Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Manual dependabot run: check and upgrade #12787

Open
rvagg opened this issue Dec 16, 2024 · 2 comments
Open

Manual dependabot run: check and upgrade #12787

rvagg opened this issue Dec 16, 2024 · 2 comments
Labels
good first issue Good for newcomers

Comments

@rvagg
Copy link
Member

rvagg commented Dec 16, 2024

I'd like to get dependabot in here eventually, maybe with a very slow cadence, but at least we should be getting the option to upgrade things and not let them rot and surprise us.

The first step is to actually upgrade some dependencies. We have a lot that are out of date.

I'm making this as good first issue because the task isn't to audit all dependencies, just chip away at them. A PR for a single upgrade would be good enough. We probably don't even want a lot of upgrades in a single PR, let's consider them individually. So if you'd like to help with this: work through the dependencies and find out which ones have updates and then upgrade one and see if everything compiles and still works; then open a PR and let's fine out!
@rvagg rvagg added the good first issue Good for newcomers label Dec 16, 2024
@github-project-automation github-project-automation bot moved this to 📌 Triage in FilOz Dec 16, 2024
@iyiola-dev
Copy link

hi, i will like to pick this up but is there a list of dependencies you wish to prioritise? @rvagg

@rvagg
Copy link
Member Author

rvagg commented Dec 19, 2024

@iyiola-dev yesterday we merged a change that now checks for strict dependency versions unless there is an "ignore" directive in a comment in go.mod next to that dependency. One stood out to me as being able to be upgraded from untagged to tagged: github.com/hannahhoward/go-pubsub - this would be a good start.

Other than that, probably just go down go.mod and find one that has updates and try to update it. I'd suggest finding dependencies with fewer uses just to minimise the likelihood of there being problems upgrading it. You could easily check amount of usage with a git grep, like: git grep '"go.uber.org/zap' -- \*.go | wc -l.

make unittests would be a good start to see if there are any build problems.

Running at least one integration test would be a good next step before committing and proposing the chance via a pull request. I think this might be a good one to try: go test ./itests/fevm_test.go -run TestFEVMBasic.

We can do them individually or in small groups if they come logically together. Best if we consider them somewhat separately to identify problems as we go. We are also going to want to do some quick investigation of what's changed in the versions between (like dependabot gives you a commit log), so if you can help us by linking to a change set of commits that would be very helpful too. I know this is sometimes hard to come by if they're not on github.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue Good for newcomers
Projects
FilOz
Status: 📌 Triage
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rvagg @iyiola-dev