Bump the dependencies group across 1 directory with 16 updates #132

dependabot · 2025-11-03T08:20:16Z

Bumps the dependencies group with 15 updates in the / directory:

Package	From	To
anyhow	`1.0.98`	`1.0.100`
bzip2	`0.5.2`	`0.6.1`
chrono	`0.4.41`	`0.4.42`
clap	`4.5.41`	`4.5.51`
duct	`0.13.7`	`1.1.0`
flate2	`1.1.2`	`1.1.5`
indicatif	`0.17.11`	`0.18.2`
lazy-regex	`3.4.1`	`3.4.2`
polars	`0.46.0`	`0.51.0`
rayon	`1.10.0`	`1.11.0`
rusqlite	`0.34.0`	`0.37.0`
serde_json	`1.0.141`	`1.0.145`
thiserror	`2.0.12`	`2.0.17`
tracing-subscriber	`0.3.19`	`0.3.20`
url	`2.5.4`	`2.5.7`

Updates anyhow from 1.0.98 to 1.0.100

Release notes

Sourced from anyhow's releases.

1.0.100

Teach clippy to lint formatting arguments in bail!, ensure!, anyhow! (#426)

1.0.99

Allow build-script cleanup failure with NFSv3 output directory to be non-fatal (#420)

Commits

18c2598 Release 1.0.100
f271988 Merge pull request #426 from dtolnay/clippyfmt
52f2115 Mark macros with clippy::format_args
da5fd9d Raise minimum tested compiler to rust 1.76
211e409 Opt in to generate-macro-expansion when building on docs.rs
b48fc02 Enforce trybuild >= 1.0.108
d5f59fb Update ui test suite to nightly-2025-09-07
238415d Update ui test suite to nightly-2025-08-24
3bab070 Update actions/checkout@v4 -> v5
4249254 Order cap-lints flag in the same order as thiserror build script
Additional commits viewable in compare view

Updates bzip2 from 0.5.2 to 0.6.1

Release notes

Sourced from bzip2's releases.

v0.6.0

Highlights

This release switches to libbz2-rs-sys as the default bzip2 backend. It is written in rust, making it much easier to cross-compile. The new implementation is also more performant.

The rust implementation does not export C symbols by default. An explicit dependency on libbz2-rs-sys and setting the export-symbols feature flag will fix that if needed.

The bzip2-sys feature flag can be used to continue to use the C backend (either the system library of a C version built from source).

This is a breaking release, given that we want this update to be opt-in. We've used the occasion to perform an MSRV bump to 1.82.0. The libbz2-rs-sys crate has the bzip2-1.0.6 license. Arguably, that is the license that bzip2-sys should have had too, given that it is just a wrapper of the original bzip2 (and libbz2-rs-sys is a derivative work). You may need to allow this license when using cargo-deny.

What's Changed

Release 0.6.0 by @folkertdev in trifectatechfoundation/bzip2-rs#141

Full Changelog: trifectatechfoundation/bzip2-rs@v0.5.2...v0.6.0

Commits

eebf6e4 release version 0.6.1
1ed41c4 Add MaybeUninit\<u8> (de)compress API
a165219 chore: remove redundant word in comment
422ae6d fix(bzip2-sys): license expression to be a valid spdx expression
21db697 ran cargo clippy --fix -- -A clippy::all -W clippy::use_self
71d5b03 Release 0.6.0
See full diff in compare view

Updates chrono from 0.4.41 to 0.4.42

Release notes

Sourced from chrono's releases.

0.4.42

What's Changed

Add fuzzer for DateTime::parse_from_str by @tyler92 in chronotope/chrono#1700

Fix wrong amount of micro/milliseconds by @nmlt in chronotope/chrono#1703

Add warning about MappedLocalTime and wasm by @lutzky in chronotope/chrono#1702

Fix incorrect parsing of fixed-length second fractions by @chris-leach in chronotope/chrono#1705

Fix cfgs for wasm32-linux support by @arjunr2 in chronotope/chrono#1707

Fix OpenHarmony's tzdata parsing by @ldm0 in chronotope/chrono#1679

Convert NaiveDate to/from days since unix epoch by @findepi in chronotope/chrono#1715

Add ?Sized bound to related methods of DelayedFormat::write_to by @Huliiiiii in chronotope/chrono#1721

