chore(deps): bump md-5 from 0.10.6 to 0.11.0#25303
Conversation
dependabot
Bot
added
domain: deps
dependabot
Bot
added
domain: deps
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: d71d1faaed
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| "lru", | ||
| "maxminddb", | ||
| "md-5", | ||
| "md-5 0.11.0", |
There was a problem hiding this comment.
Cargo.lock now pins Vector’s direct dependency to md-5 0.11.0, but Cargo.toml still constrains that dependency to version = "0.10" (Cargo.toml:408). This makes the lockfile inconsistent with the manifest, so workflows that use --locked (or any lockfile consistency check) will fail until the lock is regenerated or the manifest constraint is updated to match.
Useful? React with 👍 / 👎.
dependabot
Bot
force-pushed
the
dependabot/cargo/md-5-0.11.0
branch
5 times, most recently
from
13dda2d to
5cd8254
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 5cd825452f
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| "lru", | ||
| "maxminddb", | ||
| "md-5", | ||
| "md-5 0.11.0", |
There was a problem hiding this comment.
The workspace lockfile now selects md-5 0.11.0 for vector, but the manifest still constrains that direct dependency to version = "0.10" (Cargo.toml:409). This makes Cargo.lock inconsistent with Cargo.toml, so any cargo invocation using --locked (common in CI/release workflows) will fail because dependency resolution would require rewriting the lockfile.
Useful? React with 👍 / 👎.
dependabot
Bot
force-pushed
the
dependabot/cargo/md-5-0.11.0
branch
4 times, most recently
from
2924a6a to
f71d0e0
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: f71d0e09ee
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| name = "hybrid-array" | ||
| version = "0.4.11" | ||
| source = "registry+https://github.com/rust-lang/crates.io-index" | ||
| checksum = "08d46837a0ed51fe95bd3b05de33cd64a1ee88fc797477ca48446872504507c5" |
There was a problem hiding this comment.
This lockfile update introduces the new transitive crate hybrid-array, but LICENSE-3rdparty.csv still has no hybrid-array entry (rg '^hybrid-array,' LICENSE-3rdparty.csv returns none). The repo's PR template requires running make build-licenses for Cargo.lock changes, and cargo vdev check licenses/dd-rust-license-tool check compares the lockfile against that inventory, so the license check will fail and packaged license data will be incomplete until the generated license file is committed.
Useful? React with 👍 / 👎.
dependabot
Bot
force-pushed
the
dependabot/cargo/md-5-0.11.0
branch
6 times, most recently
from
6c3ef19 to
642adf3
Compare
dependabot
Bot
force-pushed
the
dependabot/cargo/md-5-0.11.0
branch
5 times, most recently
from
8419d7e to
9b4a57f
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 9b4a57f7ec
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| "lru", | ||
| "maxminddb", | ||
| "md-5", | ||
| "md-5 0.11.0", |
There was a problem hiding this comment.
The lockfile now resolves vector to md-5 0.11.0, but Cargo.toml still constrains md-5 to version = "0.10" (line 415 in this commit). Because 0.11.0 is outside that range, Cargo will need to rewrite the lockfile (or fail under --locked) on reproducible/CI builds, so this dependency bump is internally inconsistent as committed.
Useful? React with 👍 / 👎.
| checksum = "135b12329e5e3ce057a9f972339ea52bc954fe1e9358ef27f95e89716fbc5424" | ||
|
|
||
| [[package]] | ||
| name = "hybrid-array" |
There was a problem hiding this comment.
This lockfile change introduces hybrid-array, but the committed license inventory is not updated to include it (LICENSE-3rdparty.csv has no hybrid-array row). In this repo, make check-licenses runs dd-rust-license-tool check (vdev/src/commands/check/licenses.rs:12), and the PR template explicitly requires regenerating licenses after Cargo.lock changes (.github/PULL_REQUEST_TEMPLATE.md:53-54), so CI/license validation can fail until the inventory is regenerated and committed.
Useful? React with 👍 / 👎.
dependabot
Bot
force-pushed
the
dependabot/cargo/md-5-0.11.0
branch
from
9b4a57f to
75aad82
Compare
dependabot
Bot
force-pushed
the
dependabot/cargo/md-5-0.11.0
branch
from
75aad82 to
0b7776c
Compare
Bumps [md-5](https://github.com/RustCrypto/hashes) from 0.10.6 to 0.11.0. - [Commits](RustCrypto/hashes@md-5-v0.10.6...md2-v0.11.0) --- updated-dependencies: - dependency-name: md-5 dependency-version: 0.11.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
force-pushed
the
dependabot/cargo/md-5-0.11.0
branch
from
0b7776c to
9552166
Compare
Bumps md-5 from 0.10.6 to 0.11.0.
Commits
b5051e5Cut new releases (#812)451c446md5: replaceforce-softcrate feature withmd5_backendconfiguration flag...2f00175Release sha1 v0.11.0 (#810)07d370csha1: refactor backends selection (#808)7c7cb76Fix md5 project link in README (#809)ffe0939Release sha2 0.11.0 (#806)8991b65Use the standard order of the[package]section fields (#807)3d2bc57sha2: refactor backends (#802)faa55fbsha3: bumpkeccakto v0.2 (#803)d3e6489sha3 v0.11.0-rc.9 (#801)