fix: repair corrupted Cargo.lock with duplicate package entries#674
Merged
Conversation
The root Cargo.lock contained duplicate [[package]] entries (wasm-metadata 0.230.0 x5, wasmparser 0.245.1 x2) from Dependabot bump PRs merged without re-resolving the lockfile. This made 'cargo build --workspace' fail to parse the lockfile, breaking CI on main. Regenerate the lockfile so each package resolves once and matches Cargo.toml constraints (e.g. testcontainers ^0.25.2). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Split a merged 'pub use {mcp_server, wassette};' re-export into separate
statements to satisfy 'cargo +nightly fmt --check', which CI enforces.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The [dev-dependencies] pinned oci-client 0.15 / oci-wasm 0.3 (added in the original OCI feature and never bumped), while the workspace dependencies were later moved to oci-client 0.16 / oci-wasm 0.4 by Dependabot. This pulled two versions of oci-client into the test build, so transport_integration_test passed an oci_client 0.15 Client to wassette::with_oci_client which expects the 0.16 type (E0308). The corrupted lockfile had been masking this by failing the build earlier. Align the dev-dependencies to 0.16 / 0.4 so a single version is used. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Run cargo update to fix: aws-lc-sys (0.36→0.41), quinn-proto (0.11.13→0.11.14), wasmtime (36.0.5→36.0.10), rustls-webpki (0.103.9→0.103.13), rsa removed - Upgrade testcontainers 0.25→0.27 in Cargo.toml to fix astral-tokio-tar advisories - Create .cargo/audit.toml (correct location for cargo-audit config) with ignore entries for unfixable rustls-webpki 0.102.8 advisories (wasmtime 36.x internal dep) - Update deny.toml: remove rustls-pemfile entry (dep removed), add rustls-webpki ignores Co-authored-by: yoshuawuyts <2467194+yoshuawuyts@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The root Cargo.lock contained duplicate [[package]] entries (wasm-metadata 0.230.0 x5, wasmparser 0.245.1 x2) from Dependabot bump PRs merged without re-resolving the lockfile. This made 'cargo build --workspace' fail to parse the lockfile, breaking CI on main. Regenerate the lockfile so each package resolves once and matches Cargo.toml constraints (e.g. testcontainers ^0.25.2).