Skip to content

chore(rs): bump IC dependencies and didc to latest#7812

Merged
yhabib merged 11 commits into
mainfrom
chore/cargo-deps
May 21, 2026
Merged

chore(rs): bump IC dependencies and didc to latest#7812
yhabib merged 11 commits into
mainfrom
chore/cargo-deps

Conversation

@yhabib

@yhabib yhabib commented Apr 7, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Motivation

The IC cargo dependencies were pinned to release-2025-08-14_03-27-base. Upgrading to release-2026-04-02_04-48-base was blocked because the new IC release requires ic-cdk-timers ^1.0.0, which conflicts with the old version ^0.11.0 pinned in the workspace. Additionally, didc was bumped from 0.4.0 to 0.5.4.

Changes

  • Updated IC git dependencies revision from release-2025-08-14_03-27-base to release-2026-04-02_04-48-base.
  • Bumped ic-cdk from 0.17.1 to 0.19.0, ic-cdk-timers from 0.11.0 to 1.0.0, and ic-management-canister-types from 0.4.1 to 0.5.0.
  • Migrated the set_timer and set_timer_interval call sites to the new future-based API in ic-cdk-timers 1.0.0.
  • Updated the timer test mock in timer.rs to store futures instead of plain closures.
  • Removed the now-unused spawn module from the backend.
  • Migrated ic_cdk::call to the new ic_cdk::call::Call::unbounded_wait builder API in exchange_rate_canister.rs, governance.rs, upstream.rs, and lib.rs.
  • Updated deprecated API paths: ic_cdk::id to canister_self, api::set_certified_data to certified_data_set, api::stable::* to ic_cdk::stable::*, and api::call::CallResult/RejectionCode to ic_cdk::call::CallResult/RejectCode.
  • Replaced CanisterId/CanisterIdRecord from the deprecated api::management_canister::main module with candid::Principal and ic_cdk::management_canister::CanisterIdRecord.
  • Added #![allow(deprecated)] to the auto-generated ic_sns_*.rs bindings and the did2rs.header template.
  • Removed the unsupported decoding_quota attribute from #[ic_cdk::query] in sns_aggregator (removed in ic-cdk 0.19.0).
  • Updated DIDC_RELEASE to 2025-12-18 and DIDC_VERSION to didc 0.5.4 in config.json.
  • Bumped the candid_parser dev-dependency from 0.1.2 to 0.3.0.

Tests

  • CI should be green

Todos

  • Accessibility (a11y) – any impact?
  • Changelog – is it needed? - Not applicable

@yhabib yhabib requested a review from a team as a code owner April 7, 2026 11:43
@yhabib yhabib marked this pull request as draft April 7, 2026 11:43
@yhabib yhabib mentioned this pull request Apr 7, 2026
Closed
2 tasks
@yhabib yhabib force-pushed the chore/cargo-deps branch from 505fcff to b3b5528 Compare April 10, 2026 13:09
@yhabib yhabib marked this pull request as ready for review April 13, 2026 13:34
@yhabib yhabib force-pushed the chore/cargo-deps branch from b3b5528 to e22379e Compare May 20, 2026 04:52
@zeropath-ai

zeropath-ai Bot commented May 20, 2026
edited
Loading

Copy link
Copy Markdown

No security or compliance issues detected. Reviewed everything up to 06954a4.

Security Overview
Detected Code Changes

The diff is too large to display a summary of code changes.

yhabib added 10 commits May 20, 2026 17:08
@yhabib
bump versions
8c35ef6
@yhabib
fix tests
adfd1b0
@yhabib
fmt
21fa9b0
@yhabib
tests
285b7fe
@yhabib
fmt
92a2a30
@yhabib
restore http_request decoding quota via decode_with
1f925f9 
ic-cdk 0.19 removed the decoding_quota query attribute. Re-impose
the 10K cycle budget that previously guarded http_request against
oversized attacker-controlled payloads, using a custom decode_with
function that sets both decoding_quota and skipping_quota.

Also drops a useless .into_iter() flagged by newer clippy.
@yhabib
use Display for ic_cdk::call::Error in log messages
f4faa12 
After the ic-cdk 0.19 migration, the error type returned from
inter-canister calls changed from (RejectionCode, String) to
ic_cdk::call::Error. The old code formatted these with {err:?} which
produced clean output for the tuple, but the new Error enum's Debug
output is verbose (CallRejected { ... }). Switch to {err} so that
thiserror's Display impl (transparent on each variant) renders the
reject_message directly. Logs only — no candid surface affected.

Also drops the orphaned rs/backend/src/spawn.rs file. The 'mod spawn'
declaration was removed from main.rs during the ic-cdk-timers
migration but the file itself was left behind.
@yhabib
fmt
0a32a06
@yhabib
add missing semicolon flagged by clippy
c470642 
The braced match arm for the lifecycle error needs a trailing
semicolon to match the other arms and satisfy
clippy::semicolon_if_nothing_returned on Rust 1.94.1.
@yhabib
use workspace dep for ic-cdk + ic-cdk-timers in sns_aggregator
91e6799 
Avoid drift between the workspace pin and a hardcoded version in
sns_aggregator's Cargo.toml on the next ic-cdk bump.

Also adds TODOs for two pre-existing concerns surfaced during review
that are out of scope for this branch:
- update_cache could race under concurrent timer invocations; consider
  set_timer_interval_serial added in ic-cdk-timers 1.0.0.
- backend http_request has no decoding quota; add a decode_with
  decoder matching the sns_aggregator pattern.
@yhabib yhabib force-pushed the chore/cargo-deps branch from 8699089 to 91e6799 Compare May 20, 2026 15:09
jasonz-dfinity
jasonz-dfinity approved these changes May 20, 2026
View reviewed changes
Comment thread rs/backend/src/state/partitions.rs Outdated
@yhabib
move WASM_PAGE_SIZE_IN_BYTES below imports
06954a4 
Address review nit: the const was sandwiched between two use
statements. Moving it below the import block reads cleaner.
@yhabib yhabib added this pull request to the merge queue May 21, 2026
@github-merge-queue github-merge-queue Bot removed this pull request from the merge queue due to failed status checks May 21, 2026
@yhabib yhabib added this pull request to the merge queue May 21, 2026
Merged via the queue into main with commit e3e6def May 21, 2026
34 checks passed
@yhabib yhabib deleted the chore/cargo-deps branch May 21, 2026 19:14
@yhabib yhabib mentioned this pull request May 26, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@jasonz-dfinity jasonz-dfinity jasonz-dfinity approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@yhabib @jasonz-dfinity