Skip to content

Downgrade ron to 0.11.0 to avoid new dependencies. #8702

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
jimblandy wants to merge 1 commit into from
Closed

Downgrade ron to 0.11.0 to avoid new dependencies. #8702

jimblandy wants to merge 1 commit into from

Conversation

@jimblandy
Copy link
Member

@jimblandy jimblandy commented Dec 10, 2025

Currently other components in Firefox are using ron 0.11.0. Ron 0.12 looks fine, but it adds a dependency on the typeid crate, which seems tricky to audit. We can do this, but for the sake of allowing Firefox to take critical wgpu updates, we should put it off for a bit.

@jimblandy
Downgrade ron to 0.11.0 to avoid new dependencies.
a698c07 
Currently other components in Firefox are using ron 0.11.0. Ron 0.12
looks fine, but it adds a dependency on the typeid crate, which seems
tricky to audit. We can do this, but for the sake of allowing Firefox
to take critical wgpu updates, we should put it off for a bit.
@ErichDonGubler
Copy link
Member

ErichDonGubler commented Dec 10, 2025

RE: typeid: I mean, it's made by David Tolnay, and he's generally considered a trusted Rust crate author. Is that really a big blocker?

cwfitzgerald
cwfitzgerald requested changes Dec 10, 2025
View reviewed changes
Copy link
Member

@cwfitzgerald cwfitzgerald left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since it seems like no code changes are needed, could we take a range dependency?

@jimblandy
Copy link
Member Author

jimblandy commented Dec 11, 2025

Actually, I think I understand what ron 0.12 is doing now, and I've read typeid, so I think we can just take the upgrade.

@jimblandy jimblandy closed this Dec 11, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cwfitzgerald cwfitzgerald cwfitzgerald requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jimblandy @ErichDonGubler @cwfitzgerald