Skip to content

chore(jedi): bump tonic ecosystem 0.12.3 → 0.14.5#7609

Merged
h0lybyte merged 1 commit intodevfrom
trunk/jedi-tonic-bump-1772686110
Mar 5, 2026
Merged

chore(jedi): bump tonic ecosystem 0.12.3 → 0.14.5#7609
h0lybyte merged 1 commit intodevfrom
trunk/jedi-tonic-bump-1772686110

Conversation

@h0lybyte
Copy link
Member

@h0lybyte h0lybyte commented Mar 5, 2026

Summary

  • Bumps the full tonic ecosystem from 0.12.3 to 0.14.5 in the jedi crate
  • Migrates from tonic-build to tonic-prost-build (prost was extracted in tonic 0.14)
  • Bumps prost 0.13 → 0.14, prost-types 0.13.5 → 0.14
  • Adds tonic-prost 0.14.5 (new codec bridge crate required by tonic-health/tonic-reflection)
  • Regenerates proto stubs for tonic 0.14 API changes

Supersedes #7538 (Dependabot only bumped tonic-reflection, but all tonic crates must stay in sync).

Test plan

  • cargo build succeeds with BUILD_PROTO=1
  • Proto stubs regenerated cleanly
  • CI build passes

@h0lybyte
chore(jedi): bump tonic ecosystem 0.12.3 → 0.14.5
9c298d4 
- tonic, tonic-health, tonic-reflection → 0.14.5
- tonic-build → tonic-prost-build 0.14.5 (prost extracted in 0.14)
- prost 0.13 → 0.14, prost-types 0.13.5 → 0.14
- Add tonic-prost 0.14.5 (new codec bridge crate)
- Regenerate proto stubs for tonic 0.14 API

Closes #7538
@h0lybyte h0lybyte mentioned this pull request Mar 5, 2026
Closed
@github-actions
Copy link
Contributor

github-actions bot commented Mar 5, 2026

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 6 package(s) with unknown licenses.
See the Details below.

License Issues

packages/rust/jedi/Cargo.toml

PackageVersionLicenseIssue Type
prost>= 0.14.0, < 0.15.0NullUnknown License
prost-types>= 0.14.0, < 0.15.0NullUnknown License
tonic>= 0.14.5, < 0.15.0NullUnknown License
tonic-health>= 0.14.5, < 0.15.0NullUnknown License
tonic-prost>= 0.14.5, < 0.15.0NullUnknown License
tonic-reflection>= 0.14.5, < 0.15.0NullUnknown License

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
cargo/pulldown-cmark 0.13.1 UnknownUnknown
cargo/pulldown-cmark-to-cmark 22.0.0 🟢 3.9
Details
CheckScoreReason
Code-Review🟢 5Found 8/14 approved changesets -- score normalized to 5
Maintained🟢 68 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 6
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
cargo/tonic 0.14.5 🟢 6.4
Details
CheckScoreReason
Code-Review🟢 8Found 26/30 approved changesets -- score normalized to 8
Security-Policy🟢 9security policy file detected
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1030 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 4binaries present in source code
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 1SAST tool is not run on all commits -- score normalized to 1
cargo/tonic-build 0.14.5 🟢 6.4
Details
CheckScoreReason
Code-Review🟢 8Found 26/30 approved changesets -- score normalized to 8
Security-Policy🟢 9security policy file detected
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1030 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 4binaries present in source code
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 1SAST tool is not run on all commits -- score normalized to 1
cargo/tonic-health 0.14.5 🟢 6.4
Details
CheckScoreReason
Code-Review🟢 8Found 26/30 approved changesets -- score normalized to 8
Security-Policy🟢 9security policy file detected
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1030 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 4binaries present in source code
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 1SAST tool is not run on all commits -- score normalized to 1
cargo/tonic-prost 0.14.5 🟢 6.4
Details
CheckScoreReason
Code-Review🟢 8Found 26/30 approved changesets -- score normalized to 8
Security-Policy🟢 9security policy file detected
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1030 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 4binaries present in source code
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 1SAST tool is not run on all commits -- score normalized to 1
cargo/tonic-prost-build 0.14.5 🟢 6.4
Details
CheckScoreReason
Code-Review🟢 8Found 26/30 approved changesets -- score normalized to 8
Security-Policy🟢 9security policy file detected
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1030 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 4binaries present in source code
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 1SAST tool is not run on all commits -- score normalized to 1
cargo/tonic-reflection 0.14.5 🟢 6.4
Details
CheckScoreReason
Code-Review🟢 8Found 26/30 approved changesets -- score normalized to 8
Security-Policy🟢 9security policy file detected
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1030 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 4binaries present in source code
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 1SAST tool is not run on all commits -- score normalized to 1
cargo/prost >= 0.14.0, < 0.15.0 UnknownUnknown
cargo/prost-types >= 0.14.0, < 0.15.0 UnknownUnknown
cargo/tonic >= 0.14.5, < 0.15.0 UnknownUnknown
cargo/tonic-health >= 0.14.5, < 0.15.0 UnknownUnknown
cargo/tonic-prost >= 0.14.5, < 0.15.0 UnknownUnknown
cargo/tonic-prost-build >= 0.14.5, < 0.15.0 UnknownUnknown
cargo/tonic-reflection >= 0.14.5, < 0.15.0 UnknownUnknown

Scanned Files

  • Cargo.lock
  • packages/rust/jedi/Cargo.toml

@h0lybyte h0lybyte merged commit 04cbc1f into dev Mar 5, 2026
5 checks passed
@h0lybyte h0lybyte deleted the trunk/jedi-tonic-bump-1772686110 branch March 5, 2026 05:31
@github-actions github-actions bot mentioned this pull request Mar 5, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@h0lybyte