chore: update dependencies

[dobby-coder]

Scheduled dependency-update routine flagged outdated direct dependencies across the workspace crates.

Direct outdated (cargo outdated --root-deps-only)

pg-core

• rand 0.8.6 → 0.10.1 (major)

pg-cli

• inquire 0.6.2 → 0.9.4 (major)
• rand 0.8.6 → 0.10.1 (major)
• reqwest 0.12.28 → 0.13.3 (major)

pg-pkg

• rand 0.8.6 → 0.10.1 (major)
• reqwest 0.12.28 → 0.13.3 (major)

pg-ffi

• rand 0.8.6 → 0.10.1 (major)

pg-wasm

• (no direct-dep updates surfaced)

All updates are majors — review API changes carefully (rand 0.9 reshuffled traits; reqwest 0.13 changed default TLS/HTTP feature flags; inquire 0.9 reworked validator/auto-complete APIs).

No security advisories captured in this quick scan. Please run cargo audit on each crate as part of the PR.

Instructions

• Bump direct deps; expect API churn — keep each major bump in its own commit so reverts are easy.
• cargo update on the lockfile to refresh transitives at the same time.
• Build all crates: cargo build --workspace and (if applicable) cargo build --target wasm32-unknown-unknown -p pg-wasm.
• cargo test --workspace, cargo clippy --workspace --all-targets -- -D warnings, cargo fmt --check.
• cargo audit and address anything flagged.
• Open a draft PR; flip to ready once CI is green. Assign reviewer @rubenhensen.

release-plz.toml is present — chore PR, not release PR.

[dobby-coder]

/dobby

[dobby-coder]

This agent has seen the dependency-update request! Three major bumps await — rand 0.8 → 0.10, reqwest 0.12 → 0.13, inquire 0.6 → 0.9 — and the agent shall make them sing across pg-core, pg-cli, pg-pkg, and pg-ffi. Investigating the API churn now; plan to follow shortly.

[dobby-coder]

Plan

After inspecting the workspace dep graph:

• rand 0.8 → 0.10 is blocked upstream. Both ibe 0.3.0 and ibs 0.4.0 (this org's own crates) still depend on rand_core 0.6. The traits ibe/ibs accept (R: RngCore + CryptoRng) live in rand_core 0.6 — passing a rand 0.10 RNG won't compile. Will document and skip in this PR.
• reqwest 0.12 → 0.13 in pg-cli and pg-pkg. Minor API churn (TLS feature defaults, Body/multipart tweaks). One bump commit per crate.
• inquire 0.6 → 0.9 in pg-cli. Validator and autocomplete trait APIs reshuffled; will adapt the prompts in src/encrypt.rs / src/decrypt.rs.
• cargo update to refresh transitives at the same time.

Verification

• cargo build --workspace
• cargo test --workspace
• cargo clippy --workspace --all-targets -- -D warnings
• cargo fmt --check
• cargo audit (and call out anything flagged but unrelated)

Branch / PR shape

One PR titled chore: bump reqwest 0.12 → 0.13 and inquire 0.6 → 0.9. Will note the rand blocker in the body and Refs #195, not Closes — since rand isn't shipping in this PR.

Will leave a follow-up note in repo memory so the next scan doesn't re-flag rand without checking ibe/ibs status first.

[dobby-coder]

CI is green on #196 — ready for review.

• reqwest 0.12 → 0.13 in pg-cli and pg-pkg.
• inquire 0.6 → 0.9 in pg-cli.
• cargo update for transitives.
• rand 0.8 → 0.10 deferred — gated on ibe + ibs releases that move past rand_core 0.6. Noted in repo memory so the next dep scan doesn't re-flag without checking ibe/ibs first.

Issue stays open until rand can land.