Skip to content

chore(deps): bump non-opentelemetry prod dependencies#317

Merged
rubberduck203 merged 2 commits into
mainfrom
chore/dependabot-non-otel-prod-deps
May 20, 2026
Merged

chore(deps): bump non-opentelemetry prod dependencies#317
rubberduck203 merged 2 commits into
mainfrom
chore/dependabot-non-otel-prod-deps

Conversation

@rubberduck203
Copy link
Copy Markdown
Contributor

@rubberduck203 rubberduck203 commented May 19, 2026

Summary

Splits out the safe deps from the stalled #315 (prod-dependencies group), which is blocked on the opentelemetry 0.31→0.32 API break.

Updated (8 deps):

  • assert_cmd 2.2.1 → 2.2.2
  • jsonwebtoken 10.3.0 → 10.4.0
  • nix 0.29.0 → 0.31.2 (dev)
  • normpath 1.5.0 → 1.5.1
  • octocrab 0.49.9 → 0.50.0
  • tokio 1.52.1 → 1.52.3
  • tonic 0.14.5 → 0.14.6
  • wait-timeout 0.2.0 → 0.2.1

Excluded (OTel — requires code changes for 0.32 API):

  • opentelemetry, opentelemetry_sdk, opentelemetry-otlp, tracing-opentelemetry remain at current versions

dependabot.yml: Adds a dedicated opentelemetry group (mirroring gdev's config) that includes opentelemetry* and tracing-opentelemetry. Future OTel bumps will arrive in their own PR, isolated from the rest of the dep tree.

Test plan

  • CI passes (no OTel compile errors)
  • Verify opentelemetry* still at 0.31.x in Cargo.lock after merge

🤖 Generated with Claude Code

rubberduck203 and others added 2 commits May 19, 2026 09:29
@rubberduck203 @claude
chore(deps): bump non-opentelemetry prod dependencies
fbde12f 
Updates 8 deps from the stalled prod-dependencies group PR (#315),
excluding the opentelemetry crates which require code changes to
adopt the 0.31→0.32 API break.

Also splits opentelemetry into its own dependabot group so future
bumps arrive separately from the rest of the dependency tree.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
@rubberduck203 @claude
fix(dependabot): also exclude tracing-opentelemetry from prod-depende…
4742819 
…ncies group

tracing-opentelemetry minor version trails opentelemetry by one release
(tracing-opentelemetry 0.33 requires otel 0.32), so it must move in
lockstep with the opentelemetry group. Mirrors gdev's dependabot config.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
@socket-security
Copy link
Copy Markdown

socket-security Bot commented May 19, 2026
edited
Loading

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring alerts on:

  • cargo/nix@0.31.2

View full report

@rubberduck203
Copy link
Copy Markdown
Contributor Author

rubberduck203 commented May 19, 2026

@SocketSecurity ignore cargo/nix@0.31.2

@rubberduck203 rubberduck203 merged commit dd2ee46 into main May 20, 2026
7 checks passed
@rubberduck203 rubberduck203 deleted the chore/dependabot-non-otel-prod-deps branch May 20, 2026 13:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rubberduck203