chore(deps): bump the all-dependencies-cargo group with 14 updates

[dependabot]

Bumps the all-dependencies-cargo group with 14 updates:

Package	From	To
anyhow	1.0.78	1.0.79
rhai	1.16.3	1.17.0
assert_cmd	2.0.12	2.0.13
predicates	3.0.4	3.1.0
serde_json	1.0.109	1.0.113
ignore	0.4.21	0.4.22
octocrab	0.32.0	0.33.3
regex	1.10.2	1.10.3
reqwest	0.11.23	0.11.24
serde_yaml	0.9.29	0.9.31
sha256	1.4.0	1.5.0
toml	0.8.8	0.8.9
which	5.0.0	6.0.0
openssl-sys	0.9.98	0.9.99

Updates anyhow from 1.0.78 to 1.0.79

Release notes

Sourced from anyhow's releases.

1.0.79

• Work around improperly cached build script result by sccache (#340)

Commits

• 71ab53d Release 1.0.79
• 60705a5 Merge pull request #340 from dtolnay/depinfo
• 17e252b Include env-dep:RUSTC_BOOTSTRAP in dep-info for sccache
• 04774c0 Merge pull request #338 from dtolnay/nightlyci
• 1fd290c Make CI verify that error_generic_member_access works in latest nightly
• ee41470 RUSTC must be set by Cargo for build script
• See full diff in compare view

Updates rhai from 1.16.3 to 1.17.0

Release notes

Sourced from rhai's releases.

v1.17.0

Starting from this version, the official preferred method of registering an API for a custom type is via the #[derive(CustomType)] macro. The old API is still available for types that reside in external crates (and thus cannot implement CustomType).

Starting from this version, the new FuncRegistration API is preferred for registering native Rust functions into a Module. The old API is still available but deprecated.

Starting from this version, fuzzing via Google OSS-Fuzz is used to flush out hidden bugs and edge cases. This should result in higher code quality, better stability and improved security. And indeed, a large number of bugs have been discovered from this and fixed.

Potentially breaking changes

• ImmutableString now derefs to &str instead of &SmartString. Normally this should not be a breaking change.
• Traits implemented by ImmutableString are cleaned up. Normally this should not be a breaking change.
• EvalContext::new, FloatWrapper and ConditionalExpr are now gated under internals.
• Previously, Rhai follows Unicode's definition for whitespace, which allows many exotic whitespace characters in scripts. Starting from this version, whitespace follows WhatWG's definition of five ASCII characters (TAB, SPACE, CR, LF and FF), which is the same as Rust. All other Unicode whitespace characters (not inside strings) are not considered whitespace by Rhai. If a script used to contain non-ASCII whitespace characters, it now fails to parse with a syntax error.

New features

• #[derive(CustomType)] is now available, driven by procedural macros in rhai_codegen.
• A new FuncRegistration API is added to assist in registering native Rust functions into modules with various settings. Some of the original Module::set_fn... API is now deprecated.
• Functions defined in plugin modules can now be marked as volatile which prevents it from being optimized away even under OptimizationLevel::Full.
• Added Engine::max_functions and Engine::set_max_functions to limit the maximum number of functions allowed in a script. This is to guard against DOS attacks -- e.g. a simple closure || (two characters) is a function. When max_function is exceeded during script compilation, a new parse error, ParseErrorType::TooManyFunctions, is returned.
• Engine::get_interned_string is made public instead of gated under internals.

Deprecated API's

• rhai::config::hashing::set_ahash_seed, rhai::config::hashing::get_ahash_seed and the RHAI_AHASH_SEED environment variable are deprecated in favor of rhai::config::hashing::set_hashing_seed, rhai::config::hashing::get_hashing_seed and RHAI_HASHING_SEED.
• AST::clear_doc is deprecated.
• Much of the Module::update_XXX API is deprecated in favor of using the FuncRegistration API.
• Module::gen_fn_signatures is deprecated in favor of Module::gen_fn_signatures_with_mapper.

Fixes to bugs found via fuzzing

• Fixed crash when parsing multi-segment interpolated string longer than maximum.
• Fixed crash when parsing unterminated comment.
• Fixed crash when parsing deeply-nested right-associated operators such as **.
• Fixed crash when parsing combo-chaining expressions such as (a.b).c.
• Fixed crash when calling functions that have Dynamic parameters with more than 16 parameters.
• Fixed crash when indexing into an empty array with negative index.
• Indexing into an array with a negative index that is larger than the length of the array now throws an out-of-bounds error (similar to positive indices) instead of defaulting to the first element.
• Fixed edge-case crash in timestamp functions.
• Fixed crash when indenting a block doc-comment with Unicode multi-byte space characters.
• Fixed improper parsing of numbers with too many decimal points.
• Fixed exponential running time when raising a decimal number to a very large power (> 1 million) -- it now returns an overflow error.
• Shared values that contain reference loops no longer cause a stack overflow when printing.
• sleep no longer panics on NaN.
• switch on ranges now work properly.

... (truncated)

Changelog

Sourced from rhai's changelog.

Version 1.17.0

Starting from this version, the official preferred method of registering an API for a custom type is via the #[derive(CustomType)] macro. The old API is still available for types that reside in external crates (and thus cannot implement CustomType).

Starting from this version, the new FuncRegistration API is preferred for registering native Rust functions into a Module. The old API is still available but deprecated.

Starting from this version, fuzzing via Google OSS-Fuzz is used to flush out hidden bugs and edge cases. This should result in higher code quality, better stability and improved security. And indeed, a large number of bugs have been discovered from this and fixed.

Potentially breaking changes

• ImmutableString now derefs to &str instead of &SmartString. Normally this should not be a breaking change.
• Traits implemented by ImmutableString are cleaned up. Normally this should not be a breaking change.
• EvalContext::new, FloatWrapper and ConditionalExpr are now gated under internals.
• Previously, Rhai follows Unicode's definition for whitespace, which allows many exotic whitespace characters in scripts. Starting from this version, whitespace follows WhatWG's definition of five ASCII characters (TAB, SPACE, CR, LF and FF), which is the same as Rust. All other Unicode whitespace characters (not inside strings) are not considered whitespace by Rhai. If a script used to contain non-ASCII whitespace characters, it now fails to parse with a syntax error.

New features

• #[derive(CustomType)] is now available, driven by procedural macros in rhai_codegen.
• A new FuncRegistration API is added to assist in registering native Rust functions into modules with various settings. Some of the original Module::set_fn... API is now deprecated.
• Functions defined in plugin modules can now be marked as volatile which prevents it from being optimized away even under OptimizationLevel::Full.
• Added Engine::max_functions and Engine::set_max_functions to limit the maximum number of functions allowed in a script. This is to guard against DOS attacks -- e.g. a simple closure || (two characters) is a function. When max_function is exceeded during script compilation, a new parse error, ParseErrorType::TooManyFunctions, is returned.
• Engine::get_interned_string is made public instead of gated under internals.

Deprecated API's

• rhai::config::hashing::set_ahash_seed, rhai::config::hashing::get_ahash_seed and the RHAI_AHASH_SEED environment variable are deprecated in favor of rhai::config::hashing::set_hashing_seed, rhai::config::hashing::get_hashing_seed and RHAI_HASHING_SEED.
• AST::clear_doc is deprecated.
• Much of the Module::update_XXX API is deprecated in favor of using the FuncRegistration API.
• Module::gen_fn_signatures is deprecated in favor of Module::gen_fn_signatures_with_mapper.

Fixes to bugs found via fuzzing

• Fixed crash when parsing multi-segment interpolated string longer than maximum.
• Fixed crash when parsing unterminated comment.
• Fixed crash when parsing deeply-nested right-associated operators such as **.
• Fixed crash when parsing combo-chaining expressions such as (a.b).c.
• Fixed crash when calling functions that have Dynamic parameters with more than 16 parameters.
• Fixed crash when indexing into an empty array with negative index.
• Indexing into an array with a negative index that is larger than the length of the array now throws an out-of-bounds error (similar to positive indices) instead of defaulting to the first element.

