Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ yuv-sys = { version = "0.3.14", path = "yuv-sys" }
anyhow = "1.0"
bytes = "1.10"
clap = "4.5"
console-subscriber = "0.1"
console-subscriber = "0.5"
env_logger = "0.11"
from_variants = "1.0.2"
futures = "0.3"
Expand All @@ -76,7 +76,7 @@ parking_lot = "0.12"
prost = "0.14"
prost-build = "0.14"
prost-types = "0.14"
rand = "0.9"
rand = "0.10"
Comment on lines 76 to +79

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🟡 Missing changeset file for dependency version bumps

No changeset file was added for this PR (/.changeset/ is unchanged), violating the repository rule that every PR needs a changeset.

Impact: The release tooling (knope) will not document these dependency changes, and the PR does not meet the repository's contribution requirements.

AGENTS.md changeset requirement

AGENTS.md states under "Documenting changes":

  • "Every PR needs a changeset"
  • "Changeset must list any crates which need to be bumped stemming from the change"
  • "Document changes interactively from the CLI with knope document-change or create manually in /.changeset"

This PR bumps versions of many dependencies across multiple crates (Cargo.toml:64-76, livekit-api/Cargo.toml:106-135, livekit-protocol/Cargo.toml:10-13, livekit/Cargo.toml:40-52, etc.) but adds no corresponding changeset file. The .changeset/ directory contains only pre-existing changesets from prior PRs.

(Refers to lines 64-76)

Prompt for agents
A changeset file needs to be created in the .changeset/ directory for this PR. Run `knope document-change` interactively, or manually create a markdown file in /.changeset/ that lists all crates affected by these dependency bumps (livekit, livekit-api, livekit-protocol, livekit-ffi, libwebrtc, device-info, livekit-wakeword, livekit-uniffi). The changeset should describe the dependency version updates made in this PR.
Open in Devin Review

Was this helpful? React with 👍 or 👎 to provide feedback.

Comment on lines 76 to +79

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔍 Cargo.lock not regenerated after dependency version bumps

The root Cargo.lock was not modified in this PR, but the Cargo.toml files now require versions that conflict with what's locked. For example, Cargo.toml:76 specifies rand = "0.10" but Cargo.lock still resolves rand 0.9.3 for workspace crates. Similarly, livekit-protocol/Cargo.toml:10 requires prost = "0.14" but the lock file pins prost 0.12.6 for livekit-protocol. This applies to nearly every bumped dependency: sha2, hmac, base64, pbjson, pbjson-types, console-subscriber, glib, resampler, ort-tract, async-tungstenite, reqwest, libloading, jni, and windows-sys. Running cargo build --locked will fail. The lock file needs to be regenerated with cargo update.

(Refers to lines 64-76)

Open in Devin Review

Was this helpful? React with 👍 or 👎 to provide feedback.

Comment on lines 76 to +79

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔴 Dependency lockfile not regenerated after version bumps, causing build failures

The dependency version specifications are updated in multiple Cargo.toml files (Cargo.toml:67,79) but the main Cargo.lock is not regenerated, so builds using --locked will fail immediately.

Impact: CI and reproducible builds will fail because the lockfile still pins old versions that no longer satisfy the new Cargo.toml requirements.

Lockfile vs Cargo.toml version mismatches across the workspace

The PR updates version requirements in Cargo.toml files but the root Cargo.lock was never regenerated (zero diff on Cargo.lock). Every updated dependency has a mismatch:

  • rand: lockfile has 0.9.3, Cargo.toml requires "0.10" (Cargo.toml:79)
  • console-subscriber: lockfile has 0.1.10, Cargo.toml requires "0.5" (Cargo.toml:67)
  • sha2: lockfile has 0.10.9, Cargo.toml requires "0.11" (livekit-api/Cargo.toml:106)
  • hmac: lockfile has 0.12.1, Cargo.toml requires "0.13" (livekit-api/Cargo.toml:120)
  • base64: lockfile has 0.21.7, Cargo.toml requires "0.22" (livekit-api/Cargo.toml:115)
  • prost: lockfile has 0.12.6, Cargo.toml requires "0.14" (livekit-protocol/Cargo.toml:10, livekit-api/Cargo.toml:110, livekit/Cargo.toml:40)
  • pbjson/pbjson-types: lockfile has 0.6.0, Cargo.toml requires "0.9" (livekit-protocol/Cargo.toml:12-13, livekit-api/Cargo.toml:111)
  • reqwest: lockfile has 0.12.28, Cargo.toml requires "0.13" (livekit-api/Cargo.toml:135)
  • async-tungstenite: lockfile has 0.29.1, Cargo.toml requires "0.34" (livekit-api/Cargo.toml:126)
  • resampler: lockfile has 0.4.1, Cargo.toml requires "0.5" (livekit-wakeword/Cargo.toml:12)
  • ort-tract: lockfile has 0.2.0, Cargo.toml requires "0.3.0" (livekit-wakeword/Cargo.toml:17)
  • glib: lockfile has 0.21.5, Cargo.toml requires "0.22.0" (libwebrtc/Cargo.toml:26)
  • windows-sys: lockfile has 0.59.0, Cargo.toml requires "0.61" (device-info/Cargo.toml:19)
  • jni: lockfile has 0.21.1, Cargo.toml requires "0.22" (device-info/Cargo.toml:26, libwebrtc/Cargo.toml:29, livekit-ffi/Cargo.toml:43)
  • libloading: lockfile has 0.8.9, Cargo.toml requires "0.9.0" (livekit/Cargo.toml:52)

Note that the fuzz sub-lockfile (livekit-datatrack/fuzz/Cargo.lock) WAS updated, suggesting the main lockfile was simply forgotten.

(Refers to lines 67-79)

Prompt for agents
The main Cargo.lock file was not regenerated after updating dependency versions in Cargo.toml. Run `cargo update` or `cargo generate-lockfile` to regenerate the lockfile so it satisfies the new version requirements. The fuzz sub-lockfile at livekit-datatrack/fuzz/Cargo.lock was updated, but the root Cargo.lock was not. After regenerating, verify that all workspace crates compile successfully, as some of these are major version bumps that may require code changes (e.g., rand 0.9->0.10 may have removed deprecated APIs like thread_rng() and gen() that are still used in examples/rpc/src/main.rs:48).
Open in Devin Review

Was this helpful? React with 👍 or 👎 to provide feedback.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔍 Example code uses deprecated rand API that will break when lockfile is updated

The rpc example at examples/rpc/src/main.rs:48 uses rand::thread_rng().gen::<u32>(), which relies on APIs deprecated in rand 0.9 (thread_rng() renamed to rng(), gen() renamed to random()). The rest of the codebase has already migrated to the new API (e.g., livekit-api/src/services/room.rs:435 uses rand::rng() and livekit-datatrack/src/packet/time.rs:24 uses .random::<u32>()). When the Cargo.lock is regenerated for rand 0.10, this call will likely fail to compile since deprecated aliases are typically removed in the next major version. This line should be updated to rand::rng().random::<u32>() to match the rest of the codebase.

Open in Devin Review

Was this helpful? React with 👍 or 👎 to provide feedback.

serde = "1"
serde_json = "1.0"
thiserror = "2"
Expand Down
4 changes: 2 additions & 2 deletions device-info/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -16,14 +16,14 @@ libc = "0.2"
core-foundation = "0.10"

[target.'cfg(target_os = "windows")'.dependencies]
windows-sys = { version = "0.59", features = [
windows-sys = { version = "0.61", features = [
"Win32_System_Registry",
"Win32_System_SystemInformation",
"Win32_System_Power",
] }

[target.'cfg(target_os = "android")'.dependencies]
jni = "0.21"
jni = "0.22"

[target.'cfg(target_arch = "wasm32")'.dependencies]
web-sys = { version = "0.3", features = ["Navigator", "Window"] }
Expand Down
4 changes: 2 additions & 2 deletions libwebrtc/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -23,10 +23,10 @@ serde_json = { workspace = true }
thiserror = { workspace = true }

[target.'cfg(any(target_os = "linux", target_os = "freebsd"))'.dependencies]
glib = { version = "0.21.3", optional = true }
glib = { version = "0.22.0", optional = true }

[target.'cfg(target_os = "android")'.dependencies]
jni = "0.21"
jni = "0.22"

[target.'cfg(not(target_arch = "wasm32"))'.dependencies]
webrtc-sys = { workspace = true }
Expand Down
14 changes: 7 additions & 7 deletions livekit-api/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -103,27 +103,27 @@ __rustls-tls = ["tokio-tungstenite?/__rustls-tls", "reqwest?/__rustls"]
livekit-protocol = { workspace = true }
thiserror = { workspace = true }
serde = { workspace = true, features = ["derive"] }
sha2 = "0.10"
sha2 = "0.11"
url = "2.3"
log = { workspace = true }
parking_lot = { workspace = true }
prost = "0.12"
pbjson-types = "0.6"
prost = "0.14"
pbjson-types = "0.9"

# webhooks
serde_json = { workspace = true, optional = true }
base64 = { version = "0.21", optional = true, features = ["std"] }
base64 = { version = "0.22", optional = true, features = ["std"] }

# access_token: HS256 only, via the in-crate HMAC CryptoProvider (jwt_provider.rs).
# Dropping jsonwebtoken's rust_crypto bundle avoids linking RSA/EC/EdDSA.
jsonwebtoken = { version = "10", default-features = false, optional = true }
hmac = { version = "0.12", optional = true }
hmac = { version = "0.13", optional = true }
signature = { version = "2", optional = true }

# signal_client
livekit-runtime = { workspace = true, optional = true }
tokio-tungstenite = { version = "0.29", features = ["url"], optional = true }
async-tungstenite = { version = "0.29", features = [ "async-std-runtime", "async-native-tls", "url"], optional = true }
async-tungstenite = { version = "0.34", features = [ "async-std-runtime", "async-native-tls", "url"], optional = true }
tokio = { workspace = true, default-features = false, features = ["sync", "macros", "signal", "io-util", "net"], optional = true }
Comment on lines +106 to 127

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔍 Multiple semver-breaking bumps for pre-1.0 crates need API compatibility verification

For pre-1.0 crates, a minor version bump (e.g., 0.9→0.10) is a breaking change under semver. This PR includes several such bumps: rand 0.9→0.10, prost 0.12→0.14, sha2 0.10→0.11, hmac 0.12→0.13, pbjson/pbjson-types 0.6→0.9, jni 0.21→0.22, glib 0.21→0.22, resampler 0.4→0.5, and async-tungstenite 0.29→0.34. No source code changes accompany these bumps, which suggests either the APIs are backward-compatible or the code hasn't been updated yet. Particularly notable: jni 0.22 switches from jni-sys 0.3 to jni-sys 0.4 which changes the underlying jobject type — this could affect livekit-ffi/src/cabi.rs:118-203 and device-info/src/native/android.rs:16-72. The prost 0.12→0.14 jump may require regenerating protobuf code in livekit-protocol.

Open in Devin Review

Was this helpful? React with 👍 or 👎 to provide feedback.

tokio-rustls = { version = "0.26", default-features = false, features = ["logging", "tls12", "ring"], optional = true }
rustls-native-certs = { version = "0.8", optional = true }
Expand All @@ -132,7 +132,7 @@ bytes = { workspace = true, optional = true }

# This dependency must be kept in sync with reqwest's version
http = "1.1"
reqwest = { version = "0.12", default-features = false, features = [ "json" ], optional = true }
reqwest = { version = "0.13", default-features = false, features = [ "json" ], optional = true }
isahc = { version = "1.7.2", default-features = false, features = [ "json", "text-decoding" ], optional = true }

flate2 = { version = "1", optional = true }
Expand Down
Loading
Loading