Skip to content

chore(deps): consolidated Java + Rust dependency maintenance#72

Merged
debe merged 2 commits into
mainfrom
chore/dep-maintenance
Jul 7, 2026
Merged

chore(deps): consolidated Java + Rust dependency maintenance#72
debe merged 2 commits into
mainfrom
chore/dep-maintenance

Conversation

@debe

@debe debe commented Jul 7, 2026

Copy link
Copy Markdown
Owner

Consolidated dependency maintenance for both ecosystems, verified locally before pushing.

Java (supersedes Dependabot PRs #67#71)

Bumps the whole JUnit set together so -api/-engine stay matched:

  • junit-jupiter-api / junit-jupiter-engine / junit-jupiter-params / junit-platform-launcher: 6.0.3 → 6.1.0
  • org.slf4j:slf4j-api: 2.0.17 → 2.0.18
  • de.siegmar:fastcsv: 4.2.0 → 4.3.0

junit-platform-launcher had no Dependabot PR; including it keeps the platform aligned with Jupiter. Note that Dependabot's engine-only PR #71 failed CI precisely because merging it alone left -api at 6.0.3 (JUnit requires them to match) — this consolidated bump fixes that.

Rust (not covered by Dependabot — Maven-only config)

  • cargo update: refresh 26 transitive crates (all semver-compatible)
  • dev-dep criterion: 0.5 → 0.8, migrating the benches off the deprecated criterion::black_box to std::hint::black_box

Deferred (require source changes — out of scope here)

  • rand 0.9 → 0.10: moved random_range to a new RngExt trait; findchars-bench would need use rand::RngExt.
  • z3 0.12 → 0.20: static-link-z3 feature removed (now bundled) and the pre-0.13 explicit-context API used in findchars-solver/src/solver.rs was removed; needs a solver rewrite.

Verification

  • Rust: cargo test -p findchars -p findchars-csv (73 passed) and cargo clippy --workspace --all-targets -- -D warnings (clean) — the exact CI commands.
  • Java: compiler (45) + csv (41) tests pass locally against the bumped JUnit/slf4j; full mvnw verify relies on CI (a local ~/.m2 permission quirk blocked the shade-plugin step, unrelated to these bumps).

debe added 2 commits July 7, 2026 14:25
…n /java

Consolidates Dependabot PRs #67-#71 into a single aligned bump:
- junit-jupiter-api/engine/params + junit-platform-launcher: 6.0.3 -> 6.1.0
- org.slf4j:slf4j-api: 2.0.17 -> 2.0.18
- de.siegmar:fastcsv: 4.2.0 -> 4.3.0

The JUnit artifacts are bumped together (including junit-platform-launcher,
which had no Dependabot PR) so the api/engine versions stay matched. The
engine-only PR #71 failed CI precisely because api remained at 6.0.3.
Dependabot does not track the Rust workspace (Maven-only config), so these
are applied manually:
- cargo update: refresh 26 transitive crates (all semver-compatible)
- dev-dep criterion: 0.5 -> 0.8; migrate benches off the deprecated
  criterion::black_box to std::hint::black_box

rand 0.10 and z3 0.20 are deferred: both require source changes
(rand::RngExt migration; z3 0.13+ implicit-context API rewrite) and are
out of scope for this dependency-maintenance pass.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant