Skip to content

chore(deps): update rust dependencies#344

Merged
kaiweijw merged 1 commit intomainfrom
chore/update-rust-deps
Apr 15, 2026
Merged

chore(deps): update rust dependencies#344
kaiweijw merged 1 commit intomainfrom
chore/update-rust-deps

Conversation

@kaiweijw
Copy link
Copy Markdown
Collaborator

@kaiweijw kaiweijw commented Apr 15, 2026

Summary

Consolidates the shippable rust dependency bumps flagged by dependabot into one PR. Defers two bumps that require coordinated code migrations.

Updated

Workspace

  • tokio 1.49 → 1.51
  • mongodb 3.5.1 → 3.5.2
  • uuid 1.20 → 1.23
  • tracing-subscriber 0.3.22 → 0.3.23

Backend

  • aws-sdk-kms 1.103 → 1.104
  • totp-rs 5.7.0 → 5.7.1
  • clap 4.5 → 4.6
  • libc 0.2.183 → 0.2.184
  • governor 0.8.1 → 0.10 (no API change in direct/non-keyed path we use)
  • utoipa-swagger-ui 8.1 → 9.0 (compatible with utoipa 5.4 + axum 0.8)
  • google-cloud-kms 0.5 → 0.6 (no API change in KMS client surface)
  • jsonwebtoken 9.3 → 10.3 — note: 10.x requires explicit crypto backend selection; added default-features = false, features = ["use_pem", "aws_lc_rs"]

CLI

  • clap 4.5 → 4.6
  • tokio-tungstenite 0.26 → 0.28 (aligns with backend, removes duplicate compile)
  • toml 0.8 → 1.0
  • directories 5 → 6

Deferred (not shippable in a bulk bump)

  • bson 2.15 → 3.1 (chore(deps): bump bson from 2.15.0 to 3.1.0 #58): mongodb 3.5 must opt in via the bson-3 cargo feature; every #[serde(with = "bson::serde_helpers::chrono_datetime_as_bson_datetime")] attribute and the custom models/bson_datetime.rs helper need rewriting to the new serde_with style, plus renames for bson::to_document. Needs a dedicated refactor PR.
  • rand 0.8 → 0.9 (chore(deps): bump rand from 0.8.5 to 0.9.2 #48): aes-gcm 0.10, ssh-key 0.6, and argon2 0.5 still depend on rand_core 0.6. rand::rngs::OsRng in rand 0.9 is a different type that does not satisfy the trait bounds those crates expect. Block on upstream bumps.

Supersedes

Dependabot should auto-close these once this lands:

Test plan

  • `cargo build --all-features` clean
  • `cargo test --all-features --bins` — 1265 backend + 143 CLI tests pass (1408 total)
  • CI green

@kaiweijw
chore(deps): update rust dependencies
4da470c 
Updates the rust-minor group and compatible major version bumps flagged
by dependabot. Defers two that require coordinated code migrations.

Workspace:
- tokio 1.49 -> 1.51
- mongodb 3.5.1 -> 3.5.2
- uuid 1.20 -> 1.23
- tracing-subscriber 0.3.22 -> 0.3.23

Backend:
- aws-sdk-kms 1.103 -> 1.104 (rust-minor group)
- totp-rs 5.7.0 -> 5.7.1
- clap 4.5 -> 4.6
- libc 0.2.183 -> 0.2.184
- governor 0.8.1 -> 0.10 (no API change in direct/non-keyed path)
- utoipa-swagger-ui 8.1 -> 9.0 (compatible with utoipa 5.4 + axum 0.8)
- google-cloud-kms 0.5 -> 0.6 (no API change in KMS client surface)
- jsonwebtoken 9.3 -> 10.3 (backend feature flag now explicit: aws_lc_rs)

CLI:
- clap 4.5 -> 4.6
- tokio-tungstenite 0.26 -> 0.28 (aligns with backend, removes duplicate compile)
- toml 0.8 -> 1.0
- directories 5 -> 6

Deferred (require coordinated migration, not shippable in one commit):
- bson 2.15 -> 3.1: needs mongodb `bson-3` feature, rewrite of the custom
  `chrono_datetime_as_bson_datetime` serde helper on every model, and
  renamed serialize/deserialize functions.
- rand 0.8 -> 0.9: aes-gcm 0.10, ssh-key 0.6, argon2 0.5, and the `rand_core`
  crate used by those crates are still on rand_core 0.6; `rand::rngs::OsRng`
  in rand 0.9 is a different type that does not satisfy the trait bounds
  those crates expect. Block on upstream bumps.

All 1408 backend + CLI unit tests pass with --all-features.
@kaiweijw kaiweijw merged commit 2bce85b into main Apr 15, 2026
8 checks passed
@kaiweijw kaiweijw deleted the chore/update-rust-deps branch April 15, 2026 07:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kaiweijw