chore(deps)(deps): bump the cargo-all group with 12 updates

[dependabot]

Bumps the cargo-all group with 12 updates:

Package	From	To
anyhow	1.0.97	1.0.102
log	0.4.26	0.4.29
clap	4.5.32	4.5.60
env_logger	0.11.7	0.11.10
mimalloc	0.1.43	0.1.48
num_cpus	1.16.0	1.17.0
regex	1.11.1	1.12.3
reqwest	0.12.14	0.12.28
sha2	0.10.9	0.11.0
toml	0.8.23	0.9.6
tempfile	3.19.0	3.27.0
built	0.7.7	0.8.0

Updates anyhow from 1.0.97 to 1.0.102

Release notes

Sourced from anyhow's releases.

1.0.102

• Remove backtrace dependency (#438, #439, #440, #441, #442)

1.0.101

• Add #[inline] to anyhow::Ok helper (#437, thanks @​Ibitier)

1.0.100

• Teach clippy to lint formatting arguments in bail!, ensure!, anyhow! (#426)

1.0.99

• Allow build-script cleanup failure with NFSv3 output directory to be non-fatal (#420)

1.0.98

• Add self.into_boxed_dyn_error() and self.reallocate_into_boxed_dyn_error_without_backtrace() methods for anyhow::Error (#415)

Commits

• 5c657b3 Release 1.0.102
• e737fb6 Merge pull request #442 from dtolnay/backtrace
• 7fe62b5 Further simply backtrace conditional compilation
• c8cb5ca Merge pull request #441 from dtolnay/backtrace
• de27df7 Delete CI use of --features=backtrace
• 9b67e5d Merge pull request #440 from dtolnay/backtrace
• efdb11a Simplify std_backtrace conditional code
• b8a9a70 Merge pull request #439 from dtolnay/backtrace
• a42fc2c Remove feature = "backtrace" conditional code
• 2a2a3ce Re-word backtrace feature comment
• Additional commits viewable in compare view

Updates log from 0.4.26 to 0.4.29

Release notes

Sourced from log's releases.

0.4.29

MSRV

This release increases log's MSRV from 1.61.0 to 1.68.0.

What's Changed

• docs: Add missing impls from README.md by @​AldaronLau in rust-lang/log#703
• Point to new URLs for favicon and logo by @​AldaronLau in rust-lang/log#704
• perf: reduce llvm-lines of FromStr for Level and LevelFilter by @​dishmaker in rust-lang/log#709
• Replace serde with serde_core by @​Thomasdezeeuw in rust-lang/log#712
• Fix clippy lints by @​Thomasdezeeuw in rust-lang/log#713
• Use GitHub Actions to install Rust and cargo-hack by @​Thomasdezeeuw in rust-lang/log#715
• Exclude old unstable_kv features from testing matrix by @​Thomasdezeeuw in rust-lang/log#716
• Fix up CI by @​KodrAus in rust-lang/log#718
• Prepare for 0.4.29 release by @​KodrAus in rust-lang/log#719

New Contributors

• @​AldaronLau made their first contribution in rust-lang/log#703
• @​dishmaker made their first contribution in rust-lang/log#709

Full Changelog: rust-lang/log@0.4.28...0.4.29

0.4.28

What's Changed

• ci: drop really old trick and ensure MSRV for all feature combo by @​tisonkun in rust-lang/log#676
• chore: fix some typos in comment by @​xixishidibei in rust-lang/log#677
• Unhide #[derive(Debug)] in example by @​ZylosLumen in rust-lang/log#688
• Chore: delete compare_exchange method for AtomicUsize on platforms without atomics by @​HaoliangXu in rust-lang/log#690
• Add increment_severity() and decrement_severity() methods for Level and LevelFilter by @​nebkor in rust-lang/log#692
• Prepare for 0.4.28 release by @​KodrAus in rust-lang/log#695

New Contributors

• @​xixishidibei made their first contribution in rust-lang/log#677
• @​ZylosLumen made their first contribution in rust-lang/log#688
• @​HaoliangXu made their first contribution in rust-lang/log#690
• @​nebkor made their first contribution in rust-lang/log#692

Full Changelog: rust-lang/log@0.4.27...0.4.28

0.4.27

What's Changed

• A few minor lint fixes by @​nyurik in rust-lang/log#671
• Enable clippy support for format-like macros by @​nyurik in rust-lang/log#665
• Add an optional logger param by @​tisonkun in rust-lang/log#664
• Pass global logger by value, supplied logger by ref by @​KodrAus in rust-lang/log#673
• Prepare for 0.4.27 release by @​KodrAus in rust-lang/log#674

Full Changelog: rust-lang/log@0.4.26...0.4.27

Changelog

Sourced from log's changelog.

[0.4.29] - 2025-12-02

What's Changed

• perf: reduce llvm-lines of FromStr for Level and LevelFilter by @​dishmaker in rust-lang/log#709
• Replace serde with serde_core by @​Thomasdezeeuw in rust-lang/log#712

New Contributors

• @​AldaronLau made their first contribution in rust-lang/log#703
• @​dishmaker made their first contribution in rust-lang/log#709

Full Changelog: rust-lang/log@0.4.28...0.4.29

[0.4.28] - 2025-09-02

What's Changed

• ci: drop really old trick and ensure MSRV for all feature combo by @​tisonkun in rust-lang/log#676
• Chore: delete compare_exchange method for AtomicUsize on platforms without atomics by @​HaoliangXu in rust-lang/log#690
• Add increment_severity() and decrement_severity() methods for Level and LevelFilter by @​nebkor in rust-lang/log#692

New Contributors

• @​xixishidibei made their first contribution in rust-lang/log#677
• @​ZylosLumen made their first contribution in rust-lang/log#688
• @​HaoliangXu made their first contribution in rust-lang/log#690
• @​nebkor made their first contribution in rust-lang/log#692

Full Changelog: rust-lang/log@0.4.27...0.4.28

Notable Changes

• MSRV is bumped to 1.61.0 in rust-lang/log#676

[0.4.27] - 2025-03-24

What's Changed

• A few minor lint fixes by @​nyurik in rust-lang/log#671
• Enable clippy support for format-like macros by @​nyurik in rust-lang/log#665
• Add an optional logger param by @​tisonkun in rust-lang/log#664
• Pass global logger by value, supplied logger by ref by @​KodrAus in rust-lang/log#673

Full Changelog: rust-lang/log@0.4.26...0.4.27

Commits

• b1e2df7 Merge pull request #719 from rust-lang/cargo/0.4.29
• 3fe1a54 prepare for 0.4.29 release
• 7a432d9 Merge pull request #718 from rust-lang/ci/msrv
• 0689d56 rebump msrv to 1.68.0
• 46b448e try drop msrv back to 1.61.0
• 929ab38 fix up doc test feature gate
• 957cece bump serde-dependent crates
• bea40c8 bump msrv to 1.68.0
• c540184 Merge pull request #716 from rust-lang/ci-smaller-matrix2
• c971e63 Merge branch 'master' into ci-smaller-matrix2
• Additional commits viewable in compare view

Updates clap from 4.5.32 to 4.5.60

Release notes

Sourced from clap's releases.

v4.5.60

[4.5.60] - 2026-02-19

Fixes

• (help) Quote empty default values, possible values

v4.5.59

[4.5.59] - 2026-02-16

Fixes

• Command::ignore_errors no longer masks help/version on subcommands

v4.5.58

[4.5.58] - 2026-02-11

v4.5.57

[4.5.57] - 2026-02-03

Fixes

• Regression from 4.5.55 where having an argument with .value_terminator("--") caused problems with an argument with .last(true)

v4.5.56

[4.5.56] - 2026-01-29

Fixes

• On conflict error, don't show conflicting arguments in the usage

v4.5.55

[4.5.55] - 2026-01-27

Fixes

• Fix inconsistency in precedence between positionals with a value_terminator("--") and escapes (--) where ./foo -- bar means the first arg is empty, rather than escaping future args

v4.5.54

[4.5.54] - 2026-01-02

Fixes

• (help) Move [default] to its own paragraph when PossibleValue::help is present in --help

v4.5.53

[4.5.53] - 2025-11-19

Features

... (truncated)

Changelog

Sourced from clap's changelog.

[4.5.60] - 2026-02-19

Fixes

• (help) Quote empty default values, possible values

[4.5.59] - 2026-02-16

Fixes

• Command::ignore_errors no longer masks help/version on subcommands

[4.5.58] - 2026-02-11

[4.5.57] - 2026-02-03

Fixes

• Regression from 4.5.55 where having an argument with .value_terminator("--") caused problems with an argument with .last(true)

[4.5.56] - 2026-01-29

Fixes

• On conflict error, don't show conflicting arguments in the usage

[4.5.55] - 2026-01-27

Fixes

• Fix inconsistency in precedence between positionals with a value_terminator("--") and escapes (--) where ./foo -- bar means the first arg is empty, rather than escaping future args

[4.5.54] - 2026-01-02

Fixes

• (help) Move [default] to its own paragraph when PossibleValue::help is present in --help

[4.5.53] - 2025-11-19

Features

• Add default_values_if, default_values_ifs

[4.5.52] - 2025-11-17

Fixes

• Don't panic when args_conflicts_with_subcommands conflicts with an ArgGroup

... (truncated)

Commits

• 33d24d8 chore: Release
• 9332409 docs: Update changelog
• b7adce5 Merge pull request #6166 from fabalchemy/fix-dynamic-powershell-completion
• 009bba4 fix(clap_complete): Improve powershell registration
• d89d57d chore: Release
• f18b67e docs: Update changelog
• 9d218eb Merge pull request #6165 from epage/shirt
• 126440c fix(help): Correctly calculate padding for short-only args
• 9e3c05e test(help): Show panic with short, valueless arg
• c9898d0 test(help): Verify short with value
• Additional commits viewable in compare view

Updates env_logger from 0.11.7 to 0.11.10

Release notes

Sourced from env_logger's releases.

v0.11.10

[0.11.10] - 2026-03-23

Internal

• Update dependencies

v0.11.9

[0.11.9] - 2026-02-11

v0.11.8

[0.11.8] - 2025-04-01

Compatibility

• (kv) Deprecate the unstable-kv feature which may be removed in a future patch release

Features

• (kv) Stabilize key-value support behind the kv feature
• Expose ConfigurableFormat to build custom [Builder::format]s that leverage this

Changelog

Sourced from env_logger's changelog.

[0.11.10] - 2026-03-23

Internal

• Update dependencies

[0.11.9] - 2026-02-11

[0.11.8] - 2025-04-01

Compatibility

• (kv) Deprecate the unstable-kv feature which may be removed in a future patch release

Features

• (kv) Stabilize key-value support behind the kv feature
• Expose ConfigurableFormat to build custom [Builder::format]s that leverage this

Commits

• 41320bf chore: Release
• de8c74f docs: Update changelog
• d550741 docs(gh): Add sponsor link
• 458b075 chore(deps): Update Rust Stable to v1.94 (#401)
• 8bc3fc3 Merge pull request #400 from epage/update
• 143fa64 chore: Upgrade incompatible
• b687a24 chore: Upgrade compatible
• 8cf1ba9 Merge pull request #397 from rust-cli/renovate/crate-ci-typos-1.x
• 094ecf7 Merge pull request #396 from rust-cli/renovate/crate-ci-committed-1.x
• 34ad626 chore(deps): Update pre-commit hook crate-ci/typos to v1.44.0
• Additional commits viewable in compare view

Updates mimalloc from 0.1.43 to 0.1.48

Release notes

Sourced from mimalloc's releases.

Version 0.1.48

Changes

• Mimalloc v3 feature flag. (credits @​gschulze).

Version 0.1.47

Changes

• Mimalloc v2.2.4

Version 0.1.46

Changes

• Fixed musl builds.

Version 0.1.45

Changes

• Mimalloc v2.2.3

Version 0.1.44

Changes

• Mimalloc v2.2.2

Commits

• a5a76fd v0.1.48
• 31607bf Merge pull request #144 from gschulze/feature/3.x
• aaa0114 Allow unused macros in generated test code
• 54d6262 Allow unused imports in generated test code
• 1f527f1 Proper feature flag propagation in binding tests
• edee487 Fix clippy lints
• 29c44c2 Add workflows for v3
• af52306 Add support for testing v3 in CI
• d84e46e Fix excludes in Cargo manifest
• 747b5b1 Introduce feature flag to switch between mimalloc major versions
• Additional commits viewable in compare view

Updates num_cpus from 1.16.0 to 1.17.0

Changelog

Sourced from num_cpus's changelog.

v1.17.0

Fixes

• update hermit-abi to 0.5.0
• remove special support for nacl

Commits

• 342af76 v1.17.0
• e970a82 Bump hermit-abi version (#144)
• 797f827 Update LICENSE-MIT (#143)
• b6ca8a4 ci: worker cpus has been increased
• f06cd50 ci: remove asmjs job
• 41e39dd ci: mips is not tier 3, remove CI jobs
• 13af26c remove special support for nacl
• 815551c ci: pin libc for msrv job
• See full diff in compare view

Updates regex from 1.11.1 to 1.12.3

Changelog

Sourced from regex's changelog.

1.12.3 (2025-02-03)

This release excludes some unnecessary things from the archive published to crates.io. Specifically, fuzzing data and various shell scripts are now excluded. If you run into problems, please file an issue.

Improvements:

• #1319: Switch from a Cargo exclude list to an include list, and exclude some unnecessary stuff.

1.12.2 (2025-10-13)

This release fixes a cargo doc breakage on nightly when --cfg docsrs is enabled. This caused documentation to fail to build on docs.rs.

Bug fixes:

• [BUG #1305](rust-lang/regex#1305): Switches the doc_auto_cfg feature to doc_cfg on nightly for docs.rs builds.

1.12.1 (2025-10-10)

This release makes a bug fix in the new regex::Captures::get_match API introduced in 1.12.0. There was an oversight with the lifetime parameter for the Match returned. This is technically a breaking change, but given that it was caught almost immediately and I've yanked the 1.12.0 release, I think this is fine.

1.12.0 (2025-10-10)

This release contains a smattering of bug fixes, a fix for excessive memory consumption in some cases and a new regex::Captures::get_match API.

Improvements:

• [FEATURE #1146](rust-lang/regex#1146): Add Capture::get_match for returning the overall match without unwrap().

Bug fixes:

• [BUG #1083](rust-lang/regex#1083): Fixes a panic in the lazy DFA (can only occur for especially large regexes).
• [BUG #1116](rust-lang/regex#1116): Fixes a memory usage regression for large regexes (introduced in regex 1.9).
• [BUG #1195](rust-lang/regex#1195):

... (truncated)

Commits

• b028e4f 1.12.3
• 5e195de regex-automata-0.4.14
• a3433f6 regex-syntax-0.8.9
• 0c07fae regex-lite-0.1.9
• 6a81006 cargo: exclude development scripts and fuzzing data
• 4733e28 automata: fix onepass::DFA::try_search_slots panic when too many slots are ...
• 5ea3eb1 1.12.2
• ab0b071 regex-automata-0.4.13
• 691d514 regex-syntax-0.8.8
• 1dd9077 docs: swap doc_auto_cfg with doc_cfg
• Additional commits viewable in compare view

Updates reqwest from 0.12.14 to 0.12.28

Release notes

Sourced from reqwest's releases.

v0.12.28

What's Changed

• fix: correctly import TokioIo on Windows by @​seanmonstar in seanmonstar/reqwest#2896

Full Changelog: seanmonstar/reqwest@v0.12.27...v0.12.28

v0.12.27

tl;dr

• Add ClientBuilder::windows_named_pipe(name) option that will force all requests over that Windows Named Pipe.

What's Changed

• chore: Disable unused tokio-util codec feature by @​tottoto in seanmonstar/reqwest#2893
• chore: Use http_body_util::BodyDataStream by @​tottoto in seanmonstar/reqwest#2892
• feat: add windows_named_pipe() option to client builder by @​seanmonstar in seanmonstar/reqwest#2789

Full Changelog: seanmonstar/reqwest@v0.12.26...v0.12.27

v0.12.26

tl;dr

• Fix sending Accept-Encoding header only with values configured with reqwest, regardless of underlying tower-http config.

What's Changed

• deps: update cookie_store by @​seanmonstar in seanmonstar/reqwest#2886
• fix: disable default compression from tower-http if not enabled in reqwest by @​seanmonstar in seanmonstar/reqwest#2889
• fix(http3): correct compression defaults by @​seanmonstar in seanmonstar/reqwest#2890

Full Changelog: seanmonstar/reqwest@v0.12.25...v0.12.26

v0.12.25

Highlights

• Add Error::is_upgrade() to determine if the error was from an HTTP upgrade.
• Fix sending Proxy-Authorization if only username is configured.
• Fix sending Proxy-Authorization to HTTPS proxies when the target is HTTP.
• Refactor internal decompression handling to use tower-http.

What's Changed

• tests: fix wasm timeout test with uncached response by @​seanmonstar in seanmonstar/reqwest#2853
• docs: document connection pooling behavior by @​vinzmyko in seanmonstar/reqwest#2851
• docs: document WASM client by @​vinzmyko in seanmonstar/reqwest#2859
• chore: minor improvement for docs by @​black5box in seanmonstar/reqwest#2862
• fix: send proxy-authorization even with empty password by @​barjin in seanmonstar/reqwest#2868
• feat(error): add is_upgrade method to detect protocol upgrade errors by @​0x676e67 in seanmonstar/reqwest#2822
• Use decompression from tower-http by @​ducaale in seanmonstar/reqwest#2840

... (truncated)

Changelog

Sourced from reqwest's changelog.

v0.12.28

• Fix compiling on Windows if TLS and SOCKS features are not enabled.

v0.12.27

• Add ClientBuilder::windows_named_pipe(name) option that will force all requests over that Windows Named Piper.

v0.12.26

• Fix sending Accept-Encoding header only with values configured with reqwest, regardless of underlying tower-http config.

v0.12.25

• Add Error::is_upgrade() to determine if the error was from an HTTP upgrade.
• Fix sending Proxy-Authorization if only username is configured.
• Fix sending Proxy-Authorization to HTTPS proxies when the target is HTTP.
• Refactor internal decompression handling to use tower-http.

v0.12.24

• Refactor cookie handling to an internal middleware.
• Refactor internal random generator.
• Refactor base64 encoding to reduce a copy.
• Documentation updates.

v0.12.23

• Add ClientBuilder::unix_socket(path) option that will force all requests over that Unix Domain Socket.
• Add ClientBuilder::retry(policy) and reqwest::retry::Builder to configure automatic retries.
• Add ClientBuilder::dns_resolver2() with more ergonomic argument bounds, allowing more resolver implementations.
• Add http3_* options to blocking::ClientBuilder.
• Fix default TCP timeout values to enabled and faster.
• Fix SOCKS proxies to default to port 1080
• (wasm) Add cache methods to RequestBuilder.

v0.12.22

• Fix socks proxies when resolving IPv6 destinations.

v0.12.21

• Fix socks proxy to use socks4a:// instead of socks4h://.
• Fix Error::is_timeout() to check for hyper and IO timeouts too.
• Fix request Error to again include URLs when possible.
• Fix socks connect error to include more context.
• (wasm) implement Default for Body.

v0.12.20

... (truncated)

Commits

• d978599 v0.12.28
• ef2768a fix: correctly import TokioIo on Windows (#2896)
• 1bf6441 v0.12.27
• 4967b1b feat: add windows_named_pipe() option to client builder (#2789)
• ef5b239 chore: Use http_body_util::BodyDataStream (#2892)
• a810004 chore: Disable unused tokio-util codec feature (#2893)
• 01f03a4 v0.12.26
• e908f57 fix(http3): correct compression defaults (#2890)
• 509c904 fix: disable default compression from tower-http if not enabled in reqwest (#...
• 896aaea deps: update cookie_store to 0.22 (#2886)
• Additional commits viewable in compare view

Updates sha2 from 0.10.9 to 0.11.0

Commits

• ffe0939 Release sha2 0.11.0 (#806)
• 8991b65 Use the standard order of the [package] section fields (#807)
• 3d2bc57 sha2: refactor backends (#802)
• faa55fb sha3: bump keccak to v0.2 (#803)
• d3e6489 sha3 v0.11.0-rc.9 (#801)
• bbf6f51 sha2: tweak backend docs (#800)
• 155dbbf sha3: add default value for the DS generic parameter on TurboShake128/256...
• ed514f2 Use published version of keccak v0.2 (#799)
• 702bcd8 Migrate to closure-based keccak (#796)
• 827c043 sha3 v0.11.0-rc.8 (#794)
• Additional commits viewable in compare view

Updates toml from 0.8.23 to 0.9.6

Commits

• 4695fb0 chore: Release
• 6a77ed7 docs: Update changelog
• c1e8197 refactor: Switch serde dependency to serde_core (#1036)
• d85d6cd refactor: Switch serde dependency to serde_core
• 9154dcb chore: Release
• 38f445c docs: Update changelog
• 1ce8a75 feat(edit): Expose Table::span (#1031)
• 290c28f feat(edit): Expose Table::span
• b2bc739 chore(deps): Update Rust Stable to v1.89 (#1026)
• bd21148 chore: Release
• Additional commits viewable in compare view

Updates tempfile from 3.19.0 to 3.27.0

Changelog

Sourced from tempfile's changelog.

3.27.0

This release adds TempPath::try_from_path and deprecates TempPath::from_path.

Prior to this release, TempPath::from_path made no attempts to convert relative paths into absolute paths. The following code would have deleted the wrong file:

let tmp_path = TempPath::from_path("foo")
std::env::set_current_dir("/some/other/path").unwrap();
drop(tmp_path);

Now:

1. TempPath::from_path will attempt to convert relative paths into absolute paths. However, this isn't always possible as we need to call std::env::current_dir, which can fail. If we fail to convert the relative path to an absolute path, we simply keep the relative path.
2. The TempPath::try_from_path behaves exactly like TempPath::from_path, except that it returns an error if we fail to convert a relative path into an absolute path (or if the passed path is empty).

Neither function attempt to verify the existence of the file in question.

Thanks to @​meng-xu-cs for reporting this issue.

3.26.0

• Support NamedTempFile::persist on RedoxOS (#393) (thanks to @​Andy-Python-Programmer).

3.25.0

• Allow getrandom 0.4.x while retaining support for getrandom 0.3.x.

3.24.0

• Actually support WASIp2 without the nightly feature. This library is now feature complete on WASIp2 without any additional feature flags.
• Exclude CI scripts from the published crate.

3.23.0

• Remove need for the "nightly" feature to compile with "wasip2".

3.22.0

• Updated windows-sys requirement to allow version 0.61.x
• Remove unstable-windows-keep-open-tempfile feature.

3.21.0

• Updated windows-sys requirement to allow version 0.60.x

3.20.0

This release mostly unifies the behavior/capabilities around "keeping" temporary files:

... (truncated)

Commits

• 5c8fa12 chore: release 3.27.0
• e34e574 test: disable uds conflict test on redox
• 772c795 test: add CWD guards
• 2632fb9 fix: resolve relative paths when constructing TempPath
• 929a112 chore: release 3.26.0
• 29d6ac5 Add Redox OS CI (#394)
• 375067f doc(README): document supported platforms
• d353717 feat(redox): implement persist() (#393)
• 64114d7 Fix typos in documentation (#392)
• 9a38b8d chore: release 3.25.0
• Additional commits viewable in compare view

Updates built from 0.7.7 to 0.8.0

Changelog

Sourced from built's changelog.

[0.8.0]

• Add override-variables
• Bump MSRV to 1.81 (due to dependencies)

Commits

• 2d84b23 Add override-variables
• 9468c3a Fix pedantic clippy warning in generated code
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Summary by CodeRabbit

• Chores
  • Updated project dependencies and build tools to newer versions to maintain compatibility, stability, and security.

[dependabot]

Labels

The following labels could not be found: dependencies, rust. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[coderabbitai]

📝 Walkthrough

Walkthrough

Multiple Rust dependencies in Cargo.toml were updated to newer patch and minor versions, including anyhow, clap, env_logger, mimalloc, num_cpus, reqwest, sha2, toml, tempfile, and the built build-dependency. No new dependencies were added or removed, and the git2 feature for built was retained.

Changes

Cohort / File(s)	Summary
Dependency Version Updates Cargo.toml	Updated 9 dependencies to newer patch/minor versions: anyhow, clap, env_logger, mimalloc, num_cpus, reqwest, sha2, toml, tempfile, and built (0.7.7 → 0.8.0 with git2 feature retained).

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Suggested reviewers

• nh13

Poem

🐰 Dependencies dance and shimmer bright,
Version bumps from left to right,
Built and toml, sha2 so true,
A rabbit's code, refreshed and new!
hop hop ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: a dependency version bump of 12 packages in the cargo-all dependency group, which is reflected in both the raw summary and PR objectives.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dependabot/cargo/cargo-all-4c9d9eaae3

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

Cargo.toml (1)

31-51: Consider consistent version specification style.

The dependency versions use mixed specification styles: some use full 3-part versions (e.g., "1.0.102", "4.5.60"), while others use 2-part versions (e.g., "0.4", "0.11", "3.27"). Both approaches are valid, but consistency improves maintainability.

Recommendation: Choose one style consistently—either specify full versions for explicit control, or use major.minor versions to allow Cargo to resolve compatible patch updates automatically.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@Cargo.toml` around lines 31 - 51, The Cargo.toml dependency list mixes
version styles (e.g., anyhow = "1.0.102" and clap = "4.5.60" vs log = "0.4" and
env_logger = "0.11.10" vs tempfile = "3.27"), so pick a consistent scheme and
update the version strings for the affected dependencies (anyhow, clap, log,
env_logger, mimalloc, num_cpus, regex, reqwest, sha2, toml, serde_json, tar,
flate2, tempfile, built, crates_io_api) to that style; for example, change all
to full semver "MAJOR.MINOR.PATCH" or all to "MAJOR.MINOR" format and ensure
build-dependencies and dev-dependencies (built and tempfile) follow the same
convention so the file is uniform.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@Cargo.toml`:
- Around line 40-41: Update and verify dependency upgrades: ensure sha2 0.11
usage in src/lib/source.rs (Sha256::new, hasher.update, hasher.finalize) still
compiles and meets MSRV, and more importantly adjust toml 0.9 parsing in
src/lib/crate_inspector.rs by replacing any use of Value::from_str or
str.parse() expecting a full document with toml::de::from_str::<toml::Value>()
(or explicitly use toml::de::Deserializer to parse a full table) in the
CargoMetadata::from_toml_str() and parse_cargo_lock_str() functions so they
parse full TOML documents rather than single values; run cargo test and if
parsing breaks, revert toml to 0.8 or follow the toml 0.9 migration guide to
update parsing code.

---

Nitpick comments:
In `@Cargo.toml`:
- Around line 31-51: The Cargo.toml dependency list mixes version styles (e.g.,
anyhow = "1.0.102" and clap = "4.5.60" vs log = "0.4" and env_logger = "0.11.10"
vs tempfile = "3.27"), so pick a consistent scheme and update the version
strings for the affected dependencies (anyhow, clap, log, env_logger, mimalloc,
num_cpus, regex, reqwest, sha2, toml, serde_json, tar, flate2, tempfile, built,
crates_io_api) to that style; for example, change all to full semver
"MAJOR.MINOR.PATCH" or all to "MAJOR.MINOR" format and ensure build-dependencies
and dev-dependencies (built and tempfile) follow the same convention so the file
is uniform.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: fa9bf387-6971-478b-a14a-fb31450522bb

📥 Commits

Reviewing files that changed from the base of the PR and between acb3d0f and 1c8befe.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (1)

• Cargo.toml

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Find usages of sha2 and toml APIs to assess impact of version changes

echo "=== Searching for sha2 usage ==="
rg -n --type=rust -C3 'use.*sha2|Sha256|Sha512|Digest' -g '!target/**'

echo -e "\n=== Searching for toml usage ==="
rg -n --type=rust -C3 'use.*toml|from_str.*toml|to_string.*toml|toml::' -g '!target/**'

echo -e "\n=== Checking if Cargo builds with updated dependencies ==="
cargo check 2>&1 | head -50

Repository: fg-labs/redskull

Length of output: 3650

---

🌐 Web query:

sha2 0.11 changelog breaking changes RustCrypto

💡 Result:

RustCrypto sha2 0.11.0 (released 2026-03-25) includes these notable breaking / migration-relevant changes:

• MSRV bump + edition: crate moved to Rust 2024 edition and MSRV is now Rust 1.85. [1]
• Trait/dependency bump: updated to digest v0.11 (this commonly forces downstream API updates to match the new digest trait versions). [1]
• Public API shape changes: type aliases replaced with newtypes. [1]
• Module/API moves: compress256 / compress512 moved to the block_api module. [1]
• Feature flag removals (may break Cargo.toml feature usage): removed asm, asm-aarch64, loongarch64_asm, compress, soft, force-soft-compact, and std features. [1]
• Backend selection changes: (new/changed) configuration flags for backend selection. [1]
• State serialization: implements SerializableState trait. [1]

Sources: RustCrypto/hashes sha2 changelog for 0.11.0 [1] and the 0.11.0 release commit message (same items) [2].

References: [1] https://github.com/RustCrypto/hashes/blob/sha2-v0.11.0/sha2/CHANGELOG.md [2] RustCrypto/hashes@ffe0939

---

🌐 Web query:

toml 0.9 changelog breaking changes toml-rs

💡 Result:

toml 0.9.0 (toml-rs) changelog section: 2025-07-08. (github.com)

Breaking changes called out in the 0.9.0 changelog

• from_str, Deserializer, etc. no longer preserve key order unless you enable the preserve_order feature (like Table). (github.com)
• Serde support moved behind the default serde feature (i.e., it’s now feature-gated). (github.com)
• std support moved behind the default std feature. (github.com)
• Deserializing a value without a Spanned will fail fast. (github.com)
• impl FromStr for Value now parses TOML values, not full documents. (github.com)
• Deserializer::new / ValueDeserializer::new now return errors. (github.com)
• Serializer::new / Serializer::pretty now take &mut Buffer instead of &mut String. (github.com)
• Associated serde::Serializer::Ok types changed:
  • Serializer::Ok is now &mut Buffer
  • ValueSerializer::Ok is now &mut String (github.com)

Changelog’s migration note

If you previously used default-features = false, the changelog suggests: cargo add toml -F serde,std. (github.com)

Citations:

• 1: https://github.com/toml-rs/toml/blob/main/crates/toml/CHANGELOG.md
• 2: https://github.com/toml-rs/toml/blob/main/crates/toml/CHANGELOG.md
• 3: https://github.com/toml-rs/toml/blob/main/crates/toml/CHANGELOG.md
• 4: https://github.com/toml-rs/toml/blob/main/crates/toml/CHANGELOG.md
• 5: https://github.com/toml-rs/toml/blob/main/crates/toml/CHANGELOG.md
• 6: https://github.com/toml-rs/toml/blob/main/crates/toml/CHANGELOG.md
• 7: https://github.com/toml-rs/toml/blob/main/crates/toml/CHANGELOG.md
• 8: https://github.com/toml-rs/toml/blob/main/crates/toml/CHANGELOG.md
• 9: https://github.com/toml-rs/toml/blob/main/crates/toml/CHANGELOG.md
• 10: https://github.com/toml-rs/toml/blob/main/crates/toml/CHANGELOG.md

---

Verify sha2 0.11 and toml 0.9 breaking changes in build and tests.

Both dependencies have confirmed breaking changes:

• sha2 0.11: Updates to digest v0.11, type aliases replaced with newtypes, removed feature flags (asm, std, compress), MSRV bumped to Rust 1.85. The basic API usage in src/lib/source.rs (Sha256::new(), hasher.update(), hasher.finalize()) uses stable Digest trait methods and appears compatible.

• toml 0.9: Multiple breaking changes including key order not preserved by default, and critically—impl FromStr for Value now parses single TOML values instead of full documents. This directly impacts src/lib/crate_inspector.rs which uses .parse() to parse full Cargo.toml and Cargo.lock files. Verify that this behavior change does not break the parsing logic in CargoMetadata::from_toml_str() and parse_cargo_lock_str().

Run cargo test to ensure all tests pass with these updated dependencies. If toml parsing fails, consult the toml 0.9 migration guide or consider reverting to 0.8 pending an API update.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@Cargo.toml` around lines 40 - 41, Update and verify dependency upgrades:
ensure sha2 0.11 usage in src/lib/source.rs (Sha256::new, hasher.update,
hasher.finalize) still compiles and meets MSRV, and more importantly adjust toml
0.9 parsing in src/lib/crate_inspector.rs by replacing any use of
Value::from_str or str.parse() expecting a full document with
toml::de::from_str::<toml::Value>() (or explicitly use toml::de::Deserializer to
parse a full table) in the CargoMetadata::from_toml_str() and
parse_cargo_lock_str() functions so they parse full TOML documents rather than
single values; run cargo test and if parsing breaks, revert toml to 0.8 or
follow the toml 0.9 migration guide to update parsing code.