Thanks to visit codestin.com
Credit goes to github.com

Skip to content
This repository was archived by the owner on Jan 6, 2026. It is now read-only.

build(deps): Bump the rust-dependencies group with 6 updates #367

Merged
shenanigansd merged 1 commit into from
Sep 3, 2025
Merged

build(deps): Bump the rust-dependencies group with 6 updates #367

shenanigansd merged 1 commit into from
Sep 3, 2025

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 1, 2025

Bumps the rust-dependencies group with 6 updates:

Package From To
clap 4.5.42 4.5.46
clap_complete 4.5.55 4.5.57
serde_json 1.0.142 1.0.143
reqwest 0.12.22 0.12.23
tracing-subscriber 0.3.19 0.3.20
pyo3 0.25.1 0.26.0

Updates clap from 4.5.42 to 4.5.46

Release notes

Sourced from clap's releases.

v4.5.46

[4.5.46] - 2025-08-26

Features

  • Expose StyledStr::push_str

v4.5.45

[4.5.45] - 2025-08-12

Fixes

  • (unstable-v5) ValueEnum variants now use the full doc comment, not summary, for PossibleValue::help

v4.5.44

[4.5.44] - 2025-08-11

Features

  • Add Command::mut_subcommands

v4.5.43

[4.5.43] - 2025-08-06

Fixes

  • (help) In long help, list Possible Values before defaults, rather than after, for a more consistent look
Changelog

Sourced from clap's changelog.

[4.5.46] - 2025-08-26

Features

  • Expose StyledStr::push_str

[4.5.45] - 2025-08-12

Fixes

  • (unstable-v5) ValueEnum variants now use the full doc comment, not summary, for PossibleValue::help

[4.5.44] - 2025-08-11

Features

  • Add Command::mut_subcommands

[4.5.43] - 2025-08-06

Fixes

  • (help) In long help, list Possible Values before defaults, rather than after, for a more consistent look
Commits
  • acf9abb chore: Release
  • 9186a18 docs: Update changelog
  • 233c316 Merge pull request #5926 from sorairolake/feature/value-parser-factory-for-sa...
  • 13931a2 Merge pull request #5923 from Reverier-Xu/master
  • 536e29f feat(builder): Add ValueParserFactory for Saturating\<T>
  • 45ed71c chore: Avoid using gen for rust 2024 preserved keyword
  • 5029bb3 chore: Avoid using gen for rust 2024 preserved keyword
  • 8a1d59b chore(deps): Update Rust Stable to v1.85 (#5921)
  • 9caee53 docs(changelog): Clarify 5.0.0
  • cb2352f Merge pull request #5918 from epage/test
  • Additional commits viewable in compare view

Updates clap_complete from 4.5.55 to 4.5.57

Commits
  • 69c0ddb chore: Release
  • 8206bba docs: Update changelog
  • c109d67 Merge pull request #6104 from epage/hide
  • 9d7f212 fix(complete): Hide dot files on dynamic completer
  • 77b3fdb test(complete): Show dot file behavior
  • f89b9b8 test(derive): Make stable across upgrade
  • 58eb8a9 chore: Release
  • 10a2a75 docs: Update changelog
  • a42eebf Merge pull request #6103 from epage/mut_subcommands
  • 5335f54 feat: Add Command::mut_subcommands
  • Additional commits viewable in compare view

Updates serde_json from 1.0.142 to 1.0.143

Release notes

Sourced from serde_json's releases.

v1.0.143

Commits
  • 10102c4 Release 1.0.143
  • 2a5b853 Replace super::super with absolute path within crate
  • 447170b Merge pull request 1271 from mickvangelderen/mick/impl-from-str-for-map
  • ec190d6 Merge pull request #1264 from xlambein/master
  • 8be6647 Merge pull request #1268 from SOF3/compact-default
  • ba5b3cc Revert "Pin nightly toolchain used for miri job"
  • fd35a02 Implement FromStr for Map<String, Value>
  • bea0fe6 Implement Default for CompactFormatter
  • 0c0e9f6 Add Clone and Debug impls to map iterators
  • See full diff in compare view

Updates reqwest from 0.12.22 to 0.12.23

Release notes

Sourced from reqwest's releases.

v0.12.23

tl;dr

  • 🇺🇩🇸 Add ClientBuilder::unix_socket(path) option that will force all requests over that Unix Domain Socket.
  • 🔁 Add ClientBuilder::retries(policy) and reqwest::retry::Builder to configure automatic retries.
  • Add ClientBuilder::dns_resolver2() with more ergonomic argument bounds, allowing more resolver implementations.
  • Add http3_* options to blocking::ClientBuilder.
  • Fix default TCP timeout values to enabled and faster.
  • Fix SOCKS proxies to default to port 1080
  • (wasm) Add cache methods to RequestBuilder.

What's Changed

New Contributors

Full Changelog: seanmonstar/reqwest@v0.12.22...v0.12.23

Changelog

Sourced from reqwest's changelog.

v0.12.23

  • Add ClientBuilder::unix_socket(path) option that will force all requests over that Unix Domain Socket.
  • Add ClientBuilder::retry(policy) and reqwest::retry::Builder to configure automatic retries.
  • Add ClientBuilder::dns_resolver2() with more ergonomic argument bounds, allowing more resolver implementations.
  • Add http3_* options to blocking::ClientBuilder.
  • Fix default TCP timeout values to enabled and faster.
  • Fix SOCKS proxies to default to port 1080
  • (wasm) Add cache methods to RequestBuilder.
Commits
  • ae7375b v0.12.23
  • 9aacdc1 feat: add dns_resolver2 that is more ergonomic and flexible (#2793)
  • 221be11 refactor: loosen retry for_host parameter bounds (#2792)
  • acd1b05 feat: add reqwest::retry policies (#2763)
  • 54b6022 feat: add ClientBuilder::unix_socket() option (#2624)
  • 6358cef fix: add default tcp keepalive and user_timeout values (#2780)
  • 21226a5 style(client): use std::task::ready! macro to simplify Poll branch matching...
  • 82086e7 feat: add request cache options for wasm (#2775)
  • 2a0f7a3 ci: use msrv-aware cargo in msrv job (#2779)
  • f186803 fix(proxy): restore default port 1080 for SOCKS proxies without explicit port...
  • Additional commits viewable in compare view

Updates tracing-subscriber from 0.3.19 to 0.3.20

Release notes

Sourced from tracing-subscriber's releases.

tracing-subscriber 0.3.20

Security Fix: ANSI Escape Sequence Injection (CVE-TBD)

Impact

Previous versions of tracing-subscriber were vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into terminal output when logged, potentially allowing attackers to:

  • Manipulate terminal title bars
  • Clear screens or modify terminal display
  • Potentially mislead users through terminal manipulation

In isolation, impact is minimal, however security issues have been found in terminal emulators that enabled an attacker to use ANSI escape sequences via logs to exploit vulnerabilities in the terminal emulator.

Solution

Version 0.3.20 fixes this vulnerability by escaping ANSI control characters in when writing events to destinations that may be printed to the terminal.

Affected Versions

All versions of tracing-subscriber prior to 0.3.20 are affected by this vulnerability.

Recommendations

Immediate Action Required: We recommend upgrading to tracing-subscriber 0.3.20 immediately, especially if your application:

  • Logs user-provided input (form data, HTTP headers, query parameters, etc.)
  • Runs in environments where terminal output is displayed to users

Migration

This is a patch release with no breaking API changes. Simply update your Cargo.toml:

[dependencies]
tracing-subscriber = "0.3.20"

Acknowledgments

We would like to thank zefr0x who responsibly reported the issue at [email protected].

If you believe you have found a security vulnerability in any tokio-rs project, please email us at [email protected].

Commits

Updates pyo3 from 0.25.1 to 0.26.0

Release notes

Sourced from pyo3's releases.

PyO3 0.26.0

This version solidifies support for Python 3.14 and free-threaded Python 3.14t. A number of PyO3 APIs have been renamed to reflect the fact the GIL is no longer a universal feature of all Python implementations. For example:

  • Python::with_gil is now known as Python::attach
  • Python::allow_threads is now known as Python::detach
  • pyo3::prepare_freethreaded_python is now known as Python::initialize()

The minimum supported Rust version has been increased to Rust 1.74.

An optional dependency on the bytes crate has been added to allow support for converting bytes::Bytes to / from Python.

The PyObject type alias for Py<PyAny> has also been deprecated; the Py and Bound smart pointers have been the primary interface for all Python-facing types since PyO3 0.21 and the PyObject type alias had been a frequent source of confusion.

There are also many other incremental improvements, bug fixes and smaller features.

Please consult the migration guide for help upgrading.

Thank you to everyone who contributed code, documentation, design ideas, bug reports, and feedback. The following contributors' commits are included in this release:

@​ahlinc @​alex @​anilbey @​bschoenmaeckers @​Cheukting @​codeguru42 @​davidhewitt @​decathorpe @​dependabot[bot] @​drewkett @​FlickerSoul @​Icxolu @​jder @​jessekrubin @​jjmarchewitz @​kemingy @​msimacek @​musicinmybrain @​ngoldbaum @​Nnamdi-sys @​nucccc @​olp-cs @​robsdedude @​rrricharrrd @​sxlijin @​timfel @​tonybaloney @​Tpt @​wxianxin @​xushiyan @​yogevm15

Changelog

Sourced from pyo3's changelog.

[0.26.0] - 2025-08-29

Packaging

  • Bump hashbrown dependency to 0.15. #5152
  • Update MSRV to 1.74. #5171
  • Set the same maximum supported version for alternative interpreters as for CPython. #5192
  • Add optional bytes dependency to add conversions for bytes::Bytes. #5252
  • Publish new crate pyo3-introspection to pair with the experimental-inspect feature. #5300
  • The PYO3_BUILD_EXTENSION_MODULE now causes the same effect as the extension-module feature. Eventually we expect maturin and setuptools-rust to set this environment variable automatically. Users with their own build systems will need to do the same. #5343

Added

  • Add #[pyo3(warn(message = "...", category = ...))] attribute for automatic warnings generation for #[pyfunction] and #[pymethods]. #4364
  • Add PyMutex, available on Python 3.13 and newer. #4523
  • Add FFI definition PyMutex_IsLocked, available on Python 3.14 and newer. #4523
  • Add PyString::from_encoded_object. #5017
  • experimental-inspect: add basic input type annotations. #5089
  • Add FFI function definitions for PyFrameObject from CPython 3.13. #5154
  • experimental-inspect: tag modules created using #[pymodule] or #[pymodule_init] functions as incomplete. #5207
  • experimental-inspect: add basic return type support. #5208
  • Add PyCode::compile and PyCodeMethods::run to create and execute code objects. #5217
  • Add PyOnceLock type for thread-safe single-initialization. #5223
  • Add PyClassGuard(Mut) pyclass holders. In the future they will replace PyRef(Mut). #5233
  • experimental-inspect: allow annotations in #[pyo3(signature)] signature attribute. #5241
  • Implement MutexExt for parking_lot's/lock_api ReentrantMutex. #5258
  • experimental-inspect: support class associated constants. #5272
  • Add Bound::cast family of functions superseding the PyAnyMethods::downcast family. #5289
  • Add FFI definitions Py_Version and Py_IsFinalizing. #5317
  • experimental-inspect: add output type annotation for #[pyclass]. #5320
  • experimental-inspect: support #[pyclass(eq, eq_int, ord, hash, str)]. #5338
  • experimental-inspect: add basic support for #[derive(FromPyObject)] (no struct fields support yet). #5339
  • Add Python::try_attach. #5342

Changed

  • Use Py_TPFLAGS_DISALLOW_INSTANTIATION instead of a __new__ which always fails for a #[pyclass] without a #[new] on Python 3.10 and up. #4568
  • PyModule::from_code now defaults file_name to <string> if empty. #4777
  • Deprecate PyString::from_object in favour of PyString::from_encoded_object. #5017
  • When building with abi3 for a Python version newer than pyo3 supports, automatically fall back to an abi3 build for the latest supported version. #5144
  • Change is_instance_of trait bound from PyTypeInfo to PyTypeCheck. #5146
  • Many PyO3 proc macros now report multiple errors instead of only the first one. #5159
  • Change MutexExt return type to be an associated type. #5201
  • Use PyCallArgs for Py::call and friends so they're equivalent to their Bound counterpart. #5206
  • Rename Python::with_gil to Python::attach. #5209
  • Rename Python::allow_threads to Python::detach #5221
  • Deprecate GILOnceCell type in favour of PyOnceLock. #5223
  • Rename pyo3::prepare_freethreaded_python to Python::initialize. #5247
  • Convert PyMemoryError into/from io::ErrorKind::OutOfMemory. #5256
  • Deprecate GILProtected. #5285

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): Bump the rust-dependencies group with 6 updates
ed6d111 
Bumps the rust-dependencies group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [clap](https://github.com/clap-rs/clap) | `4.5.42` | `4.5.46` |
| [clap_complete](https://github.com/clap-rs/clap) | `4.5.55` | `4.5.57` |
| [serde_json](https://github.com/serde-rs/json) | `1.0.142` | `1.0.143` |
| [reqwest](https://github.com/seanmonstar/reqwest) | `0.12.22` | `0.12.23` |
| [tracing-subscriber](https://github.com/tokio-rs/tracing) | `0.3.19` | `0.3.20` |
| [pyo3](https://github.com/pyo3/pyo3) | `0.25.1` | `0.26.0` |


Updates `clap` from 4.5.42 to 4.5.46
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](clap-rs/clap@clap_complete-v4.5.42...clap_complete-v4.5.46)

Updates `clap_complete` from 4.5.55 to 4.5.57
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](clap-rs/clap@clap_complete-v4.5.55...clap_complete-v4.5.57)

Updates `serde_json` from 1.0.142 to 1.0.143
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](serde-rs/json@v1.0.142...v1.0.143)

Updates `reqwest` from 0.12.22 to 0.12.23
- [Release notes](https://github.com/seanmonstar/reqwest/releases)
- [Changelog](https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md)
- [Commits](seanmonstar/reqwest@v0.12.22...v0.12.23)

Updates `tracing-subscriber` from 0.3.19 to 0.3.20
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](tokio-rs/tracing@tracing-subscriber-0.3.19...tracing-subscriber-0.3.20)

Updates `pyo3` from 0.25.1 to 0.26.0
- [Release notes](https://github.com/pyo3/pyo3/releases)
- [Changelog](https://github.com/PyO3/pyo3/blob/main/CHANGELOG.md)
- [Commits](PyO3/pyo3@v0.25.1...v0.26.0)

---
updated-dependencies:
- dependency-name: clap
  dependency-version: 4.5.46
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: rust-dependencies
- dependency-name: clap_complete
  dependency-version: 4.5.57
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: rust-dependencies
- dependency-name: serde_json
  dependency-version: 1.0.143
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: rust-dependencies
- dependency-name: reqwest
  dependency-version: 0.12.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: rust-dependencies
- dependency-name: tracing-subscriber
  dependency-version: 0.3.20
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: rust-dependencies
- dependency-name: pyo3
  dependency-version: 0.26.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: rust-dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file rust Pull requests that update Rust code labels Sep 1, 2025
@shenanigansd shenanigansd merged commit ea2c0f4 into main Sep 3, 2025
6 of 7 checks passed
@shenanigansd shenanigansd deleted the dependabot/cargo/rust-dependencies-9cd0aebe48 branch September 3, 2025 13:49
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update Rust code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@shenanigansd