chore: Bump jsonwebtoken crate to 10.0.0

[kumarUjjawal]

Pull Request

Bump jsonwebtoken crate to 10.0.0 to add the "aws_lc_rs" feature which will allow in reducing the double compilation.

Related issue

Fixes #715

What does this PR do?

PR checklist

Please check if your PR fulfills the following requirements:

• Does this PR fix an existing issue, or have you listed the changes applied in the PR description (and why they are needed)?
• Have you read the contributing guidelines?
• Have you made sure that the title is accurate and descriptive of the changes?

Thank you so much for contributing to Meilisearch!

Summary by CodeRabbit

• Chores

  • Upgraded the underlying token processing library to a new major release with non-blocking support and enhanced cryptography options, improving performance and security posture.

• Tests

  • Improved test build configuration for token-related structures to streamline test scenarios; no impact on runtime behavior.

[coderabbitai]

Walkthrough

Upgraded the jsonwebtoken dependency to 10.0.0 with aws_lc_rs feature enabled and default features disabled. Added a test-only Clone derive to TenantTokenClaim via cfg_attr without altering public APIs.

Changes

Cohort / File(s)	Summary
Dependency upgrade Cargo.toml	Bumped jsonwebtoken from 9.3.1 to 10.0.0; set default-features = false; added features = ["aws_lc_rs"].
Test-only derive adjustment src/tenant_tokens.rs	Applied #[cfg_attr(test, derive(Clone))] to TenantTokenClaim; no signature or public API changes.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

In burrows of code I twitch with delight,
A token now lighter, dependencies tight.
aws_lc_rs hums, a cryptic new tune,
Tests get a Clone—oh, how they swoon.
I thump-thump approve with whiskers bright—
Hop on, ship it, into the night! 🐇✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Out of Scope Changes Check	⚠️ Warning	In addition to the jsonwebtoken bump, the PR introduces a test‐only Clone derive on TenantTokenClaim which is unrelated to upgrading the dependency or enabling aws_lc_rs, making it an out‐of‐scope change with respect to issue #715.	Please remove the conditional Clone derive from this PR or move it into a separate change focused on test enhancements to keep the dependency bump scoped to its intended objectives.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title clearly indicates the primary change of bumping the jsonwebtoken crate to 10.0.0, matching the main update in Cargo.toml and aligns with the linked issue #715.
Linked Issues Check	✅ Passed	The PR updates Cargo.toml to upgrade jsonwebtoken to version 10.0.0 and configures the aws_lc_rs feature, directly fulfilling the objectives in issue #715 while no other mandatory changes were required.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5e84bdf and a3277e4.

📒 Files selected for processing (2)

• Cargo.toml (1 hunks)
• src/tenant_tokens.rs (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: integration-tests

🔇 Additional comments (2)

src/tenant_tokens.rs (1)

9-9: LGTM! Test-only Clone derive is safe.

The conditional Clone derive for test builds is a good practice that keeps the production binary lean while enabling test flexibility. Although no explicit clone operations on TenantTokenClaim are visible in the current tests, this change is harmless and may be needed for:

• Future test utilities or assertions
• Internal requirements of the upgraded jsonwebtoken 10.0.0 test helpers
• Test data setup or mocking scenarios

Since TenantTokenClaim is not exported and the derive is test-only, there's no public API impact.

Cargo.toml (1)

36-36: Migration to jsonwebtoken 10.0.0 is valid
Version 10.0.0 is available, aws_lc_rs is a valid crypto backend covering HMAC for from_secret, and disabling default-features (PEM support) does not affect your symmetric-key usage.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 85.96%. Comparing base (5e84bdf) to head (a3277e4).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #717      +/-   ##
==========================================
+ Coverage   85.90%   85.96%   +0.06%     
==========================================
  Files          19       19              
  Lines        6079     6079              
==========================================
+ Hits         5222     5226       +4     
+ Misses        857      853       -4     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[kumarUjjawal]

@curquiza Can you take a look at the changes, there are a couple more PRs waiting for the review. Thanks!

[curquiza]

bors merge

[meili-bors]

Build succeeded:

• integration-tests
• rust-format
• clippy-check
• readme-check
• wasm-build
• Yaml linting check