Skip to content

Bump dependency and require aeson >= 2.3#1394

Draft
erikd wants to merge 5 commits into
masterfrom
erikd/updates
Draft

Bump dependency and require aeson >= 2.3#1394
erikd wants to merge 5 commits into
masterfrom
erikd/updates

Conversation

@erikd

@erikd erikd commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Context

  • Update cabal.project index-states
  • Update cabal.project allow-newers
  • Require aeson >= 2.3 to prevent potential DoS attack.

How to trust this PR

Checklist

  • Commit sequence broadly makes sense and commits have useful messages
  • New tests are added if needed and existing tests are updated. See Running tests for more details
  • Self-reviewed the diff
  • Changelog fragment added in .changes/

Copilot AI review requested due to automatic review settings July 2, 2026 04:18
@erikd erikd marked this pull request as draft July 2, 2026 04:19

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the repository’s dependency set (Nix + Cabal) and raises the aeson lower bound to >= 2.3 to address a potential DoS concern.

Changes:

  • Updated Nix flake inputs (CHaP, hackageNix) in flake.lock.
  • Updated cabal.project index-states and added allow-newer entries to accommodate aeson >= 2.3.
  • Raised the aeson lower bound in cardano-cli.cabal (library + golden tests) and added a changelog fragment.

Reviewed changes

Copilot reviewed 3 out of 4 changed files in this pull request and generated 1 comment.

File Description
flake.lock Bumps pinned Nix inputs to newer revisions/hashes.
cabal.project Advances index-states and adjusts allow-newer settings to permit the dependency bump.
cardano-cli/cardano-cli.cabal Raises the aeson lower bound to >= 2.3 for the library and golden test suite.
.changes/20260702_updates.yml Adds a changelog fragment describing the dependency updates (currently has an invalid project value).

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .changes/20260702_updates.yml
@erikd erikd changed the title Bumpe dependency and require aeson >= 2.3 Bump dependency and require aeson >= 2.3 Jul 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants