Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump prost-types from 0.11.9 to 0.13.1 #387

Closed
wants to merge 1 commit into from
Closed

Bump prost-types from 0.11.9 to 0.13.1 #387

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jul 15, 2024
edited
Loading

Bumps prost-types from 0.11.9 to 0.13.1.

Changelog

Sourced from prost-types's changelog.

Prost version 0.13.1

PROST! is a Protocol Buffers implementation for the Rust Language. prost generates simple, idiomatic Rust code from proto2 and proto3 files.

Bug fixes

  • Enum variant named Error causes ambiguous item (#1098)

PROST version 0.13.0

note: this version was yanked in favor of 0.13.1

PROST! is a Protocol Buffers implementation for the Rust Language. prost generates simple, idiomatic Rust code from proto2 and proto3 files.

This major update brings new features and fixes:

Breaking changes

  • derive Copy trait for messages where possible (#950)

    prost-build will automatically derive trait Copy for some messages. If you manually implement Copy you should remove your implementation.

  • Change generated functions signatures to remove type parameters (#1045)

    The function signature of trait Message is changed to use impl Buf instead of a named generic type. If you implement trait Message, you should change the function signature.

  • Lightweight error value in TryFrom for enums (#1010)

    When a impl TryFrom<i32> is generated by prost derive macros, it will now return the error type UnknownEnumValue instead of DecodeError. The new error can be used to retreive the integer value that failed to convert.

Features

  • fix: Only touch include file if contents is changed (#1058)

    Most generated files are untouched when the contents doesn't change. Use the same mechanism for include file as well.

Dependencies

  • update env_logger requirement from 0.10 to 0.11 (#1074)
  • update criterion requirement from 0.4 to 0.5 (#1071)
  • Remove unused libz-sys (#1077)
  • build(deps): update itertools requirement from >=0.10, =0.10, <=0.13 (#1070)

Documentation

  • better checking of tag duplicates, avoid discarding invalid variant errs (#951)
  • docs: Fix broken link warnings (#1056)
  • Add missing LICENSE symlink (#1086)

Internal

  • workspace package metadata (#1036)
  • fix: Build error due to merge conflict (#1068)
  • build: Fix release scripts (#1055)
  • chore: Add ci to check MSRV (#1057)

... (truncated)

Commits

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Summary by CodeRabbit

  • Chores
    • Updated the dependency version for prost-types to improve performance and enable potential new features.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file. rust Pull requests that update Rust code labels Jul 15, 2024
@dependabot dependabot bot mentioned this pull request Jul 15, 2024
Closed
@coderabbitai coderabbitai
Copy link
Contributor

coderabbitai bot commented Jul 15, 2024
edited
Loading

Walkthrough

The recent change updates the prost-types dependency in the Cargo.toml file of the project from version ^0.11 to ^0.13. This upgrade aims to leverage new features, bug fixes, and performance improvements offered by the newer version, enhancing the project's overall functionality.

Changes

File Path Change Summary
crates/ext-processor/Cargo.toml Updated prost-types dependency from ^0.11 to ^0.13

Sequence Diagram(s)

(No sequence diagrams generated as the changes are straightforward and do not involve complex interactions.)

Poem

🐇 In the garden of code, I hop with glee,
Upgrading prost-types, oh what a spree!
New features and fixes, a fresh start,
A leap toward progress, it warms my heart.
Let's dance through the lines, let creativity flow,
With every new version, our project will grow! 🌼

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share
Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai generate interesting stats about this repository and render them as a table.
    • @coderabbitai show all the console.log statements in this repository.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Jul 15, 2024
edited
Loading

DryRun Security Summary

The provided code changes update the dependencies for the prost and prost-types crates, upgrading them from version 0.11 to 0.13.1, which is generally a good practice to address known vulnerabilities and improve the overall security of the application.

Expand for full summary

Summary:

The provided code changes are focused on updating the dependencies for the prost and prost-types crates used in the project. The Cargo.toml file is updating the dependency on prost-types from version ^0.11 to ^0.13, while the Cargo.lock file is updating the versions of both prost and prost-types to 0.13.1.

