Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump deno version #1276

Merged
merged 4 commits into from
Nov 30, 2023
Merged

Bump deno version #1276

merged 4 commits into from
Nov 30, 2023

Conversation

kylewillmon
Copy link
Contributor

This includes migration to the new op2 macro because op is now deprecated (See denoland/deno_core#279). The new macro requires explicit annotation for string and serde parameters and return values because of the performance hit. We use these heavily (and don't care about the performance).

@kylewillmon kylewillmon requested a review from a team as a code owner November 6, 2023 16:03
@kylewillmon kylewillmon requested a review from cd-work November 6, 2023 16:03
@phylum-io Phylum.io
Copy link

phylum-io bot commented Nov 6, 2023

Phylum OSS Supply Chain Risk Analysis - INCOMPLETE

The analysis contains 2 package(s) Phylum has not yet processed,
preventing a complete risk analysis. Phylum is processing these
packages currently and should complete soon.
Please wait for up to 30 minutes, then re-run the analysis.

View this project in the Phylum UI

@phylum-dev phylum-dev deleted a comment from phylum-staging-github bot Nov 6, 2023
@phylum-dev phylum-dev deleted a comment from phylum-io bot Nov 6, 2023
@kylewillmon
Copy link
Contributor Author

Looks like the build requires protoc now, which is causing CI to fail....

I'll investigate later today to see if I can avoid the dependency

@kylewillmon
Copy link
Contributor Author

It looks like there is no opt out. protoc has been required to build deno since denoland/deno@2d9298f

I'll update the workflows to restore CI.

cd-work
cd-work previously approved these changes Nov 6, 2023
View reviewed changes
@phylum-io Phylum.io
Copy link

phylum-io bot commented Nov 9, 2023

Phylum OSS Supply Chain Risk Analysis - SUCCESS

The Phylum risk analysis is complete and has passed the active policy.

View this project in the Phylum UI

@phylum-dev phylum-dev deleted a comment from phylum-staging-github bot Nov 9, 2023
@kylewillmon kylewillmon requested a review from cd-work November 9, 2023 22:59
@phylum-io Phylum.io
Copy link

phylum-io bot commented Nov 13, 2023

Phylum OSS Supply Chain Risk Analysis - INCOMPLETE

The analysis contains 1 package(s) Phylum has not yet processed,
preventing a complete risk analysis. Phylum is processing these
packages currently and should complete soon.
Please wait for up to 30 minutes, then re-run the analysis.

View this project in the Phylum UI

cd-work
cd-work previously approved these changes Nov 13, 2023
View reviewed changes
kylewillmon
kylewillmon commented Nov 13, 2023
View reviewed changes
Cargo.lock Show resolved Hide resolved
@kylewillmon
Copy link
Contributor Author

I've opened littledivy/aead-gcm-stream#2 to fix the build error on Rust 1.71.0

Hoping to get a quick response there. I'd rather not bump MSRV beyond the latest 3 minor releases.

@phylum-io Phylum.io
Copy link

phylum-io bot commented Nov 30, 2023

Phylum OSS Supply Chain Risk Analysis - FAILED

This repository analyzes the risk of new dependencies. An
administrator of this repository has set requirements via Phylum policy.

If you see this comment, one or more dependencies have failed Phylum's risk analysis.

Package: [email protected] failed.

[email protected] is vulnerable to Marvin Attack: potential key recovery through timing sidechannels

Risk Domain: Software Vulnerability
Risk Level: high

Reason: risk level cannot exceed medium

[email protected] is vulnerable to Marvin Attack: potential key recovery through timing sidechannels

Risk Domain: Software Vulnerability
Risk Level: high

Reason: risk level cannot exceed medium

View this project in the Phylum UI

@phylum-io Phylum.io
Copy link

phylum-io bot commented Nov 30, 2023

Phylum OSS Supply Chain Risk Analysis - FAILED

This repository analyzes the risk of new dependencies. An
administrator of this repository has set requirements via Phylum policy.

If you see this comment, one or more dependencies have failed Phylum's risk analysis.

Package: [email protected] failed.

[email protected] is vulnerable to Marvin Attack: potential key recovery through timing sidechannels

Risk Domain: Software Vulnerability
Risk Level: high

Reason: risk level cannot exceed medium

[email protected] is vulnerable to Marvin Attack: potential key recovery through timing sidechannels

Risk Domain: Software Vulnerability
Risk Level: high

Reason: risk level cannot exceed medium

View this project in the Phylum UI

@kylewillmon kylewillmon force-pushed the deno-bump branch 2 times, most recently from 3f1dada to c47dc68 Compare November 30, 2023 20:58
@kylewillmon
Bump deno version
6fd3a8f 
This includes migration to the new `op2` macro because `op` is now
deprecated (See denoland/deno_core#279). The new macro requires explicit
annotation for string and serde parameters and return values because of
the performance hit. We use these heavily (and don't care about the
performance).

The deno runtime version now comes directly from the deno snapshot. For
our usage, that means that the `Deno.version.deno` and `Deno.version.v8`
values are now empty strings where they were previously the Phylum
version and v8 version respectively.
@kylewillmon
Install protoc for CI
deefb5f
@kylewillmon
Bump MSRV due to v8
e1b0a55
@phylum-io Phylum.io
Copy link

phylum-io bot commented Nov 30, 2023

Phylum OSS Supply Chain Risk Analysis - SUCCESS

The Phylum risk analysis is complete and has passed the active policy.

View this project in the Phylum UI

@kylewillmon kylewillmon requested a review from cd-work November 30, 2023 22:23
@kylewillmon kylewillmon merged commit ae113fa into main Nov 30, 2023
13 checks passed
@kylewillmon kylewillmon deleted the deno-bump branch November 30, 2023 22:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@furi0us333 furi0us333 furi0us333 left review comments

@cd-work cd-work cd-work approved these changes

Assignees

@kylewillmon kylewillmon

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kylewillmon @furi0us333 @cd-work