chore(deps): bump iced from 0.13.1 to 0.14.0 #45
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
Author
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
|
doublegate
added a commit
that referenced
this pull request
Jan 10, 2026
This PR consolidates updates from multiple open dependency PRs: ## Cargo Dependency Updates Applied: - criterion: 0.5.1 -> 0.8.1 (major version, benchmark framework) - ratatui: 0.29.0 -> 0.30.0 (TUI framework with breaking changes) - serde_json: 1.0.145 -> 1.0.148 - rustls-pki-types: 1.0 -> 1.13.2 - tracing: 0.1.43 -> 0.1.44 - tracing-subscriber: 0.3.20 -> 0.3.22 - clap: 4.5.48 -> 4.5.53 - open: 5.0 -> 5.3.3 - regex: 1.12 -> 1.12.1 ## GitHub Actions Updates Applied: - actions/cache: v4 -> v5 - actions/upload-artifact: v5 -> v6 - actions/download-artifact: v6 -> v7 ## Breaking Changes Resolved: - ratatui 0.30: Added `clear_region` method and `Error` type to Backend trait - Fixed clippy warnings in auth.rs (Zeroize derive pattern) - Fixed clippy unnecessary_unwrap in GUI button component ## Excluded from Consolidation: - iced 0.14.0 (PR #45): Extensive breaking changes requiring major GUI refactor - Would require changes to: scrollable API, application API, Style structs, text_input::Status enum, spacing types, and more - Recommended as separate PR for dedicated migration effort ## PRs Already Merged (content in main): - PR #27, #32: Phase 4 scripting documentation already present ## Verification: - Zero compilation errors - Zero clippy warnings (with -D warnings) - 60 unit tests passing - 49 doctests passing - Release build successful Closes #24, #46, #47, #48, #49, #50, #51, #52, #53, #54, #55, #56 Related: #27, #32 (already merged) Excluded: #45 (iced 0.14.0 - breaking changes too extensive) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
doublegate
added a commit
that referenced
this pull request
Jan 10, 2026
…grades (closes #24, #46-56) (#59) * chore(deps): Consolidate dependency updates and GitHub Actions upgrades This PR consolidates updates from multiple open dependency PRs: ## Cargo Dependency Updates Applied: - criterion: 0.5.1 -> 0.8.1 (major version, benchmark framework) - ratatui: 0.29.0 -> 0.30.0 (TUI framework with breaking changes) - serde_json: 1.0.145 -> 1.0.148 - rustls-pki-types: 1.0 -> 1.13.2 - tracing: 0.1.43 -> 0.1.44 - tracing-subscriber: 0.3.20 -> 0.3.22 - clap: 4.5.48 -> 4.5.53 - open: 5.0 -> 5.3.3 - regex: 1.12 -> 1.12.1 ## GitHub Actions Updates Applied: - actions/cache: v4 -> v5 - actions/upload-artifact: v5 -> v6 - actions/download-artifact: v6 -> v7 ## Breaking Changes Resolved: - ratatui 0.30: Added `clear_region` method and `Error` type to Backend trait - Fixed clippy warnings in auth.rs (Zeroize derive pattern) - Fixed clippy unnecessary_unwrap in GUI button component ## Excluded from Consolidation: - iced 0.14.0 (PR #45): Extensive breaking changes requiring major GUI refactor - Would require changes to: scrollable API, application API, Style structs, text_input::Status enum, spacing types, and more - Recommended as separate PR for dedicated migration effort ## PRs Already Merged (content in main): - PR #27, #32: Phase 4 scripting documentation already present ## Verification: - Zero compilation errors - Zero clippy warnings (with -D warnings) - 60 unit tests passing - 49 doctests passing - Release build successful Closes #24, #46, #47, #48, #49, #50, #51, #52, #53, #54, #55, #56 Related: #27, #32 (already merged) Excluded: #45 (iced 0.14.0 - breaking changes too extensive) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * refactor(auth): Replace module-level lint suppression with field-level attributes and add zeroization tests (#60) * Initial plan * refactor(auth): Move lint suppression from module-level to field-level for targeted scope Co-authored-by: doublegate <6858123+doublegate@users.noreply.github.com> * test(auth): Add comprehensive zeroization test coverage for security-critical fields Co-authored-by: doublegate <6858123+doublegate@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: doublegate <6858123+doublegate@users.noreply.github.com> * fix(ci): Resolve all failing CI checks for PR #59 - Fix auth.rs formatting: Remove trailing whitespace and format unsafe blocks properly according to rustfmt rules - Fix dependency-review-config.yml: Remove conflicting deny-licenses (cannot have both allow-licenses and deny-licenses), use proper purl format for package specifications (pkg:cargo/package-name) - Fix Windows cargo-nextest timeout: Replace cargo install with taiki-e/install-action pre-built binaries to avoid 10+ minute compilation time that caused timeouts Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(ci): Expand allowed licenses for Dependency Review check Add comprehensive license list for Rust ecosystem compatibility: - Unicode licenses: Unicode-DFS-2016, Unicode-3.0 - Compression: Zlib, zlib-acknowledgement - Mozilla: MPL-2.0 - Boost: BSL-1.0 - LLVM: Apache-2.0 WITH LLVM-exception - OpenSSL, BlueOak-1.0.0, CC-BY-3.0/4.0, WTFPL, Ring, MIT-0, NCSA Add package allowlist for crates with special license definitions: - Unicode crates (unicode-ident, unicode-normalization, etc.) - Cryptography crates (ring, webpki, rustls-webpki) - OpenSSL bindings - lab crate (low OpenSSF scorecard but essential) Remove openssl-sys from deny-packages list. Fixes Dependency Review check failure on PR #59. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(ci): Remove invalid 'Ring' from allow-licenses list Ring is not a valid SPDX license identifier. The ring crate uses ISC license, which is already in the allow list. The ring package is also in the allow-dependencies-licenses list to ensure it passes checks. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(ci): add unicode-properties to allow-dependencies-licenses The unicode-properties@0.1.4 crate uses "MIT/Apache-2.0" as its license string, which is not valid SPDX format (should be "MIT OR Apache-2.0"). GitHub's dependency-review-action cannot validate non-SPDX license strings. Adding the package to allow-dependencies-licenses bypasses the SPDX validation while still allowing the dependency since both MIT and Apache-2.0 are approved licenses. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: doublegate <6858123+doublegate@users.noreply.github.com>
dependabot
bot
force-pushed
the
dependabot/cargo/iced-0.14.0
branch
from
cfdf4c5 to
ad33257
Compare
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found. |
dependabot
bot
force-pushed
the
dependabot/cargo/iced-0.14.0
branch
from
ad33257 to
5d06f2d
Compare
doublegate
added a commit
that referenced
this pull request
Jan 10, 2026
Apply security fix for vulnerable lru 0.12.5 in iced_glyphon dependency. Security Fix Applied: - Vendor patched iced_glyphon 0.6.0 with lru updated to 0.16.3 - Add Cargo patch to use vendored version - Resolves RUSTSEC-2026-0002 (IterMut violating Stacked Borrows) Dependency Chain Fixed: rustirc -> rustirc-gui -> iced 0.13.1 -> iced_wgpu -> iced_glyphon -> lru Code Quality Improvements: - Add Default derive to PluginCapabilities (clippy::derivable_impls) - Add dead_code allows for reserved Phase 4+ fields in ScriptApi Related to PR #45 (iced 0.14.0). Full iced migration deferred as it requires 82+ breaking API changes - recommended for separate PR. PRs #27, #32 superseded - Phase 4 documentation already in main branch. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
11 tasks
doublegate
added a commit
that referenced
this pull request
Jan 10, 2026
…ity fix (#64) * chore(deps): Consolidate dependency updates and GitHub Actions upgrades This PR consolidates updates from multiple open dependency PRs: ## Cargo Dependency Updates Applied: - criterion: 0.5.1 -> 0.8.1 (major version, benchmark framework) - ratatui: 0.29.0 -> 0.30.0 (TUI framework with breaking changes) - serde_json: 1.0.145 -> 1.0.148 - rustls-pki-types: 1.0 -> 1.13.2 - tracing: 0.1.43 -> 0.1.44 - tracing-subscriber: 0.3.20 -> 0.3.22 - clap: 4.5.48 -> 4.5.53 - open: 5.0 -> 5.3.3 - regex: 1.12 -> 1.12.1 ## GitHub Actions Updates Applied: - actions/cache: v4 -> v5 - actions/upload-artifact: v5 -> v6 - actions/download-artifact: v6 -> v7 ## Breaking Changes Resolved: - ratatui 0.30: Added `clear_region` method and `Error` type to Backend trait - Fixed clippy warnings in auth.rs (Zeroize derive pattern) - Fixed clippy unnecessary_unwrap in GUI button component ## Excluded from Consolidation: - iced 0.14.0 (PR #45): Extensive breaking changes requiring major GUI refactor - Would require changes to: scrollable API, application API, Style structs, text_input::Status enum, spacing types, and more - Recommended as separate PR for dedicated migration effort ## PRs Already Merged (content in main): - PR #27, #32: Phase 4 scripting documentation already present ## Verification: - Zero compilation errors - Zero clippy warnings (with -D warnings) - 60 unit tests passing - 49 doctests passing - Release build successful Closes #24, #46, #47, #48, #49, #50, #51, #52, #53, #54, #55, #56 Related: #27, #32 (already merged) Excluded: #45 (iced 0.14.0 - breaking changes too extensive) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * refactor(auth): Replace module-level lint suppression with field-level attributes and add zeroization tests (#60) * Initial plan * refactor(auth): Move lint suppression from module-level to field-level for targeted scope Co-authored-by: doublegate <6858123+doublegate@users.noreply.github.com> * test(auth): Add comprehensive zeroization test coverage for security-critical fields Co-authored-by: doublegate <6858123+doublegate@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: doublegate <6858123+doublegate@users.noreply.github.com> * fix(ci): Resolve all failing CI checks for PR #59 - Fix auth.rs formatting: Remove trailing whitespace and format unsafe blocks properly according to rustfmt rules - Fix dependency-review-config.yml: Remove conflicting deny-licenses (cannot have both allow-licenses and deny-licenses), use proper purl format for package specifications (pkg:cargo/package-name) - Fix Windows cargo-nextest timeout: Replace cargo install with taiki-e/install-action pre-built binaries to avoid 10+ minute compilation time that caused timeouts Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(ci): Expand allowed licenses for Dependency Review check Add comprehensive license list for Rust ecosystem compatibility: - Unicode licenses: Unicode-DFS-2016, Unicode-3.0 - Compression: Zlib, zlib-acknowledgement - Mozilla: MPL-2.0 - Boost: BSL-1.0 - LLVM: Apache-2.0 WITH LLVM-exception - OpenSSL, BlueOak-1.0.0, CC-BY-3.0/4.0, WTFPL, Ring, MIT-0, NCSA Add package allowlist for crates with special license definitions: - Unicode crates (unicode-ident, unicode-normalization, etc.) - Cryptography crates (ring, webpki, rustls-webpki) - OpenSSL bindings - lab crate (low OpenSSF scorecard but essential) Remove openssl-sys from deny-packages list. Fixes Dependency Review check failure on PR #59. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(ci): Remove invalid 'Ring' from allow-licenses list Ring is not a valid SPDX license identifier. The ring crate uses ISC license, which is already in the allow list. The ring package is also in the allow-dependencies-licenses list to ensure it passes checks. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(ci): add unicode-properties to allow-dependencies-licenses The unicode-properties@0.1.4 crate uses "MIT/Apache-2.0" as its license string, which is not valid SPDX format (should be "MIT OR Apache-2.0"). GitHub's dependency-review-action cannot validate non-SPDX license strings. Adding the package to allow-dependencies-licenses bypasses the SPDX validation while still allowing the dependency since both MIT and Apache-2.0 are approved licenses. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(security): Patch RUSTSEC-2026-0002 lru soundness vulnerability Apply security fix for vulnerable lru 0.12.5 in iced_glyphon dependency. Security Fix Applied: - Vendor patched iced_glyphon 0.6.0 with lru updated to 0.16.3 - Add Cargo patch to use vendored version - Resolves RUSTSEC-2026-0002 (IterMut violating Stacked Borrows) Dependency Chain Fixed: rustirc -> rustirc-gui -> iced 0.13.1 -> iced_wgpu -> iced_glyphon -> lru Code Quality Improvements: - Add Default derive to PluginCapabilities (clippy::derivable_impls) - Add dead_code allows for reserved Phase 4+ fields in ScriptApi Related to PR #45 (iced 0.14.0). Full iced migration deferred as it requires 82+ breaking API changes - recommended for separate PR. PRs #27, #32 superseded - Phase 4 documentation already in main branch. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: doublegate <6858123+doublegate@users.noreply.github.com>
Bumps [iced](https://github.com/iced-rs/iced) from 0.13.1 to 0.14.0. - [Release notes](https://github.com/iced-rs/iced/releases) - [Changelog](https://github.com/iced-rs/iced/blob/master/CHANGELOG.md) - [Commits](iced-rs/iced@0.13.1...0.14.0) --- updated-dependencies: - dependency-name: iced dependency-version: 0.14.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
force-pushed
the
dependabot/cargo/iced-0.14.0
branch
from
5d06f2d to
152b0ea
Compare
Contributor
Author
|
Looks like iced is up-to-date now, so this is no longer needed. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps iced from 0.13.1 to 0.14.0.
Release notes
Sourced from iced's releases.
... (truncated)
Changelog
Sourced from iced's changelog.
... (truncated)
Commits
3997291Removedevpre-release labela90f523Point documentation links to0.14branch8d7aac9Use crates.io release ofwinit🎉b11ad9fFix standalone compilation oficed_testsubcrate6ad39feEnablex11andwaylandby default iniced_tiny_skia349e40fEnablestdandasync-awaitoffuturesdependencyb807f50Remove inconsistent period indescriptionmetadatac596150Add missingdescriptionmetadata to subcratesb32ea0fUpdateCargo.lock62bf865Update outdated debug overlay inREADMEDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)