Skip to content

Update dependencies#1241

Open
erikd wants to merge 4 commits into
masterfrom
erikd/updates
Open

Update dependencies#1241
erikd wants to merge 4 commits into
masterfrom
erikd/updates

Conversation

@erikd

@erikd erikd commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Context

  • Bump aeson lower bound to avoid potential DoS attack
  • Update dependencies.
  • Update index-states

How to trust this PR

Highlight important bits of the PR that will make the review faster. If there are commands the reviewer can run to observe the new behavior, describe them.

Checklist

  • Commit sequence broadly makes sense and commits have useful messages
  • New tests are added if needed and existing tests are updated. See Running tests for more details
  • Self-reviewed the diff
  • Changelog fragment added in .changes/

Copilot AI review requested due to automatic review settings July 1, 2026 06:42
@erikd erikd marked this pull request as draft July 1, 2026 06:43

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates dependency pins and Cabal solver constraints to move the repository onto a newer CHaP/hackage snapshot and require aeson >= 2.3, along with allow-newer relaxations to keep the build plan solvable.

Changes:

  • Bump Nix flake inputs for CHaP and hackage.nix in flake.lock.
  • Update cardano-api (library/gen/tests) to require aeson >= 2.3.
  • Refresh cabal.project index-state and add allow-newer entries for packages not yet compatible with the new bounds.

Reviewed changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated 2 comments.

File Description
flake.lock Updates locked revisions/hashes for dependency inputs (CHaP, hackageNix).
cardano-api/cardano-api.cabal Raises the aeson lower bound to >= 2.3 across library/gen/test stanzas.
cabal.project Advances index-state and adds allow-newer relaxations needed for the updated dependency set.

Comment thread cabal.project
Comment thread cardano-api/cardano-api.cabal
@erikd erikd force-pushed the erikd/updates branch 2 times, most recently from 2e80878 to 16cd50e Compare July 1, 2026 06:56
@erikd erikd marked this pull request as ready for review July 1, 2026 08:13
Comment thread cabal.project
, hedgehog-extras:aeson
, microstache:aeson
, monad-control:transformers
, http-api-data:text-iso8601

@carbolymer carbolymer Jul 1, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

shouldn't that go below cabal-allow-newer begin?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No this set (depending on aeson and it transitive dependendcies) are for all versions of GHC.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't mean gating it behind GHC version. I just don't understand why did you add -- cabal-allow-newer begin block.

@carbolymer carbolymer left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Comment thread .changes/20260701_updates.yml Outdated
Comment thread cabal.project
-- Do NOT add more source-repository-package stanzas here unless they are strictly
-- temporary! Please read the section in CONTRIBUTING about updating dependencies.

allow-newer:

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you gate this behind a version conditional like the ghc >=9.14 block right below it instead of applying it unconditionally?

@erikd erikd Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This MUST be applied unconditionally. It applies to all versions of GHC.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have added a comment on this.

@erikd erikd force-pushed the erikd/updates branch 3 times, most recently from 7e7f144 to 2ac70bd Compare July 2, 2026 03:30
@Jimbo4350 Jimbo4350 self-requested a review July 2, 2026 13:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants