Skip to content

Refresh plugin dependencies and versions#73

Merged
msureshkumar88 merged 1 commit intomainfrom
fix/refresh-plugin-dependencies
May 1, 2026
Merged

Refresh plugin dependencies and versions#73
msureshkumar88 merged 1 commit intomainfrom
fix/refresh-plugin-dependencies

Conversation

@lucarlig
Copy link
Copy Markdown
Collaborator

@lucarlig lucarlig commented May 1, 2026

Summary

  • Refresh compatible Rust and Python dependency locks for the six managed CPEX plugins.
  • Patch-bump plugin versions and matching plugin manifests.
  • Update release-validation fixture tags and catalog tests for the new versions.
  • Run retry_with_backoff coverage validation with the plugin uv Python so the Python 3.11+ catalog check does not fall back to system Python 3.9.

Refs #69

Validation

  • make plugins-validate
  • PYO3_PYTHON=$PWD/plugins/rust/python-package//.venv/bin/python make plugin-test PLUGIN= for encoded_exfil_detection, pii_filter, rate_limiter, retry_with_backoff, secrets_detection, url_reputation

Notes

  • Major direct dependency upgrades for redis and rand are intentionally not included in this PR; this is a compatible lockfile refresh.
  • Standard detailed code review has not been run yet; run it before marking the PR ready.

@lucarlig lucarlig force-pushed the fix/refresh-plugin-dependencies branch from b9f5e5c to 0967f1c Compare May 1, 2026 11:43
@lucarlig lucarlig marked this pull request as ready for review May 1, 2026 12:57
@lucarlig
Refresh plugin dependencies and versions
00c00a3 
Signed-off-by: lucarlig <luca.carlig@ibm.com>
@lucarlig lucarlig force-pushed the fix/refresh-plugin-dependencies branch from 0967f1c to 00c00a3 Compare May 1, 2026 14:33
msureshkumar88
msureshkumar88 approved these changes May 1, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@msureshkumar88 msureshkumar88 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review

Verdict: Approve — no major issues. Changes are a clean lockfile refresh + consistent version bumps.

What this PR does

  • Patch-bumps all 6 plugins (encoded_exfil_detection, pii_filter, rate_limiter, retry_with_backoff, secrets_detection, url_reputation)
  • Refreshes Cargo.lock and uv.lock with compatible upstream updates (patch/minor bumps only; rand and redis major bumps intentionally deferred per PR notes)
  • Fixes retry_with_backoff/Makefile to use uv run python instead of bare python3 — correctly enforces plugin-venv Python 3.11+ for coverage check
  • Updates CI fixture tag, catalog pinning, and catalog tests to match new versions

Verification

Version consistency — for all 6 plugins, Cargo.toml version and plugin-manifest.yaml version are in sync. No drift.

Cargo.lock notable bumps

Crate Old New Type
pyo3 family 0.28.2 0.28.3 patch
wasm-bindgen 0.2.117 0.2.120 patch
tokio 1.50.0 1.52.1 minor
rayon 1.11.0 1.12.0 minor
indexmap 2.13.0 2.14.0 minor
hashbrown 0.16.1 0.17.0 minor
icu_* suite 2.1.x 2.2.0 minor

All within declared semver constraints. No unexpected major bumps.

wit-bindgen dual version (0.51.0 + 0.57.1 in lockfile) — expected, two separate transitive dep chains; not a concern.

Makefile fixpython3 $(REPO_ROOT)/tools/plugin_catalog.pyuv run python $(REPO_ROOT)/tools/plugin_catalog.py is the right fix. System Python 3.9 fallback would cause incorrect behavior for Python 3.11+ catalog checks.

Test updates — purely mechanical version-number updates tracking the new releases. No logic changes.

CI

CI is still running at time of review (all build-test and release-validation jobs queued/in-progress). Approve is contingent on CI green — please confirm before merging.

Minor note

PR description says "Standard detailed code review has not been run yet; run it before marking the PR ready." If that refers to an internal automated review tool, please run it before merge. The changes themselves are straightforward and low-risk.

msureshkumar88
msureshkumar88 approved these changes May 1, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@msureshkumar88 msureshkumar88 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGMT

@msureshkumar88 msureshkumar88 merged commit c3c79e1 into main May 1, 2026
96 checks passed
@msureshkumar88 msureshkumar88 deleted the fix/refresh-plugin-dependencies branch May 1, 2026 15:08
gandhipratik203 added a commit that referenced this pull request May 1, 2026
@gandhipratik203
chore(rate-limiter): bump 0.0.5 → 0.0.6 for TLS support release
1969f17 
Main bumped rate_limiter to 0.0.5 in #73 as part of a workspace-wide
dependency refresh, so this PR's release slot moves to 0.0.6. The
content of 0.0.6 is the TLS / rediss:// support work in this PR
(crypto provider install, redis crate bump for advisory cleanup,
TLS regression tests).

Signed-off-by: Pratik Gandhi <gandhipratik203@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@msureshkumar88 msureshkumar88 msureshkumar88 approved these changes

@gandhipratik203 gandhipratik203 Awaiting requested review from gandhipratik203 gandhipratik203 is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lucarlig @msureshkumar88