chore(deps)(deps): bump the cargo-all group across 1 directory with 15 updates

[dependabot]

Bumps the cargo-all group with 14 updates in the / directory:

Package	From	To
anyhow	1.0.97	1.0.102
log	0.4.26	0.4.32
clap	4.5.32	4.5.60
env_logger	0.11.7	0.11.10
mimalloc	0.1.43	0.1.52
num_cpus	1.16.0	1.17.0
reqwest	0.12.14	0.12.28
sha2	0.10.9	0.11.0
toml	0.8.23	0.9.6
serde_json	1.0.149	1.0.150
tar	0.4.45	0.4.46
tempfile	3.19.0	3.27.0
serde_yml	0.0.12	0.0.13
built	0.7.7	0.8.0

Updates anyhow from 1.0.97 to 1.0.102

Release notes

Sourced from anyhow's releases.

1.0.102

• Remove backtrace dependency (#438, #439, #440, #441, #442)

1.0.101

• Add #[inline] to anyhow::Ok helper (#437, thanks @​Ibitier)

1.0.100

• Teach clippy to lint formatting arguments in bail!, ensure!, anyhow! (#426)

1.0.99

• Allow build-script cleanup failure with NFSv3 output directory to be non-fatal (#420)

1.0.98

• Add self.into_boxed_dyn_error() and self.reallocate_into_boxed_dyn_error_without_backtrace() methods for anyhow::Error (#415)

Commits

• 5c657b3 Release 1.0.102
• e737fb6 Merge pull request #442 from dtolnay/backtrace
• 7fe62b5 Further simply backtrace conditional compilation
• c8cb5ca Merge pull request #441 from dtolnay/backtrace
• de27df7 Delete CI use of --features=backtrace
• 9b67e5d Merge pull request #440 from dtolnay/backtrace
• efdb11a Simplify std_backtrace conditional code
• b8a9a70 Merge pull request #439 from dtolnay/backtrace
• a42fc2c Remove feature = "backtrace" conditional code
• 2a2a3ce Re-word backtrace feature comment
• Additional commits viewable in compare view

Updates log from 0.4.26 to 0.4.32

Release notes

Sourced from log's releases.

0.4.32

What's Changed

• Support Value -> string conversions with kv + std features instead of kv_std by @​tisonkun in rust-lang/log#729
• Prepare for 0.4.32 release by @​KodrAus in rust-lang/log#730

Full Changelog: rust-lang/log@0.4.31...0.4.32

0.4.31

What's Changed

• fix typos in kv compile errors and log documentation by @​Isvane in rust-lang/log#726
• Leverage static str key when possible by @​tisonkun in rust-lang/log#727
• Prepare for 0.4.31 release by @​KodrAus in rust-lang/log#728

New Contributors

• @​Isvane made their first contribution in rust-lang/log#726

Full Changelog: rust-lang/log@0.4.30...0.4.31

0.4.30

What's Changed

• Support capturing of std::net types by @​KodrAus in rust-lang/log#724

New Contributors

• @​V0ldek made their first contribution in rust-lang/log#720
• @​woodruffw made their first contribution in rust-lang/log#723

Full Changelog: rust-lang/log@0.4.29...0.4.30

Notable Changes

• MSRV is bumped to 1.71.0 in rust-lang/log#723

0.4.29

MSRV

This release increases log's MSRV from 1.61.0 to 1.68.0.

What's Changed

• docs: Add missing impls from README.md by @​AldaronLau in rust-lang/log#703
• Point to new URLs for favicon and logo by @​AldaronLau in rust-lang/log#704
• perf: reduce llvm-lines of FromStr for Level and LevelFilter by @​dishmaker in rust-lang/log#709
• Replace serde with serde_core by @​Thomasdezeeuw in rust-lang/log#712
• Fix clippy lints by @​Thomasdezeeuw in rust-lang/log#713
• Use GitHub Actions to install Rust and cargo-hack by @​Thomasdezeeuw in rust-lang/log#715
• Exclude old unstable_kv features from testing matrix by @​Thomasdezeeuw in rust-lang/log#716
• Fix up CI by @​KodrAus in rust-lang/log#718
• Prepare for 0.4.29 release by @​KodrAus in rust-lang/log#719

New Contributors

• @​AldaronLau made their first contribution in rust-lang/log#703

... (truncated)

Changelog

Sourced from log's changelog.

[0.4.32] - 2026-06-04

What's Changed

• Support Value -> string conversions with kv + std features instead of kv_std by @​tisonkun in rust-lang/log#729

Full Changelog: rust-lang/log@0.4.31...0.4.32

[0.4.31] - 2026-06-02

What's Changed

• Leverage static str key when possible by @​tisonkun in rust-lang/log#727

New Contributors

• @​Isvane made their first contribution in rust-lang/log#726

Full Changelog: rust-lang/log@0.4.30...0.4.31

[0.4.30] - 2026-05-21

What's Changed

• Support capturing of std::net types by @​KodrAus in rust-lang/log#724

New Contributors

• @​V0ldek made their first contribution in rust-lang/log#720
• @​woodruffw made their first contribution in rust-lang/log#723

Full Changelog: rust-lang/log@0.4.29...0.4.30

Notable Changes

• MSRV is bumped to 1.71.0 in rust-lang/log#723

[0.4.29] - 2025-12-02

What's Changed

• perf: reduce llvm-lines of FromStr for Level and LevelFilter by @​dishmaker in rust-lang/log#709
• Replace serde with serde_core by @​Thomasdezeeuw in rust-lang/log#712

New Contributors

• @​AldaronLau made their first contribution in rust-lang/log#703
• @​dishmaker made their first contribution in rust-lang/log#709

Full Changelog: rust-lang/log@0.4.28...0.4.29

[0.4.28] - 2025-09-02

What's Changed

• ci: drop really old trick and ensure MSRV for all feature combo by @​tisonkun in rust-lang/log#676
• Chore: delete compare_exchange method for AtomicUsize on platforms without atomics by @​HaoliangXu in rust-lang/log#690
• Add increment_severity() and decrement_severity() methods for Level and LevelFilter by @​nebkor in rust-lang/log#692

... (truncated)

Commits

• a5b5b21 Merge pull request #730 from rust-lang/cargo/0.4.32
• c8d3b12 prepare for 0.4.32 release
• ce6cd9f Merge pull request #729 from tisonkun/kv-std-support
• 20b3b05 drop cfg-feature=kv as it is already met
• 7bc1200 kv::std_support may not need value-bag
• 5808392 Merge pull request #728 from rust-lang/cargo/0.4.31
• 86d739f prepare for 0.4.31 release
• c906cfb Merge pull request #727 from tisonkun/leverage-static-str-key-when-possible
• 756c279 leverage str literal as well
• 3dd250d rename Key::from_static_str to from_str_static
• Additional commits viewable in compare view

Updates clap from 4.5.32 to 4.5.60

Release notes

Sourced from clap's releases.

v4.5.60

[4.5.60] - 2026-02-19

Fixes

• (help) Quote empty default values, possible values

v4.5.59

[4.5.59] - 2026-02-16

Fixes

• Command::ignore_errors no longer masks help/version on subcommands

v4.5.58

[4.5.58] - 2026-02-11

v4.5.57

[4.5.57] - 2026-02-03

Fixes

• Regression from 4.5.55 where having an argument with .value_terminator("--") caused problems with an argument with .last(true)

v4.5.56

[4.5.56] - 2026-01-29

Fixes

• On conflict error, don't show conflicting arguments in the usage

v4.5.55

[4.5.55] - 2026-01-27

Fixes

• Fix inconsistency in precedence between positionals with a value_terminator("--") and escapes (--) where ./foo -- bar means the first arg is empty, rather than escaping future args

v4.5.54

[4.5.54] - 2026-01-02

Fixes

• (help) Move [default] to its own paragraph when PossibleValue::help is present in --help

v4.5.53

[4.5.53] - 2025-11-19

Features

... (truncated)

Changelog

Sourced from clap's changelog.

[4.5.60] - 2026-02-19

Fixes

• (help) Quote empty default values, possible values

[4.5.59] - 2026-02-16

Fixes

• Command::ignore_errors no longer masks help/version on subcommands

[4.5.58] - 2026-02-11

[4.5.57] - 2026-02-03

Fixes

• Regression from 4.5.55 where having an argument with .value_terminator("--") caused problems with an argument with .last(true)

[4.5.56] - 2026-01-29

Fixes

• On conflict error, don't show conflicting arguments in the usage

[4.5.55] - 2026-01-27

Fixes

• Fix inconsistency in precedence between positionals with a value_terminator("--") and escapes (--) where ./foo -- bar means the first arg is empty, rather than escaping future args

[4.5.54] - 2026-01-02

Fixes

• (help) Move [default] to its own paragraph when PossibleValue::help is present in --help

[4.5.53] - 2025-11-19

Features

• Add default_values_if, default_values_ifs

[4.5.52] - 2025-11-17

Fixes

• Don't panic when args_conflicts_with_subcommands conflicts with an ArgGroup

... (truncated)

Commits

• 33d24d8 chore: Release
• 9332409 docs: Update changelog
• b7adce5 Merge pull request #6166 from fabalchemy/fix-dynamic-powershell-completion
• 009bba4 fix(clap_complete): Improve powershell registration
• d89d57d chore: Release
• f18b67e docs: Update changelog
• 9d218eb Merge pull request #6165 from epage/shirt
• 126440c fix(help): Correctly calculate padding for short-only args
• 9e3c05e test(help): Show panic with short, valueless arg
• c9898d0 test(help): Verify short with value
• Additional commits viewable in compare view

Updates env_logger from 0.11.7 to 0.11.10

Release notes

Sourced from env_logger's releases.

v0.11.10

[0.11.10] - 2026-03-23

Internal

• Update dependencies

v0.11.9

[0.11.9] - 2026-02-11

v0.11.8

[0.11.8] - 2025-04-01

Compatibility

• (kv) Deprecate the unstable-kv feature which may be removed in a future patch release

Features

• (kv) Stabilize key-value support behind the kv feature
• Expose ConfigurableFormat to build custom [Builder::format]s that leverage this

Changelog

Sourced from env_logger's changelog.

[0.11.10] - 2026-03-23

Internal

• Update dependencies

[0.11.9] - 2026-02-11

[0.11.8] - 2025-04-01

Compatibility

• (kv) Deprecate the unstable-kv feature which may be removed in a future patch release

Features

• (kv) Stabilize key-value support behind the kv feature
• Expose ConfigurableFormat to build custom [Builder::format]s that leverage this

Commits

• 41320bf chore: Release
• de8c74f docs: Update changelog
• d550741 docs(gh): Add sponsor link
• 458b075 chore(deps): Update Rust Stable to v1.94 (#401)
• 8bc3fc3 Merge pull request #400 from epage/update
• 143fa64 chore: Upgrade incompatible
• b687a24 chore: Upgrade compatible
• 8cf1ba9 Merge pull request #397 from rust-cli/renovate/crate-ci-typos-1.x
• 094ecf7 Merge pull request #396 from rust-cli/renovate/crate-ci-committed-1.x
• 34ad626 chore(deps): Update pre-commit hook crate-ci/typos to v1.44.0
• Additional commits viewable in compare view

Updates mimalloc from 0.1.43 to 0.1.52

Release notes

Sourced from mimalloc's releases.

Version 0.1.52

Changes

• Expose mi_stats_get_json().
• Fix ARM compilation.

Version 0.1.51

Changes

• Mimalloc bumped to v3.3.2 and v2.3.2.
• Compile with msvc on windows.

Version 0.1.50

Changes

• Update to mimalloc v2.3.1 and v3.3.1

Version 0.1.49

Changes

• Update to mimalloc v2.3.0 and v3.3.0
• Use mimalloc v3 by default.

Version 0.1.48

Changes

• Mimalloc v3 feature flag. (credits @​gschulze).

Version 0.1.47

Changes

• Mimalloc v2.2.4

Version 0.1.46

Changes

• Fixed musl builds.

Version 0.1.45

Changes

• Mimalloc v2.2.3

Version 0.1.44

Changes

• Mimalloc v2.2.2

Commits

• abcd2be v0.1.52
• 9db5330 Remove explicit arm instruction set
• d06bd31 Merge pull request #161 from svix-jbrown/feat/stats-json
• eb4a16d simplify API
• e1fd9eb fix up some tests
• 6805298 v0.1.51
• ba2c9b1 Fix extended v3
• 84969eb Merge pull request #160 from Havunen/feat/adjust_build_to_match_mimalloc
• 843b9b2 Updated mimalloc to 3.3.2 and 2.3.2
• da7a09c feat: expose mi_stats_get_json and a safe wrapper around it
• Additional commits viewable in compare view

Updates num_cpus from 1.16.0 to 1.17.0

Changelog

Sourced from num_cpus's changelog.

v1.17.0

Fixes

• update hermit-abi to 0.5.0
• remove special support for nacl

Commits

• 342af76 v1.17.0
• e970a82 Bump hermit-abi version (#144)
• 797f827 Update LICENSE-MIT (#143)
• b6ca8a4 ci: worker cpus has been increased
• f06cd50 ci: remove asmjs job
• 41e39dd ci: mips is not tier 3, remove CI jobs
• 13af26c remove special support for nacl
• 815551c ci: pin libc for msrv job
• See full diff in compare view

Updates regex from 1.11.1 to 1.12.4

Changelog

Sourced from regex's changelog.

1.12.4 (2025-06-09)

This release includes a performance optimization for compilation of regexes with very large character classes.

Improvements:

• #1308: Avoid re-canonicalizing the entire interval set when pushing new class ranges.

1.12.3 (2025-02-03)

This release excludes some unnecessary things from the archive published to crates.io. Specifically, fuzzing data and various shell scripts are now excluded. If you run into problems, please file an issue.

Improvements:

• #1319: Switch from a Cargo exclude list to an include list, and exclude some unnecessary stuff.

1.12.2 (2025-10-13)

This release fixes a cargo doc breakage on nightly when --cfg docsrs is enabled. This caused documentation to fail to build on docs.rs.

Bug fixes:

• [BUG #1305](rust-lang/regex#1305): Switches the doc_auto_cfg feature to doc_cfg on nightly for docs.rs builds.

1.12.1 (2025-10-10)

This release makes a bug fix in the new regex::Captures::get_match API introduced in 1.12.0. There was an oversight with the lifetime parameter for the Match returned. This is technically a breaking change, but given that it was caught almost immediately and I've yanked the 1.12.0 release, I think this is fine.

1.12.0 (2025-10-10)

This release contains a smattering of bug fixes, a fix for excessive memory consumption in some cases and a new regex::Captures::get_match API.

Improvements:

... (truncated)

Commits

• 7b96fdc 1.12.4
• 7b89cf0 deps: update to regex-syntax 0.8.11
• 1401679 regex-syntax-0.8.11
• d709000 changelog: 1.12.4
• 9825c74 syntax: avoid re-canonicalizing the entire IntervalSet on push (#1308)
• a7f2ff6 docs: clarify regex-lite word boundaries
• 2c7b172 docs: clarify unsupported Anchored::Pattern searches
• 839d16b regex-syntax-0.8.10
• c4865a0 syntax: fix negation handling in HIR translation
• d8761c0 cargo: also include benches
• Additional commits viewable in compare view

Updates reqwest from 0.12.14 to 0.12.28

Release notes

Sourced from reqwest's releases.

v0.12.28

What's Changed

• fix: correctly import TokioIo on Windows by @​seanmonstar in seanmonstar/reqwest#2896

Full Changelog: seanmonstar/reqwest@v0.12.27...v0.12.28

v0.12.27

tl;dr

• Add ClientBuilder::windows_named_pipe(name) option that will force all requests over that Windows Named Pipe.

What's Changed

• chore: Disable unused tokio-util codec feature by @​tottoto in seanmonstar/reqwest#2893
• chore: Use http_body_util::BodyDataStream by @​tottoto in seanmonstar/reqwest#2892
• feat: add windows_named_pipe() option to client builder by @​seanmonstar in seanmonstar/reqwest#2789

Full Changelog: seanmonstar/reqwest@v0.12.26...v0.12.27

v0.12.26

tl;dr

• Fix sending Accept-Encoding header only with values configured with reqwest, regardless of underlying tower-http config.

