Skip to content

Downgrade transitive deps to match minimal direct deps#1640

Merged
DanGould merged 2 commits into
payjoin:masterfrom
benalleng:minimal-versions
Jun 16, 2026
Merged

Downgrade transitive deps to match minimal direct deps#1640
DanGould merged 2 commits into
payjoin:masterfrom
benalleng:minimal-versions

Conversation

@benalleng

@benalleng benalleng commented Jun 12, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator

This is an enhancement on-top of #1612. That only forced direct dependencies to be locked but transitive dependencies can still be updated and drift..

rust-bitcoin/rust-bitcoin#4898 demonstrates that they use minimal-versions as the final lockfile write command to copy into Cargo-minimal.lock This commands includes both direct and transitive dependencies

This requires 2 forks due to inconsistent toml deps in the uniffi crates.

uniffi-bindgen-cs = { git = "https://github.com/benalleng/uniffi-bindgen-cs.git", rev = "71d6556aa60c29b487d931de47053f26ee8a1af1", optional = true }
uniffi-dart = { git = "https://github.com/benalleng/uniffi-dart.git", rev = "ce97870a934cd6046eef059c5805359ac0d59964", optional = true }
Pull Request Checklist

Please confirm the following before requesting review:

@coveralls

coveralls commented Jun 12, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator

Coverage Report for CI Build 27574458706

Coverage remained the same at 85.188%

Details

  • Coverage remained the same as the base build.
  • Patch coverage: No coverable lines changed in this PR.
  • No coverage regressions found.

Uncovered Changes

No uncovered changes found.

Coverage Regressions

No coverage regressions found.

Coverage Stats

Coverage Status
Relevant Lines: 14718
Covered Lines: 12538
Line Coverage: 85.19%
Coverage Strength: 370.96 hits per line
💛 - Coveralls

@benalleng benalleng changed the title Minimal versions Downgrade transitive deps to match minimal direct deps Jun 12, 2026
@benalleng benalleng force-pushed the minimal-versions branch 2 times, most recently from 02093c7 to 5672c69 Compare June 15, 2026 16:46
@benalleng benalleng marked this pull request as ready for review June 15, 2026 17:28
@benalleng benalleng mentioned this pull request Jun 15, 2026
Closed
DanGould
DanGould approved these changes Jun 16, 2026
View reviewed changes

@DanGould DanGould left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

My understanding is that without this change, transitive deps could still drift to newer versions whenever lock files are regenerated.

Comment thread payjoin-ffi/Cargo.toml
Comment on lines -38 to +39
uniffi-bindgen-cs = { git = "https://github.com/chavic/uniffi-bindgen-cs.git", rev = "878a3d269eacce64beadcd336ade0b7c8da09824", optional = true }
uniffi-dart = { git = "https://github.com/Uniffi-Dart/uniffi-dart.git", rev = "b0157aa", optional = true }
uniffi-bindgen-cs = { git = "https://github.com/benalleng/uniffi-bindgen-cs.git", rev = "71d6556aa60c29b487d931de47053f26ee8a1af1", optional = true }
uniffi-dart = { git = "https://github.com/benalleng/uniffi-dart.git", rev = "ce97870a934cd6046eef059c5805359ac0d59964", optional = true }

@DanGould DanGould Jun 16, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since these dependencies are already pointing at commit hashes, I don't think this PR needs to be blocked. I do think getting a timeline on when these will be versioned is now appropriate @chavic

DanGould
DanGould reviewed Jun 16, 2026
View reviewed changes
Comment thread payjoin-test-utils/Cargo.toml
tracing-subscriber = { version = "0.3.19", features = ["env-filter"] }

# time is a transient dependency, but needs to be specified explicitly to pin the version for MSRV
# time and tar are transient dependencies, but needs to be specified explicitly to pin the version for MSRV

@DanGould DanGould Jun 16, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: consider removing "time and tar are" so the comment doesn't go stale, and repeating the uniform comment to all other Cargo.toml files that define package.metadata.cargo-machete for the same reason.

@benalleng benalleng mentioned this pull request Jun 16, 2026
Merged
2 tasks
@DanGould DanGould merged commit 8e84a9d into payjoin:master Jun 16, 2026
22 checks passed
@DanGould DanGould mentioned this pull request Jun 16, 2026
Open
This was referenced Jun 16, 2026
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@DanGould DanGould DanGould approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@benalleng @coveralls @DanGould