build(deps): bump the cargo-minor-and-patch group across 1 directory with 4 updates

[dependabot]

Bumps the cargo-minor-and-patch group with 4 updates in the / directory: nix, serde_json, landlock and cc.

Updates nix from 0.31.2 to 0.31.3

Changelog

Sourced from nix's changelog.

[0.31.3] - 2026-05-11

Added

• Enable module ioctl for Cygwin (#2715)
• Add CLOCK_BOOTTIME/CLOCK_PROCESS_CPUTIME_ID/CLOCK_THREAD_CPUTIME_ID/CLOCK_UPTIME to NetBSD-like platforms (#2716)
• unistd: add mkfifo for redox (#2749)
• Added kevent64 support on apple targets: Kqueue::kevent64, KEvent64, and Kevent64Flags. (#2781)

Fixed

• fix SaFlags_t definition on redox (#2751)
• Fixed EpollEvent::events() to use from_bits_retain instead of from_bits().unwrap(), preventing panics when the kernel returns unknown epoll flags. (#2783)
• Fixed KEvent::flags() and KEvent::fflags() to use from_bits_retain instead of from_bits().unwrap(), preventing panics when the kernel returns unknown kqueue flags. (#2784)

Commits

• b5933ca chore: release v0.31.3
• 5d6a46e Replace Cirrus CI with more Github Workflows jobs (#2776)
• 3407489 event: add kevent64 support on apple targets (#2781)
• fe80fc5 chore: resolve clippy useless_borrows_in_formatting (#2790)
• 3310fc7 Revert "fix(ci): temporarily disable armv7-unknown-linux-uclibceabihf (#2764)...
• e3ab917 epoll: use from_bits_retain to avoid panics on unknown flags (#2783)
• 6c15701 kqueue: use from_bits_retain to avoid panics on unknown flags (#2784)
• 73028cf fix(ci): enable Hurd target (#2765)
• 1a680a9 cargo: Remove deprecated package authors field (#2789)
• 85cff07 docs: add missing changelog entries (#2786)
• Additional commits viewable in compare view

Updates serde_json from 1.0.149 to 1.0.150

Release notes

Sourced from serde_json's releases.

v1.0.150

• Reject non-string enum object keys (#1324, thanks @​puneetdixit200)

Commits

• a1ae73a Release 1.0.150
• 1a360b0 Merge pull request #1324 from puneetdixit200/reject-non-string-enum-keys
• 2037b63 Reject non-string enum object keys
• 5d30df6 Resolve manual_assert_eq pedantic clippy lint
• dc8003a Raise required compiler for preserve_order feature to 1.85
• a42fa98 Unpin CI miri toolchain
• 684a60e Pin CI miri to nightly-2026-02-11
• 7c7da33 Raise required compiler to Rust 1.71
• acf4850 Simplify Number::is_f64
• 6b8ceab Resolve unnecessary_map_or clippy lint
• Additional commits viewable in compare view

Updates landlock from 0.4.4 to 0.4.5

Release notes

Sourced from landlock's releases.

v0.4.5

See crate's metadata and related documentation.

What's Changed

See summary in CHANGELOG.md

• Bump dependencies and add SoftRequirement test for scope() by @​l0kod in landlock-lsm/rust-landlock#118
• Update to Linux 6.15 and add errata interface by @​l0kod in landlock-lsm/rust-landlock#119
• Rename set_no_new_privs() to no_new_privs() by @​l0kod in landlock-lsm/rust-landlock#122
• Fix bare matches!() assertions in ruleset tests by @​l0kod in landlock-lsm/rust-landlock#123
• Improve errata test debuggability by @​l0kod in landlock-lsm/rust-landlock#124
• Bump GitHub actions by @​l0kod in landlock-lsm/rust-landlock#125
• Update dependencies by @​l0kod in landlock-lsm/rust-landlock#126
• Add ABI v7: log flags by @​l0kod in landlock-lsm/rust-landlock#120
• Bump to v0.4.5 by @​l0kod in landlock-lsm/rust-landlock#127

Full Changelog: landlock-lsm/rust-landlock@v0.4.4...v0.4.5

Changelog

Sourced from landlock's changelog.

v0.4.5

New API

• Added support for Landlock ABI 7: control audit logging behavior with log_same_exec(), log_new_exec() (domain-specific), and log_subdomains() (shared between RulesetCreated and RestrictSelf) ([PR #120](landlock-lsm/rust-landlock#120)).
• Added RestrictSelf builder for calling landlock_restrict_self() without creating a Landlock domain (e.g., muting subdomain audit logs).
• Extended RestrictionStatus with three new public fields (log_same_exec, log_new_exec, log_subdomains) reporting the effective audit-logging flag state after restrict_self() and apply().
• Added Erratum bitflags enum and Erratum::current() for querying fixed kernel bugs before building a ruleset ([PR #119](landlock-lsm/rust-landlock#119)).

Deprecated API

Deprecate the set_no_new_privs() method and replace it with no_new_privs() ([PR #122](landlock-lsm/rust-landlock#122)).

Dependencies

• Bumped MSRV to Rust 1.71.

Testing

• Extended CI to test against Linux 6.15.
• Added errata tests verifying the From<ABI> mapping matches CI kernel errata.
• Added SoftRequirement test coverage for scope() and restrict_self flags.
• Added try_compat_binary() unit tests for the binary compat dispatch.

Example

• Synced the sandboxer example with the kernel's sandboxer.c:

... (truncated)

Commits

• 6b13cc4 lib: Bump to v0.4.5
• bd31957 src: Update audit documentation
• 43128a1 sandboxer: Sync with kernel's sandboxer.c
• 5487d8f restrict_self: Add RestrictSelf builder for domain-less flag application
• 1ab0f9f ci,src: Handle Landlock ABI v7
• a1a8a63 cargo: Update dependencies
• 1ca46f5 ci: Bump actions
• f10ab05 errata: Improve errata_up_to_date debuggability
• 7c90836 tests: Fix bare matches!() assertions
• b6eb422 ruleset: Rename set_no_new_privs() and extract NNP helper
• Additional commits viewable in compare view

Updates cc from 1.2.61 to 1.2.62

Release notes

Sourced from cc's releases.

cc-v1.2.62

Other

• Regenerate target info (#1721)
• Allow exceptions on wasm platforms (#1714)
• Add relibc env (#1710)
• recognize sh4 architecture in parse_arch() (#1712)

Changelog

Sourced from cc's changelog.

1.2.62 - 2026-05-08

Other

• Regenerate target info (#1721)
• Allow exceptions on wasm platforms (#1714)
• Add relibc env (#1710)
• recognize sh4 architecture in parse_arch() (#1712)

Commits

• 37a5f8f chore(cc): release v1.2.62 (#1716)
• 34a2218 Regenerate target info (#1721)
• a9d8632 Allow exceptions on wasm platforms (#1714)
• ce036b3 Add relibc env (#1710)
• 18ed3dc target: recognize sh4 architecture in parse_arch() (#1712)
• 33f84c5 Bump taiki-e/install-action from 2.75.18 to 2.75.19 (#1709)
• cbd4c09 Bump taiki-e/install-action from 2.75.17 to 2.75.18 (#1708)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are no longer updatable, so this is no longer needed.