Skip to content

Bump decibri from 3.0.0 to 3.4.2#15

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/decibri-3.4.2
Open

Bump decibri from 3.0.0 to 3.4.2#15
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/decibri-3.4.2

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 24, 2026

Bumps decibri from 3.0.0 to 3.4.2.

Release notes

Sourced from decibri's releases.

crate-v3.4.2

What's Changed

Full Changelog: decibri/decibri@npm-v3.4.2...crate-v3.4.2

npm-v3.4.2

What's Changed

Full Changelog: decibri/decibri@npm-v3.4.1...npm-v3.4.2

npm-v3.4.1

What's Changed

Full Changelog: decibri/decibri@v3.4.0...npm-v3.4.1

v3.4.0

What's Changed

... (truncated)

Changelog

Sourced from decibri's changelog.

[3.4.2] - 2026-05-24

Fixed

  • npm package now ships its Node.js-specific README to npmjs.com. The publish workflow previously copied the root README into the npm package directory at publish time, which meant the npmjs.com page for decibri showed a generic multi-language overview instead of the Node-focused documentation at npm/decibri/README.md. Removing the copy step lets the proper README ship.

[3.4.1] - 2026-05-23

Fixed

  • Speaker example in crates/decibri/README.md: defined pcm_int16_bytes as Vec<u8> of 48000 zero bytes (1 second of int16 silence at 24kHz mono) so the example has a real value to send. Previously the example referenced pcm_int16_bytes without defining it, raising error[E0425]: cannot find value 'pcm_int16_bytes' in this scope on copy-paste.
  • npm/decibri/README.md: replaced the accidental Rust crate README copy with a Node.js and browser focused README. Users on npmjs.com landing on the decibri package were previously shown Rust documentation (cargo add decibri, Rust feature flags, etc.) instead of Node.js installation and API documentation. The new README documents the actual Node.js API surface (Decibri capture stream, DecibriOutput playback stream, events, browser conditional export, VAD modes, device selection by index / name / stable per-host ID).
  • npm/decibri/examples/: moved three runnable examples (wav-capture.js, websocket-server.js, websocket-stream.js) from the top-level examples/ directory into the npm package directory, rewrote imports to use require('decibri'), and added examples/ to package.json files so the examples ship in the published tarball. The Examples section in npm/decibri/README.md was previously removed in error during an audit pass that searched only npm/decibri/examples/ rather than the top-level examples/ where the files actually lived; this restoration corrects that and ensures npm install decibri users actually receive the example files.

[3.4.0] - 2026-05-02

Added

  • OnnxSession trait abstraction in Rust core. New internal pub(crate) trait OnnxSession inside crates/decibri/src/onnx.rs abstracts ONNX Runtime usage behind a backend-agnostic interface. SileroVad consumes the trait through Box<dyn OnnxSession>. The ORT-backed implementation is the only impl in 3.x.
  • DecibriError::OnnxBackendFailed { backend: &'static str, source: Box<dyn std::error::Error + Send + Sync> } variant. Reserved on the #[non_exhaustive] enum. Additive; existing 8 ORT variants unchanged. is_ort_path_error continues to return false on the new variant.
  • DecibriError::ForkAfterOrtInit { init_pid: u32, current_pid: u32 } variant + runtime fork detection. Linux-only failure-mode hardening: a process that forks after a successful SileroVad::new previously inherited static ORT_INIT flagged as set while the underlying ORT runtime state (allocators, thread pools) was unsafe to reuse, producing silent wrong probabilities, segfaults, or hangs in the child. 3.4.0 stamps the initializing pid into a paired static ORT_INIT_PID: OnceLock<u32> inside the same init_ort_once success path; a pub(crate) fn check_pid_for_ort() runs at the entry of SileroVad::process() and returns Err(ForkAfterOrtInit { init_pid, current_pid }) on pid mismatch. The Display message embeds both pids and the two remediation options ("Use multiprocessing.set_start_method('spawn') or construct Microphone(vad='silero') inside each child process"). Single-check coverage at the outer entry point applies to every inference call without per-window overhead. macOS and Windows are unaffected by fork semantics. Additive on the #[non_exhaustive] DecibriError enum; mapped through to npm via the napi _ => catch-all (Status::GenericFailure carrying e.to_string()) and to Python via an explicit ForkAfterOrtInit(DecibriError) subclass in the wheel.

Internal

  • crates/decibri 3.x public API stays byte-identical (SileroVad, VadConfig, VadResult, DecibriError keep their 3.3.x signatures). npm binding, Python binding, browser shim are unchanged.
  • vad::init_ort_once visibility raised from private to pub(crate) so the onnx module's inline ORT-backed test can reuse the same process-global init path that vad tests use.
  • static ORT_INIT_PID: OnceLock<u32> paired with the existing ORT_INIT, set inside the OnceLock::get_or_init callback so the pid stamp is paired with the successful ORT init rather than a speculative pre-init value. pub(crate) fn check_pid_for_ort() exposes the comparison to inference call sites within the crate. Linux-only test_fork_safety.py tests in the Python wheel pin the behavior end-to-end (gated skipif sys.platform != "linux"); they run on CI's ubuntu-latest job and skip on other hosts.

[3.3.2] - 2026-04-26

Changed

  • crates/decibri/build.rs rewrite to use Cargo.toml as primary source. The previous build script (introduced in 3.3.1 to source the cpal version from a single point of truth) read the workspace Cargo.lock via a path traversal that worked in workspace builds but panicked in cargo publish verify because the published tarball is flat (decibri-X.Y.Z/Cargo.toml and decibri-X.Y.Z/Cargo.lock are siblings, not in workspace structure). The traversal landed at target/Cargo.lock (nonexistent) and aborted the build. 3.3.1's crates.io publish failed on this defect; 3.3.1 shipped to npm but not to crates.io. 3.3.2 fixes the build.rs to read CARGO_MANIFEST_DIR / Cargo.toml directly, with belt-and-suspenders fallbacks: env-var override (DECIBRI_CPAL_VERSION), workspace Cargo.toml fallback for { workspace = true } inherit form, hardcoded "0.17" constant fallback (with cargo:warning=) for unforeseen build contexts. Cargo.toml is unambiguously present in every build context because cargo guarantees CARGO_MANIFEST_DIR always points at the manifest's directory.
  • No functional change to user-visible API or error messages. All 5 message refinements from 3.3.1 (SampleRateOutOfRange, FramesPerBufferOutOfRange, AlreadyRunning, OrtInitFailed, OrtLoadFailed / OrtPathInvalid, PermissionDenied) are preserved unchanged.
  • decibri::CPAL_VERSION byte-identity preserved across all four cargo-emitted dep forms. Verified 2026-04-26 by walking through find_cpal_in_dependencies + truncate_to_major_minor against on-disk Cargo.toml content: Form 1 (cpal = "0.17" workspace.dependencies) -> "0.17"; Form 2 (cpal = { version = "0.17", optional = true } hypothetical inline-table) -> "0.17"; Form 3 (cpal = { workspace = true, optional = true } source crate) -> workspace fallback -> "0.17"; Form 4 ([dependencies.cpal] version = "0.17" published normalized) -> "0.17". All four forms produce identical output to the v3.3.1 build.rs's Cargo.lock-resolved truncation because the workspace pin is at major.minor granularity already (cpal = "0.17" in [workspace.dependencies]).
  • release-dryrun.yml extended to exercise cargo publish -p decibri --dry-run. The previous dryrun workflow ran the npm-side build matrix and verify_pack packaging gate but had no crates.io publish path coverage. The new step catches build.rs failures and any other publish-time issues that affect the Rust crate publish but not the npm packaging. Closes the procedural gap that allowed 3.3.1's defect to ship through CI green.

Migration notes

  • Direct Rust crate consumers of decibri: 3.3.1 was never published to crates.io. crates.io's decibri version history is 3.3.0 -> 3.3.2; 3.3.1 is skipped entirely on this registry. npm consumers see the standard 3.3.0 -> 3.3.1 -> 3.3.2 progression (3.3.1 shipped successfully on npm; only the cargo publish step in release.yml failed). The asymmetry is documented here for archaeological clarity.
  • All 3.3.1 message refinements (per [3.3.1] entry above) are preserved in 3.3.2. Consumer-side migration from 3.3.0 to 3.3.2 is the same as 3.3.0 to 3.3.1 from the user-visible API perspective.
  • No npm migration required for 3.3.1 -> 3.3.2. 3.3.2 publishes a new wheel set with the same user-visible behavior; bump-and-rebuild is sufficient.

[3.3.1] - 2026-04-25

Changed

  • Audience-neutral error message pass. Five DecibriError Display strings refined to remove cross-binding and platform-specific awkwardness. No variant identity, layout, or count change; no API-surface change. Strict patch release.
    • SampleRateOutOfRange: "sampleRate must be between 1000 and 384000" -> "sample rate must be between 1000 and 384000". The previous camelCase form was Node-API-targeting and matched no other field-name convention in the rest of the Rust crate (snake_case fields throughout, natural-language rustdoc voice).
    • FramesPerBufferOutOfRange: "framesPerBuffer must be between 64 and 65536" -> "frames per buffer must be between 64 and 65536". Same rationale.

... (truncated)

Commits
  • ed523d2 Merge pull request #57 from decibri/development
  • 999119f fix: ship the Node.js-specific README to npmjs.com (3.4.2)
  • 3b927e9 Merge pull request #56 from decibri/development
  • b38206a fix: release 3.4.1
  • c37eb60 Merge pull request #55 from decibri/development
  • 65df576 ci: add per-registry publish workflows alongside existing release workflow
  • 4cceb20 Merge pull request #54 from decibri/development
  • 5489b3c docs: revise package documentation and normalize changelog formatting
  • 55434f0 Merge pull request #50 from decibri/development
  • a2951bc docs(npm): disambiguate duplicate README heading and update example Usage com...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump decibri from 3.0.0 to 3.4.2
2296bb9 
Bumps [decibri](https://github.com/decibri/decibri) from 3.0.0 to 3.4.2.
- [Release notes](https://github.com/decibri/decibri/releases)
- [Changelog](https://github.com/decibri/decibri/blob/npm-v3.4.2/CHANGELOG.md)
- [Commits](decibri/decibri@v3.0.0...npm-v3.4.2)

---
updated-dependencies:
- dependency-name: decibri
  dependency-version: 3.4.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot mentioned this pull request May 24, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies rust

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants