chore(deps): update backend and frontend dependencies#322
Conversation
Backend: - Workspace: tokio 1.50→1.52, serde-saphyr 0.0.22→0.0.23, indexmap 2.13→2.14 - skit: hyper 1.8→1.9, uuid 1.22→1.23, moq-native 0.13.6→0.13.12, moq-lite 0.15.5→0.15.14 - skit-cli: rustyline 17→18, uuid 1.22→1.23 - nodes: rubato 1.0→2.0, audioadapter-buffers 2.0→3.0, rayon 1.10→1.12, rustls-platform-verifier 0.6→0.7, hang 0.15.4→0.15.7, moq-native/lite updated - plugin-wasm: wasmtime/wasmtime-wasi 42→43 - api: serde-saphyr 0.0.22→0.0.23, indexmap 2.12→2.14 Frontend: - lucide-react 0.577→1.8 (major: brand icons removed, none in use) - knip 5→6 (dev: internal parser rewrite) - codemirror 6.0.2→6.65.7 (fixes nested @codemirror/view type duplication) - @codemirror/view pinned to ~6.40.0 (6.41.0 has type-level breaking change) - @tanstack/react-query capped <5.95.2 (>=5.95.2 breaks Node.js type resolution) - 30+ minor/patch bumps across all other packages Deferred: - sha2 0.10→0.11 (blake2 0.11 not stable, would split digest versions) - shiguredo_nvcodec 2025→2026 (complete API overhaul, separate PR) Signed-off-by: StreamKit Devin <devin@streamkit.dev> Co-Authored-By: Claudio Costa <cstcld91@gmail.com>
🤖 Devin AI EngineerI'll be helping with this pull request! Here's what you should know: ✅ I will automatically:
Note: I can only respond to comments from users who have write access to this repository. ⚙️ Control Options:
|
![staging-devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/870844?s=60&v=4){kind=small}
| rubato = { version = "2.0", optional = true } | ||
| audioadapter-buffers = { version = "3.0", optional = true } |
There was a problem hiding this comment.
🚩 rubato 1→2 and audioadapter-buffers 2→3 major version bumps verified compatible
The most significant change in this PR is upgrading rubato from 1.0 to 2.0 and audioadapter-buffers from 2.0 to 3.0 (crates/nodes/Cargo.toml:66-67), both major version bumps with no source code changes. I verified compatibility by reading the rubato 2.0.0 source at /home/ubuntu/.cargo/registry/src/.../rubato-2.0.0/src/asynchro.rs:161-168 — the Async::new_poly constructor signature matches exactly what crates/nodes/src/audio/filters/resampler.rs:231-238 uses. The Resampler::process trait method (rubato lib.rs:116-133) returns InterleavedOwned<T>, and the code calls .take_data() on it at crates/nodes/src/audio/filters/resampler.rs:401. I could not directly verify InterleavedOwned::take_data() exists in audioadapter-buffers 3.0 (didn't read that source), but these crates are by the same author and upgraded together, making this very likely compatible. A cargo check would confirm definitively.
Was this helpful? React with 👍 or 👎 to provide feedback.
Debug
There was a problem hiding this comment.
Correct — all three major Rust bumps (rubato 2.0, audioadapter-buffers 3.0, wasmtime 43) compile cleanly without source changes. The existing code already uses APIs that are compatible with the new versions. CI's type checker is the verification gate here.
| tokio-rustls = { version = "0.26", optional = true } | ||
| rustls = { version = "0.23", optional = true, default-features = false, features = ["std"] } | ||
| rustls-platform-verifier = { version = "0.6", optional = true } | ||
| rustls-platform-verifier = { version = "0.7", optional = true } |
There was a problem hiding this comment.
🚩 rustls-platform-verifier 0.6 → 0.7 is a breaking change for pre-1.0 crate
The rustls-platform-verifier bump from 0.6 to 0.7 (crates/nodes/Cargo.toml:93) is technically a breaking change (for pre-1.0 crates, minor version bumps can break API). The crate is used in crates/nodes/src/transport/rtmp.rs for TLS verification. No source code was changed. Like the other Rust crate bumps, any incompatibility would be caught by the compiler, but this is worth noting as it's an easily-overlooked semver nuance.
Was this helpful? React with 👍 or 👎 to provide feedback.
Debug
There was a problem hiding this comment.
Acknowledged — rustls-platform-verifier is pre-1.0 so 0.6→0.7 is technically a breaking change under semver. Verified the usage in crates/nodes/src/transport/rtmp.rs compiles with 0.7; the Verifier::new() constructor and ClientConfig integration are unchanged.
Revert @codemirror/view to ^6.40.0 and add an overrides entry to force all transitive copies to resolve to the same version (6.41.0). This prevents CodeMirror singleton Facet identity mismatches that would break themes, key bindings, and extensions at runtime. Signed-off-by: StreamKit Devin <devin@streamkit.dev> Co-Authored-By: Claudio Costa <cstcld91@gmail.com>
| "@radix-ui/react-tabs": "^1.1.13", | ||
| "@radix-ui/react-tooltip": "^1.2.8", | ||
| "@tanstack/react-query": "^5.91.3", | ||
| "@tanstack/react-query": ">=5.91.3 <5.95.2", |
There was a problem hiding this comment.
🚩 @tanstack/react-query version cap is intentional defensive measure
The version constraint changed from ^5.91.3 (any 5.x >= 5.91.3) to >=5.91.3 <5.95.2 which caps the maximum version. This is likely a deliberate workaround for a known regression or breaking change introduced in react-query 5.95.2+. The constraint style is unusual for this project (everything else uses ^ ranges) so it's worth documenting why this cap exists, either in the PR description or as a code comment, to prevent someone from accidentally removing it later.
Was this helpful? React with 👍 or 👎 to provide feedback.
Debug
There was a problem hiding this comment.
Agreed — this is a deliberate workaround. The PR description already documents it, but a code comment next to the constraint would make it more discoverable. I'll add one.
There was a problem hiding this comment.
Correction: JSON doesn't support comments, so we can't add an inline explanation. The rationale is documented in the PR description: @tanstack/query-core ≥5.95.2 introduces a regression that breaks Node.js type resolution globally (Cannot find name 'global'/NodeJS/process across 11 files, 46 errors). This cap should be revisited when upstream fixes the issue.
2 participants
Summary
Full dependency update pass across both backend (Cargo) and frontend (Bun).
Backend
Major version bumps:
rubato1.0 → 2.0 +audioadapter-buffers2.0 → 3.0 (real-time safety rewrite; no code changes needed —process()API andInterleavedOwnedusage unchanged)rustls-platform-verifier0.6 → 0.7 (pre-1.0 semver breaking; API unchanged for our usage inrtmp.rs)wasmtime/wasmtime-wasi42 → 43 (minor semver, component-model API stable)rustyline17 → 18 (additive API, no breaking changes for our usage)Minor/patch bumps:
tokio1.50→1.52,serde-saphyr0.0.22→0.0.23,indexmap2.13→2.14hyper1.8→1.9,uuid1.22→1.23,moq-native0.13.6→0.13.12,moq-lite0.15.5→0.15.14rayon1.10→1.12,hang0.15.4→0.15.7serde-saphyr,indexmapaligned with workspaceFrontend
Major version bumps:
lucide-react0.577 → 1.8 (brand icons removed in 1.0; none in use)knip5 → 6 (dev-only; internal parser rewrite, no config changes)codemirror6.0.2 → 6.65.7Version constraints:
@codemirror/viewkept at^6.40.0with anoverridesentry ("$@codemirror/view") to force all transitive copies to deduplicate to the same version (6.41.0). Without this, bun creates nested copies at 6.40.0 alongside a top-level 6.41.0, breaking CodeMirror's singletonFacetreference identity.@tanstack/react-querycapped at<5.95.2— versions ≥5.95.2 break Node.js type resolution (causesCannot find name 'global'/NodeJS/processacross test and source files). This appears to be an upstream regression in@tanstack/query-core.30+ minor/patch bumps across all other packages.
Deferred
sha20.10 → 0.11:blake20.11 is still rc, upgrading sha2 alone splitsdigesttrait versionsshiguredo_nvcodec2025 → 2026: complete API overhaul (new repo, restructured config), warrants separate PRReview & Testing Checklist for Human
rubato2.0 resampler behavior: theprocess()method signature is compatible, but run an audio resampling pipeline to confirm output quality is unchangedwasmtime43 WASM plugin loading works correctly (load a WASM plugin, run a pipeline)rustyline18 CLI interactive shell still works (skit-cliREPL)lucide-react1.x icons render correctly in the UI (icon names unchanged, but verify visually)Notes
lint-pluginsrecipe fails on this environment due to missingfontconfigsystem library — this is pre-existing and unrelated to these changes.plugin_integration_testfailures (8 tests) are also pre-existing onmainfor the same reason.Link to Devin session: https://staging.itsdev.in/sessions/a70fcba64d2c46ac8eec862e1b3d9b95
Requested by: @streamer45