From an application security perspective, these changes do not appear to introduce any immediate security concerns. Dependency updates are generally a good practice, as they can address known vulnerabilities or improve the overall security of the application. However, it's important to thoroughly review the changes in the new versions of the dependencies to ensure there are no breaking changes or new security vulnerabilities introduced.

Additionally, it's recommended to monitor the security advisories and release notes for all the dependencies used in the project to stay informed about any potential security issues. Prompt updates of dependencies with disclosed vulnerabilities are crucial to maintain the security of the application.

Files Changed:

  • crates/ext-processor/Cargo.toml: This file is updating the dependency on the prost-types crate from version ^0.11 to ^0.13. This is likely a version upgrade to take advantage of new features or bug fixes in the newer version of the prost-types crate.
  • Cargo.lock: This file is updating the dependency versions for the prost and prost-types crates. The prost crate is being upgraded from version 0.11.9 to 0.13.1, and the prost-types crate is being upgraded from version 0.11.9 to 0.13.1.

Code Analysis

We ran 9 analyzers against 2 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

@dependabot dependabot bot force-pushed the dependabot/cargo/prost-types-0.13.1 branch from 2037eb8 to 06f383d Compare August 9, 2024 20:07
coderabbitai[bot]
coderabbitai bot reviewed Aug 9, 2024
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 85d84bf and 06f383d.

Files ignored due to path filters (1)
  • Cargo.lock is excluded by !**/*.lock
Files selected for processing (1)
  • crates/ext-processor/Cargo.toml (1 hunks)
Additional comments not posted (1)
crates/ext-processor/Cargo.toml (1)

36-36: Verify compatibility with prost-types version 0.13.

The update from prost-types version ^0.11 to ^0.13 may introduce breaking changes or new features. Ensure that the codebase is compatible with this new version, especially considering the breaking changes mentioned in the PR summary.

@dependabot dependabot bot force-pushed the dependabot/cargo/prost-types-0.13.1 branch from 06f383d to 23dd52d Compare August 10, 2024 04:42
coderabbitai[bot]
coderabbitai bot reviewed Aug 10, 2024
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 06f383d and 23dd52d.

Files ignored due to path filters (1)
  • Cargo.lock is excluded by !**/*.lock
Files selected for processing (1)
  • crates/ext-processor/Cargo.toml (1 hunks)
Files skipped from review due to trivial changes (1)
  • crates/ext-processor/Cargo.toml

@dependabot
Bump prost-types from 0.11.9 to 0.13.1
a6985a7 
Bumps [prost-types](https://github.com/tokio-rs/prost) from 0.11.9 to 0.13.1.
- [Release notes](https://github.com/tokio-rs/prost/releases)
- [Changelog](https://github.com/tokio-rs/prost/blob/master/CHANGELOG.md)
- [Commits](tokio-rs/prost@v0.11.9...v0.13.1)

---
updated-dependencies:
- dependency-name: prost-types
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/cargo/prost-types-0.13.1 branch from 23dd52d to a6985a7 Compare August 10, 2024 06:26
coderabbitai[bot]
coderabbitai bot reviewed Aug 10, 2024
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 23dd52d and a6985a7.

Files ignored due to path filters (1)
  • Cargo.lock is excluded by !**/*.lock
Files selected for processing (1)
  • crates/ext-processor/Cargo.toml (1 hunks)
Additional comments not posted (1)
crates/ext-processor/Cargo.toml (1)

36-36: Verify compatibility with prost-types version 0.13.

The prost-types dependency has been updated from ^0.11 to ^0.13. Ensure that all usages of prost-types in the codebase are compatible with the new version, especially considering the breaking changes and new features mentioned in the PR summary.

@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Sep 2, 2024

Superseded by #409.

@dependabot dependabot bot closed this Sep 2, 2024
@dependabot dependabot bot deleted the dependabot/cargo/prost-types-0.13.1 branch September 2, 2024 22:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file. rust Pull requests that update Rust code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants