Skip to content

Bump the all-dependencies group across 1 directory with 5 updates#268

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/wkfl/all-dependencies-9af23c2df4
Open

Bump the all-dependencies group across 1 directory with 5 updates#268
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/wkfl/all-dependencies-9af23c2df4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps the all-dependencies group with 5 updates in the /wkfl directory:

Package From To
clap 4.6.0 4.6.1
clap_complete 4.6.0 4.6.5
git2 0.20.0 0.21.0
log 0.4.29 0.4.31
serde_json 1.0.149 1.0.150

Updates clap from 4.6.0 to 4.6.1

Release notes

Sourced from clap's releases.

v4.6.1

[4.6.1] - 2026-04-15

Fixes

  • (derive) Ensure rebuilds happen when an read env variable is changed
Changelog

Sourced from clap's changelog.

[4.6.1] - 2026-04-15

Fixes

  • (derive) Ensure rebuilds happen when an read env variable is changed
Commits
  • 1420275 chore: Release
  • d2c817d docs: Update changelog
  • f88c94e Merge pull request #6341 from epage/sep
  • acbb822 fix(complete): Reduce risk of conflict with actual subcommands
  • a49fadb refactor(complete): Pull out subcommand separator
  • ddc008b Merge pull request #6332 from epage/update
  • 497dc50 chore: Update compatible dependencies
  • dca2326 Merge pull request #6331 from clap-rs/renovate/j178-prek-action-2.x
  • 54bdaa3 chore(deps): Update j178/prek-action action to v2
  • f0d30d9 chore: Release
  • Additional commits viewable in compare view

Updates clap_complete from 4.6.0 to 4.6.5

Release notes

Sourced from clap_complete's releases.

v4.6.1

[4.6.1] - 2026-04-15

Fixes

  • (derive) Ensure rebuilds happen when an read env variable is changed
Changelog

Sourced from clap_complete's changelog.

Change Log

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

5.0.0 - TBD

available through unstable-v5 feature flag

Breaking Changes

  • Made ArgPredicate non_exhaustive
  • (help) Change default Command::term_width to "source format"
  • (help) Change default Command::max_term_width to 100
  • (derive) Vec<Vec<T>> types are now assuming to capture occurrences
  • (derive) ValueEnum variants now use the full doc comment, not summary, for PossibleValue::help

Features

  • (derive) Group values by their occurrence with Vec<Vec<T>>

[Unreleased] - ReleaseDate

[4.6.1] - 2026-04-15

Fixes

  • (derive) Ensure rebuilds happen when an read env variable is changed
Commits
  • c8c9355 chore: Release
  • af74def docs: Update changelog
  • c96f222 Merge pull request #6368 from truffle-dev/fix/fish-env-escaping
  • 49a05cd fix(complete): Two-pass quote fish env-completer
  • e791004 test(complete): Snapshot fish env quoting cases
  • 87ec1ad chore: Release
  • 78f2529 docs: Update changelog
  • b61f270 Merge pull request #6369 from Metbcy/fix/zsh-completion-ordering
  • 74c6666 fix(complete): Keep zsh candidate order
  • d142d8f Merge pull request #6360 from epage/string
  • Additional commits viewable in compare view

Updates git2 from 0.20.0 to 0.21.0

Changelog

Sourced from git2's changelog.

0.21.0 - 2026-05-18

0.20.4...main

Added

  • Added experimental SHA256 repository support behind the new unstable-sha256 Cargo feature, along with *_ext API variants that accept an ObjectFormat. #1206
  • Added opts::set_cache_max_size() and opts::get_cached_memory(). #1188
  • Added Repository::object_format() and a new ObjectFormat enum. #1204
  • Added Repository::set_config(). #1208
  • Added merge_file() along with MergeFileInput. #1210
  • Added Repository::refdb_compress() for packing loose refs. #1221
  • Added public Refdb type, along with Repository::refdb() and Repository::set_refdb(). Repository::refdb_compress() now delegates to Refdb::compress(). #1228
  • Added Revspec::into_objects(). #1230
  • Added BlameHunk::final_committer(), BlameHunk::orig_committer(), BlameHunk::summary(), and BlameHunk::summary_bytes(). #1231
  • Implemented Clone for Reference. #1233
  • Added Repository::author_from_env() and Repository::committer_from_env(). #1237
  • Added impl From<Utf8Error> for Error. #1239

Changed

  • ❗ The ssh, https, and cred Cargo features are no longer enabled by default. Previously default = ["ssh", "https"]; now default = []. Enable them explicitly if you rely on credential helpers or transport support. #1168
  • CredentialHelper and the url dependency are now gated behind the new cred Cargo feature. Enabling ssh or https transitively enables cred. #1168
  • ❗ Updated to the 2021 edition. #1173
  • ❗ Many string accessors that previously returned Option<&str> now return Result<&str, Error> or Result<Option<&str>, Error>, so callers can distinguish a missing value from a non-UTF-8 one. #1241
  • BlameHunk::final_signature, BlameHunk::final_committer, BlameHunk::orig_signature, and BlameHunk::orig_committer now return Option to avoid segfaults when signature information is missing. #1254
  • Bumped requirement to libgit2-sys 0.18.4, which updates libgit2 to 1.9.3.

