build: full dependency update pass (backend + frontend)#390
Conversation
- serde-saphyr 0.0.23 → 0.0.25 (workspace + api) - toml 1.0 → 1.1 (skit, skit-cli) - sha2 0.10 → 0.11 (skit) - rustls 0.23.36 → 0.23 (skit, loosen spec) - moq-native 0.13.12 → 0.13.13 (skit, nodes) - moq-lite 0.15.13 → 0.15.15 (skit, nodes) - hang 0.15.7 → 0.15.8 (nodes) - wasmtime/wasmtime-wasi 43.0.1 → 44.0.1 (plugin-wasm) - shiguredo_nvcodec 2025.2 → 2026.1 (nodes) - cargo update for all lock-only patch bumps Signed-off-by: StreamKit Devin <devin@streamkit.dev> Co-Authored-By: Claudio Costa <cstcld91@gmail.com>
- moq_config.bind type changed from SocketAddr to String - next_group() deprecated in favor of next_group_ordered() Signed-off-by: StreamKit Devin <devin@streamkit.dev> Co-Authored-By: Claudio Costa <cstcld91@gmail.com>
- Bump patch/minor versions for all dev and runtime deps - Add types: ["node"] to tsconfig.json (required after @tanstack/react-query fixed @types/node type leak in 5.95.2+) - Regenerate bun.lock to deduplicate @codemirror/view Signed-off-by: StreamKit Devin <devin@streamkit.dev> Co-Authored-By: Claudio Costa <cstcld91@gmail.com>
- @playwright/test 1.58.2 → 1.59.1 - @types/node 25.5.0 → 25.6.0 - typescript 6.0.2 → 6.0.3 Signed-off-by: StreamKit Devin <devin@streamkit.dev> Co-Authored-By: Claudio Costa <cstcld91@gmail.com>
- mermaid 11.13.0 → 11.14.0 - Defer Astro/Starlight major bumps to separate PR Signed-off-by: StreamKit Devin <devin@streamkit.dev> Co-Authored-By: Claudio Costa <cstcld91@gmail.com>
🤖 Devin AI EngineerI'll be helping with this pull request! Here's what you should know: ✅ I will automatically:
Note: I can only respond to comments from users who have write access to this repository. ⚙️ Control Options:
|
![staging-devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/870844?s=60&v=4){kind=small}
| "@radix-ui/react-tabs": "^1.1.13", | ||
| "@radix-ui/react-tooltip": "^1.2.8", | ||
| "@tanstack/react-query": ">=5.91.3 <5.95.2", | ||
| "@tanstack/react-query": "^5.100.6", |
There was a problem hiding this comment.
🚩 Removal of deliberately-placed @tanstack/react-query version cap
The previous PR (commit 0c52c92) explicitly capped @tanstack/react-query at <5.95.2 with the note: ">=5.95.2 breaks Node.js type resolution". This PR removes that cap and jumps to ^5.100.6. The lockfile resolves to 5.100.6. If TanStack fixed the type resolution issue upstream (which is likely given the many versions between 5.95.2 and 5.100.6), this is correct. However, the cap was deliberate and its removal is not documented in the PR — worth confirming that tsc --noEmit passes cleanly in CI before merging.
Was this helpful? React with 👍 or 👎 to provide feedback.
Debug
There was a problem hiding this comment.
The cap was placed because versions 5.91.0–5.91.2 leaked @types/node into browser projects via build config files included in the DTS rollup. The fix landed in 5.91.3 (TanStack/query#10302) and was extended in TanStack/query#10358. However, removing the leak means projects that relied on it (like ours) lose ambient Node types.
Rather than keeping the cap, this PR adds "types": ["node"] to tsconfig.json — which is the proper fix. The tsc --noEmit check passes cleanly both locally and in CI (see the "UI / Lint, Test & Build" check).
| # For built-in authentication | ||
| jsonwebtoken = { version = "10.2.0", default-features = false, features = ["aws_lc_rs"] } | ||
| sha2 = "0.10" | ||
| sha2 = "0.11" |
There was a problem hiding this comment.
📝 Info: sha2 0.10→0.11 upgrade was previously explicitly deferred
The previous dependency update PR (commit 0c52c92) explicitly deferred this upgrade with the note: "sha2 0.10→0.11 (blake2 0.11 not stable, would split digest versions)". This PR now does the upgrade, resulting in two digest crate versions in the dependency tree: digest 0.10.7 (from blake2 0.10.6) and digest 0.11.2 (from sha2 0.11.0). I verified this is not a correctness issue — marketplace.rs imports Digest from blake2, while auth/mod.rs and marketplace_installer.rs import Digest from sha2, and there's no cross-module trait interaction. The only downside is slightly increased binary size from duplicate digest implementations. Consider updating blake2 to 0.11 when it stabilizes to unify the digest version.
Was this helpful? React with 👍 or 👎 to provide feedback.
Debug
| tokio::select! { | ||
| biased; | ||
| group_result = track_consumer.next_group() => { | ||
| group_result = track_consumer.next_group_ordered() => { |
There was a problem hiding this comment.
📝 Info: next_group() → next_group_ordered() migration is complete
The moq-lite 0.15.15 API renamed next_group() to next_group_ordered(). I verified both call sites in the codebase were updated: crates/nodes/src/transport/moq/peer/mod.rs:1739 and crates/nodes/src/transport/moq/pull.rs:313. No remaining references to the old next_group() method exist in Rust source files. The behavioral change (ordered group delivery) aligns with the MoQ protocol's expected semantics for these consumer paths.
Was this helpful? React with 👍 or 👎 to provide feedback.
Debug
| "DOM" | ||
| ], | ||
| "skipLibCheck": true, | ||
| "types": ["node"], |
There was a problem hiding this comment.
📝 Info: tsconfig types field restricts global type inclusion
Adding "types": ["node"] to ui/tsconfig.json restricts which @types/* packages are automatically included for global type resolution. This means only @types/node globals (like process, Buffer, setTimeout) are available globally. Other @types/* packages (@types/react, @types/lodash-es, @types/js-yaml) still work fine through module resolution when imported. This change is likely needed for TypeScript 6.0 compatibility where automatic @types/node inclusion behavior may have changed.
Was this helpful? React with 👍 or 👎 to provide feedback.
Debug
- DecoderConfig: add codec, max_num_decode_surfaces, surface_format fields; remove Default usage - Decoder::new_av1() → Decoder::new() (codec in config) - EncoderConfig: fps_numerator → framerate_num, fps_denominator → framerate_den, target_bitrate → average_bitrate; move idr_period/profile into CodecConfig::Av1(Av1EncoderConfig) - Encoder::new_av1() → Encoder::new() (codec in config) - Encoder::encode() now takes EncodeOptions parameter - Add buffer_format field to EncoderConfig Signed-off-by: StreamKit Devin <devin@streamkit.dev> Co-Authored-By: Claudio Costa <cstcld91@gmail.com>
| let encode_options = shiguredo_nvcodec::EncodeOptions { | ||
| force_intra: false, | ||
| force_idr: false, | ||
| output_spspps: false, | ||
| }; | ||
|
|
||
| self.encoder | ||
| .encode(&nv12_data) | ||
| .encode(&nv12_data, &encode_options) |
There was a problem hiding this comment.
📝 Info: Hardcoded EncodeOptions with all-false flags preserves prior behavior but disables per-frame keyframe forcing
The new shiguredo_nvcodec 2026.1 API adds per-frame EncodeOptions (force_intra, force_idr, output_spspps). The PR hardcodes all three to false at crates/nodes/src/video/nv_av1.rs:582-586, which preserves the behavior of the old encode(&data) API that had no per-frame overrides. However, this means the encoder cannot be dynamically instructed to emit a keyframe on demand (e.g., in response to a viewer joining). The keyframe schedule is entirely driven by gop_length/idr_period in the config. This is fine for now but worth noting if on-demand keyframe insertion is needed later.
Was this helpful? React with 👍 or 👎 to provide feedback.
Debug
There was a problem hiding this comment.
Correct — EncodeOptions { false, false, false } is equivalent to the old encode(&data) which had no per-frame override capability. On-demand keyframe insertion would be a feature addition on top of this dependency update.
The previous shiguredo_nvcodec DecoderConfig::default() used 20. Preserves prior behavior to avoid decoding stalls with bitstreams that require more reference frames. Signed-off-by: StreamKit Devin <devin@streamkit.dev> Co-Authored-By: Claudio Costa <cstcld91@gmail.com>
|
|
||
| let mut moq_config = MoqServerConfig::default(); | ||
| moq_config.bind = Some(addr); | ||
| moq_config.bind = Some(addr.to_string()); |
There was a problem hiding this comment.
📝 Info: moq_config.bind type changed from SocketAddr to String
The moq_config.bind field changed from Option<SocketAddr> to Option<String> at apps/skit/src/server/mod.rs:4703. The addr variable is a SocketAddr (parsed at line 4662), so .to_string() produces a valid ip:port format. This is a safe conversion, though it introduces a redundant parse round-trip (string → SocketAddr → string) that the moq-native library will then parse back. No functional issue.
Was this helpful? React with 👍 or 👎 to provide feedback.
Debug
Signed-off-by: StreamKit Devin <devin@streamkit.dev> Co-Authored-By: Claudio Costa <cstcld91@gmail.com>
| wasmtime = { version = "44.0.1", features = ["component-model", "async"] } | ||
| wasmtime-wasi = "44.0.1" |
There was a problem hiding this comment.
📝 Info: wasmtime 43 → 44 bump with no source changes
The wasmtime bump from 43.0.1 to 44.0.1 only changes the Cargo.toml version — no source files in crates/plugin-wasm/src/ were modified. Wasmtime minor releases (43→44) can include breaking API changes. If any source-level incompatibilities exist, they will manifest as compilation errors caught by CI. The plugin-wasm crate uses wasmtime's component-model and async features, plus wasmtime-wasi, which are the areas most likely to have API churn between versions.
Was this helpful? React with 👍 or 👎 to provide feedback.
Debug
2 participants
Summary
Full dependency update pass across backend (Cargo) and frontend (Bun) workspaces.
Backend (Cargo)
Version spec bumps:
serde-saphyr0.0.23 → 0.0.25 (workspace + api)toml1.0 → 1.1 (skit, skit-cli)sha20.10 → 0.11 (skit)rustls0.23.36 → 0.23 (skit — loosen spec)moq-native0.13.12 → 0.13.13 (skit, nodes)moq-lite0.15.13 → 0.15.15 (skit, nodes)hang0.15.7 → 0.15.8 (nodes)wasmtime+wasmtime-wasi43.0.1 → 44.0.1 (plugin-wasm)shiguredo_nvcodec2025.2 → 2026.1 (nodes)Lock-only updates via
cargo update: axum, clap, reqwest, semver, tracing-appender, aws-lc-rs, vk-video, cc, pkg-config, and transitive deps.Code changes for moq-lite 0.15.15 API:
moq_config.bindtype changed fromSocketAddrtoString→ added.to_string()next_group()deprecated → replaced withnext_group_ordered()(maintains sequence order for media streaming)Code changes for shiguredo_nvcodec 2026.1 API:
DecoderConfig: addcodec,max_num_decode_surfaces,surface_formatfields; removeDefaultusageDecoder::new_av1()→Decoder::new()(codec specified in config)EncoderConfig:fps_numerator→framerate_num,fps_denominator→framerate_den,target_bitrate→average_bitrate; moveidr_period/profileintoCodecConfig::Av1(Av1EncoderConfig); addbuffer_formatEncoder::new_av1()→Encoder::new()(codec specified in config)Encoder::encode()now takes anEncodeOptionsparameterFrontend (Bun)
ui/ — Bumped all patch/minor versions:
@commitlint/*,@typescript-eslint/*,@vitest/*,vite,vitest,@codemirror/view,@moq/*,lucide-react,@tanstack/react-query,react-router-dom,uuid,jsdom,knip. Regenerated lockfile to deduplicate@codemirror/view. Added"types": ["node"]totsconfig.json(required after@tanstack/react-queryfixed @types/node type leak in 5.95.2+; the project was previously relying on this unintentional leak for Node ambient types in test files).e2e/ —
@playwright/test1.58.2 → 1.59.1,@types/node25.5.0 → 25.6.0,typescript6.0.2 → 6.0.3.docs/ —
mermaid11.13.0 → 11.14.0. Astro/Starlight major bumps deferred to a separate PR.Deferred
blake20.10.6 → 0.11 (still rc, no stable release)uuidv14 (drops Node 18 support)Review & Testing Checklist for Human
next_group()→next_group_ordered()change andbindtype change are the only moq code modifications — confirm a MoQ publish/subscribe flow works correctlyshiguredo_nvcodec2026.1 update changed struct layouts, constructors, and the encode() signature@tanstack/react-queryupgrade: confirm React Query hooks behave normally in the UI (query caching, refetching, error states)Notes
main)just lintpasses cleanly (Rust fmt/clippy + UI prettier/eslint/tsc)tsconfig.jsonchange ("types": ["node"]) is necessary because@tanstack/react-queryversions prior to 5.95.2 accidentally leaked@types/nodeinto consuming projects via build config files included in their DTS rollup. This was fixed upstream, meaning projects that relied on the leak need to explicitly declare their Node type dependencyLink to Devin session: https://staging.itsdev.in/sessions/ca8a8de716e54a7fafbe321164ed2c8a
Requested by: @streamer45
Devin Review
9678e7b