chore(dep): bump the deps group with 13 updates

[dependabot]

Bumps the deps group with 13 updates:

Package	From	To
tokio	1.40.0	1.41.0
clap	4.5.19	4.5.20
keyring	3.3.0	3.6.1
openssl	0.10.66	0.10.68
pyo3	0.22.3	0.22.5
serde	1.0.210	1.0.214
serde_json	1.0.128	1.0.132
regex	1.11.0	1.11.1
scraper	0.20.0	0.21.0
anyhow	1.0.89	1.0.92
clap_complete	4.5.29	4.5.36
thiserror	1.0.64	1.0.66
reqwest	0.12.8	0.12.9

Updates tokio from 1.40.0 to 1.41.0

Release notes

Sourced from tokio's releases.

Tokio v1.41.0

1.41.0 (Oct 22th, 2024)

Added

• metrics: stabilize global_queue_depth (#6854, #6918)
• net: add conversions for unix SocketAddr (#6868)
• sync: add watch::Sender::sender_count (#6836)
• sync: add mpsc::Receiver::blocking_recv_many (#6867)
• task: stabilize Id apis (#6793, #6891)

Added (unstable)

• metrics: add H2 Histogram option to improve histogram granularity (#6897)
• metrics: rename some histogram apis (#6924)
• runtime: add LocalRuntime (#6808)

Changed

• runtime: box futures larger than 16k on release mode (#6826)
• sync: add #[must_use] to Notified (#6828)
• sync: make watch cooperative (#6846)
• sync: make broadcast::Receiver cooperative (#6870)
• task: add task size to tracing instrumentation (#6881)
• wasm: enable cfg_fs for wasi target (#6822)

Fixed

• net: fix regression of abstract socket path in unix socket (#6838)

Documented

• io: recommend OwnedFd with AsyncFd (#6821)
• io: document cancel safety of AsyncFd methods (#6890)
• macros: render more comprehensible documentation for join and try_join (#6814, #6841)
• net: fix swapped examples for TcpSocket::set_nodelay and TcpSocket::nodelay (#6840)
• sync: document runtime compatibility (#6833)

#6793: tokio-rs/tokio#6793 #6808: tokio-rs/tokio#6808 #6810: tokio-rs/tokio#6810 #6814: tokio-rs/tokio#6814 #6821: tokio-rs/tokio#6821 #6822: tokio-rs/tokio#6822 #6826: tokio-rs/tokio#6826 #6828: tokio-rs/tokio#6828 #6833: tokio-rs/tokio#6833 #6836: tokio-rs/tokio#6836 #6838: tokio-rs/tokio#6838 #6840: tokio-rs/tokio#6840

... (truncated)

Commits

• 01e04da chore: prepare Tokio v1.41.0 (#6917)
• 92ccade runtime: fix stability feature flags for docs (#6909)
• fbfeb9a metrics: rename *_poll_count_* to *_poll_time_* (#6924)
• da745ff metrics: add H2 Histogram option to improve histogram granularity (#6897)
• ce1c74f metrics: fix deadlock in injection_queue_depth_multi_thread test (#6916)
• 28c9a14 metrics: rename injection_queue_depth to global_queue_depth (#6918)
• 32e0b43 ci: freeze FreeBSD and wasm-unknown-unknown on rustc 1.81 (#6911)
• 1656d8e sync: add mpsc::Receiver::blocking_recv_many (#6867)
• c9e998e ci: print the correct sort order of the dictionary on failure (#6905)
• 512e9de rt: add LocalRuntime (#6808)
• Additional commits viewable in compare view

Updates clap from 4.5.19 to 4.5.20

Changelog

Sourced from clap's changelog.

[4.5.20] - 2024-10-08

Features

• (unstable) Add CommandExt

Commits

• 5034cab chore: Release
• b5b690c docs: Update changelog
• abba196 Merge pull request #5688 from epage/rename
• 6ddd5d4 fix(complete)!: Rename ArgValueCompleter to ArgValueCandidates
• 71c5e27 fix(complete)!: Rename CustomCompleter to ValueCandidates
• See full diff in compare view

Updates keyring from 3.3.0 to 3.6.1

Release notes

Sourced from keyring's releases.

v3.6.1: Update dependencies

Two of the dependencies (openssl and whoami) were discovered to have vulnerabilities which were fixed in minor or patch releases. This crate has been updated to insist that the minor/patch release number of these dependencies is high enough to ensure use of a patched version.

There is no reason to think that the vulnerabilities in these dependencies could have been exercised through this crate. In addition, builds of clients done after the dependencies were patched would have already picked up the non-vulnerable versions. So this change is simply to ensure that future builds cannot use the vulnerable versions.

There are no code changes in this release.

v3.6.0: Add new combination keystore

This release contains a new credential store for Linux: a combination of keyutils (for use by headless processes) and secret service (for persistence of credentials beyond reboot). Thanks very much to @​soywod for the contribution!

v3.5.0: Add debug logging of internal operations

• Add debug logging of internal operations (thanks to @​soywod).
• Revert iOS security-framework dependency to v2 (see #225).

v3.4.0: allow simultaneous use of secret-service and keyutils

As pointed out in #214, it is possible to use both the secret-service and the keyutils credential stores at the same time, so this should be an allowed combination of specified features. This release allows that combination, selecting the secret-service as the default keystore but also loading the keyutils keystore.

Changelog

Sourced from keyring's changelog.

Version 3.6.0

• Add combination keystore of keyutils and secret service (thanks to @​soywod).

Version 3.5.0

• Add debug logging of internal operations (thanks to @​soywod).
• Revert iOS security-framework dependency to v2 (see #225).

Version 3.4.0

• Allow use of both secret-service and keyutils.

Commits

• 779dfe0 Merge pull request #230 from brotskydotcom/master
• 2e646c8 Bump version and update dependencies.
• eb54c80 Merge pull request #229 from brotskydotcom/master
• f18c311 Bump version and update changelog.
• 2e2e915 Merge pull request #222 from soywod/secret-service-with-keyutils
• f59afd5 Updated docs for new keystore.
• 658174e Fix new clippy warning.
• 16236b8 Merge remote-tracking branch 'upstream/master' into secret-service-with-keyutils
• 6df3d93 init doc + unit tests
• 9a4184c Merge pull request #226 from brotskydotcom/release-3.5
• Additional commits viewable in compare view

Updates openssl from 0.10.66 to 0.10.68

Release notes

Sourced from openssl's releases.

openssl-v0.10.68

What's Changed

• fixes #2317 -- restore compatibility with our MSRV and release openssl 0.9.68 by @​alex in sfackler/rust-openssl#2318

Full Changelog: sfackler/rust-openssl@openssl-v0.10.67...openssl-v0.10.68

openssl-v0.10.67

What's Changed

• Added a utility function to ensure we never have an issue with 0-length slices from pointers again by @​alex in sfackler/rust-openssl#2268
• Fix CI for the latest rustc by @​alex in sfackler/rust-openssl#2271
• Add binding for EVP_DigestSqueeze by @​initsecret in sfackler/rust-openssl#2270
• libressl 4.0: const correctness for X509_LOOKUP_METHOD by @​botovq in sfackler/rust-openssl#2276
• Bump hex dev-dependency version by @​alex in sfackler/rust-openssl#2277
• Raise bindgen version by @​alex in sfackler/rust-openssl#2278
• Ensure Rsa::check_key doesn't leave errors on the stack by @​alex in sfackler/rust-openssl#2279
• Update some docs to use the corresponds macro by @​rushilmehra in sfackler/rust-openssl#2282
• Don't leave errors on the stack in MdCtxRef::digest_verify_final by @​alex in sfackler/rust-openssl#2283
• Adjustments for LibreSSL 4 by @​botovq in sfackler/rust-openssl#2287
• Explicit rustfmt config by @​kornelski in sfackler/rust-openssl#2285
• add basic EVP_KDF bindings by @​reaperhulk in sfackler/rust-openssl#2289
• add ossl3 thread pool bindings by @​reaperhulk in sfackler/rust-openssl#2293
• add argon2id support for ossl 3.2+ by @​reaperhulk in sfackler/rust-openssl#2290
• fix 3.2.0 thread support and simplify by @​reaperhulk in sfackler/rust-openssl#2294
• add libctx arg to argon2id by @​reaperhulk in sfackler/rust-openssl#2295
• support using threads in argon2id by @​reaperhulk in sfackler/rust-openssl#2296
• Ensure beginning and end of the error output is readable by @​kornelski in sfackler/rust-openssl#2284
• Test against 3.4.0-alpha1 by @​sfackler in sfackler/rust-openssl#2302
• Resolve clippy warnings from nightly by @​alex in sfackler/rust-openssl#2310
• fixes #2311 -- silencer resolver warnings by @​alex in sfackler/rust-openssl#2312
• Bump to 3.4.0-beta1 by @​sfackler in sfackler/rust-openssl#2313
• LibreSSL 4.0.0 by @​botovq in sfackler/rust-openssl#2315
• Release openssl v0.10.67 and openssl-sys v0.9.104 by @​alex in sfackler/rust-openssl#2316

New Contributors

• @​initsecret made their first contribution in sfackler/rust-openssl#2270
• @​rushilmehra made their first contribution in sfackler/rust-openssl#2282
• @​kornelski made their first contribution in sfackler/rust-openssl#2285

Full Changelog: sfackler/rust-openssl@openssl-v0.10.66...openssl-v0.10.67

Commits

• be8dcfd Merge pull request #2318 from alex/msrv-fix
• 065cc77 fixes #2317 -- restore compatibility with our MSRV and release openssl 0.9.68
• 7b3ec80 Merge pull request #2316 from alex/bump-for-release
• b510e8c Release openssl v0.10.67 and openssl-sys v0.9.104
• ee3b024 Merge pull request #2315 from botovq/libressl-4.0.0
• c4dabc2 CI: Update LibreSSL CI
• f9027b7 LibreSSL 4.0.0 is released & stable
• 1b51ba5 Merge pull request #2313 from sfackler/sfackler-patch-1
• de8a97c Bump to 3.4.0-beta1
• 3930464 Merge pull request #2312 from sfackler/alex-patch-1
• Additional commits viewable in compare view

Updates pyo3 from 0.22.3 to 0.22.5

Release notes

Sourced from pyo3's releases.

PyO3 0.22.5

This release fixes a compile regression from 0.22.4 where #[pymethods] with name __clear__ and clear would generate code with a naming conflict. Thanks @​awolverp for the report and @​Icxolu for the fix!

PyO3 0.22.4

This release is a security fix for PyO3 0.22.0 through 0.22.3.

The PyWeakrefMethods trait functions for reading borrowed values from Python weak references have been identified as unsound, because they did not account for the possibility the last strong reference could be cleared at any time, leading the borrowed value to be dangling and risk of use-after-free.

PyO3 0.22.4 protects against this issue by making these methods permanently leak strong references. The methods are also marked deprecated and will be removed in PyO3 0.23. Users should switch to use the use PyWeakrefMethods functions which return owned references (the deprecation messages indicate the appropriate upgrade paths).

These functions were added in PyO3 0.22.0; all versions from 0.22.0 through 0.22.3 have been yanked.

Aside from the security fix, PyO3 0.22.4 contains a number of other bugfixes, including:

• A fix for cases where __traverse__ functions of base types were not called when using #[pyclass(extends = ...)]
• A fix for a regression in 0.22.3 where PyO3 generated code would trigger compile failures with crates using #![forbid(unsafe_code)]

Thank you to the following contributors for the improvements:

@​davidhewitt @​ngoldbaum @​exg @​Icxolu

Changelog

Sourced from pyo3's changelog.

[0.22.5] - 2024-10-15

Fixed

• Fix regression in 0.22.4 of naming collision in __clear__ slot and clear method generated code. #4619

[0.22.4] - 2024-10-12

Added

• Add FFI definition PyWeakref_GetRef and compat::PyWeakref_GetRef. #4528

Changed

• Deprecate _borrowed methods on PyWeakRef and PyWeakrefProxy (just use the owning forms). #4590

Fixed

• Revert removal of private FFI function _PyLong_NumBits on Python 3.13 and later. #4450
• Fix __traverse__ functions for base classes not being called by subclasses created with #[pyclass(extends = ...)]. #4563
• Fix regression in 0.22.3 failing compiles under #![forbid(unsafe_code)]. #4574
• Workaround possible use-after-free in _borrowed methods on PyWeakRef and PyWeakrefProxy by leaking their contents. #4590
• Fix crash calling PyType_GetSlot on static types before Python 3.10. #4599

Commits

• 4c88e9a release: 0.22.5
• 8f6464e fix __clear__ slot naming collision with clear method (#4619)
• dff9723 release: 0.22.4
• 3330bf2 fix garbage collection in inheritance cases (#4563)
• 8b23397 ci: pypy 3.7 macos on x64 still
• ce63713 ci: run benchmarks on ubuntu 22.04 (#4609)
• b1173f5 ci: fix more ubuntu-24.04 failures (#4610)
• 7371028 ci: move more jobs to macOS arm (#4600)
• 8e3dc45 avoid calling PyType_GetSlot on static types before Python 3.10 (#4599)
• 969300d leak references for safety in PyWeakRefMethods::upgrade_borrowed (#4590)
• Additional commits viewable in compare view

Updates serde from 1.0.210 to 1.0.214

Release notes

Sourced from serde's releases.

v1.0.214

• Implement IntoDeserializer for all Deserializers in serde::de::value module (#2568, thanks @​Mingun)

v1.0.213

• Fix support for macro-generated with attributes inside a newtype struct (#2847)

v1.0.212

• Fix hygiene of macro-generated local variable accesses in serde(with) wrappers (#2845)

v1.0.211

• Improve error reporting about mismatched signature in with and default attributes (#2558, thanks @​Mingun)
• Show variant aliases in error message when variant deserialization fails (#2566, thanks @​Mingun)
• Improve binary size of untagged enum and internally tagged enum deserialization by about 12% (#2821)

Commits

• 4180621 Release 1.0.214
• 210373b Merge pull request #2568 from Mingun/into_deserializer-for-deserializers
• 9cda015 Implement IntoDeserializer for all Deserializers in serde::de::value module
• 58a8d22 Release 1.0.213
• ef0ed22 Merge pull request #2847 from dtolnay/newtypewith
• 79925ac Ignore dead_code warning in regression test
• b60e409 Hygiene for macro-generated newtype struct deserialization with 'with' attr
• fdc36e5 Add regression test for issue 2846
• 49e11ce Ignore trivially_copy_pass_by_ref pedantic clippy lint in test
• 7ae1b5f Release 1.0.212
• Additional commits viewable in compare view

Updates serde_json from 1.0.128 to 1.0.132

Release notes

Sourced from serde_json's releases.

1.0.132

• Improve binary size and compile time for JSON array and JSON object deserialization by about 50% (#1205)
• Improve performance of JSON array and JSON object deserialization by about 8% (#1206)

1.0.131

• Implement Deserializer and IntoDeserializer for Map<String, Value> and &Map<String, Value> (#1135, thanks @​swlynch99)

1.0.130

• Support converting and deserializing Number from i128 and u128 (#1141, thanks @​druide)

1.0.129

• Add serde_json::Map::sort_keys and serde_json::Value::sort_all_objects (#1199)

Commits

• 86d933c Release 1.0.132
• f45b422 Merge pull request #1206 from dtolnay/hasnext
• f2082d2 Clearer order of comparisons
• 0f54a1a Handle early return sooner on eof in seq or map
• 2a4cb44 Rearrange 'match peek'
• 4cb90ce Merge pull request #1205 from dtolnay/hasnext
• b71ccd2 Reduce duplicative instantiation of logic in SeqAccess and MapAccess
• a810ba9 Release 1.0.131
• 0d084c5 Touch up PR 1135
• b4954a9 Merge pull request #1135 from swlynch99/map-deserializer
• Additional commits viewable in compare view

Updates regex from 1.11.0 to 1.11.1

Changelog

Sourced from regex's changelog.

1.11.1 (2024-10-24)

This is a new patch release of regex that fixes compilation on nightly Rust when the unstable pattern crate feature is enabled. Users on nightly Rust without this feature enabled are unaffected.

Bug fixes:

• [BUG #1231](rust-lang/regex#1231): Fix the Pattern trait implementation as a result of nightly API breakage.

Commits

• 9870c06 1.11.1
• 80df54e changelog: 1.11.1
• 991ba88 unstable: fix Pattern trait implementation
• See full diff in compare view

Updates scraper from 0.20.0 to 0.21.0

Release notes

Sourced from scraper's releases.

0.21.0

What's Changed

• Bump indexmap from 2.3.0 to 2.4.0 by @​dependabot in rust-scraper/scraper#197
• Bump ego-tree from 0.6.2 to 0.7.0 by @​dependabot in rust-scraper/scraper#198
• migrate once_cell::unsync::OnceCell to std::cell::OnceCell + drop dep… by @​LoZack19 in rust-scraper/scraper#199
• Introduce workspaces by @​LoZack19 in rust-scraper/scraper#201
• Now that ego-tree's Traverse is a fused iterator, so are our Select and Text by @​adamreichold in rust-scraper/scraper#202
• Bump indexmap from 2.4.0 to 2.5.0 by @​dependabot in rust-scraper/scraper#204
• Bump ego-tree from 0.8.0 to 0.9.0 by @​dependabot in rust-scraper/scraper#205
• Bump indexmap from 2.5.0 to 2.6.0 by @​dependabot in rust-scraper/scraper#211
• Bump selectors, cssparser and html5ever by @​adamreichold in rust-scraper/scraper#214
• Handle missing Token::Delim variant when rendering errors by @​adamreichold in rust-scraper/scraper#213

New Contributors

• @​LoZack19 made their first contribution in rust-scraper/scraper#199

Full Changelog: rust-scraper/scraper@v0.20.0...v0.21.0

Commits

• 93afdd9 Version 0.21.0
• 9843bc8 Merge pull request #213 from rust-scraper/fix-issue221
• 2ede12e Merge pull request #214 from rust-scraper/bump-selectors
• fddd90e Bump html5ever to its current stable version and adjust our usage accordingly
• 7d422d8 Bump selectors and cssparser to their current stable versions and adjust our ...
• 53ac848 Handle missing Token::Delim variant when rendering errors
• e0d4ea7 Bump indexmap from 2.5.0 to 2.6.0
• c3735b2 Merge pull request #205 from rust-scraper/dependabot/cargo/ego-tree-0.9.0
• faca0a9 Merge pull request #204 from rust-scraper/dependabot/cargo/indexmap-2.5.0
• b945d5a Bump ego-tree from 0.8.0 to 0.9.0
• Additional commits viewable in compare view

Updates anyhow from 1.0.89 to 1.0.92

Release notes

Sourced from anyhow's releases.

1.0.92

• Support Rust 1.82's &raw const and &raw mut syntax inside ensure! (#390)

1.0.91

• Ensure OUT_DIR is left with deterministic contents after build script execution (#388)

1.0.90

• Documentation improvements

Commits

• fd03a8e Release 1.0.92
• a16252b Merge pull request #390 from dtolnay/rawaddr
• fcf2ef8 Compile &raw test on Rust 1.82+ only
• 1e7e9fe Parse raw address expression syntax
• 7d1a8f9 Add test of raw addr expression syntax
• 6c52daa Release 1.0.91
• 4986853 Merge pull request #388 from dtolnay/outdir
• f130b76 Clean up dep-info files from OUT_DIR
• a0b868a Release 1.0.90
• 0f74169 Improve rendering of inline code in macros documentation
• Additional commits viewable in compare view

Updates clap_complete from 4.5.29 to 4.5.36

Commits

• 7a6475e chore: Release
• 0266c41 docs: Update changelog
• 6ec0b43 Merge pull request #5791 from okapia/zsh-default-fallback
• e40168c fix(zsh): Use _default as zsh completion fallback
• 55a18f5 chore: Release
• 3b05635 fix(complete): Ensure new enough clap is used
• 5d2cdac chore: Release
• f1c10eb docs: Update changelog
• a4d1a7f chore(ci): Take a break from template updates
• e95ed39 Merge pull request #5775 from vivienm/master
• Additional commits viewable in compare view

Updates thiserror from 1.0.64 to 1.0.66

Release notes

Sourced from thiserror's releases.

1.0.66

• Improve compile error on malformed format attribute (#327)

1.0.65

• Ensure OUT_DIR is left with deterministic contents after build script execution (#325)

Commits

• d1a8254 Release 1.0.66
• e2e9da3 Merge pull request #328 from dtolnay/peekend
• 3d79a90 Use peek2(End) instead of fork/advance_to
• a9a6c98 Merge pull request #329 from dtolnay/up
• 51a5e4c Raise minimum compiler for test suite to rust 1.70
• 8fb92ff Resolve uninlined_format_args pedantic clippy lint in build script
• 0e2bef9 Raise required compiler to rust 1.61
• bb30f2e Merge pull request #327 from dtolnay/literal
• 5d3edf9 Improve error on malformed format attribute
• 003a89f Merge pull request #326 from dtolnay/sealed
• Additional commits viewable in compare view

Updates reqwest from 0.12.8 to 0.12.9

Release notes

Sourced from reqwest's releases.

v0.12.9

What's Changed

• Add tls::CertificateRevocationLists support (by @​ksenia-vazhdaeva in seanmonstar/reqwest#2433)
• Add crate features to enable webpki roots without selecting a rustls provider (by @​stevefan1999-personal in seanmonstar/reqwest#2447)
• Fix multipart::Part::file() to automatically include content-length (by @​Mr-Pine in seanmonstar/reqwest#2459)
• Fix proxy to internally no longer cache system proxy settings (by @​lanyeeee in seanmonstar/reqwest#2442)
• Fix connection_verbose() to output read logs (by @​seanmonstar in seanmonstar/reqwest#2454)

New Contributors

• @​lanyeeee made their first contribution in seanmonstar/reqwest#2442
• @​ksenia-vazhdaeva made their first contribution in seanmonstar/reqwest#2433
• @​Mr-Pine made their first contribution in seanmonstar/reqwest#2459
• @​stevefan1999-personal made their first contribution in seanmonstar/reqwest#2447

Full Changelog: seanmonstar/reqwest@v0.12.8...v0.12.9

Changelog

Sourced from reqwest's changelog.

v0.12.9

• Add tls::CertificateRevocationLists support.
• Add crate features to enable webpki roots without selecting a rustls provider.
• Fix connection_verbose() to output read logs.
• Fix multipart::Part::file() to automatically include content-length.
• Fix proxy to internally no longer cache system proxy settings.

Commits

• 797df2b v0.12.9
• 64aa7d1 add webpki roots option for rustls no provider setup (#2447)
• 598f857 Add content length to async_impl::multipart file streams (#2459)
• d99e90d fix: re-enable verbose connection read logs (#2454)
• aba01ff feat: Add support for Certificate Revocation Lists (#2433)
• 3ad6e02 refactor: remove internal proxy sys cache (#2442)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions