chore(deps): lower dependency floors and reduce dependabot noise#211
Merged
Conversation
5f1d247 to
d88b87d
Compare
Member
Author
|
Updated this PR to keep the dependency-floor work scoped and non-breaking. What changed here:
I rechecked the bar-graph examples after the revert and they compile cleanly again. |
Member
Author
|
Follow-up note on While checking the examples, that bump changed the behavior of the Details from the upstream That can come back as its own explicit PR if we decide to take the behavior change and document any downstream updates. |
Member
Author
|
One more note on the deferred That PR is not just a manifest/lockfile refresh for this repo. In our case it also changes the behavior of the public So this PR intentionally keeps Reference:
|
Keep direct dependency requirements as broad as the workspace can honestly support, update the lockfile to current compatible releases, and group Dependabot updates to reduce routine PR noise. This also upgrades the workspace to strum 0.28 and rand 0.10 where the local code supports those newer major versions while leaving transitive duplicate majors to downstream crates.
d88b87d to
1f9cb88
Compare
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #211 +/- ##
=======================================
Coverage 87.06% 87.06%
=======================================
Files 22 22
Lines 4150 4150
=======================================
Hits 3613 3613
Misses 537 537 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
This was referenced Apr 2, 2026
joshka
pushed a commit
that referenced
this pull request
Apr 4, 2026
## 🤖 New release * `tui-prompts`: 0.6.2 -> 0.6.3 (✓ API compatible changes) <details><summary><i><b>Changelog</b></i></summary><p> <blockquote> ## [0.6.3] - 2026-04-04 ### ⚙️ Miscellaneous Tasks - *(deps)* Lower dependency floors and reduce dependabot noise ([#211](#211)) > ## Summary > > - lower direct dependency requirements to the broadest semver ranges the > workspace actually supports > - keep `Cargo.lock` on current compatible releases, including the direct > `clap`, `tokio`, `futures`, and `rand` updates that fit this PR's scope > - configure Dependabot to group Cargo and GitHub Actions updates and use > `increase-if-necessary` to reduce manifest churn > > ## Details > > This change validates dependency floors with `cargo minimal-versions` in > `--direct` mode so the library manifests reflect honest direct > requirements instead of transitive minimum noise. > > Notable outcomes: > > - broadened requirements such as `clap = "4"` and `tokio = "1"` after > verifying the workspace still compiles and tests against their earliest > compatible direct versions > - kept real floors where required, such as `crossterm = "0.29"`, > `document-features = "0.2.11"`, and `derive_setters = "0.1.9"` > - kept the direct `rand` update to `0.10` and adjusted the > `tui-bar-graph` examples to generate random `Vec<f64>` values in a `rand > 0.10`-compatible way > - kept transitive duplicate major versions where they are still required > by downstream crates like the Ratatui stack or `lipsum` > > Dependabot should now produce less noise because grouped update PRs can > primarily refresh `Cargo.lock` while leaving `Cargo.toml` alone unless a > broader range is truly needed. > > ## Validation > > - `cargo minimal-versions check --workspace --direct` > - `cargo check --all-features --workspace` > - `cargo test --all-features --workspace` > - `cargo minimal-versions test --workspace --all-features --direct` > - `cargo outdated --workspace --root-deps-only` > - `cargo test -p tui-bar-graph --all-features --examples` > > ## Supersedes > > This PR should supersede and allow closing the related Dependabot PRs: ### Other - [codex] Vendor CI workflows into this repository ([#212](#212)) </blockquote> </p></details> --- This PR was generated with [release-plz](https://github.com/release-plz/release-plz/). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
joshka
pushed a commit
that referenced
this pull request
Apr 4, 2026
## 🤖 New release * `tui-big-text`: 0.8.3 -> 0.8.4 (✓ API compatible changes) <details><summary><i><b>Changelog</b></i></summary><p> <blockquote> ## [0.8.4] - 2026-04-04 ### ⚙️ Miscellaneous Tasks - *(deps)* Lower dependency floors and reduce dependabot noise ([#211](#211)) > ## Summary > > - lower direct dependency requirements to the broadest semver ranges the > workspace actually supports > - keep `Cargo.lock` on current compatible releases, including the direct > `clap`, `tokio`, `futures`, and `rand` updates that fit this PR's scope > - configure Dependabot to group Cargo and GitHub Actions updates and use > `increase-if-necessary` to reduce manifest churn > > ## Details > > This change validates dependency floors with `cargo minimal-versions` in > `--direct` mode so the library manifests reflect honest direct > requirements instead of transitive minimum noise. > > Notable outcomes: > > - broadened requirements such as `clap = "4"` and `tokio = "1"` after > verifying the workspace still compiles and tests against their earliest > compatible direct versions > - kept real floors where required, such as `crossterm = "0.29"`, > `document-features = "0.2.11"`, and `derive_setters = "0.1.9"` > - kept the direct `rand` update to `0.10` and adjusted the > `tui-bar-graph` examples to generate random `Vec<f64>` values in a `rand > 0.10`-compatible way > - kept transitive duplicate major versions where they are still required > by downstream crates like the Ratatui stack or `lipsum` > > Dependabot should now produce less noise because grouped update PRs can > primarily refresh `Cargo.lock` while leaving `Cargo.toml` alone unless a > broader range is truly needed. > > ## Validation > > - `cargo minimal-versions check --workspace --direct` > - `cargo check --all-features --workspace` > - `cargo test --all-features --workspace` > - `cargo minimal-versions test --workspace --all-features --direct` > - `cargo outdated --workspace --root-deps-only` > - `cargo test -p tui-bar-graph --all-features --examples` > > ## Supersedes > > This PR should supersede and allow closing the related Dependabot PRs: ### Other - [codex] Vendor CI workflows into this repository ([#212](#212)) </blockquote> </p></details> --- This PR was generated with [release-plz](https://github.com/release-plz/release-plz/). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
joshka
pushed a commit
that referenced
this pull request
Apr 4, 2026
## 🤖 New release * `tui-qrcode`: 0.2.3 -> 0.2.4 (✓ API compatible changes) <details><summary><i><b>Changelog</b></i></summary><p> <blockquote> ## [0.2.4] - 2026-04-04 ### ⚙️ Miscellaneous Tasks - *(deps)* Lower dependency floors and reduce dependabot noise ([#211](#211)) > ## Summary > > - lower direct dependency requirements to the broadest semver ranges the > workspace actually supports > - keep `Cargo.lock` on current compatible releases, including the direct > `clap`, `tokio`, `futures`, and `rand` updates that fit this PR's scope > - configure Dependabot to group Cargo and GitHub Actions updates and use > `increase-if-necessary` to reduce manifest churn > > ## Details > > This change validates dependency floors with `cargo minimal-versions` in > `--direct` mode so the library manifests reflect honest direct > requirements instead of transitive minimum noise. > > Notable outcomes: > > - broadened requirements such as `clap = "4"` and `tokio = "1"` after > verifying the workspace still compiles and tests against their earliest > compatible direct versions > - kept real floors where required, such as `crossterm = "0.29"`, > `document-features = "0.2.11"`, and `derive_setters = "0.1.9"` > - kept the direct `rand` update to `0.10` and adjusted the > `tui-bar-graph` examples to generate random `Vec<f64>` values in a `rand > 0.10`-compatible way > - kept transitive duplicate major versions where they are still required > by downstream crates like the Ratatui stack or `lipsum` > > Dependabot should now produce less noise because grouped update PRs can > primarily refresh `Cargo.lock` while leaving `Cargo.toml` alone unless a > broader range is truly needed. > > ## Validation > > - `cargo minimal-versions check --workspace --direct` > - `cargo check --all-features --workspace` > - `cargo test --all-features --workspace` > - `cargo minimal-versions test --workspace --all-features --direct` > - `cargo outdated --workspace --root-deps-only` > - `cargo test -p tui-bar-graph --all-features --examples` > > ## Supersedes > > This PR should supersede and allow closing the related Dependabot PRs: </blockquote> </p></details> --- This PR was generated with [release-plz](https://github.com/release-plz/release-plz/). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
joshka
pushed a commit
that referenced
this pull request
Apr 4, 2026
## 🤖 New release * `tui-bar-graph`: 0.3.2 -> 0.3.3 (✓ API compatible changes) <details><summary><i><b>Changelog</b></i></summary><p> <blockquote> ## [0.3.3] - 2026-04-04 ### ⚙️ Miscellaneous Tasks - *(deps)* Lower dependency floors and reduce dependabot noise ([#211](#211)) > ## Summary > > - lower direct dependency requirements to the broadest semver ranges the > workspace actually supports > - keep `Cargo.lock` on current compatible releases, including the direct > `clap`, `tokio`, `futures`, and `rand` updates that fit this PR's scope > - configure Dependabot to group Cargo and GitHub Actions updates and use > `increase-if-necessary` to reduce manifest churn > > ## Details > > This change validates dependency floors with `cargo minimal-versions` in > `--direct` mode so the library manifests reflect honest direct > requirements instead of transitive minimum noise. > > Notable outcomes: > > - broadened requirements such as `clap = "4"` and `tokio = "1"` after > verifying the workspace still compiles and tests against their earliest > compatible direct versions > - kept real floors where required, such as `crossterm = "0.29"`, > `document-features = "0.2.11"`, and `derive_setters = "0.1.9"` > - kept the direct `rand` update to `0.10` and adjusted the > `tui-bar-graph` examples to generate random `Vec<f64>` values in a `rand > 0.10`-compatible way > - kept transitive duplicate major versions where they are still required > by downstream crates like the Ratatui stack or `lipsum` > > Dependabot should now produce less noise because grouped update PRs can > primarily refresh `Cargo.lock` while leaving `Cargo.toml` alone unless a > broader range is truly needed. > > ## Validation > > - `cargo minimal-versions check --workspace --direct` > - `cargo check --all-features --workspace` > - `cargo test --all-features --workspace` > - `cargo minimal-versions test --workspace --all-features --direct` > - `cargo outdated --workspace --root-deps-only` > - `cargo test -p tui-bar-graph --all-features --examples` > > ## Supersedes > > This PR should supersede and allow closing the related Dependabot PRs: - *(deps)* Support strum 0.28 ([#224](#224)) > ## Summary > > This PR fixes the `strum 0.28` dependency bump proposed in > [#210](#210) and adds > explicit `cargo check --all-targets --all-features --workspace` coverage > so example-target compile failures are caught directly in CI instead of > being missed by the existing workspace check. > > ## Root Cause > > The failure came from the `tui-bar-graph` example, where clap derives a > parser for `BarStyle`. > > `BarStyle` still derives `FromStr`, and this was not caused by the > `#[strum(default)]` behavior change from [strum PR > #476](Peternator7/strum#476). The actual issue > was dependency resolution plus feature unification. > > Before the bump, `tui-bar-graph` and `ratatui-core` both used `strum > 0.27`, so Cargo unified them and `ratatui-core`'s `strum/std` activation > effectively carried `std` into the `strum` instance used by > `tui-bar-graph`. After > [#210](#210), `tui-bar-graph` > used `strum 0.28` while `ratatui-core` still used `strum 0.27`, so the > graph split into separate `strum` packages. > > At that point, `tui-bar-graph`'s own `strum 0.28` was built with > `default-features = false`, which meant `strum::ParseError` no longer > implemented `std::error::Error` in that context. That was enough to > break clap's inferred parser for `BarStyle`. > > ## Code Changes > > `tui-bar-graph` now declares an explicit `std` feature and uses it to > enable `strum/std`. `std` remains enabled by default, so the crate's > normal ergonomics do not change. > > The interactive example is marked with `required-features = ["std"]` so > its compile requirements are explicit instead of depending on accidental > transitive feature behavior. > > `colorgrad` now uses `default-features = false`. > > ## Why Only `strum/std` > > `strum/std` matters here because it affects trait-based downstream > integration on a public enum type. `BarStyle` derives traits whose > interaction with clap depends on the trait set of `strum::ParseError`. > > `colorgrad/std` does not play the same role in this crate today, so the > `std` feature does not forward `colorgrad/std`. > > ## Docs > > The crate now uses `document-features` so the feature contract is > rendered in generated docs and on docs.rs. > > ## CI > > The issue exposed by > [#210](#210) was a normal > compile failure in a non-lib target. > > The workspace already ran `cargo check --all-features --workspace`, but > that does not compile examples and other non-lib targets. `cargo check > --all-targets --all-features --workspace` reproduces the failure > directly. > > This PR adds explicit all-targets compile coverage so example-target > breakage is caught as a normal build/check failure. > > ## Verification > > ```shell > cargo check --all-targets --all-features --workspace > cargo clippy --all-targets --all-features --workspace -- -D warnings > cargo check -p tui-bar-graph --lib --no-default-features > cargo doc -p tui-bar-graph --all-features > cargo rdme --check --manifest-path tui-bar-graph/Cargo.toml > ``` > > ## Follow-up > > A broader `no_std` audit of the other widget crates was done during this > work and recorded separately on > [#102](#102). </blockquote> </p></details> --- This PR was generated with [release-plz](https://github.com/release-plz/release-plz/). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
joshka
pushed a commit
that referenced
this pull request
Apr 4, 2026
## 🤖 New release * `tui-widgets`: 0.7.1 -> 0.7.2 (✓ API compatible changes) <details><summary><i><b>Changelog</b></i></summary><p> <blockquote> ## [0.7.2] - 2026-04-04 ### ⚙️ Miscellaneous Tasks - *(deps)* Lower dependency floors and reduce dependabot noise ([#211](#211)) > ## Summary > > - lower direct dependency requirements to the broadest semver ranges the > workspace actually supports > - keep `Cargo.lock` on current compatible releases, including the direct > `clap`, `tokio`, `futures`, and `rand` updates that fit this PR's scope > - configure Dependabot to group Cargo and GitHub Actions updates and use > `increase-if-necessary` to reduce manifest churn > > ## Details > > This change validates dependency floors with `cargo minimal-versions` in > `--direct` mode so the library manifests reflect honest direct > requirements instead of transitive minimum noise. > > Notable outcomes: > > - broadened requirements such as `clap = "4"` and `tokio = "1"` after > verifying the workspace still compiles and tests against their earliest > compatible direct versions > - kept real floors where required, such as `crossterm = "0.29"`, > `document-features = "0.2.11"`, and `derive_setters = "0.1.9"` > - kept the direct `rand` update to `0.10` and adjusted the > `tui-bar-graph` examples to generate random `Vec<f64>` values in a `rand > 0.10`-compatible way > - kept transitive duplicate major versions where they are still required > by downstream crates like the Ratatui stack or `lipsum` > > Dependabot should now produce less noise because grouped update PRs can > primarily refresh `Cargo.lock` while leaving `Cargo.toml` alone unless a > broader range is truly needed. > > ## Validation > > - `cargo minimal-versions check --workspace --direct` > - `cargo check --all-features --workspace` > - `cargo test --all-features --workspace` > - `cargo minimal-versions test --workspace --all-features --direct` > - `cargo outdated --workspace --root-deps-only` > - `cargo test -p tui-bar-graph --all-features --examples` > > ## Supersedes > > This PR should supersede and allow closing the related Dependabot PRs: - *(deps)* Support strum 0.28 ([#224](#224)) > ## Summary > > This PR fixes the `strum 0.28` dependency bump proposed in > [#210](#210) and adds > explicit `cargo check --all-targets --all-features --workspace` coverage > so example-target compile failures are caught directly in CI instead of > being missed by the existing workspace check. > > ## Root Cause > > The failure came from the `tui-bar-graph` example, where clap derives a > parser for `BarStyle`. > > `BarStyle` still derives `FromStr`, and this was not caused by the > `#[strum(default)]` behavior change from [strum PR > #476](Peternator7/strum#476). The actual issue > was dependency resolution plus feature unification. > > Before the bump, `tui-bar-graph` and `ratatui-core` both used `strum > 0.27`, so Cargo unified them and `ratatui-core`'s `strum/std` activation > effectively carried `std` into the `strum` instance used by > `tui-bar-graph`. After > [#210](#210), `tui-bar-graph` > used `strum 0.28` while `ratatui-core` still used `strum 0.27`, so the > graph split into separate `strum` packages. > > At that point, `tui-bar-graph`'s own `strum 0.28` was built with > `default-features = false`, which meant `strum::ParseError` no longer > implemented `std::error::Error` in that context. That was enough to > break clap's inferred parser for `BarStyle`. > > ## Code Changes > > `tui-bar-graph` now declares an explicit `std` feature and uses it to > enable `strum/std`. `std` remains enabled by default, so the crate's > normal ergonomics do not change. > > The interactive example is marked with `required-features = ["std"]` so > its compile requirements are explicit instead of depending on accidental > transitive feature behavior. > > `colorgrad` now uses `default-features = false`. > > ## Why Only `strum/std` > > `strum/std` matters here because it affects trait-based downstream > integration on a public enum type. `BarStyle` derives traits whose > interaction with clap depends on the trait set of `strum::ParseError`. > > `colorgrad/std` does not play the same role in this crate today, so the > `std` feature does not forward `colorgrad/std`. > > ## Docs > > The crate now uses `document-features` so the feature contract is > rendered in generated docs and on docs.rs. > > ## CI > > The issue exposed by > [#210](#210) was a normal > compile failure in a non-lib target. > > The workspace already ran `cargo check --all-features --workspace`, but > that does not compile examples and other non-lib targets. `cargo check > --all-targets --all-features --workspace` reproduces the failure > directly. > > This PR adds explicit all-targets compile coverage so example-target > breakage is caught as a normal build/check failure. > > ## Verification > > ```shell > cargo check --all-targets --all-features --workspace > cargo clippy --all-targets --all-features --workspace -- -D warnings > cargo check -p tui-bar-graph --lib --no-default-features > cargo doc -p tui-bar-graph --all-features > cargo rdme --check --manifest-path tui-bar-graph/Cargo.toml > ``` > > ## Follow-up > > A broader `no_std` audit of the other widget crates was done during this > work and recorded separately on > [#102](#102). - *(tui-scrollbar)* Release v0.2.4 ([#213](#213)) > ## 🤖 New release > > * `tui-scrollbar`: 0.2.3 -> 0.2.4 (✓ API compatible changes) > > <details><summary><i><b>Changelog</b></i></summary><p> > > <blockquote> > > ## [0.2.4] - 2026-04-04 > > ### Other > > - [codex] Vendor CI workflows into this repository > ([#212](#212)) > </blockquote> > > > </p></details> > > --- > This PR was generated with > [release-plz](https://github.com/release-plz/release-plz/). - *(tui-prompts)* Release v0.6.3 ([#214](#214)) > ## 🤖 New release > > * `tui-prompts`: 0.6.2 -> 0.6.3 (✓ API compatible changes) > > <details><summary><i><b>Changelog</b></i></summary><p> > > <blockquote> > > ## [0.6.3] - 2026-04-04 > > ### ⚙️ Miscellaneous Tasks > > - *(deps)* Lower dependency floors and reduce dependabot noise > ([#211](#211)) > > ## Summary > > > > - lower direct dependency requirements to the broadest semver ranges > the > > workspace actually supports > > - keep `Cargo.lock` on current compatible releases, including the > direct > > `clap`, `tokio`, `futures`, and `rand` updates that fit this PR's > scope > > - configure Dependabot to group Cargo and GitHub Actions updates and > use > > `increase-if-necessary` to reduce manifest churn > > > > ## Details > > > > This change validates dependency floors with `cargo minimal-versions` > in > > `--direct` mode so the library manifests reflect honest direct > > requirements instead of transitive minimum noise. > > > > Notable outcomes: > > > > - broadened requirements such as `clap = "4"` and `tokio = "1"` after > > verifying the workspace still compiles and tests against their > earliest > > compatible direct versions > > - kept real floors where required, such as `crossterm = "0.29"`, > > `document-features = "0.2.11"`, and `derive_setters = "0.1.9"` > > - kept the direct `rand` update to `0.10` and adjusted the > > `tui-bar-graph` examples to generate random `Vec<f64>` values in a > `rand > > 0.10`-compatible way > > - kept transitive duplicate major versions where they are still > required > > by downstream crates like the Ratatui stack or `lipsum` > > > > Dependabot should now produce less noise because grouped update PRs > can > > primarily refresh `Cargo.lock` while leaving `Cargo.toml` alone unless > a > > broader range is truly needed. > > > > ## Validation > > > > - `cargo minimal-versions check --workspace --direct` > > - `cargo check --all-features --workspace` > > - `cargo test --all-features --workspace` > > - `cargo minimal-versions test --workspace --all-features --direct` > > - `cargo outdated --workspace --root-deps-only` > > - `cargo test -p tui-bar-graph --all-features --examples` > > > > ## Supersedes > > > > This PR should supersede and allow closing the related Dependabot PRs: > > ### Other > > - [codex] Vendor CI workflows into this repository > ([#212](#212)) > </blockquote> > > > </p></details> > > --- > This PR was generated with > [release-plz](https://github.com/release-plz/release-plz/). - *(tui-big-text)* Release v0.8.4 ([#215](#215)) > ## 🤖 New release > > * `tui-big-text`: 0.8.3 -> 0.8.4 (✓ API compatible changes) > > <details><summary><i><b>Changelog</b></i></summary><p> > > <blockquote> > > ## [0.8.4] - 2026-04-04 > > ### ⚙️ Miscellaneous Tasks > > - *(deps)* Lower dependency floors and reduce dependabot noise > ([#211](#211)) > > ## Summary > > > > - lower direct dependency requirements to the broadest semver ranges > the > > workspace actually supports > > - keep `Cargo.lock` on current compatible releases, including the > direct > > `clap`, `tokio`, `futures`, and `rand` updates that fit this PR's > scope > > - configure Dependabot to group Cargo and GitHub Actions updates and > use > > `increase-if-necessary` to reduce manifest churn > > > > ## Details > > > > This change validates dependency floors with `cargo minimal-versions` > in > > `--direct` mode so the library manifests reflect honest direct > > requirements instead of transitive minimum noise. > > > > Notable outcomes: > > > > - broadened requirements such as `clap = "4"` and `tokio = "1"` after > > verifying the workspace still compiles and tests against their > earliest > > compatible direct versions > > - kept real floors where required, such as `crossterm = "0.29"`, > > `document-features = "0.2.11"`, and `derive_setters = "0.1.9"` > > - kept the direct `rand` update to `0.10` and adjusted the > > `tui-bar-graph` examples to generate random `Vec<f64>` values in a > `rand > > 0.10`-compatible way > > - kept transitive duplicate major versions where they are still > required > > by downstream crates like the Ratatui stack or `lipsum` > > > > Dependabot should now produce less noise because grouped update PRs > can > > primarily refresh `Cargo.lock` while leaving `Cargo.toml` alone unless > a > > broader range is truly needed. > > > > ## Validation > > > > - `cargo minimal-versions check --workspace --direct` > > - `cargo check --all-features --workspace` > > - `cargo test --all-features --workspace` > > - `cargo minimal-versions test --workspace --all-features --direct` > > - `cargo outdated --workspace --root-deps-only` > > - `cargo test -p tui-bar-graph --all-features --examples` > > > > ## Supersedes > > > > This PR should supersede and allow closing the related Dependabot PRs: > > ### Other > > - [codex] Vendor CI workflows into this repository > ([#212](#212)) > </blockquote> > > > </p></details> > > --- > This PR was generated with > [release-plz](https://github.com/release-plz/release-plz/). - *(tui-scrollview)* Release v0.6.4 ([#216](#216)) > ## 🤖 New release > > * `tui-scrollview`: 0.6.3 -> 0.6.4 (✓ API compatible changes) > > <details><summary><i><b>Changelog</b></i></summary><p> > > <blockquote> > > ## [0.6.4] - 2026-04-04 > > ### Other > > - [codex] Vendor CI workflows into this repository > ([#212](#212)) > </blockquote> > > > </p></details> > > --- > This PR was generated with > [release-plz](https://github.com/release-plz/release-plz/). - *(tui-qrcode)* Release v0.2.4 ([#219](#219)) > ## 🤖 New release > > * `tui-qrcode`: 0.2.3 -> 0.2.4 (✓ API compatible changes) > > <details><summary><i><b>Changelog</b></i></summary><p> > > <blockquote> > > ## [0.2.4] - 2026-04-04 > > ### ⚙️ Miscellaneous Tasks > > - *(deps)* Lower dependency floors and reduce dependabot noise > ([#211](#211)) > > ## Summary > > > > - lower direct dependency requirements to the broadest semver ranges > the > > workspace actually supports > > - keep `Cargo.lock` on current compatible releases, including the > direct > > `clap`, `tokio`, `futures`, and `rand` updates that fit this PR's > scope > > - configure Dependabot to group Cargo and GitHub Actions updates and > use > > `increase-if-necessary` to reduce manifest churn > > > > ## Details > > > > This change validates dependency floors with `cargo minimal-versions` > in > > `--direct` mode so the library manifests reflect honest direct > > requirements instead of transitive minimum noise. > > > > Notable outcomes: > > > > - broadened requirements such as `clap = "4"` and `tokio = "1"` after > > verifying the workspace still compiles and tests against their > earliest > > compatible direct versions > > - kept real floors where required, such as `crossterm = "0.29"`, > > `document-features = "0.2.11"`, and `derive_setters = "0.1.9"` > > - kept the direct `rand` update to `0.10` and adjusted the > > `tui-bar-graph` examples to generate random `Vec<f64>` values in a > `rand > > 0.10`-compatible way > > - kept transitive duplicate major versions where they are still > required > > by downstream crates like the Ratatui stack or `lipsum` > > > > Dependabot should now produce less noise because grouped update PRs > can > > primarily refresh `Cargo.lock` while leaving `Cargo.toml` alone unless > a > > broader range is truly needed. > > > > ## Validation > > > > - `cargo minimal-versions check --workspace --direct` > > - `cargo check --all-features --workspace` > > - `cargo test --all-features --workspace` > > - `cargo minimal-versions test --workspace --all-features --direct` > > - `cargo outdated --workspace --root-deps-only` > > - `cargo test -p tui-bar-graph --all-features --examples` > > > > ## Supersedes > > > > This PR should supersede and allow closing the related Dependabot PRs: > </blockquote> > > > </p></details> > > --- > This PR was generated with > [release-plz](https://github.com/release-plz/release-plz/). - *(tui-popup)* Release v0.7.4 ([#220](#220)) > ## 🤖 New release > > * `tui-popup`: 0.7.3 -> 0.7.4 (✓ API compatible changes) > > <details><summary><i><b>Changelog</b></i></summary><p> > > <blockquote> > > ## [0.7.4] - 2026-04-04 > > ### ⚙️ Miscellaneous Tasks > > - Update Cargo.toml dependencies > </blockquote> > > > </p></details> > > --- > This PR was generated with > [release-plz](https://github.com/release-plz/release-plz/). - *(tui-box-text)* Release v0.3.3 ([#221](#221)) > ## 🤖 New release > > * `tui-box-text`: 0.3.2 -> 0.3.3 (✓ API compatible changes) > > <details><summary><i><b>Changelog</b></i></summary><p> > > <blockquote> > > ## [0.3.3] - 2026-04-04 > > ### ⚙️ Miscellaneous Tasks > > - Update Cargo.toml dependencies > </blockquote> > > > </p></details> > > --- > This PR was generated with > [release-plz](https://github.com/release-plz/release-plz/). - *(tui-cards)* Release v0.3.3 ([#222](#222)) > ## 🤖 New release > > * `tui-cards`: 0.3.2 -> 0.3.3 (✓ API compatible changes) > > <details><summary><i><b>Changelog</b></i></summary><p> > > <blockquote> > > ## [0.3.3] - 2026-04-04 > > ### ⚙️ Miscellaneous Tasks > > - Update Cargo.toml dependencies > </blockquote> > > > </p></details> > > --- > This PR was generated with > [release-plz](https://github.com/release-plz/release-plz/). - *(tui-bar-graph)* Release v0.3.3 ([#223](#223)) > ## 🤖 New release > > * `tui-bar-graph`: 0.3.2 -> 0.3.3 (✓ API compatible changes) > > <details><summary><i><b>Changelog</b></i></summary><p> > > <blockquote> > > ## [0.3.3] - 2026-04-04 > > ### ⚙️ Miscellaneous Tasks > > - *(deps)* Lower dependency floors and reduce dependabot noise > ([#211](#211)) > > ## Summary > > > > - lower direct dependency requirements to the broadest semver ranges > the > > workspace actually supports > > - keep `Cargo.lock` on current compatible releases, including the > direct > > `clap`, `tokio`, `futures`, and `rand` updates that fit this PR's > scope > > - configure Dependabot to group Cargo and GitHub Actions updates and > use > > `increase-if-necessary` to reduce manifest churn > > > > ## Details > > > > This change validates dependency floors with `cargo minimal-versions` > in > > `--direct` mode so the library manifests reflect honest direct > > requirements instead of transitive minimum noise. > > > > Notable outcomes: > > > > - broadened requirements such as `clap = "4"` and `tokio = "1"` after > > verifying the workspace still compiles and tests against their > earliest > > compatible direct versions > > - kept real floors where required, such as `crossterm = "0.29"`, > > `document-features = "0.2.11"`, and `derive_setters = "0.1.9"` > > - kept the direct `rand` update to `0.10` and adjusted the > > `tui-bar-graph` examples to generate random `Vec<f64>` values in a > `rand > > 0.10`-compatible way > > - kept transitive duplicate major versions where they are still > required > > by downstream crates like the Ratatui stack or `lipsum` > > > > Dependabot should now produce less noise because grouped update PRs > can > > primarily refresh `Cargo.lock` while leaving `Cargo.toml` alone unless > a > > broader range is truly needed. > > > > ## Validation > > > > - `cargo minimal-versions check --workspace --direct` > > - `cargo check --all-features --workspace` > > - `cargo test --all-features --workspace` > > - `cargo minimal-versions test --workspace --all-features --direct` > > - `cargo outdated --workspace --root-deps-only` > > - `cargo test -p tui-bar-graph --all-features --examples` > > > > ## Supersedes > > > > This PR should supersede and allow closing the related Dependabot PRs: > > - *(deps)* Support strum 0.28 > ([#224](#224)) > > ## Summary > > > > This PR fixes the `strum 0.28` dependency bump proposed in > > [#210](#210) and adds > > explicit `cargo check --all-targets --all-features --workspace` > coverage > > so example-target compile failures are caught directly in CI instead > of > > being missed by the existing workspace check. > > > > ## Root Cause > > > > The failure came from the `tui-bar-graph` example, where clap derives > a > > parser for `BarStyle`. > > > > `BarStyle` still derives `FromStr`, and this was not caused by the > > `#[strum(default)]` behavior change from [strum PR > > #476](Peternator7/strum#476). The actual issue > > was dependency resolution plus feature unification. > > > > Before the bump, `tui-bar-graph` and `ratatui-core` both used `strum > > 0.27`, so Cargo unified them and `ratatui-core`'s `strum/std` > activation > > effectively carried `std` into the `strum` instance used by > > `tui-bar-graph`. After > > [#210](#210), > `tui-bar-graph` > > used `strum 0.28` while `ratatui-core` still used `strum 0.27`, so the > > graph split into separate `strum` packages. > > > > At that point, `tui-bar-graph`'s own `strum 0.28` was built with > > `default-features = false`, which meant `strum::ParseError` no longer > > implemented `std::error::Error` in that context. That was enough to > > break clap's inferred parser for `BarStyle`. > > > > ## Code Changes > > > > `tui-bar-graph` now declares an explicit `std` feature and uses it to > > enable `strum/std`. `std` remains enabled by default, so the crate's > > normal ergonomics do not change. > > > > The interactive example is marked with `required-features = ["std"]` > so > > its compile requirements are explicit instead of depending on > accidental > > transitive feature behavior. > > > > `colorgrad` now uses `default-features = false`. > > > > ## Why Only `strum/std` > > > > `strum/std` matters here because it affects trait-based downstream > > integration on a public enum type. `BarStyle` derives traits whose > > interaction with clap depends on the trait set of `strum::ParseError`. > > > > `colorgrad/std` does not play the same role in this crate today, so > the > > `std` feature does not forward `colorgrad/std`. > > > > ## Docs > > > > The crate now uses `document-features` so the feature contract is > > rendered in generated docs and on docs.rs. > > > > ## CI > > > > The issue exposed by > > [#210](#210) was a normal > > compile failure in a non-lib target. > > > > The workspace already ran `cargo check --all-features --workspace`, > but > > that does not compile examples and other non-lib targets. `cargo check > > --all-targets --all-features --workspace` reproduces the failure > > directly. > > > > This PR adds explicit all-targets compile coverage so example-target > > breakage is caught as a normal build/check failure. > > > > ## Verification > > > > ```shell > > cargo check --all-targets --all-features --workspace > > cargo clippy --all-targets --all-features --workspace -- -D warnings > > cargo check -p tui-bar-graph --lib --no-default-features > > cargo doc -p tui-bar-graph --all-features > > cargo rdme --check --manifest-path tui-bar-graph/Cargo.toml > > ``` > > > > ## Follow-up > > > > A broader `no_std` audit of the other widget crates was done during > this > > work and recorded separately on > > [#102](#102). > </blockquote> > > > </p></details> > > --- > This PR was generated with > [release-plz](https://github.com/release-plz/release-plz/). ### Other - [codex] Vendor CI workflows into this repository ([#212](#212)) - [codex] fix(ci): avoid direct secret check in workflow ([#218](#218)) </blockquote> </p></details> --- This PR was generated with [release-plz](https://github.com/release-plz/release-plz/). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Cargo.lockon current compatible releases, including the directclap,tokio,futures, andrandupdates that fit this PR's scopeincrease-if-necessaryto reduce manifest churnDetails
This change validates dependency floors with
cargo minimal-versionsin--directmode so the library manifests reflect honest direct requirements instead of transitive minimum noise.Notable outcomes:
clap = "4"andtokio = "1"after verifying the workspace still compiles and tests against their earliest compatible direct versionscrossterm = "0.29",document-features = "0.2.11", andderive_setters = "0.1.9"randupdate to0.10and adjusted thetui-bar-graphexamples to generate randomVec<f64>values in arand 0.10-compatible waylipsumDependabot should now produce less noise because grouped update PRs can primarily refresh
Cargo.lockwhile leavingCargo.tomlalone unless a broader range is truly needed.Validation
cargo minimal-versions check --workspace --directcargo check --all-features --workspacecargo test --all-features --workspacecargo minimal-versions test --workspace --all-features --directcargo outdated --workspace --root-deps-onlycargo test -p tui-bar-graph --all-features --examplesSupersedes
This PR should supersede and allow closing the related Dependabot PRs:
It also reduces the chances of similar one-off bump PR noise going forward.