Bump Rust dependencies

[forstmeier]

Summary

• Bumps sentry and sentry-tower from 0.35 to 0.47, updating the deprecated SentryHttpLayer::with_transaction() call to SentryHttpLayer::new().enable_transaction()
• Bumps duckdb from 1.4.3 to 1.10500.0 (new versioning scheme, bundles DuckDB v1.5.0); the Dependabot PR had a CI failure — confirmed fixed locally with all tests passing
• Bumps aws-config to 1.8.15 and aws-credential-types to 1.2.14 (patch updates)
• Pulls in transitive security fixes: quinn-proto 0.11.14 (DoS fix GHSA-6xvm-j4wr-6v98) and tar 0.4.45 (symlink chmod attack fix)

Resolves Dependabot PRs: #788, #789, #794, #795, #798, #800.

Test plan

• cargo build -p data_manager passes with no warnings
• mask development rust all passes (18/18 tests, coverage maintained)
• CI passes on this PR

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores
  • Upgraded core libraries (HTTP client, AWS SDK, DB connector, and error-tracking) to newer releases.
  • Adjusted error-reporting configuration to enable transaction capture for improved diagnostics.
  • CI updated to download and use a newer DuckDB system library release.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 935965d9-5ed5-40b5-99ba-5477fed4b36b

📥 Commits

Reviewing files that changed from the base of the PR and between e02f67e and b23590e.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (1)

• applications/data_manager/Cargo.toml

---

📝 Walkthrough

Walkthrough

Bumped several dependencies in applications/data_manager/Cargo.toml, switched Sentry middleware initialization in applications/data_manager/src/router.rs from SentryHttpLayer::with_transaction() to SentryHttpLayer::new().enable_transaction(), and updated the CI DuckDB system-library download to release v1.5.0.

Changes

Cohort / File(s)	Summary
Dependency Updates applications/data_manager/Cargo.toml	Updated crate versions: reqwest moved to 0.13 (main dep now a table with features = ["query"]), dev reqwest bumped to 0.13 (features = ["json"]), aws-config → 1.8.15, aws-credential-types → 1.2.14, duckdb → 1.10500.0 (kept ["r2d2","chrono"]), tracing-subscriber → 0.3.23, sentry & sentry-tower → 0.47.
Sentry Middleware Configuration applications/data_manager/src/router.rs	Replaced SentryHttpLayer::with_transaction() with SentryHttpLayer::new().enable_transaction() (builder-style enablement of transactions).
CI / DuckDB System Library .github/workflows/run_code_checks.yaml	Updated DuckDB Linux AMD64 system library download from release v1.4.3 → v1.5.0 in the install step.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• Update builder/server DuckDB dependencies #662: DuckDB version and system-library install updates overlap with this PR's CI and duckdb dependency changes.
• Add fixes for all GitHub Dependabot security alerts #745: Overlapping dependency version bumps in applications/data_manager/Cargo.toml.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Bump Rust dependencies' accurately reflects the main changes: all modifications involve upgrading dependency versions in Cargo.toml and a workflow file, plus a code update to adapt to an API change in sentry-tower.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch bump-rust-dependencies

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[greptile-apps]

Greptile Summary

This PR bumps a set of Rust dependencies for data_manager: sentry/sentry-tower 0.35→0.47, duckdb 1.4.3→1.10500.0 (bundling DuckDB 1.5.0), AWS SDK patch updates, and reqwest 0.12→0.13, along with the matching CI workflow update for the DuckDB system library.

Key observations:

• The router.rs migration from SentryHttpLayer::with_transaction() to SentryHttpLayer::new().enable_transaction() correctly tracks the sentry 0.47 API change.
• Both security fixes called out in the PR description are now confirmed in Cargo.lock: quinn-proto is at 0.11.14 (DoS fix GHSA-6xvm-j4wr-6v98) and tar is at 0.4.45 (symlink chmod fix) — both concerns raised in prior review rounds are resolved.
• The CI wget URL now points to v1.5.0, consistent with the duckdb crate version 1.10500.0.
• The application and dev-dependency for reqwest were both migrated to 0.13, partially addressing the dual-version concern raised in a prior review.

Confidence Score: 4/5

• PR is safe to merge; the changes are well-scoped dependency bumps with confirmed security fixes and a correct API migration.
• Both previously unresolved security concerns (quinn-proto, tar) are now confirmed fixed in the lock file. The sentry API migration in router.rs is correct. The reqwest dual-version concern has been partially addressed by migrating data_manager to 0.13. Score stops at 4 rather than 5 because the actix-web transitive dependency (introduced by sentry 0.47 default features) is a new compile-time overhead that was flagged in a prior thread but remains unresolved — it does not affect correctness but represents unnecessary build weight for an Axum-based service.
• applications/data_manager/Cargo.toml — sentry 0.47 default features pull in the full actix-web stack; worth revisiting with default-features = false and explicit feature selection.

Important Files Changed

Filename	Overview
.github/workflows/run_code_checks.yaml	DuckDB download URL updated from v1.4.3 to v1.5.0, correctly aligned with the duckdb crate's new versioning scheme (1.10500.0 = DuckDB 1.5.0).
applications/data_manager/Cargo.toml	Multiple dependency bumps including sentry 0.35→0.47, duckdb 1.4.3→1.10500.0, reqwest 0.12→0.13, and AWS SDK patch updates. Sentry 0.47 now pulls in the full actix-web stack as a transitive dependency (via sentry-actix default feature), which was raised in a prior review thread.
applications/data_manager/src/router.rs	Correctly migrates the deprecated SentryHttpLayer::with_transaction() call to the new SentryHttpLayer::new().enable_transaction() API in sentry 0.47.
Cargo.lock	Lock file updated with all bumped crates. Both security fixes (quinn-proto 0.11.13→0.11.14 for GHSA-6xvm-j4wr-6v98, tar 0.4.44→0.4.45) are now confirmed present. reqwest 0.12.28 still appears as a transitive dependency alongside the newly added 0.13.2.

_{Reviews (4): Last reviewed commit: "Merge branch 'master' into bump-rust-dep..." | Re-trigger Greptile}

[Copilot]

Pull request overview

This PR updates Rust dependencies for the data_manager service (and workspace lockfile), including major bumps for Sentry and DuckDB, and adjusts code to match updated APIs.

Changes:

• Bump sentry / sentry-tower to 0.47 and update Axum middleware usage to the new transaction API.
• Bump duckdb to 1.10500.0 (DuckDB v1.5.0 via new crate versioning scheme).
• Update AWS config/credential crates and refresh Cargo.lock with new transitive/security-fix dependencies.

Reviewed changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated 2 comments.

File	Description
applications/data_manager/src/router.rs	Updates Sentry tower layer initialization to the new SentryHttpLayer API.
applications/data_manager/Cargo.toml	Pins updated versions for aws-config, aws-credential-types, duckdb, sentry, and sentry-tower.
Cargo.lock	Large lockfile refresh reflecting the dependency bumps and new transitive dependencies/security fixes.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 3 out of 4 changed files in this pull request and generated no new comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 3 out of 4 changed files in this pull request and generated no new comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.