Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: update deps #29

Merged
merged 3 commits into from
Jan 8, 2025
Merged

chore: update deps #29

merged 3 commits into from
Jan 8, 2025

Conversation

guillaumemichel
Copy link
Contributor

@guillaumemichel guillaumemichel commented Jan 8, 2025
edited
Loading

Update dependencies to address https://github.com/libp2p/go-libp2p/actions/runs/12668323748/job/35303508383#step:12:37.

  • github.com/mholt/acmez/v3 everywhere, instead of v2
  • github.com/caddyserver/certmagic v0.21.4=> v0.21.5, since v0.21.4 depends on github.com/mholt/acmez/v2
  • github.com/libp2p/go-libp2p v0.37.2 => v0.38.1

@guillaumemichel guillaumemichel mentioned this pull request Jan 8, 2025
Open
2 tasks
@codecov-commenter
Copy link

Welcome to Codecov 🎉

Once you merge this PR into your default branch, you're all set! Codecov will compare coverage reports and display results in all future pull requests.

Thanks for integrating Codecov - We've got you covered ☂️

lidel
lidel approved these changes Jan 8, 2025
View reviewed changes
Copy link
Contributor

@lidel lidel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks. Did extra manual tests in Kubo, and looks fine.

ps. Slight concern that bumping github.com/libp2p/go-libp2p bump here will expose Kubo to dependency issues described in this thread:

iiuc the reason why go get github.com/ipshipyard/p2p-forge@master triggers downgrade in dependency graph if already using recent patch release of go-libp2p is:

  • v0.37.0 is part of master branch, so go get produces bump to +1, which is v0.37.1-0.202412[..] (OK, assuming no patch exists)
  • tag v0.37.2 lives in branches release-v037 and release-v0372 but was never merged to master (BUG, because v0.37.2 exists, causing downgrade to v0.37.1-0.202412[..] when it should be v0.37.3-0.202412[..]

My understanding is that if a release branch was merged back to master (merge commit, not squash) after tagging a patch release,
then the tag for a patch would become part of master branch and golang tooling would correctly see v0.37.2 exists and bump to .3- and not .1- So.. would it be sensible if you always merge commit from release branch to master after you are done with release?
(this is what we do in Kubo/boxo to ensure main branch HEAD always produces last [patch] release +1.

TLDR: Kubo will no longer able to use commit from master branch of go-libp2p, and we have to use replace or patch release. Not the end of the world, just making release dance harder than it should be. Hope is that go-libp2p will start merging patch releases back to main branch, removing this papercut, but cc @gammazero for visibility if we need to use commit from go-libp2p@master and things break.

@lidel lidel merged commit 94d93dc into ipshipyard:main Jan 8, 2025
4 checks passed
@lidel lidel mentioned this pull request Jan 8, 2025
Merged
@guillaumemichel guillaumemichel deleted the update-deps branch January 8, 2025 18:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lidel lidel lidel approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@guillaumemichel @codecov-commenter @lidel