml | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release-python.yml b/.github/workflows/release-python.yml index ad3c2431..47d42f28 100644 --- a/.github/workflows/release-python.yml +++ b/.github/workflows/release-python.yml @@ -213,3 +213,4 @@ jobs: with: command: upload args: --skip-existing wheels/* + maturin-version: v1.8.2 # coordinate this with crates/python/pyproject.toml diff --git a/crates/python/pyproject.toml b/crates/python/pyproject.toml index 0440a791..ed071acf 100644 --- a/crates/python/pyproject.toml +++ b/crates/python/pyproject.toml @@ -43,7 +43,7 @@ dev = [ "pytest-sugar >= 1.0.0", "pytest-clarity >= 1.0.1", "syrupy >= 4.0.0", - "maturin == 1.7.0", + "maturin == 1.8.2", # coordinate this with .github/workflows/release-python.yml "numpy >= 1.24.1", "pdoc >= 14.6.1", "ruff >= 0.3.5", @@ -51,7 +51,7 @@ dev = [ ] [build-system] -requires = ["maturin>=1.7.0,<1.8.0"] +requires = ["maturin==1.8.2"] # coordinate this with .github/workflows/release-python.yml build-backend = "maturin" [tool.black] From c8ee0c0427caea28187719f5735582be1c6086a6 Mon Sep 17 00:00:00 2001 From: Jake Selig Date: Fri, 7 Mar 2025 12:15:00 -0700 Subject: [PATCH 2/2] chore: update ring and ignore paste+backoff being unmaintained --- Cargo.lock | 27 +++++++++++++-------------- deny.toml | 4 +++- 2 files changed, 16 insertions(+), 15 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index d39391f5..aa63b5ed 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -274,7 +274,7 @@ dependencies = [ "quote", "regex", "rustc-hash 1.1.0", - "shlex", + "shlex 0.1.1", "which", ] @@ -388,13 +388,13 @@ dependencies = [ [[package]] name = "cc" -version = "1.0.99" +version = "1.2.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "96c51067fd44124faa7f870b4b1c969379ad32b2ba805aa959430ceaa384f695" +checksum = "be714c154be609ec7f5dad223a33bf1482fff90472de28f7362806e6d4832b8c" dependencies = [ "jobserver", "libc", - "once_cell", + "shlex 1.3.0", ] [[package]] @@ -1811,7 +1811,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4979f22fdb869068da03c9f7528f8297c6fd2606bc3a4affe42e6a823fdb8da4" dependencies = [ "cfg-if 1.0.0", - "windows-targets 0.52.6", + "windows-targets 0.48.5", ] [[package]] @@ -3301,15 +3301,14 @@ dependencies = [ [[package]] name = "ring" -version = "0.17.8" +version = "0.17.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c17fa4cb658e3583423e915b9f3acc01cceaee1860e33d59ebae66adc3a2dc0d" +checksum = "70ac5d832aa16abd7d1def883a8545280c20a60f523a370aa3a9617c2b8550ee" dependencies = [ "cc", "cfg-if 1.0.0", "getrandom", "libc", - "spin", "untrusted", "windows-sys 0.52.0", ] @@ -3666,6 +3665,12 @@ version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7fdf1b9db47230893d76faad238fd6097fd6d6a9245cd7a4d90dbd639536bbd2" +[[package]] +name = "shlex" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" + [[package]] name = "simba" version = "0.6.0" @@ -3732,12 +3737,6 @@ dependencies = [ "windows-sys 0.52.0", ] -[[package]] -name = "spin" -version = "0.9.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67" - [[package]] name = "stable_deref_trait" version = "1.2.0" diff --git a/deny.toml b/deny.toml index d9207914..3d781ca4 100644 --- a/deny.toml +++ b/deny.toml @@ -68,7 +68,9 @@ ignore = [ { id = "RUSTSEC-2024-0375", reason = "introduced by atty, a transitive dependency of multiple dependencies, with no upgrade path" }, { id = "RUSTSEC-2024-0006", reason = "introduced by shlex, a transitive dependency of bindgen with no upgrade path" }, { id = "RUSTSEC-2021-0139", reason = "ansi_term is unmaintained, but used by clap" }, - { id = "RUSTSEC-2024-0384", reason = "instant is unmaintained, dependency of \"backoff\", which also appears to be unmaintained" } + { id = "RUSTSEC-2024-0384", reason = "instant is unmaintained, dependency of \"backoff\", which also appears to be unmaintained" }, + { id = "RUSTSEC-2024-0436", reason = "paste is unmaintained" }, + { id = "RUSTSEC-2025-0012", reason = "backoff is unmaintained" } ] yanked = "deny" # If this is true, then cargo deny will use the git executable to fetch advisory database.