Bump the cargo group across 1 directory with 15 updates

[dependabot]

Bumps the cargo group with 14 updates in the / directory:

Package	From	To
anyhow	1.0.94	1.0.95
clap	4.5.23	4.5.26
colored	2.1.0	3.0.0
fast-glob	0.4.0	0.4.3
git2	0.19.0	0.20.0
reqwest	0.12.9	0.12.12
semver	1.0.23	1.0.24
serde	1.0.216	1.0.217
serde_json	1.0.133	1.0.135
tokio	1.42.0	1.43.0
which	7.0.0	7.0.1
tempfile	3.14.0	3.15.0
pyo3	0.23.3	0.23.4
napi-build	2.1.3	2.1.4

Updates anyhow from 1.0.94 to 1.0.95

Release notes

Sourced from anyhow's releases.

1.0.95

• Add Error::from_boxed (#401, #402)

Commits

• 48be1ca Release 1.0.95
• a03d6d6 Merge pull request #402 from dtolnay/fromboxed
• 52e4abb Add Error::from_boxed with documentation about bidirectional ?
• ffecefc Merge pull request #401 from dtolnay/construct
• 671f700 Add construct_ prefix to name of private construct functions
• See full diff in compare view

Updates clap from 4.5.23 to 4.5.26

Release notes

Sourced from clap's releases.

v4.5.26

[4.5.26] - 2025-01-09

Fixes

• (error) Reduce binary size with the suggestions feature

v4.5.25

[4.5.25] - 2025-01-09

Fixes

• (help) Reduce binary size

v4.5.24

[4.5.24] - 2025-01-07

Fixes

• (parser) Correctly handle defaults with ignore_errors(true) and when a suggestion is provided for an unknown argument

Changelog

Sourced from clap's changelog.

[4.5.26] - 2025-01-09

Fixes

• (error) Reduce binary size with the suggestions feature

[4.5.25] - 2025-01-09

Fixes

• (help) Reduce binary size

[4.5.24] - 2025-01-07

Fixes

• (parser) Correctly handle defaults with ignore_errors(true) and when a suggestion is provided for an unknown argument

Commits

• df1efca chore: Release
• d48bef6 docs: Update changelog
• 6b7aa3d Merge pull request #5628 from mart-mihkel/complete_hyphen
• 57b6cb8 refactor(complete): Simplify engine::complete
• fbec05e refactor(complete): Fix typo in hyhpen
• b7cfbdc feat(complete): Native support for hyphen values
• 1d97c29 test(complete): Test cases for allow_hyphen_values
• 64e3790 chore: Release
• 1cf50c7 docs: Update changelog
• 085143d Merge pull request #5722 from epage/sort
• Additional commits viewable in compare view

Updates colored from 2.1.0 to 3.0.0

Release notes

Sourced from colored's releases.

v3.0.0

• [BREAKING CHANGE]: Upgrade MSRV to 1.80 and remove the then unnecessary lazy_static dependency.

v2.2.0

No release notes provided.

Changelog

Sourced from colored's changelog.

3.0.0

• [BREAKING CHANGE]: Upgrade MSRV to 1.80 and remove the then unnecessary lazy_static dependency.

2.2.0

• Updated top-level docs to include a note about ColoredString's role in the Colorize pipeline as well as link to it to suggest learning more about how to manipulate existing ColoredString's.
• Changes to ColoredString:
  • Expose fields.
  • [DEPRECATION]: Deprecated methods fgcolor, bgcolor, and style due to their obsolescence in the face of the exposing of their represented fields.
  • Add methods for clearing specific elements of fgcolor, bgcolor, and style.
  • Change Default implementation to be via derive as Style now implements Default (see changes to Style below).
  • Add implementation of DerefMut.
  • Updated docs to reflect the above changes as well as generally greatly expand them.
• Changes to Style:
  • Implemented Default for Style (returns CLEAR). This exposes a method by which users can create plain Style's from scratch.
  • Implemented From<Styles> for Style. This lets users easily create Style's from specific styles.
  • Exposed previously private method add.
  • Created method remove which essentially does the opposite.
  • Added builder-style methods in the vein of Colorize to add stylings (e.g. bold, underline, italic, strikethrough).
  • Implemented bitwise operators BitAnd, BitOr, BitXor, and Not as well as their representative assignment operators. You can also use a Styles as an operand for these.
  • Implemented FromIterator<Styles> for Style.
• Changes to Styles:
  • Implemented bitwise operators BitAnd, BitOr, BitXor, and Not which all combine Styles's and output Style's. These can also take a Style as an operand.
• Added additional testing for all of the above changes.
• Added methods with_style and with_color_and_style to Colorize.

Commits

• 95b2de8 Remove unnecessary lazy_static dependency (#176)
• 037e091 Fix missing 2.2.0 release in changelog
• ef1484c 2.2.0 (#186)
• 1bb63e4 cargo: supported range for windows-sys (#184)
• a7e464f Add dependabot config (#178)
• 0ddacef Ignore blame for clippy fix
• 05b0f57 Differentiate between ansi_term style and colored style due to deprecation of...
• 981cfe4 Fix deprecation warnings
• 58a06a4 Apply some (pedantic) clippy lints
• e55e26c Update rspec (#177)
• Additional commits viewable in compare view

Updates fast-glob from 0.4.0 to 0.4.3

Commits

• See full diff in compare view

Updates git2 from 0.19.0 to 0.20.0

Changelog

Sourced from git2's changelog.

0.20.0 - 2025-01-04

0.19.0...0.20.0

Added

• Debug is now implemented for transport::Service #1074
• Added Repository::commondir #1079
• Added Repository::merge_base_octopus #1088
• Restored impls for PartialOrd, Ord, and Hash for bitflags types that were inadvertently removed in a prior release. #1096
• Added CheckoutBuilder::disable_pathspec_match #1107
• Added PackBuilder::write #1110

Changed

• ❗ Updated to libgit2 1.9.0 #1111
• ❗ Removed the ssh_key_from_memory Cargo feature, it was unused. #1087
• ❗ Errors from Tree::walk are now correctly reported to the caller. #1098
• ❗ The trace_set callback now takes a &[u8] instead of a &str. #1071
• ❗ Error::last_error now returns Error instead of Option<Error>. #1072

Fixed

• Fixed OdbReader::read return value. #1061
• When a credential helper executes a shell command, don't pop open a console window on Windows. #1075

Commits

• 14cdc15 Merge pull request #1115 from ehuss/lock-locked
• cbf9dd4 Merge pull request #1116 from ehuss/update-time
• e46a1f9 Check that Cargo.lock is not outdated in CI
• a4bd932 Update the time dev-dependency
• ca65651 Merge pull request #1113 from ehuss/cargo-lock
• e16a3f9 Merge pull request #1112 from ehuss/check-cfg
• f538a99 Add a Cargo.lock
• 8ce89e2 Squelch the warning about libgit2_vendored check-cfg
• 92d96ac Merge pull request #1072 from vcfxb/remove-error-unwraps
• 8977c0c Merge pull request #1071 from vcfxb/fix-tracing-ub
• Additional commits viewable in compare view

Updates reqwest from 0.12.9 to 0.12.12

Release notes

Sourced from reqwest's releases.

v0.12.11

What's Changed

• Fix decompression returning an error when HTTP/2 ends with an empty data frame by @​seanmonstar in seanmonstar/reqwest#2508

Full Changelog: seanmonstar/reqwest@v0.12.10...v0.12.11

v0.12.10

What's Changed

• Add ClientBuilder::connector_layer() to allow customizing the connector stack. by @​jlizen in seanmonstar/reqwest#2496
• Add ClientBuilder::http2_max_header_list_size() option by @​DSharifi in seanmonstar/reqwest#2465
• Fix decompression of chunked bodies so the connections can be reused more often by @​Andrey36652 in seanmonstar/reqwest#2484
• Fix propagating body size hint (content-length) information when wrapping bodies by @​seanmonstar in seanmonstar/reqwest#2503

New Contributors

• @​DSharifi made their first contribution in seanmonstar/reqwest#2465
• @​gretchenfrage made their first contribution in seanmonstar/reqwest#2464
• @​hsivonen made their first contribution in seanmonstar/reqwest#2470
• @​ovnicraft made their first contribution in seanmonstar/reqwest#2469
• @​Nuhvi made their first contribution in seanmonstar/reqwest#2473
• @​caojen made their first contribution in seanmonstar/reqwest#2488
• @​Andrey36652 made their first contribution in seanmonstar/reqwest#2484
• @​jlizen made their first contribution in seanmonstar/reqwest#2499

Thanks

• @​seanmonstar
• @​nyurik

Full Changelog: seanmonstar/reqwest@v0.12.9...v0.12.10

Changelog

Sourced from reqwest's changelog.

v0.12.12

• (wasm) Fix compilation by not compiler tokio/time on WASM.

v0.12.11

• Fix decompression returning an error when HTTP/2 ends with an empty data frame.

v0.12.10

• Add ClientBuilder::connector_layer() to allow customizing the connector stack.
• Add ClientBuilder::http2_max_header_list_size() option.
• Fix propagating body size hint (content-length) information when wrapping bodies.
• Fix decompression of chunked bodies so the connections can be reused more often.

Commits

• 8b8fdd2 v0.12.12
• 1ef8703 (wasm) fix: remove tower as dependency for wasm32-unknown-unknown (#2510)
• 224f0b8 v0.12.11
• beea332 fix decoding extra empty frame (#2508)
• 177cc7f cleanup: typo fix
• 409cff3 v0.12.10
• ea48da7 docs: fix a few spelling issues (#2478)
• 3ce98b5 fix: propagate Body::size_hint when wrapping bodies (#2503)
• 44ca5ee remove Clone from connect::Unnameable for now (#2502)
• 2a7c1b6 feat: allow pluggable tower layers in connector service stack (#2496)
• Additional commits viewable in compare view

Updates semver from 1.0.23 to 1.0.24

Release notes

Sourced from semver's releases.

1.0.24

• Optimize Ord impls for semver::Prerelease and semver::BuildMetadata (#328, thanks @​Eh2406)

Commits

• 6f4069d Release 1.0.24
• d03aba3 Touch up PR 328
• 238757d Merge pull request #328 from Eh2406/master
• 75856ef faster Ord when Eq
• 89504eb Prevent upload-artifact step from causing CI failure
• d1b17a9 Upload CI Cargo.lock for reproducing failures
• 4ea60ae Resolve doc_lazy_continuation clippy lint
• f96f9d8 Merge pull request #319 from dtolnay/docsrs
• fc5c98d Rely on docs.rs to define --cfg=docsrs by default
• See full diff in compare view

Updates serde from 1.0.216 to 1.0.217

Release notes

Sourced from serde's releases.

v1.0.217

• Support serializing externally tagged unit variant inside flattened field (#2786, thanks @​Mingun)

Commits

• 930401b Release 1.0.217
• cb6eaea Fix roundtrip inconsistency:
• b6f339c Resolve repr_packed_without_abi clippy lint in tests
• 2a5caea Merge pull request #2872 from dtolnay/ehpersonality
• b9f93f9 Add no-std CI on stable compiler
• eb5cd47 Drop #[lang = "eh_personality"] from no-std test
• 8478a3b Merge pull request #2871 from dtolnay/nostdstart
• dbb9091 Replace #[start] with extern fn main
• See full diff in compare view

Updates serde_json from 1.0.133 to 1.0.135

Release notes

Sourced from serde_json's releases.

v1.0.135

• Add serde_json::Map::into_values method (#1226, thanks @​tisonkun)

v1.0.134

• Add RawValue associated constants for literal null, true, false (#1221, thanks @​bheylin)

Commits

• 9802c08 Release 1.0.135
• b97935f Merge pull request #1226 from tisonkun/map-into-values
• d48c224 Add Map::into_values method
• 1e77cac Resolve precedence clippy lint
• b2a1415 Release 1.0.134
• 9875785 Tweak wording of NULL/TRUE/FALSE documentation
• 4aa05b9 Merge pull request #1222 from dtolnay/rawvalueassoc
• f42c7c7 Move RawValue associated constants into same impl block as public functions
• 96576ba Merge pull request #1221 from bheylin/add-const-raw-values-for-null-and-bools
• 4db66fb Add 'static lifetime to const's
• Additional commits viewable in compare view

Updates tokio from 1.42.0 to 1.43.0

Release notes

Sourced from tokio's releases.

Tokio v1.43.0

1.43.0 (Jan 8th, 2025)

Added

• net: add UdpSocket::peek methods (#7068)
• net: add support for Haiku OS (#7042)
• process: add Command::into_std() (#7014)
• signal: add SignalKind::info on illumos (#6995)
• signal: add support for realtime signals on illumos (#7029)

Fixed

• io: don't call set_len before initializing vector in Blocking (#7054)
• macros: suppress clippy::needless_return in #[tokio::main] (#6874)
• runtime: fix thread parking on WebAssembly (#7041)

Changes

• chore: use unsync loads for unsync_load (#7073)
• io: use Buf::put_bytes in Repeat read impl (#7055)
• task: drop the join waker of a task eagerly (#6986)

Changes to unstable APIs

• metrics: improve flexibility of H2Histogram Configuration (#6963)
• taskdump: add accessor methods for backtrace (#6975)

Documented

• io: clarify ReadBuf::uninit allows initialized buffers as well (#7053)
• net: fix ambiguity in TcpStream::try_write_vectored docs (#7067)
• runtime: fix LocalRuntime doc links (#7074)
• sync: extend documentation for watch::Receiver::wait_for (#7038)
• sync: fix typos in OnceCell docs (#7047)

#6874: tokio-rs/tokio#6874 #6963: tokio-rs/tokio#6963 #6975: tokio-rs/tokio#6975 #6986: tokio-rs/tokio#6986 #6995: tokio-rs/tokio#6995 #7014: tokio-rs/tokio#7014 #7029: tokio-rs/tokio#7029 #7038: tokio-rs/tokio#7038 #7041: tokio-rs/tokio#7041 #7042: tokio-rs/tokio#7042 #7047: tokio-rs/tokio#7047 #7053: tokio-rs/tokio#7053 #7054: tokio-rs/tokio#7054 #7055: tokio-rs/tokio#7055

... (truncated)

Commits

• 5f3296d chore: prepare Tokio v1.43.0 (#7079)
• cc974a6 chore: prepare tokio-macros v2.5.0 (#7078)
• 15495fd metrics: improve flexibility of H2Histogram Configuration (#6963)
• ad41834 io: don't call set_len before initializing vector in Blocking (#7054)
• bd3e857 runtime: move is_join_waker_set assertion in unset_waker (#7072)
• 15f7366 runtime: fix LocalRuntime doc links (#7074)
• fd2048d ci: split miri jobs into unit and integration tests (#7071)
• e8f3915 chore: use unsync loads for unsync_load (#7073)
• 67f1277 net: fix ambiguity in TcpStream::try_write_vectored docs (#7067)
• 463502c io: clarify ReadBuf::uninit allows initialized buffers as well (#7053)
• Additional commits viewable in compare view

Updates tokio-macros from 2.4.0 to 2.5.0

Commits

• cc974a6 chore: prepare tokio-macros v2.5.0 (#7078)
• 15495fd metrics: improve flexibility of H2Histogram Configuration (#6963)
• ad41834 io: don't call set_len before initializing vector in Blocking (#7054)
• bd3e857 runtime: move is_join_waker_set assertion in unset_waker (#7072)
• 15f7366 runtime: fix LocalRuntime doc links (#7074)
• fd2048d ci: split miri jobs into unit and integration tests (#7071)
• e8f3915 chore: use unsync loads for unsync_load (#7073)
• 67f1277 net: fix ambiguity in TcpStream::try_write_vectored docs (#7067)
• 463502c io: clarify ReadBuf::uninit allows initialized buffers as well (#7053)
• a1520f5 runtime: fix thread parking on WebAssembly (#7041)
• Additional commits viewable in compare view

Updates which from 7.0.0 to 7.0.1

Release notes

Sourced from which's releases.

7.0.1

What's Changed

• Switch to env_home crate by @​micolous in harryfei/which-rs#105
• fixes #106, bump patch version by @​Xaeroxe in harryfei/which-rs#107

New Contributors

• @​micolous made their first contribution in harryfei/which-rs#105

Full Changelog: harryfei/which-rs@7.0.0...7.0.1

Changelog

Sourced from which's changelog.

7.0.1

• Get user home directory from env_home instead of home. Thanks @​micolous for this contribution!
• If home directory is unavailable, do not expand the tilde to an empty string. Leave it as is.

Commits

• 68acf2c Fix changelog to link to GitHub profile
• b6754b2 Update CHANGELOG.md
• 0c63719 fixes #106, bump patch version
• 36cb494 Switch to env_home crate. Fixes #104
• See full diff in compare view

Updates tempfile from 3.14.0 to 3.15.0

Changelog

Sourced from tempfile's changelog.

3.15.0

Re-seed the per-thread RNG from system randomness when we repeatedly fail to create temporary files (#314). This resolves a potential DoS vector (#178) while avoiding getrandom in the common case where it's necessary. The feature is optional but enabled by default via the getrandom feature.

For libc-free builds, you'll either need to disable this feature or opt-in to a different getrandom backend.

Commits

• e7a40e3 Release v3.15.0
• ea45f47 feat: re-seed from system randomness on collision (#314)
• 16209da Fix link to ticket in changelog (#310)
• ae22b27 docs: add owasp link on insecure temporary files (#309)
• See full diff in compare view

Updates pyo3 from 0.23.3 to 0.23.4

Release notes

Sourced from pyo3's releases.

PyO3 0.23.4

This release contains a range of fixes on top of PyO3 0.23.3, primarily grouped into the following categories:

• Fixes for the new support for free-threaded Python 3.13
• Fixes to conversions between Python and chrono datetimes
• Fixes to various build configuration cases for Windows
• Fixes to edge cases in PyO3's macros leading to compile failures

Thank you to the following contributors for the improvements:

@​alex @​bschoenmaeckers @​davidhewitt @​Icxolu @​kahojyun @​LilyFoote @​mejrs @​messense @​msimacek @​ngoldbaum @​Owen-CH-Leung @​Tpt

Changelog

Sourced from pyo3's changelog.

[0.23.4] - 2025-01-10

Added

• Add PyList::locked_for_each, which uses a critical section to lock the list on the free-threaded build. #4789
• Add pyo3_build_config::add_python_framework_link_args build script API to set rpath when using macOS system Python. #4833

Changed

• Use datetime.fold to distinguish ambiguous datetimes when converting to and from chrono::DateTime<Tz> (rather than erroring). #4791
• Optimize PyList iteration on the free-threaded build. #4789

Fixed

• Fix unnecessary internal py.allow_threads GIL-switch when attempting to access contents of a PyErr which originated from Python (could lead to unintended deadlocks). #4766
• Fix thread-unsafe access of dict internals in BoundDictIterator on the free-threaded build. #4788

• Fix unnecessary critical sections in BoundDictIterator on the free-threaded build. #4788

• Fix time-of-check to time-of-use issues with list iteration on the free-threaded build. #4789
• Fix chrono::DateTime<Tz> to-Python conversion when Tz is chrono_tz::Tz. #4790
• Fix #[pyclass] not being able to be named Probe. #4794
• Fix not treating cross-compilation from x64 to aarch64 on Windows as a cross-compile. #4800
• Fix missing struct fields on GraalPy when subclassing builtin classes. #4802
• Fix generating import lib for PyPy when abi3 feature is enabled. #4806
• Fix generating import lib for python3.13t when abi3 feature is enabled. #4808
• Fix compile failure for raw identifiers like r#box in derive(FromPyObject). #4814
• Fix compile failure for #[pyclass] enum variants with more than 12 fields. #4832

Commits

• f2a8460 release: 0.23.4
• 0c10e34 ci: updates for Rust 1.84 (#4846)
• 9ee55a3 Implement locked iteration for PyList (#4789)
• 4b04bb3 Allow useless conversion (#4838)
• bcdbc93 Fix PyDict issues on free-threaded build (#4788)
• 8aa6825 Add an API to set rpath when using macOS system Python (#4833)
• e19d048 ci: add more tests for cross-compilation (#4773)
• 325218f docs: Expand docs on when and why allow_threads is necessary (#4767)
• 869a25b fix error with complex enums with many fields (#4832)
• f2915f5 fix: cross-compilation compatibility checks for Windows (#4800)
• Additional commits viewable in compare view

Updates napi-build from 2.1.3 to 2.1.4

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 97.84%. Comparing base (b883ba6) to head (18f682c).
Report is 16 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main      #95   +/-   ##
=======================================
  Coverage   97.84%   97.84%           
=======================================
  Files          14       14           
  Lines        3474     3474           
=======================================
  Hits         3399     3399           
  Misses         75       75           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[codspeed-hq]

CodSpeed Performance Report

Merging #95 will not alter performance

_{Comparing dependabot/cargo/cargo-2785c6f73d (18f682c) with main (b883ba6)}

Summary

✅ 1 untouched benchmarks

[2bndy5]

I also ran cargo update to resolve https://github.com/cpp-linter/cpp-linter-rs/security/dependabot/6

[2bndy5]

This also resolves https://github.com/cpp-linter/cpp-linter-rs/security/dependabot/4. Although, we aren't creating a server in production (only in dev tests to mock REST API calls).

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.