Add from_timestamp_secs method to DateTime by @jasonaowen in chronotope/chrono#1719

Migrate to core::error::Error by @benbrittain in chronotope/chrono#1704

Upgrade to windows-bindgen 0.63 by @djc in chronotope/chrono#1730

strftime: simplify error handling by @djc in chronotope/chrono#1731

Commits

f3fd15f Bump version to 0.4.42
5cf5603 strftime: add regression test case
a623170 strftime: simplify error handling
36fbfb1 strftime: move specifier handling out of match to reduce rightward drift
7f413c3 strftime: yield None early
9d5dfe1 strftime: outline constants
e5f6be7 strftime: move error() method below caller
d516c27 strftime: merge impl blocks
0ee2172 strftime: re-order items to keep impls together
757a8b0 Upgrade to windows-bindgen 0.63
Additional commits viewable in compare view

Updates clap from 4.5.41 to 4.5.51

Release notes

Sourced from clap's releases.

v4.5.51

[4.5.51] - 2025-10-29

Fixes

(help) Correctly calculate padding for short flags that take a value

(help) Don't panic on short flags using ArgAction::Count

v4.5.50

[4.5.50] - 2025-10-20

Features

Accept Cow where String and &str are accepted

v4.5.48

[4.5.48] - 2025-09-19

Documentation

Add a new CLI Concepts document as another way of framing clap

Expand the typed_derive cookbook entry

v4.5.47

[4.5.47] - 2025-09-02

Features

Added impl FromArgMatches for ()

Added impl Args for ()

Added impl Subcommand for ()

Added impl FromArgMatches for Infallible

Added impl Subcommand for Infallible

Fixes

(derive) Update runtime error text to match clap

v4.5.46

[4.5.46] - 2025-08-26

Features

Expose StyledStr::push_str

v4.5.45

[4.5.45] - 2025-08-12

Fixes

... (truncated)

Changelog

Sourced from clap's changelog.

[4.5.51] - 2025-10-29

Fixes

(help) Correctly calculate padding for short flags that take a value

(help) Don't panic on short flags using ArgAction::Count

[4.5.50] - 2025-10-20

Features

Accept Cow where String and &str are accepted

[4.5.49] - 2025-10-13

Fixes

(help) Correctly wrap when ANSI escape codes are present

[4.5.48] - 2025-09-19

Documentation

Add a new CLI Concepts document as another way of framing clap

Expand the typed_derive cookbook entry

[4.5.47] - 2025-09-02

Features

Added impl FromArgMatches for ()

Added impl Args for ()

Added impl Subcommand for ()

Added impl FromArgMatches for Infallible

Added impl Subcommand for Infallible

Fixes

(derive) Update runtime error text to match clap

[4.5.46] - 2025-08-26

Features

Expose StyledStr::push_str

[4.5.45] - 2025-08-12

Fixes

... (truncated)

Commits

b49dae2 chore: Release
d37b0b5 docs: Update changelog
3398b6a Merge pull request #6009 from gtema/complete_try_generate
21fc9e4 feat(clap-complete): Introduce fallible generator
bd01bdc Merge pull request #6012 from epage/sub
ed0c63d docs(derive): Specify arg_required_else_help is set for users
e2188d9 chore(deps): Update Rust Stable to v1.87 (#6004)
e01f2b7 docs: Cleanup unused links
6b12a81 chore: Release
8dd92a7 docs: Update changelog
Additional commits viewable in compare view

Updates duct from 0.13.7 to 1.1.0

Commits

2757052 version 1.1.0
d2c8040 test_env_case_preserving
ae8814e use a mixed-case env var name in test_env_remove_case_sensitivity
944c126 add tests for EnvNameString
61f29ff avoid allocating in EnvNameString::hash
fc909f7 use case-insensitive strings for env var names on Windows
306bb5c clarify a comment in StdinBytesHandle::wait
ca531e2 improve the Expression docs
38fa270 wait_timeout and wait_deadline
0c90564 switch back to IntoRawFd/IntoRawHandle bounds
Additional commits viewable in compare view

Updates flate2 from 1.1.2 to 1.1.5

Release notes

Sourced from flate2's releases.

1.1.5

This bugfix release fixes #508, as flush didn't always work anymore in conjunction with miniz_oxide.

What's Changed

Revert flush change by @fintelia in rust-lang/flate2-rs#509

Full Changelog: rust-lang/flate2-rs@1.1.4...1.1.5

1.1.3

What's Changed

use zlibVersion() instead of a const for the version by @folkertdev in rust-lang/flate2-rs#491

Switch from adler2 to simd-adler32 crate when using miniz_oxide backend by @Shnatsel in rust-lang/flate2-rs#492

Correct documentation typo by @fintelia in rust-lang/flate2-rs#495

Use partial flushes with miniz_oxide backend by @fintelia in rust-lang/flate2-rs#496

Undo introducing straight up incorrect documentation by @Shnatsel in rust-lang/flate2-rs#497

Update cloudflare-zlib-sys crate by @jongiddy in rust-lang/flate2-rs#503

Add (de)compress_uninit that accepts &[MaybeUninit<u8>] by @NobodyXu in rust-lang/flate2-rs#502

bump the patch level for a new release by @Byron in rust-lang/flate2-rs#504

New Contributors

@fintelia made their first contribution in rust-lang/flate2-rs#495

Full Changelog: rust-lang/flate2-rs@1.1.2...1.1.3

Commits

2661fbb Merge pull request #509 from fintelia/revert-flush-change
bc36cf4 Bump patch version
4341fe2 Revert "Use partial flushes with miniz_oxide backend"
ac412e9 Merge pull request #506 from NobodyXu/patch-1
bf0315b Release flste2 1.1.4
350de28 Merge pull request #505 from NobodyXu/patch-1
29552c7 Fix docs.rs build
3be6590 Merge pull request #504 from Byron/release
7ad1bad bump the patch level for a new release
3cae7da Merge pull request #502 from NobodyXu/patch-1
Additional commits viewable in compare view

Updates indicatif from 0.17.11 to 0.18.2

Release notes

Sourced from indicatif's releases.

0.18.1

What's Changed

Do not render "current" char if no "current" char is configured by @Finomnis in console-rs/indicatif#719

Update vt100 requirement from 0.15.1 to 0.16.1 by @dependabot[bot] in console-rs/indicatif#723

Bump MSRV to 1.71 with versioned lockfile by @djc in console-rs/indicatif#735

Fix wide_bar width computation with a multiline message by @glehmann in console-rs/indicatif#738

0.18.0

Unfortunately 0.17.12 had to be yanked because the console upgrade was a semver-incompatible change. Rerelease as 0.18.0 instead.

What's Changed

Bump version to 0.18.0 by @djc in console-rs/indicatif#715

0.17.12

What's Changed

Add ProgressBar::force_draw by @jaheba in console-rs/indicatif#689

Use width to truncate HumanFloatCount values by @ReagentX in console-rs/indicatif#696

ProgressStyle enable/disable colors based on draw target by @tonywu6 in console-rs/indicatif#699

Switch dep number_prefix to unit_prefix by @kimono-koans in console-rs/indicatif#709

draw_target: inline the format arg to silence clippy by @chris-laplante in console-rs/indicatif#711

Upgrade to console 0.16 by @djc in console-rs/indicatif#712

Commits

See full diff in compare view

Updates lazy-regex from 3.4.1 to 3.4.2

Changelog

Sourced from lazy-regex's changelog.

Commits

See full diff in compare view

Updates polars from 0.46.0 to 0.51.0

Release notes

Sourced from polars's releases.

Rust Polars 0.51.0

💥 Breaking changes

Remove, deprecate or change eager Exprs to be lazy compatible (#24027)

🚀 Performance improvements

Use specialized decoding for all predicates for Parquet dictionary encoding (#24403)

Allocate only for read items when reading Parquet with predicate (#24401)

Don't aggregate groups for strict cast if original len (#24381)

Allocate only for read items when reading Parquet with predicate (#24324)

Native streaming int_range with len or count (#24280)

Lower arg_unique natively to the streaming engine (#24279)

Move unordering optimization to end (#24286)

Do ordering simplification step after common sub-plan elimination (#24269)

Always simplify order requirements in IR (#24192)

Basic de-duplication of filter expressions (#24220)

Cache the IR in pipe_with_schema (#24213)

Lower arg_where natively to streaming engine (#24088)

Lower Expr.shift to streaming engine (#24106)

Lower order-preserving groupby to streaming engine (#24053)

Lower .sort(maintain_order=True).head() to streaming top_k (#24014)

Lower top-k to streaming engine (#23979)

Allow order pass through Filters and relax to row-seperable instead of elementwise (#23969)

✨ Enhancements

Roundtrip BinaryOffset type through Parquet (#24344)

Add opt-in unstable functionality to load interval types as Struct (#24320)

Add user guide section on AWS role assumption (#24421)

Support unique / n_unique / arg_unique for array columns (#24406)

Support S3 virtual-hosted–style URI (#24405)

Remove explicit file create for local async writes (#24358)

Support Partitioning sinks in cloud (#24399)

User-friendly error message on empty path expansion (#24337)

Add Polars security policy (#24314)

Allow pl.Expr.log to take in an expression (#24226)

Implement diff() in streaming engine (#24189)

Enable Expr.diff(n) for negative n (#24200)

Allow upcasting null-typed columns to nested column types in scans (#24185)

Log pyarrow predicate conversion result in sensitive verbose logs (#24186)

Add a deprecation warning for pl.Series.shift(Null) (#24114)

Improve Debug formatting of DataType (#24056)

Add cum_* as native streaming nodes (#23977)

Add peak_{min,max} support for booleans (#24068)

Add DataFrame.map_columns for eager evaluation (#23821)

Add native streaming for peaks_{min,max} (#24039)

IR graph arrows, monospace font, box nodes (#24021)

Add DataTypeExpr.default_value (#23973)

Lower rle to a native streaming engine node (#23929)

... (truncated)

Commits

400ca33 chore: Update versions (#24508)
2155cbf fix: Ignore Iceberg list element ID if missing (#24479)
1ad3d5d chore(python): Add additional unit tests for pl.concat (#24487)
e2d9e26 fix: Fix panic on streaming full join with coalesce (#23409)
6505e1e test: Refactor parametric tests for as_struct on aggstates (#24493)
ea109ed perf: Native streaming .mode() expression (#24459)
c42929d refactor: Use PlanCallback in name.map_* (#24484)
152e176 feat(python): Add unstable pl.Config.set_default_credential_provider (#24434)
cdd247a fix: Fix AggState on all_literal in BinaryExpr (#24461)
b0d2b8c refactor(rust): Replace unsafe with collect (#24494)
Additional commits viewable in compare view

Updates rayon from 1.10.0 to 1.11.0

Changelog

Sourced from rayon's changelog.

Release rayon 1.11.0 / rayon-core 1.13.0 (2025-08-12)

The minimum supported rustc is now 1.80.

iter::repeatn has been renamed to iter::repeat_n to match the name stabilized in the standard library. The old name still exists as a deprecated function for compatibility.

Fixed a bug in in_place_scope when the default global registry uses the current thread, like on WebAssembly without threading support.

binary_heap::Iter no longer requires a temporary allocation.

Relaxed trait bounds on many of the public structs.

Implemented IntoParallelIterator for Box<[T]> and its references.

Implemented FromParallelIterator<_> for Box<str> via String.

Commits

6236214 Merge #1031
652f111 Release rayon 1.7.0 and rayon-core 1.11.0
7df001d Tweak plumbing consumer description
322dfe8 Merge #1026
099241d Merge #1030
a17bcb9 Fix inappropriate use of slice::as_mut_ptr
98077fe Be more cautious about drain drops
7069695 Merge #1028
874ff73 Fix docs for the yield None case on ThreadPool
58f7b7e Be careful comparing job_ref.execute_fn
Additional commits viewable in compare view

Updates rusqlite from 0.34.0 to 0.37.0

Release notes

Sourced from rusqlite's releases.

0.37.0

What's Changed

Add FromSqlError::other convenience conversion #1703

Fix warnings #1705

Update bindgen requirement from 0.71 to 0.72 #1707

Fix for vtab::parameter parsing #1712

Fix clippy warning #1713

Bump bundled SQLite version to 3.50.2 #1714

Fix issue with prettyplease #1717

Full Changelog: rusqlite/rusqlite@v0.36.0...v0.37.0

0.36.0

What's Changed

Introduce Name trait to support both &str and &CStr as name #1659

Use doc_auto_cfg #1683

Feature loadable_extension is incompatible with some other features #1686

Add missing wrappers for sqlite3_vtab_nochange and sqlite3_value_nochange #1688

Update bindings list #1689

Homogenize code related to hooks #1690

Try to increase code coverage #1610

Bump bundled SQLite version to 3.49.2 #1691

Add bindings to sqlite3_table_column_metadata #1692

Add bindings to sqlite3_vtab_distinct #1695

Fix clippy warning #1697

Add query_one #1699

Refactor one_column test method #1700

Full Changelog: rusqlite/rusqlite@v0.35.0...v0.36.0

0.35.0

What's Changed

Document 'rusqlite-macros' and 'jiff' features #1663

access column metadata from prepared statement #1672 / #1666

add support for Jiff's Timestamp #1676

Breaking change: Check that Connection::execute has no tail #1679 / #397

Breaking change: Check for multiple statements in prepare #1680 / #1147

Full Changelog: rusqlite/rusqlite@v0.34.0...v0.35.0

Commits

44e0ef9 Merge pull request #1718 from gwenn/0.37.0
45d2505 Prepare next release
258388e Merge pull request #1717 from gwenn/prettyplease
97ddb28 Try to fix issue with prettyplease
da7ba5a Merge pull request #1714 from gwenn/3.50.2
5c2294b Bump bundled SQLite version to 3.50.2
4955615 Merge pull request #1713 from gwenn/clippy
81e3059 Fix clippy warning
8a19998 Merge pull request #1712 from kfdm/vtab-parameter-fix
de78f7e Fix for vtab::parameter parsing
Additional commits viewable in compare view

Updates serde from 1.0.219 to 1.0.228

Release notes

Sourced from serde's releases.

v1.0.228

Allow building documentation with RUSTDOCFLAGS='--cfg=docsrs' set for the whole dependency graph (#2995)

v1.0.227

Documentation improvements (#2991)

v1.0.226

Deduplicate variant matching logic inside generated Deserialize impl for adjacently tagged enums (#2935, thanks @Mingun)

v1.0.225

Avoid triggering a deprecation warning in derived Serialize and Deserialize impls for a data structure that contains its own deprecations (#2879, thanks @rcrisanti)

v1.0.224

Remove private types being suggested in rustc diagnostics (#2979)

v1.0.223

Fix serde_core documentation links (#2978)

v1.0.222

Make serialize_with attribute produce code that works if respanned to 2024 edition (#2950, thanks @aytey)

v1.0.221

Documentation improvements (#2973)

Deprecate serde_if_integer128! macro (#2975)

v1.0.220

Add a way for data formats to depend on serde traits without waiting for serde_derive compilation: https://docs.rs/serde_core (#2608, thanks @osiewicz)

Commits

a866b33 Release 1.0.228
5adc9e8 Merge pull request #2995 from dtolnay/rustdocflags
ab58178 Workaround for RUSTDOCFLAGS='--cfg=docsrs'
415d9fc Release 1.0.227
7c58427 Merge pull request #2991 from dtolnay/inlinecoredoc
9d3410e Merge pull request #2992 from dtolnay/inplaceseed
2fb6748 Remove InPlaceSeed public re-export
f8137c7 Inline serde_core into serde in docsrs mode
b7dbf7e Merge pull request #2990 from dtolnay/integer128
7c83691 No longer macro_use integer128 module
Additional commits viewable in compare view

Updates serde_json from 1.0.141 to 1.0.145

Release notes

Sourced from serde_json's releases.

v1.0.145

Raise serde version requirement to >=1.0.220

v1.0.144

Switch serde dependency to serde_core (#1285)

v1.0.143

Implement Clone and Debug for serde_json::Map iterators (#1264, thanks @xlambein)

Implement Default for CompactFormatter (#1268, thanks @SOF3)

Implement FromStr for serde_json::Map (#1271, thanks @mickvangelderen)

v1.0.142

impl Default for &Value (#1265, thanks @aatifsyed)

Commits

efa66e3 Release 1.0.145
23679e2 Add serde version constraint
fc27baf Release 1.0.144
caef3c6 Ignore uninlined_format_args pedantic clippy lint
81ba3aa Merge pull request #1285 from dtolnay/serdecore
d21e8ce Switch serde dependency to serde_core
6beb6cd Merge pull request #1286 from dtolnay/up
1dbc803 Raise required compiler to Rust 1.61
0bf5d87 Enforce trybuild >= 1.0.108
d12e943 Update actions/checkout@v4 -> v5
Additional commits viewable in compare view

Updates thiserror from 2.0.12 to 2.0.17

Release notes

Sourced from thiserror's releases.

2.0.17

Use differently named __private module per patch release (#434)

2.0.16

Add to "no-std" crates.io category (#429)

2.0.15

Prevent Error::provide API becoming unavailable from a future new compiler lint (#427)

2.0.14

Allow build-script cleanup failure with NFSv3 output directory to be non-fatal (#426)

2.0.13

Documentation improvements

Commits

72ae716 Release 2.0.17
599fdce Merge pull request #434 from dtolnay/private
9ec05f6 Use differently named __private module per patch release
d2c492b Raise minimum tested compiler to rust 1.76
fc3ab95 Opt in to generate-macro-expansion when building on docs.rs
819fe29 Update ui test suite to nightly-2025-09-12
259f48c Enforce trybuild >= 1.0.108
470e6a6 Update ui test suite to nightly-2025-08-24
544e191 Update actions/checkout@v4 -> v5
cbc1eba Delete duplicate cap-lints flag from build script
Additional commits viewable in compare view

Updates tracing-subscriber from 0.3.19 to 0.3.20

Release notes

Sourced from tracing-subscriber's releases.

tracing-subscriber 0.3.20

Security Fix: ANSI Escape Sequence Injection (CVE-TBD)

Impact

Previous versions of tracing-subscriber were vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into terminal output when logged, potentially allowing attackers to:

Manipulate terminal title bars

Clear screens or modify terminal display

Potentially mislead users through terminal manipulation

In isolation, impact is minimal, however security issues have been found in terminal emulators that enabled an attacker to use ANSI escape sequences via logs to exploit vulnerabilities in the terminal emulator.

Solution

Version 0.3.20 fixes this vulnerability by escaping ANSI control characters in when writing events to destinations that may be printed to the terminal.

Affected Versions

All versions of tracing-subscriber prior to 0.3.20 are affected by this vulnerability.

Recommendations

Immediate Action Required: We recommend upgrading to tracing-subscriber 0.3.20 immediately, especially if your application:

Logs user-provided input (form data, HTTP headers, query parameters, etc.)

Runs in environments where terminal output is displayed to users

Migration

This is a patch release with no breaking API changes. Simply update your Cargo.toml:
[dependencies]
tracing-subscriber = "0.3.20"
Acknowledgments

We would like to thank zefr0x who responsibly reported the issue at security@tokio.rs.

If you believe you have found a security vulnerability in any tokio-rs project, please email us at security@tokio.rs.

Commits

4c52ca5 fmt: fix ANSI escape sequence injection vulnerability (#3368)
f71cebe subscriber: impl Clone for EnvFilter (#3360)
3a1f571 Fix CI (#3361)
e63ef57 chore: prepare tracing-attributes 0.1.30 (#3316)
6e59a13 attributes: fix tracing::instrument regression around shadowing (#3311)
e4df761 tracing: update core to 0.1.34 and attributes to 0.1.29 (#3305)
643f392 chore: prepare tracing-attributes 0.1.29 (#3304)
d08e7a6 chore: prepare tracing-core 0.1.34 (#3302)
6e70c57 tracing-subscriber: count numbers of enters in Timings (#2944)
c01d4fd fix docs and enable CI on main branch (#3295)
Additional commits viewable in compare view

Updates url from 2.5.4 to 2.5.7

Release notes

Sourced from url's releases.

v2.5.7

What's Changed

v.2.5.6

Bump versions by @valenting in servo/rust-url#1062

version bump to 2.5.6 by @edgul in servo/rust-url#1065

Use no-std instead of no_std in Cargo.toml by @valenting in servo/rust-url#1064

fix: add Serde std feature if needed by @reneca in servo/rust-url#1068

v.2.5.7

make serde std feature use optional syntax by @klensy in servo/rust-url#1071

New Contributors

@reneca made their first contribution in servo/rust-url#1068

Full Changelog: servo/rust-url@v2.5.5...v2.5.7

v2.5.5

What's Changed

ci: downgrade crates when building for Rust 1.67.0 by @mxinden in servo/rust-url#1003

ci: run unit tests with sanitizers by @mxinden in servo/rust-url#1002

fix small typo by @hkBst in servo/rust-url#1011

chore: fix clippy errors on main by @dsherret in servo/rust-url#1019

perf: remove heap allocation in parse_query by @dsherret in servo/rust-url#1020

perf: slightly improve parsing a port by @dsherret in servo/rust-url#1022

perf: improve to_file_path() by

Bumps the dependencies group with 15 updates in the / directory: | Package | From | To | | --- | --- | --- | | [anyhow](https://github.com/dtolnay/anyhow) | `1.0.98` | `1.0.100` | | [bzip2](https://github.com/trifectatechfoundation/bzip2-rs) | `0.5.2` | `0.6.1` | | [chrono](https://github.com/chronotope/chrono) | `0.4.41` | `0.4.42` | | [clap](https://github.com/clap-rs/clap) | `4.5.41` | `4.5.51` | | [duct](https://github.com/oconnor663/duct.rs) | `0.13.7` | `1.1.0` | | [flate2](https://github.com/rust-lang/flate2-rs) | `1.1.2` | `1.1.5` | | [indicatif](https://github.com/console-rs/indicatif) | `0.17.11` | `0.18.2` | | [lazy-regex](https://github.com/Canop/lazy-regex) | `3.4.1` | `3.4.2` | | [polars](https://github.com/pola-rs/polars) | `0.46.0` | `0.51.0` | | [rayon](https://github.com/rayon-rs/rayon) | `1.10.0` | `1.11.0` | | [rusqlite](https://github.com/rusqlite/rusqlite) | `0.34.0` | `0.37.0` | | [serde_json](https://github.com/serde-rs/json) | `1.0.141` | `1.0.145` | | [thiserror](https://github.com/dtolnay/thiserror) | `2.0.12` | `2.0.17` | | [tracing-subscriber](https://github.com/tokio-rs/tracing) | `0.3.19` | `0.3.20` | | [url](https://github.com/servo/rust-url) | `2.5.4` | `2.5.7` | Updates `anyhow` from 1.0.98 to 1.0.100 - [Release notes](https://github.com/dtolnay/anyhow/releases) - [Commits](dtolnay/anyhow@1.0.98...1.0.100) Updates `bzip2` from 0.5.2 to 0.6.1 - [Release notes](https://github.com/trifectatechfoundation/bzip2-rs/releases) - [Commits](trifectatechfoundation/bzip2-rs@v0.5.2...v0.6.1) Updates `chrono` from 0.4.41 to 0.4.42 - [Release notes](https://github.com/chronotope/chrono/releases) - [Changelog](https://github.com/chronotope/chrono/blob/main/CHANGELOG.md) - [Commits](chronotope/chrono@v0.4.41...v0.4.42) Updates `clap` from 4.5.41 to 4.5.51 - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](clap-rs/clap@clap_complete-v4.5.41...clap_complete-v4.5.51) Updates `duct` from 0.13.7 to 1.1.0 - [Commits](oconnor663/duct.rs@0.13.7...1.1.0) Updates `flate2` from 1.1.2 to 1.1.5 - [Release notes](https://github.com/rust-lang/flate2-rs/releases) - [Commits](rust-lang/flate2-rs@1.1.2...1.1.5) Updates `indicatif` from 0.17.11 to 0.18.2 - [Release notes](https://github.com/console-rs/indicatif/releases) - [Commits](https://github.com/console-rs/indicatif/commits) Updates `lazy-regex` from 3.4.1 to 3.4.2 - [Changelog](https://github.com/Canop/lazy-regex/blob/main/CHANGELOG.md) - [Commits](https://github.com/Canop/lazy-regex/commits) Updates `polars` from 0.46.0 to 0.51.0 - [Release notes](https://github.com/pola-rs/polars/releases) - [Commits](pola-rs/polars@rs-0.46.0...rs-0.51.0) Updates `rayon` from 1.10.0 to 1.11.0 - [Changelog](https://github.com/rayon-rs/rayon/blob/main/RELEASES.md) - [Commits](rayon-rs/rayon@rayon-core-v1.10.0...rayon-core-v1.11.0) Updates `rusqlite` from 0.34.0 to 0.37.0 - [Release notes](https://github.com/rusqlite/rusqlite/releases) - [Changelog](https://github.com/rusqlite/rusqlite/blob/master/Changelog.md) - [Commits](rusqlite/rusqlite@v0.34.0...v0.37.0) Updates `serde` from 1.0.219 to 1.0.228 - [Release notes](https://github.com/serde-rs/serde/releases) - [Commits](serde-rs/serde@v1.0.219...v1.0.228) Updates `serde_json` from 1.0.141 to 1.0.145 - [Release notes](https://github.com/serde-rs/json/releases) - [Commits](serde-rs/json@v1.0.141...v1.0.145) Updates `thiserror` from 2.0.12 to 2.0.17 - [Release notes](https://github.com/dtolnay/thiserror/releases) - [Commits](dtolnay/thiserror@2.0.12...2.0.17) Updates `tracing-subscriber` from 0.3.19 to 0.3.20 - [Release notes](https://github.com/tokio-rs/tracing/releases) - [Commits](tokio-rs/tracing@tracing-subscriber-0.3.19...tracing-subscriber-0.3.20) Updates `url` from 2.5.4 to 2.5.7 - [Release notes](https://github.com/servo/rust-url/releases) - [Commits](servo/rust-url@v2.5.4...v2.5.7) --- updated-dependencies: - dependency-name: anyhow dependency-version: 1.0.100 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: bzip2 dependency-version: 0.6.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: chrono dependency-version: 0.4.42 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: clap dependency-version: 4.5.51 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: duct dependency-version: 1.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: flate2 dependency-version: 1.1.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: indicatif dependency-version: 0.18.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: lazy-regex dependency-version: 3.4.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: polars dependency-version: 0.51.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: rayon dependency-version: 1.11.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: rusqlite dependency-version: 0.37.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: serde dependency-version: 1.0.228 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: serde_json dependency-version: 1.0.145 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: thiserror dependency-version: 2.0.17 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: tracing-subscriber dependency-version: 0.3.20 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: url dependency-version: 2.5.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file rust Pull requests that update Rust code labels Nov 3, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the dependencies group across 1 directory with 16 updates #132

Bump the dependencies group across 1 directory with 16 updates #132

Uh oh!

dependabot bot commented on behalf of github Nov 3, 2025 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Bump the dependencies group across 1 directory with 16 updates #132

Are you sure you want to change the base?

Bump the dependencies group across 1 directory with 16 updates #132

Uh oh!

Conversation

dependabot bot commented on behalf of github Nov 3, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

1.0.100

1.0.99

v0.6.0

Highlights

What's Changed

0.4.42

What's Changed

v4.5.51

[4.5.51] - 2025-10-29

Fixes

v4.5.50

[4.5.50] - 2025-10-20

Features

v4.5.48

[4.5.48] - 2025-09-19

Documentation

v4.5.47

[4.5.47] - 2025-09-02

Features

Fixes

v4.5.46

[4.5.46] - 2025-08-26

Features

v4.5.45

[4.5.45] - 2025-08-12

Fixes

[4.5.51] - 2025-10-29

Fixes

[4.5.50] - 2025-10-20

Features

[4.5.49] - 2025-10-13

Fixes

[4.5.48] - 2025-09-19

Documentation

[4.5.47] - 2025-09-02

Features

Fixes

[4.5.46] - 2025-08-26

Features

[4.5.45] - 2025-08-12

Fixes

1.1.5

What's Changed

1.1.3

What's Changed

New Contributors

0.18.1

What's Changed

0.18.0

What's Changed

0.17.12

What's Changed

Rust Polars 0.51.0

💥 Breaking changes

🚀 Performance improvements

✨ Enhancements

Release rayon 1.11.0 / rayon-core 1.13.0 (2025-08-12)

0.37.0

What's Changed

0.36.0

What's Changed

0.35.0

What's Changed

v1.0.228

v1.0.227

v1.0.226

v1.0.225

v1.0.224

v1.0.223

v1.0.222

v1.0.221

v1.0.220

v1.0.145

dependabot bot commented on behalf of github Nov 3, 2025 •

edited

Loading