chore(deps): bump the rust-minor-patch group with 6 updates

Bumps the rust-minor-patch group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [env_logger](https://github.com/rust-cli/env_logger) | `0.11.10` | `0.11.11` |
| [log](https://github.com/rust-lang/log) | `0.4.32` | `0.4.33` |
| [uuid](https://github.com/uuid-rs/uuid) | `1.23.3` | `1.23.4` |
| [anyhow](https://github.com/dtolnay/anyhow) | `1.0.102` | `1.0.103` |
| [napi](https://github.com/napi-rs/napi-rs) | `3.9.3` | `3.9.4` |
| [napi-derive](https://github.com/napi-rs/napi-rs) | `3.5.6` | `3.5.7` |


Updates `env_logger` from 0.11.10 to 0.11.11
- [Release notes](https://github.com/rust-cli/env_logger/releases)
- [Changelog](https://github.com/rust-cli/env_logger/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rust-cli/env_logger/compare/v0.11.10...v0.11.11)

Updates `log` from 0.4.32 to 0.4.33
- [Release notes](https://github.com/rust-lang/log/releases)
- [Changelog](https://github.com/rust-lang/log/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/log/compare/0.4.32...0.4.33)

Updates `uuid` from 1.23.3 to 1.23.4
- [Release notes](https://github.com/uuid-rs/uuid/releases)
- [Commits](https://github.com/uuid-rs/uuid/compare/v1.23.3...v1.23.4)

Updates `anyhow` from 1.0.102 to 1.0.103
- [Release notes](https://github.com/dtolnay/anyhow/releases)
- [Commits](https://github.com/dtolnay/anyhow/compare/1.0.102...1.0.103)

Updates `napi` from 3.9.3 to 3.9.4
- [Release notes](https://github.com/napi-rs/napi-rs/releases)
- [Commits](https://github.com/napi-rs/napi-rs/compare/napi-v3.9.3...napi-v3.9.4)

Updates `napi-derive` from 3.5.6 to 3.5.7
- [Release notes](https://github.com/napi-rs/napi-rs/releases)
- [Commits](https://github.com/napi-rs/napi-rs/compare/napi-derive-v3.5.6...napi-derive-v3.5.7)

---
updated-dependencies:
- dependency-name: env_logger
  dependency-version: 0.11.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: rust-minor-patch
- dependency-name: log
  dependency-version: 0.4.33
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: rust-minor-patch
- dependency-name: uuid
  dependency-version: 1.23.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: rust-minor-patch
- dependency-name: anyhow
  dependency-version: 1.0.103
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: rust-minor-patch
- dependency-name: napi
  dependency-version: 3.9.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: rust-minor-patch
- dependency-name: napi-derive
  dependency-version: 3.5.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: rust-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Cargo.lock

@@ -157,9 +157,9 @@ dependencies = [
 
 [[package]]
 name = "anyhow"
-version = "1.0.102"
+version = "1.0.103"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7f202df86484c868dbad7eaa557ef785d5c66295e41b460ef922eca0723b842c"
+checksum = "2a4385e2e34eb35d6b3efe798b9eb88096925d87726c0798709bf56d9ed84af3"
 
 [[package]]
 name = "approx"
@@ -3186,9 +3186,9 @@ dependencies = [
 
 [[package]]
 name = "env_filter"
-version = "1.0.1"
+version = "2.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "32e90c2accc4b07a8456ea0debdc2e7587bdd890680d71173a15d4ae604f6eef"
+checksum = "900d271a03799a1ee8d1ca9b19893b48ca674a9284fefcfb85f05e74ed314217"
 dependencies = [
  "log",
  "regex",
@@ -3196,9 +3196,9 @@ dependencies = [
 
 [[package]]
 name = "env_logger"
-version = "0.11.10"
+version = "0.11.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0621c04f2196ac3f488dd583365b9c09be011a4ab8b9f37248ffcc8f6198b56a"
+checksum = "de671bd27a75a797dc9ae289ba1e77276e75e2026408aab65185384e2d5cd3f6"
 dependencies = [
  "anstream",
  "anstyle",
@@ -5649,9 +5649,9 @@ dependencies = [
 
 [[package]]
 name = "log"
-version = "0.4.32"
+version = "0.4.33"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "953f07c43838f8e6f9758cab68bf5bed85465e7587ebe0b823f1bcd81978ad3a"
+checksum = "0ceec5bc11778974d1bcb055b18002eba7f4b3518b6a0081b3af5f21666da9ad"
 
 [[package]]
 name = "loom"
@@ -5959,9 +5959,9 @@ dependencies = [
 
 [[package]]
 name = "napi"
-version = "3.9.3"
+version = "3.9.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fbd9f9295f3ff5921e78a71222c3361a8216f7760b1a99a6ad4e8441de18bbb9"
+checksum = "b41bda2ac390efb5e8d22025d925ccc3f3807d8c1bea6d19b36127247c4b8f83"
 dependencies = [
  "bitflags 2.11.1",
  "chrono",
@@ -5984,9 +5984,9 @@ checksum = "c9c366d2c8c60b86fa632df75f745509b52f9128f91a6bad4c796e44abb505e1"
 
 [[package]]
 name = "napi-derive"
-version = "3.5.6"
+version = "3.5.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "89b3f766e04667e6da0e181e2da4f85475d5a6513b7cf6a80bea184e224a5b42"
+checksum = "61d66f70256ad5aef58659966064471d0ad90e2897bc36a5a5e0389c85aabc1e"
 dependencies = [
  "convert_case",
  "ctor 1.0.5",
@@ -5998,9 +5998,9 @@ dependencies = [
 
 [[package]]
 name = "napi-derive-backend"
-version = "5.0.4"
+version = "5.0.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0d5af30503edf933ce7377cf6d4c877a62b0f1107ea05585f1b5e430e88d5baf"
+checksum = "81b4b08f15eed7a2a20c3f4c6314013fc3ac890a3afa9892b594485299ebdb2d"
 dependencies = [
  "convert_case",
  "proc-macro2",
@@ -10128,9 +10128,9 @@ checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821"
 
 [[package]]
 name = "uuid"
-version = "1.23.3"
+version = "1.23.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "144d6b123cef80b301b8f72a9e2ca4370ddec21950d0a103dd22c437006d2db7"
+checksum = "bf80a72845275afea99e7f2b434723d3bc7e38470fcd1c7ed39a599c73319a53"
 dependencies = [
  "getrandom 0.4.2",
  "js-sys",

docs/src/js/enumerations/OAuthFlowType.md

@@ -1,29 +0,0 @@
-[**@lancedb/lancedb**](../README.md) • **Docs**
-
-***
-
-[@lancedb/lancedb](../globals.md) / OAuthFlowType
-
-# Enumeration: OAuthFlowType
-
-OAuth authentication flow types.
-
-## Enumeration Members
-
-### AzureManagedIdentity
-
-```ts
-AzureManagedIdentity: "azure_managed_identity";
-```
-
-Azure Managed Identity via IMDS.
-
-***
-
-### ClientCredentials
-
-```ts
-ClientCredentials: "client_credentials";
-```
-
-Client Credentials grant (service-to-service / M2M).

docs/src/js/globals.md

@@ -12,7 +12,6 @@
 ## Enumerations
 
 - [FullTextQueryType](enumerations/FullTextQueryType.md)
-- [OAuthFlowType](enumerations/OAuthFlowType.md)
 - [Occur](enumerations/Occur.md)
 - [Operator](enumerations/Operator.md)
 
@@ -86,8 +85,6 @@
 - [ListNamespacesResponse](interfaces/ListNamespacesResponse.md)
 - [LsmWriteSpec](interfaces/LsmWriteSpec.md)
 - [MergeResult](interfaces/MergeResult.md)
-- [NativeOAuthConfig](interfaces/NativeOAuthConfig.md)
-- [OAuthConfig](interfaces/OAuthConfig.md)
 - [OpenTableOptions](interfaces/OpenTableOptions.md)
 - [OptimizeOptions](interfaces/OptimizeOptions.md)
 - [OptimizeStats](interfaces/OptimizeStats.md)

docs/src/js/interfaces/ConnectionOptions.md

@@ -64,19 +64,6 @@ client used by manifest-enabled native connections.
 
 ***
 
-### oauthConfig?
-
-```ts
-optional oauthConfig: NativeOAuthConfig;
-```
-
-(For LanceDB cloud only): OAuth configuration for IdP-based
-authentication (e.g., Azure Entra ID). When set, token acquisition
-and refresh are handled entirely in Rust. TypeScript users should pass
-the public `OAuthConfig` type exported from `@lancedb/lancedb`.
-
-***
-
 ### readConsistencyInterval?
 
 ```ts

docs/src/js/interfaces/NativeOAuthConfig.md

@@ -1,88 +0,0 @@
-[**@lancedb/lancedb**](../README.md) • **Docs**
-
-***
-
-[@lancedb/lancedb](../globals.md) / NativeOAuthConfig
-
-# Interface: NativeOAuthConfig
-
-OAuth configuration for LanceDB authentication.
-
-This is the generated napi-rs binding shape. TypeScript users should prefer
-the public `OAuthConfig` type exported from `@lancedb/lancedb`.
-
-All token acquisition and refresh is handled in the Rust layer.
-
-## Properties
-
-### clientId
-
-```ts
-clientId: string;
-```
-
-Application / Client ID.
-
-***
-
-### clientSecret?
-
-```ts
-optional clientSecret: string;
-```
-
-Client secret (required for client_credentials).
-
-***
-
-### flow?
-
-```ts
-optional flow: string;
-```
-
-Authentication flow: "client_credentials" or "azure_managed_identity"
-
-***
-
-### issuerUrl
-
-```ts
-issuerUrl: string;
-```
-
-OIDC issuer URL or OAuth authority URL.
-For Azure: `https://login.microsoftonline.com/{tenant_id}/v2.0`
-
-***
-
-### managedIdentityClientId?
-
-```ts
-optional managedIdentityClientId: string;
-```
-
-Client ID for user-assigned managed identity (azure_managed_identity).
-
-***
-
-### refreshBufferSecs?
-
-```ts
-optional refreshBufferSecs: number;
-```
-
-Seconds before expiry to trigger proactive refresh (default: 300).
-Keep this well below the token TTL; if it is greater than or equal to
-the TTL, each request refreshes the token.
-
-***
-
-### scopes
-
-```ts
-scopes: string[];
-```
-
-OAuth scopes to request. For Azure managed identity, exactly one scope
-or resource is required. For example: `["api://{app_id}/.default"]`

docs/src/js/interfaces/OAuthConfig.md

@@ -1,111 +0,0 @@
-[**@lancedb/lancedb**](../README.md) • **Docs**
-
-***
-
-[@lancedb/lancedb](../globals.md) / OAuthConfig
-
-# Interface: OAuthConfig
-
-OAuth configuration for LanceDB authentication.
-
-This is the public TypeScript OAuth configuration type. The generated
-`NativeOAuthConfig` type has the same runtime shape but is an implementation
-detail of the napi-rs binding.
-
-All token acquisition and refresh is handled in the Rust layer.
-This config is passed through to Rust via napi-rs.
-
-## Examples
-
-```typescript
-const config: OAuthConfig = {
-  issuerUrl: "https://login.microsoftonline.com/{tenant}/v2.0",
-  clientId: "app-id",
-  clientSecret: "secret",
-  scopes: ["api://lancedb-api/.default"],
-};
-```
-
-```typescript
-const config: OAuthConfig = {
-  issuerUrl: "https://login.microsoftonline.com/{tenant}/v2.0",
-  clientId: "app-id",
-  scopes: ["api://lancedb-api/.default"],
-  flow: OAuthFlowType.AzureManagedIdentity,
-};
-```
-
-## Properties
-
-### clientId
-
-```ts
-clientId: string;
-```
-
-Application / Client ID.
-
-***
-
-### clientSecret?
-
-```ts
-optional clientSecret: string;
-```
-
-Client secret (required for ClientCredentials).
-
-***
-
-### flow?
-
-```ts
-optional flow: OAuthFlowType;
-```
-
-Authentication flow (default: ClientCredentials).
-
-***
-
-### issuerUrl
-
-```ts
-issuerUrl: string;
-```
-
-OIDC issuer URL or OAuth authority URL.
-For Azure: `https://login.microsoftonline.com/{tenant_id}/v2.0`
-
-***
-
-### managedIdentityClientId?
-
-```ts
-optional managedIdentityClientId: string;
-```
-
-Client ID for user-assigned managed identity (AzureManagedIdentity).
-
-***
-
-### refreshBufferSecs?
-
-```ts
-optional refreshBufferSecs: number;
-```
-
-Seconds before expiry to trigger proactive refresh (default: 300).
-Keep this well below the token TTL; if it is greater than or equal to
-the TTL, each request refreshes the token.
-
-***
-
-### scopes
-
-```ts
-scopes: string[];
-```
-
-OAuth scopes to request.
-For Azure managed identity, exactly one scope or resource is required.
-For example: `["api://{app_id}/.default"]`

nodejs/lancedb/index.ts

@@ -52,7 +52,6 @@ export {
   SplitHashOptions,
   SplitSequentialOptions,
   ShuffleOptions,
-  OAuthConfig as NativeOAuthConfig,
 } from "./native.js";
 
 export {
@@ -131,8 +130,6 @@ export {
   TokenResponse,
 } from "./header";
 
-export { OAuthConfig, OAuthFlowType } from "./oauth";
-
 export { MergeInsertBuilder, WriteExecutionOptions } from "./merge";
 
 export * as embedding from "./embedding";

nodejs/lancedb/oauth.ts

@@ -1,76 +0,0 @@
-// SPDX-License-Identifier: Apache-2.0
-// SPDX-FileCopyrightText: Copyright The LanceDB Authors
-
-/**
- * OAuth authentication flow types.
- */
-export enum OAuthFlowType {
-  /** Client Credentials grant (service-to-service / M2M). */
-  ClientCredentials = "client_credentials",
-  /** Azure Managed Identity via IMDS. */
-  AzureManagedIdentity = "azure_managed_identity",
-}
-
-/**
- * OAuth configuration for LanceDB authentication.
- *
- * This is the public TypeScript OAuth configuration type. The generated
- * `NativeOAuthConfig` type has the same runtime shape but is an implementation
- * detail of the napi-rs binding.
- *
- * All token acquisition and refresh is handled in the Rust layer.
- * This config is passed through to Rust via napi-rs.
- *
- * @example Client Credentials (service-to-service):
- * ```typescript
- * const config: OAuthConfig = {
- *   issuerUrl: "https://login.microsoftonline.com/{tenant}/v2.0",
- *   clientId: "app-id",
- *   clientSecret: "secret",
- *   scopes: ["api://lancedb-api/.default"],
- * };
- * ```
- *
- * @example Azure Managed Identity:
- * ```typescript
- * const config: OAuthConfig = {
- *   issuerUrl: "https://login.microsoftonline.com/{tenant}/v2.0",
- *   clientId: "app-id",
- *   scopes: ["api://lancedb-api/.default"],
- *   flow: OAuthFlowType.AzureManagedIdentity,
- * };
- * ```
- */
-export interface OAuthConfig {
-  /**
-   * OIDC issuer URL or OAuth authority URL.
-   * For Azure: `https://login.microsoftonline.com/{tenant_id}/v2.0`
-   */
-  issuerUrl: string;
-
-  /** Application / Client ID. */
-  clientId: string;
-
-  /**
-   * OAuth scopes to request.
-   * For Azure managed identity, exactly one scope or resource is required.
-   * For example: `["api://{app_id}/.default"]`
-   */
-  scopes: string[];
-
-  /** Authentication flow (default: ClientCredentials). */
-  flow?: OAuthFlowType;
-
-  /** Client secret (required for ClientCredentials). */
-  clientSecret?: string;
-
-  /** Client ID for user-assigned managed identity (AzureManagedIdentity). */
-  managedIdentityClientId?: string;
-
-  /**
-   * Seconds before expiry to trigger proactive refresh (default: 300).
-   * Keep this well below the token TTL; if it is greater than or equal to
-   * the TTL, each request refreshes the token.
-   */
-  refreshBufferSecs?: number;
-}

nodejs/src/connection.rs

@@ -112,12 +112,6 @@ impl Connection {
 
         builder = builder.client_config(rust_config);
 
-        if let Some(oauth_config) = options.oauth_config {
-            let config: lancedb::remote::oauth::OAuthConfig =
-                oauth_config.try_into().default_error()?;
-            builder = builder.oauth_config(config);
-        }
-
         if let Some(api_key) = options.api_key {
             builder = builder.api_key(&api_key);
         }

nodejs/src/lib.rs

@@ -65,11 +65,6 @@ pub struct ConnectionOptions {
     /// (For LanceDB cloud only): the host to use for LanceDB cloud. Used
     /// for testing purposes.
     pub host_override: Option<String>,
-    /// (For LanceDB cloud only): OAuth configuration for IdP-based
-    /// authentication (e.g., Azure Entra ID). When set, token acquisition
-    /// and refresh are handled entirely in Rust. TypeScript users should pass
-    /// the public `OAuthConfig` type exported from `@lancedb/lancedb`.
-    pub oauth_config: Option<remote::OAuthConfig>,
 }
 
 #[napi(object)]

nodejs/src/remote.rs

@@ -3,7 +3,6 @@
 
 use std::collections::HashMap;
 
-use lancedb::error::Error;
 use napi_derive::*;
 
 /// Timeout configuration for remote HTTP client.
@@ -141,84 +140,6 @@ impl From<TlsConfig> for lancedb::remote::TlsConfig {
     }
 }
 
-/// OAuth configuration for LanceDB authentication.
-///
-/// This is the generated napi-rs binding shape. TypeScript users should prefer
-/// the public `OAuthConfig` type exported from `@lancedb/lancedb`.
-///
-/// All token acquisition and refresh is handled in the Rust layer.
-#[napi(object)]
-#[derive(Clone)]
-pub struct OAuthConfig {
-    /// OIDC issuer URL or OAuth authority URL.
-    /// For Azure: `https://login.microsoftonline.com/{tenant_id}/v2.0`
-    pub issuer_url: String,
-    /// Application / Client ID.
-    pub client_id: String,
-    /// OAuth scopes to request. For Azure managed identity, exactly one scope
-    /// or resource is required. For example: `["api://{app_id}/.default"]`
-    pub scopes: Vec<String>,
-    /// Authentication flow: "client_credentials" or "azure_managed_identity"
-    pub flow: Option<String>,
-    /// Client secret (required for client_credentials).
-    pub client_secret: Option<String>,
-    /// Client ID for user-assigned managed identity (azure_managed_identity).
-    pub managed_identity_client_id: Option<String>,
-    /// Seconds before expiry to trigger proactive refresh (default: 300).
-    /// Keep this well below the token TTL; if it is greater than or equal to
-    /// the TTL, each request refreshes the token.
-    pub refresh_buffer_secs: Option<u32>,
-}
-
-impl std::fmt::Debug for OAuthConfig {
-    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        f.debug_struct("OAuthConfig")
-            .field("issuer_url", &self.issuer_url)
-            .field("client_id", &self.client_id)
-            .field("scopes", &self.scopes)
-            .field("flow", &self.flow)
-            .field(
-                "client_secret",
-                &self.client_secret.as_deref().map(|_| "<redacted>"),
-            )
-            .field(
-                "managed_identity_client_id",
-                &self.managed_identity_client_id,
-            )
-            .field("refresh_buffer_secs", &self.refresh_buffer_secs)
-            .finish()
-    }
-}
-
-impl TryFrom<OAuthConfig> for lancedb::remote::oauth::OAuthConfig {
-    type Error = Error;
-
-    fn try_from(config: OAuthConfig) -> Result<Self, Self::Error> {
-        use lancedb::remote::oauth::OAuthFlow;
-
-        let flow = match config.flow.as_deref().unwrap_or("client_credentials") {
-            "client_credentials" => OAuthFlow::ClientCredentials,
-            "azure_managed_identity" => OAuthFlow::AzureManagedIdentity {
-                client_id: config.managed_identity_client_id,
-            },
-            other => {
-                return Err(Error::InvalidInput {
-                    message: format!("Unknown OAuth flow type: {other}"),
-                });
-            }
-        };
-
-        Ok(Self {
-            issuer_url: config.issuer_url,
-            client_id: config.client_id,
-            client_secret: config.client_secret,
-            scopes: config.scopes,
-            flow,
-            refresh_buffer_secs: config.refresh_buffer_secs.map(|v| v as u64),
-        })
-    }
-}
-
 impl From<ClientConfig> for lancedb::remote::ClientConfig {
     fn from(config: ClientConfig) -> Self {
         Self {
@@ -235,45 +156,3 @@ impl From<ClientConfig> for lancedb::remote::ClientConfig {
         }
     }
 }
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-
-    #[test]
-    fn test_unknown_oauth_flow_returns_invalid_input() {
-        let config = OAuthConfig {
-            issuer_url: "https://issuer.example.com".to_string(),
-            client_id: "client-id".to_string(),
-            scopes: vec!["scope".to_string()],
-            flow: Some("typo".to_string()),
-            client_secret: None,
-            managed_identity_client_id: None,
-            refresh_buffer_secs: None,
-        };
-
-        let err = lancedb::remote::oauth::OAuthConfig::try_from(config).unwrap_err();
-        assert!(matches!(
-            err,
-            Error::InvalidInput { message }
-                if message == "Unknown OAuth flow type: typo"
-        ));
-    }
-
-    #[test]
-    fn test_oauth_config_debug_redacts_client_secret() {
-        let config = OAuthConfig {
-            issuer_url: "https://issuer.example.com".to_string(),
-            client_id: "client-id".to_string(),
-            scopes: vec!["scope".to_string()],
-            flow: Some("client_credentials".to_string()),
-            client_secret: Some("super-secret".to_string()),
-            managed_identity_client_id: None,
-            refresh_buffer_secs: None,
-        };
-
-        let debug = format!("{config:?}");
-        assert!(!debug.contains("super-secret"));
-        assert!(debug.contains("client_secret: Some(\"<redacted>\")"));
-    }
-}