Update getrandom requirement from 0.2 to 0.3 in /divergence-engine#3
Update getrandom requirement from 0.2 to 0.3 in /divergence-engine#3dependabot[bot] wants to merge 1 commit intomainfrom
Conversation
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
![sentry[bot]](https://avatars.githubusercontent.com/in/12637?s=60&v=4){kind=small}
| web-sys = { version = "0.3", optional = true, features = ["console"] } | ||
| console_error_panic_hook = { version = "0.1", optional = true } | ||
| getrandom = { version = "0.2", optional = true } | ||
| getrandom = { version = "0.3", optional = true } |
There was a problem hiding this comment.
Bug: Upgrading getrandom to 0.3 without updating the wasm feature to use getrandom/wasm_js will cause compilation failures.
Severity: CRITICAL | Confidence: High
🔍 Detailed Analysis
The pull request updates getrandom to version 0.3, which removes the js feature and replaces it with wasm_js. However, the wasm feature in Cargo.toml at line 36 still attempts to enable getrandom/js. This incompatibility will cause a compilation failure when building the divergence-engine with the wasm feature enabled, as Cargo will be unable to resolve the non-existent getrandom/js feature.
💡 Suggested Fix
Update the wasm feature in Cargo.toml to use getrandom/wasm_js instead of getrandom/js. Additionally, configure the backend via .cargo/config.toml with rustflags = ['--cfg', 'getrandom_backend="wasm_js"'] to properly enable the WASM backend.
🤖 Prompt for AI Agent
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.
Location: divergence-engine/Cargo.toml#L36
Potential issue: The pull request updates `getrandom` to version 0.3, which removes the
`js` feature and replaces it with `wasm_js`. However, the `wasm` feature in `Cargo.toml`
at line 36 still attempts to enable `getrandom/js`. This incompatibility will cause a
compilation failure when building the `divergence-engine` with the `wasm` feature
enabled, as Cargo will be unable to resolve the non-existent `getrandom/js` feature.
Did we get this right? 👍 / 👎 to inform future reviews.
Reference ID: 4439212
Updates the requirements on [getrandom](https://github.com/rust-random/getrandom) to permit the latest version. - [Release notes](https://github.com/rust-random/getrandom/releases) - [Changelog](https://github.com/rust-random/getrandom/blob/master/CHANGELOG.md) - [Commits](rust-random/getrandom@v0.2.0...v0.2.16) --- updated-dependencies: - dependency-name: getrandom dependency-version: 0.2.16 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
force-pushed
the
dependabot/cargo/divergence-engine/getrandom-0.3
branch
from
ebd87e5 to
843e7e7
Compare
|
Superseded by #7. |
dependabot
bot
deleted the
dependabot/cargo/divergence-engine/getrandom-0.3
branch
Updates the requirements on getrandom to permit the latest version.
Changelog
Sourced from getrandom's changelog.
... (truncated)
Commits
ce4144bRelease v0.2.16 (#655)a55ea8dBackport Cygwin support (#654)cf65e83Release v0.2.15 (#419)a24538fRemove .cargo/config (#421)229d870Use libc::getrandom on Solaris and update docs. (#420)924c88dUnconditionally uselibc::getrandomon Illumos andlibc::geentropyon Sol...20c2213Unify getentropy-based implementations (#418)dca4961Unconditionally use libc::getrandom on FreeBSD (#416)d4b0ef0Use libc::getrandom on DragonflyBSD (#411)0d55923Add Apple visionOS support (#410)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)