fix(deps): update all dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
age	dependencies	minor	0.10.0 -> 0.11.0
clap	dependencies	patch	4.5.20 -> 4.5.38
ctrlc	dependencies	patch	3.4.5 -> 3.4.7
dirs	dependencies	major	^5.0.1 -> ^6.0.0
keyring	dependencies	patch	3.6.1 -> 3.6.2
promkit	dependencies	minor	0.5.0 -> 0.9.0
rand (source)	dependencies	minor	^0.8.5 -> ^0.9.0
serde (source)	dependencies	patch	1.0.213 -> 1.0.219
serde_derive (source)	dependencies	patch	1.0.213 -> 1.0.219
serde_json	dependencies	patch	1.0.132 -> 1.0.140
sha2	dependencies	patch	0.10.8 -> 0.10.9

---

Release Notes

str4d/rage (age)

v0.11.1: rage v0.11.1

Compare Source

Security

Fixed a security vulnerability that could allow an attacker to execute an arbitrary binary under certain conditions. See GHSA-4fg7-vxc8-qx5w. Plugin names are now required to only contain alphanumeric characters or the four special characters +-._. Thanks to ⬡-49016 for reporting this issue.

v0.11.0: rage v0.11.0

Compare Source

rage

Added

• Partial French translation!

Fixed

• [Unix] Files can now be encrypted with rage --passphrase when piped over stdin, without requiring an explicit - argument as INPUT.

age

Added

• New streamlined APIs for use with a single recipient or identity and a small amount of data (that can fit entirely in memory):
  • age::encrypt
  • age::encrypt_and_armor
  • age::decrypt
• age::Decryptor::{decrypt, decrypt_async, is_scrypt}
• age::IdentityFile::to_recipients
• age::IdentityFile::with_callbacks
• age::IdentityFile::write_recipients_file
• age::IdentityFileConvertError
• age::NoCallbacks
• age::scrypt, providing recipient and identity types for passphrase-based encryption.
• Partial French translation!

Changed

• Migrated to i18n-embed 0.15, secrecy 0.10.
• age::Encryptor::with_recipients now takes recipients by reference instead of by value. This aligns it with age::Decryptor (which takes identities by reference), and also means that errors with recipients are reported earlier. This causes the following changes to the API:
  • Encryptor::with_recipients takes impl Iterator<Item = &'a dyn Recipient> instead of Vec<Box<dyn Recipient + Send>>.
  • Verification of recipients and generation of stanzas now happens in Encryptor::with_recipients instead of Encryptor::wrap_output and Encryptor::wrap_async_output.
  • Encryptor::with_recipients returns Result<Self, EncryptError> instead of Option<Self>, and Encryptor::{wrap_output, wrap_async_output} return io::Result<StreamWriter<W>> instead of Result<StreamWriter<W>, EncryptError>.
  • age::EncryptError has a new variant MissingRecipients, taking the place of the None that Encryptor::with_recipients could previously return.
• age::Decryptor is now an opaque struct instead of an enum with Recipients and Passphrase variants.
• age::IdentityFile now has a C: Callbacks generic parameter, which defaults to NoCallbacks.
• age::IdentityFile::into_identities now returns Result<Vec<Box<dyn crate::Identity>>, DecryptError> instead of Vec<IdentityFileEntry>.
• age::Recipient::wrap_file_key now returns (Vec<Stanza>, HashSet<String>): a tuple of the stanzas to be placed in an age file header, and labels that constrain how the stanzas may be combined with those from other recipients.
• age::plugin::RecipientPluginV1 now supports the labels extension.

Fixed

• age::cli_common::read_identities once again correctly parses identity files that are a single line without a trailing newline. This broke in 0.10.0 due to an unrelated refactor.

Removed

• age::decryptor::PassphraseDecryptor (use age::Decryptor with age::scrypt::Identity instead).
• age::decryptor::RecipientsDecryptor (use age::Decryptor instead).
• age::IdentityFileEntry

age-plugin 0.6.0

Added

• age_plugin::PluginHandler
• impl age_plugin::identity::IdentityPluginV1 for std::convert::Infallible
• impl age_plugin::recipient::RecipientPluginV1 for std::convert::Infallible

Changed

• Migrated to age-core 0.11.
• age_plugin::recipient::RecipientPluginV1 has a new labels method. Existing implementations of the trait should either return HashSet::new() to maintain existing compatibility, or return labels that apply the desired constraints.
• age_plugin::run_state_machine now supports the recipient-v1 labels extension.

Fixed

• age_plugin::run_state_machine now takes an impl age_plugin::PluginHandler argument, instead of its previous arguments.
  • This fixes the change from the previous release, because the type parameters were basically impossible to set correctly when attempting to pass None.

age-core

Added

• age_core::format:
  • FileKey::new
  • FileKey::init_with_mut
  • FileKey::try_init_with_mut
  • is_arbitrary_string

Changed

• Migrated to secrecy 0.10.
• age::plugin::Connection::unidir_receive now takes an additional argument to enable handling an optional fourth command.

New Contributors

• @​AnomalRoil made their first contribution in https://github.com/str4d/rage/pull/499
• @​pavelzw made their first contribution in https://github.com/str4d/rage/pull/492
• @​BoostCookie made their first contribution in https://github.com/str4d/rage/pull/513

Full Changelog: str4d/rage@v0.10.0...v0.11.0

clap-rs/clap (clap)

v4.5.38

Compare Source

Fixes

• (help) When showing aliases, include leading -- or -

v4.5.37

Compare Source

Features

• Added ArgMatches::try_clear_id()

v4.5.36

Compare Source

Fixes

• (help) Revert 4.5.35's "Don't leave space for shorts if there are none" for now

v4.5.35

Compare Source

Fixes

• (help) Align positionals and flags when put in the same help_heading
• (help) Don't leave space for shorts if there are none

v4.5.34

Compare Source

Fixes

• (help) Don't add extra blank lines with flatten_help(true) and subcommands without arguments

v4.5.33

Compare Source

Fixes

• (error) When showing the usage of a suggestion for an unknown argument, don't show the group

v4.5.32

Compare Source

Features

• Add Error::remove

Documentation

• (cookbook) Switch from humantime to jiff
• (tutorial) Better cover required vs optional

Internal

• Update pulldown-cmark

v4.5.31

Compare Source

Features

• Add ValueParserFactory for Saturating<T>

v4.5.30

Compare Source

Fixes

• (assert) Allow num_args(0..=1) to be used with SetTrue
• (assert) Clean up rendering of takes_values assertions

v4.5.29

Compare Source

Fixes

• Change ArgMatches::args_present so not-present flags are considered not-present (matching the documentation)

v4.5.28

Compare Source

Features

• (derive) Unstable support for full markdown syntax for doc comments, enabled with unstable-markdown

v4.5.27

Compare Source

Documentation

• Iterate on tutorials and reference based on feedback

v4.5.26

Compare Source

Fixes

• (error) Reduce binary size with the suggestions feature

v4.5.25

Compare Source

Fixes

• (help) Reduce binary size

v4.5.24

Compare Source

Fixes

• (parser) Correctly handle defaults with ignore_errors(true) and when a suggestion is provided for an unknown argument

v4.5.23

Compare Source

Fixes

• (parser) When check allow_negative_numbers, allow E again

v4.5.22

Compare Source

Fixes

• (assert) Catch bugs with arguments requiring themself

v4.5.21

Compare Source

Fixes

• (parser) Ensure defaults are filled in on error with ignore_errors(true)

Detegr/rust-ctrlc (ctrlc)

v3.4.7

Compare Source

What's Changed

• Update nix by @​Berrysoft in https://github.com/Detegr/rust-ctrlc/pull/131

New Contributors

• @​Berrysoft made their first contribution in https://github.com/Detegr/rust-ctrlc/pull/131

Full Changelog: Detegr/rust-ctrlc@3.4.6...3.4.7

v3.4.6

Compare Source

What's Changed

• Add support for tvOS, visionOS and watchOS by @​madsmtm in https://github.com/Detegr/rust-ctrlc/pull/128

New Contributors

• @​madsmtm made their first contribution in https://github.com/Detegr/rust-ctrlc/pull/128

Full Changelog: Detegr/rust-ctrlc@3.4.5...3.4.6

hwchen/keyring-rs (keyring)

v3.6.2

Compare Source

• Have docs.rs build docs for all modules on all platforms (thanks to @​unkcpz - see #​235).
• Switch to fastrand for tests (see #​237).

ynqa/promkit (promkit)

v0.9.1

Compare Source

What's Changed

• playground to debug what crossterm events happen by @​ynqa in https://github.com/ynqa/promkit/pull/60
• bump up crossterm version v0.28.1 => v0.29.0 by @​ynqa in https://github.com/ynqa/promkit/pull/61

Full Changelog: ynqa/promkit@v0.9.0...v0.9.1

v0.9.0

Compare Source

What's Changed

• feat: separate crates into core/widgets by @​ynqa in https://github.com/ynqa/promkit/pull/57

Full Changelog: ynqa/promkit@v0.8.0...v0.9.0

v0.8.0

Compare Source

What's Changed

• feat: scrollable text by @​ynqa in https://github.com/ynqa/promkit/pull/53
• Revert "Add custom writer" by @​ynqa in https://github.com/ynqa/promkit/pull/55
• v0.8.0 by @​ynqa in https://github.com/ynqa/promkit/pull/54

Full Changelog: ynqa/promkit@v0.7.0...v0.8.0

v0.7.0

Compare Source

What's Changed

• Fix broken format after calling run by @​dalance in https://github.com/ynqa/promkit/pull/51
• Fix history reset at readline renderer finilization by @​dalance in https://github.com/ynqa/promkit/pull/49
• v0.1.0: promkit-derive by @​ynqa in https://github.com/ynqa/promkit/pull/17
• Add custom writer by @​cih9088 in https://github.com/ynqa/promkit/pull/36

New Contributors

• @​dalance made their first contribution in https://github.com/ynqa/promkit/pull/51
• @​cih9088 made their first contribution in https://github.com/ynqa/promkit/pull/36

Full Changelog: ynqa/promkit@v0.6.2...v0.7.0

v0.6.2

Compare Source

What's Changed

• v0.6.2 by @​ynqa in https://github.com/ynqa/promkit/pull/47

Full Changelog: ynqa/promkit@v0.6.1...v0.6.2

v0.6.1

Compare Source

What's Changed

• v0.6.1 by @​ynqa in https://github.com/ynqa/promkit/pull/46

Full Changelog: ynqa/promkit@v0.6.0...v0.6.1

v0.6.0

Compare Source

What's Changed

• Move promkit-async to ynqa/promkit-async repo by @​ynqa in https://github.com/ynqa/promkit/pull/39
• v0.6.0: Row for large JSON by @​ynqa in https://github.com/ynqa/promkit/pull/42
• v0.6.0 by @​ynqa in https://github.com/ynqa/promkit/pull/41

Full Changelog: ynqa/promkit@v0.5.1...v0.6.0

v0.5.1

Compare Source

What's Changed

• v0.5.1 by @​ynqa in https://github.com/ynqa/promkit/pull/38

Full Changelog: ynqa/promkit@v0.5.0...v0.5.1

rust-random/rand (rand)

v0.9.1

Compare Source

Security and unsafe

• Revise "not a crypto library" policy again (#​1565)
• Remove zerocopy dependency from rand (#​1579)

Fixes

• Fix feature simd_support for recent nightly rust (#​1586)

Changes

• Allow fn rand::seq::index::sample_weighted and fn IndexedRandom::choose_multiple_weighted to return fewer than amount results (#​1623), reverting an undocumented change (#​1382) to the previous release.

Additions

• Add rand::distr::Alphabetic distribution. (#​1587)
• Re-export rand_core (#​1604)

v0.9.0

Compare Source

Security and unsafe

• Policy: "rand is not a crypto library" (#​1514)
• Remove fork-protection from ReseedingRng and ThreadRng. Instead, it is recommended to call ThreadRng::reseed on fork. (#​1379)
• Use zerocopy to replace some unsafe code (#​1349, #​1393, #​1446, #​1502)

Dependencies

• Bump the MSRV to 1.63.0 (#​1207, #​1246, #​1269, #​1341, #​1416, #​1536); note that 1.60.0 may work for dependents when using --ignore-rust-version
• Update to rand_core v0.9.0 (#​1558)

Features

• Support std feature without getrandom or rand_chacha (#​1354)
• Enable feature small_rng by default (#​1455)
• Remove implicit feature rand_chacha; use std_rng instead. (#​1473)
• Rename feature serde1 to serde (#​1477)
• Rename feature getrandom to os_rng (#​1537)
• Add feature thread_rng (#​1547)

API changes: rand_core traits

• Add fn RngCore::read_adapter implementing std::io::Read (#​1267)
• Add trait CryptoBlockRng: BlockRngCore; make trait CryptoRng: RngCore (#​1273)
• Add traits TryRngCore, TryCryptoRng (#​1424, #​1499)
• Rename fn SeedableRng::from_rng -> try_from_rng and add infallible variant fn from_rng (#​1424)
• Rename fn SeedableRng::from_entropy -> from_os_rng and add fallible variant fn try_from_os_rng (#​1424)
• Add bounds Clone and AsRef to associated type SeedableRng::Seed (#​1491)

API changes: Rng trait and top-level fns

• Rename fn rand::thread_rng() to rand::rng() and remove from the prelude (#​1506)
• Remove fn rand::random() from the prelude (#​1506)
• Add top-level fns random_iter, random_range, random_bool, random_ratio, fill (#​1488)
• Re-introduce fn Rng::gen_iter as random_iter (#​1305, #​1500)
• Rename fn Rng::gen to random to avoid conflict with the new gen keyword in Rust 2024 (#​1438)
• Rename fns Rng::gen_range to random_range, gen_bool to random_bool, gen_ratio to random_ratio (#​1505)
• Annotate panicking methods with #[track_caller] (#​1442, #​1447)

API changes: RNGs

• Fix <SmallRng as SeedableRng>::Seed size to 256 bits (#​1455)
• Remove first parameter (rng) of ReseedingRng::new (#​1533)

API changes: Sequences

• Split trait SliceRandom into IndexedRandom, IndexedMutRandom, SliceRandom (#​1382)
• Add IndexedRandom::choose_multiple_array, index::sample_array (#​1453, #​1469)

API changes: Distributions: renames

• Rename module rand::distributions to rand::distr (#​1470)
• Rename distribution Standard to StandardUniform (#​1526)
• Move distr::Slice -> distr::slice::Choose, distr::EmptySlice -> distr::slice::Empty (#​1548)
• Rename trait distr::DistString -> distr::SampleString (#​1548)
• Rename distr::DistIter -> distr::Iter, distr::DistMap -> distr::Map (#​1548)

API changes: Distributions

• Relax Sized bound on Distribution<T> for &D (#​1278)
• Remove impl of Distribution<Option<T>> for StandardUniform (#​1526)
• Let distribution StandardUniform support all NonZero* types (#​1332)
• Fns {Uniform, UniformSampler}::{new, new_inclusive} return a Result (instead of potentially panicking) (#​1229)
• Distribution Uniform implements TryFrom instead of From for ranges (#​1229)
• Add UniformUsize (#​1487)
• Remove support for generating isize and usize values with StandardUniform, Uniform (except via UniformUsize) and Fill and usage as a WeightedAliasIndex weight (#​1487)
• Add impl DistString for distributions Slice<char> and Uniform<char> (#​1315)
• Add fn Slice::num_choices (#​1402)
• Add fn p() for distribution Bernoulli to access probability (#​1481)

API changes: Weighted distributions

• Add pub module rand::distr::weighted, moving WeightedIndex there (#​1548)
• Add trait weighted::Weight, allowing WeightedIndex to trap overflow (#​1353)
• Add fns weight, weights, total_weight to distribution WeightedIndex (#​1420)
• Rename enum WeightedError to weighted::Error, revising variants (#​1382) and mark as #[non_exhaustive] (#​1480)

API changes: SIMD

• Switch to std::simd, expand SIMD & docs (#​1239)

Reproducibility-breaking changes

• Make ReseedingRng::reseed discard remaining data from the last block generated (#​1379)
• Change fn SmallRng::seed_from_u64 implementation (#​1203)
• Allow UniformFloat::new samples and UniformFloat::sample_single to yield high (#​1462)
• Fix portability of distribution Slice (#​1469)
• Make Uniform for usize portable via UniformUsize (#​1487)
• Fix IndexdRandom::choose_multiple_weighted for very small seeds and optimize for large input length / low memory (#​1530)

Reproducibility-breaking optimisations

• Optimize fn sample_floyd, affecting output of rand::seq::index::sample and rand::seq::SliceRandom::choose_multiple (#​1277)
• New, faster algorithms for IteratorRandom::choose and choose_stable (#​1268)
• New, faster algorithms for SliceRandom::shuffle and partial_shuffle (#​1272)
• Optimize distribution Uniform: use Canon's method (single sampling) / Lemire's method (distribution sampling) for faster sampling (breaks value stability; #​1287)
• Optimize fn sample_single_inclusive for floats (+~20% perf) (#​1289)

Other optimisations

• Improve SmallRng initialization performance (#​1482)
• Optimise SIMD widening multiply (#​1247)

Other

• Add Cargo.lock.msrv file (#​1275)
• Reformat with rustfmt and enforce (#​1448)
• Apply Clippy suggestions and enforce (#​1448, #​1474)
• Move all benchmarks to new benches crate (#​1329, #​1439) and migrate to Criterion (#​1490)

Documentation

• Improve ThreadRng related docs (#​1257)
• Docs: enable experimental --generate-link-to-definition feature (#​1327)
• Better doc of crate features, use doc_auto_cfg (#​1411, #​1450)

serde-rs/serde (serde)

v1.0.219

Compare Source

• Prevent absolute_paths Clippy restriction being triggered inside macro-generated code (#​2906, thanks @​davidzeng0)

v1.0.218

Compare Source

• Documentation improvements

v1.0.217

Compare Source

• Support serializing externally tagged unit variant inside flattened field (#​2786, thanks @​Mingun)

v1.0.216

Compare Source

• Mark all generated impls with #[automatically_derived] to exclude from code coverage (#​2866, #​2868, thanks @​tdittr)

v1.0.215

Compare Source

• Produce warning when multiple fields or variants have the same deserialization name (#​2855, #​2856, #​2857)

v1.0.214

Compare Source

• Implement IntoDeserializer for all Deserializers in serde::de::value module (#​2568, thanks @​Mingun)

serde-rs/json (serde_json)

v1.0.140

Compare Source

• Documentation improvements

v1.0.139

Compare Source

• Documentation improvements

v1.0.138

Compare Source

• Documentation improvements

v1.0.137

Compare Source

• Turn on "float_roundtrip" and "unbounded_depth" features for serde_json in play.rust-lang.org (#​1231)

v1.0.136

Compare Source

• Optimize serde_json::value::Serializer::serialize_map by using Map::with_capacity (#​1230, thanks @​goffrie)

v1.0.135

Compare Source

• Add serde_json::Map::into_values method (#​1226, thanks @​tisonkun)

v1.0.134

Compare Source

• Add RawValue associated constants for literal null, true, false (#​1221, thanks @​bheylin)

v1.0.133

Compare Source

• Implement From<[T; N]> for serde_json::Value (#​1215)

RustCrypto/hashes (sha2)

v0.10.9

Compare Source

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Join our Discord community for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.