Bump tract-onnx from 0.22.1 to 0.22.3 in the cargo group across 1 directory#1221
Bump tract-onnx from 0.22.1 to 0.22.3 in the cargo group across 1 directory#1221dependabot[bot] wants to merge 1 commit into
Conversation
Bumps the cargo group with 1 update in the / directory: [tract-onnx](https://github.com/snipsco/tract). Updates `tract-onnx` from 0.22.1 to 0.22.3 - [Release notes](https://github.com/snipsco/tract/releases) - [Changelog](https://github.com/sonos/tract/blob/main/CHANGELOG.md) - [Commits](sonos/tract@0.22.1...0.22.3) --- updated-dependencies: - dependency-name: tract-onnx dependency-version: 0.22.3 dependency-type: indirect dependency-group: cargo ... Signed-off-by: dependabot[bot] <support@github.com>
| prost-build = "0.14" | ||
| prost-types = "0.14" | ||
| rand = "0.9" | ||
| rand = "0.10" |
There was a problem hiding this comment.
🟡 Missing changeset file for dependency version bump
No changeset was added for this dependency upgrade (Cargo.toml:76), violating the repository's mandatory changeset requirement.
Impact: The PR cannot be merged according to repository contribution rules without a changeset documenting the change.
AGENTS.md changeset requirement
AGENTS.md states under "Documenting changes":
- "Every PR needs a changeset"
- "Changeset must list any crates which need to be bumped stemming from the change"
- "Document changes interactively from the CLI with
knope document-changeor create manually in/.changeset"
The PR bumps rand from 0.9 to 0.10 in the workspace dependencies, which affects livekit-api, livekit-datatrack, and several example crates. No corresponding changeset file was created in the /.changeset directory.
Prompt for agents
A changeset file needs to be created in the .changeset/ directory documenting this rand version bump. Run knope document-change from the CLI or manually create a markdown file in .changeset/ that lists the affected crates (livekit-api, livekit-datatrack, and any example crates that depend on rand) and describes the rand 0.9 to 0.10 upgrade.
Was this helpful? React with 👍 or 👎 to provide feedback.
| prost-build = "0.14" | ||
| prost-types = "0.14" | ||
| rand = "0.9" | ||
| rand = "0.10" |
There was a problem hiding this comment.
🔍 Multiple rand versions now coexist in the dependency tree
After this bump, the Cargo.lock shows three versions of rand in the tree: 0.8.5 (transitive, pre-existing), 0.9.4 (used by fake and quinn-proto), and 0.10.2 (workspace crates). The livekit-datatrack crate implements fake::Dummy trait methods with bounds like R: rand::Rng + ?Sized (livekit-datatrack/src/packet/time.rs:120, livekit-datatrack/src/packet/handle.rs:90, livekit-datatrack/src/packet/mod.rs:70). Since fake depends on rand 0.9.4 and livekit-datatrack now resolves rand to 0.10.2, the Rng trait from these two versions are distinct types, which could cause trait mismatch issues in the Dummy implementations.
Was this helpful? React with 👍 or 👎 to provide feedback.
Bumps the cargo group with 1 update in the / directory: tract-onnx.
Updates
tract-onnxfrom 0.22.1 to 0.22.3Changelog
Sourced from tract-onnx's changelog.
... (truncated)
Commits
1541d40release 0.22.35f994bcSanitize ONNX external_data location and bound offset/lengthdf98b34release.sh: push the release commit and only its version tag. The script push...5fcd0c0post-release 0.22.3-pre19a2c2arelease 0.22.24773e92fix(nnef): reject overflowing block-quant tensor dimsee5f019fix(nnef): reject overflowing tensor dimsa213cbcSupport value_ints, value_floats, value_string(s) in ONNX Constant op0eb5cedbackport wheels build from aminc92b8a1post-release 0.22.2-preDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditionsYou can disable automated security fix PRs for this repo from the Security Alerts page.