chore(deps): bump the prod-dependencies group across 1 directory with 40 updates

[dependabot]

Bumps the prod-dependencies group with 40 updates in the / directory:

Package	From	To
anyhow	1.0.98	1.0.100
async-trait	0.1.83	0.1.89
chrono	0.4.38	0.4.43
clap	4.5.41	4.5.55
colored	2.1.0	3.1.1
derive_builder	0.20.1	0.20.2
directories	5.0.1	6.0.0
educe	0.5.11	0.6.0
fake	2.10.0	4.4.0
gethostname	0.4.3	1.1.0
glob	0.3.1	0.3.3
human-panic	2.0.2	2.0.6
ignore	0.4.23	0.4.25
inquire	0.6.2	0.9.2
itertools	0.13.0	0.14.0
jsonschema	0.30.0	0.33.0
jsonwebtoken	10.2.0	10.3.0
minijinja	2.3.1	2.15.1
mockall	0.12.1	0.14.0
normpath	1.3.0	1.5.0
pathdiff	0.2.2	0.2.3
petgraph	0.6.5	0.8.3
regex	1.11.1	1.12.2
reqwest	0.12.9	0.12.28
secrecy	0.8.0	0.10.3
sha256	1.5.0	1.6.0
shellexpand	3.1.0	3.1.1
strip-ansi-escapes	0.2.0	0.2.1
strum	0.26.3	0.27.2
thiserror	1.0.69	2.0.12
time	0.3.41	0.3.46
tokio	1.46.1	1.49.0
tonic	0.14.2	0.14.3
tracing-appender	0.2.3	0.2.4
which	6.0.3	8.0.0
assert_cmd	2.0.16	2.1.2
assert_fs	1.1.2	1.1.3
escargot	0.5.12	0.5.15
predicates	3.1.2	3.1.3
tempfile	3.20.0	3.24.0

Updates anyhow from 1.0.98 to 1.0.100

Release notes

Sourced from anyhow's releases.

1.0.100

• Teach clippy to lint formatting arguments in bail!, ensure!, anyhow! (#426)

1.0.99

• Allow build-script cleanup failure with NFSv3 output directory to be non-fatal (#420)

Commits

• 18c2598 Release 1.0.100
• f271988 Merge pull request #426 from dtolnay/clippyfmt
• 52f2115 Mark macros with clippy::format_args
• da5fd9d Raise minimum tested compiler to rust 1.76
• 211e409 Opt in to generate-macro-expansion when building on docs.rs
• b48fc02 Enforce trybuild >= 1.0.108
• d5f59fb Update ui test suite to nightly-2025-09-07
• 238415d Update ui test suite to nightly-2025-08-24
• 3bab070 Update actions/checkout@v4 -> v5
• 4249254 Order cap-lints flag in the same order as thiserror build script
• Additional commits viewable in compare view

Updates async-trait from 0.1.83 to 0.1.89

Release notes

Sourced from async-trait's releases.

0.1.89

• Improve IDE functionality (#293, thanks @​Veykril)

0.1.88

• Fix lifetime bounding on generic parameters that have cfg (#289)

0.1.87

• Documentation improvements

0.1.86

• Documentation improvements

0.1.85

• Omit Self: 'async_trait bound in impl when not needed by signature (#284)

0.1.84

• Support impl Trait in return type (#282)

Commits

• a7e91e9 Release 0.1.89
• fbcfcac Merge pull request 293 from Veykril/lw/quote_spanned
• fd93990 Improve use of spans in quote_spanned
• a5093fe Add type-mismatch ui test
• 6d12b44 Revert "Pin nightly toolchain used for miri job"
• dd9e4ba Hide unused_variables warning in consider-restricting.rs ui test
• b454fc8 Update ui test suite to nightly-2025-08-03
• 9c880e8 Update ui test suite to nightly-2025-07-30
• 7ca751d Ignore unused_parens warning in test
• 2bccfeb Update ui test suite to nightly-2025-05-28
• Additional commits viewable in compare view

Updates chrono from 0.4.38 to 0.4.43

Release notes

Sourced from chrono's releases.

0.4.43

What's Changed

• Install extra components for lint workflow by @​djc in chronotope/chrono#1741
• Upgrade windows-bindgen to 0.64 by @​djc in chronotope/chrono#1742
• Improve windows-bindgen setup by @​djc in chronotope/chrono#1744
• Drop stabilized feature doc_auto_cfg by @​djc in chronotope/chrono#1745
• Faster RFC 3339 parsing by @​djc in chronotope/chrono#1748
• Update windows-bindgen requirement from 0.64 to 0.65 by @​dependabot[bot] in chronotope/chrono#1751
• add NaiveDate::abs_diff by @​Kinrany in chronotope/chrono#1752
• Add feature gated defmt support. by @​pebender in chronotope/chrono#1747
• Drop deny lints, eager Debug impls are a mixed blessing by @​djc in chronotope/chrono#1753
• chore: minor improvement for docs by @​spuradage in chronotope/chrono#1756
• Added doctest for the NaiveDate years_since function by @​LucasBou in chronotope/chrono#1755
• Prepare 0.4.43 by @​djc in chronotope/chrono#1765
• Update copyright year to 2026 in LICENSE.txt by @​taozui472 in chronotope/chrono#1767

0.4.42

What's Changed

• Add fuzzer for DateTime::parse_from_str by @​tyler92 in chronotope/chrono#1700
• Fix wrong amount of micro/milliseconds by @​nmlt in chronotope/chrono#1703
• Add warning about MappedLocalTime and wasm by @​lutzky in chronotope/chrono#1702
• Fix incorrect parsing of fixed-length second fractions by @​chris-leach in chronotope/chrono#1705
• Fix cfgs for wasm32-linux support by @​arjunr2 in chronotope/chrono#1707
• Fix OpenHarmony's tzdata parsing by @​ldm0 in chronotope/chrono#1679
• Convert NaiveDate to/from days since unix epoch by @​findepi in chronotope/chrono#1715
• Add ?Sized bound to related methods of DelayedFormat::write_to by @​Huliiiiii in chronotope/chrono#1721
• Add from_timestamp_secs method to DateTime by @​jasonaowen in chronotope/chrono#1719
• Migrate to core::error::Error by @​benbrittain in chronotope/chrono#1704
• Upgrade to windows-bindgen 0.63 by @​djc in chronotope/chrono#1730
• strftime: simplify error handling by @​djc in chronotope/chrono#1731

v0.4.41

What's Changed

• Add subsec_micros and subsec_millis methods to TimeDelta by @​ggoetz in chronotope/chrono#1668
• Deprecate NaiveDateTime::UNIX_EPOCH by @​robertbastian in chronotope/chrono#1670
• Implement as_seconds_f32 and as_seconds_f64 for TimeDelta by @​ggoetz in chronotope/chrono#1671
• chore: fix some comments by @​jimmycathy in chronotope/chrono#1677
• Add num_days_in_month method to Datelike trait by @​aslilac in chronotope/chrono#1673
• add WeekdaySet, a collection of Weekday that is Copy by @​Kinrany in chronotope/chrono#1676
• WeekdaySet tweaks by @​djc in chronotope/chrono#1680
• Upgrade to windows-bindgen 0.61 by @​djc in chronotope/chrono#1682
• Implemented a consistent Eq trait for NaiveWeek by @​Splashling1789 in chronotope/chrono#1687
• TimeZone::from_posix_tz: Treat empty TZ variable as UTC by @​drinkcat in chronotope/chrono#1691
• Add support for lossy format strings by @​Qelxiros in chronotope/chrono#1693

0.4.40

What's Changed

... (truncated)

Commits

• 45caaa9 Update copyright year to 2026 in LICENSE.txt
• 1c0b8f0 Bump version to 0.4.43
• a03e43b Upgrade windows-bindgen to 0.66
• 4fedaba Ignore bincode advisory
• f4b7bbd Bump actions/checkout from 5 to 6
• db12973 Added doctest for the NaiveDate years_since function (#1755)
• 34b5f49 chore: minor improvement for docs
• 8c82711 Bump actions/setup-node from 5 to 6
• ea1f11b Drop deny lints, eager Debug impls are a mixed blessing
• 35f9f2d Add feature gated defmt support.
• Additional commits viewable in compare view

Updates clap from 4.5.41 to 4.5.55

Release notes

Sourced from clap's releases.

v4.5.55

[4.5.55] - 2026-01-27

Fixes

• Fix inconsistency in precedence between positionals with a value_terminator("--") and escapes (--) where ./foo -- bar means the first arg is empty, rather than escaping future args

v4.5.54

[4.5.54] - 2026-01-02

Fixes

• (help) Move [default] to its own paragraph when PossibleValue::help is present in --help

v4.5.53

[4.5.53] - 2025-11-19

Features

• Add default_values_if, default_values_ifs

v4.5.52

[4.5.52] - 2025-11-17

Fixes

• Don't panic when args_conflicts_with_subcommands conflicts with an ArgGroup

v4.5.51

[4.5.51] - 2025-10-29

Fixes

• (help) Correctly calculate padding for short flags that take a value
• (help) Don't panic on short flags using ArgAction::Count

v4.5.50

[4.5.50] - 2025-10-20

Features

• Accept Cow where String and &str are accepted

v4.5.48

[4.5.48] - 2025-09-19

Documentation

• Add a new CLI Concepts document as another way of framing clap
• Expand the typed_derive cookbook entry

... (truncated)

Changelog

Sourced from clap's changelog.

[4.5.55] - 2026-01-27

Fixes

• Fix inconsistency in precedence between positionals with a value_terminator("--") and escapes (--) where ./foo -- bar means the first arg is empty, rather than escaping future args

[4.5.54] - 2026-01-02

Fixes

• (help) Move [default] to its own paragraph when PossibleValue::help is present in --help

[4.5.53] - 2025-11-19

Features

• Add default_values_if, default_values_ifs

[4.5.52] - 2025-11-17

Fixes

• Don't panic when args_conflicts_with_subcommands conflicts with an ArgGroup

[4.5.51] - 2025-10-29

Fixes

• (help) Correctly calculate padding for short flags that take a value
• (help) Don't panic on short flags using ArgAction::Count

[4.5.50] - 2025-10-20

Features

• Accept Cow where String and &str are accepted

[4.5.49] - 2025-10-13

Fixes

• (help) Correctly wrap when ANSI escape codes are present

[4.5.48] - 2025-09-19

Documentation

• Add a new CLI Concepts document as another way of framing clap
• Expand the typed_derive cookbook entry

... (truncated)

Commits

• 4c03930 chore: Release
• fb948a2 docs: Update changelog
• 0f60239 Merge pull request #6057 from GilShoshan94/master
• 83d4206 test: Update fixture to cover all cases + styling
• b13274d fix: Rename pvs to dvs for default values
• df92ea0 feat(help): Allow styling for inline context
• 0e535e5 chore(deps): Update compatible (dev) (#6054)
• de57287 chore(deps): Update Rust Stable to v1.88 (#6048)
• 5504a13 Merge pull request #6047 from clap-rs/revert-6045-cleanup-docsrs
• c1c243c Revert "Cleanup docs.rs related issues"
• Additional commits viewable in compare view

Updates colored from 2.1.0 to 3.1.1

Release notes

Sourced from colored's releases.

v3.1.1

No release notes provided.

v3.1.0

No release notes provided.

v3.0.0

• [BREAKING CHANGE]: Upgrade MSRV to 1.80 and remove the then unnecessary lazy_static dependency.

v2.2.0

No release notes provided.

Changelog

Sourced from colored's changelog.

Unreleased

• Added methods ansi_color and on_ansi_color to Colorize.

3.0.0

• [BREAKING CHANGE]: Upgrade MSRV to 1.80 and remove the then unnecessary lazy_static dependency.

2.2.0

• Updated top-level docs to include a note about ColoredString's role in the Colorize pipeline as well as link to it to suggest learning more about how to manipulate existing ColoredString's.
• Changes to ColoredString:
  • Expose fields.
  • [DEPRECATION]: Deprecated methods fgcolor, bgcolor, and style due to their obsolescence in the face of the exposing of their represented fields.
  • Add methods for clearing specific elements of fgcolor, bgcolor, and style.
  • Change Default implementation to be via derive as Style now implements Default (see changes to Style below).
  • Add implementation of DerefMut.
  • Updated docs to reflect the above changes as well as generally greatly expand them.
• Changes to Style:
  • Implemented Default for Style (returns CLEAR). This exposes a method by which users can create plain Style's from scratch.
  • Implemented From<Styles> for Style. This lets users easily create Style's from specific styles.
  • Exposed previously private method add.
  • Created method remove which essentially does the opposite.
  • Added builder-style methods in the vein of Colorize to add stylings (e.g. bold, underline, italic, strikethrough).
  • Implemented bitwise operators BitAnd, BitOr, BitXor, and Not as well as their representative assignment operators. You can also use a Styles as an operand for these.
  • Implemented FromIterator<Styles> for Style.
• Changes to Styles:
  • Implemented bitwise operators BitAnd, BitOr, BitXor, and Not which all combine Styles's and output Style's. These can also take a Style as an operand.
• Added additional testing for all of the above changes.
• Added methods with_style and with_color_and_style to Colorize.

Commits

• 5204a26 3.1.1
• 49392a3 Limit to 5 keywords
• b791685 3.1.0
• 9a83121 Allow windows-sys 0.61 to be used (#218)
• 192598d Clean up Colorize trait
• ec013ae chore: minor improvement for docs (#212)
• 5bc198b Replace 'ansi_term' dev-dependency with 'ansiterm' (#209)
• a21367d Allow windows-sys 0.60 to be used (#206)
• 9450fea Fix clippy warning (#207)
• 68761c1 README: use the latest v3.0 version for example (#204)
• Additional commits viewable in compare view

Updates derive_builder from 0.20.1 to 0.20.2

Release notes

Sourced from derive_builder's releases.

v0.20.2

• Allow unquoted expressions in builder(default = ...) #331

Commits

• fc18dd2 Bump version to 0.20.2
• b809d0e add documentation for private build method
• 65c87d3 Skip rustfmt for manually-written output
• d2efc54 Remove DeprecationNotes feature
• 2418ab4 Allow unquoted expressions in default = ...
• 1203dfa Fix compiletest error message
• 5cca75a Remove last pretty_assertions dependency
• fdc50aa Remove prettyassertions
• 0a163af Fix nightly clippy violation
• be3795e Bump darling version to fix clippy issue
• Additional commits viewable in compare view

Updates directories from 5.0.1 to 6.0.0

Commits

• See full diff in compare view

Updates educe from 0.5.11 to 0.6.0

Commits

• bc05181 bump version
• b867288 Merge branch 'ijackson-leaking-bounds'
• 3f98647 Merge branch 'leaking-bounds' of github.com:ijackson/rust-educe into ijackson...
• 47bd92f update doc
• f962522 bump version
• 9e23e34 Merge branch 'ijackson-all-bounds'
• b7567cb Merge branch 'all-bounds' of github.com:ijackson/rust-educe into ijackson-all...
• fca9263 fix the bound_4 test case in ord_struct
• e40c20e add an empty line
• 63114a8 fix the bound_4 test case in partial_ord_struct
• Additional commits viewable in compare view

Updates fake from 2.10.0 to 4.4.0

Release notes

Sourced from fake's releases.

v4.4.0

What's Changed

• Upgrade to latest glam by @​thomas-tribus in cksac/fake-rs#235
• Adds markdown types to available options by @​ChangedNameTo in cksac/fake-rs#236
• Update the README.md for markdown by @​ChangedNameTo in cksac/fake-rs#237
• Add locale cy_gb meaning Cymraeg (Welsh) for Great Britain by @​joelparkerhenderson in cksac/fake-rs#240
• feat(fr_fr): Add address postcode and timezone by @​Theo-Fourniez in cksac/fake-rs#242
• Fixed test failures by @​ChangedNameTo in cksac/fake-rs#243
• Add support for ferroid ID types by @​s0l0ist in cksac/fake-rs#247
• add more professions by @​t-webber in cksac/fake-rs#249
• support either crate
• fix geo

New Contributors

• @​ChangedNameTo made their first contribution in cksac/fake-rs#236
• @​joelparkerhenderson made their first contribution in cksac/fake-rs#240
• @​Theo-Fourniez made their first contribution in cksac/fake-rs#242
• @​s0l0ist made their first contribution in cksac/fake-rs#247
• @​t-webber made their first contribution in cksac/fake-rs#249

Full Changelog: cksac/fake-rs@v4.3.0...v4.4.0

v4.3.0

No release notes provided.

v3.2.0

No release notes provided.

v3.1.0

No release notes provided.

Commits

• See full diff in compare view

Updates gethostname from 0.4.3 to 1.1.0

Updates glob from 0.3.1 to 0.3.3

Release notes

Sourced from glob's releases.

v0.3.3

• Optimize memory allocations (#147)
• Bump the MSRV to 1.63 (#172)
• Fix spelling in pattern documentation (#164)
• Fix version numbers and some formatting (#157)
• Style fixes (#137)

v0.3.2

What's Changed

• Add fs::symlink_metadata to detect broken symlinks by @​kyoheiu in rust-lang/glob#105
• Add support for windows verbatim disk paths by @​nico-abram in rust-lang/glob#112
• Respect require_literal_leading_dot option in glob_with method for path components by @​JohnTitor in rust-lang/glob#128
• Harden tests for symlink by @​JohnTitor in rust-lang/glob#127
• Remove "extern crate" directions from README by @​zmitchell in rust-lang/glob#131
• Add FIXME for tempdir by @​JohnTitor in rust-lang/glob#126
• Cache information about file type by @​Kobzol in rust-lang/glob#135
• Document the behaviour of ** with files by @​Wilfred in rust-lang/glob#138
• Add dependabot by @​oriontvv in rust-lang/glob#139
• Bump actions/checkout from 3 to 4 by @​dependabot in rust-lang/glob#140
• Check only (no longer test) at the MSRV by @​tgross35 in rust-lang/glob#151
• Add release-plz for automated releases by @​tgross35 in rust-lang/glob#150

New Contributors

• @​kyoheiu made their first contribution in rust-lang/glob#105
• @​nico-abram made their first contribution in rust-lang/glob#112
• @​zmitchell made their first contribution in rust-lang/glob#131
• @​Kobzol made their first contribution in rust-lang/glob#135
• @​Wilfred made their first contribution in rust-lang/glob#138
• @​oriontvv made their first contribution in rust-lang/glob#139
• @​dependabot made their first contribution in rust-lang/glob#140
• @​tgross35 made their first contribution in rust-lang/glob#151

Full Changelog: rust-lang/glob@0.3.1...v0.3.2

Changelog

Sourced from glob's changelog.

0.3.3 - 2025-08-11

• Optimize memory allocations (#147)
• Bump the MSRV to 1.63 (#172)
• Fix spelling in pattern documentation (#164)
• Fix version numbers and some formatting (#157)
• Style fixes (#137)

0.3.2 - 2024-12-28

What's Changed

• Add fs::symlink_metadata to detect broken symlinks by @​kyoheiu in rust-lang/glob#105
• Add support for windows verbatim disk paths by @​nico-abram in rust-lang/glob#112
• Respect require_literal_leading_dot option in glob_with method for path components by @​JohnTitor in rust-lang/glob#128
• Harden tests for symlink by @​JohnTitor in rust-lang/glob#127
• Remove "extern crate" directions from README by @​zmitchell in rust-lang/glob#131
• Add FIXME for tempdir by @​JohnTitor in rust-lang/glob#126
• Cache information about file type by @​Kobzol in rust-lang/glob#135
• Document the behaviour of ** with files by @​Wilfred in rust-lang/glob#138
• Add dependabot by @​oriontvv in rust-lang/glob#139
• Bump actions/checkout from 3 to 4 by @​dependabot in rust-lang/glob#140
• Check only (no longer test) at the MSRV by @​tgross35 in rust-lang/glob#151
• Add release-plz for automated releases by @​tgross35 in rust-lang/glob#150

New Contributors

• @​kyoheiu made their first contribution in rust-lang/glob#105
• @​nico-abram made their first contribution in rust-lang/glob#112
• @​zmitchell made their first contribution in rust-lang/glob#131
• @​Kobzol made their first contribution in rust-lang/glob#135
• @​Wilfred made their first contribution in rust-lang/glob#138
• @​oriontvv made their first contribution in rust-lang/glob#139
• @​dependabot made their first contribution in rust-lang/glob#140
• @​tgross35 made their first contribution in rust-lang/glob#151

Full Changelog: rust-lang/glob@0.3.1...0.3.2

Commits

• 952da29 chore: release v0.3.3 (#155)
• bfcd9a4 Optimize memory allocations (#147)
• e78862d Bump the MSRV to 1.63 (#172)
• 97e5ee9 Merge pull request #164 from jonboulle/patch-1
• 4da20e6 Fix spelling in pattern documentation
• 1cf0f30 Fix version numbers and some formatting
• 7a17f11 Merge pull request #153 from tgross35/clippy-ci
• 56619ab Run clippy checks in CI
• 51363fa Disallow warnings in CI
• 1649a9a Apply remaining clippy suggestions
• Additional commits viewable in compare view

Updates human-panic from 2.0.2 to 2.0.6

Changelog

Sourced from human-panic's changelog.

[2.0.6] - 2025-12-29

Features

• Added Metadata::repository as a fallback for Metadata::homepage

[2.0.5] - 2025-12-26

Performance

• Improve build times on some platforms by changing from os_info to sysinfo

[2.0.4] - 2025-10-28

[2.0.3] - 2025-07-08

Internal

• Update toml

Commits

• b6773e9 chore: Release
• 2d448b0 docs: Update changelog
• a55bfba Merge pull request #196 from epage/repo
• 34e1a3d feat: Report repository as fallback from homepage
• e9580d7 Merge pull request #195 from epage/improve
• 1dc3dbc refactor: Remove deprecated API
• 0addfff Merge pull request #193 from epage/msrv
• b49ee6e chore: Update to 2024 Edition
• f0fadbb chore: Update dependencies
• 5fa455e Merge pull request #192 from epage/template
• Additional commits viewable in compare view

Updates ignore from 0.4.23 to 0.4.25

Commits

• 57c190d ignore-0.4.25
• 85edf4c ignore: only stat .jj if we actually care
• 2ea06d6 grep-0.4.1
• 85006b0 deps: bump to grep-printer 0.3.1
• 423afb8 grep-printer-0.3.1
• 4694800 deps: bump to grep-searcher 0.1.16
• 86e0ab1 grep-searcher-0.1.16
• 7189950 deps: bump to globset 0.4.18
• 0b0e013 globset-0.4.18
• cac9870 doc: update date in man page template
• Additional commits viewable in compare view

Updates inquire from 0.6.2 to 0.9.2

Release notes

Sourced from inquire's releases.

v0.9.2

• Bumped MSRV from 1.80 -> 1.82 due to new requirements of dependencies.
• Expose the sorting function used by Select (thanks @​devjgm!)

v0.9.1

• Fix panicking when terminal backend reports size with 0 width. Thanks @​sebhoss for reporting!

v0.9.0

Features

Adds Selectable derive macro for enums! You can now easily create enum-based prompts (e.g. menus) by using the Selectable derive macro on your enums.

See the example for more details. Thank you @​TheBearodactyl for the contribution!

Dependencies

• Updated unicode-width to 0.2.
• Updated crossterm to 0.29.
• Updated termion to 4.0.
• Updated console to 0.16.

v0.9.1

v0.9

v0.9.0

Features

Adds Selectable derive macro for enums! You can now easily create enum-based prompts (e.g. menus) by using the Selectable derive macro on your enums.

See the example for more details. Thank you @​TheBearodactyl for the contribution!

Dependencies

• Updated unicode-width to 0.2.
• Updated crossterm to 0.29.
• Updated termion to 4.0.
• Updated console to 0.16.

v0.9.1

• Fix panicking when terminal backend reports size with 0 width. Thanks @​sebhoss for reporting!

v0.9.0

Features

Adds Selectable derive macro for enums! You can now easily create enum-based prompts (e.g. menus) by using the Selectable derive macro on your enums.

... (truncated)

Changelog

Sourced from inquire's changelog.

[0.9.2] - 2026-01-17

• Bumped MSRV from 1.80 -> 1.82 due to new requirements of dependencies.
• Expose the sorting function used by Select (thanks @​devjgm!)

[0.9.1] - 2025-09-16

Fixes

• Fix panicking when terminal backend reports size with 0 width.

[0.9.0] - 2025-09-16

Features

Adds Selectable derive macro for enums! You can now easily create enum-based prompts (e.g. menus) by using the Selectable derive macro on your enums.

See the example for more details. Thank you @​TheBearodactyl for the contribution!

Dependencies

• Updated unicode-width to 0.2.
• Updated crossterm to 0.29.
• Updated termion to 4.0.
• Updated console to 0.16.

[0.8.0] - 2025-09-14

Features

• Improve end user experience when prompting for input without a message.
• Implement raw_prompt_skippable for Select.

Fixes

• Fix bug where inputs spanning 3+ lines would break text rendering.
• Fix bug where Select and MultiSelect prompts would render the first option incorrectly when filtering is disabled.
• Fix autocomplete suggestions not being updated after a suggestion is accepted.
• Fix incorrect cursor placement when inputting CJK characters.

API Changes

• Don't require static lifetime for autocompleter and validator.

Dependencies

• Upgraded crossterm to 0.28.1.
• Raised minimum supported Rust version to 1.80.0.
• Migrate from once_cell to stdlib.
• Migrate from fxhash to stdlib.

... (truncated)

Commits

• 4fb68e6 chore: release v0.9.2
• cc477ea Updaete CHANGELOG
• 0a5ebad Expose the sorting function used by Select (#326)
• 947d560 Bump MSRV to 1.81 due to dep requirements (#327)
• d443a94 Bump tj-actions/changed-files (#308)
• 15ecb4b chore: update Cargo.toml to conditionally include dependencies for non-Window...
• 358b054 refactor: remove unused height method from TerminalSize struct
• f90026a fix: conditionally include tests for non-Windows platforms
• 61d72bf chore: release v0.9.1
• d0921a1 Enhance terminal size handling and fix panicking when terminal size is report...
• Additional commits viewable in compare view

Updates itertools from 0.13.0 to 0.14.0

Changelog

Sourced from itertools's changelog.

0.14.0

Breaking

• Increased MSRV to 1.63.0 (#960)
• Removed generic parameter from cons_tuples (#988)

Added

• Added array_combinations (#991)
• Added k_smallest_relaxed and variants (#925)
• Added next_array and collect_array (#560)
• Implemented DoubleEndedIterator for FilterOk (#948)
• Implemented DoubleEndedIterator for FilterMapOk (#950)

Changed

• Allow Q: ?Sized in Itertools::contains (#971)
• Improved hygiene of chain! (#943)
• Improved into_group_map_by documentation (#1000)
• Improved tree_reduce documentation (#955)
• Improved discoverability of merge_join_by (#966)
• Improved discoverability of take_while_inclusive (#972)
• Improved documentation of find_or_last and find_or_first (#984)
• Prevented exponentially large type sizes in tuple_combinations (

[socket-security]

Caution

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. It is recommended to resolve "Warn" alerts too. For more information please check in at #security-help. For License Policy Violations please also tag @Aoife in #security-help.

Action	Severity	Alert  (click "▶" to expand/collapse)
Block		License policy violation: cargo colored under MPL-2.0 Location: Package overview From: Cargo.toml → cargo/colored@3.1.1 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore cargo/colored@3.1.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		License policy violation: cargo petgraph under CC-BY-SA-4.0 License: CC-BY-SA-4.0 - the applicable license policy does not allow this license (4) (petgraph-0.8.3/assets/images/LICENSE.md) From: Cargo.toml → cargo/petgraph@0.8.3 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore cargo/petgraph@0.8.3. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[dryrunsecurity]

This pull request leaves several dependencies pinned as wildcards ('*') in Cargo.toml (including jsonwebtoken, octocrab, tonic, and opentelemetry), which broadens the supply-chain attack surface and can pull breaking or malicious versions on updates — and since the crate is marked publish = true this is non‑compliant with crates.io rules and risky for release. It should replace wildcards with explicit version constraints and ensure lockfile or provenance controls are used to prevent unexpected upgrades.

Wildcard Dependencies in Cargo.toml

Vulnerability

Wildcard Dependencies

Description

The project uses wildcard versions ('*') for several dependencies in Cargo.toml, including critical ones like jsonwebtoken, octocrab, tonic, and opentelemetry. In Rust, using a wildcard version allows Cargo to pull any future version of a dependency, including major versions that may contain breaking changes or, more critically, malicious code if a crate is compromised. This significantly increases the supply chain attack surface. While a Cargo.lock file is present, it only mitigates the risk for existing builds; any cargo update or new installation (where a lock file isn't used) will pull the latest versions. Furthermore, wildcard dependencies are forbidden for packages published to crates.io, and since this project has publish = true, it is in a non-compliant and insecure state for its intended release cycle.

scope/Cargo.toml

Lines 43 to 46 in dbb5bb8

	jsonwebtoken = "*"
	lazy_static = "1.5.0"
	minijinja = { version = "2.15.1", features = ["loader"] }
	mockall = "0.14.0"

---

All finding details can be found in the DryRun Security Dashboard.