... (truncated)

Commits
  • dffaf27 Merge pull request #1256 from weihanglo/changelog
  • 84b9c76 docs: changelog for git2@0.21
  • 8c6dc4a Merge pull request #1206 from weihanglo/sha256-git2
  • 7bd145e fix: import ObjectFormat in one place
  • fc8af6a test(oid): split _ext to test each format separately
  • b9bde87 test: oid length sanity check
  • 57a68e0 feat(oid): impl Display for ObjectFormat
  • 7acee09 chore(ci): test git2 sha256 support
  • bdf5b7b fix: init example with --object-format option
  • 9fb4e6a refactor(util): drop unsafe from zeroed_raw_oid
  • Additional commits viewable in compare view

Updates log from 0.4.29 to 0.4.31

Release notes

Sourced from log's releases.

0.4.31

What's Changed

New Contributors

Full Changelog: rust-lang/log@0.4.30...0.4.31

0.4.30

What's Changed

New Contributors

Full Changelog: rust-lang/log@0.4.29...0.4.30

Notable Changes

Changelog

Sourced from log's changelog.

[0.4.31] - 2026-06-02

What's Changed

New Contributors

Full Changelog: rust-lang/log@0.4.30...0.4.31

[0.4.30] - 2026-05-21

What's Changed

New Contributors

Full Changelog: rust-lang/log@0.4.29...0.4.30

Notable Changes

Commits
  • 5808392 Merge pull request #728 from rust-lang/cargo/0.4.31
  • 86d739f prepare for 0.4.31 release
  • c906cfb Merge pull request #727 from tisonkun/leverage-static-str-key-when-possible
  • 756c279 leverage str literal as well
  • 3dd250d rename Key::from_static_str to from_str_static
  • db14597 Leverage static str key when possible
  • 761461a Merge pull request #726 from Isvane/fix/typos
  • 48ce372 fix typos in kv compile errors and log documentation
  • 9c55760 Merge pull request #725 from rust-lang/cargo/0.4.30
  • d1acb05 update docs on current MSRV and note latest bump in changelog
  • Additional commits viewable in compare view

Updates serde_json from 1.0.149 to 1.0.150

Release notes

Sourced from serde_json's releases.

v1.0.150

Commits
  • a1ae73a Release 1.0.150
  • 1a360b0 Merge pull request #1324 from puneetdixit200/reject-non-string-enum-keys
  • 2037b63 Reject non-string enum object keys
  • 5d30df6 Resolve manual_assert_eq pedantic clippy lint
  • dc8003a Raise required compiler for preserve_order feature to 1.85
  • a42fa98 Unpin CI miri toolchain
  • 684a60e Pin CI miri to nightly-2026-02-11
  • 7c7da33 Raise required compiler to Rust 1.71
  • acf4850 Simplify Number::is_f64
  • 6b8ceab Resolve unnecessary_map_or clippy lint
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the all-dependencies group with 5 updates in the /wkfl directory:

| Package | From | To |
| --- | --- | --- |
| [clap](https://github.com/clap-rs/clap) | `4.6.0` | `4.6.1` |
| [clap_complete](https://github.com/clap-rs/clap) | `4.6.0` | `4.6.5` |
| [git2](https://github.com/rust-lang/git2-rs) | `0.20.0` | `0.21.0` |
| [log](https://github.com/rust-lang/log) | `0.4.29` | `0.4.31` |
| [serde_json](https://github.com/serde-rs/json) | `1.0.149` | `1.0.150` |



Updates `clap` from 4.6.0 to 4.6.1
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](clap-rs/clap@clap_complete-v4.6.0...clap_complete-v4.6.1)

Updates `clap_complete` from 4.6.0 to 4.6.5
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](clap-rs/clap@clap_complete-v4.6.0...clap_complete-v4.6.5)

Updates `git2` from 0.20.0 to 0.21.0
- [Changelog](https://github.com/rust-lang/git2-rs/blob/main/CHANGELOG.md)
- [Commits](rust-lang/git2-rs@git2-0.20.0...git2-0.21.0)

Updates `log` from 0.4.29 to 0.4.31
- [Release notes](https://github.com/rust-lang/log/releases)
- [Changelog](https://github.com/rust-lang/log/blob/master/CHANGELOG.md)
- [Commits](rust-lang/log@0.4.29...0.4.31)

Updates `serde_json` from 1.0.149 to 1.0.150
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](serde-rs/json@v1.0.149...v1.0.150)

---
updated-dependencies:
- dependency-name: clap
  dependency-version: 4.6.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: clap_complete
  dependency-version: 4.6.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: git2
  dependency-version: 0.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: log
  dependency-version: 0.4.31
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: serde_json
  dependency-version: 1.0.150
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update Rust code labels Jul 1, 2026
@socket-security

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatedgit2@​0.20.0 ⏵ 0.21.078 -4100 +195100100
Updatedserde_json@​1.0.149 ⏵ 1.0.1508210093100100
Updatedclap@​4.6.0 ⏵ 4.6.19910093100100
Updatedclap_complete@​4.6.0 ⏵ 4.6.597 +110093100100
Updatedlog@​0.4.29 ⏵ 0.4.3110010093100100

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update Rust code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants