Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(rust): Update ic-cdk to a non-yanked version #53

Merged
merged 2 commits into from
Sep 3, 2024
Merged

Conversation

bitdivine
Copy link
Member

@bitdivine bitdivine commented Sep 2, 2024

Motivation

ic-cdk version 0.13 has been yanked. This causes problems for users of verifiable-credentials trying to pass a security audit.

Changes

  • Update the version of ic-cdk to 0.15.

Tests

See CI

Todos

  • Add entry to changelog (if necessary).
    Needed?

@bitdivine bitdivine requested a review from a team as a code owner September 2, 2024 23:37
@bitdivine bitdivine requested a review from lmuntaner September 2, 2024 23:38
@bitdivine bitdivine enabled auto-merge (squash) September 2, 2024 23:58
@bitdivine bitdivine changed the title chore(rust): Update ic-cdk to anon-yanked version chore(rust): Update ic-cdk to a non-yanked version Sep 3, 2024
Copy link
Collaborator

@lmuntaner lmuntaner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@bitdivine bitdivine merged commit 2bc90b2 into main Sep 3, 2024
8 checks passed
@bitdivine bitdivine deleted the update-ic-cdk branch September 3, 2024 06:39
@bitdivine
Copy link
Member Author

The Cargo.lock isn't updated because it is not committed.

The recommendation used to be: Commit the Cargo.lock for binaries, not for libraries.

As of 2023 the picture is more nuanced, as it can sometimes make sense to commit the Cargo.lock for libraries. See: https://blog.rust-lang.org/2023/08/29/committing-lockfiles.html

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants