fix(deps): update all#52
Open
renovate[bot] wants to merge 1 commit into
Open
Conversation
7d02e38 to
4d3606c
Compare
42f00ff to
4437abd
Compare
6346374 to
1cbe1ee
Compare
78cbbe1 to
8455599
Compare
e2197e6 to
d02cc84
Compare
d02cc84 to
d305d58
Compare
e5ff503 to
8c3172e
Compare
8c3172e to
0a933fc
Compare
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
0a933fc to
31c5aa5
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
1.11.1→1.12.10.1.3→0.1.41.8.1→1.10.10.27.7→0.27.96839151→93c56911.21.3→1.21.40.39.0→0.41.00.10.0→0.10.21.12.3→1.13.10.13.2→0.13.40.23.36→0.23.420.6.2→0.7.01.0.149→1.0.1503.4.0→3.5.03.26.0→3.27.01.49.0→1.52.41.21.0→1.24.0Release Notes
tokio-rs/bytes (bytes)
v1.12.1Compare Source
Fixed
Box::newpanics (#837)v1.12.0Compare Source
Added
BytesMut::extend_from_within()(#818)BytesMut::try_unsplit()(#746)Fixed
get_intifnbytesis zero (#806)Changed
Documented
BytesMut::{reserve,try_reserve}doesn't preserve unused capacity (#808)hyperium/http-body (http-body-util)
v0.1.4Compare Source
What's Changed
Fusedbody combinator that always returnsNoneonce completed.BodyExt::into_stream()to convert a body into aStream.Full::into_inner()to get the fullBuf.InspectFrameandInspectErrcombinators.hyperium/hyper (hyper)
v1.10.1Compare Source
Bug Fixes
v1.10.0Compare Source
Bug Fixes
NO_ERRORfrom early response (#3998) (e5ad96b1)Features
reset_stream_duration()client option (#4068) (156a6f6a, closes #2599)v1.9.0Compare Source
Bug Fixes
Features
max_local_error_reset_streamsoption (#4021) (57787459)v1.8.1 (2025-11-13)
Bug Fixes
matklad/once_cell (once_cell)
v1.21.4Compare Source
Fix unsoundness in
OnceCell::waitunder--features=parking_lot, #295.If thread A calls
wait, while thread B callsget_or_try_init(f), and, furthermore,fpanics,the
waitincorrectly returns and thread A observes uninitialized memory.Kudos to @meng-xu-cs for a nice find!
tafia/quick-xml (quick-xml)
v0.41.0Compare Source
New Features
NsReader::resolver_mut()andNamespaceResolver::{max_declarations_per_element, set_max_declarations_per_element}.Bug Fixes
Attributes(and anything that iteratesBytesStart::attributes()with the default
with_checks(true)) no longer takes O(N²) time on a starttag with a large number of attributes. Small tags keep the previous linear
scan; larger ones switch to a 64-bit hash pre-filter, so the whole tag is
O(N). The exact
AttrError::Duplicated(new, prev)positions are unchanged.NamespaceResolver::push(and hence everyNsReaderStart/Emptyevent) now rejects a start tag that declares more than
DEFAULT_MAX_DECLARATIONS_PER_ELEMENT(256)xmlns/xmlns:*namespacebindings, returning the new
NamespaceError::TooManyDeclarations. Previouslypushallocated oneNamespaceBindingper declaration with no upper bound,before the event was returned to the caller, so an
NsReaderconsumer couldnot bound its memory exposure on untrusted input. The limit is configurable
via
NamespaceResolver::set_max_declarations_per_element(useusize::MAXto disable).
v0.40.1Compare Source
Bug Fixes
unreachable!()panic in the serde deserializer when a DOCTYPEdeclaration appears between two text runs inside an element (e.g.
<a>x<!DOCTYPE y>z</a>). The DOCTYPE used to breakdrain_text'sconsecutive-text merge, so two
DeEvent::Textevents reachedread_textand tripped its "Cannot be two consequent Text events"invariant. DOCTYPE is now treated as transparent during text drain —
it still goes through the entity resolver, but the surrounding text
is merged into one run. Discovered via libFuzzer on a real-world
SAML deserializer harness.
Misc Changes
v0.40.0Compare Source
MSRV bumped to 1.79.
Now
quick-xmlsupports the UTF-16 encoded documents. See the newDecodingReadertype.New Features
#956: Add
DecodingReader, aBufReadadapter that auto-detects encodingfrom BOM or XML declaration and transcodes to UTF-8. Enabled by the
encodingfeature.#938: Add new enumeration
XmlVersionand typified getterBytesDecl::xml_version().#938: Add new error variant
IllFormedError::UnknownVersion.#371: Add new error variant
EscapeError::TooManyNestedEntities.#371: Improved compliance with the XML attribute value normalization process by adding
Attribute::normalized_value()Attribute::normalized_value_with()Attribute::decoded_and_normalized_value()Attribute::decoded_and_normalized_value_with()which ought to be used in place of deprecated
Attribute::unescape_value()Attribute::unescape_value_with()Attribute::decode_and_unescape_value()Attribute::decode_and_unescape_value_with()Deprecated functions now behaves the same as newly added.
Bug Fixes
Deserializerwhen parse XML 1.0 documents.Previously XML 1.1. rules was applied.
Misc Changes
.prefixes(),.resolve(),.resolve_attribute(), and.resolve_element()of
NsReader. Use.resolver().<...>methods instead.BytesText::xml_content,BytesCData::xml_contentandBytesRef::xml_contentaccepts
XmlVersionparameter to apply correct EOL normalization rules.read_text()now returnsBytesTextwhich allows you to get the content withproperly normalized EOLs. To get the previous behavior use
.read_text().decode()?.v0.39.4Compare Source
Bug Fixes
is split across
BufReaderchunks. As with #950, the returnedEvent::DocTypemay contain the malformed DTD; this fix only ensures thatthe parser does not panic.
<followedby 9+ bytes of unknown markup inside a DTD internal subset. Same disposition
as #957 / #950: parser must not panic; DTD validity reporting is a future
improvement.
v0.39.3Compare Source
Bug Fixes
Note, that currently we do not check the validity of DTD, so the returned
Event::DocTypemay contain the malformed DTD.
rust-random/rand (rand)
v0.10.2Compare Source
Fixes
UniformCharfrom bad source (#1790)Changes
partial_shuffleand apply#[must_use](#1769)unsafein contexts where non-local memory corruption could invalidate contract (#1791)v0.10.1Compare Source
This release includes a fix for a soundness bug; see #1763.
Changes
make_rngand add#[track_caller](#1761)log(#1763)rust-lang/regex (regex)
v1.13.1Compare Source
===================
This is a release that fixes a bug where incorrect regex match offsets could be
reported. Note that this doesn't impact whether a match occurs or not, just
where it occurs. The match offsets are still valid for slicing, they just may
not refer to the correct leftmost-first match. See
#1364 for (many) more details.
Bug fixes:
Fixes previously unsound reverse suffix and inner optimizations.
v1.13.0Compare Source
===================
This release includes a new API, a
regex!macro, for lazy compilation ofa regex from a string literal. If you use regexes a lot, it's likely you've
already written one exactly like it. The new macro can be used like this:
Improvements:
Add a new
regex!macro for efficient and automatic reuse of a compiled regex.v1.12.4Compare Source
===================
This release includes a performance optimization for compilation of regexes
with very large character classes.
Improvements:
Avoid re-canonicalizing the entire interval set when pushing new class ranges.
seanmonstar/reqwest (reqwest)
v0.13.4Compare Source
ClientBuilder::tls_sslkeylogfile(bool)option to allow using the related environment variable.ClientBuilder::http2_keep_alive_*options for theblockingclient.native-tlsbackend.v0.13.3Compare Source
/etc/resolv.conffails.STOP_SENDINGas not an error.serde-rs/json (serde_json)
v1.0.150Compare Source
palfrey/serial_test (serial_test)
v3.5.0Compare Source
What's Changed
New Contributors
Full Changelog: palfrey/serial_test@v3.4.0...v3.5.0
Stebalien/tempfile (tempfile)
v3.27.0Compare Source
This release adds
TempPath::try_from_pathand deprecatesTempPath::from_path.Prior to this release,
TempPath::from_pathmade no attempts to convert relative paths into absolute paths. The following code would have deleted the wrong file:Now:
TempPath::from_pathwill attempt to convert relative paths into absolute paths. However, this isn't always possible as we need to callstd::env::current_dir, which can fail. If we fail to convert the relative path to an absolute path, we simply keep the relative path.TempPath::try_from_pathbehaves exactly likeTempPath::from_path, except that it returns an error if we fail to convert a relative path into an absolute path (or if the passed path is empty).Neither function attempt to verify the existence of the file in question.
Thanks to @meng-xu-cs for reporting this issue.
tokio-rs/tokio (tokio)
v1.52.4: Tokio v1.52.4Compare Source
1.52.4 (July 16th, 2026)
Fixed
before_parkschedules work (#8222)Fixed (unstable)
v1.52.3: Tokio v1.52.3Compare Source
1.52.3 (May 8th, 2026)
Fixed
len()(#8062)OwnedPermit::release()method (#8075)RwLockhasmax_readers != 0(#8076)Emptyfromtry_recv()when mpsc is closed with outstanding permits (#8074)v1.52.2: Tokio v1.52.2Compare Source
1.52.2 (May 4th, 2026)
This release reverts the LIFO slot stealing change introduced in 1.51.0 (#7431), due to its performance impact. (#8100)
v1.52.1: Tokio v1.52.1Compare Source
1.52.1 (April 16th, 2026)
Fixed
spawn_blockingto hang (#8057)v1.52.0: Tokio v1.52.0Compare Source
1.52.0 (April 14th, 2026)
Added
AioSource::register_borrowedfor I/O safety support (#7992)try_iofunction tounix::pipesender and receiver types (#8030)Added (unstable)
Builder::enable_eager_driver_handoffsetting enable eager hand off of the I/O and time drivers before polling tasks (#8010)trace_with()for customized task dumps (#8025)impl FnMut()intrace_withinstead of justfn()(#8040)io_uringinAsyncReadforFile(#7907)Changed
spawn_blockingscalability with sharded queue (#7757)compare_exchange_weak()in worker queue (#8028)Fixed
Documented
oneshot::Sender::senddocs (#8026)sync::watch(#8035)ConnectionRefusederrors with UDP sockets (#7870)v1.51.4: Tokio v1.51.4Compare Source
1.51.4 (July 16th, 2026)
Fixed
before_parkschedules work (#8222)v1.51.3: Tokio v1.51.3Compare Source
1.51.3 (May 8th, 2026)
Fixed
len()(#8062)OwnedPermit::release()method (#8075)RwLockhasmax_readers != 0(#8076)Emptyfromtry_recv()when mpsc is closed with outstanding permits (#8074)v1.51.2: Tokio v1.51.1Compare Source
1.51.2 (May 4th, 2026)
This release reverts the LIFO slot stealing change introduced in 1.51.0 (#7431), due to its performance impact. (#8100)
v1.51.1: Tokio v1.51.1Compare Source
1.51.1 (April 8th, 2026)
Fixed
SO_ERRORonrecvfor UDP sockets on Linux (#8001)Fixed (unstable)
worker_local_schedule_counttest (#8008)v1.51.0: Tokio v1.51.0Compare Source
1.51.0 (April 3rd, 2026)
Added
get_peer_credon Hurd (#7989)tokio::runtime::worker_index()(#7921)LocalRuntime(#7557)Changed
Fixed
notify_waiterspriority inNotify(#7996)Chan::recv_manywhen called with non-empty vector on closed channel (#7991)v1.50.0: Tokio v1.50.0Compare Source
1.50.0 (Mar 3rd, 2026)
Added
TcpStream::set_zero_linger(#7837)is_rt_shutdown_err(#7771)Changed
memchrreturns in-bounds pointer (#7792)write_buf(#7871)event_intervalis set to 0 (#7838)SetConsoleCtrlHandler(#7833)Registry(#7885)Fixed
AsyncFdregistration list on deregister (#7773)usedeclarations intokio::select!(#7929)GET_BUF_SIZEconstant fortarget_os = "android"(#7889)current_threadifbefore_parkdefers waker (#7835)block_in_place(#7879)num_idle_threadson shutdown (#7910, #7918, #7922)Unstable
Documented
AsyncWriteExt::shutdown()(#7908)AsyncWritedocumentation (#7875)Runtime::spawn(#7803)event_intervaldoc (#7932)recvreturnsNoneonce closed and no more messages (#7920)spawn_blockingvs dedicated threads (#7923)JoinHandlecompletion (#7825)None(#7869)Builder::spawn_local(#7828)uuid-rs/uuid (uuid)
v1.24.0Compare Source
What's Changed
New Contributors
Full Changelog: uuid-rs/uuid@v1.23.5...v1.24.0
v1.23.5Compare Source
What's Changed
New Contributors
Full Changelog: uuid-rs/uuid@v1.23.4...v1.23.5
v1.23.4Compare Source
What's Changed
New Contributors
Full Changelog: uuid-rs/uuid@v1.23.3...v1.23.4
v1.23.3Compare Source
What's Changed
Full Changelog: uuid-rs/uuid@v1.23.2...v1.23.3
v1.23.2Compare Source
What's Changed
Full Changelog: uuid-rs/uuid@v1.23.1...v1.23.2
v1.23.1Compare Source
What's Changed
msrvfeature from wasm-bindgen dependency by @guybedford in #877New Contributors
Full Changelog: uuid-rs/uuid@v1.23.0...v1.23.1
v1.23.0Compare Source
What's Changed
New Contributors
Special thanks
@meng-xu-cs raised a series of bugs against the timestamp logic in
uuidusing automated tooling. The issues themselves were reasonably and responsibly presented and the end result is a betteruuidlibrary for everyone. Thanks!Deprecations
This release includes the following deprecations:
Context: Renamed toContextV1Timestamp::from_gregorian: Renamed toTimestamp::from_gregorian_timeChange to
Version::MaxVersion::Max'su8representation has changed from0xffto0x0fto match the value returned byUuid::get_version_num.Change to
Uuid::get_versionfor the max UUIDUuid::get_versionwill only returnSome(Version::Max)if the UUID is actually the max UUID (all bytes are0xff). Previously it would returnSomeif only the version field was0x0f. This change matches the behaviour of the nil UUID, which only returnsSome(Version::Nil)if the UUID is the nil UUID (all bytes are0x00).Full Changelog: uuid-rs/uuid@v1.22.0...v1.23.0
v1.22.0Compare Source
What's Changed
New Contributors
Full Changelog: uuid-rs/uuid@v1.21.0...v1.22.0
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.