... (truncated)

Commits

• f97fbcb Merge pull request #826 from schungx/master
• 8cad8c5 Limit number of functions in fuzzing.
• 5b83d9c Merge pull request #825 from schungx/master
• 11e9cc7 Rewrite iterators using FuncRegistration.
• bcb20cd Fix test.
• db7466b Fix builds.
• 2c7e179 Fix tests.
• 8359732 Format function signatures.
• 31b0760 Fix TypeBuilder.
• bdadfa4 Fix bug in Engine::gen_fn_signatures.
• Additional commits viewable in compare view

Updates assert_cmd from 2.0.12 to 2.0.13

Changelog

Sourced from assert_cmd's changelog.

[2.0.13] - 2024-01-12

Internal

• Dependency update

Commits

• 19da72b chore: Release assert_cmd version 2.0.13
• db5ee32 docs: Update changelog
• 86d96ed chore: Update anstream
• 8e3cb3f Merge pull request #191 from assert-rs/renovate/github-codeql-action-3.x
• 8159e3d Merge pull request #190 from assert-rs/renovate/actions-setup-python-5.x
• 48c7f1d chore(deps): update github/codeql-action action to v3
• c5291f8 chore(deps): update actions/setup-python action to v5
• a909b08 chore: Update from '_rust/main'
• 8c836ea Merge pull request #10 from epage/renovate/migrate-config
• 598c624 chore(config): migrate config .github/renovate.json5
• Additional commits viewable in compare view

Updates predicates from 3.0.4 to 3.1.0

Changelog

Sourced from predicates's changelog.

[3.1.0] - 2024-01-15

Compatibility

• Update MSRV to 1.70.0

Internals

• Remove itertools

Commits

• d16d9cb chore: Release
• 47812df docs: Update changelog
• 35c039f Merge pull request #162 from fornwall/remote-itertools
• bb84ae0 chore(deps): Remove dependency on itertools
• 8e4bfad Merge pull request #161 from assert-rs/renovate/github-codeql-action-3.x
• 0cbbb79 Merge pull request #160 from assert-rs/renovate/actions-setup-python-5.x
• e2e12a7 chore(deps): update github/codeql-action action to v3
• bd54fd1 chore(deps): update actions/setup-python action to v5
• 652fd86 chore: Update from '_rust/main'
• 8c836ea Merge pull request #10 from epage/renovate/migrate-config
• Additional commits viewable in compare view

Updates serde_json from 1.0.109 to 1.0.113

Release notes

Sourced from serde_json's releases.

v1.0.113

• Add swap_remove and shift_remove methods on Map (#1109)

v1.0.112

• Improve formatting of "invalid type" error messages involving floats (#1107)

v1.0.111

• Improve floating point parsing performance on loongarch64 (#1100, thanks @​heiher)

v1.0.110

• Update proc-macro2 to fix caching issue when using a rustc-wrapper such as sccache

Commits

• 09d865b Release 1.0.113
• 5aeab4e Merge pull request #1109 from serde-rs/remove
• ca3c2ca Add swap_remove and shift_remove methods on Map
• 7fece96 Release 1.0.112
• 6a6d2bb Merge pull request #1107 from serde-rs/unexpectedfloat
• 83d7bad Format f64 in error messages using ryu
• 107c2d1 Merge pull request #1106 from serde-rs/invalidvalue
• 62ca3e4 Handle Unexpected::Unit in Error::invalid_value
• 296fafb Factor out JSON-specific Display impl for serde::de::Unexpected
• e56cc69 Merge pull request #1105 from keienWang/master
• Additional commits viewable in compare view

Updates ignore from 0.4.21 to 0.4.22

Commits

• 2c38975 ignore-0.4.22
• c8e4a84 cli: prefix all non-fatal error messages with 'rg: '
• b9c7749 ignore: fix reference cycle for compiled matchers
• 67dd809 ignore: add some 'allow(dead_code)' annotations
• e0a8567 complete/fish: improve shell completions for fish
• 56c7ad1 ignore/types: add Lean
• 2a4dba3 ignore/types: add meson.options
• daa157b core: actually implement --sortr=path
• 0096c74 grep-0.3.1
• 8c48355 deps: bump grep-printer to 0.2.1
• Additional commits viewable in compare view

Updates octocrab from 0.32.0 to 0.33.3

Release notes

Sourced from octocrab's releases.

v0.33.3

Other

• Handle redirects in ReleasesHandler::stream_asset(). (#556)
• Tests for locking and unlocking issue comments (#557)

v0.33.2

Other

• Resolving issue with deleting reactions from issues. (#555)
• Added a test for repos().is_collaborator(). The 204 case is good! (#553)

Other

• Added a test case for repos().is_collaborator() to cover both 204 and 404 cases.

v0.33.1

Fixed

• fixed timeout methods not being feature gated (#519)

v0.33.0

Added

• add methods to builder for changing timeouts (#498)

Other

• Always set http request header CONTENT-LENGTH (#464)
• Add link to Content::decoded_content (#514)
• Repairing two 204-related serde errors, and adding some simple tests. (#503)
• Add CheckRunOutput (#515)
• cargo clippy --tests --examples --fix (#496)
• make dismissal_message optional (#501)
• Add conclusion, completed_at and output fields to create check api (#467)
• Fix typo in docs (#508)
• [docs] Improve the update_file docs (#513)
• added repos/list_contributors (#500)
• Make user information optional
• Use graphql_client to get stronger typing
• add fields for refresh token and expiry timestamps (#477)

Fixed

• Fixed two functions which return 204s and have no body, which throws serde errors
  • octocrab.issues().delete_label()
  • octocrab.teams().repos().remove()

Other

• Added tests for the above functions
• Also added tests for octocrab.teams().repos().add_or_update()
• Also added tests for octocrab.issues().remove_label()

Changelog

Sourced from octocrab's changelog.

0.33.3 - 2024-01-26

Other

• Handle redirects in ReleasesHandler::stream_asset(). (#556)
• Tests for locking and unlocking issue comments (#557)

0.33.2 - 2024-01-24

Other

• Resolving issue with deleting reactions from issues. (#555)
• Added a test for repos().is_collaborator(). The 204 case is good! (#553)

Other

• Added a test case for repos().is_collaborator() to cover both 204 and 404 cases.

0.33.1 - 2024-01-15

Fixed

• fixed timeout methods not being feature gated (#519)

0.33.0 - 2024-01-15

Added

• add methods to builder for changing timeouts (#498)

Other

• Always set http request header CONTENT-LENGTH (#464)
• Add link to Content::decoded_content (#514)
• Repairing two 204-related serde errors, and adding some simple tests. (#503)
• Add CheckRunOutput (#515)
• cargo clippy --tests --examples --fix (#496)
• make dismissal_message optional (#501)
• Add conclusion, completed_at and output fields to create check api (#467)
• Fix typo in docs (#508)
• [docs] Improve the update_file docs (#513)
• added repos/list_contributors (#500)
• Make user information optional
• Use graphql_client to get stronger typing
• add fields for refresh token and expiry timestamps (#477)

Fixed

• Fixed two functions which return 204s and have no body, which throws serde errors
  • octocrab.issues().delete_label()
  • octocrab.teams().repos().remove()

Other

• Added tests for the above functions
• Also added tests for octocrab.teams().repos().add_or_update()

... (truncated)

Commits

• 7789a24 chore: release (#558)
• fbfb3a8 Handle redirects in ReleasesHandler::stream_asset(). (#556)
• d42c0a3 Tests for locking and unlocking issue comments (#557)
• 5caca08 chore: release (#554)
• c4c3a21 Resolving issue with deleting reactions from issues. (#555)
• 07e09ed Added a test for repos().is_collaborator(). The 204 case is good! (#553)
• 6b0a197 chore: release (#520)
• 340440a fixed timeout methods not being feature gated (#519)
• f11fb75 chore: release (#484)
• ee49f5c feat: add methods to builder for changing timeouts (#498)
• Additional commits viewable in compare view

Updates regex from 1.10.2 to 1.10.3

Changelog

Sourced from regex's changelog.

