Skip to content

chore(deps)(deps): bump axum-test from 19.1.1 to 21.0.0#937

Merged
AlexMikhalev merged 2 commits into
mainfrom
dependabot/cargo/axum-test-21.0.0
Jul 6, 2026
Merged

chore(deps)(deps): bump axum-test from 19.1.1 to 21.0.0#937
AlexMikhalev merged 2 commits into
mainfrom
dependabot/cargo/axum-test-21.0.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor

Bumps axum-test from 19.1.1 to 21.0.0.

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [axum-test](https://github.com/JosephLenton/axum-test) from 19.1.1 to 21.0.0.
- [Release notes](https://github.com/JosephLenton/axum-test/releases)
- [Commits](https://github.com/JosephLenton/axum-test/commits)

---
updated-dependencies:
- dependency-name: axum-test
  dependency-version: 21.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

@AlexMikhalev AlexMikhalev left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Summary

This PR is a Dependabot major-version bump of axum-test from 19.1.1 to 21.0.0 across terraphim_validation and terraphim_server test dependencies.

  • Dependency bump: updates axum-test and adds its new transitive dependencies educe and enum-ordinalize.
  • Test surface: the main direct call sites use TestServer::new, request builders, json bodies, and TestResponse helpers, so the source-level impact appears limited.
  • Lockfile impact: Cargo.lock contains unrelated Terraphim registry/source changes that are outside the stated dependency update.

The bump may be technically valid, but the lockfile drift should be corrected before merge. It changes private/public registry resolution for Terraphim packages and removes/replaces unrelated package entries, which makes this PR unsafe to treat as a simple axum-test update.

Confidence Score: 3/5

  • Safe to merge with caution after regenerating Cargo.lock so only axum-test and its true transitive dependency changes remain.
  • I found 1 P1 lockfile-integrity issue and no P0 issues. The dependency call sites look straightforward, but the lockfile currently includes unrelated registry drift.
  • Files requiring attention: Cargo.lock.

Important Files Changed

Filename Overview
Cargo.lock Updates axum-test and adds new transitive crates, but also changes unrelated Terraphim package source/resolution entries. Needs attention.
crates/terraphim_validation/Cargo.toml Bumps axum-test from 19.1.1 to 21.0.0. Source usage appears limited to the server API test harness.
terraphim_server/Cargo.toml Bumps the dev dependency from axum-test 19 to 21. No direct source changes included.

Diagram

%%{init: {"theme": "neutral"}}%%
flowchart TD
    A[Dependabot PR #937] --> B[Cargo.toml axum-test version bump]
    B --> C[Cargo.lock refresh]
    C --> D{Lockfile changes limited to axum-test graph?}
    D -->|yes| E[Run server and validation tests]
    D -->|no| F[Block: unrelated registry/source drift]
    E --> G[Merge dependency update]
    F:::risk
    classDef risk fill:#f8d7da,stroke:#dc3545;
Loading

Inline Findings

P1 Cargo.lock, line 8478: Lockfile includes unrelated Terraphim registry/source drift

The PR is scoped as an axum-test 19.1.1 to 21.0.0 bump, but Cargo.lock also changes unrelated Terraphim package resolution. Examples include adding a second terraphim-session-analyzer 1.20.3 entry from the private sparse registry, removing the crates.io terraphim_mcp_search 0.2.0 entry, changing terraphim_merge_coordinator from thiserror 2.0.18 to 1.0.69, and changing terraphim_server dependencies to private-registry terraphim_mcp_search 0.1.0 plus terraphim-firecracker.

That drift is not caused by axum-test itself and changes the dependency graph for unrelated packages. The consequence is that a test-helper bump can unexpectedly change which Terraphim crates are resolved from private versus public registries, making build and runtime behaviour difficult to audit.

Suggested fix: regenerate or edit the lockfile from current main so the diff only contains axum-test 21.0.0 plus its actual new transitive dependencies, such as educe and enum-ordinalize. If the Terraphim registry drift is intentional, split it into a separate PR with an explicit rationale and test plan.

Comments Outside Diff (0)

Last reviewed commit: 7621a27 | Reviews (1)

@AlexMikhalev

Copy link
Copy Markdown
Contributor

Cleaned the Cargo.lock drift identified in review. The net PR diff now contains only the axum-test 21.0.0 update, its true transitive additions educe and enum-ordinalize, and the two axum-test manifest version bumps.

@AlexMikhalev AlexMikhalev merged commit dfeba3b into main Jul 6, 2026
1 check passed
@AlexMikhalev AlexMikhalev deleted the dependabot/cargo/axum-test-21.0.0 branch July 6, 2026 13:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant