Update charmcraft.yaml build tools

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Update
poetry (changelog)	2.3.2 → 2.3.4			patch
rust-lang/rust	1.94.0 → 1.95.0			minor

---

Release Notes

python-poetry/poetry (poetry)

v2.3.4

Compare Source

Fixed

• Fix a performance regression in the wheel installer that was introduced in Poetry 2.3.3 (#​10821).
• Fix a path traversal vulnerability in sdist extraction on Python 3.10.0-3.10.12 and 3.11.0-3.11.4 that could allow malicious tarball files to write files outside the target directory (#​10837).

v2.3.3

Compare Source

Fixed

• Fix a path traversal vulnerability in the wheel installer that could allow malicious wheel files to write files outside the intended installation directory (#​10792).
• Fix an issue where git dependencies from annotated tags could not be updated (#​10719).
• Fix an issue where empty VIRTUAL_ENV or CONDA_PREFIX environment variables (e.g., after conda deactivate) would cause Poetry to incorrectly detect an active virtualenv (#​10784).
• Fix an issue where an incomprehensible error message was printed when .venv was a file instead of a directory (#​10777).
• Fix an issue where HTTP Basic Authentication credentials could be corrupted during request preparation, causing authentication failures with long tokens (#​10748).
• Fix an issue where poetry publish --no-interaction --build requested user interaction (#​10769).
• Fix an issue where poetry init and poetry new created a deprecated project.license format (#​10787).

Docs

• Clarify the differences between poetry install and poetry update (#​10713).
• Clarify the section of fields in the pyproject.toml examples (#​10753).
• Add a note about the different installation location when Python from the Microsoft Store is used (#​10759).
• Fix the system requirements for Poetry (#​10739).
• Fix the poetry cache clear example (#​10749).
• Fix the link to pipx installation instructions (#​10783).

poetry-core (2.3.2)

• Fix an issue where platform_release could not be parsed on Debian Trixie (#​930).
• Fix an issue where using project.readme.text in the pyproject.toml file resulted in broken metadata (#​914).
• Fix an issue where dependency groups were considered equal when their resolved dependencies were equal, even if the groups themselves were not (#​919).
• Fix an issue where removing a dependency from a group that included another group resulted in other dependencies being added to the included group (#​922).
• Fix an issue where PEP 735 include-group entries were lost when [tool.poetry.group] also defined include-groups for the same group (#​924).
• Fix an issue where the union of <value> not in <marker> constraints was wrongly treated as always satisfied (#​925).
• Fix an issue where a post release with a local version identifier was wrongly allowed by a > version constraint (#​921).
• Fix an issue where a version with the local version identifier 0 was treated as equal to the corresponding public version (#​920).
• Fix an issue where a != <version> constraint wrongly disallowed pre releases and post releases of the specified version (#​929).
• Fix an issue where in and not in constraints were wrongly not allowed by specific compound constraints (#​927).

rust-lang/rust (rust-lang/rust)

v1.95.0

Compare Source

===========================

Language

• Stabilize if let guards on match arms
• irrefutable_let_patterns lint no longer lints on let chains
• Support importing path-segment keywords with renaming
• Stabilize inline assembly for PowerPC and PowerPC64
• const-eval: be more consistent in the behavior of padding during typed copies
• Const blocks are no longer evaluated to determine if expressions involving fallible operations can implicitly be constant-promoted.. Expressions whose ability to implicitly be promoted would depend on the result of a const block are no longer implicitly promoted.
• Make operational semantics of pattern matching independent of crate and module

Compiler

• Stabilize --remap-path-scope for controlling the scoping of how paths get remapped in the resulting binary
• Apply patches for CVE-2026-6042 and CVE-2026-40200 to vendored musl

Platform Support

• Promote powerpc64-unknown-linux-musl to Tier 2 with host tools
• Promote aarch64-apple-tvos to Tier 2
• Promote aarch64-apple-tvos-sim to Tier 2
• Promote aarch64-apple-watchos to Tier 2
• Promote aarch64-apple-watchos-sim to Tier 2
• Promote aarch64-apple-visionos to Tier 2
• Promote aarch64-apple-visionos-sim to Tier 2

Refer to Rust's platform support page
for more information on Rust's tiered platform support.

Libraries

• thread::scope: document how join interacts with TLS destructors
• Speed up str::contains on aarch64 targets with neon target feature enabled by default

Stabilized APIs

• MaybeUninit<[T; N]>: From<[MaybeUninit<T>; N]>
• MaybeUninit<[T; N]>: AsRef<[MaybeUninit<T>; N]>
• MaybeUninit<[T; N]>: AsRef<[MaybeUninit<T>]>
• MaybeUninit<[T; N]>: AsMut<[MaybeUninit<T>; N]>
• MaybeUninit<[T; N]>: AsMut<[MaybeUninit<T>]>
• [MaybeUninit<T>; N]: From<MaybeUninit<[T; N]>>
• Cell<[T; N]>: AsRef<[Cell<T>; N]>
• Cell<[T; N]>: AsRef<[Cell<T>]>
• Cell<[T]>: AsRef<[Cell<T>]>
• bool: TryFrom<{integer}>
• AtomicPtr::update
• AtomicPtr::try_update
• AtomicBool::update
• AtomicBool::try_update
• AtomicIn::update
• AtomicIn::try_update
• AtomicUn::update
• AtomicUn::try_update
• cfg_select!
• mod core::range
• core::range::RangeInclusive
• core::range::RangeInclusiveIter
• core::hint::cold_path
• <*const T>::as_ref_unchecked
• <*mut T>::as_ref_unchecked
• <*mut T>::as_mut_unchecked
• Vec::push_mut
• Vec::insert_mut
• VecDeque::push_front_mut
• VecDeque::push_back_mut
• VecDeque::insert_mut
• LinkedList::push_front_mut
• LinkedList::push_back_mut
• Layout::dangling_ptr
• Layout::repeat
• Layout::repeat_packed
• Layout::extend_packed

These previously stable APIs are now stable in const contexts:

• fmt::from_fn
• ControlFlow::is_break
• ControlFlow::is_continue

Rustdoc

• In search results, rank unstable items lower
• Add new "hide deprecated items" setting in rustdoc

Compatibility Notes

• Array coercions may now result in less inference constraints than before
• Importing $crate without renaming, i.e. use $crate::{self};, is now no longer permitted due to stricter error checking for self imports.
• const-eval: be more consistent in the behavior of padding during typed copies.
  In very rare cases, this may cause compilation errors due to bytes from parts of a pointer ending up in the padding bytes of a const or static.
• A future-incompatibility warning lint ambiguous_glob_imported_traits is now reported when using an ambiguously glob imported trait
• Check lifetime bounds of types mentioning only type parameters
• Report more visibility-related ambiguous import errors
• Deprecate Eq::assert_receiver_is_total_eq and emit future compatibility warnings on manual impls
• powerpc64: Use the ELF ABI version set in target spec instead of guessing (fixes the ELF ABI used by the OpenBSD target)
• Matching on a #[non_exhaustive] enum now reads the discriminant, even if the enum has only one variant. This can cause closures to capture values that they previously wouldn't.
• mut ref and mut ref mut patterns, part of the unstable Match Ergonomics 2024 RFC, were accidentally allowed on stable within struct pattern field shorthand. These patterns are now correctly feature-gated as unstable in this position.
• Add future-compatibility warning for derive helper attributes which conflict with built-in attributes
• JSON target specs have been destabilized and now require -Z unstable-options to use. Previously, they could not be used without the standard library, which has no stable build mechanism. In preparation for the build-std project adding that support, JSON target specs are being proactively gated to ensure they remain unstable even if build-std is stabilized. Cargo now includes the -Z json-target-spec CLI flag to automatically pass -Z unstable-options to the compiler when needed. See #​150151, #​151534, and rust-lang/cargo#16557.
• The arguments of #[feature] attributes on invalid targets are now checked

Internal Changes

These changes do not affect any public interfaces of Rust, but they represent
significant improvements to the performance or internals of rustc and related
tools.

• Update to LLVM 22

v1.94.1

Compare Source

===========================

• Fix std::thread::spawn on wasm32-wasip1-threads
• Remove new methods added to std::os::windows::fs::OpenOptionsExt
  The new methods were unstable, but the trait itself is not sealed and so
  cannot be extended with non-default methods.
• Clippy: fix ICE in match_same_arms
• Cargo: update tar to 0.4.45
  This resolves CVE-2026-33055 and CVE-2026-33056. Users of crates.io are not affected.
  See blog for more details.

---

Configuration

📅 Schedule: (in timezone Etc/UTC)

• Branch creation
  • Between 01:00 AM and 07:59 AM, only on Tuesday (* 1-7 * * 2)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.