Bump the cargo group with 65 updates

[dependabot]

Bumps the cargo group with 65 updates:

Package	From	To
anyhow	1.0.99	1.0.100
clap	4.5.46	4.5.48
clap_complete	4.5.57	4.5.58
tracing-forest	0.1.6	0.2.0
serde_derive	1.0.219	1.0.228
thiserror	2.0.16	2.0.17
serde	1.0.219	1.0.228
memchr	2.7.5	2.7.6
bitflags	2.9.3	2.9.4
libc	0.2.175	0.2.176
tempfile	3.21.0	3.23.0
bytesize	2.0.1	2.1.0
rustix	1.0.8	1.1.2
quote	1.0.40	1.0.41
trybuild	1.0.110	1.0.111
expectrl	0.7.1	0.8.0
windows-sys	0.60.2	0.61.1
windows	0.61.3	0.62.1
regex	1.11.2	1.11.3
insta	1.43.1	1.43.2
async-io	2.5.0	2.6.0
fs-err	3.1.1	3.1.2
sysinfo	0.37.0	0.37.1
serde_json	1.0.143	1.0.145
zip	4.6.0	5.1.1
anstyle	1.0.11	1.0.13
aws-lc-rs	1.13.3	1.14.1
aws-lc-sys	0.30.0	0.32.2
backtrace	0.3.75	0.3.76
bindgen	0.69.5	0.72.1
cc	1.2.35	1.2.39
clap_builder	4.5.46	4.5.48
clap_derive	4.5.45	4.5.47
errno	0.3.13	0.3.14
find-msvc-tools	0.1.0	0.1.2
gimli	0.31.1	0.32.3
hyper-util	0.1.16	0.1.17
indexmap	2.11.0	2.11.4
libredox	0.1.9	0.1.10
linux-raw-sys	0.4.15	0.11.0
log	0.4.27	0.4.28
object	0.36.7	0.37.3
polling	3.10.0	3.11.0
ptyprocess	0.4.1	0.5.0
regex-automata	0.4.10	0.4.11
rustc-hash	1.1.0	2.1.1
rustls	0.23.31	0.23.32
rustls-webpki	0.103.4	0.103.6
schannel	0.1.27	0.1.28
security-framework-sys	2.14.0	2.15.0
serde_spanned	1.0.0	1.0.2
tokio-rustls	0.26.2	0.26.4
toml	0.9.5	0.9.7
toml_datetime	0.7.0	0.7.2
toml_parser	1.0.2	1.0.3
toml_writer	1.0.2	1.0.3
unicode-ident	1.0.18	1.0.19
winapi-util	0.1.10	0.1.11
windows-implement	0.60.0	0.60.1
windows-interface	0.59.1	0.59.2
wit-bindgen	0.45.0	0.45.1
xattr	1.5.1	1.6.1
zerocopy	0.8.26	0.8.27
zerocopy-derive	0.8.26	0.8.27
zeroize	1.8.1	1.8.2

Updates anyhow from 1.0.99 to 1.0.100

Release notes

Sourced from anyhow's releases.

1.0.100

• Teach clippy to lint formatting arguments in bail!, ensure!, anyhow! (#426)

Commits

• 18c2598 Release 1.0.100
• f271988 Merge pull request #426 from dtolnay/clippyfmt
• 52f2115 Mark macros with clippy::format_args
• da5fd9d Raise minimum tested compiler to rust 1.76
• 211e409 Opt in to generate-macro-expansion when building on docs.rs
• b48fc02 Enforce trybuild >= 1.0.108
• d5f59fb Update ui test suite to nightly-2025-09-07
• 238415d Update ui test suite to nightly-2025-08-24
• 3bab070 Update actions/checkout@v4 -> v5
• 4249254 Order cap-lints flag in the same order as thiserror build script
• See full diff in compare view

Updates clap from 4.5.46 to 4.5.48

Release notes

Sourced from clap's releases.

v4.5.48

[4.5.48] - 2025-09-19

Documentation

• Add a new CLI Concepts document as another way of framing clap
• Expand the typed_derive cookbook entry

v4.5.47

[4.5.47] - 2025-09-02

Features

• Added impl FromArgMatches for ()
• Added impl Args for ()
• Added impl Subcommand for ()
• Added impl FromArgMatches for Infallible
• Added impl Subcommand for Infallible

Fixes

• (derive) Update runtime error text to match clap

Changelog

Sourced from clap's changelog.

[4.5.48] - 2025-09-19

Documentation

• Add a new CLI Concepts document as another way of framing clap
• Expand the typed_derive cookbook entry

[4.5.47] - 2025-09-02

Features

• Added impl FromArgMatches for ()
• Added impl Args for ()
• Added impl Subcommand for ()
• Added impl FromArgMatches for Infallible
• Added impl Subcommand for Infallible

Fixes

• (derive) Update runtime error text to match clap

Commits

• c3a1ddc chore: Release
• 4460ff4 docs: Update changelog
• 54947a1 Merge pull request #5981 from mernen/fix-bash-clap-complete-space
• fd3f6d2 fix(complete): Restore nospace in bash
• 2f6a108 test(complete): Demonstrate current behavior
• f88be57 style: Ensure consistent newlines
• f209bce chore: Release
• f33ff7f docs: Update changelog
• bf06e6f Merge pull request #5974 from kryvashek/support-clearing-args-matches
• 5d357ad feat(parser): Added ArgMatches::try_clear_id()
• Additional commits viewable in compare view

Updates clap_complete from 4.5.57 to 4.5.58

Commits

• 88f13cb chore: Release
• fe2d731 docs: Update changelog
• b256739 Merge pull request #6131 from mernen/do-not-suggest-opts-after-escape
• 8aaf704 fix(complete): Do not suggest options after "--"
• 4a86fee test(complete): Illustrate current behavior
• 281f8ae Merge pull request #6126 from epage/p
• 3cbce42 docs(cookbook): Make typed-derive easier to maintain
• 9fd4dc9 docs(cookbook): Provide a custom TypedValueParser
• 8f8e861 docs(cookbook): Add local enum to typed-derive
• 926bafe docs(cookbook): Hint at overriding value_name
• Additional commits viewable in compare view

Updates tracing-forest from 0.1.6 to 0.2.0

Commits

• See full diff in compare view

Updates serde_derive from 1.0.219 to 1.0.228

Release notes

Sourced from serde_derive's releases.

v1.0.228

• Allow building documentation with RUSTDOCFLAGS='--cfg=docsrs' set for the whole dependency graph (#2995)

v1.0.227

• Documentation improvements (#2991)

v1.0.226

• Deduplicate variant matching logic inside generated Deserialize impl for adjacently tagged enums (#2935, thanks @​Mingun)

v1.0.225

• Avoid triggering a deprecation warning in derived Serialize and Deserialize impls for a data structure that contains its own deprecations (#2879, thanks @​rcrisanti)

v1.0.224

• Remove private types being suggested in rustc diagnostics (#2979)

v1.0.223

• Fix serde_core documentation links (#2978)

v1.0.222

• Make serialize_with attribute produce code that works if respanned to 2024 edition (#2950, thanks @​aytey)

v1.0.221

• Documentation improvements (#2973)
• Deprecate serde_if_integer128! macro (#2975)

v1.0.220

• Add a way for data formats to depend on serde traits without waiting for serde_derive compilation: https://docs.rs/serde_core (#2608, thanks @​osiewicz)

Commits

• a866b33 Release 1.0.228
• 5adc9e8 Merge pull request #2995 from dtolnay/rustdocflags
• ab58178 Workaround for RUSTDOCFLAGS='--cfg=docsrs'
• 415d9fc Release 1.0.227
• 7c58427 Merge pull request #2991 from dtolnay/inlinecoredoc
• 9d3410e Merge pull request #2992 from dtolnay/inplaceseed
• 2fb6748 Remove InPlaceSeed public re-export
• f8137c7 Inline serde_core into serde in docsrs mode
• b7dbf7e Merge pull request #2990 from dtolnay/integer128
• 7c83691 No longer macro_use integer128 module
• Additional commits viewable in compare view

Updates thiserror from 2.0.16 to 2.0.17

Release notes

Sourced from thiserror's releases.

2.0.17

• Use differently named __private module per patch release (#434)

Commits

• 72ae716 Release 2.0.17
• 599fdce Merge pull request #434 from dtolnay/private
• 9ec05f6 Use differently named __private module per patch release
• d2c492b Raise minimum tested compiler to rust 1.76
• fc3ab95 Opt in to generate-macro-expansion when building on docs.rs
• 819fe29 Update ui test suite to nightly-2025-09-12
• 259f48c Enforce trybuild >= 1.0.108
• 470e6a6 Update ui test suite to nightly-2025-08-24
• 544e191 Update actions/checkout@v4 -> v5
• cbc1eba Delete duplicate cap-lints flag from build script
• See full diff in compare view

Updates serde from 1.0.219 to 1.0.228

Release notes

Sourced from serde's releases.

v1.0.228

• Allow building documentation with RUSTDOCFLAGS='--cfg=docsrs' set for the whole dependency graph (#2995)

v1.0.227

• Documentation improvements (#2991)

v1.0.226

• Deduplicate variant matching logic inside generated Deserialize impl for adjacently tagged enums (#2935, thanks @​Mingun)

v1.0.225

• Avoid triggering a deprecation warning in derived Serialize and Deserialize impls for a data structure that contains its own deprecations (#2879, thanks @​rcrisanti)

v1.0.224

• Remove private types being suggested in rustc diagnostics (#2979)

v1.0.223

• Fix serde_core documentation links (#2978)

v1.0.222

• Make serialize_with attribute produce code that works if respanned to 2024 edition (#2950, thanks @​aytey)

v1.0.221

• Documentation improvements (#2973)
• Deprecate serde_if_integer128! macro (#2975)

v1.0.220

• Add a way for data formats to depend on serde traits without waiting for serde_derive compilation: https://docs.rs/serde_core (#2608, thanks @​osiewicz)

Commits

• a866b33 Release 1.0.228
• 5adc9e8 Merge pull request #2995 from dtolnay/rustdocflags
• ab58178 Workaround for RUSTDOCFLAGS='--cfg=docsrs'
• 415d9fc Release 1.0.227
• 7c58427 Merge pull request #2991 from dtolnay/inlinecoredoc
• 9d3410e Merge pull request #2992 from dtolnay/inplaceseed
• 2fb6748 Remove InPlaceSeed public re-export
• f8137c7 Inline serde_core into serde in docsrs mode
• b7dbf7e Merge pull request #2990 from dtolnay/integer128
• 7c83691 No longer macro_use integer128 module
• Additional commits viewable in compare view

Updates memchr from 2.7.5 to 2.7.6

Commits

• 9ba486e 2.7.6
• ec25b80 aarch64: fix NEON optimization on big-endian
• See full diff in compare view

Updates bitflags from 2.9.3 to 2.9.4

Release notes

Sourced from bitflags's releases.

2.9.4

What's Changed

• Add Cargo features to readme by @​KodrAus in bitflags/bitflags#460
• Prepare for 2.9.4 release by @​KodrAus in bitflags/bitflags#461

Full Changelog: bitflags/bitflags@2.9.3...2.9.4

Changelog

Sourced from bitflags's changelog.

2.9.4

What's Changed

• Add Cargo features to readme by @​KodrAus in bitflags/bitflags#460

Full Changelog: bitflags/bitflags@2.9.3...2.9.4

Commits

• de0ec28 Merge pull request #461 from KodrAus/cargo/2.9.4
• c31df3c prepare for 2.9.4 release
• 3a9cce2 Merge pull request #460 from bitflags/doc/cargo-features
• 8eb1c7c add Cargo features to readme
• See full diff in compare view

Updates libc from 0.2.175 to 0.2.176

Release notes

Sourced from libc's releases.

0.2.176

Support

• The default FreeBSD version has been raised from 11 to 12. This matches rustc since 1.78. (#2406)
• Debug is now always implemented, rather than being gated behind the extra_traits feature. (#4624)

Added

• AIX: Restore some non-POSIX functions guarded by the _KERNEL macro. (#4607)
• FreeBSD 14: Add st_fileref to struct stat (#4642)
• Haiku: Add the accept4 POSIX call (#4586)
• Introduce a wrapper for representing padding (#4632)
• Linux: Add EM_RISCV (#4659)
• Linux: Add MS_NOSYMFOLLOW (#4389)
• Linux: Add backtrace_symbols(_fd) (#4668)
• Linux: Add missing SOL_PACKET optnames (#4669)
• Musl s390x: Add SYS_mseal (#4549)
• NuttX: Add __errno (#4687)
• Redox: Add dirfd, VDISABLE, and resource consts (#4660)
• Redox: Add more resource.h, fcntl.h constants (#4666)
• Redox: Enable strftime and mkostemp[s] (#4629)
• Unix, Windows: Add qsort_r (Unix), and qsort(_s) (Windows) (#4677)
• Unix: Add dlvsym for Linux-gnu, FreeBSD, and NetBSD (#4671)
• Unix: Add sigqueue (#4620)

Changed

• FreeBSD 15: Mark kinfo_proc as non-exhaustive (#4553)
• FreeBSD: Set the ELF symbol version for readdir_r (#4694)
• Linux: Correct the config for whether or not epoll_event is packed (#4639)
• Tests: Replace the old ctest with the much more reliable new implementation (#4655 and many related PRs)

Fixed

• AIX: Fix the type of the 4th arguement of getgrnam_r ([#4656](rust-lang/libc#4656
• FreeBSD: Limit P_IDLEPROC to FreeBSD 15 (#4640)
• FreeBSD: Limit mcontext_t::mc_tlsbase to FreeBSD 15 (#4640)
• FreeBSD: Update gating of mcontext_t.mc_tlsbase (#4703)
• Musl s390x: Correct the definition of statfs[64] (#4549)
• Musl s390x: Make fpreg_t a union (#4549)
• Redox: Fix the types of gid_t and uid_t (#4689)
• Redox: Fix the value of MAP_FIXED (#4684)

Deprecated

• Apple: Correct the deprecated attribute for iconv (a97a0b53)
• FreeBSD: Deprecate TIOCMGDTRWAIT and TIOCMSDTRWAIT (#4685)

Removed

... (truncated)

Changelog

Sourced from libc's changelog.

0.2.176 - 2025-09-23

Support

• The default FreeBSD version has been raised from 11 to 12. This matches rustc since 1.78. (#2406)
• Debug is now always implemented, rather than being gated behind the extra_traits feature. (#4624)

Added

• AIX: Restore some non-POSIX functions guarded by the _KERNEL macro. (#4607)
• FreeBSD 14: Add st_fileref to struct stat (#4642)
• Haiku: Add the accept4 POSIX call (#4586)
• Introduce a wrapper for representing padding (#4632)
• Linux: Add EM_RISCV (#4659)
• Linux: Add MS_NOSYMFOLLOW (#4389)
• Linux: Add backtrace_symbols(_fd) (#4668)
• Linux: Add missing SOL_PACKET optnames (#4669)
• Musl s390x: Add SYS_mseal (#4549)
• NuttX: Add __errno (#4687)
• Redox: Add dirfd, VDISABLE, and resource consts (#4660)
• Redox: Add more resource.h, fcntl.h constants (#4666)
• Redox: Enable strftime and mkostemp[s] (#4629)
• Unix, Windows: Add qsort_r (Unix), and qsort(_s) (Windows) (#4677)
• Unix: Add dlvsym for Linux-gnu, FreeBSD, and NetBSD (#4671)
• Unix: Add sigqueue (#4620)

Changed

• FreeBSD 15: Mark kinfo_proc as non-exhaustive (#4553)
• FreeBSD: Set the ELF symbol version for readdir_r (#4694)
• Linux: Correct the config for whether or not epoll_event is packed (#4639)
• Tests: Replace the old ctest with the much more reliable new implementation (#4655 and many related PRs)

Fixed

• AIX: Fix the type of the 4th arguement of getgrnam_r ([#4656](rust-lang/libc#4656
• FreeBSD: Limit P_IDLEPROC to FreeBSD 15 (#4640)
• FreeBSD: Limit mcontext_t::mc_tlsbase to FreeBSD 15 (#4640)
• FreeBSD: Update gating of mcontext_t.mc_tlsbase (#4703)
• Musl s390x: Correct the definition of statfs[64] (#4549)
• Musl s390x: Make fpreg_t a union (#4549)
• Redox: Fix the types of gid_t and uid_t (#4689)
• Redox: Fix the value of MAP_FIXED (#4684)

Deprecated

• Apple: Correct the deprecated attribute for iconv (a97a0b53)
• FreeBSD: Deprecate TIOCMGDTRWAIT and TIOCMSDTRWAIT (#4685)

Removed

... (truncated)

Commits

• 15e1389 chore: Release libc 0.2.176
• 6ca5571 Warn on missing debug implementations
• e653c54 cleanup: Remove the const_fn! macro
• e447441 cleanup: Simplify the syntax of f! and similar macros
• 776a614 cleanup: Use target_vendor = "apple"
• d32f60d doc: Remove an unneeded link to the old ctest repo
• 8c8584b Resolve a ctest FIXME regarding use of size_of in array lengths
• 09c8436 Remove the libc_ctest feature
• fd3ffe4 Remove libc_const_extern_fn
• 9b77a49 Add a note about why Padding requires T: Copy
• Additional commits viewable in compare view

Updates tempfile from 3.21.0 to 3.23.0

Changelog

Sourced from tempfile's changelog.

3.23.0

• Remove need for the "nightly" feature to compile with "wasip2".

3.22.0

• Updated windows-sys requirement to allow version 0.61.x
• Remove unstable-windows-keep-open-tempfile feature.

Commits

• fe9f4a3 chore: release v3.23.0 (#381)
• 006c3fd fix: use std::os::fd instead of std::os::wasi (#380)
• b0e6309 doc: Update COPYRIGHT link (#377)
• 2d6fc3f Fix formatting in Builder::disable_cleanup documentation (#375)
• f720dbe chore: release 3.22.0
• 55d742c chore: remove deprecated unstable feature flag
• bc41a0b build(deps): update windows-sys requirement from >=0.52, <0.61 to >=0.52, <0....
• 3c55387 test: make sure we don't drop tempdirs early (#373)
• 17bf644 doc(builder): clarify permissions (#372)
• c7423f1 doc(env): document the alternative to setting the tempdir (#371)
• Additional commits viewable in compare view

Updates bytesize from 2.0.1 to 2.1.0

Release notes

Sourced from bytesize's releases.

bytesize: v2.1.0

• Support parsing and formatting exabytes (EB) & exbibytes (EiB).
• Migrate serde dependency to serde_core.

Changelog

Sourced from bytesize's changelog.

2.1.0

• Support parsing and formatting exabytes (EB) & exbibytes (EiB).
• Migrate serde dependency to serde_core.

Commits

• ac756bb chore(bytesize): prepare release 2.1.0
• 3a0de52 chore: migrate to serde_core
• e816797 feat: add exabyte and exbibyte support (#101)
• 3b89d01 chore(deps): bump actions/checkout from 4 to 5 (#105)
• 62e38cb chore(deps): bump actions-rust-lang/setup-rust-toolchain (#104)
• 4beb271 chore(deps): bump codecov/codecov-action from 5.4.3 to 5.5.0 (#106)
• 731c44c chore(deps): bump taiki-e/install-action from 2.57.8 to 2.58.29 (#107)
• 6613704 chore(deps): bump arbitrary from 1.4.1 to 1.4.2 (#108)
• 1463664 chore(deps): bump serde_json from 1.0.142 to 1.0.143 (#109)
• 8476c8a fix(ci): use variables directly in formatting for clippy (#103)
• Additional commits viewable in compare view

Updates rustix from 1.0.8 to 1.1.2

Commits

• 5245b81 chore: Release rustix version 1.1.2
• 0a10015 Fix compilation on Android. (#1514)
• 0f3b6ca build: update duplicate linux-raw-sys dependency to match existing (#1512)
• 5dc84d4 chore: Release rustix version 1.1.1
• 86dacac Fix the test_is_io_flusher test. (#1510)
• 8b203f5 set_thread_res_xid: -1 as None (#1459)
• 7ed8ee9 Add ip_mtu_discover and ipv6_mtu_discover socket options (#1466)
• 7798f03 libc: add MS_NOSYMFOLLOW support (#1471)
• 3ff59d4 Update to linux-raw-sys 0.11.0. (#1508)
• 65b04ae Add support for SO_TXTIME / SCM_TXTIME (#1409)
• Additional commits viewable in compare view

Updates quote from 1.0.40 to 1.0.41

Release notes

Sourced from quote's releases.

1.0.41

• Improve compile error when repetition contains no interpolated value that is an iterator (#302)

Commits

• 594c865 Release 1.0.41
• 68956e6 Merge pull request #302 from dtolnay/hasiter
• 6a69784 Make diagnostic attribute conditional on compiler version
• 5f1924b Tweak CheckHasIterator error message
• c0adb26 Add diagnostic::on_unimplemented for no iterator in repetition
• a1ddcab Combine HasIterator and ThereIsNoIteratorInRepetition to one type
• bf48c85 Switch to trait for checking iterator in repetition
• d3b4777 Update ui test suite to nightly-2025-09-27
• 3e6b04d Raise minimum tested compiler to rust 1.76
• 07deaaf Opt in to generate-macro-expansion when building on docs.rs
• Additional commits viewable in compare view

Updates trybuild from 1.0.110 to 1.0.111

Release notes

Sourced from trybuild's releases.

1.0.111

• Normalize dependency crate's version in filepaths (#316)

Commits

• 31fbbb2 Release 1.0.111
• d4dfc63 Merge pull request #316 from dtolnay/version
• 3caa02a Normalize dependency crate's version in paths
• e1cfaad Update actions/checkout@v4 -> v5
• See full diff in compare view

Updates expectrl from 0.7.1 to 0.8.0

Commits

• See full diff in compare view

Updates windows-sys from 0.60.2 to 0.61.1

Release notes

Sourced from windows-sys's releases.

61

Major crate updates:

• windows 0.59.0
• windows-core 0.59.0
  • windows-implement 0.59.0
  • windows-interface 0.59.0
• windows-targets 0.53.0
  • windows_i686_msvc 0.53.0
  • windows_x86_64_msvc 0.53.0
  • windows_aarch64_msvc 0.53.0
  • windows_i686_gnu 0.53.0
  • windows_x86_64_gnu 0.53.0
  • windows_i686_gnullvm 0.53.0
  • windows_x86_64_gnullvm 0.53.0
  • windows_aarch64_gnullvm 0.53.0
• windows-bindgen 0.59.0
• windows-registry 0.4.0
• windows-result 0.3.0
• windows-strings 0.3.0
• cppwinrt 0.2.0

Minor crate updates:

• windows-version 0.1.2

Excluded:

• windows-sys 0.59.0

Things to keep in mind:

• The tag/release names no longer map directly to the crate versions, so to find samples for a particular release requires looking at the releases page and finding the release that most recently updated a particular crate.

• The windows-bindgen crate includes the major code generation overhaul that brings many improvements - be sure to check out the PR description for more information. The resulting code gen depends on the new version of windows-core and its dependencies, unless you include the --sys option. #3359

• The cppwinrt crate constitutes a major update due to streamlining the error handling. #3415

• The windows-registry, windows-strings, and windows-result crates are also major version updates since they include small breaking changes.

• The windows-targets crate finally receives a major version update, the first in over a year. This is due to #3359 and #3342 potentially introducing breaking changes. Although unlikely, these updates introduced sufficient changes that make it hard to ensure that the windows-targets libs don't break existing code. As we're updating windows-targets anyway, I took the liberty to bump the MSRV to 1.60 - to match the latest version of windows-sys - and remove the old but unused doc macro feature. Both remained for compatibility with very old dependents of the windows-targets crate.

• The windows-version crate receives a minor update to update its dependency on the windows-targets crate.

• Beyond these specifics, this update is the culmination of around 6 months worth of work on the windows-rs project. The biggest improvements comes from the new code generation engine, but many other improvements are now also available for production. This includes support for many new lints, warnings, and suggestions provided by the Rust toolchain; much smaller code gen thanks to deriving many more traits; more efficient code gen; major improvements to WinRT type system and implementation support; more robust and consistent error handling; stock collection and async support; improved support for class hierarchies; and much more!

In addition to "what's changed" below, check out what's changed for notes for 0.60.0 and 0.59.0 for additional changes that roll up to the crates published as part of this release.

What's Changed

• Remove improper_ctypes workaround by @​ChrisDenton in microsoft/windows-rs#3296

... (truncated)

Commits

• See full diff in compare view

Updates windows from 0.61.3 to 0.62.1

Commits

• See full diff in compare view

Updates regex from 1.11.2 to 1.11.3

Changelog

Sourced from regex's changelog.

1.11.3 (2025-09-25)

This is a small patch release with an improvement in memory usage in some cases.

Improvements:

• [BUG #1297](rust-lang/regex#1297): Improve memory usage by trimming excess memory capacity in some spots.

Commits

• ef1c2c3 1.11.3
• ad5cd6c deps: bump regex-automata
• ee69d9e changelog: 1.11.3
• 159fa3e regex-automata-0.4.11
• 02a62ba automata: call Vec::shrink_to_fit in a few strategic places
• a76e0a0 cargo: exclude tests/fuzz from the package
• 19172cc style: inline formatting arguments
• 2695e29 ci: fix cross testing
• See full diff in compare view

Updates insta from 1.43.1 to 1.43.2

Release notes

Sourced from insta's releases.

1.43.2

Release Notes

• Fix panics when cargo metadata fails to execute or parse (e.g., when cargo is not in PATH or returns invalid output). Now falls back to using the manifest directory as the workspace root. #798 (@​adriangb)
• Fix clippy uninlined_format_args lint warnings. #801
• Changed diff line numbers to 1-based indexing. #799
• Preserve snapshot names with INSTA_GLOB_FILTER. #786
• Bumped libc crate to 0.2.174, fixing building on musl targets, and increasing the MSRV of insta to 1.64.0 (released Sept 2022). #784
• Fix clippy 1.88 errors. #783
• Fix source path in snapshots for non-child workspaces. #778
• Add lifetime to Selector in redaction iterator. #779

Install cargo-insta 1.43.2

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/mitsuhiko/insta/releases/download/1.43.2/cargo-insta-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy ByPass -c "irm https://github.com/mitsuhiko/insta/releases/download/1.43.2/cargo-insta-installer.ps1 | iex"

Download cargo-insta 1.43.2

File	Platform	Checksum
cargo-insta-aarch64-apple-darwin.tar.xz	Apple Silicon macOS	checksum
cargo-insta-x86_64-apple-darwin.tar.xz	Intel macOS	checksum
cargo-insta-x86_64-pc-windows-msvc.zip	x64 Windows	checksum
cargo-insta-x86_64-unknown-linux-gnu.tar.xz	x64 Linux	checksum
cargo-insta-x86_64-unknown-linux-musl.tar.xz	x64 MUSL Linux	checksum

Changelog

Sourced from insta's changelog.

1.43.2

• Fix panics when cargo metadata fails to execute or parse (e.g., when cargo is not in PATH or returns invalid output). Now falls back to using the manifest directory as the workspace root. #798 (@​adriangb)
• Fix clippy uninlined_format_args lint warnings. #801
• C...

  Description has been truncated

[EliahKagan]

The test failures seem to be due to a breaking change in expectrl. This is to be expected, in that the version bump is SemVer-breaking, but I don't see any changelog or release notes. There is documentation, and at least the readme file has changed, so maybe a diff would reveal what should be done. It might be enough to use an additional trait, as the error message suggests, but I'd prefer to understand the changes in full, or at least any that might apply to our use. I have not yet checked if other SemVer-breaking changes would cause subsequent build failures or otherwise break anything.

[Byron]

I think expectrl isn't important enough to update. After all, it fills a specific niche in tests only, and these have been stable for while.

Can we merge this by keeping it at the most recent, non-breaking version?
That way, we can safe the time and fix it only when cargo audit forces it.

[EliahKagan]

TL;DR: Probably yes.

I think expectrl isn't important enough to update. After all, it fills a specific niche in tests only, and these have been stable for while.

We probably have a number of things like this. It seems to me that what sets expectrl apart from many, though not all, others, at this time, is that there's no clear changelog or other comparative documentation or guide to adapting to changes. (Alternatively, maybe there is and I didn't notice it.)

I would be interested in upgrading expectrl in the future even without any security vulnerabilities or yanked crate versions, once it's clearer how to do so, or if we can discern if the new features are useful to us, or even just whenever I get time to look into it (though that could be a while in the abence of anything to prioritize it).

For tests where we use expectrl, I think we don't currently run them on as many platforms as we would like, due to past or current limitations of expectrl. So I think that's a likely reason we may eventually want to upgrade our expectrl dev dependency, even in the absence of anything related to security.

But I haven't noticed anything about the gap between the version we use and the version we would be able to ugprade to if we adapted to it here, that would help us with that at this time.

Can we merge this by keeping it at the most recent, non-breaking version?

I'll try to do that shortly. Whether it will be sufficient to allow this to be merged, I'll find out when I attempt it.

There are two crates here that are direct production dependencies with a SemVer break: windows-sys (which gix-sec depends on), and zip (which gix-archive depends on). The windows and windows-sys crates often get SemVer-breaking upgrades and the way we are using them rarely breaks. For the zip crate, I'm very unclear on why the change is SemVer breaking. The major version bump's changelog entry lists only zip-rs/zip2#382.

I'm regenerating the PR in my fork to experiment on it to see if there are other breaking changes. Some time has passed since it was generated, so there are likely other crates that are available to update now, which would appear here in the upstream repository when Dependabot supersedes this PR with a new one, which will happen due to a change in the Dependabot configuration to keep expectrl back at 0.7.*. Testing this first enables me to know if there are other problems that I can't fix in the time I have available right now; so long as there aren't, I'll make the change here.

Incidentally, doing a Dependabot version updates scan takes a long time and, at least in my fork, sometimes fails. The warnings discussed in #2092 and #2093 either contribute to this or made it more challenging to figure out what does. Ideally I would better think through the simple solution you proposed in the #2093 comment discussion and maybe do that, but if the delays get in the way of what I'm doing for updating this, then I may hold getrandom back to a SemVer-compatible version as well when editing dependabot.yml. But that might not be necessary.

Edit: I think I'll do that but for a different related reason: Dependabot version updates complete but they are missing updating some things they should. See #2093 (comment).

That way, we can safe the time and fix it only when cargo audit forces it.

Yes, keeping it back this way should be fine due to the way we scan for reported vulnerabilities.

I don't think we're running cargo audit automatically, and I don't regularly run it, so unless you're running it, that's not probably how we'd find out. But if there is a security vulnerability and it is recognized as such (or even only recognized as a soundness bug), then either there should be a RUSTSEC advisory and our automatically running cargo-deny job should inform us, or there should be a GHSA advisory and Dependabot alerts should inform us (and generate a security update PR if it can), or (most often) both.

[dependabot]

Looks like these dependencies are no longer being updated by Dependabot, so this is no longer needed.

[EliahKagan]

Looks like these dependencies are no longer being updated by Dependabot, so this is no longer needed.

This message is misleading because most of them are still being updated by Dependabot. A new Dependabot PR will be created automatically (unless some error keeps that from happening).

[EliahKagan]

I made the Dependabot configuration changes in #2201 (tested in EliahKagan#111, see also #2093 (comment)), leading to the creation of Dependabot PR #2202, which I've added some adjustments to. Dependabot will merge #2202 once all CI checks pass there.

[Byron]

Thanks - it looks like not updating expectrl will be fine for a while.

I also mixed up cargo audit with cargo-deny, which we are running, so we should stay in formed about issues related to expectrl automatically.
All good, thanks again!