Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update deps for v2.4.0 release #4151

Merged
merged 7 commits into from
Aug 14, 2023
Merged

Update deps for v2.4.0 release #4151

merged 7 commits into from
Aug 14, 2023

Conversation

Jacalz
Copy link
Member

@Jacalz Jacalz commented Aug 10, 2023
edited
Loading

Description:

We have gotten a lot of PRs from Chinese security researchers trying to update packages for security issues that do not affect us and we have in general been behind on versions due to previously having Go 1.14 as minimum version. Update dependencies to be on top of it before releasing v2.4.0.

I have not updated typesetting, packages related to wasm support or urfave/cli (uses generics and Go 1.18). For the first two, there are probably I don't have enough knowledge to know if everything is ready to be updated.

Checklist:

  • Tests included.
  • Lint and formatter run with no errors.
  • Tests all pass.

Where applicable:

  • Check for binary size increases when importing new modules.

@Jacalz Jacalz marked this pull request as draft August 10, 2023 11:10
@coveralls
Copy link

coveralls commented Aug 10, 2023
edited
Loading

Coverage Status

coverage: 65.171%. remained the same when pulling d982176 on Jacalz:update-deps-v2.4.0 into f8d94be on fyne-io:develop.

@Jacalz Jacalz force-pushed the update-deps-v2.4.0 branch 2 times, most recently from cfe00ab to d982176 Compare August 11, 2023 10:52
@Jacalz
Copy link
Member Author

Jacalz commented Aug 11, 2023

Had to revert the change to the new fyne-io/image package. The license check is still complaining. I am honestly considering just moving gobmp into the fyne-io/image project as the upstream developer was a pain working with and had no interest in merging my PR. He commited is own solution without even trying to say what was wrong with my PR like it was some kind of issue and not a PR I had opened.

@Jacalz Jacalz marked this pull request as ready for review August 11, 2023 10:54
@Jacalz Jacalz requested a review from andydotxyz August 13, 2023 08:59
andydotxyz
andydotxyz approved these changes Aug 14, 2023
View reviewed changes
Copy link
Member

@andydotxyz andydotxyz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good idea

@dweymouth
Copy link
Contributor

Do you need to go mod vendor in this PR or do we do that as a follow-up?

@Jacalz
Copy link
Member Author

Jacalz commented Aug 14, 2023

Do you need to go mod vendor in this PR or do we do that as a follow-up?

Nope. The vendor folder has been removed on develop. GitHub takes PR templates from master, that's why it is still mentioned there.

@Jacalz Jacalz merged commit 2194a0f into fyne-io:develop Aug 14, 2023
22 checks passed
@Jacalz Jacalz deleted the update-deps-v2.4.0 branch August 14, 2023 21:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andydotxyz andydotxyz andydotxyz approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@Jacalz @coveralls @dweymouth @andydotxyz