diff options
author | Neal H. Walfield <neal@pep.foundation> | 2023-05-03 09:54:29 +0200 |
---|---|---|
committer | Neal H. Walfield <neal@pep.foundation> | 2023-05-03 12:37:24 +0200 |
commit | 5ae4a1427e82f80e41b2332eeebf81a85fe538d5 (patch) | |
tree | f2a11f9e952363dd7da1bc4a63776b531bdec672 | |
parent | 4ec75df65e1e8646ede928dd8475ed0b681cfdae (diff) |
Tighten dependencies
- Fix the memsec and lalrpop dependencies. When allowing multiple,
incompatible versions of a package using `">x.y"` always specify a
upper bound to prevent a dependee that runs `cargo update` from
using a yet-to-be-released incompatible version in the future.
- Fix the openssl dependencies. When specifying a micro version, we
don't need to use ">" to get new semver-compatible versions. That
is, the default strategy is not "=", but "^".
https://doc.rust-lang.org/cargo/reference/specifying-dependencies.html
-rw-r--r-- | ipc/Cargo.toml | 4 | ||||
-rw-r--r-- | openpgp/Cargo.toml | 10 |
2 files changed, 7 insertions, 7 deletions
diff --git a/ipc/Cargo.toml b/ipc/Cargo.toml index 2fcdec1d..e8e997eb 100644 --- a/ipc/Cargo.toml +++ b/ipc/Cargo.toml @@ -29,7 +29,7 @@ capnp-rpc = "0.14" crossbeam-utils = "0.8" fs2 = "0.4.2" futures = "0.3.5" -lalrpop-util = ">=0.17" +lalrpop-util = ">=0.17, <0.20" lazy_static = "1.4.0" libc = "0.2.66" memsec = { version = ">=0.5", default-features = false } @@ -46,7 +46,7 @@ winapi = { version = "0.3.8", default-features = false, features = ["winsock2"] ctor = "0.1" [build-dependencies] -lalrpop = { version = ">=0.17", default-features = false } +lalrpop = { version = ">=0.17, <0.20", default-features = false } [dev-dependencies] clap = "3" diff --git a/openpgp/Cargo.toml b/openpgp/Cargo.toml index 634f3131..b091cb89 100644 --- a/openpgp/Cargo.toml +++ b/openpgp/Cargo.toml @@ -34,10 +34,10 @@ bzip2 = { version = "0.4", optional = true } dyn-clone = "1" flate2 = { version = "1.0.1", optional = true } idna = ">=0.2, <0.4" -lalrpop-util = ">=0.17" +lalrpop-util = ">=0.17, <0.20" lazy_static = "1.4.0" libc = "0.2.66" -memsec = { version = ">=0.5", default-features = false } +memsec = { version = ">=0.5, <0.7", default-features = false } nettle = { version = "7.2.2", optional = true } once_cell = "1" regex = "1" @@ -47,11 +47,11 @@ thiserror = "1.0.2" xxhash-rust = { version = "0.8", features = ["xxh3"] } # At least 0.10.46 is needed due `no-cast` check: # https://github.com/sfackler/rust-openssl/blob/master/openssl/CHANGELOG.md -openssl = { version = ">= 0.10.47", optional = true } +openssl = { version = "0.10.47", optional = true } # We need to directly depend on the sys crate so that the metadata produced # in its build script is passed to sequoia-openpgp's build script # see: https://doc.rust-lang.org/cargo/reference/build-scripts.html#the-links-manifest-key -openssl-sys = { version = ">= 0.9.82", optional = true } +openssl-sys = { version = "0.9.82", optional = true } foreign-types-shared = { version = "0.1.1", optional = true } # Botan. @@ -111,7 +111,7 @@ getrandom = { version = "0.2", features = ["js"] } rand07 = { package = "rand", version = "0.7", features = ["wasm-bindgen"] } [build-dependencies] -lalrpop = { version = ">=0.17", default-features = false } +lalrpop = { version = ">=0.17, <0.20", default-features = false } [dev-dependencies] quickcheck = { version = "1", default-features = false } |