Skip to content

chore(deps): Bump zeroize from 1.8.2 to 1.9.0#2691

Merged
blackmwk merged 1 commit into
mainfrom
dependabot/cargo/zeroize-1.9.0
Jul 1, 2026
Merged

chore(deps): Bump zeroize from 1.8.2 to 1.9.0#2691
blackmwk merged 1 commit into
mainfrom
dependabot/cargo/zeroize-1.9.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 21, 2026

Copy link
Copy Markdown
Contributor

Bumps zeroize from 1.8.2 to 1.9.0.

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update Rust code labels Jun 21, 2026
@CTTY

CTTY commented Jun 23, 2026

Copy link
Copy Markdown
Collaborator

I'm beginning to think that forcing contributors to check dep list is not necessary, it blocks the dependabot from generating mergeable PRs

cc @dannycjones @blackmwk @kevinjqliu @Xuanwo

@kevinjqliu

Copy link
Copy Markdown
Contributor

yea i thought it DEPENDENCIES.rust.tsv was updated right before a release

@dannycjones

dannycjones commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

I'm beginning to think that forcing contributors to check dep list is not necessary, it blocks the dependabot from generating mergeable PRs

cc @dannycjones @blackmwk @kevinjqliu @Xuanwo

I think we can move that back to release manager responsibility, the risk was that we make contributions harder (and we do seem to be making automated ones harder). I've opened a PR: #2706

Two other notes:

  • We could automate running the script after dependabot, but I think this is unnecessary complexity.
  • I question why these files are needed. I understand the content is useful, but is having the script available to run and generate the output enough? This might be one to take to the mailing list.

blackmwk pushed a commit that referenced this pull request Jun 29, 2026
…2706)

## Which issue does this PR close?

- Closes #2737.

## What changes are included in this PR?

Reverts #2675. Reworks the guide a bit to make the steps clearer.

## Are these changes tested?

We found that moving the dependency list generation was not a good idea
on balance with #2691.

I've checked that the dependency checks pass locally.

cc @CTTY
@blackmwk

blackmwk commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

@dependabot rebase

@dependabot @github

dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

@blackmwk

blackmwk commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

@dependabot recreate

Bumps [zeroize](https://github.com/RustCrypto/utils) from 1.8.2 to 1.9.0.
- [Commits](RustCrypto/utils@zeroize-v1.8.2...zeroize-v1.9.0)

---
updated-dependencies:
- dependency-name: zeroize
  dependency-version: 1.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/cargo/zeroize-1.9.0 branch from c6a1fac to 7a0b5ba Compare July 1, 2026 09:27
@blackmwk blackmwk merged commit 125822d into main Jul 1, 2026
24 checks passed
@blackmwk blackmwk deleted the dependabot/cargo/zeroize-1.9.0 branch July 1, 2026 09:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update Rust code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants