Skip to content

Bump the backend group across 1 directory with 12 updates #795

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Bump the backend group across 1 directory with 12 updates #795

wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 22, 2025
edited
Loading

Bumps the backend group with 11 updates in the / directory:

Package From To
anyhow 1.0.99 1.0.100
async-trait 0.1.88 0.1.89
clap 4.5.45 4.5.48
config 0.15.14 0.15.16
deadpool 0.12.2 0.12.3
hyper 1.6.0 1.7.0
regex 1.11.1 1.11.2
serde_json 1.0.142 1.0.145
time 0.3.41 0.3.44
tracing-subscriber 0.3.19 0.3.20
uuid 1.18.0 1.18.1

Updates anyhow from 1.0.99 to 1.0.100

Release notes

Sourced from anyhow's releases.

1.0.100

  • Teach clippy to lint formatting arguments in bail!, ensure!, anyhow! (#426)
Commits
  • 18c2598 Release 1.0.100
  • f271988 Merge pull request #426 from dtolnay/clippyfmt
  • 52f2115 Mark macros with clippy::format_args
  • da5fd9d Raise minimum tested compiler to rust 1.76
  • 211e409 Opt in to generate-macro-expansion when building on docs.rs
  • b48fc02 Enforce trybuild >= 1.0.108
  • d5f59fb Update ui test suite to nightly-2025-09-07
  • 238415d Update ui test suite to nightly-2025-08-24
  • 3bab070 Update actions/checkout@v4 -> v5
  • 4249254 Order cap-lints flag in the same order as thiserror build script
  • See full diff in compare view

Updates async-trait from 0.1.88 to 0.1.89

Release notes

Sourced from async-trait's releases.

0.1.89

Commits
  • a7e91e9 Release 0.1.89
  • fbcfcac Merge pull request 293 from Veykril/lw/quote_spanned
  • fd93990 Improve use of spans in quote_spanned
  • a5093fe Add type-mismatch ui test
  • 6d12b44 Revert "Pin nightly toolchain used for miri job"
  • dd9e4ba Hide unused_variables warning in consider-restricting.rs ui test
  • b454fc8 Update ui test suite to nightly-2025-08-03
  • 9c880e8 Update ui test suite to nightly-2025-07-30
  • 7ca751d Ignore unused_parens warning in test
  • 2bccfeb Update ui test suite to nightly-2025-05-28
  • Additional commits viewable in compare view

Updates clap from 4.5.45 to 4.5.48

Release notes

Sourced from clap's releases.

v4.5.48

[4.5.48] - 2025-09-19

Documentation

  • Add a new CLI Concepts document as another way of framing clap
  • Expand the typed_derive cookbook entry

v4.5.47

[4.5.47] - 2025-09-02

Features

  • Added impl FromArgMatches for ()
  • Added impl Args for ()
  • Added impl Subcommand for ()
  • Added impl FromArgMatches for Infallible
  • Added impl Subcommand for Infallible

Fixes

  • (derive) Update runtime error text to match clap

v4.5.46

[4.5.46] - 2025-08-26

Features

  • Expose StyledStr::push_str
Changelog

Sourced from clap's changelog.

[4.5.48] - 2025-09-19

Documentation

  • Add a new CLI Concepts document as another way of framing clap
  • Expand the typed_derive cookbook entry

[4.5.47] - 2025-09-02

Features

  • Added impl FromArgMatches for ()
  • Added impl Args for ()
  • Added impl Subcommand for ()
  • Added impl FromArgMatches for Infallible
  • Added impl Subcommand for Infallible

Fixes

  • (derive) Update runtime error text to match clap

[4.5.46] - 2025-08-26

Features

  • Expose StyledStr::push_str
Commits
  • c3a1ddc chore: Release
  • 4460ff4 docs: Update changelog
  • 54947a1 Merge pull request #5981 from mernen/fix-bash-clap-complete-space
  • fd3f6d2 fix(complete): Restore nospace in bash
  • 2f6a108 test(complete): Demonstrate current behavior
  • f88be57 style: Ensure consistent newlines
  • f209bce chore: Release
  • f33ff7f docs: Update changelog
  • bf06e6f Merge pull request #5974 from kryvashek/support-clearing-args-matches
  • 5d357ad feat(parser): Added ArgMatches::try_clear_id()
  • Additional commits viewable in compare view

Updates config from 0.15.14 to 0.15.16

Changelog

Sourced from config's changelog.

[0.15.16] - 2025-09-15

Performance

  • Allow more build parallelism by depending on serde_core

[0.15.15] - 2025-08-29

Fixes

  • (json5) Correctly deserialize null (regressed in 0.15.14)
Commits
  • 75bdb15 chore: Release config version 0.15.16
  • 9ad97be docs: Update changelog
  • 7bd9055 refactor: Switch to serde_core (#691)
  • d69daf1 refactor: Switch to serde_core
  • 3931f4c chore: Release config version 0.15.15
  • 1e85483 docs: Update changelog
  • 63ef7c7 fix(format): Correctly deserialize json5 (#690)
  • ea823c1 fix(format): Correctly deserialize json5
  • b4bc68f test(format): Verify null where supported
  • 35bafb9 refactor(file): Minor clean up to file discovery (#688)
  • Additional commits viewable in compare view

Updates deadpool from 0.12.2 to 0.12.3

Commits
  • c24a947 Release deadpool 0.12.3
  • 54cb398 Add wrapper for ObjectId making it an opaque data type
  • 2fa6123 Improve documentation of Object::id
  • 9426cce Fix default pool max size
  • 207e428 feat(deadpool): cache num_cpus for better init performance
  • 5bef286 Fix deadpool-tiberius entry
  • d948563 Fix links in CHANGELOG
  • f8270d1 Release deadpool-lapin 0.13.1
  • b4d6f14 Pin windows-2025 and fix deadpool-diesel[mysql] check
  • 2ab87f9 Run workflows when the CI config is changed
  • Additional commits viewable in compare view

Updates hyper from 1.6.0 to 1.7.0

Release notes

Sourced from hyper's releases.

v1.7.0

Highlights

Features

  • client:
  • error: add Error::is_shutdown() (#3863) (b8affd8a, closes #2745)
  • server: add allow_multiple_spaces_in_request_line_delimiters http1 builder method (#3929) (9749184f)

Bug Fixes

  • server: improve caching accuracy of Date header (#3887) (436cadd1)

What's Changed

New Contributors

... (truncated)

Changelog

Sourced from hyper's changelog.

v1.7.0 (2025-08-18)

Bug Fixes

  • server: improve caching accuracy of Date header (#3887) (436cadd1)

Features

  • client:
  • error: add Error::is_shutdown() (#3863) (b8affd8a, closes #2745)
  • server: add allow_multiple_spaces_in_request_line_delimiters http1 builder method (#3929) (9749184f)
Commits
  • 400bdfd v1.7.0
  • 9749184 feat(server): add allow_multiple_spaces_in_request_line_delimiters http1 bu...
  • caa166c chore(dependencies): avoid implicit cargo feature of futures-util (#3931)
  • 8ad2595 test(common): add missing assertion in full_rewind test (#3926)
  • 24f0da8 chore(ci): update to cargo-check-external-types-0.3.0 (#3928)
  • 974289f docs(rt): improve rt module overview (#3920)
  • 283fd23 docs: improve ext module overview and Protocol docs (#3921)
  • b8affd8 feat(error): add Error::is_shutdown() (#3863)
  • c88df78 docs(SECURITY): update policy to use GSA drafts when reporting vulnerabilitie...
  • 436cadd fix(server): improve caching accuracy of Date header (#3887)
  • Additional commits viewable in compare view

Updates regex from 1.11.1 to 1.11.2

Changelog

Sourced from regex's changelog.

1.11.2 (2025-08-24)

This is a new patch release of regex with some minor fixes. A larger number of typo or lint fix patches were merged. Also, we now finally recommend using std::sync::LazyLock.

Improvements:

Bug fixes:

Commits

Updates serde from 1.0.219 to 1.0.226

Release notes

Sourced from serde's releases.

v1.0.226

  • Deduplicate variant matching logic inside generated Deserialize impl for adjacently tagged enums (#2935, thanks @​Mingun)

v1.0.225

  • Avoid triggering a deprecation warning in derived Serialize and Deserialize impls for a data structure that contains its own deprecations (#2879, thanks @​rcrisanti)

v1.0.224

  • Remove private types being suggested in rustc diagnostics (#2979)

v1.0.223

  • Fix serde_core documentation links (#2978)

v1.0.222

  • Make serialize_with attribute produce code that works if respanned to 2024 edition (#2950, thanks @​aytey)

v1.0.221

  • Documentation improvements (#2973)
  • Deprecate serde_if_integer128! macro (#2975)

v1.0.220

Commits
  • 1799547 Release 1.0.226
  • 2dbeefb Merge pull request #2935 from Mingun/dedupe-adj-enums
  • 8a3c29f Merge pull request #2986 from dtolnay/didnotwork
  • defc24d Remove "did not work" comment from test suite
  • 2316610 Merge pull request #2929 from Mingun/flatten-enum-tests
  • c09e2bd Add tests for flatten unit variant in adjacently tagged (tag + content) enums
  • fe7dcc4 Test all possible orders of map entries for enum-flatten-in-struct representa...
  • a20e66e Check serialization in flatten::enum_::internally_tagged::unit_enum_with_unkn...
  • 1c1a5d9 Reorder struct_ and newtype tests of adjacently_tagged enums to match order i...
  • ee3c237 Opt in to generate-macro-expansion when building on docs.rs
  • Additional commits viewable in compare view

Updates serde_json from 1.0.142 to 1.0.145

Release notes

Sourced from serde_json's releases.

v1.0.145

  • Raise serde version requirement to >=1.0.220

v1.0.144

  • Switch serde dependency to serde_core (#1285)

v1.0.143

Commits
  • efa66e3 Release 1.0.145
  • 23679e2 Add serde version constraint
  • fc27baf Release 1.0.144
  • caef3c6 Ignore uninlined_format_args pedantic clippy lint
  • 81ba3aa Merge pull request #1285 from dtolnay/serdecore
  • d21e8ce Switch serde dependency to serde_core
  • 6beb6cd Merge pull request #1286 from dtolnay/up
  • 1dbc803 Raise required compiler to Rust 1.61
  • 0bf5d87 Enforce trybuild >= 1.0.108
  • d12e943 Update actions/checkout@v4 -> v5
  • Additional commits viewable in compare view

Updates time from 0.3.41 to 0.3.44

Release notes

Sourced from time's releases.

v0.3.44

See the changelog for details.

v0.3.43

See the changelog for details.

v0.3.42

See the changelog for details.

Changelog

Sourced from time's changelog.

0.3.44 [2025-09-19]

Fixed

  • Comparisons of PrimitiveDateTime, UtcDateTime, and OffsetDateTime with differing signs (i.e. one negative and one positive year) would return the inverse result of what was expected. This was introduced in v0.3.42 and has been fixed.
  • Type inference would fail due to feature unification when wasm-bindgen enabled serde_json. This has been fixed by explicitly specifying the type in the relevant locations.

0.3.43 [2025-09-02]

Added

  • Support for rand 0.9

Fixed

  • In the convert module, any use of per with types that were not the same (such as Nanosecond::per(Second)) would not compile due to a bug. This has been fixed.

0.3.42 [2025-08-31]

Added

  • Time::duration_until
  • Time::duration_since
  • per_t method for all types in time::convert. This is similar to the existing per method, but can return any of the primitive numeric types that can represent the result. This will cut down on as casts while ensuring correctness. Type inference isn't perfect, so you may need to provide a type annotation in some situations.
  • impl PartialOrd for Month and impl Ord for Month; this assumes the months are in the same year
  • SystemTimeExt trait, adding methods for checked arithmetic with time::Duration and obtaining the difference between two SystemTimes as a time::Duration
  • Permit using UtcDateTime with rand (this was inadvertently omitted previously)
  • impl core::error::Error for all error types (now available when the std feature is disabled)
  • MacOS can now obtain the local UTC offset in multi-threaded programs as the system APIs are thread-safe.
  • #[track_caller] has been added to all relevant methods.

Changed

  • The minimum supported Rust version is now 1.81.0.
  • The dependency on itoa has been removed, as the standard library now has similar functionality by default.
  • Formatting a component that involves a floating point number is now guaranteed to be deterministic, avoiding any subtle differences between platforms or compiler versions.

Fixed

... (truncated)

Commits

Updates tracing-subscriber from 0.3.19 to 0.3.20

Release notes

Sourced from tracing-subscriber's releases.

tracing-subscriber 0.3.20

Security Fix: ANSI Escape Sequence Injection (CVE-TBD)

Impact

Previous versions of tracing-subscriber were vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into terminal output when logged, potentially allowing attackers to:

  • Manipulate terminal title bars
  • Clear screens or modify terminal display
  • Potentially mislead users through terminal manipulation

In isolation, impact is minimal, however security issues have been found in terminal emulators that enabled an attacker to use ANSI escape sequences via logs to exploit vulnerabilities in the terminal emulator.

Solution

Version 0.3.20 fixes this vulnerability by escaping ANSI control characters in when writing events to destinations that may be printed to the terminal.

Affected Versions

All versions of tracing-subscriber prior to 0.3.20 are affected by this vulnerability.

Recommendations

Immediate Action Required: We recommend upgrading to tracing-subscriber 0.3.20 immediately, especially if your application:

  • Logs user-provided input (form data, HTTP headers, query parameters, etc.)
  • Runs in environments where terminal output is displayed to users

Migration

This is a patch release with no breaking API changes. Simply update your Cargo.toml:

[dependencies]
tracing-subscriber = "0.3.20"

Acknowledgments

We would like to thank zefr0x who responsibly reported the issue at [email protected].

If you believe you have found a security vulnerability in any tokio-rs project, please email us at [email protected].

Commits

Updates uuid from 1.18.0 to 1.18.1

Release notes

Sourced from uuid's releases.

v1.18.1

What's Changed

Full Changelog: uuid-rs/uuid@v1.18.0...v1.18.1

Commits
  • 50d8e79 Merge pull request #842 from uuid-rs/cargo/v1.18.1
  • 7948592 prepare for 1.18.1 release
  • 6d847c7 Merge pull request #841 from uuid-rs/chore/unsafe-cleanup
  • 675cccc re-gate zerocopy behind unstable feature flag
  • 4dd5828 Remove some unsafe; stabilize zerocopy
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the backend group across 1 directory with 12 updates
fbcf61d 
Bumps the backend group with 11 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [anyhow](https://github.com/dtolnay/anyhow) | `1.0.99` | `1.0.100` |
| [async-trait](https://github.com/dtolnay/async-trait) | `0.1.88` | `0.1.89` |
| [clap](https://github.com/clap-rs/clap) | `4.5.45` | `4.5.48` |
| [config](https://github.com/rust-cli/config-rs) | `0.15.14` | `0.15.16` |
| [deadpool](https://github.com/bikeshedder/deadpool) | `0.12.2` | `0.12.3` |
| [hyper](https://github.com/hyperium/hyper) | `1.6.0` | `1.7.0` |
| [regex](https://github.com/rust-lang/regex) | `1.11.1` | `1.11.2` |
| [serde_json](https://github.com/serde-rs/json) | `1.0.142` | `1.0.145` |
| [time](https://github.com/time-rs/time) | `0.3.41` | `0.3.44` |
| [tracing-subscriber](https://github.com/tokio-rs/tracing) | `0.3.19` | `0.3.20` |
| [uuid](https://github.com/uuid-rs/uuid) | `1.18.0` | `1.18.1` |



Updates `anyhow` from 1.0.99 to 1.0.100
- [Release notes](https://github.com/dtolnay/anyhow/releases)
- [Commits](dtolnay/anyhow@1.0.99...1.0.100)

Updates `async-trait` from 0.1.88 to 0.1.89
- [Release notes](https://github.com/dtolnay/async-trait/releases)
- [Commits](dtolnay/async-trait@0.1.88...0.1.89)

Updates `clap` from 4.5.45 to 4.5.48
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](clap-rs/clap@clap_complete-v4.5.45...clap_complete-v4.5.48)

Updates `config` from 0.15.14 to 0.15.16
- [Changelog](https://github.com/rust-cli/config-rs/blob/main/CHANGELOG.md)
- [Commits](rust-cli/config-rs@v0.15.14...v0.15.16)

Updates `deadpool` from 0.12.2 to 0.12.3
- [Changelog](https://github.com/deadpool-rs/deadpool/blob/main/release.toml)
- [Commits](deadpool-rs/deadpool@deadpool-v0.12.2...deadpool-v0.12.3)

Updates `hyper` from 1.6.0 to 1.7.0
- [Release notes](https://github.com/hyperium/hyper/releases)
- [Changelog](https://github.com/hyperium/hyper/blob/master/CHANGELOG.md)
- [Commits](hyperium/hyper@v1.6.0...v1.7.0)

Updates `regex` from 1.11.1 to 1.11.2
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](rust-lang/regex@1.11.1...1.11.2)

Updates `serde` from 1.0.219 to 1.0.226
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](serde-rs/serde@v1.0.219...v1.0.226)

Updates `serde_json` from 1.0.142 to 1.0.145
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](serde-rs/json@v1.0.142...v1.0.145)

Updates `time` from 0.3.41 to 0.3.44
- [Release notes](https://github.com/time-rs/time/releases)
- [Changelog](https://github.com/time-rs/time/blob/main/CHANGELOG.md)
- [Commits](time-rs/time@v0.3.41...v0.3.44)

Updates `tracing-subscriber` from 0.3.19 to 0.3.20
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](tokio-rs/tracing@tracing-subscriber-0.3.19...tracing-subscriber-0.3.20)

Updates `uuid` from 1.18.0 to 1.18.1
- [Release notes](https://github.com/uuid-rs/uuid/releases)
- [Commits](uuid-rs/uuid@v1.18.0...v1.18.1)

---
updated-dependencies:
- dependency-name: anyhow
  dependency-version: 1.0.100
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend
- dependency-name: async-trait
  dependency-version: 0.1.89
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend
- dependency-name: clap
  dependency-version: 4.5.48
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend
- dependency-name: config
  dependency-version: 0.15.16
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend
- dependency-name: deadpool
  dependency-version: 0.12.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend
- dependency-name: hyper
  dependency-version: 1.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend
- dependency-name: regex
  dependency-version: 1.11.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend
- dependency-name: serde
  dependency-version: 1.0.226
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend
- dependency-name: serde_json
  dependency-version: 1.0.145
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend
- dependency-name: time
  dependency-version: 0.3.44
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend
- dependency-name: tracing-subscriber
  dependency-version: 0.3.20
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend
- dependency-name: uuid
  dependency-version: 1.18.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file rust Pull requests that update Rust code labels Sep 22, 2025
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Sep 23, 2025

Looks like these dependencies are no longer updatable, so this is no longer needed.

@dependabot dependabot bot closed this Sep 23, 2025
@dependabot dependabot bot deleted the dependabot/cargo/backend-8b9d1f7a10 branch September 23, 2025 08:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update Rust code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant