chore(deps): bump all-deps (quick-xml 0.41 resolves RUSTSEC-2026-0194/0195) + drop stale ignores#120
Conversation
Bumps the all-deps group with 10 updates: | Package | From | To | | --- | --- | --- | | [nix](https://github.com/nix-rust/nix) | `0.30.1` | `0.31.3` | | [criterion](https://github.com/criterion-rs/criterion.rs) | `0.5.1` | `0.8.2` | | [tokio-tungstenite](https://github.com/snapview/tokio-tungstenite) | `0.28.0` | `0.29.0` | | [zip](https://github.com/zip-rs/zip2) | `2.4.2` | `7.2.0` | | [rmcp](https://github.com/modelcontextprotocol/rust-sdk) | `2.0.0` | `2.2.0` | | [bytes](https://github.com/tokio-rs/bytes) | `1.12.0` | `1.12.1` | | [mail-parser](https://github.com/stalwartlabs/mail-parser) | `0.11.4` | `0.11.5` | | [calamine](https://github.com/tafia/calamine) | `0.35.0` | `0.36.0` | | [undoc](https://github.com/iyulab/undoc) | `0.5.2` | `0.5.4` | | [unpdf](https://github.com/iyulab/unpdf) | `0.7.0` | `0.7.1` | Updates `nix` from 0.30.1 to 0.31.3 - [Changelog](https://github.com/nix-rust/nix/blob/master/CHANGELOG.md) - [Commits](nix-rust/nix@v0.30.1...v0.31.3) Updates `criterion` from 0.5.1 to 0.8.2 - [Release notes](https://github.com/criterion-rs/criterion.rs/releases) - [Changelog](https://github.com/criterion-rs/criterion.rs/blob/master/CHANGELOG.md) - [Commits](criterion-rs/criterion.rs@0.5.1...criterion-v0.8.2) Updates `tokio-tungstenite` from 0.28.0 to 0.29.0 - [Changelog](https://github.com/snapview/tokio-tungstenite/blob/master/CHANGELOG.md) - [Commits](snapview/tokio-tungstenite@v0.28.0...v0.29.0) Updates `zip` from 2.4.2 to 7.2.0 - [Release notes](https://github.com/zip-rs/zip2/releases) - [Changelog](https://github.com/zip-rs/zip2/blob/master/CHANGELOG.md) - [Commits](zip-rs/zip2@v2.4.2...v7.2.0) Updates `rmcp` from 2.0.0 to 2.2.0 - [Release notes](https://github.com/modelcontextprotocol/rust-sdk/releases) - [Changelog](https://github.com/modelcontextprotocol/rust-sdk/blob/main/release-plz.toml) - [Commits](modelcontextprotocol/rust-sdk@rmcp-v2.0.0...rmcp-v2.2.0) Updates `bytes` from 1.12.0 to 1.12.1 - [Release notes](https://github.com/tokio-rs/bytes/releases) - [Changelog](https://github.com/tokio-rs/bytes/blob/master/CHANGELOG.md) - [Commits](tokio-rs/bytes@v1.12.0...v1.12.1) Updates `mail-parser` from 0.11.4 to 0.11.5 - [Release notes](https://github.com/stalwartlabs/mail-parser/releases) - [Changelog](https://github.com/stalwartlabs/mail-parser/blob/main/CHANGELOG.md) - [Commits](https://github.com/stalwartlabs/mail-parser/commits) Updates `calamine` from 0.35.0 to 0.36.0 - [Release notes](https://github.com/tafia/calamine/releases) - [Changelog](https://github.com/tafia/calamine/blob/master/Changelog.md) - [Commits](tafia/calamine@v0.35.0...v0.36.0) Updates `undoc` from 0.5.2 to 0.5.4 - [Release notes](https://github.com/iyulab/undoc/releases) - [Changelog](https://github.com/iyulab/undoc/blob/main/CHANGELOG.md) - [Commits](iyulab/undoc@v0.5.2...v0.5.4) Updates `unpdf` from 0.7.0 to 0.7.1 - [Release notes](https://github.com/iyulab/unpdf/releases) - [Changelog](https://github.com/iyulab/unpdf/blob/main/CHANGELOG.md) - [Commits](iyulab/unpdf@v0.7.0...v0.7.1) --- updated-dependencies: - dependency-name: nix dependency-version: 0.31.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-deps - dependency-name: criterion dependency-version: 0.8.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-deps - dependency-name: tokio-tungstenite dependency-version: 0.29.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-deps - dependency-name: zip dependency-version: 7.2.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-deps - dependency-name: rmcp dependency-version: 2.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-deps - dependency-name: bytes dependency-version: 1.12.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-deps - dependency-name: mail-parser dependency-version: 0.11.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-deps - dependency-name: calamine dependency-version: 0.36.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-deps - dependency-name: undoc dependency-version: 0.5.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-deps - dependency-name: unpdf dependency-version: 0.7.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-deps ... Signed-off-by: dependabot[bot] <support@github.com>
…41 bump The all-deps bump moves quick-xml to 0.41.0 (via calamine 0.36 / undoc), which fixes RUSTSEC-2026-0194 and RUSTSEC-2026-0195. Their deny.toml ignores (whose reason was 'upgrade when upstream bumps to quick-xml >= 0.41') are now unmatched and would fail cargo-deny, so remove them. cargo deny check is green: advisories/bans/licenses/sources all ok.
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
Warning Review limit reached
Next review available in: 58 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (2)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Supersedes #108 (the dependabot all-deps bump), rebased onto current main and with the deny.toml cleanup the bump requires.
What
deny.tomlignores are removed.Verify
cargo deny check→advisories ok, bans ok, licenses ok, sources ok. Rebased clean onto main (which already carries crossbeam-epoch 0.9.20 for RUSTSEC-2026-0204). Net effect: 3 RUSTSEC advisories resolved across this + the CI-unblock PR, with no remaining deny ignores beyond the async-std one.Closes #108.
Summary by cubic
Bump the all-deps group and move XML parsing to
quick-xml0.41 (viacalamine0.36 andundoc0.5.4) to address security advisories. This resolves RUSTSEC-2026-0194/0195 and removes the matchingdeny.tomlignores;cargo deny checkis clean.quick-xml0.41.0,calamine0.36.0 (Cargo.toml),undoc0.5.4,zip8.6.0.rmcp2.2.0,bytes1.12.1,mail-parser0.11.5,unpdf0.7.1.Written for commit a879524. Summary will update on new commits.