Update Cargo dependencies and toolchain

[grunch]

Summary by CodeRabbit

• Chores
  • Updated multiple dependencies to incorporate the latest fixes and improvements, enhancing stability and compatibility.
  • Enabled serialization support for unique identifier handling to improve data interoperability.
  • Upgraded the build toolchain to a newer Rust release for better performance, compiler diagnostics, and ecosystem compatibility.
  • General maintenance to keep the application aligned with current platform and library standards.

[coderabbitai]

Walkthrough

Dependency versions updated in Cargo.toml, including tokio, serde_json, sqlx, clap, comfy-table, and uuid (now with "serde" feature). Rust toolchain channel bumped from 1.82.0 to 1.89.0. No source code or exported API changes shown.

Changes

Cohort / File(s)	Summary
Dependency updates Cargo.toml	Bumped versions: clap 4.5.45→4.5.46, serde_json 1.0.91→1.0.143, tokio 1.23.0→1.47.1 (features: full), comfy-table 7.1.4→7.2.0, sqlx 0.8.2→0.8.6. Updated uuid 1.3.0→1.18.1 and enabled "serde" alongside "v4","fast-rng","macro-diagnostics".
Toolchain rust-toolchain.toml	Changed Rust channel 1.82.0→1.89.0; other fields unchanged.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

I hopped through crates, tidy and neat,
Nudged tokio’s gears for a swifter beat.
Uuid learned serde’s secret art,
Toolchain rose with a brassy start.
Tables comfy, JSON bright—
All carrots aligned, dependencies light.
Ship it quick—by moonlit byte! 🥕✨

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch cargo-updates

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore or @coderabbit ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

Cargo.toml (2)

28-28: Large tokio jump: verify runtime features and MSRV.

• 1.47.1 is still 1.x, but spans many releases; confirm no deprecated APIs in use and that all tests pass under 1.89.0.
• Consider trimming “full” to reduce compile times/binary size.

Try:

• cargo +1.89.0 build --locked
• rg -nP '\btokio::(task|runtime|net|time|signal)\b' -C2

Optional feature trim example:

-tokio = { version = "1.47.1", features = ["full"] }
+tokio = { version = "1.47.1", features = [
+  "rt-multi-thread", "macros", "time", "sync", "fs", "io-util", "signal", "net"
+] }

---

46-46: sqlx patch bump OK; consider TLS backend alignment to avoid duplicate stacks.
You currently have:

• sqlx with “runtime-tokio-native-tls” and explicit openssl (vendored)
• reqwest 0.12.x likely defaulting to rustls (if defaults on)

To reduce size and build complexity, either:

• Move sqlx to rustls and drop openssl, or
• Keep native-tls/openssl and switch reqwest to native-tls (disable defaults).

Option A (prefer rustls everywhere):

-openssl = { version = "0.10.73", features = ["vendored"] }
-sqlx = { version = "0.8.6", features = ["sqlite", "runtime-tokio-native-tls"] }
+sqlx = { version = "0.8.6", features = ["sqlite", "runtime-tokio-rustls"] }

(Then remove the openssl dependency if nothing else needs it.)

Option B (native-tls everywhere):

-reqwest = { version = "0.12.23", features = ["json"] }
+reqwest = { version = "0.12.23", default-features = false, features = ["json", "native-tls"] }

Also, if using sqlx offline macros, regenerate the cache.

Run:

• rg -nP 'query!|query_as!' -g '!/target/'
• cargo sqlx prepare -- --all-features

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between d38dae9 and bbf8138.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (2)

• Cargo.toml (2 hunks)
• rust-toolchain.toml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build

🔇 Additional comments (5)

rust-toolchain.toml (1)

2-2: Toolchain bump looks fine; confirm CI/build matrix.

Please ensure CI actually uses Rust 1.89.0 (Linux/macOS) and runs clippy/rustfmt with this toolchain. If you cross-build, sanity-check --target wasm32-unknown-unknown doesn’t get invoked for crates that depend on tokio “full”.

Run locally:

• rustup override list | rg mostro-cli
• cargo +1.89.0 clippy --all-targets --all-features
• cargo +1.89.0 fmt -- --check

Cargo.toml (4)

24-24: clap patch bump — OK.
No breaking changes expected in 4.5.x.

---

27-27: serde_json major patch — OK.
No API changes expected within 1.0.x; just ensure benches/tests still pass.

---

29-29: comfy-table minor bump — OK.
No known breaking changes from 7.1.x to 7.2.x.

---

33-38: uuid upgraded and “serde” enabled: confirm wire/DB compatibility.
Enabling serde changes how Uuid serializes (string for human-readable formats like JSON; 16 bytes for binary like bincode). Verify any persisted/serialized Uuids (API/SQLite blobs/files) remain compatible.

Search surfaces:

• rg -nP '\bUuid\b' -C2
• rg -nP 'Serialize|Deserialize|serde(' -C2