build(deps): bump prost from 0.13.5 to 0.14.1 in /app-server

[dependabot]

Bumps prost from 0.13.5 to 0.14.1.

Changelog

Sourced from prost's changelog.

Prost version 0.14.1

PROST! is a Protocol Buffers implementation for the Rust Language. prost generates simple, idiomatic Rust code from proto2 and proto3 files.

⚠️ Revert emission of rerun commands

Version 0.14.1 reverts the emission of rerun commands. Other than this change, it is identical to 0.14.0.

In version 0.14.0, prost-build began emitting rerun commands. While intended to improve build correctness, this change caused regressions for some users—for example, those generating protos from an includes directory. These edge cases are difficult to address reliably, so the change has been rolled back in 0.14.1.

For more details, see [issue #1296](tokio-rs/prost#1296).

Breaking changes

• prost: Relax Message Debug trait bound (#1147)

  BREAKING CHANGE: trait Debug was a supertrait of trait Message. This is no longer required by prost. If your code relies on trait Debug being implemented for every impl Message, you must now explicitly state that you require both Debug and Message. For example: where M: Debug + Message

• prost: Remove prost-derive feature (#1247)

  BREAKING CHANGE: Feature flag prost-derive is renamed to derive. Please rename any usage of prost-derive feature in your Cargo.toml.

• prost-build: Prevent repeated fields to be boxed (#1237)

  BREAKING CHANGE: A repeated field that is manually marked as boxed was typed as Vec<Box<T>>. Those fields are now simply typed as Vec<T> to prevent double indirection. The boxed configuration is effectively ignored for repeated fields.

• prost-build: Make type_name_domain cumulative (#1228)

  BREAKING CHANGE: The configuration for domain names of messages is now cumulative. All calls to prost_build::Config::type_name_domain are now concatenated. The previous behavior was that only the arguments of the last call were used. If you do multiple calls to type_name_domain, you need to remove all but the last call to maintain the same behavior.

• prost-build: Derive Eq and Hash trait for messages where possible (#1175)

  BREAKING CHANGE: prost-build will automatically derive trait Eq and trait Hash for types where all field support those as well. If you manually impl Eq and/or impl Hash for generated types, then you need to remove the manual implementation. If you use type_attribute to derive(Eq) and/or derive(Hash), then you need to remove those.

Features

• prost-types: Implement conversion Duration to/from chrono::TimeDelta (#1236)
• prost-build: Prepare for 2024 keyword gen (#1257)

Dependencies

• (deps) Update pulldown-cmark to 0.13 (#1259)
• (deps) update criterion requirement from 0.5 to 0.6 (#1280)

Documentation

• Update dead link LICENSE in prost-types/README.md (#1262)

Styling

• Use DoubleEndedIterator::next_back (#1255)
• Fix typo (#1260)

... (truncated)

Commits

• 9965a98 chore: Release version 0.14.1 (#1299)
• 0caca29 Revert "feat(prost-build): emit rerun commands (#1140)" (#1297)
• 3543eb8 chore: Release version 0.14.0 (#1276)
• 1e93f56 build(deps): update criterion requirement from 0.5 to 0.6 (#1280)
• bdd03fc Update config.rs (#1270)
• fcf610e ci: Run clippy with edition 2024 enabled (#1256)
• 8a3d42e docs: update dead link LICENSE in prost-types/README.md (#1262)
• 97d5841 chore: fix typo (#1260)
• 5c97cf8 build(deps): Update pulldown-cmark to 0.13 (#1259)
• db871b4 harden ref mut according to edition 2024 (#1248)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

Important

Bump prost from 0.13.5 to 0.14.1 in app-server, updating dependencies and handling breaking changes.

• Dependencies:
  • Bump prost from 0.13.5 to 0.14.1 in Cargo.toml and Cargo.lock.
  • Update prost-derive to 0.14.1 in Cargo.lock.
• Breaking Changes:
  • prost no longer requires Debug trait for Message trait.
  • Rename prost-derive feature to derive.
  • prost-build no longer boxes repeated fields.
  • type_name_domain configuration is now cumulative.
  • prost-build derives Eq and Hash where possible.
• Reverts:
  • Revert emission of rerun commands in prost-build.

^{This description was created by for 0262fdd. You can customize this summary. It will automatically update as commits are pushed.}

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[ellipsis-dev]

Important

Looks good to me! 👍

Reviewed everything up to 0262fdd in 3 minutes and 55 seconds. Click for details.

• Reviewed 91 lines of code in 2 files
• Skipped 0 files when reviewing.
• Skipped posting 3 draft comments. View those below.
• Modify your settings and rules to customize what types of comments Ellipsis leaves. And don't forget to react with 👍 or 👎 to teach Ellipsis.

1. app-server/Cargo.toml:35

• Draft comment:
  Bump of prost to 0.14 is present, but note that build dependencies (tonic-build) seem to pull in prost-build (and hence prost-types) at version 0.13.5. This creates two different prost versions in the dependency graph, which could lead to type or compatibility issues. Verify that all crates using prost (including those indirectly via tonic-build) are compatible with 0.14, or consider updating tonic-build if available.
• Reason this comment was not posted:
  Decided after close inspection that this draft comment was likely wrong and/or not actionable: usefulness confidence = 10% vs. threshold = 50% This is a dependency-related comment that speculates about potential compatibility issues. The rules explicitly state not to comment on dependency changes or versions. Additionally, Rust's package manager Cargo would likely catch any actual incompatibility issues during build time. The comment is asking for verification rather than pointing out a definite issue. The comment might be identifying a real technical concern about version mismatches that could cause subtle runtime issues. Version conflicts in protobuf-related libraries can sometimes slip through compilation. While the concern might be valid, it falls under multiple exclusion rules: don't comment on dependencies, don't make speculative comments, and don't ask for verification. Any real incompatibility would be caught by Cargo or tests. Delete this comment as it violates multiple review rules: it's about dependencies, it's speculative, and it asks for verification rather than pointing out a definite issue.

2. app-server/Cargo.toml:2

• Draft comment:
  Project edition is set to "2024"; ensure that your toolchain supports this edition (it might require using a nightly compiler) and that all contributors are aligned on the required Rust version.
• Reason this comment was not posted:
  Comment was not on a location in the diff, so it can't be submitted as a review comment.

3. app-server/Cargo.lock:3785

• Draft comment:
  Typographical issue: The dependency string "prost 0.13.5" seems off. Given the commit title indicates a bump from 0.13.5 to 0.14.1, this line likely should either remain as "prost" (with the version managed elsewhere), or if inlining the version, update it to "prost 0.14.1".
• Reason this comment was not posted:
  Decided after close inspection that this draft comment was likely wrong and/or not actionable: usefulness confidence = 0% vs. threshold = 50% Cargo.lock files are automatically generated and managed by Cargo. The apparent inconsistency is likely intentional - different dependencies may require different versions of prost, and Cargo resolves these requirements automatically. The comment suggests manual editing of Cargo.lock, which is not recommended practice. The comment raises a valid observation about version inconsistency. Could this inconsistency cause problems at runtime? No - Cargo's dependency resolution is specifically designed to handle multiple versions of the same package safely. The Cargo.lock file should not be manually edited to force version alignment. The comment should be deleted because it suggests manually modifying the Cargo.lock file, which is an anti-pattern. The version differences are handled automatically by Cargo's dependency resolution.

Workflow ID: wflow_uwU46G8QbCGOvKBe

^{You can customize by changing your verbosity settings, reacting with 👍 or 👎, replying to comments, or adding code review rules.}