Skip to content

build(deps): consolidated dependency refresh (supersedes open dependabot PRs)#395

Merged
hardbyte merged 1 commit into
mainfrom
brian/deps-consolidated
Jul 8, 2026
Merged

build(deps): consolidated dependency refresh (supersedes open dependabot PRs)#395
hardbyte merged 1 commit into
mainfrom
brian/deps-consolidated

Conversation

@hardbyte

@hardbyte hardbyte commented Jul 8, 2026

Copy link
Copy Markdown
Owner

Consolidates the seven open dependabot PRs into one validated pass — the OpenTelemetry bump in particular can't land piecemeal (dependabot's #361/#365 bump opentelemetry_sdk alone, which the resolver silently ignores while tracing-opentelemetry 0.32 and opentelemetry-otlp 0.31 pin the graph to 0.31; the family must move together).

Supersedes Covered by
#361, #365 (otel_sdk 0.32) Coherent family bump in both workspaces: opentelemetry/opentelemetry_sdk/opentelemetry-otlp 0.32 + tracing-opentelemetry 0.33. Zero code churn needed.
#366 (cmov 0.5.4) cargo update sweep (locks refreshed in both workspaces)
#351 (esbuild/vite security), #354 (@babel/core) Frontend updates; npm audit: 0 vulnerabilities
#353 (starlette 1.3.1) uv lock --upgrade in the demo app
#247 (django dev) uv lock --upgrade in awa-python (django 5.2.16 / 6.0.7)

Validation: workspace build + clippy --all-targets --all-features -D warnings clean on otel 0.32; telemetry_test green; awa-python cargo check green at the new lock; frontend typecheck + production build green. Full CI on this PR is the final gate.

After merge I'll close the seven dependabot PRs as superseded.

Summary by CodeRabbit

  • Chores
    • Updated telemetry-related dependencies across the project to newer versions.
    • Kept existing feature selections and integrations unchanged while aligning packages to the latest compatible releases.

Supersedes the open dependabot PRs in one validated pass:

- Rust (both workspaces): OpenTelemetry family 0.31 -> 0.32 as a coherent
  set (opentelemetry, opentelemetry_sdk, opentelemetry-otlp 0.32,
  tracing-opentelemetry 0.33 — bumping the SDK alone cannot resolve, the
  family moves together), plus a full cargo update sweep (cmov 0.5.4 et
  al). No code churn required; clippy clean; telemetry tests green.
- Frontend: @babel/core, vite/esbuild/@vitejs/plugin-react updated;
  npm audit clean; typecheck + build green.
- Python locks refreshed via uv: examples demo starlette 1.3.1,
  awa-python dev deps (django 5.2.16 / 6.0.7).
@hardbyte hardbyte added the full-ci Run the full CI matrix (Python build+test, E2E) on this PR label Jul 8, 2026
@coderabbitai

coderabbitai Bot commented Jul 8, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: a084bbaa-9b24-4017-a87f-4a675dcc0fb1

📥 Commits

Reviewing files that changed from the base of the PR and between 0481e2a and 304fc29.

⛔ Files ignored due to path filters (5)
  • Cargo.lock is excluded by !**/*.lock
  • awa-python/Cargo.lock is excluded by !**/*.lock
  • awa-python/uv.lock is excluded by !**/*.lock
  • awa-ui/frontend/package-lock.json is excluded by !**/package-lock.json
  • examples/python-app-demo/uv.lock is excluded by !**/*.lock
📒 Files selected for processing (3)
  • Cargo.toml
  • awa-python/Cargo.toml
  • awa/Cargo.toml

📝 Walkthrough

Walkthrough

This PR bumps OpenTelemetry-related dependency versions across three Cargo.toml files: workspace dependencies for opentelemetry and opentelemetry_sdk (0.31→0.32), awa-python dependencies including opentelemetry-otlp (0.31→0.32), and awa dev-dependencies for opentelemetry-otlp (0.31→0.32) and tracing-opentelemetry (0.32→0.33).

Changes

OpenTelemetry Dependency Updates

Layer / File(s) Summary
Version bump across manifests
Cargo.toml, awa-python/Cargo.toml, awa/Cargo.toml
Updated opentelemetry, opentelemetry_sdk, opentelemetry-otlp from 0.31 to 0.32, and tracing-opentelemetry from 0.32 to 0.33, keeping existing feature flags unchanged.

Estimated code review effort: 1 (Trivial) | ~3 minutes

Poem

Hop, hop, upgrade the code,
Telemetry crates on a newer road,
0.31 waves goodbye,
0.32 and 0.33 climb high,
A rabbit's cheer for versions bright! 🐇✨

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly describes the main change: a consolidated dependency refresh replacing multiple Dependabot PRs.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

full-ci Run the full CI matrix (Python build+test, E2E) on this PR

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant