Skip to content

chore(deps): consolidate 6 Dependabot bumps (pollster 1.0, wide 1.5, tungstenite 0.30, +patches)#305

Merged
doublegate merged 2 commits into
mainfrom
chore/deps-master-consolidation-2026-07
Jul 15, 2026
Merged

chore(deps): consolidate 6 Dependabot bumps (pollster 1.0, wide 1.5, tungstenite 0.30, +patches)#305
doublegate merged 2 commits into
mainfrom
chore/deps-master-consolidation-2026-07

Conversation

@doublegate

Copy link
Copy Markdown
Owner

Summary

A single reviewed change that consolidates all 6 open Dependabot PRs, with the two major bumps (pollster, wide) and the coupled tungstenite pair verified against the actual code and gates rather than merged blind. Every bump landed with zero source changes — the public surface RustyNES uses is unchanged in each.

Supersedes and closes: #298, #299, #300, #301, #302, #303 (each will be closed with a back-reference once this merges).

Bumps

Dependabot Bump Where Notes
#300 pollster 0.4 → 1.0 (major) frontend, android, ios Sole use is pollster::block_on(...) for wgpu/Metal adapter+device init (3 sites); 1.0 API unchanged there
#301 wide 0.7 → 1.5 (major) frontend Desktop wide::u32x8 SIMD blitter (gfx_blit::blit_simd, native-only); pulls safe_arch 0.7→1.0
#302 tokio-tungstenite 0.29 → 0.30 netplay Async signaling server
#303 tungstenite 0.29 → 0.30 netplay, mobile Blocking signaling client + mobile bridge server; kept default-features=false + handshake + rustls-tls-webpki-roots
#299 bytemuck 1.25.0→1.25.1, cc 1.2.66→1.2.67 (transitive) Patch bumps, lockfile only
#298 actions/setup-python v5 → v6 web.yml MkDocs step

New transitive TLS/nonce deps from tungstenite 0.30 (chacha20 0.10, rand 0.10, const-oid 0.10) resolve cleanly; sha1 0.10.6 drops out. rustls-tls-webpki-roots keeps it pure-Rust TLS so the aarch64-android cross-compile stays clean.

Verification (all green locally)

  • cargo check: rustynes-frontend / rustynes-netplay (netplay-client,signaling-server) / rustynes-mobile.
  • cargo clippy -D warnings: frontend / netplay / mobile all clean.
  • cargo test:
    • wide correctness — gfx_blit::tests::simd_equals_scalar_byte_identical passes → the SIMD blitter stays bit-for-bit equal to scalar under wide 1.5.
    • rustynes-netplay full suite (81 + 16 + nat/relay loopbacks) passes with tungstenite 0.30.
  • cargo deny check: advisories / bans / licenses / sources all ok (new transitive deps included).
  • The #![no_std] core (cpu/ppu/apu/mappers) depends on none of these crates, so the deterministic engine and AccuracyCoin 141/141 are unaffected by construction.

🤖 Generated with Claude Code

…tungstenite 0.30, +patches)

Consolidate every open Dependabot version bump into one reviewed change, with the
two major bumps (pollster, wide) and the coupled tungstenite pair verified against
the actual code and gates rather than merged blind. Every bump landed with ZERO
source changes required — each crate's public surface RustyNES uses is unchanged.

Bumps (closes #298, #299, #300, #301, #302, #303):
- pollster 0.4 -> 1.0 (#300): frontend, android, ios. Sole use is
  `pollster::block_on(...)` for the wgpu/Metal adapter+device init (3 call sites);
  the 1.0 API is unchanged there. Both 0.4 (transitive via wgpu) and 1.0 (our
  direct dep) coexist in the tree, which is fine.
- wide 0.7 -> 1.5 (#301): the desktop `wide::u32x8` SIMD palette-index -> RGBA
  blitter (`gfx_blit.rs::blit_simd`; native-only, never in the wasm bundle). Pulls
  safe_arch 0.7 -> 1.0. The blitter's byte-identity gate
  (`gfx_blit::tests::simd_equals_scalar_byte_identical`) still passes, so the SIMD
  path stays bit-for-bit equal to scalar.
- tungstenite 0.29 -> 0.30 + tokio-tungstenite 0.29 -> 0.30 (#302, #303): the
  netplay signaling WebSocket (blocking client + async server) and the mobile
  bridge's blocking server. Kept `default-features = false` +
  `handshake` + `rustls-tls-webpki-roots` (pure-rustls, no system OpenSSL, so
  aarch64-android cross-compile stays clean). The 0.30 API is unchanged for our
  usage, including the `MaybeTlsStream::Rustls(s).sock` internals access and
  `client_tls`/`IntoClientRequest`. New transitive TLS/nonce deps (chacha20 0.10,
  rand 0.10, const-oid 0.10) resolve cleanly; sha1 0.10.6 drops out.
- bytemuck 1.25.0 -> 1.25.1, cc 1.2.66 -> 1.2.67 (#299 production group): patch
  bumps, lockfile only.
- actions/setup-python v5 -> v6 (#298): the MkDocs step in web.yml.

Verification (all green):
- cargo check: frontend / netplay (netplay-client,signaling-server) / mobile.
- cargo clippy -D warnings: frontend / netplay / mobile all clean.
- cargo test: wide SIMD byte-identity (simd_equals_scalar_byte_identical) +
  the full netplay suite (81 + 16 + nat/relay loopbacks) all pass with 0.30.
- cargo deny check: advisories / bans / licenses / sources all ok (new
  transitive deps included).
- The `#![no_std]` core (cpu/ppu/apu/mappers) has none of these deps, so the
  deterministic engine and AccuracyCoin 141/141 are unaffected by construction.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings July 14, 2026 23:41

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates several dependencies across the workspace, including upgrading pollster from 0.4 to 1.0 in the Android, iOS, and frontend crates, bumping wide from 0.7 to 1.5 in the frontend, and upgrading tungstenite and tokio-tungstenite from 0.29 to 0.30 in the mobile and netplay crates. These changes are reflected in Cargo.lock along with associated transitive dependency updates. There are no review comments, and I have no feedback to provide.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Consolidates multiple Dependabot dependency bumps into a single, reviewed update across the Rust workspace (frontend/mobile/netplay) and the web docs workflow, without changing RustyNES source code behavior.

Changes:

  • Bump pollster to 1.0 in frontend + mobile platform crates.
  • Bump wide to 1.5 in the desktop frontend and bump tokio-tungstenite/tungstenite to 0.30 in netplay/mobile.
  • Update Cargo.lock to reflect new direct/transitive versions and bump actions/setup-python to v6 in the Pages workflow.

Reviewed changes

Copilot reviewed 6 out of 7 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
crates/rustynes-netplay/Cargo.toml Bumps tokio-tungstenite and tungstenite to 0.30 for netplay signaling/client support.
crates/rustynes-mobile/Cargo.toml Bumps tungstenite to 0.30 for dev/test WebSocket relay parity with netplay.
crates/rustynes-ios/Cargo.toml Bumps pollster to 1.0 for iOS wgpu init blocking executor use.
crates/rustynes-frontend/Cargo.toml Bumps pollster to 1.0 and wide to 1.5 for frontend utilities and SIMD blitter.
crates/rustynes-android/Cargo.toml Bumps pollster to 1.0 for Android wgpu init blocking executor use.
Cargo.lock Locks updated versions and new transitive deps introduced by the bumps.
.github/workflows/web.yml Bumps actions/setup-python from v5 to v6 for the MkDocs build job.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread crates/rustynes-frontend/Cargo.toml Outdated
Adopt the copilot review note: the "both are free transitive deps of wgpu"
comment was inaccurate after the pollster 0.4 -> 1.0 bump. `bytemuck` is still a
free direct dep (matches the wgpu-resolved version), but `pollster 1.0` is a NEW
major distinct from the `pollster 0.4` that `rfd 0.17.2` still pulls transitively,
so the two coexist as a temporary duplicate until rfd bumps to pollster 1.x. The
comment now states the intentional 1.0 pin and the duplicate explicitly.

No dependency or code change (comment only).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@doublegate doublegate merged commit d6d3572 into main Jul 15, 2026
23 checks passed
@doublegate doublegate deleted the chore/deps-master-consolidation-2026-07 branch July 15, 2026 00:23
doublegate added a commit that referenced this pull request Jul 15, 2026
…eview)

Adopt the copilot review note: wrap the single long dependency-consolidation
bullet to ~78 columns (continuation lines indented two spaces), matching the
surrounding wrapped CHANGELOG entries for readability and cleaner diffs. Content
unchanged.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
doublegate added a commit that referenced this pull request Jul 15, 2026
* docs(changelog): record the PR #305 dependency consolidation under [Unreleased]

Add a Changed entry for the six-bump Dependabot consolidation merged in #305
(pollster 1.0, wide 1.5, tungstenite + tokio-tungstenite 0.30, bytemuck/cc
patch, actions/setup-python v6), noting all landed with no source changes, the
core stayed untouched (AccuracyCoin 141/141), and the gates each bump was
verified against. Keeps the CHANGELOG in sync with the shipped dependency state.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* docs(changelog): reflow the #305 deps entry to match wrapped style (review)

Adopt the copilot review note: wrap the single long dependency-consolidation
bullet to ~78 columns (continuation lines indented two spaces), matching the
surrounding wrapped CHANGELOG entries for readability and cleaner diffs. Content
unchanged.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
doublegate added a commit that referenced this pull request Jul 15, 2026
Bumps the workspace version 2.2.0 -> 2.2.1 to ship everything merged
to main since the v2.2.0 "Capstone" tag: PR #304 (Game Genie re-key
research tooling archived to scripts/gg/), PR #305 (six Dependabot
bumps consolidated with zero source changes -- pollster 0.4->1.0,
wide 0.7->1.5, tungstenite+tokio-tungstenite 0.29->0.30, bytemuck/cc
patch, actions/setup-python v5->v6), PR #306/#307 (their CHANGELOG
records), PR #308 (the 2A03-revision DMA-divergence probe archived to
scripts/probes/), and PR #309 (four gitignored, RUSTYNES_FDS_BIOS-gated
smoke tests against TakuikaNinja's FDS $4023/mirroring/audio-register/
DRAM-watchdog hardware-verification probes).

This is a pure housekeeping patch: zero accuracy, feature, or core
changes. The deterministic #![no_std] chip stack, save-state/TAS/
netplay-replay formats, and every golden vector are untouched --
AccuracyCoin holds 141/141 (100.00%), unchanged from v2.2.0.

Version bump scope (workspace Cargo.toml `[workspace.package] version`
is the single source of truth; every crate inherits via
`version.workspace = true`, confirmed via `cargo clippy --workspace`
reporting v2.2.1 for all 18 crates):
- Cargo.toml / Cargo.lock: 2.2.0 -> 2.2.1
- CHANGELOG.md: renamed [Unreleased] -> [2.2.1] - 2026-07-15, added a
  fresh empty [Unreleased] above it
- docs/STATUS.md, README.md (badge + "Current Release" section),
  AGENTS.md (canonical -- CLAUDE.md/GEMINI.md are symlinks to it):
  updated "current release" narrative to v2.2.1, reframing v2.2.0
  "Capstone" as the prior release this patch sits on top of
- .github/release-notes/v2.2.1.md: authored for release-auto.yml's
  override path (preferred over the CHANGELOG-section fallback)

Deliberately NOT touched: the Android app's versionCode/versionName
and the iOS app's MARKETING_VERSION -- these track their own
host-only release cadence (frozen at their v2.0.x readiness points)
and are decoupled by design from the desktop/core version until the
joint mobile store launch at v2.3.0. Also not touched: to-dos/
ROADMAP.md's "Current release" line, which was already stale (citing
v2.1.0) before this patch and is a pre-existing narrative-staleness
issue orthogonal to this release's scope.

Full gate green: cargo fmt --all --check, cargo clippy --workspace
--all-targets -- -D warnings (all 18 crates confirm v2.2.1),
cargo test --workspace (exit 0, zero failures), markdownlint on every
touched doc.

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants