Skip to content

ci: ignore aes 0.9+ in dependabot (fpe pins aes 0.8)#8

Merged
rustyconover merged 1 commit into
mainfrom
chore/ignore-aes-major
Jun 23, 2026
Merged

ci: ignore aes 0.9+ in dependabot (fpe pins aes 0.8)#8
rustyconover merged 1 commit into
mainfrom
chore/ignore-aes-major

Conversation

@rustyconover

@rustyconover rustyconover commented Jun 23, 2026

Copy link
Copy Markdown
Contributor

Stops dependabot re-opening the unmergeable aes 0.9 PR. fpe (latest 0.6.1) still pins aes ^0.8 / cipher ^0.4, so a direct aes 0.9 bump pulls two incompatible aes/cipher majors into the tree and fails to compile. Hold aes on 0.8.x (patches still allowed) until fpe releases against cipher 0.5, then bump fpe+aes together. No security driver. See #6.

🤖 Generated with Claude Code

@rustyconover @claude
ci: ignore aes 0.9+ in dependabot (fpe still pins aes 0.8)
41cf18d 
FF1 FPE runs through `fpe` (latest 0.6.1), which still requires aes ^0.8 /
cipher ^0.4. A direct aes 0.9 bump forces two incompatible aes/cipher majors
and won't compile, so dependabot's aes 0.9 PR (#6) is unmergeable. Hold aes on
0.8.x until fpe moves to cipher 0.5. No security driver (aes 0.8 has no
advisory; 0.8->0.9 is trait-API churn). Patches within 0.8.x still flow.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@rustyconover rustyconover merged commit 6a209e9 into main Jun 23, 2026
4 checks passed
@rustyconover rustyconover deleted the chore/ignore-aes-major branch June 23, 2026 23:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rustyconover