Update dependencies#1241
Conversation
There was a problem hiding this comment.
Pull request overview
Updates dependency pins and Cabal solver constraints to move the repository onto a newer CHaP/hackage snapshot and require aeson >= 2.3, along with allow-newer relaxations to keep the build plan solvable.
Changes:
- Bump Nix flake inputs for CHaP and
hackage.nixinflake.lock. - Update
cardano-api(library/gen/tests) to requireaeson >= 2.3. - Refresh
cabal.projectindex-stateand addallow-newerentries for packages not yet compatible with the new bounds.
Reviewed changes
Copilot reviewed 2 out of 3 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| flake.lock | Updates locked revisions/hashes for dependency inputs (CHaP, hackageNix). |
| cardano-api/cardano-api.cabal | Raises the aeson lower bound to >= 2.3 across library/gen/test stanzas. |
| cabal.project | Advances index-state and adds allow-newer relaxations needed for the updated dependency set. |
2e80878 to
16cd50e
Compare
| , hedgehog-extras:aeson | ||
| , microstache:aeson | ||
| , monad-control:transformers | ||
| , http-api-data:text-iso8601 |
There was a problem hiding this comment.
shouldn't that go below cabal-allow-newer begin?
There was a problem hiding this comment.
No this set (depending on aeson and it transitive dependendcies) are for all versions of GHC.
There was a problem hiding this comment.
I didn't mean gating it behind GHC version. I just don't understand why did you add -- cabal-allow-newer begin block.
carbolymer
left a comment
There was a problem hiding this comment.
LGTM, just small thing: https://github.com/IntersectMBO/cardano-api/pull/1241/changes#r3506150477
| -- Do NOT add more source-repository-package stanzas here unless they are strictly | ||
| -- temporary! Please read the section in CONTRIBUTING about updating dependencies. | ||
|
|
||
| allow-newer: |
There was a problem hiding this comment.
Can you gate this behind a version conditional like the ghc >=9.14 block right below it instead of applying it unconditionally?
There was a problem hiding this comment.
This MUST be applied unconditionally. It applies to all versions of GHC.
There was a problem hiding this comment.
I have added a comment on this.
7e7f144 to
2ac70bd
Compare
There is a DoS vulnerability in earlier versions: https://haskell.github.io/security-advisories/advisory/HSEC-2026-0007.html
Context
How to trust this PR
Highlight important bits of the PR that will make the review faster. If there are commands the reviewer can run to observe the new behavior, describe them.
Checklist
.changes/