Skip to content

Commit b5a40b6

Browse files
da2ce7da2ce7
committed
Merge torrust#835: chore(deps): update dependencies and improve robustness
103d55f chore(deps): update which next major version from (v6) to (v8) (Cameron Garnham) 19a96c6 chore(deps): update jsonwebtoken next major version (v10) (Cameron Garnham) e7811f2 chore(deps): update derive_more next major version (v2) (Cameron Garnham) 519fbad chore(deps): update thiserror next major version (v2) (Cameron Garnham) c400936 chore(deps): update toml next major version (v1) (Cameron Garnham) 68be605 chore: update dependencies (Cameron Garnham) b13bf98 fix: embed verify-email template as compiled-in default (Cameron Garnham) Pull request description: ## Summary Update multiple Rust dependencies to their latest versions, including several major version bumps, and implement two robustness improvements: - Embed verify-email template as compile-time default with file override - Isolate configuration test from environment using figment::Jail ## Dependency Updates ### Major Version Bumps - **derive_more**: v1 → v2 (with convert_case dependency) - **jsonwebtoken**: v9 → v10 (adds rust_crypto feature, replaces ring with pure-Rust crypto) - **thiserror**: v1 → v2 (in main crate and located-error package) - **toml**: v0 → v1 (toml 1.0 spec compliance) - **which**: v6 → v8 (simplified dependencies, drops winsafe) ### Significant Updates - **clap**: 4.5 → 4.6 (anstream 1.0, anstyle-parse 1.0) - **tokio**: 1.49 → 1.50 - **chrono**: 0.4.43 → 0.4.44 - **uuid**: 1.21 → 1.22 - **aws-lc-rs**: 1.15 → 1.16 (aws-lc-sys 0.37 → 0.38) - **rustls**: 0.23.36 → 0.23.37 - **serde_with**: 3.16 → 3.18 - **tracing-subscriber**: 0.3.22 → 0.3.23 - **wasm-bindgen** family: 0.2.108 → 0.2.114 - **tempfile**: 3.25 → 3.27 - **many other** transitive dependency updates ## Functional Improvements ### Verify-Email Template Embedding - Added `VERIFY_EMAIL_DEFAULT` constant with `include_str!` for compile-time embedding - Template loading now attempts `templates/verify.html` from working directory first - Falls back to embedded default if file is absent - Uses `add_raw_template` instead of `add_template_file` for consistency ### Configuration Test Isolation - Replaced `drop(initialize_configuration())` with `figment::Jail::expect_with` - Test now loads default config from `share/default/config/index.development.sqlite3.toml` - Sets `TORRUST_INDEX_CONFIG_TOML` environment variable within jail - Eliminates dependency on external environment variables during test execution - Added `#[allow(clippy::result_large_err)]` to suppress false positive lint ## Motivation - **Security**: Keep dependencies current with security patches - **Maintenance**: Reduce technical debt by updating major versions - **Robustness**: Ensure email verification works even when template file is missing - **Test Reliability**: Make configuration test deterministic and environment-independent - **Modernization**: Leverage latest features and performance improvements ## Testing Performed - `cargo check --workspace --all-targets --all-features` passes - `cargo test --workspace` passes (including updated config test) - Verified email template fallback behavior with missing file - Confirmed jsonwebtoken v10 with rust_crypto feature works correctly ## Breaking Changes None. All updates maintain backward compatibility: - `jsonwebtoken` v10 maintains same API with pure-Rust crypto backend - `derive_more` v2 preserves existing derive macros - `thiserror` v2 is source-compatible with v1 - `toml` v1 maintains spec 1.0 compatibility - Template fallback ensures existing deployments continue working ## Migration Needed - No action required for existing users - Deployers can optionally place `templates/verify.html` to customize email template - Developers should run `cargo update` to sync local lockfile ## References - jsonwebtoken v10 changelog: https://github.com/Keats/jsonwebtoken/blob/master/CHANGELOG.md - thiserror v2 migration guide: https://github.com/dtolnay/thiserror/releases - toml v1.0 specification: https://toml.io/en/v1.0.0 - figment Jail documentation: https://docs.rs/figment/latest/figment/struct.Jail.html ACKs for top commit: da2ce7: ACK 103d55f Tree-SHA512: 660d50f20cb88c852e095e43fb73bc5c3d7fb3f23cdc930cd11a19097e99047870a314c45c58b65d7b7121fc5c95fd34fa2818200eafcc13a03fd2e93b54b0ed
2 parents f626613 + 103d55f commit b5a40b6

5 files changed

Lines changed: 423 additions & 190 deletions

File tree

0 commit comments

Comments
 (0)