What's Changed

• deps: update cookie_store by @​seanmonstar in seanmonstar/reqwest#2886
• fix: disable default compression from tower-http if not enabled in reqwest by @​seanmonstar in seanmonstar/reqwest#2889
• fix(http3): correct compression defaults by @​seanmonstar in seanmonstar/reqwest#2890

Full Changelog: seanmonstar/reqwest@v0.12.25...v0.12.26

v0.12.25

Highlights

• Add Error::is_upgrade() to determine if the error was from an HTTP upgrade.
• Fix sending Proxy-Authorization if only username is configured.
• Fix sending Proxy-Authorization to HTTPS proxies when the target is HTTP.
• Refactor internal decompression handling to use tower-http.

What's Changed

• tests: fix wasm timeout test with uncached response by @​seanmonstar in seanmonstar/reqwest#2853
• docs: document connection pooling behavior by @​vinzmyko in seanmonstar/reqwest#2851
• docs: document WASM client by @​vinzmyko in seanmonstar/reqwest#2859
• chore: minor improvement for docs by @​black5box in seanmonstar/reqwest#2862
• fix: send proxy-authorization even with empty password by @​barjin in seanmonstar/reqwest#2868
• feat(error): add is_upgrade method to detect protocol upgrade errors by @​0x676e67 in seanmonstar/reqwest#2822
• Use decompression from tower-http by @​ducaale in seanmonstar/reqwest#2840

... (truncated)

Changelog

Sourced from reqwest's changelog.

v0.12.28

• Fix compiling on Windows if TLS and SOCKS features are not enabled.

v0.12.27

• Add ClientBuilder::windows_named_pipe(name) option that will force all requests over that Windows Named Piper.

v0.12.26

• Fix sending Accept-Encoding header only with values configured with reqwest, regardless of underlying tower-http config.

v0.12.25

• Add Error::is_upgrade() to determine if the error was from an HTTP upgrade.
• Fix sending Proxy-Authorization if only username is configured.
• Fix sending Proxy-Authorization to HTTPS proxies when the target is HTTP.
• Refactor internal decompression handling to use tower-http.

v0.12.24

• Refactor cookie handling to an internal middleware.
• Refactor internal random generator.
• Refactor base64 encoding to reduce a copy.
• Documentation updates.

v0.12.23

• Add ClientBuilder::unix_socket(path) option that will force all requests over that Unix Domain Socket.
• Add ClientBuilder::retry(policy) and reqwest::retry::Builder to configure automatic retries.
• Add ClientBuilder::dns_resolver2() with more ergonomic argument bounds, allowing more resolver implementations.
• Add http3_* options to blocking::ClientBuilder.
• Fix default TCP timeout values to enabled and faster.
• Fix SOCKS proxies to default to port 1080
• (wasm) Add cache methods to RequestBuilder.

v0.12.22

• Fix socks proxies when resolving IPv6 destinations.

v0.12.21

• Fix socks proxy to use socks4a:// instead of socks4h://.
• Fix Error::is_timeout() to check for hyper and IO timeouts too.
• Fix request Error to again include URLs when possible.
• Fix socks connect error to include more context.
• (wasm) implement Default for Body.

v0.12.20

... (truncated)

Commits

• d978599 v0.12.28
• ef2768a fix: correctly import TokioIo on Windows (#2896)
• 1bf6441 v0.12.27
• 4967b1b feat: add windows_named_pipe() option to client builder (#2789)
• ef5b239 chore: Use http_body_util::BodyDataStream (#2892)
• a810004 chore: Disable unused tokio-util codec feature (#2893)
• 01f03a4 v0.12.26
• e908f57 fix(http3): correct compression defaults (#2890)
• 509c904 fix: disable default compression from tower-http if not enabled in reqwest (#...
• 896aaea deps: update cookie_store to 0.22 (#2886)
• Additional commits viewable in compare view

Updates sha2 from 0.10.9 to 0.11.0

Commits

• ffe0939 Release sha2 0.11.0 (#806)
• 8991b65 Use the standard order of the [package] section fields (#807)
• 3d2bc57 sha2: refactor backends (#802)
• faa55fb sha3: bump keccak to v0.2 (#803)
• d3e6489 sha3 v0.11.0-rc.9 (#801)
• bbf6f51 sha2: tweak backend docs (#800)
• 155dbbf sha3: add default value for the DS generic parameter on TurboShake128/256...
• ed514f2 Use published version of keccak v0.2 (#799)
• 702bcd8 Migrate to closure-based keccak (#796)
• 827c043 sha3 v0.11.0-rc.8 (#794)
• Additional commits viewable in compare view

Updates toml from 0.8.23 to 0.9.6

Commits

• 4695fb0 chore: Release
• 6a77ed7 docs: Update changelog
• c1e8197 refactor: Switch serde dependency to serde_core (#1036)
• d85d6cd refactor: Switch serde dependency to serde_core
• 9154dcb chore: Release
• 38f445c docs: Update changelog
• 1ce8a75 feat(edit): Expose Table::span (#1031)
• 290c28f feat(edit): Expose Table::span
• b2bc739 chore(deps): Update Rust Stable to v1.89 (#1026)
• bd21148 chore: Release
• Additional commits viewable in compare view

Updates serde_json from 1.0.149 to 1.0.150

Release notes

Sourced from serde_json's releases.

v1.0.150

• Reject non-string enum object keys (#1324, thanks @​puneetdixit200)

Commits

• a1ae73a Release 1.0.150
• 1a360b0 Merge pull request #1324 from puneetdixit200/reject-non-string-enum-keys
• 2037b63 Reject non-string enum object keys
• 5d30df6 Resolve manual_assert_eq pedantic clippy lint
• dc8003a Raise required compiler for preserve_order feature to 1.85
• a42fa98 Unpin CI miri toolchain
• 684a60e Pin CI miri to nightly-2026-02-11
• 7c7da33 Raise required compiler to Rust 1.71
• acf4850 Simplify Number::is_f64
• 6b8ceab Resolve unnecessary_map_or clippy lint
• Additional commits viewable in compare view

Updates tar from 0.4.45 to 0.4.46

Release notes

Sourced from tar's releases.

0.4.46

Security

• archive: Fix another PAX header desync (GHSA-3cv2-h65g-fgmm) by @​cgwalters in composefs/tar-rs#454

See also GHSA-3cv2-h65g-fgmm

Other changes

• ci: Fix and re-enable reverse dependency testing by @​cgwalters in composefs/tar-rs#444
• Update astral-tokio-tar requirement from 0.5 to 0.6 by @​dependabot[bot] in composefs/tar-rs#446
• Update some links by @​atouchet in composefs/tar-rs#445
• Add support of absolute paths by @​zxvfc in composefs/tar-rs#426
• docs: Expand notes on concurrent mutations and following symlinks by @​cgwalters in composefs/tar-rs#453
• Update repo links by @​cgwalters in composefs/tar-rs#451
• ci: Add crates.io trusted publishing workflow by @​cgwalters in composefs/tar-rs#456
• Release 0.4.46 by @​cgwalters in composefs/tar-rs#455

New Contributors

• @​dependabot[bot] made their first contribution in composefs/tar-rs#446
• @​atouchet made their first contribution in composefs/tar-rs#445
• @​zxvfc made their first contribution in composefs/tar-rs#426

Full Changelog: composefs/tar-rs@0.4.45...0.4.46

Commits

• fc459c1 Release 0.4.46
• 43e05a8 ci: Add crates.io trusted publishing workflow
• bba5666 Update repo links
• cd94c46 docs: Document TOCTOU / concurrent-mutation threat model
• 1b4997c builder: Expand docs for follow_symlinks and append_dir_all
• bab14dd archive: Fix another PAX header desync (GHSA-3cv2-h65g-fgmm)
• 2349b49 Add support of absolute paths
• 39d0311 Update some links
• 59d803e Update astral-tokio-tar requirement from 0.5 to 0.6
• 8296b9a ci: Fix and re-enable reverse dependency testing (#444)
• See full diff in compare view

Updates tempfile from 3.19.0 to 3.27.0

Changelog

Sourced from tempfile's changelog.

3.27.0

This release adds TempPath::try_from_path and deprecates TempPath::from_path.

Prior to this release, TempPath::from_path made no attempts to convert relative paths into absolute paths. The following code would have deleted the wrong file:

let tmp_path = TempPath::from_path("foo")
std::env::set_current_dir("/some/other/path").unwrap();
drop(tmp_path);

Now:

1. TempPath::from_path will attempt to convert relative paths into absolute paths. However, this isn't always possible as we need to call std::env::current_dir, which can fail. If we fail to convert the relative path to an absolute path, we simply keep the relative path.
2. The TempPath::try_from_path behaves exactly like TempPath::from_path, except that it returns an error if we fail to convert a relative path into an absolute path (or if the passed path is empty).

Neither function attempt to verify the existence of the file in question.

Thanks to @​meng-xu-cs for reporting this issue.

3.26.0

• Support NamedTempFile::persist on RedoxOS (#393) (thanks to @​Andy-Python-Programmer).

3.25.0

• Allow getrandom 0.4.x while retaining support for getrandom 0.3.x.

3.24.0

• Actually support WASIp2 without the nightly feature. This library is now feature complete on WASIp2 without any additional feature flags.
• Exclude CI scripts from the published crate.

3.23.0

• Remove need for the "nightly" feature to compile with "wasip2".

3.22.0

• Updated windows-sys requirement to allow version 0.61.x
• Remove unstable-windows-keep-open-tempfile feature.

3.21.0

• Updated windows-sys requirement to allow version 0.60.x

3.20.0

This release mostly unifies the behavior/capabilities around "keeping" temporary files:

... (truncated)

Commits

• 5c8fa12 chore: release 3.27.0
• e34e574 test: disable uds conflict test on redox
• 772c795 test: add CWD guards
• 2632fb9 fix: resolve relative paths when constructing TempPath
• 929a112 chore: release 3.26.0
• 29d6ac5 Add Redox OS CI (#394)
• 375067f doc(README): document supported platforms
• d353717 feat(redox): implement persist() (#393)
• 64114d7 Fix typos in documentation (#392)
• 9a38b8d chore: release 3.25.0
• Additional commits viewable in compare view

Updates serde_yml from 0.0.12 to 0.0.13

Release notes

Sourced from serde_yml's releases.

v0.0.13 — Final release (deprecation shim, RUSTSEC-2025-0068 fixed)

⚠️ Final release — serde_yml is deprecated

This is the final maintenance release of serde_yml. The crate is no longer under active development. 0.0.13 is a thin compatibility shim that lets existing call sites keep compiling while you migrate to one of the maintained alternatives listed below.

If you are reading this because cargo audit flagged your build, upgrading to 0.0.13 resolves RUSTSEC-2025-0068 structurally — see Security below.

---

TL;DR

  # Cargo.toml
- serde_yml = "0.0"
+ serde_yml = "0.0.13"

Your existing call sites compile unchanged. The compiler now emits a #[deprecated] warning at every use serde_yml::* import pointing at the migration guide. The C-FFI libyml parser is no longer in your dependency graph.

When you're ready to fully migrate, see the migration guide.

---

Security: RUSTSEC-2025-0068 fixed

RUSTSEC-2025-0068 (also GHSA-hhw4-xg65-fp2x) flagged every serde_yml ≤ 0.0.12 as unsound — the serde_yml::ser::Serializer.emitter field could cause a segmentation fault via the C-FFI libyaml parser.

0.0.13 removes the vulnerable surface entirely:

• The C-FFI libyml dependency is gone from the graph.
• serde_yml::ser::Serializer is now a re-export of a pure-Rust unit struct (pub struct Serializer;) with no emitter field — code that referenced .emitter no longer compiles, which is the desired outcome.
• The backend (noyalib) enforces #![forbid(unsafe_code)] workspace-wide.

Verification:

cargo update -p serde_yml --precise 0.0.13
cargo tree -p serde_yml | grep libyml   # → no output

The RustSec advisory database PR adding patched = ["^0.0.13"] is pending review at rustsec/advisory-db#2915. Until it merges, cargo audit may still warn against 0.0.13 — the 0.0.13 release itself ships .cargo/audit.toml + deny.toml ignore entries so the self-referential warning doesn't block your own CI.

---

Maintained alte...

Description has been truncated

[dependabot]

Labels

The following labels could not be found: dependencies, rust. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.