1.10.3 (2024-01-21)

This is a new patch release that fixes the feature configuration of optional dependencies, and fixes an unsound use of bounds check elision.

Bug fixes:

• [BUG #1147](rust-lang/regex#1147): Set default-features=false for the memchr and aho-corasick dependencies.
• [BUG #1154](rust-lang/regex#1154): Fix unsound bounds check elision.

Commits

• 0c09903 1.10.3
• 653bb59 deps: bump regex-automata to 0.4.4
• e7b5401 regex-automata-0.4.4
• 1bc667d changelog: 1.10.3
• fbd2537 safety: guard in Input::new against incorrect AsRef implementations
• 027eebd cargo: set 'default-features = false' for memchr and aho-corasick
• dc0a9d2 ci: small clean-ups
• a3d5975 doc: fix link in Index<&str> impl docs
• 4f5992f doc: tweak Captures documentation
• 837fd85 regex-cli-0.2.0
• Additional commits viewable in compare view

Updates reqwest from 0.11.23 to 0.11.24

Release notes

Sourced from reqwest's releases.

v0.11.24

What's Changed

• Add Certificate::from_pem_bundle() to add a bundle.
• Add http3_prior_knowledge() to blocking client builder.
• Remove Sync bounds requirement for Body::wrap_stream().
• Fix HTTP/2 to retry REFUSED_STREAM requests.
• Fix instances of converting Url to Uri that could panic.

New Contributors

• @​magurotuna made their first contribution in seanmonstar/reqwest#2081
• @​michaelciraci made their first contribution in seanmonstar/reqwest#2102
• @​basic-bgnr made their first contribution in seanmonstar/reqwest#2110
• @​jgraef made their first contribution in seanmonstar/reqwest#2114
• @​LucasPickering made their first contribution in seanmonstar/reqwest#2040
• @​gibbz00 made their first contribution in seanmonstar/reqwest#2032

Full Changelog: seanmonstar/reqwest@v0.11.23...v0.11.24

Changelog

Sourced from reqwest's changelog.

v0.11.24

• Add Certificate::from_pem_bundle() to add a bundle.
• Add http3_prior_knowledge() to blocking client builder.
• Remove Sync bounds requirement for Body::wrap_stream().
• Fix HTTP/2 to retry REFUSED_STREAM requests.
• Fix instances of converting Url to Uri that could panic.

Commits

• c9b4b65 v0.11.24
• ddf7f24 Add Certificate::from_pem_bundle() (#2032)
• 5d8443d fix panic when parsing invalid Url to Uri (#2040)
• e3bf090 docs: explain TLS backend features better (#2117)
• 1bd939b update wasm-streams dependency (#2114)
• 87cdf12 doc: clarify Cookie API usage (#2111)
• b3feff6 Add http3 feature to blocking client (#2110)
• 2332936 Update cookie crates (#2089)
• ef2c8ee Upgrading env_logger dep (#2102)
• 4ab5fb0 Fix HTTP/2: retry requests rejected with REFUSED_STREAM (#2081)
• Additional commits viewable in compare view

Updates serde_yaml from 0.9.29 to 0.9.31

Release notes

Sourced from serde_yaml's releases.

0.9.31

• Add swap_remove and shift_remove methods on Mapping (#408)

0.9.30

• Update proc-macro2 to fix caching issue when using a rustc-wrapper such as sccache

Commits

• 2a77483 Release 0.9.31
• d8d1a83 Merge pull request #408 from dtolnay/remove
• f8a99a4 Add swap_remove and shift_remove methods on Mapping
• 8b26413 Work around dead_code warning in tests
• 09ee251 Release 0.9.30
• caea939 Pull in proc-macro2 sccache fix
• d255918 Merge pull request #403 from dtolnay/optionifletelse
• 8cfeedd Remove option_if_let_else clippy suppression
• See full diff in compare view

Updates sha256 from 1.4.0 to 1.5.0

Commits

• 4184f8e Update Cargo.toml
• 70471a8 Merge pull request #21 from baoyachi/support_char_type
• 5671f6c support char type
• See full diff in compare view

Updates toml from 0.8.8 to 0.8.9

Commits

• f5c6f4b chore: Release
• 24e599e docs: Update changelog
• d00d616 Merge pull request #670 from epage/span
• 7e23971 fix(serde): Improve spans for empty tables
• d5423f6 test(serde): Show bad span
• 9db97b3 Merge pull request #668 from JustusAdam/patch-1
• 5381d7b docs: Describe Table order based on concepts
• 106d51f test: Update compliance suite
• 062e058 Merge pull request #665 from toml-rs/renovate/actions-setup-python-5.x
• 0da2b51 Merge pull request #666 from toml-rs/renovate/github-codeql-action-3.x
• Additional commits viewable in compare view

Updates which from 5.0.0 to 6.0.0

Release notes

Sourced from which's releases.

6.0.0

• MSRV is now 1.70
• Upgraded all dependencies to latest version

Changelog

Sourced from which's changelog.

6.0.0

• MSRV is now 1.70
• Upgraded all dependencies to latest version

Commits

• fcde0ea Upgrade deps, move to 6.0.0
• f50675a Prep 5.0.0 release
• e776ff0 Return appropriate error if path list defined and empty
• 70d2d1c Null terminate string for windows api
• 5c6208b Change how unit test gets current exe
• 6a027d1 Add unit test for extensionless Windows executable
• See full diff in compare view

Updates openssl-sys from 0.9.98 to 0.9.99

Release notes

Sourced from openssl-sys's releases.

openssl-sys-v0.9.99

What's Changed

• Allow passing a passphrase callback when loading a public key by @​alex in sfackler/rust-openssl#2135
• Expose several additional ciphers for symmetry with symm by @​alex in sfackler/rust-openssl#2140
• brew: add [email protected] (for 3.0.x LTS releases) by @​chenrui333 in sfackler/rust-openssl#2141
• Add PKey::from_dhx by @​alex in sfackler/rust-openssl#2142
• Make X509_PURPOSE opaque for LibreSSL >= 3.9.0 by @​botovq in sfackler/rust-openssl#2145
• PEM parsing: check last error instead of first by @​botovq in sfackler/rust-openssl#2148
• Expose brainpool NIDs on libressl by @​alex in sfackler/rust-openssl#2150
• Add two methods to the PKCS7 API by @​facutuesca in sfackler/rust-openssl#2111
• add more boringssl methods by @​zh-jq in sfackler/rust-openssl#2138
• Release openssl v0.10.63 and openssl-sys v0.9.99 by @​alex in sfackler/rust-openssl#2152

Full Changelog: sfackler/rust-openssl@openssl-sys-v0.9.98...openssl-sys-v0.9.99

Commits

• cc2850f Merge pull request #2152 from alex/bump-for-release
• fde3d03 Merge pull request #2138 from zh-jq/update-boringssl
• 1951575 Release openssl v0.10.63 and openssl-sys v0.9.99
• 951d771 Merge pull request #2111 from trail-of-forks/pkcs7-add-apis
• fb57f9f Merge pull request #2150 from alex/brainpool-on-libressl
• ca3f45d Expose brainpool NIDs on libressl
• a14146f Merge pull request #2148 from botovq/fix_stack_from_pem
• aa26e97 PEM parsing: check last error instead of first
• 06143eb Merge pull request #2145 from botovq/opaque-purpose
• bff0db7 Make X509_PURPOSE opaque for LibreSSL >= 3.9
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions