Conversation
dependabot
bot
added
Changed
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
Pull Request Test Coverage Report for Build 23258726696Details
💛 - Coveralls |
dependabot
bot
force-pushed
the
dependabot/cargo/chia-sha2-0.38.1
branch
3 times, most recently
from
e4a6518 to
7a7a1b7
Compare
Bumps [chia-sha2](https://github.com/Chia-Network/chia_rs) from 0.34.0 to 0.38.1. - [Release notes](https://github.com/Chia-Network/chia_rs/releases) - [Commits](Chia-Network/chia_rs@0.34.0...0.38.1) --- updated-dependencies: - dependency-name: chia-sha2 dependency-version: 0.38.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
force-pushed
the
dependabot/cargo/chia-sha2-0.38.1
branch
from
7a7a1b7 to
f32fd37
Compare
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
| num-integer = "0.1.46" | ||
| chia-bls = "0.28.1" | ||
| chia-sha2 = "0.34.0" | ||
| chia-sha2 = "0.38.2" |
There was a problem hiding this comment.
Version bumped to 0.38.2 instead of intended 0.38.1
Medium Severity
The PR title says "Bump chia-sha2 from 0.34.0 to 0.38.1" but Cargo.toml and Cargo.lock both specify version 0.38.2. The release notes in the PR description only document versions up to 0.38.1, and web searches for chia-sha2 on crates.io do not show 0.38.2 as an available version. This mismatch could cause build failures if 0.38.2 doesn't exist, or pull in unreviewed changes if it does.
Additional Locations (1)
Bumps chia-sha2 from 0.34.0 to 0.38.1.
Release notes
Sourced from chia-sha2's releases.
... (truncated)
Commits
b3a1d99Merge pull request #1369 from Chia-Network/bump-0.18.17f8af5aMerge pull request #1368 from Chia-Network/coveralls8361589Set fail-on-error to false in workflows5fba2d1bump version to circumvent coveralls outage05cd371a coveralls service outage should not hold up a releaseccc3c76Merge pull request #1366 from Chia-Network/bump-0.38.06c79440bump version to 0.38.08068425Merge pull request #1365 from Chia-Network/fc.improve_dfsc0b5082Add exception manually.912d08bClippy.Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)Note
Low Risk
Low risk dependency bump only; behavior changes are limited to the
chia-sha2crate and could affect hashing/OpenSSL integration indirectly.Overview
Updates the workspace
chia-sha2dependency from0.34.0to0.38.2, and refreshesCargo.lockto use the new version inclvmrandclvm-fuzzing.Written by Cursor Bugbot for commit f32fd37. This will update automatically on new commits. Configure here.