Closed Bug 1809499 Opened 1 year ago Closed 1 year ago

Audit env_logger 0.10.0

Categories

(Core :: Graphics: WebGPU, task, P3)

Product:
Core
Component:
Graphics: WebGPU
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
110 Branch
Tracking Flags:
Tracking Status
firefox110 --- fixed

People

(Reporter: nical, Assigned: nical)

References

Details

Attachments

(1 file)

Bug 1809499 - Auditted envlogger 0.9.3 -> 0.10.0. r=bholley
48 bytes, text/x-phabricator-request
Details | Review

Will be needed by a wgpu update soon.

Assignee: nobody → nical.bugzilla
Status: NEW → ASSIGNED
Pushed by nsilva@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/0b9dc8ade77b
Auditted envlogger 0.9.3 -> 0.10.0. r=bholley

https://hg.mozilla.org/mozilla-central/rev/0b9dc8ade77b

Status: ASSIGNED → RESOLVED
Closed: 1 year ago
status-firefox110: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 110 Branch

(In reply to Nicolas Silva [:nical] from comment #0)

Will be needed by a wgpu update soon.

wgpu is still on 0.9 AFAICT, and uses env_logger as dev-dependency anyways, which shouldn't pull it?

Flags: needinfo?(nical.bugzilla)

That's good news, I wasn't looking forward to having to update a whole lot of crates to 0.10 to avoid vendoring env_logger twice on an upcoming wgpu update.

wgpu is about to depend on 0.10 because 0.9 depends on unmaintained atty which has had a security vulnerability and that causes wgpu's CI to fail on all PRs. See https://github.com/gfx-rs/wgpu/issues/3368.
I assumed bumping env_logger in wgpu would pull in the newer version here, so I audited the changes proactively to avoid the painful chain of tasks that usually builds up when updating wgpu in m-c.

I'm sure other parts of gecko will end up depending on the new env_logger eventually anyway, because of the atty issue (and some github CI actions like EmbarkStudios/cargo-deny-action@v1 making dependencies to atty an error).

Flags: needinfo?(nical.bugzilla)

(In reply to Nicolas Silva [:nical] from comment #5)

That's good news, I wasn't looking forward to having to update a whole lot of crates to 0.10 to avoid vendoring env_logger twice on an upcoming wgpu update.

FWIW, that's not a concern. I have a patch prepared that adds env_logger 0.10 and a fake env_logger 0.9 that depends on it. I'm waiting for env_logger 0.8 to go away first (waiting for a mp4parse update)

wgpu is about to depend on 0.10 because 0.9 depends on unmaintained atty which has had a security vulnerability and that causes wgpu's CI to fail on all PRs. See https://github.com/gfx-rs/wgpu/issues/3368.

The dependency on atty would go away if the dependency on env_logger had default-features=false, independently of switching to 0.10.
Note that IIRC the alternative to atty requires windows-sys, which is another can of worms you don't want to open. We're not ready to take that in yet (we'll get there).

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: