Skip to content

chore: upgrade all dependencies to latest versions#158

Merged
sachiniyer merged 4 commits intomainfrom
siyer/dependency-upgrades
Mar 7, 2026
Merged

chore: upgrade all dependencies to latest versions#158
sachiniyer merged 4 commits intomainfrom
siyer/dependency-upgrades

Conversation

@sachiniyer
Copy link
Contributor

@sachiniyer sachiniyer commented Mar 7, 2026
edited by devin-ai-integration bot
Loading

Summary

  • Major version bumps (6 packages):
    • progenitor 0.12 → 0.13
    • toml 0.9 → 1.0
    • dialoguer 0.11 → 0.12
    • termimad 0.30 → 0.34
    • rand 0.9 → 0.10 (removed small_rng feature flag, now always included)
    • axoupdater 0.9 → 0.10
  • 48 semver-compatible patch/minor updates via cargo update
  • Added explicit tokio signal feature (previously transitively enabled by reqwest 0.12)
  • Includes the aws-lc-sys security fix from chore: update aws-lc-sys to fix dependabot alerts #157

Test plan

  • cargo check passes
  • cargo test — all 139 tests pass
  • cargo build --release succeeds
  • Manual CLI testing: --version, --help, auth status, repos list, bugs list, version
  • No new clippy errors introduced

🤖 Generated with Claude Code

Open with Devin

sachiniyer and others added 3 commits March 6, 2026 19:23
@sachiniyer @claude
chore: remove alpha warning from README
2894138 
The CLI is no longer in alpha, so remove the warning banner.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@sachiniyer @claude
chore: update aws-lc-sys to fix dependabot alerts
267b342 
Update aws-lc-rs 1.15.4 -> 1.16.1 and aws-lc-sys 0.37.1 -> 0.38.0
to resolve 3 high-severity dependabot alerts (PKCS7_verify signature
validation bypass, AES-CCM timing side-channel, PKCS7_verify chain
validation bypass).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@sachiniyer @claude
chore: upgrade all dependencies to latest versions
02f6b1a 
Major version bumps:
- progenitor 0.12 -> 0.13
- toml 0.9 -> 1.0
- dialoguer 0.11 -> 0.12
- termimad 0.30 -> 0.34
- rand 0.9 -> 0.10 (small_rng feature removed, now always included)
- axoupdater 0.9 -> 0.10

Also adds explicit tokio "signal" feature (previously transitively enabled
by reqwest 0.12 which was removed in the axoupdater upgrade).

48 additional semver-compatible patch/minor updates applied via cargo update.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@chatgpt-codex-connector
Copy link

chatgpt-codex-connector bot commented Mar 7, 2026

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

devin-ai-integration[bot]
devin-ai-integration bot reviewed Mar 7, 2026
View reviewed changes
Copy link

@devin-ai-integration devin-ai-integration bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no potential bugs to report.

View in Devin Review to see 3 additional findings.

Open in Devin Review

@sachiniyer @claude
fix: remove needless borrows for dialoguer 0.12 compatibility
f1c8b3f 
dialoguer 0.12 changed `.items()` to accept owned values, making
`&items` a needless borrow that triggers clippy with `-D warnings`.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@sachiniyer sachiniyer enabled auto-merge (squash) March 7, 2026 09:05
@sachiniyer sachiniyer merged commit eedf3e5 into main Mar 7, 2026
11 checks passed
@sachiniyer sachiniyer deleted the siyer/dependency-upgrades branch March 7, 2026 09:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@devin-ai-integration devin-ai-integration[bot] devin-ai-integration[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sachiniyer