build(deps): consolidated dependency refresh (supersedes open dependabot PRs)#395
Conversation
Supersedes the open dependabot PRs in one validated pass: - Rust (both workspaces): OpenTelemetry family 0.31 -> 0.32 as a coherent set (opentelemetry, opentelemetry_sdk, opentelemetry-otlp 0.32, tracing-opentelemetry 0.33 — bumping the SDK alone cannot resolve, the family moves together), plus a full cargo update sweep (cmov 0.5.4 et al). No code churn required; clippy clean; telemetry tests green. - Frontend: @babel/core, vite/esbuild/@vitejs/plugin-react updated; npm audit clean; typecheck + build green. - Python locks refreshed via uv: examples demo starlette 1.3.1, awa-python dev deps (django 5.2.16 / 6.0.7).
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (5)
📒 Files selected for processing (3)
📝 WalkthroughWalkthroughThis PR bumps OpenTelemetry-related dependency versions across three Cargo.toml files: workspace dependencies for ChangesOpenTelemetry Dependency Updates
Estimated code review effort: 1 (Trivial) | ~3 minutes Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Consolidates the seven open dependabot PRs into one validated pass — the OpenTelemetry bump in particular can't land piecemeal (dependabot's #361/#365 bump
opentelemetry_sdkalone, which the resolver silently ignores whiletracing-opentelemetry 0.32andopentelemetry-otlp 0.31pin the graph to 0.31; the family must move together).opentelemetry/opentelemetry_sdk/opentelemetry-otlp0.32 +tracing-opentelemetry0.33. Zero code churn needed.cargo updatesweep (locks refreshed in both workspaces)npm audit: 0 vulnerabilitiesuv lock --upgradein the demo appuv lock --upgradein awa-python (django 5.2.16 / 6.0.7)Validation: workspace build +
clippy --all-targets --all-features -D warningsclean on otel 0.32;telemetry_testgreen;awa-pythoncargo check green at the new lock; frontend typecheck + production build green. Full CI on this PR is the final gate.After merge I'll close the seven dependabot PRs as superseded.
Summary by CodeRabbit