Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump dependencies #1297

Merged
merged 2 commits into from
Nov 20, 2023
Merged

Bump dependencies #1297

merged 2 commits into from
Nov 20, 2023

Conversation

phylum-bot
Copy link
Contributor

Bump dependencies for all SemVer-compatible updates.

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
@phylum-bot phylum-bot requested a review from a team as a code owner November 20, 2023 05:30
@cd-work
Copy link
Contributor

cd-work commented Nov 20, 2023

Holding out for a potential quick fix from UUID: uuid-rs/uuid#720 (comment)

Verified

This commit was signed with the committer’s verified signature. The key has expired.
cd-work Christian Duerr
Copy link

phylum-io bot commented Nov 20, 2023

Phylum OSS Supply Chain Risk Analysis - INCOMPLETE

The analysis contains 1 package(s) Phylum has not yet processed,
preventing a complete risk analysis. Phylum is processing these
packages currently and should complete soon.
Please wait for up to 30 minutes, then re-run the analysis.

View this project in the Phylum UI

@kylewillmon
Copy link
Contributor

Interesting that the Phylum check is still considered a pass even though the new uuid package hasn't been analyzed yet...

@cd-work cd-work merged commit f8bbb98 into main Nov 20, 2023
@cd-work cd-work deleted the auto-cargo-update branch November 20, 2023 14:12
@maxrake
Copy link
Contributor

maxrake commented Nov 20, 2023

Interesting that the Phylum check is still considered a pass even though the new uuid package hasn't been analyzed yet...

This is the documented behavior:

A comment will be written to the PR if an issue is identified that fails the defined policy. There will be no comment if no dependencies were added or modified for a given PR. If one or more dependencies are still processing (no results available), then the comment will make that clear and the CI job will only fail if dependencies that have completed analysis results do not meet the active policy.

The Phylum GitHub Action works the same way. That behavior was part of the design and intended to keep from blocking CI due to Phylum processing delays. The tradeoff is that users of Phylum in CI/PRs need to maintain some level of discipline in all but the most urgent cases to wait on merging until the analysis results are available.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

4 participants