Skip to content

chore(deps): bump lru from 0.16.3 to 0.18.0#25301

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/cargo/lru-0.18.0
Open

chore(deps): bump lru from 0.16.3 to 0.18.0#25301
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/cargo/lru-0.18.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 27, 2026

Copy link
Copy Markdown
Contributor

Bumps lru from 0.16.3 to 0.18.0.

Changelog

Sourced from lru's changelog.

v0.18.0 - 2026-04-27

  • Fix unconstrained lifetime in get_or_insert_mut_ref.

v0.17.0 - 2026-04-14

  • Upgrade hashbrown to 0.17.0 and update MSRV to 1.85.0.

v0.16.4 - 2026-04-13

  • Add get_or_insert_with_key and variants.
Commits
  • dac07e3 Merge pull request #234 from jeromefroe/jerome/prepare-0-18-0-release
  • 0335315 Prepare 0.18.0 release
  • e40bbdc Merge pull request #233 from paolobarbolini/get_or_insert_mut_ref-unconstrain...
  • a615a5b Fix unconstrained lifetime in LruCache::get_or_insert_mut_ref
  • 13321a9 Merge pull request #232 from jeromefroe/jerome/prepare-0-17-0-release
  • f7d0ece Prepare 0.17.0 release
  • 2d3d6d5 Merge pull request #231 from xtqqczze/deps/hashbrown
  • 346e2fe Bump hashbrown to 0.17.0
  • 1302b4e Update MSRV to 1.85.0
  • d8c7f5c Merge pull request #230 from jeromefroe/jerome/prepare-0-16-4-release
  • Additional commits viewable in compare view

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot Bot added domain: deps Anything related to Vector's dependencies no-changelog Changes in this PR do not need user-facing explanations in the release changelog labels Apr 27, 2026
@dependabot dependabot Bot requested a review from a team as a code owner April 27, 2026 15:36
@dependabot dependabot Bot added domain: deps Anything related to Vector's dependencies no-changelog Changes in this PR do not need user-facing explanations in the release changelog labels Apr 27, 2026

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 60f9057343

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment thread Cargo.lock
"listenfd",
"loki-logproto",
"lru",
"lru 0.18.0",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Align lru lock version with manifest constraint

vector is now locked to lru 0.18.0, but the manifest still declares lru = { version = "0.16.3", ... } in Cargo.toml (which constrains to <0.17 for a 0.x crate). This makes the lockfile inconsistent with the dependency spec: cargo will either fail under --locked or rewrite Cargo.lock back to a 0.16.x resolution, so the bump is not reproducible and can break locked CI/release flows.

Useful? React with 👍 / 👎.

@dependabot dependabot Bot force-pushed the dependabot/cargo/lru-0.18.0 branch 3 times, most recently from 2d09be9 to 0272cf7 Compare April 29, 2026 18:32

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 0272cf7d80

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment thread Cargo.lock
"listenfd",
"loki-logproto",
"lru",
"lru 0.18.0",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Keep vector's locked lru version within manifest constraint

The lockfile now pins vector to lru 0.18.0, but Cargo.toml still declares lru = { version = "0.16.3", ... } (which only allows <0.17 for a 0.x crate). This makes dependency resolution non-reproducible: cargo ... --locked can fail or force lockfile rewrites, breaking CI/release workflows that rely on a stable lockfile.

Useful? React with 👍 / 👎.

@dependabot dependabot Bot force-pushed the dependabot/cargo/lru-0.18.0 branch from 0272cf7 to 907340c Compare April 29, 2026 20:44

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 907340cc16

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment thread Cargo.lock
@@ -12875,7 +12881,7 @@ dependencies = [
"libc",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Pin lru to a version allowed by Cargo.toml

This lockfile change pins vector to lru 0.18.0, but the workspace manifest still declares lru = { version = "0.16.3", ... } in Cargo.toml:407 (caret semantics for a 0.x crate allow <0.17.0). That makes the dependency spec and lockfile inconsistent, so reproducible/locked workflows can fail or require lockfile rewrites when Cargo resolves dependencies from the manifest.

Useful? React with 👍 / 👎.

@dependabot dependabot Bot force-pushed the dependabot/cargo/lru-0.18.0 branch 9 times, most recently from 9e0b44a to cb8e305 Compare May 8, 2026 18:55
@dependabot dependabot Bot force-pushed the dependabot/cargo/lru-0.18.0 branch 6 times, most recently from 812f9a0 to 89c8777 Compare May 18, 2026 22:04
@dependabot dependabot Bot force-pushed the dependabot/cargo/lru-0.18.0 branch 2 times, most recently from d9a544e to fe9377c Compare May 26, 2026 21:22

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: fe9377c198

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment thread Cargo.lock
@@ -13027,7 +13033,7 @@ dependencies = [
"libc",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Keep vector lockfile lru within manifest range

vector is now locked to lru 0.18.0, but Cargo.toml still declares lru = "0.16.3" (caret semantics on a 0.x crate only allow <0.17.0). This makes the dependency spec and lockfile inconsistent, so cargo workflows that rely on --locked reproducibility can fail or force lockfile rewrites when resolving from the manifest.

Useful? React with 👍 / 👎.

@dependabot dependabot Bot force-pushed the dependabot/cargo/lru-0.18.0 branch from fe9377c to c2698e9 Compare May 27, 2026 14:38
Bumps [lru](https://github.com/jeromefroe/lru-rs) from 0.16.3 to 0.18.0.
- [Changelog](https://github.com/jeromefroe/lru-rs/blob/master/CHANGELOG.md)
- [Commits](jeromefroe/lru-rs@0.16.3...0.18.0)

---
updated-dependencies:
- dependency-name: lru
  dependency-version: 0.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/cargo/lru-0.18.0 branch from c2698e9 to 96bda88 Compare May 27, 2026 15:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

domain: deps Anything related to Vector's dependencies no-changelog Changes in this PR do not need user-facing explanations in the release changelog

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants