build(deps): bump the crates-io group with 10 updates

[dependabot]

Bumps the crates-io group with 10 updates:

Package	From	To
rustls	0.23.1	0.23.4
log	0.4.20	0.4.21
base64	0.21.3	0.22.0
jni	0.19.0	0.21.1
once_cell	1.18.0	1.19.0
webpki-roots	0.26.0	0.26.1
core-foundation	0.9.3	0.9.4
core-foundation-sys	0.8.4	0.8.6
security-framework	2.9.2	2.10.0
security-framework-sys	2.9.1	2.10.0

Updates rustls from 0.23.1 to 0.23.4

Commits

• 1dee8b1 Prepare 0.23.4
• 3a03df6 Correct further dead_code warnings
• d8a0f94 Fix new clippy::use_self warnings
• 3185d7f examples: fix server acceptor alert write behaviour
• b5a8cef server: add AcceptedAlert::write_all
• e06c9fe server: improve AcceptedAlert::write documentation
• a7d2ad6 Test that reproduces the problem
• 9f3adc7 Map SignatureScheme::ECDSA_SHA1_Legacy to SignatureAlgorithm::ECDSA
• d633942 Move MockServerVerifier to tests::common
• 667482a Add path dependency for rustls-post-quantum
• Additional commits viewable in compare view

Updates log from 0.4.20 to 0.4.21

Changelog

Sourced from log's changelog.

[0.4.21] - 2024-02-27

What's Changed

• Minor clippy nits by @​nyurik in rust-lang/log#578
• Simplify Display impl by @​nyurik in rust-lang/log#579
• Set all crates to 2021 edition by @​nyurik in rust-lang/log#580
• Various changes based on review by @​Thomasdezeeuw in rust-lang/log#583
• Fix typo in file_static() method doc by @​dimo414 in rust-lang/log#590
• Specialize empty key value pairs by @​EFanZh in rust-lang/log#576
• Fix incorrect lifetime in Value::to_str() by @​peterjoel in rust-lang/log#587
• Remove some API of the key-value feature by @​Thomasdezeeuw in rust-lang/log#585
• Add logcontrol-log and log-reload by @​swsnr in rust-lang/log#595
• Add Serialization section to kv::Value docs by @​Thomasdezeeuw in rust-lang/log#593
• Rename Value::to_str to to_cow_str by @​Thomasdezeeuw in rust-lang/log#592
• Clarify documentation and simplify initialization of STATIC_MAX_LEVEL by @​ptosi in rust-lang/log#594
• Update docs to 2021 edition, test by @​nyurik in rust-lang/log#577
• Add "alterable_logger" link to README.md by @​brummer-simon in rust-lang/log#589
• Normalize line ending by @​EFanZh in rust-lang/log#602
• Remove ok_or in favor of Option::ok_or by @​AngelicosPhosphoros in rust-lang/log#607
• Use Acquire ordering for initialization check by @​AngelicosPhosphoros in rust-lang/log#610
• Get structured logging API ready for stabilization by @​KodrAus in rust-lang/log#613

New Contributors

• @​nyurik made their first contribution in rust-lang/log#578
• @​dimo414 made their first contribution in rust-lang/log#590
• @​peterjoel made their first contribution in rust-lang/log#587
• @​ptosi made their first contribution in rust-lang/log#594
• @​brummer-simon made their first contribution in rust-lang/log#589
• @​AngelicosPhosphoros made their first contribution in rust-lang/log#607

Commits

• 3ccdc28 Merge pull request #617 from rust-lang/cargo/0.4.21
• 6153cb2 prepare for 0.4.21 release
• f0f7494 Merge pull request #613 from rust-lang/feat/kv-cleanup
• 2b220bf clean up structured logging example
• 646e9ab use original Visitor name for VisitValue
• cf85c38 add needed subfeatures to kv_unstable
• 73e9539 fix up capturing of :err
• 31bb4b0 move error macros together
• ad91711 support field shorthand in macros
• 90a347b restore removed APIs as deprecated
• Additional commits viewable in compare view

Updates base64 from 0.21.3 to 0.22.0

Changelog

Sourced from base64's changelog.

0.22.0

• DecodeSliceError::OutputSliceTooSmall is now conservative rather than precise. That is, the error will only occur if the decoded output cannot fit, meaning that Engine::decode_slice can now be used with exactly-sized output slices. As part of this, Engine::internal_decode now returns DecodeSliceError instead of DecodeError, but that is not expected to affect any external callers.
• DecodeError::InvalidLength now refers specifically to the number of valid symbols being invalid (i.e. len % 4 == 1), rather than just the number of input bytes. This avoids confusing scenarios when based on interpretation you could make a case for either InvalidLength or InvalidByte being appropriate.
• Decoding is somewhat faster (5-10%)

0.21.7

• Support getting an alphabet's contents as a str via Alphabet::as_str()

0.21.6

• Improved introductory documentation and example

0.21.5

• Add Debug and Clone impls for the general purpose Engine

0.21.4

• Make encoded_len const, allowing the creation of arrays sized to encode compile-time-known data lengths

Commits

• 5d70ba7 Merge pull request #269 from marshallpierce/mp/decode-precisely
• efb6c00 Release notes
• 2b91084 Add some tests to boost coverage
• 9e9c7ab Engine::internal_decode now returns DecodeSliceError
• a8a60f4 Decode main loop improvements
• a25be06 Simplify leftover output writes
• 9979cc3 Keep morsels as separate bytes
• 37670c5 Bump dev toolchain version (#268)
• 9652c78 v0.21.7
• 08deccf provide as_str() method to return the alphabet characters (#264)
• Additional commits viewable in compare view

Updates jni from 0.19.0 to 0.21.1

Release notes

Sourced from jni's releases.

Rust JNI 0.21.1

Fixes

• Compilation is fixed for architectures with a C ABI that has unsigned char types. (#419)
• Fix a build failure in the benchmarks (#428)

Rust JNI 0.21.0

While the last (0.20) release was rather conservative (just focusing on reviving the project), this release tackles some more substantial issues (including several safety issues and some bugs dating back to 2018) and as a result it was also necessary to make some breaking changes that will involve some work when updating existing jni code.

Please see the migration guide for some guidance on how to update to this release.

Added

• JavaStr::into_raw() which drops the JavaStr and releases ownership of the raw string pointer (#374)
• JavaStr::from_raw() which takes ownership of a raw string pointer to create a JavaStr (#374)
• JNIEnv::get_string_unchecked is a cheaper, unsafe alternative to get_string that doesn't check the given object is a java.lang.String instance. (#328)
• WeakRef and JNIEnv#new_weak_ref. (#304)
• define_class_bytearray method that takes an AutoElements<jbyte> rather than a &[u8] (#244)
• JObject now has an as_raw method that borrows the JObject instead of taking ownership like into_raw. Needed because JObject no longer has the Copy trait. (#392)
• JavaVM::destroy() (unsafe) as a way to try and unload a JavaVM on supported platforms (#391)
• JavaVM::detach_current_thread() (unsafe) as a way to explicitly detach a thread (normally this is automatic on thread exit). Needed to detach daemon threads manually if using JavaVM::destroy() (#391)
• JPrimitiveArray<T: TypeArray> and type-specific aliases like JByteArray, JIntArray etc now provide safe, reference wrappers for the sys types jarray and jbyteArray etc with a lifetime like JObject (#400)
• JObjectArray provides a reference wrapper for a jobjectArray with a lifetime like JObject. (#400)
• AutoElements and AutoElementsCritical (previously AutoArray/AutoPrimitiveArray) implement Deref<Target=[T]> and DerefMut so array elements can be accessed via slices without needing additional unsafe code. (#400)
• AsJArrayRaw trait which enables JNIEnv::get_array_length() to work with JPrimitiveArray or JObjectArray types (#400)
• InitArgsBuilder now has try_option and option_encoded methods. (#414)

Changed

• JNIEnv::get_string checks that the given object is a java.lang.String instance to avoid undefined behaviour from the JNI implementation potentially aborting the program. (#328)
• JNIEnv::call_*method_unchecked was marked unsafe, as passing improper argument types, or a bad number of arguments, can cause a JVM crash. (#385)
• The JNIEnv::new_object_unchecked function now takes arguments as &[jni::sys::jvalue] to avoid allocating, putting it inline with changes to JniEnv::call_*_unchecked from 0.20.0 (#382)
• The get_superclass function now returns an Option instead of a null pointer if the class has no superclass (#151)
• The invocation feature now locates the JVM implementation dynamically at runtime (via the java-locator crate by default) instead of linking with the JVM at build time (#293)
• Most JNIEnv methods now require &mut self. This improves safety by preventing JObjects from getting an invalid lifetime. Most native method implementations (that is, #[no_mangle] extern "system" fns) must now make the JNIEnv parameter mut. See the example on the crate documentation. (#392)
• JByteBuffer, JClass, JNIEnv, JObject, JString, and JThrowable no longer have the Clone or Copy traits. This improves safety by preventing object references from being used after the JVM deletes them. Most functions that take one of these types as a parameter (except extern fns that are directly called by the JVM) should now borrow it instead, e.g. &JObject instead of JObject. (#392)
• AutoLocal is now generic in the type of object reference (JString, etc). (#392)
• The closure passed to JNIEnv::with_local_frame must now take a &mut JNIEnv parameter, which has a different lifetime. This improves safety by preventing local references from escaping the closure, which would cause a use-after-free bug. Executor::with_attached and Executor::with_attached_capacity have been similarly changed. (#392)
• The closure passed to JNIEnv::with_local_frame can now return a generic Result<T, E> so long as the error implements From<jni::errors::Error> (#399)
• JNIEnv::with_local_frame now returns the same type that the given closure returns (#399)
• JNIEnv::with_local_frame no longer supports returning a local reference directly to the calling scope (see with_local_frame_returning_local) (#399)
• Executor::with_attached and Executor::with_attached_capacity have been changed in the same way as JNIEnv::with_local_frame (they are thin wrappers) (#399)
• Desc, JNIEnv::pop_local_frame, and TypeArray are now unsafe. (#392)
• The Desc trait now has an associated type Output. Many implementations now return AutoLocal, so if you call Desc::lookup yourself and then call as_raw on the returned object, make sure the AutoLocal isn't dropped too soon (see the Desc::lookup documentation for examples). (#392)
• The Desc<JClass> trait is no longer implemented for JObject or &JObject. The previous implementation that called .get_object_class() was surprising and a simpler cast would make it easy to mistakenly pass instances where a class is required. (#118)
• Named lifetimes in the documentation have more descriptive names (like 'local instead of 'a). The new naming convention is explained in the JNIEnv documentation. (#392)
• Object reference types (JObject, JClass, AutoLocal, GlobalRef, etc) now implement AsRef<JObject> and Deref<Target = JObject>. Typed wrappers like JClass also implement Into<JObject>, but GlobalRef does not. (#392)
• Most JList and JMap methods now require a &mut JNIEnv parameter. JListIter and JMapIter no longer implement Iterator, and instead have a next method that requires a &mut JNIEnv parameter (use while let loops instead of for). (#392)
• JValue has been changed in several ways: (#392)
  • It is now a generic type named JValueGen. JValue is now a type alias for JValueGen<&JObject>, that is, it borrows an object reference. JValueOwned is a type alias for JValueGen<JObject>, that is, it owns an object reference.
  • JValueOwned does not have the Copy trait.
  • The to_jni method is now named as_jni, and it borrows the JValueGen instead of taking ownership.
  • JObject can no longer be converted directly to JValue, which was commonly done when calling Java methods or constructors. Instead of obj.into(), use (&obj).into().

... (truncated)

Changelog

Sourced from jni's changelog.

[0.21.1] — 2023-03-08

Fixes

• Compilation is fixed for architectures with a C ABI that has unsigned char types. (#419)

[0.21.0] — 2023-02-13

This release makes extensive breaking changes in order to improve safety. Most projects that use this library will need to be changed. Please see the migration guide.

Added

• JavaStr::into_raw() which drops the JavaStr and releases ownership of the raw string pointer (#374)
• JavaStr::from_raw() which takes ownership of a raw string pointer to create a JavaStr (#374)
• JNIEnv::get_string_unchecked is a cheaper, unsafe alternative to get_string that doesn't check the given object is a java.lang.String instance. (#328)
• WeakRef and JNIEnv#new_weak_ref. (#304)
• define_class_bytearray method that takes an AutoElements<jbyte> rather than a &[u8] (#244)
• JObject now has an as_raw method that borrows the JObject instead of taking ownership like into_raw. Needed because JObject no longer has the Copy trait. (#392)
• JavaVM::destroy() (unsafe) as a way to try and unload a JavaVM on supported platforms (#391)
• JavaVM::detach_current_thread() (unsafe) as a way to explicitly detach a thread (normally this is automatic on thread exit). Needed to detach daemon threads manually if using JavaVM::destroy() (#391)
• JPrimitiveArray<T: TypeArray> and type-specific aliases like JByteArray, JIntArray etc now provide safe, reference wrappers for the sys types jarray and jbyteArray etc with a lifetime like JObject (#400)
• JObjectArray provides a reference wrapper for a jobjectArray with a lifetime like JObject. (#400)
• AutoElements and AutoElementsCritical (previously AutoArray/AutoPrimitiveArray) implement Deref<Target=[T]> and DerefMut so array elements can be accessed via slices without needing additional unsafe code. (#400)
• AsJArrayRaw trait which enables JNIEnv::get_array_length() to work with JPrimitiveArray or JObjectArray types (#400)
• InitArgsBuilder now has try_option and option_encoded methods. (#414)

Changed

• JNIEnv::get_string checks that the given object is a java.lang.String instance to avoid undefined behaviour from the JNI implementation potentially aborting the program. (#328)
• JNIEnv::call_*method_unchecked was marked unsafe, as passing improper argument types, or a bad number of arguments, can cause a JVM crash. (#385)
• The JNIEnv::new_object_unchecked function now takes arguments as &[jni::sys::jvalue] to avoid allocating, putting it inline with changes to JniEnv::call_*_unchecked from 0.20.0 (#382)
• The get_superclass function now returns an Option instead of a null pointer if the class has no superclass (#151)
• The invocation feature now locates the JVM implementation dynamically at runtime (via the java-locator crate by default) instead of linking with the JVM at build time (#293)
• Most JNIEnv methods now require &mut self. This improves safety by preventing JObjects from getting an invalid lifetime. Most native method implementations (that is, #[no_mangle] extern "system" fns) must now make the JNIEnv parameter mut. See the example on the crate documentation. (#392)
• JByteBuffer, JClass, JNIEnv, JObject, JString, and JThrowable no longer have the Clone or Copy traits. This improves safety by preventing object references from being used after the JVM deletes them. Most functions that take one of these types as a parameter (except extern fns that are directly called by the JVM) should now borrow it instead, e.g. &JObject instead of JObject. (#392)
• AutoLocal is now generic in the type of object reference (JString, etc). (#392)
• The closure passed to JNIEnv::with_local_frame must now take a &mut JNIEnv parameter, which has a different lifetime. This improves safety by preventing local references from escaping the closure, which would cause a use-after-free bug. Executor::with_attached and Executor::with_attached_capacity have been similarly changed. (#392)
• The closure passed to JNIEnv::with_local_frame can now return a generic Result<T, E> so long as the error implements From<jni::errors::Error> (#399)
• JNIEnv::with_local_frame now returns the same type that the given closure returns (#399)
• JNIEnv::with_local_frame no longer supports returning a local reference directly to the calling scope (see with_local_frame_returning_local) (#399)
• Executor::with_attached and Executor::with_attached_capacity have been changed in the same way as JNIEnv::with_local_frame (they are thin wrappers) (#399)
• Desc, JNIEnv::pop_local_frame, and TypeArray are now unsafe. (#392)
• The Desc trait now has an associated type Output. Many implementations now return AutoLocal, so if you call Desc::lookup yourself and then call as_raw on the returned object, make sure the AutoLocal isn't dropped too soon (see the Desc::lookup documentation for examples). (#392)
• The Desc<JClass> trait is no longer implemented for JObject or &JObject. The previous implementation that called .get_object_class() was surprising and a simpler cast would make it easy to mistakenly pass instances where a class is required. (#118)
• Named lifetimes in the documentation have more descriptive names (like 'local instead of 'a). The new naming convention is explained in the JNIEnv documentation. (#392)
• Object reference types (JObject, JClass, AutoLocal, GlobalRef, etc) now implement AsRef<JObject> and Deref<Target = JObject>. Typed wrappers like JClass also implement Into<JObject>, but GlobalRef does not. (#392)
• Most JList and JMap methods now require a &mut JNIEnv parameter. JListIter and JMapIter no longer implement Iterator, and instead have a next method that requires a &mut JNIEnv parameter (use while let loops instead of for). (#392)
• JValue has been changed in several ways: (#392)
  • It is now a generic type named JValueGen. JValue is now a type alias for JValueGen<&JObject>, that is, it borrows an object reference. JValueOwned is a type alias for JValueGen<JObject>, that is, it owns an object reference.
  • JValueOwned does not have the Copy trait.
  • The to_jni method is now named as_jni, and it borrows the JValueGen instead of taking ownership.
  • JObject can no longer be converted directly to JValue, which was commonly done when calling Java methods or constructors. Instead of obj.into(), use (&obj).into().
• All JNIEnv array APIs now work in terms of JPrimitiveArray and JObjectArray (reference wrappers with a lifetime) instead of sys types like jarray and jbyteArray (#400)

... (truncated)

Commits

• 09a5911 Merge pull request #431 from rib/release-0.21.1
• c79df46 Release 0.21.1
• b9a4161 Merge pull request #428 from argv-minus-one/fix-bench-build-failure
• 4c60725 Fix a build failure in the benchmark.
• 9e3b953 Merge pull request #419 from rib/signed-or-unsigned-options
• 20bbe33 Don't assume JavaVMOption::optionString is signed/unsigned
• 5099f42 Merge pull request #415 from rib/release-0.21
• c641cf8 Release 0.21.0
• a0c4c48 Merge pull request #414 from argv-minus-one/invocation-character-encoding
• 61d1e2c Properly encode JVM options on Windows.
• Additional commits viewable in compare view

Updates once_cell from 1.18.0 to 1.19.0

Changelog

Sourced from once_cell's changelog.

1.19.0

• Use portable-atomic instead of atomic-polyfill, #251.

Commits

• c48d3c2 Merge pull request #251 from taks/portable-atomic
• 8211d80 Fix CI
• 2715aa9 v1.19.0
• dffcae4 Fix CI
• de4cd9d Revert atomic-polyfill feature
• e26736f Fix CI
• 5f88676 Use portable_atomic instead of atomic-polyfill
• 874f937 clarify that MSRV does bump the minor version
• 3cd6549 Merge #245
• a2eabc9 Add --generate-link-to-definition option when building on docs.rs
• Additional commits viewable in compare view

Updates webpki-roots from 0.26.0 to 0.26.1

Release notes

Sourced from webpki-roots's releases.

0.26.1

Removed trust anchors:

• Expired SECOM Trust.net - Security Communication RootCA1

New trust anchors:

• Telekom Security TLS ECC Root 2020
• Telekom Security TLS RSA Root 2023

What's Changed

• doc: add example of how to use with rustls 0.22 by @​jsha in rustls/webpki-roots#58
• move CCADB fetching into a crate by @​mspiegel in rustls/webpki-roots#56
• Update rcgen requirement from 0.11.1 to 0.12.0 by @​dependabot in rustls/webpki-roots#59
• process upstream February root updates by @​cpu in rustls/webpki-roots#60

New Contributors

• @​jsha made their first contribution in rustls/webpki-roots#58
• @​mspiegel made their first contribution in rustls/webpki-roots#56

Full Changelog: rustls/webpki-roots@v/0.26.0...v/0.26.1

Commits

• 0ffea70 Cargo: version 0.26.0 -> 0.26.1
• d34ca74 process upstream February root updates
• eacbc6c Update rcgen requirement from 0.11.1 to 0.12.0
• 0df3d50 create wepki-ccadb crate
• 63aedbb create workspace with webpki-roots crate
• 46b65aa doc: add example of how to use with rustls 0.22
• See full diff in compare view

Updates core-foundation from 0.9.3 to 0.9.4

Commits

• 795398a Bump the version of core-foundation and the dependency on core-foundation-sys
• 64dd01a NSScreen (cocoa): Add maximumRefreshInterval and minimumRefreshInterval (#646)
• 58972ae Update to 2018 edition. (#642)
• eb41f50 Bump core-graphics-types version
• 723886f Only import SInt32 on macOS. (#641)
• 6484a6e ci: Update to actions/checkout@v4 (#640)
• 3ff7cc2 docs: Fix various markdown issues. (#639)
• c4f4ad2 feat: add link feature (#608)
• fbde503 Bump cocoa-foundation version
• 5be8e2c Bump core-text version (#638)
• Additional commits viewable in compare view

Updates core-foundation-sys from 0.8.4 to 0.8.6

Commits

• 64dd01a NSScreen (cocoa): Add maximumRefreshInterval and minimumRefreshInterval (#646)
• 58972ae Update to 2018 edition. (#642)
• eb41f50 Bump core-graphics-types version
• 723886f Only import SInt32 on macOS. (#641)
• 6484a6e ci: Update to actions/checkout@v4 (#640)
• 3ff7cc2 docs: Fix various markdown issues. (#639)
• c4f4ad2 feat: add link feature (#608)
• fbde503 Bump cocoa-foundation version
• 5be8e2c Bump core-text version (#638)
• 099bd27 rustfmt fixes (#637)
• Additional commits viewable in compare view

Updates security-framework from 2.9.2 to 2.10.0

Commits

• 39e64d8 Attempt to get CI green again
• ebcc98e Allow creating a SecAccessControl with a protection
• ee077dc Update test
• 7bb4b4a Bump min OS X version
• 854b810 Clippy
• 5bf85d6 security-framework::item::ItemSearchOptions: support trusted_only (#197)
• 24b239b Added access_control field to GenerateKeyOptions
• db0042e Use OSX_10_15 on docs.rs
• 67a610e Fix memory leak in SecStaticCode::from_path()
• 54d9050 Add missing targot os section
• Additional commits viewable in compare view

Updates security-framework-sys from 2.9.1 to 2.10.0

Commits

• 39e64d8 Attempt to get CI green again
• ebcc98e Allow creating a SecAccessControl with a protection
• ee077dc Update test
• 7bb4b4a Bump min OS X version
• 854b810 Clippy
• 5bf85d6 security-framework::item::ItemSearchOptions: support trusted_only (#197)
• 24b239b Added access_control field to GenerateKeyOptions
• db0042e Use OSX_10_15 on docs.rs
• 67a610e Fix memory leak in SecStaticCode::from_path()
• 54d9050 Add missing targot os section
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[cpu]

@dependabot ignore jni major version

[dependabot]

OK, I won't notify you about version 0.x.x of jni again, unless you unignore it.

[cpu]

@dependabot recreate

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.