From 8a0850d5d13c9078bc71a9015240283ead0dbf43 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 16 Dec 2024 03:25:52 +0000
Subject: [PATCH 01/10] chore(deps): Bump thiserror from 2.0.6 to 2.0.7 (#1617)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Bumps [thiserror](https://github.com/dtolnay/thiserror) from 2.0.6 to
2.0.7.
Release notes
Sourced from thiserror's
releases.
2.0.7
- Work around conflict with #[deny(clippy::allow_attributes)] (#397,
thanks
@zertosh)
Commits
9c0f2d2
Release 2.0.72deec96
Merge pull request 397 from zertosh/from_allow_expect100d916
Avoid associating #[from] with lint allow485c2b7
Reword spurious errors comment- See full diff in compare
view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
Cargo.lock | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/Cargo.lock b/Cargo.lock
index 222c2624e..112ed23bf 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2701,7 +2701,7 @@ dependencies = [
"static-files",
"subst",
"testcontainers-modules",
- "thiserror 2.0.6",
+ "thiserror 2.0.7",
"tilejson",
"tokio",
"tokio-postgres-rustls",
@@ -2746,7 +2746,7 @@ dependencies = [
"sqlite-compressions",
"sqlite-hashes",
"sqlx",
- "thiserror 2.0.6",
+ "thiserror 2.0.7",
"tilejson",
"tokio",
"xxhash-rust",
@@ -3617,7 +3617,7 @@ dependencies = [
"rustc-hash 2.0.0",
"rustls",
"socket2",
- "thiserror 2.0.6",
+ "thiserror 2.0.7",
"tokio",
"tracing",
]
@@ -3636,7 +3636,7 @@ dependencies = [
"rustls",
"rustls-pki-types",
"slab",
- "thiserror 2.0.6",
+ "thiserror 2.0.7",
"tinyvec",
"tracing",
"web-time",
@@ -4939,11 +4939,11 @@ dependencies = [
[[package]]
name = "thiserror"
-version = "2.0.6"
+version = "2.0.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8fec2a1820ebd077e2b90c4df007bebf344cd394098a13c563957d0afc83ea47"
+checksum = "93605438cbd668185516ab499d589afb7ee1859ea3d5fc8f6b0755e1c7443767"
dependencies = [
- "thiserror-impl 2.0.6",
+ "thiserror-impl 2.0.7",
]
[[package]]
@@ -4959,9 +4959,9 @@ dependencies = [
[[package]]
name = "thiserror-impl"
-version = "2.0.6"
+version = "2.0.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d65750cab40f4ff1929fb1ba509e9914eb756131cef4210da8d5d700d26f6312"
+checksum = "e1d8749b4531af2117677a5fcd12b1348a3fe2b81e36e61ffeac5c4aa3273e36"
dependencies = [
"proc-macro2",
"quote",
From e98ca0026431a4d09e8389491651d9409e1fb27d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 16 Dec 2024 03:28:15 +0000
Subject: [PATCH 02/10] chore(deps): Bump serde from 1.0.215 to 1.0.216 (#1620)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.215 to
1.0.216.
Release notes
Sourced from serde's
releases.
v1.0.216
- Mark all generated impls with #[automatically_derived] to exclude
from code coverage (#2866,
#2868,
thanks
@tdittr)
Commits
ad8dd41
Release 1.0.216f91d2ed
Merge pull request #2868
from dtolnay/automaticallyderived9497463
Mark all generated trait impls as #[automatically_derived]46e9ecf
Merge pull request #2866
from tdittr/mark-visitors-as-generatede9c399c
Mark generated impl de::Visitor blocks as
#[automatically_derived]b9dbfcb
Switch out fnv in favor of foldhash in testc270e27
Use BuildHasher instead of Hasher in collection macros0307f60
Resolve question_mark clippy lint in build script- See full diff in compare
view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
Cargo.lock | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/Cargo.lock b/Cargo.lock
index 112ed23bf..1020d15e9 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -4180,18 +4180,18 @@ checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b"
[[package]]
name = "serde"
-version = "1.0.215"
+version = "1.0.216"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6513c1ad0b11a9376da888e3e0baa0077f1aed55c17f50e7b2397136129fb88f"
+checksum = "0b9781016e935a97e8beecf0c933758c97a5520d32930e460142b4cd80c6338e"
dependencies = [
"serde_derive",
]
[[package]]
name = "serde_derive"
-version = "1.0.215"
+version = "1.0.216"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ad1e866f866923f252f05c889987993144fb74e722403468a4ebd70c3cd756c0"
+checksum = "46f859dbbf73865c6627ed570e78961cd3ac92407a2d117204c49232485da55e"
dependencies = [
"proc-macro2",
"quote",
From 1f38f1c1ad7cb657f128068d4572a221b5178e6b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 16 Dec 2024 03:30:16 +0000
Subject: [PATCH 03/10] chore(deps): Bump semver from 1.0.23 to 1.0.24 (#1621)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Bumps [semver](https://github.com/dtolnay/semver) from 1.0.23 to 1.0.24.
Release notes
Sourced from semver's
releases.
1.0.24
- Optimize Ord impls for semver::Prerelease and semver::BuildMetadata
(#328,
thanks
@Eh2406)
Commits
6f4069d
Release 1.0.24d03aba3
Touch up PR 328238757d
Merge pull request #328
from Eh2406/master75856ef
faster Ord when Eq89504eb
Prevent upload-artifact step from causing CI failured1b17a9
Upload CI Cargo.lock for reproducing failures4ea60ae
Resolve doc_lazy_continuation clippy lintf96f9d8
Merge pull request #319
from dtolnay/docsrsfc5c98d
Rely on docs.rs to define --cfg=docsrs by default- See full diff in compare
view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
Cargo.lock | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/Cargo.lock b/Cargo.lock
index 1020d15e9..d9f58a1ce 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -4174,9 +4174,9 @@ dependencies = [
[[package]]
name = "semver"
-version = "1.0.23"
+version = "1.0.24"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b"
+checksum = "3cb6eb87a131f756572d7fb904f6e7b68633f09cca868c5df1c4b8d1a694bbba"
[[package]]
name = "serde"
From 5db41266589f828f2f23297fd7c3e5941a4591b8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 16 Dec 2024 03:47:48 +0000
Subject: [PATCH 04/10] chore(deps): Bump subst from 0.3.5 to 0.3.7 (#1619)
Bumps [subst](https://github.com/fizyr/subst) from 0.3.5 to 0.3.7.
Changelog
Sourced from subst's
changelog.
Version 0.3.7 - 2024-12-13
- [fix][minor] Fix violation of aliasing rules in
TemplateBuf and ByteTemplateBuf.
Version 0.3.6 - 2024-12-13
- [fix][minor] Fix unsound
Clone and Drop
implementation of TemplateBuf and
ByteTemplateBuf.
Commits
ba5fd8d
Bump version to 0.3.7.f973c98
Update CHANGELOG.6f823fa
Replace manual transmute with transmute_lifetime().200c432
Merge pull request #28 from
sebschrader/feature/fix-self-referential-ub0b7314c
Merge branch 'main' into feature/fix-self-referential-ub07bccd5
Revert "Ensure references remain valid after source is
moved"2ba38d8
Merge pull request #30 from
fizyr/no-aliasing28b2e9f
Store the wrapped template of TemplateBuf in MaybeUninit.1aadd38
Add more test for possible undefined behaviour in TemplateBuf.7d0a5fe
Run miri in CI.- Additional commits viewable in compare
view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
Cargo.lock | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/Cargo.lock b/Cargo.lock
index d9f58a1ce..0e7cabb44 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -4774,9 +4774,9 @@ dependencies = [
[[package]]
name = "subst"
-version = "0.3.5"
+version = "0.3.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7a3c1ba4fd019bc866333a61fe205fc9b686e3cf5971dd8dfc116657d933031c"
+checksum = "33e7942675ea19db01ef8cf15a1e6443007208e6c74568bd64162da26d40160d"
dependencies = [
"memchr",
"serde",
From ae2119439375251094f9a41ba0216850c166739e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 16 Dec 2024 03:51:53 +0000
Subject: [PATCH 05/10] chore(deps): Bump rustls from 0.23.19 to 0.23.20
(#1618)
Bumps [rustls](https://github.com/rustls/rustls) from 0.23.19 to
0.23.20.
Commits
b4628c7
rustls-post-quantum: revert version to 0.2.024d08f3
rustls-post-quantum: adjust head doc179592f
verifybench.rs: nightly fmtef3fc21
nit: remove trailing space from doc comments00a3ddb
fix rustls-provider-example hpke no-std support2f74c3d
server: remove ClientHello constructor3ba5167
ci: adjust ech-client daily testsf5aeb39
examples: use inner hostname in HTTPS DNS querye232bca
openssl-tests: install openssl from source43cbebb
unbuffered: add regression tests for fragmented handshakes- Additional commits viewable in compare
view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
Cargo.lock | 12 ++++++------
Cargo.toml | 2 +-
2 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/Cargo.lock b/Cargo.lock
index 0e7cabb44..2f38839a8 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1406,7 +1406,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "33d852cb9b869c2a9b3df2f71a3074817f01e1844f839a144f5fcef059a4eb5d"
dependencies = [
"libc",
- "windows-sys 0.52.0",
+ "windows-sys 0.59.0",
]
[[package]]
@@ -3653,7 +3653,7 @@ dependencies = [
"once_cell",
"socket2",
"tracing",
- "windows-sys 0.52.0",
+ "windows-sys 0.59.0",
]
[[package]]
@@ -4011,9 +4011,9 @@ dependencies = [
[[package]]
name = "rustls"
-version = "0.23.19"
+version = "0.23.20"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "934b404430bb06b3fae2cba809eb45a1ab1aecd64491213d7c3301b88393f8d1"
+checksum = "5065c3f250cbd332cd894be57c40fa52387247659b14a2d6041d121547903b1b"
dependencies = [
"aws-lc-rs",
"log",
@@ -4887,7 +4887,7 @@ dependencies = [
"fastrand",
"once_cell",
"rustix",
- "windows-sys 0.52.0",
+ "windows-sys 0.59.0",
]
[[package]]
@@ -5702,7 +5702,7 @@ version = "0.1.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cf221c93e13a30d793f7645a0e7762c55d169dbb0a49671918a2319d289b10bb"
dependencies = [
- "windows-sys 0.48.0",
+ "windows-sys 0.59.0",
]
[[package]]
diff --git a/Cargo.toml b/Cargo.toml
index 96451cdc3..7ebad416a 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -66,7 +66,7 @@ pprof = { version = "0.13", features = ["flamegraph", "criterion"] }
pretty_assertions = "1"
regex = "1"
rstest = "0.23"
-rustls = "0.23.19"
+rustls = "0.23.20"
# ring feature does not require NASM windows executable, but works slower
#rustls = { version = "0.23", default-features = false, features = ["logging", "std", "tls12", "ring"] }
rustls-native-certs = "0.8"
From 85a0338ccd775a36e9b1577da04cdf224de592db Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 16 Dec 2024 09:31:55 +0000
Subject: [PATCH 06/10] chore(deps): Bump tokio from 1.41.1 to 1.42.0 (#1604)
Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.41.1 to 1.42.0.
Release notes
Sourced from tokio's
releases.
Tokio v1.42.0
1.42.0 (Dec 3rd, 2024)
Added
- io: add
AsyncFd::{try_io, try_io_mut} (#6967)
Fixed
- io: avoid
ptr->ref->ptr roundtrip in
RegistrationSet (#6929)
- runtime: do not defer
yield_now inside
block_in_place (#6999)
Changes
- io: simplify io readiness logic (#6966)
Documented
- net: fix docs for
tokio::net::unix::{pid_t, gid_t,
uid_t} (#6791)
- time: fix a typo in
Instant docs (#6982)
#6791:
tokio-rs/tokio#6791
#6929:
tokio-rs/tokio#6929
#6966:
tokio-rs/tokio#6966
#6967:
tokio-rs/tokio#6967
#6982:
tokio-rs/tokio#6982
#6999:
tokio-rs/tokio#6999
Commits
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
Cargo.lock | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/Cargo.lock b/Cargo.lock
index 2f38839a8..36d408f67 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2562,7 +2562,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4979f22fdb869068da03c9f7528f8297c6fd2606bc3a4affe42e6a823fdb8da4"
dependencies = [
"cfg-if",
- "windows-targets 0.52.6",
+ "windows-targets 0.48.5",
]
[[package]]
@@ -5095,9 +5095,9 @@ dependencies = [
[[package]]
name = "tokio"
-version = "1.41.1"
+version = "1.42.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "22cfb5bee7a6a52939ca9224d6ac897bb669134078daa8735560897f69de4d33"
+checksum = "5cec9b21b0450273377fc97bd4c33a8acffc8c996c987a7c5b319a0083707551"
dependencies = [
"backtrace",
"bytes",
From 4678a69a9c1cd6d06923fa9ec06987bd5b5db1d5 Mon Sep 17 00:00:00 2001
From: verma nakul
Date: Mon, 16 Dec 2024 15:07:32 +0530
Subject: [PATCH 07/10] feat: Updating Group dependency for GitHub Actions and
Cargo (#1623)
### What does this PR do?
Updating the `.github/dependabot.yml` file to group dependency updates
for:
- GitHub Actions: All updates will now be grouped under a single PR
using the `all-actions` group.
- Cargo: Updates will be batched into a single PR using the `all-cargo`
group.
### Which issue does this PR Fixes?
- Fixes #1622
---------
Co-authored-by: Lucas
Co-authored-by: Frank Elsinga
---
.github/dependabot.yml | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index ce9e973a2..8212356a9 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -5,9 +5,27 @@ updates:
directory: "/"
schedule:
interval: "daily"
+ groups:
+ all-actions-version-updates:
+ applies-to: version-updates
+ patterns:
+ - "*"
+ all-actions-security-updates:
+ applies-to: security-updates
+ patterns:
+ - "*"
- package-ecosystem: cargo
directory: "/"
schedule:
interval: daily
time: "02:00"
open-pull-requests-limit: 10
+ groups:
+ all-cargo-version-updates:
+ applies-to: version-updates
+ patterns:
+ - "*"
+ all-cargo-security-updates:
+ applies-to: security-updates
+ patterns:
+ - "*"
From 099a6c862f6ff8a0b61b8fa9a931d29a33018be5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 19 Dec 2024 02:48:43 +0000
Subject: [PATCH 08/10] chore(deps): Bump the all-cargo-version-updates group
with 2 updates (#1624)
Bumps the all-cargo-version-updates group with 2 updates:
[deadpool-postgres](https://github.com/bikeshedder/deadpool) and
[thiserror](https://github.com/dtolnay/thiserror).
Updates `deadpool-postgres` from 0.14.0 to 0.14.1
Commits
b438af3
Release deadpool-postgres 0.14.12aed3a4
Add missing re-export of LoadBalanceHostsac5d03d
Allow configuring Redis connections via AsyncConnectionConfigeadd120
replaced private sentinel_connection_info field with public
node_connection_i...9862d3f
Update Cargo.tomlecdaea2
Fix links in CHANGELOG3881487
Release deadpool-sqlite 0.9.0ed5b13b
Release deadpool-redis 0.18.03f7dcbe
Update itertools to version 0.13.08556502
Update Redis to 0.27.- Additional commits viewable in compare
view
Updates `thiserror` from 2.0.7 to 2.0.8
Release notes
Sourced from thiserror's
releases.
2.0.8
- Improve support for macro-generated
derive(Error) call
sites (#399)
Commits
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore ` will
remove the ignore condition of the specified dependency and ignore
conditions
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
Cargo.lock | 22 +++++++++++-----------
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/Cargo.lock b/Cargo.lock
index 36d408f67..a95fb2e18 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1185,9 +1185,9 @@ dependencies = [
[[package]]
name = "deadpool-postgres"
-version = "0.14.0"
+version = "0.14.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1ab8a4ea925ce79678034870834602a2980f4b88c09e97feb266496dbb4493d2"
+checksum = "3d697d376cbfa018c23eb4caab1fd1883dd9c906a8c034e8d9a3cb06a7e0bef9"
dependencies = [
"async-trait",
"deadpool",
@@ -2701,7 +2701,7 @@ dependencies = [
"static-files",
"subst",
"testcontainers-modules",
- "thiserror 2.0.7",
+ "thiserror 2.0.8",
"tilejson",
"tokio",
"tokio-postgres-rustls",
@@ -2746,7 +2746,7 @@ dependencies = [
"sqlite-compressions",
"sqlite-hashes",
"sqlx",
- "thiserror 2.0.7",
+ "thiserror 2.0.8",
"tilejson",
"tokio",
"xxhash-rust",
@@ -3617,7 +3617,7 @@ dependencies = [
"rustc-hash 2.0.0",
"rustls",
"socket2",
- "thiserror 2.0.7",
+ "thiserror 2.0.8",
"tokio",
"tracing",
]
@@ -3636,7 +3636,7 @@ dependencies = [
"rustls",
"rustls-pki-types",
"slab",
- "thiserror 2.0.7",
+ "thiserror 2.0.8",
"tinyvec",
"tracing",
"web-time",
@@ -4939,11 +4939,11 @@ dependencies = [
[[package]]
name = "thiserror"
-version = "2.0.7"
+version = "2.0.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "93605438cbd668185516ab499d589afb7ee1859ea3d5fc8f6b0755e1c7443767"
+checksum = "08f5383f3e0071702bf93ab5ee99b52d26936be9dedd9413067cbdcddcb6141a"
dependencies = [
- "thiserror-impl 2.0.7",
+ "thiserror-impl 2.0.8",
]
[[package]]
@@ -4959,9 +4959,9 @@ dependencies = [
[[package]]
name = "thiserror-impl"
-version = "2.0.7"
+version = "2.0.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e1d8749b4531af2117677a5fcd12b1348a3fe2b81e36e61ffeac5c4aa3273e36"
+checksum = "f2f357fcec90b3caef6623a099691be676d033b40a058ac95d2a6ade6fa0c943"
dependencies = [
"proc-macro2",
"quote",
From 321b7f06bcf9eac6c7ea74c5a1e24343443aeed6 Mon Sep 17 00:00:00 2001
From: Frank Elsinga
Date: Fri, 20 Dec 2024 00:36:21 +0100
Subject: [PATCH 09/10] temporary disable macos-13 testcase (#1626)
---
.github/workflows/ci.yml | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 38c8147b7..1f0926877 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -318,8 +318,9 @@ jobs:
fail-fast: true
matrix:
include:
- - target: x86_64-apple-darwin
- os: macos-13
+ # temporary disabled due to an issue with homebrew which is difficult to debug
+ # - target: x86_64-apple-darwin
+ # os: macos-13
- target: x86_64-pc-windows-msvc
os: windows-latest
ext: '.exe'
From 40fe091c4469d582c8ae28cd420d88ce4ac313ff Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 20 Dec 2024 02:47:56 +0000
Subject: [PATCH 10/10] chore(deps): Bump xxhash-rust from 0.8.12 to 0.8.13 in
the all-cargo-version-updates group (#1628)
Bumps the all-cargo-version-updates group with 1 update:
[xxhash-rust](https://github.com/DoumanAsh/xxhash-rust).
Updates `xxhash-rust` from 0.8.12 to 0.8.13
Commits
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore ` will
remove the ignore condition of the specified dependency and ignore
conditions
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
Cargo.lock | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/Cargo.lock b/Cargo.lock
index a95fb2e18..3dd8eb7f7 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -5965,9 +5965,9 @@ checksum = "ec7a2a501ed189703dba8b08142f057e887dfc4b2cc4db2d343ac6376ba3e0b9"
[[package]]
name = "xxhash-rust"
-version = "0.8.12"
+version = "0.8.13"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6a5cbf750400958819fb6178eaa83bee5cd9c29a26a40cc241df8c70fdd46984"
+checksum = "a08fd76779ae1883bbf1e46c2c46a75a0c4e37c445e68a24b01479d438f26ae6"
[[package]]
name = "yansi"