Audit env_logger 0.10.0
Categories
(Core :: Graphics: WebGPU, task, P3)
Tracking
()
Tracking | Status | |
---|---|---|
firefox110 | --- | fixed |
People
(Reporter: nical, Assigned: nical)
References
Details
Attachments
(1 file)
Will be needed by a wgpu update soon.
Assignee | ||
Comment 1•1 year ago
|
||
Updated•1 year ago
|
Pushed by nsilva@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/0b9dc8ade77b Auditted envlogger 0.9.3 -> 0.10.0. r=bholley
Comment 3•1 year ago
|
||
bugherder |
Comment 4•1 year ago
|
||
(In reply to Nicolas Silva [:nical] from comment #0)
Will be needed by a wgpu update soon.
wgpu is still on 0.9 AFAICT, and uses env_logger as dev-dependency anyways, which shouldn't pull it?
Assignee | ||
Comment 5•1 year ago
|
||
That's good news, I wasn't looking forward to having to update a whole lot of crates to 0.10 to avoid vendoring env_logger twice on an upcoming wgpu update.
wgpu is about to depend on 0.10 because 0.9 depends on unmaintained atty which has had a security vulnerability and that causes wgpu's CI to fail on all PRs. See https://github.com/gfx-rs/wgpu/issues/3368.
I assumed bumping env_logger in wgpu would pull in the newer version here, so I audited the changes proactively to avoid the painful chain of tasks that usually builds up when updating wgpu in m-c.
I'm sure other parts of gecko will end up depending on the new env_logger eventually anyway, because of the atty issue (and some github CI actions like EmbarkStudios/cargo-deny-action@v1 making dependencies to atty an error).
Comment 6•1 year ago
|
||
(In reply to Nicolas Silva [:nical] from comment #5)
That's good news, I wasn't looking forward to having to update a whole lot of crates to 0.10 to avoid vendoring env_logger twice on an upcoming wgpu update.
FWIW, that's not a concern. I have a patch prepared that adds env_logger 0.10 and a fake env_logger 0.9 that depends on it. I'm waiting for env_logger 0.8 to go away first (waiting for a mp4parse update)
wgpu is about to depend on 0.10 because 0.9 depends on unmaintained atty which has had a security vulnerability and that causes wgpu's CI to fail on all PRs. See https://github.com/gfx-rs/wgpu/issues/3368.
The dependency on atty would go away if the dependency on env_logger had default-features=false, independently of switching to 0.10.
Note that IIRC the alternative to atty requires windows-sys, which is another can of worms you don't want to open. We're not ready to take that in yet (we'll get there).
Description
•